-
Notifications
You must be signed in to change notification settings - Fork 74
207 lines (175 loc) · 7.98 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
name: Release
permissions: write-all
# Triggered via GitHub Actions UI
on:
workflow_dispatch:
jobs:
test:
if: github.ref == 'refs/heads/main'
uses: newrelic/newrelic-cli/.github/workflows/test.yml@main
secrets:
NEW_RELIC_ACCOUNT_ID: ${{ secrets.NEW_RELIC_ACCOUNT_ID }}
NEW_RELIC_ADMIN_API_KEY: ${{ secrets.NEW_RELIC_ADMIN_API_KEY }}
NEW_RELIC_API_KEY: ${{ secrets.NEW_RELIC_API_KEY }}
NEW_RELIC_LICENSE_KEY: ${{ secrets.NEW_RELIC_LICENSE_KEY }}
NEW_RELIC_REGION: ${{ secrets.NEW_RELIC_REGION }}
SPLIT_PROD_KEY: ${{ secrets.SPLIT_PROD_KEY }}
SPLIT_STAGING_KEY: ${{ secrets.SPLIT_STAGING_KEY }}
SEGMENT_WRITE_KEY: ${{ secrets.SEGMENT_WRITE_KEY }}
release:
if: github.ref == 'refs/heads/main'
name: Release
needs: test
runs-on: ubuntu-20.04
env:
SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_TOKEN }}
steps:
- name: Install Go
uses: actions/setup-go@v5
with:
go-version: 1.21.x
- name: Add GOBIN to PATH
run: echo "$(go env GOPATH)/bin" >> $GITHUB_PATH
shell: bash
- name: Checkout code
uses: actions/checkout@v3
with:
# Needed for release notes
fetch-depth: 0
token: ${{ secrets.RELEASE_TOKEN }}
- name: Install Snapcraft
uses: samuelmeuli/action-snapcraft@v2
- name: Install PGP private key
shell: bash
env:
PGP_PRIVATE_KEY: ${{ secrets.PGP_PRIVATE_KEY }}
run: echo "$PGP_PRIVATE_KEY" | gpg --batch --import
- name: Publish Release
shell: bash
env:
GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
SNAPCRAFT_TOKEN: ${{ secrets.SNAPCRAFT_TOKEN }}
SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_TOKEN }}
SPLIT_PROD_KEY: ${{ secrets.SPLIT_PROD_KEY }}
SPLIT_STAGING_KEY: ${{ secrets.SPLIT_STAGING_KEY }}
SEGMENT_WRITE_KEY: ${{ secrets.SEGMENT_WRITE_KEY }}
run: |
git config --global user.name ${{ secrets.NEW_RELIC_GITHUB_SERVICE_ACCOUNT_USERNAME }}
git config --global user.email ${{ secrets.NEW_RELIC_GITHUB_SERVICE_ACCOUNT_EMAIL }}
# removes git's file permission changes tracking as goreleaser's before hook uses 'chmod' for win_metadat*.sh
git config core.fileMode false
mkdir -p $HOME/.cache/snapcraft/download
mkdir -p $HOME/.cache/snapcraft/stage-packages
make snapshot
./scripts/release.sh
chmod +x scripts/win_metadata.sh scripts/win_metadata_files_remove.sh
# creates the `versioninfo.json` file with version info for the Windows binary
./scripts/win_metadata.sh
go install github.com/josephspurrier/goversioninfo/cmd/goversioninfo@latest
# Invokes 'goversioninfo' and uses the 'goversion directive' inside 'main.go' to create 'resource_windows.syso'
# that 'goreleaser' will need in its build step
go generate cmd/newrelic/main.go
make release-publish
./scripts/win_metadata_files_remove.sh
# Note the uploaded binary is downloaded and used in the release-windows-installer job
- name: Upload Windows binary to GitHub
uses: actions/upload-artifact@v3
with:
name: windows-binary
path: dist/newrelic_windows_amd64_v1/newrelic.exe
- name: Sign newrelic.exe
shell: bash
env:
PFX_CONTENT: ${{ secrets.PFX_BASE64_CONTENT }}
PFX_PASSWORD: ${{ secrets.PFX_CERT_PASSWORD }}
run: |
echo "$PFX_CONTENT" | base64 -d > cert.pfx
sudo apt-get install osslsigncode -y
sudo mv dist/newrelic_windows_amd64_v1/newrelic.exe dist/newrelic_windows_amd64_v1/newrelic-unsigned.exe
osslsigncode sign -pkcs12 cert.pfx -pass "$PFX_PASSWORD" -h sha256 -t http://timestamp.digicert.com \
-in dist/newrelic_windows_amd64_v1/newrelic-unsigned.exe -out dist/newrelic_windows_amd64_v1/newrelic.exe
rm -f cert.pfx dist/newrelic_windows_amd64_v1/newrelic-unsigned.exe
- name: Re-do Windows_x86_64.zip
run: |
VERSION=$(ls dist/*Windows_x86_64.zip | cut -d_ -f2)
rm -f dist/newrelic-cli_${VERSION}_Windows_x86_64.zip
zip -q dist/newrelic-cli_${VERSION}_Windows_x86_64.zip dist/newrelic_windows_amd64_v1/newrelic.exe
- name: Install AWS CLI
run: |
sudo apt-get update -y
sudo apt-get install awscli -y
- name: Write AWS config 1
uses: DamianReeves/[email protected]
with:
path: /home/runner/.aws/credentials
contents: |
[virtuoso_user]
aws_access_key_id=${{ secrets.AWS_ACCESS_KEY_ID }}
aws_secret_access_key=${{ secrets.AWS_SECRET_ACCESS_KEY }}
write-mode: overwrite
- name: Write AWS config 2
uses: DamianReeves/[email protected]
with:
path: /home/runner/.aws/config
contents: |
[profile virtuoso]
role_arn = ${{ secrets.AWS_ROLE_ARN }}
region = ${{ secrets.AWS_DEFAULT_REGION }}
source_profile = virtuoso_user
write-mode: overwrite
- name: Upload Unix based install script to AWS
id: upload-install-script
run: |
aws s3 cp ./scripts/install.sh s3://nr-downloads-main/install/newrelic-cli/scripts/install.sh --profile virtuoso
- name: Get latest tag
id: get-latest-tag
uses: actions-ecosystem/action-get-latest-tag@v1
- name: Create currentVersion.txt
id: create-current-version
uses: "finnp/create-file-action@master"
env:
FILE_NAME: "currentVersion.txt"
FILE_DATA: "${{ steps.get-latest-tag.outputs.tag }}"
- name: Upload currentVersion.txt
id: upload-current-version
run: |
aws s3 cp currentVersion.txt s3://nr-downloads-main/install/newrelic-cli/currentVersion.txt --profile virtuoso --cache-control no-cache
- name: Upload release artifacts to AWS
id: upload-release-artifacts
run: |
aws s3 cp --recursive --exclude "*" --include "newrelic-cli_*.txt" --include "newrelic-cli_*.sig" --include "newrelic-cli_*.zip" --include "newrelic-cli_*.gz" --include "newrelic-cli_*.rpm" --include "newrelic-cli_*.deb" --include "newrelic_*" ./dist s3://nr-downloads-main/install/newrelic-cli/${{ steps.get-latest-tag.outputs.tag }}/ --profile virtuoso
- name: Cleanup configs
run: |
rm -rf /home/runner/.aws/credentials
rm -rf /home/runner/.aws/config
release-windows-installer:
if: github.ref == 'refs/heads/main'
needs: release
uses: newrelic/newrelic-cli/.github/workflows/release-windows-installer.yml@main
secrets:
PFX_BASE64_CONTENT: ${{ secrets.PFX_BASE64_CONTENT }}
PFX_CERT_PASSWORD: ${{ secrets.PFX_CERT_PASSWORD }}
RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }}
publish:
if: github.ref == 'refs/heads/main'
needs: release-windows-installer
uses: newrelic/newrelic-cli/.github/workflows/release-publish-windows.yml@main
secrets:
RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }}
DEV_TOOLKIT_TOKEN: ${{ secrets.DEV_TOOLKIT_TOKEN }}
CHOCOLATEY_API_KEY: ${{ secrets.CHOCOLATEY_API_KEY }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_ROLE_ARN: ${{ secrets.AWS_ROLE_ARN }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
snapshot:
if: github.ref == 'refs/heads/main'
uses: newrelic/newrelic-cli/.github/workflows/snapshot.yml@main
secrets:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
SPLIT_PROD_KEY: ${{ secrets.SPLIT_PROD_KEY }}
SPLIT_STAGING_KEY: ${{ secrets.SPLIT_STAGING_KEY }}
SEGMENT_WRITE_KEY: ${{ secrets.SEGMENT_WRITE_KEY }}