Skip to content

Commit f7100d0

Browse files
committed
feat(fips): add fips compliant packages
1 parent dc8463e commit f7100d0

File tree

8 files changed

+116
-32
lines changed

8 files changed

+116
-32
lines changed

.github/workflows/on_prerelease.yaml

+1
Original file line numberDiff line numberDiff line change
@@ -12,4 +12,5 @@ jobs:
1212
with:
1313
tag: ${{ github.event.release.tag_name }}
1414
integration: mysql
15+
upload_fips_packages: true
1516
secrets: inherit

.github/workflows/on_release.yaml

+1
Original file line numberDiff line numberDiff line change
@@ -13,4 +13,5 @@ jobs:
1313
with:
1414
integration: mysql
1515
tag: ${{ github.event.release.tag_name }}
16+
upload_fips_packages: true
1617
secrets: inherit

Makefile

+2
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,8 @@ CONFIG_DIR = /etc/newrelic-infra/integrations.d
66
GO_FILES := ./src/
77
GOFLAGS = -mod=readonly
88
GOLANGCI_LINT = github.com/golangci/golangci-lint/cmd/golangci-lint
9+
GO_VERSION ?= $(shell grep '^go ' go.mod | awk '{print $$2}')
10+
BUILDER_IMAGE ?= "ghcr.io/newrelic/coreint-automation:latest-go$(GO_VERSION)-ubuntu16.04"
911

1012
all: build
1113

build/.goreleaser.yml

+89-4
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,6 @@
1+
---
2+
version: 2
3+
project_name: nri-mysql
14
builds:
25
- id: nri-mysql-nix
36
main: ./src
@@ -17,6 +20,26 @@ builds:
1720
ignore:
1821
- goos: darwin
1922
goarch: 386
23+
24+
- id: nri-mysql-nix-fips
25+
main: ./src
26+
binary: nri-mysql
27+
ldflags:
28+
- -s -w -X main.integrationVersion={{.Version}} -X main.gitCommit={{.Commit}} -X main.buildDate={{.Date}}
29+
env:
30+
- CGO_ENABLED=1
31+
- GOEXPERIMENT=boringcrypto
32+
- >-
33+
{{- if eq .Arch "arm64" -}}
34+
CC=aarch64-linux-gnu-gcc
35+
{{- end }}
36+
goos:
37+
- linux
38+
goarch:
39+
- amd64
40+
- arm64
41+
tags:
42+
- fips
2043

2144
- id: nri-mysql-win
2245
main: ./src
@@ -35,7 +58,8 @@ builds:
3558

3659
nfpms:
3760
- id: linux
38-
file_name_template: "{{ .ProjectName }}_{{ .Version }}-1_{{ .Arch }}"
61+
package_name: nri-mysql
62+
file_name_template: "{{ .PackageName }}_{{ .Version }}-1_{{ .Arch }}"
3963
vendor: "New Relic, Inc."
4064
homepage: "https://www.newrelic.com/infrastructure"
4165
maintainer: "New Relic Infrastructure Team <[email protected]>"
@@ -67,9 +91,59 @@ nfpms:
6791

6892
overrides:
6993
rpm:
70-
file_name_template: "{{ .ProjectName }}-{{ .Version }}-1.{{ .Arch }}"
71-
replacements:
72-
amd64: x86_64
94+
file_name_template: >-
95+
{{- .ProjectName }}-
96+
{{- .Version }}-1.
97+
{{- if eq .Arch "amd64" -}}x86_64
98+
{{- else -}}
99+
{{ .Arch }}
100+
{{- end }}
101+
102+
formats:
103+
- deb
104+
- rpm
105+
106+
- id: linux-fips
107+
package_name: nri-mysql-fips
108+
file_name_template: "{{ .PackageName }}_{{ .Version }}-1_{{ .Arch }}"
109+
vendor: "New Relic, Inc."
110+
homepage: "https://www.newrelic.com/infrastructure"
111+
maintainer: "New Relic Infrastructure Team <[email protected]>"
112+
description: "New Relic Infrastructure mysql Integration extend the core New Relic\nInfrastructure agent's capabilities to allow you to collect metric and\nlive state data from mysql components."
113+
license: "https://newrelic.com/terms (also see LICENSE installed with this package)"
114+
115+
builds:
116+
- nri-mysql-nix-fips
117+
118+
dependencies:
119+
- newrelic-infra (>= 1.20.0)
120+
121+
bindir: "/var/db/newrelic-infra/newrelic-integrations/bin"
122+
123+
contents:
124+
- src: "mysql-config.yml.sample"
125+
dst: "/etc/newrelic-infra/integrations.d/mysql-config.yml.sample"
126+
- src: "mysql-log.yml.example"
127+
dst: "/etc/newrelic-infra/logging.d/mysql-log.yml.example"
128+
- src: "CHANGELOG.md"
129+
dst: "/usr/share/doc/nri-mysql/CHANGELOG.md"
130+
- src: "README.md"
131+
dst: "/usr/share/doc/nri-mysql/README.md"
132+
- src: "LICENSE"
133+
dst: "/usr/share/doc/nri-mysql/LICENSE"
134+
- src: "legacy/mysql-definition.yml"
135+
dst: "/var/db/newrelic-infra/newrelic-integrations/mysql-definition.yml"
136+
type: config
137+
138+
overrides:
139+
rpm:
140+
file_name_template: >-
141+
{{- .ProjectName }}-fips-
142+
{{- .Version }}-1.
143+
{{- if eq .Arch "amd64" -}}x86_64
144+
{{- else -}}
145+
{{ .Arch }}
146+
{{- end }}
73147
74148
formats:
75149
- deb
@@ -87,6 +161,17 @@ archives:
87161
strip_parent: true
88162
format: tar.gz
89163

164+
- id: nri-mysql-nix-fips
165+
builds:
166+
- nri-mysql-nix-fips
167+
name_template: "{{ .ProjectName }}-fips_{{ .Os }}_{{ .Version }}_{{ .Arch }}_dirty"
168+
files:
169+
- mysql-config.yml.sample
170+
- src: 'legacy/mysql-definition.yml'
171+
dst: .
172+
strip_parent: true
173+
format: tar.gz
174+
90175
- id: nri-mysql-win
91176
builds:
92177
- nri-mysql-win

build/Dockerfile

-18
This file was deleted.

build/ci.mk

+8-6
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,10 @@
1-
BUILDER_TAG ?= nri-$(INTEGRATION)-builder
1+
.PHONY : ci/pull-builder-image
2+
ci/pull-builder-image:
3+
@docker pull $(BUILDER_IMAGE)
24

35
.PHONY : ci/deps
46
ci/deps:
5-
@docker build -t $(BUILDER_TAG) -f $(CURDIR)/build/Dockerfile $(CURDIR)
7+
ci/deps: ci/pull-builder-image
68

79
.PHONY : ci/debug-container
810
ci/debug-container: ci/deps
@@ -17,15 +19,15 @@ ci/debug-container: ci/deps
1719
-e GPG_MAIL \
1820
-e GPG_PASSPHRASE \
1921
-e GPG_PRIVATE_KEY_BASE64 \
20-
$(BUILDER_TAG) bash
22+
$(BUILDER_IMAGE) bash
2123

2224
.PHONY : ci/test
2325
ci/test: ci/deps
2426
@docker run --rm -t \
2527
--name "nri-$(INTEGRATION)-test" \
2628
-v $(CURDIR):/go/src/github.com/newrelic/nri-$(INTEGRATION) \
2729
-w /go/src/github.com/newrelic/nri-$(INTEGRATION) \
28-
$(BUILDER_TAG) make test
30+
$(BUILDER_IMAGE) make test
2931

3032
.PHONY : ci/snyk-test
3133
ci/snyk-test:
@@ -46,7 +48,7 @@ ifdef TAG
4648
-w /go/src/github.com/newrelic/nri-$(INTEGRATION) \
4749
-e INTEGRATION \
4850
-e TAG \
49-
$(BUILDER_TAG) make release/build
51+
$(BUILDER_IMAGE) make release/build
5052
else
5153
@echo "===> $(INTEGRATION) === [ci/build] TAG env variable expected to be set"
5254
exit 1
@@ -67,7 +69,7 @@ ifdef TAG
6769
-e GPG_MAIL \
6870
-e GPG_PASSPHRASE \
6971
-e GPG_PRIVATE_KEY_BASE64 \
70-
$(BUILDER_TAG) make release
72+
$(BUILDER_IMAGE) make release
7173
else
7274
@echo "===> $(INTEGRATION) === [ci/prerelease] TAG env variable expected to be set"
7375
exit 1

build/release.mk

+4-4
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
BUILD_DIR := ./bin/
2-
GORELEASER_VERSION := v0.174.1
2+
GORELEASER_VERSION := v2.4.4
33
GORELEASER_BIN ?= bin/goreleaser
44

55
bin:
@@ -27,10 +27,10 @@ release/deps: $(GORELEASER_BIN)
2727
release/build: release/deps release/clean
2828
ifeq ($(PRERELEASE), true)
2929
@echo "===> $(INTEGRATION) === [release/build] PRE-RELEASE compiling all binaries, creating packages, archives"
30-
@$(GORELEASER_BIN) release --config $(CURDIR)/build/.goreleaser.yml --rm-dist
30+
@$(GORELEASER_BIN) release --config $(CURDIR)/build/.goreleaser.yml --clean
3131
else
3232
@echo "===> $(INTEGRATION) === [release/build] build compiling all binaries"
33-
@$(GORELEASER_BIN) build --config $(CURDIR)/build/.goreleaser.yml --snapshot --rm-dist
33+
@$(GORELEASER_BIN) build --config $(CURDIR)/build/.goreleaser.yml --snapshot --clean
3434
endif
3535

3636
.PHONY : release/fix-archive
@@ -43,7 +43,7 @@ release/fix-archive:
4343
.PHONY : release/sign/nix
4444
release/sign/nix:
4545
@echo "===> $(INTEGRATION) === [release/sign] signing packages"
46-
@bash $(CURDIR)/build/nix/sign.sh
46+
@bash sign.sh
4747

4848

4949
.PHONY : release/publish

src/fips.go

+11
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
// Copyright 2025 New Relic Corporation. All rights reserved.
2+
// SPDX-License-Identifier: Apache-2.0
3+
4+
//go:build fips
5+
// +build fips
6+
7+
package main
8+
9+
import (
10+
_ "crypto/tls/fipsonly"
11+
)

0 commit comments

Comments
 (0)