Skip to content

Commit 9ff8d77

Browse files
mailo-nrkb-newrelicotelcomm-botrenovate[bot]emiliaFer
authored
chore: fips testing (#373)
* test: fix nightly (#363) * feat: add e2e tests for core distro (#364) * feat: add e2e tests for core distro * chore: merge host config with core collector * feat: Bump otel component versions from v0.128.0 to v0.131.0 (#357) * chore: prep release 1.3.0 (#365) * chore: Add nrdot-collector to release workflows (#366) * chore: Add missing ec2 nightly deploy (#367) * chore: Address cancelled deploy step (#370) * feat: Add spanprocessor to nrdot-collector (#371) * chore(deps): update helm release nr-k8s-otel-collector to v0.8.40 (#369) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * feat: Bump otel component versions from v0.131.0 to v0.132.0 (#368) * chore: fips testing * chore: test fips docker * chore: cleaning up fips changes --------- Co-authored-by: kb-newrelic <121687305+kb-newrelic@users.noreply.github.com> Co-authored-by: otelcomm-bot <svc-otelcomm-bot@newrelic.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Emilia Ferreyra <110185663+emiliaFer@users.noreply.github.com>
1 parent 7a18bf5 commit 9ff8d77

37 files changed

+1369
-135
lines changed

.github/workflows/ci-base.yaml

Lines changed: 15 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -73,18 +73,22 @@ jobs:
7373
- name: Verify build
7474
run: make ci DISTRIBUTIONS=${{ inputs.distribution }}
7575

76-
- name: Login to Docker
77-
uses: docker/login-action@v3
78-
if: ${{ env.ACT }}
79-
with:
80-
registry: docker.io
81-
username: ${{ secrets.docker_hub_username }}
82-
password: ${{ secrets.docker_hub_password }}
83-
8476
- uses: docker/setup-qemu-action@v2
8577

8678
- uses: docker/setup-buildx-action@v2
8779

80+
- name: Install cross-compilation toolchain
81+
if: inputs.fips == true
82+
run: |
83+
sudo apt-get update
84+
sudo apt-get install -y \
85+
gcc-aarch64-linux-gnu \
86+
g++-aarch64-linux-gnu \
87+
gcc-x86-64-linux-gnu \
88+
g++-x86-64-linux-gnu \
89+
libc6-dev-arm64-cross \
90+
libc6-dev-amd64-cross
91+
8892
- name: Import GPG key
8993
if: ${{github.event.pull_request.user.login != 'dependabot[bot]' }}
9094
id: import_gpg
@@ -126,7 +130,7 @@ jobs:
126130
with:
127131
distribution: goreleaser
128132
version: '~> v2'
129-
args: ${{ env.goreleaser_args }} --verbose
133+
args: ${{ env.goreleaser_args }}
130134
workdir: distributions/${{ inputs.distribution }}
131135

132136
- name: Extract relevant metadata
@@ -138,6 +142,8 @@ jobs:
138142
echo "arch=$ARCH" >> $GITHUB_ENV
139143
if [ ${{ inputs.nightly }} = "true" ]; then
140144
echo "image_tag=$VERSION-nightly-$ARCH" >> $GITHUB_ENV
145+
elif [ ${{ inputs.fips }} = "true" ]; then
146+
echo "image_tag=$VERSION-fips-$ARCH" >> $GITHUB_ENV
141147
else
142148
echo "image_tag=$VERSION-$ARCH" >> $GITHUB_ENV
143149
fi

.github/workflows/ci-nightly.yaml

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,10 @@ on:
66
# Scheduled to run in the morning (PT) on every day-of-week from Monday through Friday.
77
- cron: '0 15 * * 1-5'
88

9+
concurrency:
10+
group: ci-nightly
11+
cancel-in-progress: false
12+
913
env:
1014
REGISTRY: '${{ secrets.OTELCOMM_AWS_TEST_ACC_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com'
1115

@@ -15,6 +19,7 @@ jobs:
1519
strategy:
1620
matrix:
1721
distribution:
22+
- nrdot-collector
1823
- nrdot-collector-host
1924
- nrdot-collector-k8s
2025
uses: ./.github/workflows/ci-base.yaml
@@ -40,6 +45,7 @@ jobs:
4045
strategy:
4146
matrix:
4247
distribution:
48+
- nrdot-collector
4349
- nrdot-collector-host
4450
- nrdot-collector-k8s
4551
steps:
@@ -136,11 +142,9 @@ jobs:
136142
strategy:
137143
matrix:
138144
distribution:
145+
- nrdot-collector
139146
- nrdot-collector-host
140147
- nrdot-collector-k8s
141-
concurrency:
142-
# concurrency limit of 1 b/c failed tf job cancelling each other causes tf state and locks to corrupt
143-
group: deploy-nightly-terraform
144148
with:
145149
branch: ${{ github.ref }}
146150
tf_work_subdir: nightly
@@ -163,6 +167,7 @@ jobs:
163167
strategy:
164168
matrix:
165169
distribution:
170+
- nrdot-collector
166171
- nrdot-collector-host
167172
- nrdot-collector-k8s
168173
steps:

.github/workflows/release-draft.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,7 @@ jobs:
3838
strategy:
3939
matrix:
4040
distribution:
41+
- nrdot-collector
4142
- nrdot-collector-host
4243
- nrdot-collector-k8s
4344
steps:

.github/workflows/release-publish.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@ jobs:
1616
strategy:
1717
matrix:
1818
distribution:
19+
- nrdot-collector
1920
- nrdot-collector-host
2021
- nrdot-collector-k8s
2122

.github/workflows/security.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@ jobs:
1818
strategy:
1919
matrix:
2020
image:
21+
- nrdot-collector
2122
- nrdot-collector-host
2223
- nrdot-collector-k8s
2324
steps:

.gitignore

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
11
vendor
22
**/_build
3+
**/_build-fips
34
**/collections
45
**/roles
56
dist/
@@ -21,5 +22,6 @@ inventory
2122
.secrets
2223
.input
2324
.tools
25+
.scratch
2426

25-
test/**/charts/*.tgz
27+
test/**/charts/*.tgz

Makefile

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ GOTAGS := $(GOTAGS) netgo
99

1010
# SRC_ROOT is the top of the source tree.
1111
SRC_ROOT := $(shell git rev-parse --show-toplevel)
12-
OTELCOL_BUILDER_VERSION ?= 0.128.0
12+
OTELCOL_BUILDER_VERSION ?= 0.132.0
1313
OTELCOL_BUILDER_DIR ?= ${HOME}/bin
1414
OTELCOL_BUILDER ?= ${OTELCOL_BUILDER_DIR}/ocb
1515

@@ -33,7 +33,7 @@ build: build-fips
3333

3434
build-fips: go
3535
@$(MAKE) ocb CGO=1
36-
@./scripts/build.sh -d "${DISTRIBUTIONS}" -b ${OTELCOL_BUILDER} -c 1
36+
@./scripts/build.sh -d "${DISTRIBUTIONS}" -b ${OTELCOL_BUILDER}
3737

3838
generate: generate-sources generate-goreleaser
3939

Makefile.dev

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,12 @@ ci_custom_matrix:
77
act push -W .github/workflows/ci-fips.yaml \
88
--matrix distribution:nrdot-collector-k8s
99

10+
ci_custom_fips_matrix:
11+
@# repeat --matrix arg for multiple distros
12+
act push -W .github/workflows/ci-fips.yaml \
13+
--matrix distribution:nrdot-collector-k8s
14+
1015
ci_nightly_custom_matrix:
1116
@# repeat --matrix arg for multiple distros
1217
act schedule -W .github/workflows/ci-nightly.yaml \
13-
--matrix distribution:nrdot-collector-host
18+
--matrix distribution:nrdot-collector-host

cmd/goreleaser/internal/configure.go

Lines changed: 57 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -56,8 +56,8 @@ var (
5656
K8sDockerSkipArchs = map[string]bool{"arm": true, "386": true}
5757
K8sGoos = []string{"linux"}
5858
K8sArchs = []string{"amd64", "arm64"}
59-
FipsLdflags = []string{"-w", "-linkmode external", "-extldflags '-static'"}
60-
FipsGoTags = []string{"netgo"}
59+
FipsLdflags = []string{"-w", "-linkmode external", "-extldflags '-static'"}
60+
FipsGoTags = []string{"netgo"}
6161
)
6262

6363
func Generate(dist string, nightly bool, fips bool) config.Project {
@@ -182,6 +182,33 @@ func Build(dist string, fips bool) config.Build {
182182
}
183183
}
184184

185+
var buildDetailsOverrides []config.BuildDetailsOverride
186+
187+
cc := map[string]string{
188+
"amd64": "x86_64-linux-gnu-gcc",
189+
"arm64": "aarch64-linux-gnu-gcc",
190+
}
191+
192+
cxx := map[string]string{
193+
"amd64": "x86_64-linux-gnu-g++",
194+
"arm64": "aarch64-linux-gnu-g++",
195+
}
196+
197+
if fips {
198+
for _, arch := range archs {
199+
buildDetailsOverrides = append(buildDetailsOverrides, config.BuildDetailsOverride{
200+
Goos: goos[0],
201+
Goarch: arch,
202+
BuildDetails: config.BuildDetails{
203+
Env: []string{
204+
fmt.Sprint("CC=", cc[arch]),
205+
fmt.Sprint("CXX=", cxx[arch]),
206+
},
207+
},
208+
})
209+
}
210+
}
211+
185212
return config.Build{
186213
ID: dist,
187214
Dir: dir,
@@ -190,12 +217,12 @@ func Build(dist string, fips bool) config.Build {
190217
Env: []string{fmt.Sprint("CGO_ENABLED=", cgo), fmt.Sprint("GOEXPERIMENT=", goexperiment)},
191218
Flags: []string{"-trimpath"},
192219
Ldflags: ldflags,
193-
Tags: gotags,
220+
Tags: gotags,
194221
},
195-
Goos: goos,
196-
Goarch: archs,
197-
Ignore: ignoreBuild,
198-
BuildDetailsOverrides: overrides,
222+
BuildDetailsOverrides: buildDetailsOverrides,
223+
Goos: goos,
224+
Goarch: archs,
225+
Ignore: ignoreBuild,
199226
}
200227
}
201228

@@ -370,16 +397,22 @@ func DockerImage(dist string, nightly bool, arch string, armVersion string, fips
370397
}
371398

372399
if fips {
373-
dist = fmt.Sprint(dist, "-fips")
400+
prefixFormat = "%s/%s:{{ .Version }}-fips-%s"
374401
}
375402

376403
for _, prefix := range imagePrefixes {
377404
dockerArchTag := strings.ReplaceAll(dockerArchName, "/", "")
378405
imageTemplates = append(
379406
imageTemplates,
380407
fmt.Sprintf(prefixFormat, prefix, imageName(dist), dockerArchTag),
381-
fmt.Sprintf(latestPrefixFormat, prefix, imageName(dist), dockerArchTag),
382408
)
409+
410+
if !fips {
411+
imageTemplates = append(
412+
imageTemplates,
413+
fmt.Sprintf(latestPrefixFormat, prefix, imageName(dist), dockerArchTag),
414+
)
415+
}
383416
}
384417

385418
label := func(name, template string) string {
@@ -391,6 +424,12 @@ func DockerImage(dist string, nightly bool, arch string, armVersion string, fips
391424
files = append(files, configFile)
392425
}
393426
}
427+
428+
distName := dist
429+
if fips {
430+
distName = fmt.Sprintf("%s-fips", dist)
431+
}
432+
394433
return config.Docker{
395434
ImageTemplates: imageTemplates,
396435
Dockerfile: dockerFile,
@@ -405,7 +444,7 @@ func DockerImage(dist string, nightly bool, arch string, armVersion string, fips
405444
label("version", ".Version"),
406445
label("source", ".GitURL"),
407446
"--label=org.opencontainers.image.licenses=Apache-2.0",
408-
fmt.Sprint("--build-arg=DIST_NAME=", dist),
447+
fmt.Sprint("--build-arg=DIST_NAME=", distName),
409448
},
410449
Files: files,
411450
Goos: "linux",
@@ -424,7 +463,9 @@ func DockerManifests(dist string, nightly bool, fips bool) []config.DockerManife
424463
r = append(r, DockerManifest(prefix, "nightly", dist, nightly, fips))
425464
} else {
426465
r = append(r, DockerManifest(prefix, `{{ .Version }}`, dist, nightly, fips))
427-
r = append(r, DockerManifest(prefix, "latest", dist, nightly, fips))
466+
if !fips {
467+
r = append(r, DockerManifest(prefix, "latest", dist, nightly, fips))
468+
}
428469
}
429470
}
430471

@@ -436,14 +477,17 @@ func DockerManifests(dist string, nightly bool, fips bool) []config.DockerManife
436477
func DockerManifest(prefix, version, dist string, nightly bool, fips bool) config.DockerManifest {
437478
var imageTemplates []string
438479
prefixFormat := "%s/%s:%s-%s"
480+
nameFormat := "%s/%s:%s"
439481
k8sDistro := dist == K8sDistro
440482

441483
//if nightly {
442484
// prefixFormat = "%s/%s:%s-nightly-%s"
443485
//}
444486

445487
if fips {
446-
dist = fmt.Sprint(dist, "-fips")
488+
// dist = fmt.Sprint(dist, "-fips")
489+
prefixFormat = "%s/%s:%s-fips-%s"
490+
nameFormat = "%s/%s:%s-fips"
447491
}
448492

449493
for _, arch := range Architectures {
@@ -470,7 +514,7 @@ func DockerManifest(prefix, version, dist string, nightly bool, fips bool) confi
470514
}
471515

472516
return config.DockerManifest{
473-
NameTemplate: fmt.Sprintf("%s/%s:%s", prefix, imageName(dist), version),
517+
NameTemplate: fmt.Sprintf(nameFormat, prefix, imageName(dist), version),
474518
ImageTemplates: imageTemplates,
475519
}
476520
}

distributions/README.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -78,7 +78,7 @@ If a distribution provides linux packages (refer to its README), you can follow
7878
##### DEB Installation
7979
```bash
8080
export collector_distro="nrdot-collector-host"
81-
export collector_version="1.2.0"
81+
export collector_version="1.3.0"
8282
export collector_arch="amd64" # or arm64
8383
export license_key="YOUR_LICENSE_KEY"
8484

@@ -91,7 +91,7 @@ sudo systemctl reload-or-restart "${collector_distro}.service"
9191
### RPM Installation
9292
```bash
9393
export collector_distro="nrdot-collector-host"
94-
export collector_version="1.2.0"
94+
export collector_version="1.3.0"
9595
export collector_arch="x86_64" # or arm64
9696
export license_key="YOUR_LICENSE_KEY"
9797

@@ -105,7 +105,7 @@ sudo systemctl reload-or-restart "${collector_distro}.service"
105105
Archives contain the binary and the default configuration which is usually `config.yaml` unless the distro packages multiple defaults, e.g. `nrdot-collector-k8s`.
106106
```bash
107107
export collector_distro="nrdot-collector-host"
108-
export collector_version="1.2.0"
108+
export collector_version="1.3.0"
109109
export collector_arch="amd64" # or arm64
110110
export license_key="YOUR_LICENSE_KEY"
111111
curl "https://github.com/newrelic/nrdot-collector-releases/releases/download/${collector_version}/${collector_distro}_${collector_version}_linux_${collector_arch}.tar.gz" --location --output collector.tar.gz

0 commit comments

Comments
 (0)