From 9c8869a8c08a679ca75f71fdbc4cb36fd86141e2 Mon Sep 17 00:00:00 2001 From: Pranav Nandula <127438038+pranav-new-relic@users.noreply.github.com> Date: Wed, 5 Nov 2025 17:18:35 +0530 Subject: [PATCH 1/7] chore: try and update release.yml --- .github/workflows/release.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index cf6e21a2b..2be238d36 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -6,6 +6,7 @@ permissions: write-all on: workflow_dispatch: + jobs: test: if: github.ref == 'refs/heads/main' From 1aa5a66932d4bc152a5c067ae5b98aaa1c3b188f Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 5 Nov 2025 11:49:09 +0000 Subject: [PATCH 2/7] Initial plan From 6eb148de28ebe897d87ce87eb1970373d821b676 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 5 Nov 2025 11:53:23 +0000 Subject: [PATCH 3/7] Add AWS S3 permission check at workflow start Co-authored-by: pranav-new-relic <127438038+pranav-new-relic@users.noreply.github.com> --- .github/workflows/release.yml | 63 +++++++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2be238d36..b8169b504 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,8 +8,71 @@ on: jobs: + check-aws-permissions: + if: github.ref == 'refs/heads/main' + name: Check AWS S3 Permissions + runs-on: ubuntu-latest + steps: + - name: Install AWS CLI + run: | + sudo snap install aws-cli --classic + + - name: Write AWS config 1 + uses: DamianReeves/write-file-action@v1.3 + with: + path: /home/runner/.aws/credentials + contents: | + [virtuoso_user] + aws_access_key_id=${{ secrets.AWS_ACCESS_KEY_ID }} + aws_secret_access_key=${{ secrets.AWS_SECRET_ACCESS_KEY }} + write-mode: overwrite + + - name: Write AWS config 2 + uses: DamianReeves/write-file-action@v1.3 + with: + path: /home/runner/.aws/config + contents: | + [profile virtuoso] + role_arn = ${{ secrets.AWS_ROLE_ARN }} + region = ${{ secrets.AWS_DEFAULT_REGION }} + source_profile = virtuoso_user + write-mode: overwrite + + - name: Check S3 bucket permissions + run: | + set -e + echo "Testing AWS credentials and S3 bucket permissions..." + + # Test if we can list the bucket (this requires s3:ListBucket permission) + if ! aws s3 ls s3://nr-downloads-main/install/newrelic-cli/ --profile virtuoso; then + echo "::error::Failed to list S3 bucket. Please check AWS credentials and permissions." + exit 1 + fi + + # Create a test file to verify write permissions + echo "test-permission-check" > /tmp/test-permission.txt + + # Test if we can upload a file (this requires s3:PutObject permission) + if ! aws s3 cp /tmp/test-permission.txt s3://nr-downloads-main/install/newrelic-cli/.permission-check-test.txt --profile virtuoso; then + echo "::error::Failed to upload to S3 bucket. Please verify s3:PutObject permission is granted." + exit 1 + fi + + # Clean up test file from S3 + aws s3 rm s3://nr-downloads-main/install/newrelic-cli/.permission-check-test.txt --profile virtuoso || true + + echo "AWS S3 permissions verified successfully!" + + - name: Cleanup configs + if: always() + run: | + rm -rf /home/runner/.aws/credentials + rm -rf /home/runner/.aws/config + rm -f /tmp/test-permission.txt + test: if: github.ref == 'refs/heads/main' + needs: check-aws-permissions uses: newrelic/newrelic-cli/.github/workflows/test.yml@main secrets: NEW_RELIC_ACCOUNT_ID: ${{ secrets.NEW_RELIC_ACCOUNT_ID }} From 6446c781b9ae48724d67ab47caa9a0b2e297f8d1 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 5 Nov 2025 11:59:38 +0000 Subject: [PATCH 4/7] Refactor: Remove duplicate AWS setup, move permission check before release Co-authored-by: pranav-new-relic <127438038+pranav-new-relic@users.noreply.github.com> --- .github/workflows/release.yml | 125 ++++++++++++---------------------- 1 file changed, 44 insertions(+), 81 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b8169b504..4a8ed7e0e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,11 +8,49 @@ on: jobs: - check-aws-permissions: + test: if: github.ref == 'refs/heads/main' - name: Check AWS S3 Permissions + uses: newrelic/newrelic-cli/.github/workflows/test.yml@main + secrets: + NEW_RELIC_ACCOUNT_ID: ${{ secrets.NEW_RELIC_ACCOUNT_ID }} + NEW_RELIC_ADMIN_API_KEY: ${{ secrets.NEW_RELIC_ADMIN_API_KEY }} + NEW_RELIC_API_KEY: ${{ secrets.NEW_RELIC_API_KEY }} + NEW_RELIC_LICENSE_KEY: ${{ secrets.NEW_RELIC_LICENSE_KEY }} + NEW_RELIC_REGION: ${{ secrets.NEW_RELIC_REGION }} + + release: + if: github.ref == 'refs/heads/main' + name: Release + needs: test runs-on: ubuntu-latest + env: + SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_TOKEN }} steps: + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: 1.23.x + + - name: Add GOBIN to PATH + run: echo "$(go env GOPATH)/bin" >> $GITHUB_PATH + shell: bash + + - name: Checkout code + uses: actions/checkout@v3 + with: + # Needed for release notes + fetch-depth: 0 + token: ${{ secrets.RELEASE_TOKEN }} + + - name: Install Snapcraft + uses: samuelmeuli/action-snapcraft@v2 + + - name: Install PGP private key + shell: bash + env: + PGP_PRIVATE_KEY: ${{ secrets.PGP_PRIVATE_KEY }} + run: echo "$PGP_PRIVATE_KEY" | gpg --batch --import + - name: Install AWS CLI run: | sudo snap install aws-cli --classic @@ -41,9 +79,9 @@ jobs: - name: Check S3 bucket permissions run: | set -e - echo "Testing AWS credentials and S3 bucket permissions..." + echo "Verifying AWS credentials and S3 bucket permissions before release..." - # Test if we can list the bucket (this requires s3:ListBucket permission) + # Test if we can list the bucket (requires s3:ListBucket permission) if ! aws s3 ls s3://nr-downloads-main/install/newrelic-cli/ --profile virtuoso; then echo "::error::Failed to list S3 bucket. Please check AWS credentials and permissions." exit 1 @@ -52,7 +90,7 @@ jobs: # Create a test file to verify write permissions echo "test-permission-check" > /tmp/test-permission.txt - # Test if we can upload a file (this requires s3:PutObject permission) + # Test if we can upload a file (requires s3:PutObject permission) if ! aws s3 cp /tmp/test-permission.txt s3://nr-downloads-main/install/newrelic-cli/.permission-check-test.txt --profile virtuoso; then echo "::error::Failed to upload to S3 bucket. Please verify s3:PutObject permission is granted." exit 1 @@ -60,59 +98,9 @@ jobs: # Clean up test file from S3 aws s3 rm s3://nr-downloads-main/install/newrelic-cli/.permission-check-test.txt --profile virtuoso || true - - echo "AWS S3 permissions verified successfully!" - - - name: Cleanup configs - if: always() - run: | - rm -rf /home/runner/.aws/credentials - rm -rf /home/runner/.aws/config rm -f /tmp/test-permission.txt - test: - if: github.ref == 'refs/heads/main' - needs: check-aws-permissions - uses: newrelic/newrelic-cli/.github/workflows/test.yml@main - secrets: - NEW_RELIC_ACCOUNT_ID: ${{ secrets.NEW_RELIC_ACCOUNT_ID }} - NEW_RELIC_ADMIN_API_KEY: ${{ secrets.NEW_RELIC_ADMIN_API_KEY }} - NEW_RELIC_API_KEY: ${{ secrets.NEW_RELIC_API_KEY }} - NEW_RELIC_LICENSE_KEY: ${{ secrets.NEW_RELIC_LICENSE_KEY }} - NEW_RELIC_REGION: ${{ secrets.NEW_RELIC_REGION }} - - release: - if: github.ref == 'refs/heads/main' - name: Release - needs: test - runs-on: ubuntu-latest - env: - SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_TOKEN }} - steps: - - name: Install Go - uses: actions/setup-go@v5 - with: - go-version: 1.23.x - - - name: Add GOBIN to PATH - run: echo "$(go env GOPATH)/bin" >> $GITHUB_PATH - shell: bash - - - name: Checkout code - uses: actions/checkout@v3 - with: - # Needed for release notes - fetch-depth: 0 - token: ${{ secrets.RELEASE_TOKEN }} - - - name: Install Snapcraft - uses: samuelmeuli/action-snapcraft@v2 - - - name: Install PGP private key - shell: bash - env: - PGP_PRIVATE_KEY: ${{ secrets.PGP_PRIVATE_KEY }} - run: echo "$PGP_PRIVATE_KEY" | gpg --batch --import + echo "โœ“ AWS S3 permissions verified successfully!" - name: Publish Release shell: bash @@ -175,31 +163,6 @@ jobs: rm -f dist/newrelic-cli_${VERSION}_Windows_x86_64.zip zip -q dist/newrelic-cli_${VERSION}_Windows_x86_64.zip dist/newrelic_windows_amd64_v1/newrelic.exe - - name: Install AWS CLI - run: | - sudo snap install aws-cli --classic - - - name: Write AWS config 1 - uses: DamianReeves/write-file-action@v1.3 - with: - path: /home/runner/.aws/credentials - contents: | - [virtuoso_user] - aws_access_key_id=${{ secrets.AWS_ACCESS_KEY_ID }} - aws_secret_access_key=${{ secrets.AWS_SECRET_ACCESS_KEY }} - write-mode: overwrite - - - name: Write AWS config 2 - uses: DamianReeves/write-file-action@v1.3 - with: - path: /home/runner/.aws/config - contents: | - [profile virtuoso] - role_arn = ${{ secrets.AWS_ROLE_ARN }} - region = ${{ secrets.AWS_DEFAULT_REGION }} - source_profile = virtuoso_user - write-mode: overwrite - - name: Upload Unix based install script to AWS id: upload-install-script run: | From 5181dc97ab718c26086f6c80bd48f54c492a1fb0 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 5 Nov 2025 19:00:47 +0000 Subject: [PATCH 5/7] Add verbose logging and update AWS secrets to V2 variants Co-authored-by: pranav-new-relic <127438038+pranav-new-relic@users.noreply.github.com> --- .github/workflows/release.yml | 39 +++++++++++++++++++---------------- 1 file changed, 21 insertions(+), 18 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4a8ed7e0e..d65bd6627 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -61,8 +61,8 @@ jobs: path: /home/runner/.aws/credentials contents: | [virtuoso_user] - aws_access_key_id=${{ secrets.AWS_ACCESS_KEY_ID }} - aws_secret_access_key=${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws_access_key_id=${{ secrets.AWS_ACCESS_KEY_ID_V2 }} + aws_secret_access_key=${{ secrets.AWS_SECRET_ACCESS_KEY_V2 }} write-mode: overwrite - name: Write AWS config 2 @@ -71,36 +71,39 @@ jobs: path: /home/runner/.aws/config contents: | [profile virtuoso] - role_arn = ${{ secrets.AWS_ROLE_ARN }} + role_arn = ${{ secrets.AWS_ROLE_ARN_V2 }} region = ${{ secrets.AWS_DEFAULT_REGION }} source_profile = virtuoso_user write-mode: overwrite - - name: Check S3 bucket permissions + - name: Verify AWS credentials for release artifact distribution to S3 run: | set -e - echo "Verifying AWS credentials and S3 bucket permissions before release..." + echo "๐Ÿ” Verifying AWS credentials and S3 bucket access..." + echo "๐Ÿ“ฆ Target bucket: s3://nr-downloads-main/install/newrelic-cli/" - # Test if we can list the bucket (requires s3:ListBucket permission) - if ! aws s3 ls s3://nr-downloads-main/install/newrelic-cli/ --profile virtuoso; then - echo "::error::Failed to list S3 bucket. Please check AWS credentials and permissions." + echo "๐Ÿ” Testing S3 ListBucket permission..." + if ! aws s3 ls s3://nr-downloads-main/install/newrelic-cli/ --profile virtuoso > /dev/null 2>&1; then + echo "::error::โŒ Failed to list S3 bucket. Please verify AWS credentials and s3:ListBucket permission." exit 1 fi + echo "โœ… ListBucket permission verified" - # Create a test file to verify write permissions + echo "๐Ÿ“ Creating test file for upload verification..." echo "test-permission-check" > /tmp/test-permission.txt - # Test if we can upload a file (requires s3:PutObject permission) - if ! aws s3 cp /tmp/test-permission.txt s3://nr-downloads-main/install/newrelic-cli/.permission-check-test.txt --profile virtuoso; then - echo "::error::Failed to upload to S3 bucket. Please verify s3:PutObject permission is granted." + echo "โฌ†๏ธ Testing S3 PutObject permission..." + if ! aws s3 cp /tmp/test-permission.txt s3://nr-downloads-main/install/newrelic-cli/.permission-check-test.txt --profile virtuoso > /dev/null 2>&1; then + echo "::error::โŒ Failed to upload to S3 bucket. Please verify s3:PutObject permission." exit 1 fi + echo "โœ… PutObject permission verified" - # Clean up test file from S3 - aws s3 rm s3://nr-downloads-main/install/newrelic-cli/.permission-check-test.txt --profile virtuoso || true + echo "๐Ÿงน Cleaning up test artifacts..." + aws s3 rm s3://nr-downloads-main/install/newrelic-cli/.permission-check-test.txt --profile virtuoso > /dev/null 2>&1 || true rm -f /tmp/test-permission.txt - echo "โœ“ AWS S3 permissions verified successfully!" + echo "โœ… AWS S3 permissions validated successfully - ready for release artifact distribution!" - name: Publish Release shell: bash @@ -276,9 +279,9 @@ jobs: RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }} DEV_TOOLKIT_TOKEN: ${{ secrets.DEV_TOOLKIT_TOKEN }} CHOCOLATEY_API_KEY: ${{ secrets.CHOCOLATEY_API_KEY }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_ROLE_ARN: ${{ secrets.AWS_ROLE_ARN }} + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_V2 }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_V2 }} + AWS_ROLE_ARN: ${{ secrets.AWS_ROLE_ARN_V2 }} AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} snapshot: From 136a9c084ddb9403f3d496bbcc22fd857157f992 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 5 Nov 2025 19:10:11 +0000 Subject: [PATCH 6/7] Move test file to workflow_tester folder with timestamp suffix Co-authored-by: pranav-new-relic <127438038+pranav-new-relic@users.noreply.github.com> --- .github/workflows/release.yml | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d65bd6627..dd69aa0cb 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -90,18 +90,23 @@ jobs: echo "โœ… ListBucket permission verified" echo "๐Ÿ“ Creating test file for upload verification..." - echo "test-permission-check" > /tmp/test-permission.txt + TIMESTAMP=$(date -u +"%d-%m-%Y_T%H%M%S") + TEST_FILE_NAME="permission-check-${TIMESTAMP}.txt" + S3_TEST_PATH="s3://nr-downloads-main/install/newrelic-cli/workflow_tester/${TEST_FILE_NAME}" + echo "test-permission-check" > /tmp/${TEST_FILE_NAME} + echo "๐Ÿ•’ Test file: ${TEST_FILE_NAME}" echo "โฌ†๏ธ Testing S3 PutObject permission..." - if ! aws s3 cp /tmp/test-permission.txt s3://nr-downloads-main/install/newrelic-cli/.permission-check-test.txt --profile virtuoso > /dev/null 2>&1; then + if ! aws s3 cp /tmp/${TEST_FILE_NAME} ${S3_TEST_PATH} --profile virtuoso > /dev/null 2>&1; then echo "::error::โŒ Failed to upload to S3 bucket. Please verify s3:PutObject permission." + rm -f /tmp/${TEST_FILE_NAME} exit 1 fi echo "โœ… PutObject permission verified" echo "๐Ÿงน Cleaning up test artifacts..." - aws s3 rm s3://nr-downloads-main/install/newrelic-cli/.permission-check-test.txt --profile virtuoso > /dev/null 2>&1 || true - rm -f /tmp/test-permission.txt + aws s3 rm ${S3_TEST_PATH} --profile virtuoso > /dev/null 2>&1 || true + rm -f /tmp/${TEST_FILE_NAME} echo "โœ… AWS S3 permissions validated successfully - ready for release artifact distribution!" From d29f782ba7ad28d097e9ba405dc3e1e07c2fbfec Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 5 Nov 2025 19:14:18 +0000 Subject: [PATCH 7/7] Remove extra blank line after workflow_dispatch Co-authored-by: pranav-new-relic <127438038+pranav-new-relic@users.noreply.github.com> --- .github/workflows/release.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index dd69aa0cb..9ac29b751 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -6,7 +6,6 @@ permissions: write-all on: workflow_dispatch: - jobs: test: if: github.ref == 'refs/heads/main'