Release #756
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| permissions: write-all | |
| # Triggered via GitHub Actions UI | |
| on: | |
| workflow_dispatch: | |
| jobs: | |
| test: | |
| if: github.ref == 'refs/heads/main' | |
| uses: newrelic/newrelic-cli/.github/workflows/test.yml@main | |
| secrets: | |
| NEW_RELIC_ACCOUNT_ID: ${{ secrets.NEW_RELIC_ACCOUNT_ID }} | |
| NEW_RELIC_ADMIN_API_KEY: ${{ secrets.NEW_RELIC_ADMIN_API_KEY }} | |
| NEW_RELIC_API_KEY: ${{ secrets.NEW_RELIC_API_KEY }} | |
| NEW_RELIC_LICENSE_KEY: ${{ secrets.NEW_RELIC_LICENSE_KEY }} | |
| NEW_RELIC_REGION: ${{ secrets.NEW_RELIC_REGION }} | |
| release: | |
| if: github.ref == 'refs/heads/main' | |
| name: Release | |
| needs: test | |
| runs-on: ubuntu-latest | |
| env: | |
| SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_TOKEN }} | |
| steps: | |
| - name: Install Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: 1.23.x | |
| - name: Add GOBIN to PATH | |
| run: echo "$(go env GOPATH)/bin" >> $GITHUB_PATH | |
| shell: bash | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| with: | |
| # Needed for release notes | |
| fetch-depth: 0 | |
| token: ${{ secrets.RELEASE_TOKEN }} | |
| - name: Install Snapcraft | |
| uses: samuelmeuli/action-snapcraft@v2 | |
| - name: Install PGP private key | |
| shell: bash | |
| env: | |
| PGP_PRIVATE_KEY: ${{ secrets.PGP_PRIVATE_KEY }} | |
| run: echo "$PGP_PRIVATE_KEY" | gpg --batch --import | |
| - name: Publish Release | |
| shell: bash | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }} | |
| DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
| DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} | |
| SNAPCRAFT_TOKEN: ${{ secrets.SNAPCRAFT_TOKEN }} | |
| SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_TOKEN }} | |
| run: | | |
| git config --global user.name ${{ secrets.NEW_RELIC_GITHUB_SERVICE_ACCOUNT_USERNAME }} | |
| git config --global user.email ${{ secrets.NEW_RELIC_GITHUB_SERVICE_ACCOUNT_EMAIL }} | |
| # removes git's file permission changes tracking as goreleaser's before hook uses 'chmod' for win_metadat*.sh | |
| git config core.fileMode false | |
| mkdir -p $HOME/.cache/snapcraft/download | |
| mkdir -p $HOME/.cache/snapcraft/stage-packages | |
| make snapshot | |
| ./scripts/release.sh | |
| chmod +x scripts/win_metadata.sh scripts/win_metadata_files_remove.sh | |
| # creates the `versioninfo.json` file with version info for the Windows binary | |
| ./scripts/win_metadata.sh | |
| go install github.com/josephspurrier/goversioninfo/cmd/goversioninfo@latest | |
| # Invokes 'goversioninfo' and uses the 'goversion directive' inside 'main.go' to create 'resource_windows.syso' | |
| # that 'goreleaser' will need in its build step | |
| go generate cmd/newrelic/main.go | |
| make release-publish | |
| ./scripts/win_metadata_files_remove.sh | |
| - name: Sign newrelic.exe | |
| shell: bash | |
| env: | |
| PFX_CONTENT: ${{ secrets.PFX_BASE64_CONTENT }} | |
| PFX_PASSWORD: ${{ secrets.PFX_CERT_PASSWORD }} | |
| run: | | |
| echo "$PFX_CONTENT" | base64 -d > cert.pfx | |
| sudo apt-get install osslsigncode -y | |
| sudo mv dist/newrelic_windows_amd64_v1/newrelic.exe dist/newrelic_windows_amd64_v1/newrelic-unsigned.exe | |
| osslsigncode sign -pkcs12 cert.pfx -pass "$PFX_PASSWORD" -h sha256 -t http://timestamp.digicert.com \ | |
| -in dist/newrelic_windows_amd64_v1/newrelic-unsigned.exe -out dist/newrelic_windows_amd64_v1/newrelic.exe | |
| rm -f cert.pfx dist/newrelic_windows_amd64_v1/newrelic-unsigned.exe | |
| # Note the uploaded binary is downloaded and used in the release-windows-installer job | |
| - name: Upload Windows binary to GitHub | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: windows-binary | |
| path: dist/newrelic_windows_amd64_v1/newrelic.exe | |
| - name: Re-do Windows_x86_64.zip | |
| run: | | |
| VERSION=$(ls dist/*Windows_x86_64.zip | cut -d_ -f2) | |
| rm -f dist/newrelic-cli_${VERSION}_Windows_x86_64.zip | |
| zip -q dist/newrelic-cli_${VERSION}_Windows_x86_64.zip dist/newrelic_windows_amd64_v1/newrelic.exe | |
| - name: Install AWS CLI | |
| run: | | |
| sudo snap install aws-cli --classic | |
| - name: Write AWS config 1 | |
| uses: DamianReeves/write-file-action@v1.3 | |
| with: | |
| path: /home/runner/.aws/credentials | |
| contents: | | |
| [virtuoso_user] | |
| aws_access_key_id=${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws_secret_access_key=${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| write-mode: overwrite | |
| - name: Write AWS config 2 | |
| uses: DamianReeves/write-file-action@v1.3 | |
| with: | |
| path: /home/runner/.aws/config | |
| contents: | | |
| [profile virtuoso] | |
| role_arn = ${{ secrets.AWS_ROLE_ARN }} | |
| region = ${{ secrets.AWS_DEFAULT_REGION }} | |
| source_profile = virtuoso_user | |
| write-mode: overwrite | |
| - name: Upload Unix based install script to AWS | |
| id: upload-install-script | |
| run: | | |
| aws s3 cp ./scripts/install.sh s3://nr-downloads-main/install/newrelic-cli/scripts/install.sh --profile virtuoso | |
| - name: Get latest tag | |
| id: get-latest-tag | |
| uses: actions-ecosystem/action-get-latest-tag@v1 | |
| - name: Get latest release upload URL | |
| id: get-latest-release-upload-url | |
| shell: bash | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }} | |
| run: echo "::set-output name=upload_url::$(./scripts/get_latest_release_upload_url.sh)" | |
| - name: Copy checksum files and validate | |
| id: copy-checksums | |
| shell: bash | |
| run: | | |
| # Find the checksum file and validate | |
| CHECKSUM_FILE=$(find dist -name "newrelic-cli_*_checksums.txt") | |
| if [ -z "$CHECKSUM_FILE" ]; then | |
| echo "::error::Original checksum file not found in dist directory" | |
| exit 1 | |
| fi | |
| # Extract version and validate | |
| VERSION=$(echo "$CHECKSUM_FILE" | cut -d_ -f2) | |
| if [ -z "$VERSION" ]; then | |
| echo "::error::Could not extract version from checksum filename" | |
| exit 1 | |
| fi | |
| echo "Found version: $VERSION" | |
| # Copy checksum file and validate | |
| cp "$CHECKSUM_FILE" "dist/checksums.txt" | |
| if [ ! -f "dist/checksums.txt" ]; then | |
| echo "::error::Failed to create checksums.txt" | |
| exit 1 | |
| fi | |
| echo "Created checksums.txt successfully" | |
| # Create signature and validate | |
| gpg --batch --yes -u "4F9A9B5B96EC30B9" \ | |
| --output "dist/checksums.txt.sig" \ | |
| --detach-sign \ | |
| "dist/checksums.txt" | |
| if [ ! -f "dist/checksums.txt.sig" ]; then | |
| echo "::error::Failed to create signature file" | |
| exit 1 | |
| fi | |
| echo "Created checksums.txt.sig successfully" | |
| - name: Upload checksums file | |
| uses: actions/upload-release-asset@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }} | |
| with: | |
| upload_url: ${{ steps.get-latest-release-upload-url.outputs.upload_url }} | |
| asset_path: ./dist/checksums.txt | |
| asset_name: checksums.txt | |
| asset_content_type: text/plain | |
| - name: Upload checksums signature | |
| uses: actions/upload-release-asset@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }} | |
| with: | |
| upload_url: ${{ steps.get-latest-release-upload-url.outputs.upload_url }} | |
| asset_path: ./dist/checksums.txt.sig | |
| asset_name: checksums.txt.sig | |
| asset_content_type: text/plain | |
| - name: Create currentVersion.txt | |
| id: create-current-version | |
| uses: "finnp/create-file-action@master" | |
| env: | |
| FILE_NAME: "currentVersion.txt" | |
| FILE_DATA: "${{ steps.get-latest-tag.outputs.tag }}" | |
| - name: Upload currentVersion.txt | |
| id: upload-current-version | |
| run: | | |
| aws s3 cp currentVersion.txt s3://nr-downloads-main/install/newrelic-cli/currentVersion.txt --profile virtuoso --cache-control no-cache | |
| - name: Upload release artifacts to AWS | |
| id: upload-release-artifacts | |
| run: | | |
| aws s3 cp --recursive --exclude "*" --include "newrelic-cli_*.txt" --include "newrelic-cli_*.sig" --include "newrelic-cli_*.zip" --include "newrelic-cli_*.gz" --include "newrelic-cli_*.rpm" --include "newrelic-cli_*.deb" --include "newrelic_*" ./dist s3://nr-downloads-main/install/newrelic-cli/${{ steps.get-latest-tag.outputs.tag }}/ --profile virtuoso | |
| - name: Cleanup configs | |
| run: | | |
| rm -rf /home/runner/.aws/credentials | |
| rm -rf /home/runner/.aws/config | |
| release-windows-installer: | |
| if: github.ref == 'refs/heads/main' | |
| needs: release | |
| uses: newrelic/newrelic-cli/.github/workflows/release-windows-installer.yml@main | |
| secrets: | |
| PFX_BASE64_CONTENT: ${{ secrets.PFX_BASE64_CONTENT }} | |
| PFX_CERT_PASSWORD: ${{ secrets.PFX_CERT_PASSWORD }} | |
| RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }} | |
| publish: | |
| if: github.ref == 'refs/heads/main' | |
| needs: release-windows-installer | |
| uses: newrelic/newrelic-cli/.github/workflows/release-publish-windows.yml@main | |
| secrets: | |
| RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }} | |
| DEV_TOOLKIT_TOKEN: ${{ secrets.DEV_TOOLKIT_TOKEN }} | |
| CHOCOLATEY_API_KEY: ${{ secrets.CHOCOLATEY_API_KEY }} | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_ROLE_ARN: ${{ secrets.AWS_ROLE_ARN }} | |
| AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} | |
| snapshot: | |
| if: github.ref == 'refs/heads/main' | |
| uses: newrelic/newrelic-cli/.github/workflows/snapshot.yml@main | |
| secrets: | |
| DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
| DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} |