1717 build :
1818 name : Validate distributions build, third party libraries and security
1919 runs-on : ubuntu-latest
20+ strategy :
21+ matrix :
22+ dist :
23+ - nr-otel-collector
2024 steps :
2125 - name : Checkout
2226 uses : actions/checkout@v4
@@ -29,25 +33,60 @@ jobs:
2933 go-version : ' 1.23'
3034 check-latest : true
3135
36+ - name : Tidy go.mod files
37+ run : go mod tidy
38+
3239 - name : Verify build
33- run : make ci
40+ run : make ci DISTRIBUTIONS=${{ matrix.dist }}
3441
35- - name : Validate distributions third party libraries
36- run : make licenses-check
42+ - name : Login to Docker
43+ uses : docker/login-action@v3
44+ if : ${{ env.ACT }}
45+ with :
46+ registry : docker.io
47+ username : ${{ secrets.OTELCOMM_DOCKER_HUB_USERNAME }}
48+ password : ${{ secrets.OTELCOMM_DOCKER_HUB_PASSWORD }}
3749
3850 - uses : docker/setup-qemu-action@v2
3951
4052 - uses : docker/setup-buildx-action@v2
4153
54+ - name : Import GPG key
55+ id : import_gpg
56+ uses : crazy-max/ghaction-import-gpg@v6
57+ with :
58+ gpg_private_key : ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }}
59+ passphrase : ${{ secrets.OHAI_GPG_PASSPHRASE }}
60+
61+ - name : Write GPG to path in memory for signing rpm/deb
62+ id : write_gpg_to_path
63+ run : |
64+ GPG_KEY_PATH="$(mktemp /dev/shm/gpg.XXXXXX)"
65+ echo "$GPG_PRIVATE_KEY" | base64 -d >> "$GPG_KEY_PATH"
66+ echo "gpg_key_path=$GPG_KEY_PATH" >> $GITHUB_OUTPUT
67+ env :
68+ GPG_PRIVATE_KEY : ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }}
69+
4270 - name : Build binaries & packages with GoReleaser
71+ id : goreleaser
4372 uses : goreleaser/goreleaser-action@v6
73+ env :
74+ NFPM_PASSPHRASE : ${{ secrets.OHAI_GPG_PASSPHRASE }}
75+ GPG_FINGERPRINT : ${{ steps.import_gpg.outputs.fingerprint }}
76+ GPG_KEY_PATH : ${{ steps.write_gpg_to_path.outputs.gpg_key_path }}
77+ REGISTRY : " newrelic/${{ matrix.dist }}"
4478 with :
4579 distribution : goreleaser
4680 version : ' ~> v2'
47- args : --snapshot --clean --skip=sign --timeout 2h
81+ args : --snapshot --clean --skip=publish,validate --timeout 2h
82+ workdir : distributions/${{ matrix.dist }}
4883
49- - name : Extract image version
50- run : echo "version=$(jq -r '.version' dist/metadata.json)" >> $GITHUB_ENV
84+ - name : Extract image version and arch
85+ run : |
86+ VERSION=$(echo '${{ steps.goreleaser.outputs.metadata }}' | jq -r '.version')
87+ ARCH=$(echo '${{ runner.arch }}' | sed 's/X/amd/g')
88+ echo "version=$VERSION" >> $GITHUB_ENV
89+ echo "arch=${ARCH@L}" >> $GITHUB_ENV
5190
5291name : Setup local kind cluster
5392 uses : helm/kind-action@v1
@@ -56,28 +95,31 @@ jobs:
5695 cluster_name : ${{ env.TEST_CLUSTER_NAME }}
5796 wait : 60s
5897
98+ 99+
59100 - name : Run local e2e tests
60101 run : |
61- IMAGE_TAG=${{ env.version }}-rc-amd64 \
102+ IMAGE_TAG=${{ env.version }}-${{ env.arch }} \
62103 KIND_CLUSTER_NAME=${{ env.TEST_CLUSTER_NAME }} \
63- make -f ./test/e2e/Makefile ci_test-fast
104+ make -f ./test/e2e/Makefile ci_test-fast DISTRO=${{ matrix.dist }}
64105
65106name : Trivy security check
66- uses : aquasecurity/trivy-action@0.28 .0
107+ uses : aquasecurity/trivy-action@0.29 .0
67108 with :
68- image-ref : " newrelic/nr-otel-collector :${{ env.version }}-rc-amd64 "
109+ image-ref : " newrelic/${{ matrix.dist }} :${{ env.version }}-${{ env.arch }} "
69110 format : ' table'
70111 exit-code : ' 1'
71112 ignore-unfixed : true
72113 vuln-type : ' os,library'
73114 severity : " HIGH,CRITICAL"
74115 env :
75- # dbs are downloaded async in download_trivy_db .yml
76- TRIVY_SKIP_DB_UPDATE : true
116+ # dbs are downloaded async in trivy-cache .yml
117+ TRIVY_SKIP_DB_UPDATE : ${{ !env.ACT }}
77118 TRIVY_SKIP_JAVA_DB_UPDATE : true
119+
78120 terraform :
79- uses : ./.github/workflows/component_terraform .yml
80- if : github.event.pull_request.user.login != 'dependabot[bot]'
121+ uses : ./.github/workflows/terraform .yml
122+ if : ${{ ! github.event.act && github.event. pull_request.user.login != 'dependabot[bot]' }}
81123 with :
82124 branch : ${{ github.ref }}
83125 tf_work_subdir : permanent
0 commit comments