newrelic · mailo-nr · Feb 4, 2025 · Jan 22, 2025 · Jan 23, 2025 · Jan 28, 2025
@@ -0,0 +1,4 @@
+# .actrc
+--container-architecture=linux/arm64
+-P ubuntu-latest=catthehacker/ubuntu:act-latest
+-e event.json
@@ -13,7 +13,7 @@ on:
 
 env:
   TEST_CLUSTER_NAME: ci-e2etest-nightly
-  REGISTRY: ${{ secrets.OTELCOMM_AWS_TEST_ACC_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com/nr-otel-collector
+  REGISTRY: ${{ secrets.OTELCOMM_AWS_TEST_ACC_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com
 
 jobs:
   slow-tests:
@@ -39,15 +39,41 @@ jobs:
 
       - uses: docker/setup-buildx-action@v2
 
+      - name: Import GPG key
+        id: import_gpg
+        uses: crazy-max/ghaction-import-gpg@v6
+        with:
+          gpg_private_key: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }}
+          passphrase: ${{ secrets.OHAI_GPG_PASSPHRASE }}
+
+      - name: Write GPG to path in memory for signing rpm/deb
+        id: write_gpg_to_path
+        run: |
+          GPG_KEY_PATH="$(mktemp /dev/shm/gpg.XXXXXX)"
+          echo "$GPG_PRIVATE_KEY" | base64 -d >> "$GPG_KEY_PATH"
+          echo "gpg_key_path=$GPG_KEY_PATH" >> $GITHUB_OUTPUT
+        env:
+          GPG_PRIVATE_KEY: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }}
+
       - name: Build binaries & packages with GoReleaser
+        id: goreleaser_snapshot
         uses: goreleaser/goreleaser-action@v6
+        env:
+          NFPM_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }}
+          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
+          GPG_KEY_PATH: ${{ steps.write_gpg_to_path.outputs.gpg_key_path }}
+          REGISTRY: "newrelic/nr-otel-collector"
         with:
           distribution: goreleaser
           version: '~> v2'
-          args: --snapshot --clean --skip=sign --timeout 2h
+          args: --snapshot --clean --skip=publish,validate --timeout 2h --config .goreleaser-nightly.yaml
+          workdir: distributions/nr-otel-collector
+
+      - name: List contents of dist folder
+        run: ls -la distributions/nr-otel-collector/dist
 
       - name: Extract image version
-        run: echo "version=$(jq -r '.version' dist/metadata.json)" >> $GITHUB_ENV
+        run: echo "version=$(echo '${{ steps.goreleaser_snapshot.outputs.metadata }}' | jq -r '.version')" >> $GITHUB_ENV
 
       - name: Setup local kind cluster
         uses: helm/kind-action@v1
@@ -58,7 +84,7 @@ jobs:
 
       - name: Run slow local tests
         run: |
-          IMAGE_TAG=${{ env.version }}-rc-amd64 \
+          IMAGE_TAG=${{ env.version }}-nightly-amd64 \
           KIND_CLUSTER_NAME=${{ env.TEST_CLUSTER_NAME }} \
           NR_BACKEND_URL=${{ secrets.NR_STAGING_BACKEND_URL }} \
           NR_INGEST_KEY=${{ secrets.OTELCOMM_NR_INGEST_KEY }} \
@@ -83,10 +109,15 @@ jobs:
 
       - name: Build and publish nightly binaries & packages with GoReleaser
         uses: goreleaser/goreleaser-action@v6
+        env:
+          NFPM_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }}
+          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
+          GPG_KEY_PATH: ${{ steps.write_gpg_to_path.outputs.gpg_key_path }}
         with:
           distribution: goreleaser
           version: '~> v2'
           args: --skip=announce,validate --clean --timeout 2h --config .goreleaser-nightly.yaml
+          workdir: distributions/nr-otel-collector
 
       - name: Run nightly tests
         run: |

@@ -17,6 +17,11 @@ jobs:
   build:
     name: Validate distributions build, third party libraries and security
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        dist:
+          - nr-otel-collector
+          - nrdot-collector-k8s
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -29,25 +34,55 @@ jobs:
           go-version: '1.23'
           check-latest: true
 
+      - name: Tidy go.mod files
+        run: go mod tidy
+
       - name: Verify build
-        run: make ci
+        run: make ci DISTRIBUTIONS=${{ matrix.dist }}
 
-      - name: Validate distributions third party libraries
-        run: make licenses-check
+      - name: Login to Docker
+        uses: docker/login-action@v3
+        with:
+          registry: docker.io
+          username: ${{ secrets.OTELCOMM_DOCKER_HUB_USERNAME }}
+          password: ${{ secrets.OTELCOMM_DOCKER_HUB_PASSWORD }}
 
       - uses: docker/setup-qemu-action@v2
 
       - uses: docker/setup-buildx-action@v2
 
+      - name: Import GPG key
+        id: import_gpg
+        uses: crazy-max/ghaction-import-gpg@v6
+        with:
+          gpg_private_key: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }}
+          passphrase: ${{ secrets.OHAI_GPG_PASSPHRASE }}
+
+      - name: Write GPG to path in memory for signing rpm/deb
+        id: write_gpg_to_path
+        run: |
+          GPG_KEY_PATH="$(mktemp /dev/shm/gpg.XXXXXX)"
+          echo "$GPG_PRIVATE_KEY" | base64 -d >> "$GPG_KEY_PATH"
+          echo "gpg_key_path=$GPG_KEY_PATH" >> $GITHUB_OUTPUT
+        env:
+          GPG_PRIVATE_KEY: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }}
+
       - name: Build binaries & packages with GoReleaser
+        id: goreleaser
         uses: goreleaser/goreleaser-action@v6
+        env:
+          NFPM_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }}
+          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
+          GPG_KEY_PATH: ${{ steps.write_gpg_to_path.outputs.gpg_key_path }}
+          REGISTRY: "newrelic/${{ matrix.dist }}"
         with:
           distribution: goreleaser
           version: '~> v2'
-          args: --snapshot --clean --skip=sign --timeout 2h
+          args: --snapshot --clean --skip=publish,validate --timeout 2h
+          workdir: distributions/${{ matrix.dist }}
 
       - name: Extract image version
-        run: echo "version=$(jq -r '.version' dist/metadata.json)" >> $GITHUB_ENV
+        run: echo "version=$(echo '${{ steps.goreleaser.outputs.metadata }}' | jq -r '.version')" >> $GITHUB_ENV
 
       - name: Setup local kind cluster
         uses: helm/kind-action@v1
@@ -56,28 +91,31 @@ jobs:
           cluster_name: ${{ env.TEST_CLUSTER_NAME }}
           wait: 60s
 
+      - uses: azure/[email protected]
+
       - name: Run local e2e tests
         run: |
-          IMAGE_TAG=${{ env.version }}-rc-amd64 \
+          IMAGE_TAG=${{ env.version }}-amd64 \
           KIND_CLUSTER_NAME=${{ env.TEST_CLUSTER_NAME }} \
-          make -f ./test/e2e/Makefile ci_test-fast
+          make -f ./test/e2e/Makefile ci_test-fast DISTRO=${{ matrix.dist }}
 
       - name: Trivy security check
-        uses: aquasecurity/trivy-action@0.28.0
+        uses: aquasecurity/trivy-action@0.29.0
         with:
-          image-ref: "newrelic/nr-otel-collector:${{ env.version }}-rc-amd64"
+          image-ref: "newrelic/${{ matrix.dist }}:${{ env.version }}-amd64"
           format: 'table'
           exit-code: '1'
           ignore-unfixed: true
           vuln-type: 'os,library'
           severity: "HIGH,CRITICAL"
         env:
-          # dbs are downloaded async in download_trivy_db.yml
-          TRIVY_SKIP_DB_UPDATE: true
+          # dbs are downloaded async in trivy-cache.yml
+          TRIVY_SKIP_DB_UPDATE: ${{ !env.ACT }}
           TRIVY_SKIP_JAVA_DB_UPDATE: true
+
   terraform:
-    uses: ./.github/workflows/component_terraform.yml
-    if: github.event.pull_request.user.login != 'dependabot[bot]'
+    uses: ./.github/workflows/terraform.yml
+    if: ${{ !github.event.act && github.event.pull_request.user.login != 'dependabot[bot]' }}
     with:
       branch: ${{ github.ref }}
       tf_work_subdir: permanent