v1.11.1 #3
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Create prerelease artifacts | |
| on: | |
| release: | |
| types: | |
| - prereleased | |
| tags: | |
| - 'v*' | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| INTEGRATION: "redis" | |
| ORIGINAL_REPO_NAME: 'newrelic/nri-redis' | |
| REPO_FULL_NAME: ${{ github.event.repository.full_name }} | |
| TAG: ${{ github.event.release.tag_name }} | |
| jobs: | |
| snyk: | |
| name: Run security checks via snyk | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.OHAI_DOCKER_HUB_ID }} | |
| password: ${{ secrets.OHAI_DOCKER_HUB_PASSWORD }} | |
| - name: Scan code for vulnerabilities | |
| env: | |
| SNYK_TOKEN: ${{ secrets.COREINT_SNYK_TOKEN }} | |
| run: make ci/snyk-test | |
| test-nix: | |
| name: Run unit tests on *Nix | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.OHAI_DOCKER_HUB_ID }} | |
| password: ${{ secrets.OHAI_DOCKER_HUB_PASSWORD }} | |
| - name: Unit tests | |
| run: make ci/test | |
| test-windows: | |
| name: Run unit tests on Windows | |
| runs-on: windows-2019 | |
| env: | |
| GOPATH: ${{ github.workspace }} | |
| defaults: | |
| run: | |
| working-directory: src/github.com/${{env.ORIGINAL_REPO_NAME}} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| path: src/github.com/${{env.ORIGINAL_REPO_NAME}} | |
| - name: Install Go | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version-file: "src/github.com/${{ env.ORIGINAL_REPO_NAME }}/go.mod" | |
| - name: Running unit tests | |
| shell: pwsh | |
| run: | | |
| .\build\windows\unit_tests.ps1 | |
| # can't run this step inside of container because of tests specific | |
| test-integration-nix: | |
| name: Run integration tests on *Nix | |
| runs-on: ubuntu-20.04 | |
| defaults: | |
| run: | |
| working-directory: src/github.com/${{env.ORIGINAL_REPO_NAME}} | |
| steps: | |
| - name: Check out code | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 1 | |
| path: src/github.com/${{env.ORIGINAL_REPO_NAME}} | |
| - name: Install Go | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version-file: "src/github.com/${{ env.ORIGINAL_REPO_NAME }}/go.mod" | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.OHAI_DOCKER_HUB_ID }} | |
| password: ${{ secrets.OHAI_DOCKER_HUB_PASSWORD }} | |
| - name: Integration test | |
| env: | |
| GOPATH: ${{ github.workspace }} | |
| run: make integration-test | |
| prerelease: | |
| name: Build binary for *Nix/Win, create archives for *Nix/Win, create packages for *Nix, upload all artifacts into GH Release assets | |
| runs-on: ubuntu-20.04 | |
| needs: [test-nix, test-windows, snyk, test-integration-nix] | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.OHAI_DOCKER_HUB_ID }} | |
| password: ${{ secrets.OHAI_DOCKER_HUB_PASSWORD }} | |
| - name: Pre release | |
| run: make ci/prerelease | |
| env: | |
| GPG_MAIL: '[email protected]' | |
| GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} | |
| GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded | |
| - name: Test package installability | |
| uses: newrelic/integrations-pkg-test-action/linux@v1 | |
| with: | |
| tag: ${{ env.TAG }} | |
| integration: nri-${{ env.INTEGRATION }} | |
| package-win: | |
| name: Create MSI & Upload into GH Release assets | |
| runs-on: windows-2019 | |
| needs: [prerelease] | |
| env: | |
| GOPATH: ${{ github.workspace }} | |
| PFX_CERTIFICATE_BASE64: ${{ secrets.OHAI_PFX_CERTIFICATE_BASE64 }} # base64 encoded | |
| PFX_CERTIFICATE_DESCRIPTION: 'New Relic' | |
| PFX_PASSPHRASE: ${{ secrets.OHAI_PFX_PASSPHRASE }} | |
| defaults: | |
| run: | |
| working-directory: src/github.com/${{env.ORIGINAL_REPO_NAME}} | |
| strategy: | |
| matrix: | |
| goarch: [amd64,386] | |
| test-upgrade: [true,false] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| path: src/github.com/${{env.ORIGINAL_REPO_NAME}} | |
| - name: Get PFX certificate from GH secrets | |
| shell: bash | |
| run: printf "%s" "$PFX_CERTIFICATE_BASE64" | base64 -d - > wincert.pfx | |
| - name: Download zip from GH Release assets and extract .exe | |
| shell: pwsh | |
| run: | | |
| build\windows\download_zip_extract_exe.ps1 "$env:INTEGRATION" ${{ matrix.goarch }} "$env:TAG" "$env:REPO_FULL_NAME" | |
| - name: Create MSI | |
| shell: pwsh | |
| run: | | |
| build\windows\package_msi.ps1 -integration "$env:INTEGRATION" -arch ${{ matrix.goarch }} -tag "$env:TAG" -pfx_passphrase "$env:PFX_PASSPHRASE" -pfx_certificate_description "$env:PFX_CERTIFICATE_DESCRIPTION" | |
| - name: Test win packages installation | |
| uses: newrelic/integrations-pkg-test-action/windows@v1 | |
| with: | |
| tag: ${{ env.TAG }} | |
| integration: nri-${{ env.INTEGRATION }} | |
| arch: ${{ matrix.goarch }} | |
| upgrade: ${{ matrix.test-upgrade }} | |
| - name: Upload MSI to GH | |
| if: startsWith(matrix.test-upgrade, 'false') | |
| shell: bash | |
| run: | | |
| build/windows/upload_msi.sh ${INTEGRATION} ${{ matrix.goarch }} ${TAG} | |
| publish-to-s3: | |
| name: Send release assets to S3 | |
| runs-on: ubuntu-20.04 | |
| needs: [package-win] | |
| steps: | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.OHAI_DOCKER_HUB_ID }} | |
| password: ${{ secrets.OHAI_DOCKER_HUB_PASSWORD }} | |
| - name: Publish to S3 action | |
| uses: newrelic/infrastructure-publish-action@v1 | |
| env: | |
| AWS_S3_BUCKET_NAME: "nr-downloads-ohai-staging" | |
| AWS_S3_LOCK_BUCKET_NAME: "onhost-ci-lock-staging" | |
| with: | |
| disable_lock: false | |
| run_id: ${{ github.run_id }} | |
| tag: ${{env.TAG}} | |
| app_name: "nri-${{env.INTEGRATION}}" | |
| repo_name: ${{ env.ORIGINAL_REPO_NAME }} | |
| access_point_host: "staging" | |
| # 'ohi' is for integrations | |
| schema: "ohi" | |
| aws_region: "us-east-1" | |
| aws_role_arn: ${{ secrets.OHAI_AWS_ROLE_ARN_STAGING }} | |
| aws_role_session_name: ${{ secrets.OHAI_AWS_ROLE_SESSION_NAME_STAGING }} | |
| aws_access_key_id: ${{ secrets.OHAI_AWS_ACCESS_KEY_ID_STAGING }} | |
| aws_secret_access_key: ${{ secrets.OHAI_AWS_SECRET_ACCESS_KEY_STAGING }} | |
| aws_s3_bucket_name: ${{ env.AWS_S3_BUCKET_NAME }} | |
| # used for locking in case of concurrent releases | |
| aws_s3_lock_bucket_name: ${{ env.AWS_S3_LOCK_BUCKET_NAME }} | |
| # used for signing package stuff | |
| gpg_passphrase: ${{ secrets.OHAI_GPG_PASSPHRASE }} | |
| gpg_private_key_base64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} | |
| - name: Test uploaded package installability | |
| uses: newrelic/integrations-pkg-test-action/linux@v1 | |
| with: | |
| tag: ${{ env.TAG }} | |
| integration: nri-${{ env.INTEGRATION }} | |
| packageLocation: repo | |
| stagingRepo: true | |
| upgrade: false | |
| notify-failure: | |
| if: ${{ always() && failure() }} | |
| needs: [snyk, test-nix, test-windows, test-integration-nix, prerelease, package-win, publish-to-s3] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Notify failure via Slack | |
| uses: archive/github-actions-slack@master | |
| with: | |
| slack-bot-user-oauth-access-token: ${{ secrets.COREINT_SLACK_TOKEN }} | |
| slack-channel: ${{ secrets.COREINT_SLACK_CHANNEL }} | |
| slack-text: "❌ `${{ env.ORIGINAL_REPO_NAME }}`: [prerelease pipeline failed](${{ github.server_url }}/${{ env.ORIGINAL_REPO_NAME }}/actions/runs/${{ github.run_id }})." |