Pre-release and Release pipeline #30

Workflow file for this run

.github/workflows/release-integration.yml at 64fcc10

	name: Pre-release and Release pipeline

	on:
	release:
	types: [prereleased, released]
	tags:
	- 'v*'

	env:
	ORIGINAL_REPO_NAME: ${{ github.event.repository.full_name }}
	CHART_DIRECTORY: 'charts/nri-metadata-injection'

	jobs:
	build:
	name: Build integration for
	runs-on: ubuntu-latest
	strategy:
	matrix:
	goos: [ linux ]
	goarch: [ amd64, arm64, arm ]
	steps:
	- uses: actions/checkout@v3
	- uses: actions/setup-go@v4
	with:
	go-version-file: 'go.mod'
	- name: golangci-lint
	uses: golangci/golangci-lint-action@v3
	with:
	only-new-issues: true
	- name: Build integration
	env:
	GOOS: ${{ matrix.goos }}
	GOARCH: ${{ matrix.goarch }}
	run: \|
	make compile
	- name: Upload artifact for docker build step
	uses: actions/upload-artifact@v3
	with:
	retention-days: 1
	name: k8s-metadata-injection-${{ matrix.goos }}-${{ matrix.goarch }}
	path: bin/k8s-metadata-injection-${{ matrix.goos }}-${{ matrix.goarch }}

	docker-integration:
	name: Release docker
	needs: [ build ]
	runs-on: ubuntu-latest
	outputs:
	new-version: ${{ steps.set-new-version.outputs.new-version }}
	env:
	DOCKER_IMAGE_NAME: newrelic/k8s-metadata-injection
	DOCKER_PLATFORMS: "linux/amd64,linux/arm64,linux/arm" # Must be consistent with the matrix from the job above
	steps:
	- name: Generate docker image version from git tag
	id: set-new-version
	run: \|
	echo "${{ github.event.release.tag_name }}" \| grep -E '^[v]?[0-9.]*[0-9]$'
	DOCKER_IMAGE_TAG=$(echo "${{ github.event.release.tag_name }}" \| sed 's/^v//')
	echo "DOCKER_IMAGE_TAG=$DOCKER_IMAGE_TAG" >> $GITHUB_ENV
	echo "new-version=$DOCKER_IMAGE_TAG" >> $GITHUB_OUTPUT
	- uses: actions/checkout@v3
	- name: Set up QEMU
	uses: docker/setup-qemu-action@v2
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v2
	- name: Download all artifacts from build job
	uses: actions/download-artifact@v3
	with:
	path: bin
	- uses: docker/login-action@v2
	with:
	username: ${{ secrets.FSI_DOCKERHUB_USERNAME }}
	password: ${{ secrets.FSI_DOCKERHUB_TOKEN }}
	- name: Build and load x64 image for security scanning
	# We need to build a single-arch image again to be able to --load it into the host
	run: \|
	docker buildx build --load --platform=linux/amd64 \
	-t $DOCKER_IMAGE_NAME:ci-scan \
	.
	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/[email protected]
	with:
	image-ref: '${{ env.DOCKER_IMAGE_NAME }}:ci-scan'
	format: 'table'
	exit-code: '1'
	ignore-unfixed: true
	severity: 'HIGH,CRITICAL'
	- name: Build and push docker image
	if: ${{ github.event.release.prerelease }}
	run: \|
	DOCKER_IMAGE_TAG=${DOCKER_IMAGE_TAG}-pre
	docker buildx build --push --platform=$DOCKER_PLATFORMS \
	-t $DOCKER_IMAGE_NAME:$DOCKER_IMAGE_TAG \
	.
	- name: Push release image
	if: ${{ ! github.event.release.prerelease }}
	run: \|
	docker buildx build --push --platform=$DOCKER_PLATFORMS \
	-t $DOCKER_IMAGE_NAME:$DOCKER_IMAGE_TAG \
	-t $DOCKER_IMAGE_NAME:latest \
	.

	open-pr:
	name: Update version and appVersion and open pr
	needs: [ docker-integration ]
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@v2

	- name: Find new helm chart version
	id: find-version
	run: \|
	echo "TEST_VERSION=${{ needs.docker-integration.outputs.new-version }}" >> $GITHUB_ENV
	echo "new app version is: $TEST_VERSION"

	- name: Current appVersion
	run: \|
	ORIGINAL_APP_VERSION=$(yq eval '.appVersion' ${{ env.CHART_DIRECTORY }}/Chart.yaml)
	echo "original app version is: $ORIGINAL_APP_VERSION"
	echo "ORIGINAL_APP_VERSION=$ORIGINAL_APP_VERSION" >> $GITHUB_ENV
	id: original_version

	- name: Capture helm chart version
	run: \|
	APP_VERSION=$(yq eval '.version' ${{ env.CHART_DIRECTORY }}/Chart.yaml)
	echo "version: $APP_VERSION"
	echo "APP_VERSION=$APP_VERSION" >> $GITHUB_ENV

	- name: Run version update reusable workflow
	id: run-reusable
	uses: ./.github/actions/version-bump
	with:
	currentVersion: $APP_VERSION
	currentAppVersion: $ORIGINAL_APP_VERSION
	updatedAppVersion: $TEST_VERSION

	- name: Set new version
	run: \|
	echo "new version to set is: ${{ steps.run-reusable.outputs.newVersion }}"

	- name: Update version helm chart
	run: \|
	yq e -i ".appVersion=\"${TEST_VERSION}\"" "${{ env.CHART_DIRECTORY }}/Chart.yaml"
	yq e -i '.version="${{ steps.run-reusable.outputs.newVersion }}"' ${{ env.CHART_DIRECTORY }}/Chart.yaml
	echo $(yq eval '.appVersion' ${{ env.CHART_DIRECTORY }}/Chart.yaml)

	- name: Configure Git
	run: \|
	git config user.name "${{ github.actor }}"
	git config user.email "${{ github.actor }}@users.noreply.github.com"

	- name: Commit Changes
	run: \|
	git checkout -b update-chart-version-${{ github.sha }} origin/main
	git branch -a
	git add ${{ env.CHART_DIRECTORY }}/Chart.yaml
	git commit -m "Update version and appVersion"

	- name: Push Changes
	run: git push origin update-chart-version-${{ github.sha }}

	- name: Open pull request
	run: gh pr create -B main -H update-chart-version-${{ github.sha }} --title 'Bump appVersion' --body 'Bumping appVersion'
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	notify-failure:
	if: ${{ always() && failure() }}
	needs: [docker-integration, open-pr]
	runs-on: ubuntu-latest
	steps:
	- name: Notify failure via Slack
	uses: archive/github-actions-slack@b91c7e2ff3852411ad4fbdad441a8133221ac86e
	with:
	slack-bot-user-oauth-access-token: ${{ secrets.K8S_AGENTS_SLACK_TOKEN }}
	slack-channel: ${{ secrets.K8S_AGENTS_SLACK_CHANNEL }}
	slack-text: "❌ `${{ env.ORIGINAL_REPO_NAME }}`: <${{ github.server_url }}/${{ env.ORIGINAL_REPO_NAME }}/actions/runs/${{ github.run_id }}\|release pipeline failed>."

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Pre-release and Release pipeline #30

Workflow file

Pre-release and Release pipeline #30

Jobs

Run details

Workflow file for this run