17
17
build :
18
18
name : Validate distributions build, third party libraries and security
19
19
runs-on : ubuntu-latest
20
+ strategy :
21
+ matrix :
22
+ dist :
23
+ - nr-otel-collector
20
24
steps :
21
25
- name : Checkout
22
26
uses : actions/checkout@v4
@@ -29,25 +33,60 @@ jobs:
29
33
go-version : ' 1.23'
30
34
check-latest : true
31
35
36
+ - name : Tidy go.mod files
37
+ run : go mod tidy
38
+
32
39
- name : Verify build
33
- run : make ci
40
+ run : make ci DISTRIBUTIONS=${{ matrix.dist }}
34
41
35
- - name : Validate distributions third party libraries
36
- run : make licenses-check
42
+ - name : Login to Docker
43
+ uses : docker/login-action@v3
44
+ if : ${{ env.ACT }}
45
+ with :
46
+ registry : docker.io
47
+ username : ${{ secrets.OTELCOMM_DOCKER_HUB_USERNAME }}
48
+ password : ${{ secrets.OTELCOMM_DOCKER_HUB_PASSWORD }}
37
49
38
50
- uses : docker/setup-qemu-action@v2
39
51
40
52
- uses : docker/setup-buildx-action@v2
41
53
54
+ - name : Import GPG key
55
+ id : import_gpg
56
+ uses : crazy-max/ghaction-import-gpg@v6
57
+ with :
58
+ gpg_private_key : ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }}
59
+ passphrase : ${{ secrets.OHAI_GPG_PASSPHRASE }}
60
+
61
+ - name : Write GPG to path in memory for signing rpm/deb
62
+ id : write_gpg_to_path
63
+ run : |
64
+ GPG_KEY_PATH="$(mktemp /dev/shm/gpg.XXXXXX)"
65
+ echo "$GPG_PRIVATE_KEY" | base64 -d >> "$GPG_KEY_PATH"
66
+ echo "gpg_key_path=$GPG_KEY_PATH" >> $GITHUB_OUTPUT
67
+ env :
68
+ GPG_PRIVATE_KEY : ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }}
69
+
42
70
- name : Build binaries & packages with GoReleaser
71
+ id : goreleaser
43
72
uses : goreleaser/goreleaser-action@v6
73
+ env :
74
+ NFPM_PASSPHRASE : ${{ secrets.OHAI_GPG_PASSPHRASE }}
75
+ GPG_FINGERPRINT : ${{ steps.import_gpg.outputs.fingerprint }}
76
+ GPG_KEY_PATH : ${{ steps.write_gpg_to_path.outputs.gpg_key_path }}
77
+ REGISTRY : " newrelic/${{ matrix.dist }}"
44
78
with :
45
79
distribution : goreleaser
46
80
version : ' ~> v2'
47
- args : --snapshot --clean --skip=sign --timeout 2h
81
+ args : --snapshot --clean --skip=publish,validate --timeout 2h
82
+ workdir : distributions/${{ matrix.dist }}
48
83
49
- - name : Extract image version
50
- run : echo "version=$(jq -r '.version' dist/metadata.json)" >> $GITHUB_ENV
84
+ - name : Extract image version and arch
85
+ run : |
86
+ VERSION=$(echo '${{ steps.goreleaser.outputs.metadata }}' | jq -r '.version')
87
+ ARCH=$(echo '${{ runner.arch }}' | sed 's/X/amd/g')
88
+ echo "version=$VERSION" >> $GITHUB_ENV
89
+ echo "arch=${ARCH@L}" >> $GITHUB_ENV
51
90
52
91
- name : Setup local kind cluster
53
92
uses : helm/kind-action@v1
@@ -56,28 +95,31 @@ jobs:
56
95
cluster_name : ${{ env.TEST_CLUSTER_NAME }}
57
96
wait : 60s
58
97
98
+
99
+
59
100
- name : Run local e2e tests
60
101
run : |
61
- IMAGE_TAG=${{ env.version }}-rc-amd64 \
102
+ IMAGE_TAG=${{ env.version }}-${{ env.arch }} \
62
103
KIND_CLUSTER_NAME=${{ env.TEST_CLUSTER_NAME }} \
63
- make -f ./test/e2e/Makefile ci_test-fast
104
+ make -f ./test/e2e/Makefile ci_test-fast DISTRO=${{ matrix.dist }}
64
105
65
106
- name : Trivy security check
66
- uses : aquasecurity/trivy-action@0.28 .0
107
+ uses : aquasecurity/trivy-action@0.29 .0
67
108
with :
68
- image-ref : " newrelic/nr-otel-collector :${{ env.version }}-rc-amd64 "
109
+ image-ref : " newrelic/${{ matrix.dist }} :${{ env.version }}-${{ env.arch }} "
69
110
format : ' table'
70
111
exit-code : ' 1'
71
112
ignore-unfixed : true
72
113
vuln-type : ' os,library'
73
114
severity : " HIGH,CRITICAL"
74
115
env :
75
- # dbs are downloaded async in download_trivy_db .yml
76
- TRIVY_SKIP_DB_UPDATE : true
116
+ # dbs are downloaded async in trivy-cache .yml
117
+ TRIVY_SKIP_DB_UPDATE : ${{ !env.ACT }}
77
118
TRIVY_SKIP_JAVA_DB_UPDATE : true
119
+
78
120
terraform :
79
- uses : ./.github/workflows/component_terraform .yml
80
- if : github.event.pull_request.user.login != 'dependabot[bot]'
121
+ uses : ./.github/workflows/terraform .yml
122
+ if : ${{ ! github.event.act && github.event. pull_request.user.login != 'dependabot[bot]' }}
81
123
with :
82
124
branch : ${{ github.ref }}
83
125
tf_work_subdir : permanent
0 commit comments