Pre-release and Release pipeline #28
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Pre-release and Release pipeline | |
on: | |
release: | |
types: [prereleased, released] | |
tags: | |
- 'v*' | |
env: | |
ORIGINAL_REPO_NAME: ${{ github.event.repository.full_name }} | |
jobs: | |
build: | |
name: Build integration for | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
goos: [ linux ] | |
goarch: [ amd64, arm64, arm ] | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-go@v4 | |
with: | |
go-version-file: 'go.mod' | |
- name: golangci-lint | |
uses: golangci/golangci-lint-action@v3 | |
with: | |
only-new-issues: true | |
- name: Build integration | |
env: | |
GOOS: ${{ matrix.goos }} | |
GOARCH: ${{ matrix.goarch }} | |
run: | | |
make compile | |
- name: Upload artifact for docker build step | |
uses: actions/upload-artifact@v3 | |
with: | |
retention-days: 1 | |
name: k8s-metadata-injection-${{ matrix.goos }}-${{ matrix.goarch }} | |
path: bin/k8s-metadata-injection-${{ matrix.goos }}-${{ matrix.goarch }} | |
docker-integration: | |
name: Release docker | |
needs: [ build ] | |
runs-on: ubuntu-latest | |
env: | |
DOCKER_IMAGE_NAME: newrelic/k8s-metadata-injection | |
DOCKER_PLATFORMS: "linux/amd64,linux/arm64,linux/arm" # Must be consistent with the matrix from the job above | |
steps: | |
- name: Generate docker image version from git tag | |
run: | | |
echo "${{ github.event.release.tag_name }}" | grep -E '^[v]?[0-9.]*[0-9]$' | |
DOCKER_IMAGE_TAG=$(echo "${{ github.event.release.tag_name }}" | sed 's/^v//') | |
echo "DOCKER_IMAGE_TAG=$DOCKER_IMAGE_TAG" >> $GITHUB_ENV | |
- uses: actions/checkout@v3 | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Download all artifacts from build job | |
uses: actions/download-artifact@v3 | |
with: | |
path: bin | |
- uses: docker/login-action@v2 | |
with: | |
username: ${{ secrets.FSI_DOCKERHUB_USERNAME }} | |
password: ${{ secrets.FSI_DOCKERHUB_TOKEN }} | |
- name: Build and load x64 image for security scanning | |
# We need to build a single-arch image again to be able to --load it into the host | |
run: | | |
docker buildx build --load --platform=linux/amd64 \ | |
-t $DOCKER_IMAGE_NAME:ci-scan \ | |
. | |
- name: Run Trivy vulnerability scanner | |
uses: aquasecurity/[email protected] | |
with: | |
image-ref: '${{ env.DOCKER_IMAGE_NAME }}:ci-scan' | |
format: 'table' | |
exit-code: '1' | |
ignore-unfixed: true | |
severity: 'HIGH,CRITICAL' | |
- name: Build and push docker image | |
if: ${{ github.event.release.prerelease }} | |
run: | | |
DOCKER_IMAGE_TAG=${DOCKER_IMAGE_TAG}-pre | |
docker buildx build --push --platform=$DOCKER_PLATFORMS \ | |
-t $DOCKER_IMAGE_NAME:$DOCKER_IMAGE_TAG \ | |
. | |
- name: Push release image | |
if: ${{ ! github.event.release.prerelease }} | |
run: | | |
docker buildx build --push --platform=$DOCKER_PLATFORMS \ | |
-t $DOCKER_IMAGE_NAME:$DOCKER_IMAGE_TAG \ | |
-t $DOCKER_IMAGE_NAME:latest \ | |
. | |
notify-failure: | |
if: ${{ always() && failure() }} | |
needs: [docker-integration] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Notify failure via Slack | |
uses: archive/github-actions-slack@b91c7e2ff3852411ad4fbdad441a8133221ac86e | |
with: | |
slack-bot-user-oauth-access-token: ${{ secrets.K8S_AGENTS_SLACK_TOKEN }} | |
slack-channel: ${{ secrets.K8S_AGENTS_SLACK_CHANNEL }} | |
slack-text: "❌ `${{ env.ORIGINAL_REPO_NAME }}`: <${{ github.server_url }}/${{ env.ORIGINAL_REPO_NAME }}/actions/runs/${{ github.run_id }}|release pipeline failed>." |