Skip to content

Commit 782b2a0

Browse files
dhurleydhurley
committed
Merge branch 'main' into add-file-log-receiver
2 parents 3c60e4a + e2ad230 commit 782b2a0

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

59 files changed

+2446
-540
lines changed

.github/workflows/assertion.yml

Lines changed: 63 additions & 41 deletions
Original file line numberDiff line numberDiff line change
@@ -1,73 +1,94 @@
1-
21
name: Generate and Sign Assertion Document
32

43
on:
54
workflow_dispatch:
65
inputs:
7-
branch:
6+
packageVersion:
7+
description: 'Agent version'
8+
type: string
9+
required: true
10+
runId:
11+
description: 'Run ID of the workflow that built the artifacts'
12+
type: string
13+
required: true
14+
signAssertion:
15+
description: 'Sign and store the assertion document'
16+
type: boolean
17+
required: false
18+
default: false
19+
workflow_call:
20+
inputs:
21+
packageVersion:
22+
description: 'Agent version'
823
type: string
9-
description: "The branch to run the assertion workflow on"
24+
required: true
25+
runId:
26+
description: 'Run ID of the workflow that built the artifacts'
27+
type: string
28+
required: false
29+
signAssertion:
30+
description: 'Sign and store the assertion document'
31+
type: boolean
1032
required: false
11-
default: main
33+
default: false
34+
secrets:
35+
ARTIFACTORY_USER:
36+
required: true
37+
ARTIFACTORY_TOKEN:
38+
required: true
39+
ARTIFACTORY_URL:
40+
required: true
1241

1342
jobs:
1443
build-assertion-document:
15-
name: Build and Generate Assertion Document
44+
name: Create Assertion Document
1645
runs-on: ubuntu-22.04
1746
if: ${{ !github.event.pull_request.head.repo.fork }}
1847
permissions:
1948
id-token: write
2049
contents: read
2150
env:
22-
GOPROXY: "https://${{ secrets.ARTIFACTORY_USER }}:${{ secrets.ARTIFACTORY_TOKEN }}@azr.artifactory.f5net.com/artifactory/api/go/f5-nginx-go-local-approved-dependency"
23-
outputs:
24-
agent_binary: ${{ steps.check_binary.outputs.agent_binary }}
25-
goversionm: ${{ steps.godeps.outputs.goversionm }}
26-
assertion_document: ${{ steps.assertiondoc.outputs.assertion-document-path }}
51+
GOPROXY: "https://${{ secrets.ARTIFACTORY_USER }}:${{ secrets.ARTIFACTORY_TOKEN }}@${{ secrets.ARTIFACTORY_URL }}"
2752
strategy:
28-
matrix:
29-
osarch: [amd64, arm64]
53+
matrix:
54+
osarch: [amd64, arm64]
3055
steps:
31-
- uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
56+
- name: Checkout Repository
57+
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
3258

3359
- name: Set up Go
34-
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
60+
uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
3561
with:
36-
go-version-file: go.mod
62+
go-version-file: 'go.mod'
3763
cache: false
3864

65+
- name: Download nginx-agent binary artifacts
66+
if: ${{ inputs.runId != '' }}
67+
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # 6.0.0
68+
with:
69+
name: nginx-agent-binaries-${{ inputs.packageVersion }}-${{ matrix.osarch }}
70+
path: binaries
71+
run-id: ${{ inputs.runId }}
72+
github-token: ${{ github.token }}
73+
3974
- name: Gather build dependencies
4075
id: godeps
4176
run: |
42-
if [ -z ${{inputs.branch}} ]; then
43-
echo "No branch input provided, using current branch: $GITHUB_REF_NAME"
44-
else
45-
echo "Checking out branch: ${{inputs.branch}}"
46-
git checkout ${{inputs.branch}}
47-
fi
48-
echo "Current branch: $GITHUB_REF_NAME"
49-
echo "branch_name=$GITHUB_REF_NAME" >> $GITHUB_ENV
50-
GO_VERSION=$(go version | awk '{print $3}' | sed 's/go//')
51-
echo "GO_VERSION=$GO_VERSION" >> $GITHUB_ENV
52-
echo "GO_VERSION=$GO_VERSION"
53-
echo "time_start=$(date +%s)" >> $GITHUB_ENV
54-
OSARCH=${{matrix.osarch}} make build
55-
echo "time_end=$(date +%s)" >> $GITHUB_ENV
56-
echo "Build time: $((time_end - time_start)) seconds"
57-
58-
echo "Getting sha256sum of the built nginx-agent binary..."
59-
echo "agent-digest=$(sha256sum build/nginx-agent | awk '{print $1}')" >> $GITHUB_ENV
60-
77+
ls -la binaries
78+
echo "agent_digest=$(cat binaries/nginx-agent.sha256)" >> $GITHUB_ENV
79+
echo "agent_buildstart=$(cat binaries/nginx-agent.buildstart)" >> $GITHUB_ENV
80+
echo "agent_buildend=$(cat binaries/nginx-agent.buildend)" >> $GITHUB_ENV
81+
6182
echo "Checking dependencies..."
62-
go version -m build/nginx-agent > goversionm_${{ github.run_id }}_${{ github.run_number }}.txt
83+
go version -m binaries/nginx-agent > goversionm_${{ github.run_id }}_${{ github.run_number }}.txt
6384
ls -l goversionm_*.txt
6485
echo "goversionm=$(find -type f -name "goversionm*.txt" | head -n 1)" >> $GITHUB_ENV
6586
6687
- name: Generate Assertion Document
6788
id: assertiondoc
68-
uses: nginxinc/compliance-rules/.github/actions/assertion@83e452166aaf0ad8f07caf91a4f1f903b3dea1e6 # v0.3.0
89+
uses: nginxinc/compliance-rules/.github/actions/assertion@0aab935582c35a00e2c671d8fe25b7fdd72a927b # v0.3.1
6990
with:
70-
artifact-name: nginx-agent_${{ env.branch_name }}_${{ matrix.osarch }}
91+
artifact-name: nginx-agent_${{ inputs.packageVersion }}_${{ matrix.osarch }}
7192
artifact-digest: ${{ env.agent-digest }}
7293
build-type: 'github'
7394
builder-id: 'github.com'
@@ -77,13 +98,14 @@ jobs:
7798
artifactory-api-token: ${{ secrets.ARTIFACTORY_TOKEN }}
7899
artifactory-url: ${{ secrets.ARTIFACTORY_URL }}
79100
artifactory-repo: 'f5-nginx-go-local-approved-dependency'
80-
assertion-doc-file: assertion_nginx-agent_${{env.branch_name}}_${{matrix.osarch}}.json
101+
assertion-doc-file: assertion_nginx-agent_${{ inputs.packageVersion }}_${{ matrix.osarch }}.json
81102
build-content-path: ${{ env.goversionm }}
82-
started-on: '${{ env.time_start }}'
83-
finished-on: '${{ env.time_end }}'
103+
started-on: '${{ env.agent_buildstart }}'
104+
finished-on: '${{ env.agent_buildend }}'
84105

85106
- name: Sign and Store Assertion Document
86107
id: sign
87-
uses: nginxinc/compliance-rules/.github/actions/sign@83e452166aaf0ad8f07caf91a4f1f903b3dea1e6 # v0.3.0
108+
if: ${{ inputs.signAssertion == true }}
109+
uses: nginxinc/compliance-rules/.github/actions/sign@0aab935582c35a00e2c671d8fe25b7fdd72a927b # v0.3.1
88110
with:
89111
assertion-doc: ${{ steps.assertiondoc.outputs.assertion-document-path }}

.github/workflows/ci.yml

Lines changed: 27 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@ jobs:
2828
runs-on: ubuntu-22.04
2929
if: github.ref == 'refs/heads/main'
3030
steps:
31-
- uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
31+
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
3232
with:
3333
fetch-tags: 'true'
3434
- name: Configure Go Proxy
@@ -37,7 +37,7 @@ jobs:
3737
user: ${{ secrets.ARTIFACTORY_USER }}
3838
token: ${{ secrets.ARTIFACTORY_TOKEN }}
3939
url: ${{ secrets.ARTIFACTORY_URL_DEV }}
40-
- uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
40+
- uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
4141
with:
4242
go-version-file: 'go.mod'
4343
cache: false
@@ -60,14 +60,14 @@ jobs:
6060
name: Lint
6161
runs-on: ubuntu-22.04
6262
steps:
63-
- uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
63+
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
6464
- name: Configure Go Proxy
6565
uses: ./.github/actions/configure-goproxy
6666
with:
6767
user: ${{ secrets.ARTIFACTORY_USER }}
6868
token: ${{ secrets.ARTIFACTORY_TOKEN }}
6969
url: ${{ secrets.ARTIFACTORY_URL_DEV }}
70-
- uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
70+
- uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
7171
with:
7272
go-version-file: 'go.mod'
7373
cache: false
@@ -78,7 +78,7 @@ jobs:
7878
~/go/pkg/mod
7979
key: ${{ runner.os }}-go-
8080
- name: Lint Go
81-
uses: golangci/golangci-lint-action@0a35821d5c230e903fcfe077583637dea1b27b47 # v9.0.0
81+
uses: golangci/golangci-lint-action@e7fa5ac41e1cf5b7d48e45e42232ce7ada589601 # v9.1.0
8282
with:
8383
version: v2.4.0
8484

@@ -88,14 +88,14 @@ jobs:
8888
permissions:
8989
contents: write
9090
steps:
91-
- uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
91+
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
9292
- name: Configure Go Proxy
9393
uses: ./.github/actions/configure-goproxy
9494
with:
9595
user: ${{ secrets.ARTIFACTORY_USER }}
9696
token: ${{ secrets.ARTIFACTORY_TOKEN }}
9797
url: ${{ secrets.ARTIFACTORY_URL_DEV }}
98-
- uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
98+
- uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
9999
with:
100100
go-version-file: 'go.mod'
101101
cache: false
@@ -117,14 +117,14 @@ jobs:
117117
name: Unit tests with race condition detection
118118
runs-on: ubuntu-22.04
119119
steps:
120-
- uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
120+
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
121121
- name: Configure Go Proxy
122122
uses: ./.github/actions/configure-goproxy
123123
with:
124124
user: ${{ secrets.ARTIFACTORY_USER }}
125125
token: ${{ secrets.ARTIFACTORY_TOKEN }}
126126
url: ${{ secrets.ARTIFACTORY_URL_DEV }}
127-
- uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
127+
- uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
128128
with:
129129
go-version-file: 'go.mod'
130130
cache: false
@@ -141,7 +141,7 @@ jobs:
141141
name: Build Unsigned Snapshot
142142
runs-on: ubuntu-22.04
143143
steps:
144-
- uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
144+
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
145145
with:
146146
fetch-tags: 'true'
147147
- name: Configure Go Proxy
@@ -150,7 +150,7 @@ jobs:
150150
user: ${{ secrets.ARTIFACTORY_USER }}
151151
token: ${{ secrets.ARTIFACTORY_TOKEN }}
152152
url: ${{ secrets.ARTIFACTORY_URL_DEV }}
153-
- uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
153+
- uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
154154
with:
155155
go-version-file: 'go.mod'
156156
cache: false
@@ -190,14 +190,14 @@ jobs:
190190
- image: "alpine"
191191
version: "3.22"
192192
steps:
193-
- uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
193+
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
194194
- name: Configure Go Proxy
195195
uses: ./.github/actions/configure-goproxy
196196
with:
197197
user: ${{ secrets.ARTIFACTORY_USER }}
198198
token: ${{ secrets.ARTIFACTORY_TOKEN }}
199199
url: ${{ secrets.ARTIFACTORY_URL_DEV }}
200-
- uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
200+
- uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
201201
with:
202202
go-version-file: 'go.mod'
203203
cache: false
@@ -246,14 +246,14 @@ jobs:
246246
- image: "alpine"
247247
version: "3.22"
248248
steps:
249-
- uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
249+
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
250250
- name: Configure Go Proxy
251251
uses: ./.github/actions/configure-goproxy
252252
with:
253253
user: ${{ secrets.ARTIFACTORY_USER }}
254254
token: ${{ secrets.ARTIFACTORY_TOKEN }}
255255
url: ${{ secrets.ARTIFACTORY_URL_DEV }}
256-
- uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
256+
- uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
257257
with:
258258
go-version-file: 'go.mod'
259259
cache: false
@@ -309,14 +309,14 @@ jobs:
309309
version: "mainline"
310310
release: "alpine"
311311
steps:
312-
- uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
312+
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
313313
- name: Configure Go Proxy
314314
uses: ./.github/actions/configure-goproxy
315315
with:
316316
user: ${{ secrets.ARTIFACTORY_USER }}
317317
token: ${{ secrets.ARTIFACTORY_TOKEN }}
318318
url: ${{ secrets.ARTIFACTORY_URL_DEV }}
319-
- uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
319+
- uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
320320
with:
321321
go-version-file: 'go.mod'
322322
cache: false
@@ -382,14 +382,14 @@ jobs:
382382
release: "debian"
383383
path: "/nginx-plus/agent"
384384
steps:
385-
- uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
385+
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
386386
- name: Configure Go Proxy
387387
uses: ./.github/actions/configure-goproxy
388388
with:
389389
user: ${{ secrets.ARTIFACTORY_USER }}
390390
token: ${{ secrets.ARTIFACTORY_TOKEN }}
391391
url: ${{ secrets.ARTIFACTORY_URL_DEV }}
392-
- uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
392+
- uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
393393
with:
394394
go-version-file: 'go.mod'
395395
cache: false
@@ -454,14 +454,14 @@ jobs:
454454
version: "mainline"
455455
release: "alpine"
456456
steps:
457-
- uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
457+
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
458458
- name: Configure Go Proxy
459459
uses: ./.github/actions/configure-goproxy
460460
with:
461461
user: ${{ secrets.ARTIFACTORY_USER }}
462462
token: ${{ secrets.ARTIFACTORY_TOKEN }}
463463
url: ${{ secrets.ARTIFACTORY_URL_DEV }}
464-
- uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
464+
- uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
465465
with:
466466
go-version-file: 'go.mod'
467467
cache: false
@@ -527,14 +527,14 @@ jobs:
527527
release: "debian"
528528
path: "/nginx-plus/agent"
529529
steps:
530-
- uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
530+
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
531531
- name: Configure Go Proxy
532532
uses: ./.github/actions/configure-goproxy
533533
with:
534534
user: ${{ secrets.ARTIFACTORY_USER }}
535535
token: ${{ secrets.ARTIFACTORY_TOKEN }}
536536
url: ${{ secrets.ARTIFACTORY_URL_DEV }}
537-
- uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
537+
- uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
538538
with:
539539
go-version-file: 'go.mod'
540540
cache: false
@@ -585,14 +585,14 @@ jobs:
585585
permissions:
586586
contents: write
587587
steps:
588-
- uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
588+
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
589589
- name: Configure Go Proxy
590590
uses: ./.github/actions/configure-goproxy
591591
with:
592592
user: ${{ secrets.ARTIFACTORY_USER }}
593593
token: ${{ secrets.ARTIFACTORY_TOKEN }}
594594
url: ${{ secrets.ARTIFACTORY_URL_DEV }}
595-
- uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
595+
- uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
596596
with:
597597
go-version-file: 'go.mod'
598598
cache: false
@@ -629,8 +629,8 @@ jobs:
629629
runs-on: ubuntu-22.04
630630
needs: build-unsigned-snapshot
631631
steps:
632-
- uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
633-
- uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
632+
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
633+
- uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
634634
with:
635635
go-version-file: 'go.mod'
636636
cache: false

.github/workflows/codeql.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@ jobs:
3232
docs_only: ${{ github.event.pull_request && steps.docs.outputs.docs_only == 'true' }}
3333
steps:
3434
- name: Checkout Repository
35-
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
35+
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
3636
with:
3737
fetch-depth: 0
3838

.github/workflows/dependency-review.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -22,9 +22,9 @@ jobs:
2222
pull-requests: write # for actions/dependency-review-action to post comments
2323
steps:
2424
- name: "Checkout Repository"
25-
uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
25+
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
2626

2727
- name: "Dependency Review"
28-
uses: actions/dependency-review-action@40c09b7dc99638e5ddb0bfd91c1673effc064d8a # v4.8.1
28+
uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 # v4.8.2
2929
with:
3030
config-file: "nginxinc/k8s-common/dependency-review-config.yml@main"

0 commit comments

Comments
 (0)