chore(ci): leverage reusable workflow (#145)

* chore(ci): leverage reusable workflow

Author: paologallinaharbur

.github/workflows/on_prerelease.yaml

@@ -1,220 +1,15 @@
-name: Create prerelease artifacts
-
+name: Prerelease pipeline
 on:
   release:
     types:
       - prereleased
     tags:
       - 'v*'
 
-env:
-  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  INTEGRATION: "mysql"
-  ORIGINAL_REPO_NAME: ${{ github.event.repository.full_name }}
-  REPO_FULL_NAME: ${{ github.event.repository.full_name }}
-  TAG: ${{ github.event.release.tag_name }}
-
 jobs:
-  snyk:
-    name: Run security checks via snyk
-    runs-on: ubuntu-22.04
-    steps:
-      - uses: actions/checkout@v4
-      - name: Login to DockerHub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.OHAI_DOCKER_HUB_ID }}
-          password: ${{ secrets.OHAI_DOCKER_HUB_PASSWORD }}
-      - name: Scan code for vulnerabilities
-        env:
-          SNYK_TOKEN: ${{ secrets.COREINT_SNYK_TOKEN }}
-        run: make ci/snyk-test
-
-  test-nix:
-    name: Run unit tests on *Nix
-    runs-on: ubuntu-22.04
-    steps:
-      - uses: actions/checkout@v4
-      - name: Login to DockerHub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.OHAI_DOCKER_HUB_ID }}
-          password: ${{ secrets.OHAI_DOCKER_HUB_PASSWORD }}
-      - name: Unit tests
-        run: make ci/test
-
-  test-windows:
-    name: Run unit tests on Windows
-    runs-on: windows-2022
-    env:
-      GOPATH: ${{ github.workspace }}
-    defaults:
-      run:
-        working-directory: src/github.com/${{env.ORIGINAL_REPO_NAME}}
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          path: src/github.com/${{env.ORIGINAL_REPO_NAME}}
-      - name: Install Go
-        uses: actions/setup-go@v4
-        with:
-          go-version-file: "src/github.com/${{ env.ORIGINAL_REPO_NAME }}/go.mod"
-      - name: Running unit tests
-        shell: pwsh
-        run: |
-          .\build\windows\unit_tests.ps1
-
-  # can't run this step inside of container because of tests specific
-  
-  test-integration-nix:
-    name: Run integration tests on *Nix
-    runs-on: ubuntu-22.04
-    defaults:
-      run:
-        working-directory: src/github.com/${{env.ORIGINAL_REPO_NAME}}
-    steps:
-      - name: Check out code
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 1
-          path: src/github.com/${{env.ORIGINAL_REPO_NAME}}
-      - name: Install Go
-        uses: actions/setup-go@v4
-        with:
-          go-version-file: "src/github.com/${{ env.ORIGINAL_REPO_NAME }}/go.mod"
-      - name: Login to DockerHub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.OHAI_DOCKER_HUB_ID }}
-          password: ${{ secrets.OHAI_DOCKER_HUB_PASSWORD }}
-      - name: Integration test
-        env:
-          GOPATH: ${{ github.workspace }}
-        run: make integration-test
-
-  prerelease:
-    name: Build binary for *Nix/Win, create archives for *Nix/Win, create packages for *Nix, upload all artifacts into GH Release assets
-    runs-on: ubuntu-22.04
-    needs: [snyk, test-nix, test-windows, test-integration-nix]
-    steps:
-      - uses: actions/checkout@v4
-      - name: Login to DockerHub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.OHAI_DOCKER_HUB_ID }}
-          password: ${{ secrets.OHAI_DOCKER_HUB_PASSWORD }}
-      - name: Pre release
-        run: make ci/prerelease
-        env:
-          GPG_MAIL: 'infrastructure-eng@newrelic.com'
-          GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }}
-          GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded
-      - name: Test package installability
-        uses: newrelic/integrations-pkg-test-action/linux@v1
-        with:
-          tag: ${{ env.TAG }}
-          integration: nri-${{ env.INTEGRATION }}
-
-  package-win:
-    name: Create MSI & Upload into GH Release assets
-    runs-on: windows-2022
-    needs: [prerelease]
-    env:
-      GOPATH: ${{ github.workspace }}
-      PFX_CERTIFICATE_BASE64: ${{ secrets.OHAI_PFX_CERTIFICATE_BASE64 }} # base64 encoded
-      PFX_PASSPHRASE:  ${{ secrets.OHAI_PFX_PASSPHRASE }}
-      PFX_CERTIFICATE_DESCRIPTION: 'New Relic'
-    defaults:
-      run:
-        working-directory: src/github.com/${{env.ORIGINAL_REPO_NAME}}
-    strategy:
-      matrix:
-        goarch: [amd64,386]
-        test-upgrade: [true,false]
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          path: src/github.com/${{env.ORIGINAL_REPO_NAME}}
-      - name: Get PFX certificate from GH secrets
-        shell: bash
-        run: printf "%s" "$PFX_CERTIFICATE_BASE64" | base64 -d - > wincert.pfx
-      - name: Download zip from GH Release assets and extract .exe
-        shell: pwsh
-        run: |
-          build\windows\download_zip_extract_exe.ps1 "$env:INTEGRATION" ${{ matrix.goarch }} "$env:TAG" "$env:REPO_FULL_NAME"
-      - name: Create MSI
-        shell: pwsh
-        run: |
-          build\windows\package_msi.ps1 -integration "$env:INTEGRATION" -arch ${{ matrix.goarch }} -tag "$env:TAG" -pfx_passphrase "$env:PFX_PASSPHRASE" -pfx_certificate_description "$env:PFX_CERTIFICATE_DESCRIPTION"
-      - name: Test win packages installation
-        uses: newrelic/integrations-pkg-test-action/windows@v1
-        with:
-          tag: ${{ env.TAG }}
-          integration: nri-${{ env.INTEGRATION }}
-          arch: ${{ matrix.goarch }}
-          upgrade: ${{ matrix.test-upgrade }}
-      - name: Upload MSI to GH
-        # To avoid upload packages twice
-        if: startsWith(matrix.test-upgrade, 'false')
-        shell: bash
-        run: |
-          build/windows/upload_msi.sh ${INTEGRATION} ${{ matrix.goarch }} ${TAG}
-
-  publish-to-s3:
-    name: Send release assets to S3
-    runs-on: ubuntu-22.04
-    needs: [package-win]
-    steps:
-      - name: Login to DockerHub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.OHAI_DOCKER_HUB_ID }}
-          password: ${{ secrets.OHAI_DOCKER_HUB_PASSWORD }}
-      - name: Publish to S3 action
-        uses: newrelic/infrastructure-publish-action@v1
-        env:
-          AWS_S3_BUCKET_NAME: "nr-downloads-ohai-staging"
-          AWS_S3_LOCK_BUCKET_NAME: "onhost-ci-lock-staging"
-        with:
-          disable_lock: false
-          run_id: ${{ github.run_id }}
-          tag: ${{env.TAG}}
-          app_name: "nri-${{env.INTEGRATION}}"
-          repo_name: ${{ env.ORIGINAL_REPO_NAME }}
-          access_point_host: "staging"
-          # 'ohi' is for integrations
-          schema: "ohi"
-          aws_region: "us-east-1"
-          aws_role_arn: ${{ secrets.OHAI_AWS_ROLE_ARN_STAGING }}
-          aws_role_session_name: ${{ secrets.OHAI_AWS_ROLE_SESSION_NAME_STAGING }}
-          aws_access_key_id: ${{ secrets.OHAI_AWS_ACCESS_KEY_ID_STAGING }}
-          aws_secret_access_key: ${{ secrets.OHAI_AWS_SECRET_ACCESS_KEY_STAGING }}
-          aws_s3_bucket_name: ${{ env.AWS_S3_BUCKET_NAME }}
-          # used for locking in case of concurrent releases
-          aws_s3_lock_bucket_name: ${{ env.AWS_S3_LOCK_BUCKET_NAME }}
-          # used for signing package stuff
-          gpg_passphrase: ${{ secrets.OHAI_GPG_PASSPHRASE }}
-          gpg_private_key_base64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }}
-      - name: Test uploaded package installability
-        uses: newrelic/integrations-pkg-test-action/linux@v1
-        with:
-          tag: ${{ env.TAG }}
-          integration: nri-${{ env.INTEGRATION }}
-          packageLocation: repo
-          stagingRepo: true
-          upgrade: false
-
-
-  notify-failure:
-    if: ${{ always() && failure() }}
-    needs: [snyk, test-nix, test-windows, test-integration-nix, prerelease, package-win, publish-to-s3]
-    runs-on: ubuntu-latest
-    steps:
-      - name: Notify failure via Slack
-        uses: archive/github-actions-slack@master
-        with:
-          slack-bot-user-oauth-access-token: ${{ secrets.COREINT_SLACK_TOKEN }}
-          slack-channel: ${{ secrets.COREINT_SLACK_CHANNEL }}
-          slack-text: "❌ `${{ env.ORIGINAL_REPO_NAME }}`: [prerelease pipeline failed](${{ github.server_url }}/${{ env.ORIGINAL_REPO_NAME }}/actions/runs/${{ github.run_id }})."
+  pre-release:
+    uses: newrelic/coreint-automation/.github/workflows/reusable_pre_release.yaml@v2
+    with:
+      tag: ${{ github.event.release.tag_name }}
+      integration: mysql
+    secrets: inherit

.github/workflows/on_push_pr.yaml

@@ -1,125 +1,15 @@
-name: Push/PR
-
 on:
   push:
     branches:
       - main
       - master
       - renovate/**
   pull_request:
-
-env:
-  TAG: "v0.0.0" # needed for goreleaser windows builds
-  REPO_FULL_NAME: ${{ github.event.repository.full_name }}
-  ORIGINAL_REPO_NAME: "newrelic/nri-mysql"
-  DOCKER_LOGIN_AVAILABLE: ${{ secrets.OHAI_DOCKER_HUB_ID }}
+  workflow_dispatch:
 
 jobs:
-  static-analysis:
-    name: Run all static analysis checks
-    runs-on: ubuntu-22.04
-    steps:
-      - uses: actions/checkout@v4
-      - uses: newrelic/newrelic-infra-checkers@v1
-      - name: golangci-lint
-        uses: golangci/golangci-lint-action@v3
-        continue-on-error: ${{ github.event_name != 'pull_request' }}
-        with:
-          only-new-issues: true
-      - name: Check if CHANGELOG is valid
-        uses: newrelic/release-toolkit/validate-markdown@v1
-
-  snyk:
-    name: Run security checks via snyk
-    runs-on: ubuntu-22.04
-    env:
-      SNYK_TOKEN: ${{ secrets.COREINT_SNYK_TOKEN }}
-    steps:
-      - uses: actions/checkout@v4
-      - name: Login to DockerHub
-        if: ${{env.DOCKER_LOGIN_AVAILABLE}}
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.OHAI_DOCKER_HUB_ID }}
-          password: ${{ secrets.OHAI_DOCKER_HUB_PASSWORD }}
-      - name: Scan code for vulnerabilities
-        if: ${{env.SNYK_TOKEN}}
-        run: make ci/snyk-test
-
-  test-nix:
-    name: Run unit tests on *Nix
-    runs-on: ubuntu-22.04
-    steps:
-      - uses: actions/checkout@v4
-      - name: Login to DockerHub
-        if: ${{env.DOCKER_LOGIN_AVAILABLE}}
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.OHAI_DOCKER_HUB_ID }}
-          password: ${{ secrets.OHAI_DOCKER_HUB_PASSWORD }}
-      - name: Unit tests
-        run: make ci/test
-
-  test-windows:
-    name: Run unit tests on Windows
-    runs-on: windows-2022
-    env:
-      GOPATH: ${{ github.workspace }}
-    defaults:
-      run:
-        working-directory: src/github.com/${{env.ORIGINAL_REPO_NAME}}
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          path: src/github.com/${{env.ORIGINAL_REPO_NAME}}
-      - name: Install Go
-        uses: actions/setup-go@v4
-        with:
-          go-version-file: "src/github.com/${{ env.ORIGINAL_REPO_NAME }}/go.mod"
-      - name: Running unit tests
-        shell: pwsh
-        run: |
-          .\build\windows\unit_tests.ps1
-
-  # can't run this step inside of container because of tests specific
-  test-integration-nix:
-    name: Run integration tests on *Nix
-    runs-on: ubuntu-22.04
-    defaults:
-      run:
-        working-directory: src/github.com/${{env.ORIGINAL_REPO_NAME}}
-    steps:
-      - name: Check out code
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 1
-          path: src/github.com/${{env.ORIGINAL_REPO_NAME}}
-      - name: Install Go
-        uses: actions/setup-go@v4
-        with:
-          go-version-file: "src/github.com/${{ env.ORIGINAL_REPO_NAME }}/go.mod"
-      - name: Login to DockerHub
-        if: ${{env.DOCKER_LOGIN_AVAILABLE}}
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.OHAI_DOCKER_HUB_ID }}
-          password: ${{ secrets.OHAI_DOCKER_HUB_PASSWORD }}
-      - name: Integration test
-        env:
-          GOPATH: ${{ github.workspace }}
-        run: make integration-test
-
-  test-build:
-    name: Test binary compilation for all platforms:arch
-    runs-on: ubuntu-22.04
-    steps:
-      - uses: actions/checkout@v4
-      - name: Login to DockerHub
-        if: ${{env.DOCKER_LOGIN_AVAILABLE}}
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.OHAI_DOCKER_HUB_ID }}
-          password: ${{ secrets.OHAI_DOCKER_HUB_PASSWORD }}
-      - name: Build all platforms:arch
-        run: make ci/build
+  push-pr:
+    uses: newrelic/coreint-automation/.github/workflows/reusable_push_pr.yaml@v2
+    with:
+      integration: mysql
+    secrets: inherit

CHANGELOG.md

@@ -9,6 +9,9 @@ Unreleased section should follow [Release Toolkit](https://github.com/newrelic/r
 
 ## Unreleased
 
+### bugfix
+- Updated golang to version v1.21.7 to fix a vulnerability
+
 ## v1.10.4 - 2024-02-26
 
 ### ⛓️ Dependencies

build/Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.21.3-bookworm
+FROM golang:1.21.7-bookworm
 
 ARG GH_VERSION='1.9.2'
 

go.mod

@@ -1,6 +1,6 @@
 module github.com/newrelic/nri-mysql
 
-go 1.21
+go 1.21.7
 
 require (
 	github.com/bitly/go-simplejson v0.5.1
@@ -12,9 +12,7 @@ require (
 )
 
 require (
-	github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/kr/pretty v0.2.1 // indirect
 	github.com/kr/text v0.2.0 // indirect
 	github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e // indirect
 	github.com/pkg/errors v0.9.1 // indirect