Clean up workflow permissions (#1489) #6620
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - 'main' | |
| - 'release-*' | |
| paths-ignore: | |
| - "**.md" | |
| - "docs/**" | |
| - "hugo/**" | |
| pull_request: | |
| types: | |
| - opened | |
| - reopened | |
| - synchronize | |
| permissions: | |
| contents: read | |
| env: | |
| NFPM_VERSION: 'v2.35.3' | |
| GOPROXY: "direct" | |
| jobs: | |
| cache-dependencies: | |
| name: Cache Dependencies | |
| runs-on: ubuntu-22.04 | |
| if: github.ref == 'refs/heads/main' | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| fetch-tags: 'true' | |
| - name: Configure Go Proxy | |
| uses: ./.github/actions/configure-goproxy | |
| with: | |
| user: ${{ secrets.ARTIFACTORY_USER }} | |
| token: ${{ secrets.ARTIFACTORY_TOKEN }} | |
| url: ${{ secrets.ARTIFACTORY_URL_DEV }} | |
| - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: false | |
| - name: Download Go modules | |
| run: go mod download | |
| - name: Setup Build Environment | |
| run: go install github.com/goreleaser/nfpm/v2/cmd/nfpm@${{ env.NFPM_VERSION }} | |
| - name: Fix golang dependency permissions | |
| run: chmod -R 0755 ~/go/pkg/mod ~/.cache/go-build | |
| - uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go- | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - name: Configure Go Proxy | |
| uses: ./.github/actions/configure-goproxy | |
| with: | |
| user: ${{ secrets.ARTIFACTORY_USER }} | |
| token: ${{ secrets.ARTIFACTORY_TOKEN }} | |
| url: ${{ secrets.ARTIFACTORY_URL_DEV }} | |
| - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: false | |
| - uses: actions/cache/restore@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go- | |
| - name: Lint Go | |
| uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9.2.0 | |
| with: | |
| version: v2.4.0 | |
| skip-cache: true | |
| vulnerability-scan: | |
| name: Vulnerability Scan | |
| uses: ./.github/workflows/vulncheck.yml | |
| permissions: | |
| contents: read | |
| security-events: write # for reporting vulnerabilities via code-scanning API | |
| with: | |
| target-branch: ${{ github.event.pull_request.base.ref || github.ref_name }} | |
| unit-test: | |
| name: Unit Tests | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - name: Configure Go Proxy | |
| uses: ./.github/actions/configure-goproxy | |
| with: | |
| user: ${{ secrets.ARTIFACTORY_USER }} | |
| token: ${{ secrets.ARTIFACTORY_TOKEN }} | |
| url: ${{ secrets.ARTIFACTORY_URL_DEV }} | |
| - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: false | |
| - uses: actions/cache/restore@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go- | |
| - name: Run Unit Tests | |
| run: make unit-test | |
| - name: Uplaod Test Coverage | |
| uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2 | |
| with: | |
| files: ./build/test/coverage.out | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| race-condition-test: | |
| name: Unit tests with race condition detection | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - name: Configure Go Proxy | |
| uses: ./.github/actions/configure-goproxy | |
| with: | |
| user: ${{ secrets.ARTIFACTORY_USER }} | |
| token: ${{ secrets.ARTIFACTORY_TOKEN }} | |
| url: ${{ secrets.ARTIFACTORY_URL_DEV }} | |
| - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: false | |
| - uses: actions/cache/restore@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go- | |
| - name: Run unit tests with race condition detection | |
| run: make race-condition-test | |
| build-unsigned-snapshot: | |
| name: Build Unsigned Snapshot | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| fetch-tags: 'true' | |
| - name: Configure Go Proxy | |
| uses: ./.github/actions/configure-goproxy | |
| with: | |
| user: ${{ secrets.ARTIFACTORY_USER }} | |
| token: ${{ secrets.ARTIFACTORY_TOKEN }} | |
| url: ${{ secrets.ARTIFACTORY_URL_DEV }} | |
| - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: false | |
| - name: Download Go modules | |
| run: go mod download | |
| - name: Setup Build Environment | |
| run: go install github.com/goreleaser/nfpm/v2/cmd/nfpm@${{ env.NFPM_VERSION }} | |
| - name: Fix golang dependency permissions | |
| run: chmod -R 0755 ~/go/pkg/mod ~/.cache/go-build | |
| - uses: actions/cache/restore@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go- | |
| - name: Build Packages | |
| run: | | |
| make clean local-deb-package local-rpm-package local-apk-package | |
| - name: Upload Artifacts | |
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 | |
| with: | |
| name: nginx-agent-unsigned-snapshots | |
| path: build | |
| retention-days: 1 | |
| integration-tests: | |
| name: Integration Tests | |
| needs: build-unsigned-snapshot | |
| runs-on: ubuntu-22.04 | |
| strategy: | |
| matrix: | |
| container: | |
| - image: "ubuntu" | |
| version: "24.04" | |
| - image: "redhatenterprise" | |
| version: "9" | |
| - image: "alpine" | |
| version: "3.23" | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - name: Configure Go Proxy | |
| uses: ./.github/actions/configure-goproxy | |
| with: | |
| user: ${{ secrets.ARTIFACTORY_USER }} | |
| token: ${{ secrets.ARTIFACTORY_TOKEN }} | |
| url: ${{ secrets.ARTIFACTORY_URL_DEV }} | |
| - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: false | |
| - uses: actions/cache/restore@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go- | |
| - name: Download Packages | |
| uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 | |
| with: | |
| name: nginx-agent-unsigned-snapshots | |
| path: build | |
| - name: Create Results Directory | |
| run: mkdir -p ${{ github.workspace }}/test/dashboard/logs/${{ github.job }}/${{matrix.container.image}}-${{matrix.container.version}} | |
| - name: Start Promtail | |
| uses: ./.github/actions/start-promtail | |
| with: | |
| loki_url: ${{ secrets.LOKI_DASHBOARD_URL }} | |
| - name: Run Integration Tests | |
| run: | | |
| go install github.com/goreleaser/nfpm/v2/cmd/nfpm@${{ env.NFPM_VERSION }} | |
| OS_RELEASE="${{ matrix.container.image }}" OS_VERSION="${{ matrix.container.version }}" \ | |
| make integration-test | tee ${{github.workspace}}/test/dashboard/logs/${{github.job}}/${{matrix.container.image}}-${{matrix.container.version}}/raw_logs.log | |
| exit "${PIPESTATUS[0]}" | |
| - name: Format Results | |
| if: always() | |
| run: bash ./scripts/dashboard/format_results.sh ${{job.status}} ${{github.job}}/${{matrix.container.image}}-${{matrix.container.version}} ${{github.workspace}} | |
| upgrade-tests: | |
| name: Upgrade Tests | |
| needs: build-unsigned-snapshot | |
| runs-on: ubuntu-22.04 | |
| strategy: | |
| matrix: | |
| container: | |
| - image: "ubuntu" | |
| version: "24.04" | |
| - image: "redhatenterprise" | |
| version: "9" | |
| - image: "alpine" | |
| version: "3.22" | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - name: Configure Go Proxy | |
| uses: ./.github/actions/configure-goproxy | |
| with: | |
| user: ${{ secrets.ARTIFACTORY_USER }} | |
| token: ${{ secrets.ARTIFACTORY_TOKEN }} | |
| url: ${{ secrets.ARTIFACTORY_URL_DEV }} | |
| - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: false | |
| - uses: actions/cache/restore@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go- | |
| - name: Download Packages | |
| uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 | |
| with: | |
| name: nginx-agent-unsigned-snapshots | |
| path: build | |
| - name: Create Results Directory | |
| run: mkdir -p ${{ github.workspace }}/test/dashboard/logs/${{ github.job }}/${{matrix.container.image}}-${{matrix.container.version}} | |
| - name: Start Promtail | |
| uses: ./.github/actions/start-promtail | |
| with: | |
| loki_url: ${{ secrets.LOKI_DASHBOARD_URL }} | |
| - name: Run Upgrade Tests | |
| run: | | |
| go install github.com/goreleaser/nfpm/v2/cmd/nfpm@${{ env.NFPM_VERSION }} | |
| OS_RELEASE="${{ matrix.container.image }}" OS_VERSION="${{ matrix.container.version }}" \ | |
| make upgrade-test | tee ${{github.workspace}}/test/dashboard/logs/${{github.job}}/${{matrix.container.image}}-${{matrix.container.version}}/raw_logs.log | |
| exit "${PIPESTATUS[0]}" | |
| - name: Format Results | |
| if: always() | |
| run: bash ./scripts/dashboard/format_results.sh ${{job.status}} ${{github.job}}/${{matrix.container.image}}-${{matrix.container.version}} ${{github.workspace}} | |
| official-oss-image-integration-tests: | |
| name: Integration Tests - Official OSS Images | |
| needs: build-unsigned-snapshot | |
| if: ${{ !github.event.pull_request.head.repo.fork && !startsWith(github.head_ref, 'dependabot-') }} | |
| runs-on: ubuntu-22.04 | |
| strategy: | |
| matrix: | |
| container: | |
| - image: "bookworm" | |
| version: "stable" | |
| release: "debian" | |
| - image: "bookworm" | |
| version: "mainline" | |
| release: "debian" | |
| - image: "alpine" | |
| version: "stable" | |
| release: "alpine" | |
| - image: "alpine" | |
| version: "mainline" | |
| release: "alpine" | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - name: Configure Go Proxy | |
| uses: ./.github/actions/configure-goproxy | |
| with: | |
| user: ${{ secrets.ARTIFACTORY_USER }} | |
| token: ${{ secrets.ARTIFACTORY_TOKEN }} | |
| url: ${{ secrets.ARTIFACTORY_URL_DEV }} | |
| - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: false | |
| - uses: actions/cache/restore@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go- | |
| - name: Download Packages | |
| uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 | |
| with: | |
| name: nginx-agent-unsigned-snapshots | |
| path: build | |
| - name: Create Results Directory | |
| run: mkdir -p ${{ github.workspace }}/test/dashboard/logs/${{ github.job }}/${{matrix.container.image}}-${{matrix.container.version}} | |
| - name: Start Promtail | |
| uses: ./.github/actions/start-promtail | |
| with: | |
| loki_url: ${{ secrets.LOKI_DASHBOARD_URL }} | |
| - name: Run Integration Tests | |
| run: | | |
| go install github.com/goreleaser/nfpm/v2/cmd/nfpm@${{ env.NFPM_VERSION }} | |
| CONTAINER_NGINX_IMAGE_REGISTRY="docker-registry.nginx.com" \ | |
| TAG="${{ matrix.container.version }}-${{ matrix.container.image }}" \ | |
| OS_RELEASE="${{ matrix.container.release }}" OS_VERSION="${{ matrix.container.version }}" \ | |
| make official-image-integration-test | tee ${{github.workspace}}/test/dashboard/logs/${{github.job}}/${{matrix.container.image}}-${{matrix.container.version}}/raw_logs.log | |
| exit "${PIPESTATUS[0]}" | |
| - name: Format Results | |
| if: always() | |
| run: bash ./scripts/dashboard/format_results.sh ${{job.status}} ${{github.job}}/${{matrix.container.image}}-${{matrix.container.version}} ${{github.workspace}} | |
| official-plus-image-integration-tests: | |
| name: Integration Tests - Official Plus Images | |
| needs: build-unsigned-snapshot | |
| if: ${{ !github.event.pull_request.head.repo.fork && !startsWith(github.head_ref, 'dependabot-') }} | |
| runs-on: ubuntu-22.04 | |
| strategy: | |
| matrix: | |
| container: | |
| - image: "alpine" | |
| version: "3.22" | |
| plus: "r35" | |
| release: "alpine" | |
| path: "/nginx-plus/agent" | |
| - image: "alpine" | |
| version: "3.21" | |
| plus: "r34" | |
| release: "alpine" | |
| path: "/nginx-plus/agent" | |
| - image: "debian" | |
| version: "bookworm" | |
| plus: "r35" | |
| release: "debian" | |
| path: "/nginx-plus/agent" | |
| - image: "debian" | |
| version: "bookworm" | |
| plus: "r34" | |
| release: "debian" | |
| path: "/nginx-plus/agent" | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - name: Configure Go Proxy | |
| uses: ./.github/actions/configure-goproxy | |
| with: | |
| user: ${{ secrets.ARTIFACTORY_USER }} | |
| token: ${{ secrets.ARTIFACTORY_TOKEN }} | |
| url: ${{ secrets.ARTIFACTORY_URL_DEV }} | |
| - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: false | |
| - uses: actions/cache/restore@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go- | |
| - name: Download Packages | |
| uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 | |
| with: | |
| name: nginx-agent-unsigned-snapshots | |
| path: build | |
| - name: Login to Docker Registry | |
| uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 | |
| with: | |
| registry: ${{ secrets.TEST_REGISTRY_URL }} | |
| username: ${{ secrets.REGISTRY_USERNAME }} | |
| password: ${{ secrets.REGISTRY_PASSWORD }} | |
| - name: Create Results Directory | |
| run: mkdir -p ${{ github.workspace }}/test/dashboard/logs/${{ github.job }}/${{matrix.container.image}}-${{matrix.container.version}} | |
| - name: Start Promtail | |
| uses: ./.github/actions/start-promtail | |
| with: | |
| loki_url: ${{ secrets.LOKI_DASHBOARD_URL }} | |
| - name: Run Integration Tests | |
| run: | | |
| go install github.com/goreleaser/nfpm/v2/cmd/nfpm@${{ env.NFPM_VERSION }} | |
| CONTAINER_NGINX_IMAGE_REGISTRY="${{ secrets.TEST_REGISTRY_URL }}" \ | |
| TAG="${{ matrix.container.plus }}-${{ matrix.container.image }}-${{ matrix.container.version }}" \ | |
| OS_RELEASE="${{ matrix.container.release }}" OS_VERSION="${{ matrix.container.version }}" IMAGE_PATH="${{ matrix.container.path }}" \ | |
| NGINX_LICENSE_JWT='${{ secrets.TEST_JWT }}' \ | |
| make official-image-integration-test | tee ${{github.workspace}}/test/dashboard/logs/${{github.job}}/${{matrix.container.image}}-${{matrix.container.version}}/raw_logs.log | |
| exit "${PIPESTATUS[0]}" | |
| - name: Format Results | |
| if: always() | |
| run: bash ./scripts/dashboard/format_results.sh ${{job.status}} ${{github.job}}/${{matrix.container.image}}-${{matrix.container.version}} ${{github.workspace}} | |
| oss-metrics-tests: | |
| name: Metrics Integration Tests - Official OSS Images | |
| needs: build-unsigned-snapshot | |
| if: ${{ !github.event.pull_request.head.repo.fork && !startsWith(github.head_ref, 'dependabot-') }} | |
| runs-on: ubuntu-22.04 | |
| strategy: | |
| matrix: | |
| container: | |
| - image: "bookworm" | |
| version: "stable" | |
| release: "debian" | |
| - image: "bookworm" | |
| version: "mainline" | |
| release: "debian" | |
| - image: "alpine" | |
| version: "stable" | |
| release: "alpine" | |
| - image: "alpine" | |
| version: "mainline" | |
| release: "alpine" | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - name: Configure Go Proxy | |
| uses: ./.github/actions/configure-goproxy | |
| with: | |
| user: ${{ secrets.ARTIFACTORY_USER }} | |
| token: ${{ secrets.ARTIFACTORY_TOKEN }} | |
| url: ${{ secrets.ARTIFACTORY_URL_DEV }} | |
| - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: false | |
| - uses: actions/cache/restore@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go- | |
| - name: Download Packages | |
| uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 | |
| with: | |
| name: nginx-agent-unsigned-snapshots | |
| path: build | |
| - name: Create Results Directory | |
| run: mkdir -p ${{ github.workspace }}/test/dashboard/logs/${{ github.job }}/${{matrix.container.image}}-${{matrix.container.version}} | |
| - name: Start Promtail | |
| uses: ./.github/actions/start-promtail | |
| with: | |
| loki_url: ${{ secrets.LOKI_DASHBOARD_URL }} | |
| - name: Run Integration Tests | |
| run: | | |
| go install github.com/goreleaser/nfpm/v2/cmd/nfpm@${{ env.NFPM_VERSION }} | |
| CONTAINER_NGINX_IMAGE_REGISTRY="docker-registry.nginx.com" \ | |
| TAG="${{ matrix.container.version }}-${{ matrix.container.image }}" \ | |
| OS_RELEASE="${{ matrix.container.release }}" OS_VERSION="${{ matrix.container.version }}" \ | |
| make metrics-test | tee ${{github.workspace}}/test/dashboard/logs/${{github.job}}/${{matrix.container.image}}-${{matrix.container.version}}/raw_logs.log | |
| exit "${PIPESTATUS[0]}" | |
| - name: Format Results | |
| if: always() | |
| run: bash ./scripts/dashboard/format_results.sh ${{job.status}} ${{github.job}}/${{matrix.container.image}}-${{matrix.container.version}} ${{github.workspace}} | |
| plus-metrics-tests: | |
| name: Metrics Integration Tests - Official Plus Images | |
| needs: build-unsigned-snapshot | |
| if: ${{ !github.event.pull_request.head.repo.fork && !startsWith(github.head_ref, 'dependabot-') }} | |
| runs-on: ubuntu-22.04 | |
| strategy: | |
| matrix: | |
| container: | |
| - image: "alpine" | |
| version: "3.22" | |
| plus: "r35" | |
| release: "alpine" | |
| path: "/nginx-plus/agent" | |
| - image: "alpine" | |
| version: "3.21" | |
| plus: "r34" | |
| release: "alpine" | |
| path: "/nginx-plus/agent" | |
| - image: "debian" | |
| version: "bookworm" | |
| plus: "r35" | |
| release: "debian" | |
| path: "/nginx-plus/agent" | |
| - image: "debian" | |
| version: "bookworm" | |
| plus: "r34" | |
| release: "debian" | |
| path: "/nginx-plus/agent" | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - name: Configure Go Proxy | |
| uses: ./.github/actions/configure-goproxy | |
| with: | |
| user: ${{ secrets.ARTIFACTORY_USER }} | |
| token: ${{ secrets.ARTIFACTORY_TOKEN }} | |
| url: ${{ secrets.ARTIFACTORY_URL_DEV }} | |
| - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: false | |
| - uses: actions/cache/restore@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go- | |
| - name: Download Packages | |
| uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 | |
| with: | |
| name: nginx-agent-unsigned-snapshots | |
| path: build | |
| - name: Login to Docker Registry | |
| uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 | |
| with: | |
| registry: ${{ secrets.TEST_REGISTRY_URL }} | |
| username: ${{ secrets.REGISTRY_USERNAME }} | |
| password: ${{ secrets.REGISTRY_PASSWORD }} | |
| - name: Create Results Directory | |
| run: mkdir -p ${{ github.workspace }}/test/dashboard/logs/${{ github.job }}/${{matrix.container.image}}-${{matrix.container.version}} | |
| - name: Start Promtail | |
| uses: ./.github/actions/start-promtail | |
| with: | |
| loki_url: ${{ secrets.LOKI_DASHBOARD_URL }} | |
| - name: Run Integration Tests | |
| run: | | |
| go install github.com/goreleaser/nfpm/v2/cmd/nfpm@${{ env.NFPM_VERSION }} | |
| CONTAINER_NGINX_IMAGE_REGISTRY="${{ secrets.TEST_REGISTRY_URL }}" \ | |
| TAG="${{ matrix.container.plus }}-${{ matrix.container.image }}-${{ matrix.container.version }}" \ | |
| OS_RELEASE="${{ matrix.container.release }}" OS_VERSION="${{ matrix.container.version }}" IMAGE_PATH="${{ matrix.container.path }}" \ | |
| NGINX_LICENSE_JWT="${{ secrets.TEST_JWT }}" \ | |
| make metrics-test | tee ${{github.workspace}}/test/dashboard/logs/${{github.job}}/${{matrix.container.image}}-${{matrix.container.version}}/raw_logs.log | |
| exit "${PIPESTATUS[0]}" | |
| - name: Format Results | |
| if: always() | |
| run: bash ./scripts/dashboard/format_results.sh ${{job.status}} ${{github.job}}/${{matrix.container.image}}-${{matrix.container.version}} ${{github.workspace}} | |
| performance-tests: | |
| name: Performance Tests | |
| runs-on: ubuntu-22.04 | |
| needs: build-unsigned-snapshot | |
| permissions: | |
| contents: write # Needed for pushing benchmark results to github branch | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - name: Configure Go Proxy | |
| uses: ./.github/actions/configure-goproxy | |
| with: | |
| user: ${{ secrets.ARTIFACTORY_USER }} | |
| token: ${{ secrets.ARTIFACTORY_TOKEN }} | |
| url: ${{ secrets.ARTIFACTORY_URL_DEV }} | |
| - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: false | |
| - uses: actions/cache/restore@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go- | |
| - name: Run Performance Tests | |
| run: | | |
| make performance-test | |
| - name: Store benchmark result | |
| uses: benchmark-action/github-action-benchmark@4bdcce38c94cec68da58d012ac24b7b1155efe8b # v1.20.7 | |
| with: | |
| name: Compare Benchmark Results | |
| tool: 'go' | |
| output-file-path: ./build/test/benchmark.txt | |
| benchmark-data-dir-path: "" | |
| # Set auto-push to false since GitHub API token is not given | |
| auto-push: false | |
| alert-threshold: '150%' | |
| gh-pages-branch: "benchmark-results" | |
| fail-on-alert: true | |
| - name: Push benchmark result | |
| if: ${{ success() && github.ref_name == 'main'}} | |
| run: git push 'https://github-actions:${{ secrets.GITHUB_TOKEN }}@github.com/nginx/agent.git' benchmark-results:benchmark-results | |
| load-tests: | |
| name: Load Tests | |
| if: ${{ !github.event.pull_request.head.repo.fork && !startsWith(github.head_ref, 'dependabot-') }} | |
| permissions: | |
| contents: write # Needed for pushing benchmark results to github branch | |
| runs-on: ubuntu-22.04 | |
| needs: build-unsigned-snapshot | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: false | |
| - uses: actions/cache/restore@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go- | |
| - name: Download Packages | |
| uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 | |
| with: | |
| name: nginx-agent-unsigned-snapshots | |
| path: build | |
| - name: Set up Docker Build | |
| uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 | |
| - name: Set env | |
| run: echo "GO_VERSION=$(cat go.mod | grep toolchain | sed 's/toolchain //; s/go//')" >> $GITHUB_ENV | |
| - name: Build Docker Image | |
| uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 | |
| env: | |
| GO_VERSION: ${{ env.GO_VERSION }} | |
| with: | |
| file: test/docker/load/Dockerfile | |
| tags: nginx-agent-load-test:1.0.0 | |
| context: '.' | |
| push: false | |
| load: true | |
| no-cache: true | |
| secrets: | | |
| "nginx-crt=${{ secrets.NGINX_CRT }}" | |
| "nginx-key=${{ secrets.NGINX_KEY }}" | |
| build-args: | | |
| OSARCH=amd64 | |
| GO_VERSION=${{ env.GO_VERSION }} | |
| - name: Run Load Tests | |
| run: | | |
| results=$(docker run --rm nginx-agent-load-test:1.0.0) | |
| echo "$results" > benchmarks.json | |
| echo "$results" | |
| - name: Upload Load Test Results | |
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 | |
| with: | |
| name: load-test-results | |
| path: benchmarks.json | |
| if-no-files-found: error | |
| - name: Store benchmark result | |
| uses: benchmark-action/github-action-benchmark@4bdcce38c94cec68da58d012ac24b7b1155efe8b # v1.20.7 | |
| with: | |
| name: Compare Benchmark Results | |
| tool: 'customSmallerIsBetter' | |
| output-file-path: benchmarks.json | |
| benchmark-data-dir-path: "" | |
| # Set auto-push to false since GitHub API token is not given | |
| auto-push: false | |
| alert-threshold: '150%' | |
| gh-pages-branch: "benchmark-results" | |
| fail-on-alert: true | |
| - name: Push load test result | |
| if: ${{ success() && github.ref_name == 'main' }} | |
| run: git push 'https://github-actions:${{ secrets.GITHUB_TOKEN }}@github.com/nginx/agent.git' benchmark-results:benchmark-results |