Skip to content

Commit dea6aea

Browse files
feat: Move to multiple distro and simplify ci (#194)
* chore: Move nightly config and add signign * chore: sign rpm/deb * feat: Refactoring ci to facilitate multiple distros * feat: Re-arrange configs * chore: Skips steps when running ci locally via act * chore: PR feedback * chore: Add helm back to ci * chore: Use correct arch locally * chore: Temporarily exclude k8s distro * fix: PR review changes * chore: Standardize arch for ci --------- Co-authored-by: kbauer <[email protected]>
1 parent ff87231 commit dea6aea

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

53 files changed

+2222
-1438
lines changed

.actrc

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
# .actrc
2+
--container-architecture=linux/arm64
3+
-P ubuntu-latest=catthehacker/ubuntu:act-latest
4+
-e event.json

.github/workflows/ci_nightly.yaml renamed to .github/workflows/ci-nightly.yaml

Lines changed: 35 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ on:
1313

1414
env:
1515
TEST_CLUSTER_NAME: ci-e2etest-nightly
16-
REGISTRY: ${{ secrets.OTELCOMM_AWS_TEST_ACC_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com/nr-otel-collector
16+
REGISTRY: ${{ secrets.OTELCOMM_AWS_TEST_ACC_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com
1717

1818
jobs:
1919
slow-tests:
@@ -39,15 +39,41 @@ jobs:
3939

4040
- uses: docker/setup-buildx-action@v2
4141

42+
- name: Import GPG key
43+
id: import_gpg
44+
uses: crazy-max/ghaction-import-gpg@v6
45+
with:
46+
gpg_private_key: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }}
47+
passphrase: ${{ secrets.OHAI_GPG_PASSPHRASE }}
48+
49+
- name: Write GPG to path in memory for signing rpm/deb
50+
id: write_gpg_to_path
51+
run: |
52+
GPG_KEY_PATH="$(mktemp /dev/shm/gpg.XXXXXX)"
53+
echo "$GPG_PRIVATE_KEY" | base64 -d >> "$GPG_KEY_PATH"
54+
echo "gpg_key_path=$GPG_KEY_PATH" >> $GITHUB_OUTPUT
55+
env:
56+
GPG_PRIVATE_KEY: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }}
57+
4258
- name: Build binaries & packages with GoReleaser
59+
id: goreleaser_snapshot
4360
uses: goreleaser/goreleaser-action@v6
61+
env:
62+
NFPM_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }}
63+
GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
64+
GPG_KEY_PATH: ${{ steps.write_gpg_to_path.outputs.gpg_key_path }}
65+
REGISTRY: "newrelic/nr-otel-collector"
4466
with:
4567
distribution: goreleaser
4668
version: '~> v2'
47-
args: --snapshot --clean --skip=sign --timeout 2h
69+
args: --snapshot --clean --skip=publish,validate --timeout 2h --config .goreleaser-nightly.yaml
70+
workdir: distributions/nr-otel-collector
71+
72+
- name: List contents of dist folder
73+
run: ls -la distributions/nr-otel-collector/dist
4874

4975
- name: Extract image version
50-
run: echo "version=$(jq -r '.version' dist/metadata.json)" >> $GITHUB_ENV
76+
run: echo "version=$(echo '${{ steps.goreleaser_snapshot.outputs.metadata }}' | jq -r '.version')" >> $GITHUB_ENV
5177

5278
- name: Setup local kind cluster
5379
uses: helm/kind-action@v1
@@ -58,7 +84,7 @@ jobs:
5884

5985
- name: Run slow local tests
6086
run: |
61-
IMAGE_TAG=${{ env.version }}-rc-amd64 \
87+
IMAGE_TAG=${{ env.version }}-nightly-amd64 \
6288
KIND_CLUSTER_NAME=${{ env.TEST_CLUSTER_NAME }} \
6389
NR_BACKEND_URL=${{ secrets.NR_STAGING_BACKEND_URL }} \
6490
NR_INGEST_KEY=${{ secrets.OTELCOMM_NR_INGEST_KEY }} \
@@ -83,10 +109,15 @@ jobs:
83109

84110
- name: Build and publish nightly binaries & packages with GoReleaser
85111
uses: goreleaser/goreleaser-action@v6
112+
env:
113+
NFPM_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }}
114+
GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
115+
GPG_KEY_PATH: ${{ steps.write_gpg_to_path.outputs.gpg_key_path }}
86116
with:
87117
distribution: goreleaser
88118
version: '~> v2'
89119
args: --skip=announce,validate --clean --timeout 2h --config .goreleaser-nightly.yaml
120+
workdir: distributions/nr-otel-collector
90121

91122
- name: Run nightly tests
92123
run: |

.github/workflows/ci-prerelease.yml

Lines changed: 0 additions & 75 deletions
This file was deleted.

.github/workflows/ci-release.yml

Lines changed: 0 additions & 53 deletions
This file was deleted.

.github/workflows/ci.yaml

Lines changed: 56 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,10 @@ jobs:
1717
build:
1818
name: Validate distributions build, third party libraries and security
1919
runs-on: ubuntu-latest
20+
strategy:
21+
matrix:
22+
dist:
23+
- nr-otel-collector
2024
steps:
2125
- name: Checkout
2226
uses: actions/checkout@v4
@@ -29,25 +33,60 @@ jobs:
2933
go-version: '1.23'
3034
check-latest: true
3135

36+
- name: Tidy go.mod files
37+
run: go mod tidy
38+
3239
- name: Verify build
33-
run: make ci
40+
run: make ci DISTRIBUTIONS=${{ matrix.dist }}
3441

35-
- name: Validate distributions third party libraries
36-
run: make licenses-check
42+
- name: Login to Docker
43+
uses: docker/login-action@v3
44+
if: ${{ env.ACT }}
45+
with:
46+
registry: docker.io
47+
username: ${{ secrets.OTELCOMM_DOCKER_HUB_USERNAME }}
48+
password: ${{ secrets.OTELCOMM_DOCKER_HUB_PASSWORD }}
3749

3850
- uses: docker/setup-qemu-action@v2
3951

4052
- uses: docker/setup-buildx-action@v2
4153

54+
- name: Import GPG key
55+
id: import_gpg
56+
uses: crazy-max/ghaction-import-gpg@v6
57+
with:
58+
gpg_private_key: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }}
59+
passphrase: ${{ secrets.OHAI_GPG_PASSPHRASE }}
60+
61+
- name: Write GPG to path in memory for signing rpm/deb
62+
id: write_gpg_to_path
63+
run: |
64+
GPG_KEY_PATH="$(mktemp /dev/shm/gpg.XXXXXX)"
65+
echo "$GPG_PRIVATE_KEY" | base64 -d >> "$GPG_KEY_PATH"
66+
echo "gpg_key_path=$GPG_KEY_PATH" >> $GITHUB_OUTPUT
67+
env:
68+
GPG_PRIVATE_KEY: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }}
69+
4270
- name: Build binaries & packages with GoReleaser
71+
id: goreleaser
4372
uses: goreleaser/goreleaser-action@v6
73+
env:
74+
NFPM_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }}
75+
GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
76+
GPG_KEY_PATH: ${{ steps.write_gpg_to_path.outputs.gpg_key_path }}
77+
REGISTRY: "newrelic/${{ matrix.dist }}"
4478
with:
4579
distribution: goreleaser
4680
version: '~> v2'
47-
args: --snapshot --clean --skip=sign --timeout 2h
81+
args: --snapshot --clean --skip=publish,validate --timeout 2h
82+
workdir: distributions/${{ matrix.dist }}
4883

49-
- name: Extract image version
50-
run: echo "version=$(jq -r '.version' dist/metadata.json)" >> $GITHUB_ENV
84+
- name: Extract image version and arch
85+
run: |
86+
VERSION=$(echo '${{ steps.goreleaser.outputs.metadata }}' | jq -r '.version')
87+
ARCH=$(echo '${{ runner.arch }}' | sed 's/X/amd/g')
88+
echo "version=$VERSION" >> $GITHUB_ENV
89+
echo "arch=${ARCH@L}" >> $GITHUB_ENV
5190
5291
- name: Setup local kind cluster
5392
uses: helm/kind-action@v1
@@ -56,28 +95,31 @@ jobs:
5695
cluster_name: ${{ env.TEST_CLUSTER_NAME }}
5796
wait: 60s
5897

98+
- uses: azure/[email protected]
99+
59100
- name: Run local e2e tests
60101
run: |
61-
IMAGE_TAG=${{ env.version }}-rc-amd64 \
102+
IMAGE_TAG=${{ env.version }}-${{ env.arch }} \
62103
KIND_CLUSTER_NAME=${{ env.TEST_CLUSTER_NAME }} \
63-
make -f ./test/e2e/Makefile ci_test-fast
104+
make -f ./test/e2e/Makefile ci_test-fast DISTRO=${{ matrix.dist }}
64105
65106
- name: Trivy security check
66-
uses: aquasecurity/trivy-action@0.28.0
107+
uses: aquasecurity/trivy-action@0.29.0
67108
with:
68-
image-ref: "newrelic/nr-otel-collector:${{ env.version }}-rc-amd64"
109+
image-ref: "newrelic/${{ matrix.dist }}:${{ env.version }}-${{ env.arch }}"
69110
format: 'table'
70111
exit-code: '1'
71112
ignore-unfixed: true
72113
vuln-type: 'os,library'
73114
severity: "HIGH,CRITICAL"
74115
env:
75-
# dbs are downloaded async in download_trivy_db.yml
76-
TRIVY_SKIP_DB_UPDATE: true
116+
# dbs are downloaded async in trivy-cache.yml
117+
TRIVY_SKIP_DB_UPDATE: ${{ !env.ACT }}
77118
TRIVY_SKIP_JAVA_DB_UPDATE: true
119+
78120
terraform:
79-
uses: ./.github/workflows/component_terraform.yml
80-
if: github.event.pull_request.user.login != 'dependabot[bot]'
121+
uses: ./.github/workflows/terraform.yml
122+
if: ${{ !github.event.act && github.event.pull_request.user.login != 'dependabot[bot]' }}
81123
with:
82124
branch: ${{ github.ref }}
83125
tf_work_subdir: permanent

0 commit comments

Comments
 (0)