Skip to content

Commit

Permalink
feat: Move to multiple distro and simplify ci (#194)
Browse files Browse the repository at this point in the history 
* chore: Move nightly config and add signign

* chore: sign rpm/deb

* feat: Refactoring ci to facilitate multiple distros

* feat: Re-arrange configs

* chore: Skips steps when running ci locally via act

* chore: PR feedback

* chore: Add helm back to ci

* chore: Use correct arch locally

* chore: Temporarily exclude k8s distro

* fix: PR review changes

* chore: Standardize arch for ci

---------

Co-authored-by: kbauer <[email protected]>
  • Loading branch information
@mailo-nr @kb-newrelic
mailo-nr and kb-newrelic authored Feb 4, 2025
1 parent ff87231 commit dea6aea
Show file tree
Hide file tree
Showing 53 changed files with 2,222 additions and 1,438 deletions.
4 changes: 4 additions & 0 deletions .actrc
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# .actrc
--container-architecture=linux/arm64
-P ubuntu-latest=catthehacker/ubuntu:act-latest
-e event.json
39 changes: 35 additions & 4 deletions .github/workflows/ci_nightly.yaml → .github/workflows/ci-nightly.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ on:

env:
TEST_CLUSTER_NAME: ci-e2etest-nightly
REGISTRY: ${{ secrets.OTELCOMM_AWS_TEST_ACC_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com/nr-otel-collector
REGISTRY: ${{ secrets.OTELCOMM_AWS_TEST_ACC_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com

jobs:
slow-tests:
Expand All @@ -39,15 +39,41 @@ jobs:

- uses: docker/setup-buildx-action@v2

- name: Import GPG key
id: import_gpg
uses: crazy-max/ghaction-import-gpg@v6
with:
gpg_private_key: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }}
passphrase: ${{ secrets.OHAI_GPG_PASSPHRASE }}

- name: Write GPG to path in memory for signing rpm/deb
id: write_gpg_to_path
run: |
GPG_KEY_PATH="$(mktemp /dev/shm/gpg.XXXXXX)"
echo "$GPG_PRIVATE_KEY" | base64 -d >> "$GPG_KEY_PATH"
echo "gpg_key_path=$GPG_KEY_PATH" >> $GITHUB_OUTPUT
env:
GPG_PRIVATE_KEY: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }}

- name: Build binaries & packages with GoReleaser
id: goreleaser_snapshot
uses: goreleaser/goreleaser-action@v6
env:
NFPM_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }}
GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
GPG_KEY_PATH: ${{ steps.write_gpg_to_path.outputs.gpg_key_path }}
REGISTRY: "newrelic/nr-otel-collector"
with:
distribution: goreleaser
version: '~> v2'
args: --snapshot --clean --skip=sign --timeout 2h
args: --snapshot --clean --skip=publish,validate --timeout 2h --config .goreleaser-nightly.yaml
workdir: distributions/nr-otel-collector

- name: List contents of dist folder
run: ls -la distributions/nr-otel-collector/dist

- name: Extract image version
run: echo "version=$(jq -r '.version' dist/metadata.json)" >> $GITHUB_ENV
run: echo "version=$(echo '${{ steps.goreleaser_snapshot.outputs.metadata }}' | jq -r '.version')" >> $GITHUB_ENV

- name: Setup local kind cluster
uses: helm/kind-action@v1
Expand All @@ -58,7 +84,7 @@ jobs:

- name: Run slow local tests
run: |
IMAGE_TAG=${{ env.version }}-rc-amd64 \
IMAGE_TAG=${{ env.version }}-nightly-amd64 \
KIND_CLUSTER_NAME=${{ env.TEST_CLUSTER_NAME }} \
NR_BACKEND_URL=${{ secrets.NR_STAGING_BACKEND_URL }} \
NR_INGEST_KEY=${{ secrets.OTELCOMM_NR_INGEST_KEY }} \
Expand All @@ -83,10 +109,15 @@ jobs:

- name: Build and publish nightly binaries & packages with GoReleaser
uses: goreleaser/goreleaser-action@v6
env:
NFPM_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }}
GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
GPG_KEY_PATH: ${{ steps.write_gpg_to_path.outputs.gpg_key_path }}
with:
distribution: goreleaser
version: '~> v2'
args: --skip=announce,validate --clean --timeout 2h --config .goreleaser-nightly.yaml
workdir: distributions/nr-otel-collector

- name: Run nightly tests
run: |
Expand Down
75 changes: 0 additions & 75 deletions .github/workflows/ci-prerelease.yml
View file

This file was deleted.

53 changes: 0 additions & 53 deletions .github/workflows/ci-release.yml
View file

This file was deleted.

70 changes: 56 additions & 14 deletions .github/workflows/ci.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,10 @@ jobs:
build:
name: Validate distributions build, third party libraries and security
runs-on: ubuntu-latest
strategy:
matrix:
dist:
- nr-otel-collector
steps:
- name: Checkout
uses: actions/checkout@v4
Expand All @@ -29,25 +33,60 @@ jobs:
go-version: '1.23'
check-latest: true

- name: Tidy go.mod files
run: go mod tidy

- name: Verify build
run: make ci
run: make ci DISTRIBUTIONS=${{ matrix.dist }}

- name: Validate distributions third party libraries
run: make licenses-check
- name: Login to Docker
uses: docker/login-action@v3
if: ${{ env.ACT }}
with:
registry: docker.io
username: ${{ secrets.OTELCOMM_DOCKER_HUB_USERNAME }}
password: ${{ secrets.OTELCOMM_DOCKER_HUB_PASSWORD }}

- uses: docker/setup-qemu-action@v2

- uses: docker/setup-buildx-action@v2

- name: Import GPG key
id: import_gpg
uses: crazy-max/ghaction-import-gpg@v6
with:
gpg_private_key: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }}
passphrase: ${{ secrets.OHAI_GPG_PASSPHRASE }}

- name: Write GPG to path in memory for signing rpm/deb
id: write_gpg_to_path
run: |
GPG_KEY_PATH="$(mktemp /dev/shm/gpg.XXXXXX)"
echo "$GPG_PRIVATE_KEY" | base64 -d >> "$GPG_KEY_PATH"
echo "gpg_key_path=$GPG_KEY_PATH" >> $GITHUB_OUTPUT
env:
GPG_PRIVATE_KEY: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }}

- name: Build binaries & packages with GoReleaser
id: goreleaser
uses: goreleaser/goreleaser-action@v6
env:
NFPM_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }}
GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
GPG_KEY_PATH: ${{ steps.write_gpg_to_path.outputs.gpg_key_path }}
REGISTRY: "newrelic/${{ matrix.dist }}"
with:
distribution: goreleaser
version: '~> v2'
args: --snapshot --clean --skip=sign --timeout 2h
args: --snapshot --clean --skip=publish,validate --timeout 2h
workdir: distributions/${{ matrix.dist }}

- name: Extract image version
run: echo "version=$(jq -r '.version' dist/metadata.json)" >> $GITHUB_ENV
- name: Extract image version and arch
run: |
VERSION=$(echo '${{ steps.goreleaser.outputs.metadata }}' | jq -r '.version')
ARCH=$(echo '${{ runner.arch }}' | sed 's/X/amd/g')
echo "version=$VERSION" >> $GITHUB_ENV
echo "arch=${ARCH@L}" >> $GITHUB_ENV
- name: Setup local kind cluster
uses: helm/kind-action@v1
Expand All @@ -56,28 +95,31 @@ jobs:
cluster_name: ${{ env.TEST_CLUSTER_NAME }}
wait: 60s

- uses: azure/[email protected]

- name: Run local e2e tests
run: |
IMAGE_TAG=${{ env.version }}-rc-amd64 \
IMAGE_TAG=${{ env.version }}-${{ env.arch }} \
KIND_CLUSTER_NAME=${{ env.TEST_CLUSTER_NAME }} \
make -f ./test/e2e/Makefile ci_test-fast
make -f ./test/e2e/Makefile ci_test-fast DISTRO=${{ matrix.dist }}
- name: Trivy security check
uses: aquasecurity/trivy-action@0.28.0
uses: aquasecurity/trivy-action@0.29.0
with:
image-ref: "newrelic/nr-otel-collector:${{ env.version }}-rc-amd64"
image-ref: "newrelic/${{ matrix.dist }}:${{ env.version }}-${{ env.arch }}"
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: "HIGH,CRITICAL"
env:
# dbs are downloaded async in download_trivy_db.yml
TRIVY_SKIP_DB_UPDATE: true
# dbs are downloaded async in trivy-cache.yml
TRIVY_SKIP_DB_UPDATE: ${{ !env.ACT }}
TRIVY_SKIP_JAVA_DB_UPDATE: true

terraform:
uses: ./.github/workflows/component_terraform.yml
if: github.event.pull_request.user.login != 'dependabot[bot]'
uses: ./.github/workflows/terraform.yml
if: ${{ !github.event.act && github.event.pull_request.user.login != 'dependabot[bot]' }}
with:
branch: ${{ github.ref }}
tf_work_subdir: permanent
Expand Down
Loading

0 comments on commit dea6aea

Please sign in to comment.