Release #697
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release | |
permissions: write-all | |
# Triggered via GitHub Actions UI | |
on: | |
workflow_dispatch: | |
jobs: | |
test: | |
if: github.ref == 'refs/heads/main' | |
uses: newrelic/newrelic-cli/.github/workflows/test.yml@main | |
secrets: | |
NEW_RELIC_ACCOUNT_ID: ${{ secrets.NEW_RELIC_ACCOUNT_ID }} | |
NEW_RELIC_ADMIN_API_KEY: ${{ secrets.NEW_RELIC_ADMIN_API_KEY }} | |
NEW_RELIC_API_KEY: ${{ secrets.NEW_RELIC_API_KEY }} | |
NEW_RELIC_LICENSE_KEY: ${{ secrets.NEW_RELIC_LICENSE_KEY }} | |
NEW_RELIC_REGION: ${{ secrets.NEW_RELIC_REGION }} | |
release: | |
if: github.ref == 'refs/heads/main' | |
name: Release | |
needs: test | |
runs-on: ubuntu-20.04 | |
env: | |
SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_TOKEN }} | |
steps: | |
- name: Install Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: 1.21.x | |
- name: Add GOBIN to PATH | |
run: echo "$(go env GOPATH)/bin" >> $GITHUB_PATH | |
shell: bash | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
with: | |
# Needed for release notes | |
fetch-depth: 0 | |
token: ${{ secrets.RELEASE_TOKEN }} | |
- name: Install Snapcraft | |
uses: samuelmeuli/action-snapcraft@v2 | |
- name: Install PGP private key | |
shell: bash | |
env: | |
PGP_PRIVATE_KEY: ${{ secrets.PGP_PRIVATE_KEY }} | |
run: echo "$PGP_PRIVATE_KEY" | gpg --batch --import | |
- name: Publish Release | |
shell: bash | |
env: | |
GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }} | |
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} | |
SNAPCRAFT_TOKEN: ${{ secrets.SNAPCRAFT_TOKEN }} | |
SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_TOKEN }} | |
run: | | |
git config --global user.name ${{ secrets.NEW_RELIC_GITHUB_SERVICE_ACCOUNT_USERNAME }} | |
git config --global user.email ${{ secrets.NEW_RELIC_GITHUB_SERVICE_ACCOUNT_EMAIL }} | |
# removes git's file permission changes tracking as goreleaser's before hook uses 'chmod' for win_metadat*.sh | |
git config core.fileMode false | |
mkdir -p $HOME/.cache/snapcraft/download | |
mkdir -p $HOME/.cache/snapcraft/stage-packages | |
make snapshot | |
./scripts/release.sh | |
chmod +x scripts/win_metadata.sh scripts/win_metadata_files_remove.sh | |
# creates the `versioninfo.json` file with version info for the Windows binary | |
./scripts/win_metadata.sh | |
go install github.com/josephspurrier/goversioninfo/cmd/goversioninfo@latest | |
# Invokes 'goversioninfo' and uses the 'goversion directive' inside 'main.go' to create 'resource_windows.syso' | |
# that 'goreleaser' will need in its build step | |
go generate cmd/newrelic/main.go | |
make release-publish | |
./scripts/win_metadata_files_remove.sh | |
# Note the uploaded binary is downloaded and used in the release-windows-installer job | |
- name: Upload Windows binary to GitHub | |
uses: actions/upload-artifact@v3 | |
with: | |
name: windows-binary | |
path: dist/newrelic_windows_amd64_v1/newrelic.exe | |
- name: Sign newrelic.exe | |
shell: bash | |
env: | |
PFX_CONTENT: ${{ secrets.PFX_BASE64_CONTENT }} | |
PFX_PASSWORD: ${{ secrets.PFX_CERT_PASSWORD }} | |
run: | | |
echo "$PFX_CONTENT" | base64 -d > cert.pfx | |
sudo apt-get install osslsigncode -y | |
sudo mv dist/newrelic_windows_amd64_v1/newrelic.exe dist/newrelic_windows_amd64_v1/newrelic-unsigned.exe | |
osslsigncode sign -pkcs12 cert.pfx -pass "$PFX_PASSWORD" -h sha256 -t http://timestamp.digicert.com \ | |
-in dist/newrelic_windows_amd64_v1/newrelic-unsigned.exe -out dist/newrelic_windows_amd64_v1/newrelic.exe | |
rm -f cert.pfx dist/newrelic_windows_amd64_v1/newrelic-unsigned.exe | |
- name: Re-do Windows_x86_64.zip | |
run: | | |
VERSION=$(ls dist/*Windows_x86_64.zip | cut -d_ -f2) | |
rm -f dist/newrelic-cli_${VERSION}_Windows_x86_64.zip | |
zip -q dist/newrelic-cli_${VERSION}_Windows_x86_64.zip dist/newrelic_windows_amd64_v1/newrelic.exe | |
- name: Install AWS CLI | |
run: | | |
sudo apt-get update -y | |
sudo apt-get install awscli -y | |
- name: Write AWS config 1 | |
uses: DamianReeves/[email protected] | |
with: | |
path: /home/runner/.aws/credentials | |
contents: | | |
[virtuoso_user] | |
aws_access_key_id=${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws_secret_access_key=${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
write-mode: overwrite | |
- name: Write AWS config 2 | |
uses: DamianReeves/[email protected] | |
with: | |
path: /home/runner/.aws/config | |
contents: | | |
[profile virtuoso] | |
role_arn = ${{ secrets.AWS_ROLE_ARN }} | |
region = ${{ secrets.AWS_DEFAULT_REGION }} | |
source_profile = virtuoso_user | |
write-mode: overwrite | |
- name: Upload Unix based install script to AWS | |
id: upload-install-script | |
run: | | |
aws s3 cp ./scripts/install.sh s3://nr-downloads-main/install/newrelic-cli/scripts/install.sh --profile virtuoso | |
- name: Get latest tag | |
id: get-latest-tag | |
uses: actions-ecosystem/action-get-latest-tag@v1 | |
- name: Create currentVersion.txt | |
id: create-current-version | |
uses: "finnp/create-file-action@master" | |
env: | |
FILE_NAME: "currentVersion.txt" | |
FILE_DATA: "${{ steps.get-latest-tag.outputs.tag }}" | |
- name: Upload currentVersion.txt | |
id: upload-current-version | |
run: | | |
aws s3 cp currentVersion.txt s3://nr-downloads-main/install/newrelic-cli/currentVersion.txt --profile virtuoso --cache-control no-cache | |
- name: Upload release artifacts to AWS | |
id: upload-release-artifacts | |
run: | | |
aws s3 cp --recursive --exclude "*" --include "newrelic-cli_*.txt" --include "newrelic-cli_*.sig" --include "newrelic-cli_*.zip" --include "newrelic-cli_*.gz" --include "newrelic-cli_*.rpm" --include "newrelic-cli_*.deb" --include "newrelic_*" ./dist s3://nr-downloads-main/install/newrelic-cli/${{ steps.get-latest-tag.outputs.tag }}/ --profile virtuoso | |
- name: Cleanup configs | |
run: | | |
rm -rf /home/runner/.aws/credentials | |
rm -rf /home/runner/.aws/config | |
release-windows-installer: | |
if: github.ref == 'refs/heads/main' | |
needs: release | |
uses: newrelic/newrelic-cli/.github/workflows/release-windows-installer.yml@main | |
secrets: | |
PFX_BASE64_CONTENT: ${{ secrets.PFX_BASE64_CONTENT }} | |
PFX_CERT_PASSWORD: ${{ secrets.PFX_CERT_PASSWORD }} | |
RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }} | |
publish: | |
if: github.ref == 'refs/heads/main' | |
needs: release-windows-installer | |
uses: newrelic/newrelic-cli/.github/workflows/release-publish-windows.yml@main | |
secrets: | |
RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }} | |
DEV_TOOLKIT_TOKEN: ${{ secrets.DEV_TOOLKIT_TOKEN }} | |
CHOCOLATEY_API_KEY: ${{ secrets.CHOCOLATEY_API_KEY }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
AWS_ROLE_ARN: ${{ secrets.AWS_ROLE_ARN }} | |
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} | |
snapshot: | |
if: github.ref == 'refs/heads/main' | |
uses: newrelic/newrelic-cli/.github/workflows/snapshot.yml@main | |
secrets: | |
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} |