[CI] add az-sync github action to handle secrets #6560
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - 'main' | |
| - 'release-*' | |
| paths-ignore: | |
| - "**.md" | |
| - "docs/**" | |
| - "hugo/**" | |
| pull_request: | |
| types: | |
| - opened | |
| - reopened | |
| - synchronize | |
| permissions: | |
| contents: read | |
| env: | |
| NFPM_VERSION: 'v2.35.3' | |
| GOPROXY: "direct" | |
| jobs: | |
| cache-dependencies: | |
| name: Cache Dependencies | |
| runs-on: ubuntu-22.04 | |
| if: github.ref == 'refs/heads/main' | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| fetch-tags: 'true' | |
| - name: Get Secrets from Azure Key Vault | |
| uses: ./.github/actions/az-sync | |
| with: | |
| az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }} | |
| az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }} | |
| az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }} | |
| keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }} | |
| secrets-filter: 'artifactory' | |
| - name: Configure Go Proxy | |
| uses: ./.github/actions/configure-goproxy | |
| - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: false | |
| - name: Download Go modules | |
| run: go mod download | |
| - name: Setup Build Environment | |
| run: go install github.com/goreleaser/nfpm/v2/cmd/nfpm@${{ env.NFPM_VERSION }} | |
| - name: Fix golang dependency permissions | |
| run: chmod -R 0755 ~/go/pkg/mod ~/.cache/go-build | |
| - uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go- | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - name: Get Secrets from Azure Key Vault | |
| uses: ./.github/actions/az-sync | |
| with: | |
| az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }} | |
| az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }} | |
| az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }} | |
| keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }} | |
| secrets-filter: 'artifactory' | |
| - name: Configure Go Proxy | |
| uses: ./.github/actions/configure-goproxy | |
| - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: false | |
| - uses: actions/cache/restore@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go- | |
| - name: Lint Go | |
| uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9.2.0 | |
| with: | |
| version: v2.4.0 | |
| vulnerability-scan: | |
| name: Vulnerability Scan | |
| uses: ./.github/workflows/vulncheck.yml | |
| permissions: | |
| security-events: write | |
| with: | |
| target-branch: ${{ github.event.pull_request.base.ref || github.ref_name }} | |
| unit-test: | |
| name: Unit Tests | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| id-token: write | |
| contents: write | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - name: Get Secrets from Azure Key Vault | |
| uses: ./.github/actions/az-sync | |
| with: | |
| az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }} | |
| az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }} | |
| az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }} | |
| keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }} | |
| secrets-filter: 'artifactory' | |
| - name: Configure Go Proxy | |
| uses: ./.github/actions/configure-goproxy | |
| - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: false | |
| - uses: actions/cache/restore@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go- | |
| - name: Run Unit Tests | |
| run: make unit-test | |
| - name: Uplaod Test Coverage | |
| uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2 | |
| with: | |
| files: ./build/test/coverage.out | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| race-condition-test: | |
| name: Unit tests with race condition detection | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - name: Get Secrets from Azure Key Vault | |
| uses: ./.github/actions/az-sync | |
| with: | |
| az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }} | |
| az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }} | |
| az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }} | |
| keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }} | |
| secrets-filter: 'artifactory' | |
| - name: Configure Go Proxy | |
| uses: ./.github/actions/configure-goproxy | |
| - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: false | |
| - uses: actions/cache/restore@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go- | |
| - name: Run unit tests with race condition detection | |
| run: make race-condition-test | |
| build-unsigned-snapshot: | |
| name: Build Unsigned Snapshot | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| fetch-tags: 'true' | |
| - name: Get Secrets from Azure Key Vault | |
| uses: ./.github/actions/az-sync | |
| with: | |
| az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }} | |
| az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }} | |
| az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }} | |
| keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }} | |
| secrets-filter: 'artifactory' | |
| - name: Configure Go Proxy | |
| uses: ./.github/actions/configure-goproxy | |
| - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: false | |
| - name: Download Go modules | |
| run: go mod download | |
| - name: Setup Build Environment | |
| run: go install github.com/goreleaser/nfpm/v2/cmd/nfpm@${{ env.NFPM_VERSION }} | |
| - name: Fix golang dependency permissions | |
| run: chmod -R 0755 ~/go/pkg/mod ~/.cache/go-build | |
| - uses: actions/cache/restore@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go- | |
| - name: Build Packages | |
| run: | | |
| make clean local-deb-package local-rpm-package local-apk-package | |
| - name: Upload Artifacts | |
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 | |
| with: | |
| name: nginx-agent-unsigned-snapshots | |
| path: build | |
| retention-days: 1 | |
| integration-tests: | |
| name: Integration Tests | |
| needs: build-unsigned-snapshot | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| id-token: write | |
| strategy: | |
| matrix: | |
| container: | |
| - image: "ubuntu" | |
| version: "24.04" | |
| - image: "redhatenterprise" | |
| version: "9" | |
| - image: "alpine" | |
| version: "3.23" | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - name: Get Secrets from Azure Key Vault | |
| uses: ./.github/actions/az-sync | |
| with: | |
| az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }} | |
| az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }} | |
| az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }} | |
| keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }} | |
| secrets-filter: 'artifactory' | |
| - name: Configure Go Proxy | |
| uses: ./.github/actions/configure-goproxy | |
| - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: false | |
| - uses: actions/cache/restore@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go- | |
| - name: Download Packages | |
| uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 | |
| with: | |
| name: nginx-agent-unsigned-snapshots | |
| path: build | |
| - name: Create Results Directory | |
| run: mkdir -p ${{ github.workspace }}/test/dashboard/logs/${{ github.job }}/${{matrix.container.image}}-${{matrix.container.version}} | |
| - name: Start Promtail | |
| uses: ./.github/actions/start-promtail | |
| with: | |
| loki_url: ${{ secrets.LOKI_DASHBOARD_URL }} | |
| - name: Run Integration Tests | |
| run: | | |
| go install github.com/goreleaser/nfpm/v2/cmd/nfpm@${{ env.NFPM_VERSION }} | |
| OS_RELEASE="${{ matrix.container.image }}" OS_VERSION="${{ matrix.container.version }}" \ | |
| make integration-test | tee ${{github.workspace}}/test/dashboard/logs/${{github.job}}/${{matrix.container.image}}-${{matrix.container.version}}/raw_logs.log | |
| exit "${PIPESTATUS[0]}" | |
| - name: Format Results | |
| if: always() | |
| run: bash ./scripts/dashboard/format_results.sh ${{job.status}} ${{github.job}}/${{matrix.container.image}}-${{matrix.container.version}} ${{github.workspace}} | |
| upgrade-tests: | |
| name: Upgrade Tests | |
| needs: build-unsigned-snapshot | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| id-token: write | |
| strategy: | |
| matrix: | |
| container: | |
| - image: "ubuntu" | |
| version: "24.04" | |
| - image: "redhatenterprise" | |
| version: "9" | |
| - image: "alpine" | |
| version: "3.22" | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - name: Get Secrets from Azure Key Vault | |
| uses: ./.github/actions/az-sync | |
| with: | |
| az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }} | |
| az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }} | |
| az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }} | |
| keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }} | |
| secrets-filter: 'artifactory' | |
| - name: Configure Go Proxy | |
| uses: ./.github/actions/configure-goproxy | |
| - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: false | |
| - uses: actions/cache/restore@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go- | |
| - name: Download Packages | |
| uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 | |
| with: | |
| name: nginx-agent-unsigned-snapshots | |
| path: build | |
| - name: Create Results Directory | |
| run: mkdir -p ${{ github.workspace }}/test/dashboard/logs/${{ github.job }}/${{matrix.container.image}}-${{matrix.container.version}} | |
| - name: Start Promtail | |
| uses: ./.github/actions/start-promtail | |
| with: | |
| loki_url: ${{ secrets.LOKI_DASHBOARD_URL }} | |
| - name: Run Upgrade Tests | |
| run: | | |
| go install github.com/goreleaser/nfpm/v2/cmd/nfpm@${{ env.NFPM_VERSION }} | |
| OS_RELEASE="${{ matrix.container.image }}" OS_VERSION="${{ matrix.container.version }}" \ | |
| make upgrade-test | tee ${{github.workspace}}/test/dashboard/logs/${{github.job}}/${{matrix.container.image}}-${{matrix.container.version}}/raw_logs.log | |
| exit "${PIPESTATUS[0]}" | |
| - name: Format Results | |
| if: always() | |
| run: bash ./scripts/dashboard/format_results.sh ${{job.status}} ${{github.job}}/${{matrix.container.image}}-${{matrix.container.version}} ${{github.workspace}} | |
| official-oss-image-integration-tests: | |
| name: Integration Tests - Official OSS Images | |
| needs: build-unsigned-snapshot | |
| if: ${{ !github.event.pull_request.head.repo.fork && !startsWith(github.head_ref, 'dependabot-') }} | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| id-token: write | |
| strategy: | |
| matrix: | |
| container: | |
| - image: "bookworm" | |
| version: "stable" | |
| release: "debian" | |
| - image: "bookworm" | |
| version: "mainline" | |
| release: "debian" | |
| - image: "alpine" | |
| version: "stable" | |
| release: "alpine" | |
| - image: "alpine" | |
| version: "mainline" | |
| release: "alpine" | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - name: Get Secrets from Azure Key Vault | |
| uses: ./.github/actions/az-sync | |
| with: | |
| az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }} | |
| az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }} | |
| az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }} | |
| keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }} | |
| secrets-filter: 'artifactory' | |
| - name: Configure Go Proxy | |
| uses: ./.github/actions/configure-goproxy | |
| - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: false | |
| - uses: actions/cache/restore@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go- | |
| - name: Download Packages | |
| uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 | |
| with: | |
| name: nginx-agent-unsigned-snapshots | |
| path: build | |
| - name: Create Results Directory | |
| run: mkdir -p ${{ github.workspace }}/test/dashboard/logs/${{ github.job }}/${{matrix.container.image}}-${{matrix.container.version}} | |
| - name: Start Promtail | |
| uses: ./.github/actions/start-promtail | |
| with: | |
| loki_url: ${{ secrets.LOKI_DASHBOARD_URL }} | |
| - name: Run Integration Tests | |
| run: | | |
| go install github.com/goreleaser/nfpm/v2/cmd/nfpm@${{ env.NFPM_VERSION }} | |
| CONTAINER_NGINX_IMAGE_REGISTRY="docker-registry.nginx.com" \ | |
| TAG="${{ matrix.container.version }}-${{ matrix.container.image }}" \ | |
| OS_RELEASE="${{ matrix.container.release }}" OS_VERSION="${{ matrix.container.version }}" \ | |
| make official-image-integration-test | tee ${{github.workspace}}/test/dashboard/logs/${{github.job}}/${{matrix.container.image}}-${{matrix.container.version}}/raw_logs.log | |
| exit "${PIPESTATUS[0]}" | |
| - name: Format Results | |
| if: always() | |
| run: bash ./scripts/dashboard/format_results.sh ${{job.status}} ${{github.job}}/${{matrix.container.image}}-${{matrix.container.version}} ${{github.workspace}} | |
| official-plus-image-integration-tests: | |
| name: Integration Tests - Official Plus Images | |
| needs: build-unsigned-snapshot | |
| if: ${{ !github.event.pull_request.head.repo.fork && !startsWith(github.head_ref, 'dependabot-') }} | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| id-token: write | |
| strategy: | |
| matrix: | |
| container: | |
| - image: "alpine" | |
| version: "3.22" | |
| plus: "r35" | |
| release: "alpine" | |
| path: "/nginx-plus/agent" | |
| - image: "alpine" | |
| version: "3.21" | |
| plus: "r34" | |
| release: "alpine" | |
| path: "/nginx-plus/agent" | |
| - image: "debian" | |
| version: "bookworm" | |
| plus: "r35" | |
| release: "debian" | |
| path: "/nginx-plus/agent" | |
| - image: "debian" | |
| version: "bookworm" | |
| plus: "r34" | |
| release: "debian" | |
| path: "/nginx-plus/agent" | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - name: Get Secrets from Azure Key Vault | |
| uses: ./.github/actions/az-sync | |
| with: | |
| az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }} | |
| az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }} | |
| az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }} | |
| keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }} | |
| secrets-filter: 'artifactory' | |
| - name: Configure Go Proxy | |
| uses: ./.github/actions/configure-goproxy | |
| - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: false | |
| - uses: actions/cache/restore@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go- | |
| - name: Download Packages | |
| uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 | |
| with: | |
| name: nginx-agent-unsigned-snapshots | |
| path: build | |
| - name: Login to Docker Registry | |
| uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 | |
| with: | |
| registry: ${{ secrets.TEST_REGISTRY_URL }} | |
| username: ${{ secrets.REGISTRY_USERNAME }} | |
| password: ${{ secrets.REGISTRY_PASSWORD }} | |
| - name: Create Results Directory | |
| run: mkdir -p ${{ github.workspace }}/test/dashboard/logs/${{ github.job }}/${{matrix.container.image}}-${{matrix.container.version}} | |
| - name: Start Promtail | |
| uses: ./.github/actions/start-promtail | |
| with: | |
| loki_url: ${{ secrets.LOKI_DASHBOARD_URL }} | |
| - name: Run Integration Tests | |
| run: | | |
| go install github.com/goreleaser/nfpm/v2/cmd/nfpm@${{ env.NFPM_VERSION }} | |
| CONTAINER_NGINX_IMAGE_REGISTRY="${{ secrets.TEST_REGISTRY_URL }}" \ | |
| TAG="${{ matrix.container.plus }}-${{ matrix.container.image }}-${{ matrix.container.version }}" \ | |
| OS_RELEASE="${{ matrix.container.release }}" OS_VERSION="${{ matrix.container.version }}" IMAGE_PATH="${{ matrix.container.path }}" \ | |
| NGINX_LICENSE_JWT='${{ secrets.TEST_JWT }}' \ | |
| make official-image-integration-test | tee ${{github.workspace}}/test/dashboard/logs/${{github.job}}/${{matrix.container.image}}-${{matrix.container.version}}/raw_logs.log | |
| exit "${PIPESTATUS[0]}" | |
| - name: Format Results | |
| if: always() | |
| run: bash ./scripts/dashboard/format_results.sh ${{job.status}} ${{github.job}}/${{matrix.container.image}}-${{matrix.container.version}} ${{github.workspace}} | |
| oss-metrics-tests: | |
| name: Metrics Integration Tests - Official OSS Images | |
| needs: build-unsigned-snapshot | |
| if: ${{ !github.event.pull_request.head.repo.fork && !startsWith(github.head_ref, 'dependabot-') }} | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| id-token: write | |
| strategy: | |
| matrix: | |
| container: | |
| - image: "bookworm" | |
| version: "stable" | |
| release: "debian" | |
| - image: "bookworm" | |
| version: "mainline" | |
| release: "debian" | |
| - image: "alpine" | |
| version: "stable" | |
| release: "alpine" | |
| - image: "alpine" | |
| version: "mainline" | |
| release: "alpine" | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - name: Get Secrets from Azure Key Vault | |
| uses: ./.github/actions/az-sync | |
| with: | |
| az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }} | |
| az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }} | |
| az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }} | |
| keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }} | |
| secrets-filter: 'artifactory' | |
| - name: Configure Go Proxy | |
| uses: ./.github/actions/configure-goproxy | |
| - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: false | |
| - uses: actions/cache/restore@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go- | |
| - name: Download Packages | |
| uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 | |
| with: | |
| name: nginx-agent-unsigned-snapshots | |
| path: build | |
| - name: Create Results Directory | |
| run: mkdir -p ${{ github.workspace }}/test/dashboard/logs/${{ github.job }}/${{matrix.container.image}}-${{matrix.container.version}} | |
| - name: Start Promtail | |
| uses: ./.github/actions/start-promtail | |
| with: | |
| loki_url: ${{ secrets.LOKI_DASHBOARD_URL }} | |
| - name: Run Integration Tests | |
| run: | | |
| go install github.com/goreleaser/nfpm/v2/cmd/nfpm@${{ env.NFPM_VERSION }} | |
| CONTAINER_NGINX_IMAGE_REGISTRY="docker-registry.nginx.com" \ | |
| TAG="${{ matrix.container.version }}-${{ matrix.container.image }}" \ | |
| OS_RELEASE="${{ matrix.container.release }}" OS_VERSION="${{ matrix.container.version }}" \ | |
| make metrics-test | tee ${{github.workspace}}/test/dashboard/logs/${{github.job}}/${{matrix.container.image}}-${{matrix.container.version}}/raw_logs.log | |
| exit "${PIPESTATUS[0]}" | |
| - name: Format Results | |
| if: always() | |
| run: bash ./scripts/dashboard/format_results.sh ${{job.status}} ${{github.job}}/${{matrix.container.image}}-${{matrix.container.version}} ${{github.workspace}} | |
| plus-metrics-tests: | |
| name: Metrics Integration Tests - Official Plus Images | |
| needs: build-unsigned-snapshot | |
| if: ${{ !github.event.pull_request.head.repo.fork && !startsWith(github.head_ref, 'dependabot-') }} | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| id-token: write | |
| strategy: | |
| matrix: | |
| container: | |
| - image: "alpine" | |
| version: "3.22" | |
| plus: "r35" | |
| release: "alpine" | |
| path: "/nginx-plus/agent" | |
| - image: "alpine" | |
| version: "3.21" | |
| plus: "r34" | |
| release: "alpine" | |
| path: "/nginx-plus/agent" | |
| - image: "debian" | |
| version: "bookworm" | |
| plus: "r35" | |
| release: "debian" | |
| path: "/nginx-plus/agent" | |
| - image: "debian" | |
| version: "bookworm" | |
| plus: "r34" | |
| release: "debian" | |
| path: "/nginx-plus/agent" | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - name: Get Secrets from Azure Key Vault | |
| uses: ./.github/actions/az-sync | |
| with: | |
| az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }} | |
| az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }} | |
| az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }} | |
| keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }} | |
| secrets-filter: 'artifactory' | |
| - name: Configure Go Proxy | |
| uses: ./.github/actions/configure-goproxy | |
| - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: false | |
| - uses: actions/cache/restore@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go- | |
| - name: Download Packages | |
| uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 | |
| with: | |
| name: nginx-agent-unsigned-snapshots | |
| path: build | |
| - name: Login to Docker Registry | |
| uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 | |
| with: | |
| registry: ${{ secrets.TEST_REGISTRY_URL }} | |
| username: ${{ secrets.REGISTRY_USERNAME }} | |
| password: ${{ secrets.REGISTRY_PASSWORD }} | |
| - name: Create Results Directory | |
| run: mkdir -p ${{ github.workspace }}/test/dashboard/logs/${{ github.job }}/${{matrix.container.image}}-${{matrix.container.version}} | |
| - name: Start Promtail | |
| uses: ./.github/actions/start-promtail | |
| with: | |
| loki_url: ${{ secrets.LOKI_DASHBOARD_URL }} | |
| - name: Run Integration Tests | |
| run: | | |
| go install github.com/goreleaser/nfpm/v2/cmd/nfpm@${{ env.NFPM_VERSION }} | |
| CONTAINER_NGINX_IMAGE_REGISTRY="${{ secrets.TEST_REGISTRY_URL }}" \ | |
| TAG="${{ matrix.container.plus }}-${{ matrix.container.image }}-${{ matrix.container.version }}" \ | |
| OS_RELEASE="${{ matrix.container.release }}" OS_VERSION="${{ matrix.container.version }}" IMAGE_PATH="${{ matrix.container.path }}" \ | |
| NGINX_LICENSE_JWT="${{ secrets.TEST_JWT }}" \ | |
| make metrics-test | tee ${{github.workspace}}/test/dashboard/logs/${{github.job}}/${{matrix.container.image}}-${{matrix.container.version}}/raw_logs.log | |
| exit "${PIPESTATUS[0]}" | |
| - name: Format Results | |
| if: always() | |
| run: bash ./scripts/dashboard/format_results.sh ${{job.status}} ${{github.job}}/${{matrix.container.image}}-${{matrix.container.version}} ${{github.workspace}} | |
| performance-tests: | |
| name: Performance Tests | |
| runs-on: ubuntu-22.04 | |
| needs: build-unsigned-snapshot | |
| permissions: | |
| id-token: write | |
| contents: write | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - name: Get Secrets from Azure Key Vault | |
| uses: ./.github/actions/az-sync | |
| with: | |
| az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }} | |
| az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }} | |
| az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }} | |
| keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }} | |
| secrets-filter: 'artifactory' | |
| - name: Configure Go Proxy | |
| uses: ./.github/actions/configure-goproxy | |
| - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: false | |
| - uses: actions/cache/restore@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go- | |
| - name: Run Performance Tests | |
| run: | | |
| make performance-test | |
| - name: Store benchmark result | |
| uses: benchmark-action/github-action-benchmark@4bdcce38c94cec68da58d012ac24b7b1155efe8b # v1.20.7 | |
| with: | |
| name: Compare Benchmark Results | |
| tool: 'go' | |
| output-file-path: ./build/test/benchmark.txt | |
| benchmark-data-dir-path: "" | |
| # Set auto-push to false since GitHub API token is not given | |
| auto-push: false | |
| alert-threshold: '150%' | |
| gh-pages-branch: "benchmark-results" | |
| fail-on-alert: true | |
| - name: Push benchmark result | |
| if: ${{ success() && github.ref_name == 'main'}} | |
| run: git push 'https://github-actions:${{ secrets.GITHUB_TOKEN }}@github.com/nginx/agent.git' benchmark-results:benchmark-results | |
| load-tests: | |
| name: Load Tests | |
| if: ${{ !github.event.pull_request.head.repo.fork && !startsWith(github.head_ref, 'dependabot-') }} | |
| permissions: | |
| id-token: write | |
| contents: write | |
| runs-on: ubuntu-22.04 | |
| needs: build-unsigned-snapshot | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: false | |
| - uses: actions/cache/restore@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go- | |
| - name: Download Packages | |
| uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 | |
| with: | |
| name: nginx-agent-unsigned-snapshots | |
| path: build | |
| - name: Set up Docker Build | |
| uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 | |
| - name: Set env | |
| run: echo "GO_VERSION=$(cat go.mod | grep toolchain | sed 's/toolchain //; s/go//')" >> $GITHUB_ENV | |
| - name: Get Secrets from Azure Key Vault | |
| uses: ./.github/actions/az-sync | |
| with: | |
| az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }} | |
| az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }} | |
| az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }} | |
| keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }} | |
| secrets-filter: 'nginx-crt,nginx-key' | |
| - name: Build Docker Image | |
| uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 | |
| env: | |
| GO_VERSION: ${{ env.GO_VERSION }} | |
| with: | |
| file: test/docker/load/Dockerfile | |
| tags: nginx-agent-load-test:1.0.0 | |
| context: '.' | |
| push: false | |
| load: true | |
| no-cache: true | |
| secrets: | | |
| "nginx-crt=${{ secrets.NGINX_CRT }}" | |
| "nginx-key=${{ secrets.NGINX_KEY }}" | |
| build-args: | | |
| OSARCH=amd64 | |
| GO_VERSION=${{ env.GO_VERSION }} | |
| - name: Run Load Tests | |
| run: | | |
| results=$(docker run --rm nginx-agent-load-test:1.0.0) | |
| echo "$results" > benchmarks.json | |
| echo "$results" | |
| - name: Upload Load Test Results | |
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 | |
| with: | |
| name: load-test-results | |
| path: benchmarks.json | |
| if-no-files-found: error | |
| - name: Store benchmark result | |
| uses: benchmark-action/github-action-benchmark@4bdcce38c94cec68da58d012ac24b7b1155efe8b # v1.20.7 | |
| with: | |
| name: Compare Benchmark Results | |
| tool: 'customSmallerIsBetter' | |
| output-file-path: benchmarks.json | |
| benchmark-data-dir-path: "" | |
| # Set auto-push to false since GitHub API token is not given | |
| auto-push: false | |
| alert-threshold: '150%' | |
| gh-pages-branch: "benchmark-results" | |
| fail-on-alert: true | |
| - name: Push load test result | |
| if: ${{ success() && github.ref_name == 'main' }} | |
| run: git push 'https://github-actions:${{ secrets.GITHUB_TOKEN }}@github.com/nginx/agent.git' benchmark-results:benchmark-results |