Skip to content
name: Pre-release and Release pipeline
on:
release:
types: [prereleased, released]
tags:
- 'v*'
workflow_dispatch:
env:
ORIGINAL_REPO_NAME: ${{ github.event.repository.full_name }}
CHART_DIRECTORY: 'charts/nri-metadata-injection'
jobs:
build:
name: Build integration for
runs-on: ubuntu-latest
strategy:
matrix:
goos: [ linux ]
goarch: [ amd64, arm64, arm ]
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v4
with:
go-version-file: 'go.mod'
- name: golangci-lint
uses: golangci/golangci-lint-action@v3
with:
only-new-issues: true
skip-cache: true
- name: Build integration
env:
GOOS: ${{ matrix.goos }}
GOARCH: ${{ matrix.goarch }}
run: |
make compile
- name: Upload artifact for docker build step
uses: actions/upload-artifact@v3
with:
retention-days: 1
name: k8s-metadata-injection-${{ matrix.goos }}-${{ matrix.goarch }}
path: bin/k8s-metadata-injection-${{ matrix.goos }}-${{ matrix.goarch }}
docker-integration:
name: Release docker
needs: [ build ]
runs-on: ubuntu-latest
outputs:
new-version: ${{ steps.set-new-version.outputs.new-version }}
env:
DOCKER_IMAGE_NAME: newrelic/k8s-metadata-injection
DOCKER_PLATFORMS: "linux/amd64,linux/arm64,linux/arm" # Must be consistent with the matrix from the job above
steps:
- name: Generate docker image version from git tag
id: set-new-version
run: |
echo "${{ github.event.release.tag_name }}" | grep -E '^[v]?[0-9.]*[0-9]$'
DOCKER_IMAGE_TAG=$(echo "${{ github.event.release.tag_name }}" | sed 's/^v//')
echo "DOCKER_IMAGE_TAG=$DOCKER_IMAGE_TAG" >> $GITHUB_ENV
echo "new-version=$DOCKER_IMAGE_TAG" >> $GITHUB_OUTPUT
- uses: actions/checkout@v3
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Download all artifacts from build job
uses: actions/download-artifact@v3
with:
path: bin
- uses: docker/login-action@v2
with:
username: ${{ secrets.FSI_DOCKERHUB_USERNAME }}
password: ${{ secrets.FSI_DOCKERHUB_TOKEN }}
- name: Build and load x64 image for security scanning
# We need to build a single-arch image again to be able to --load it into the host
run: |
docker buildx build --load --platform=linux/amd64 \
-t $DOCKER_IMAGE_NAME:ci-scan \
.
- name: Run Trivy vulnerability scanner
uses: aquasecurity/[email protected]
with:
image-ref: '${{ env.DOCKER_IMAGE_NAME }}:ci-scan'
format: 'table'
exit-code: '1'
ignore-unfixed: true
severity: 'HIGH,CRITICAL'
- name: Build and push docker image
if: ${{ github.event.release.prerelease }}
run: |
DOCKER_IMAGE_TAG=${DOCKER_IMAGE_TAG}-pre
docker buildx build --push --platform=$DOCKER_PLATFORMS \
-t $DOCKER_IMAGE_NAME:$DOCKER_IMAGE_TAG \
.
- name: Push release image
if: ${{ ! github.event.release.prerelease }}
run: |
docker buildx build --push --platform=$DOCKER_PLATFORMS \
-t $DOCKER_IMAGE_NAME:$DOCKER_IMAGE_TAG \
-t $DOCKER_IMAGE_NAME:latest \
.
open-pr:
name: Update version and appVersion and open pr
needs: [ docker-integration ]
runs-on: ubuntu-latest
# run only for releases (not prereleases)
if: ${{ ! github.event.release.prerelease }}
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Find new appVersion
id: find-version
run: |
echo "NEW_APP_VERSION=${{ needs.docker-integration.outputs.new-version }}" >> $GITHUB_ENV
echo "new app version: $NEW_APP_VERSION"
- name: Find current appVersion
id: original_version
run: |
ORIGINAL_APP_VERSION=$(yq eval '.appVersion' ${{ env.CHART_DIRECTORY }}/Chart.yaml)
echo "original app version: $ORIGINAL_APP_VERSION"
echo "ORIGINAL_APP_VERSION=$ORIGINAL_APP_VERSION" >> $GITHUB_ENV
- name: Find current helm chart version
run: |
CURRENT_VERSION=$(yq eval '.version' ${{ env.CHART_DIRECTORY }}/Chart.yaml)
echo "version: $CURRENT_VERSION"
echo "CURRENT_VERSION=$CURRENT_VERSION" >> $GITHUB_ENV
- name: Set up Golang
uses: actions/setup-go@v4
with:
go-version: 1.19.11
- name: Find next helm chart version
run: |
NEXT_VERSION=$(go run ./src/utils/version-update.go "$CURRENT_VERSION" "$ORIGINAL_APP_VERSION" "$NEW_APP_VERSION")
echo "Next helm chart version: $NEXT_VERSION"
echo "NEXT_VERSION=$NEXT_VERSION" >> $GITHUB_ENV
- name: Update version helm chart
# fail the workflow if newVersion is "error", otherwise set the new versions and continue with opening pr
run: |
if [ "${NEXT_VERSION}" != 'error' ]; then
echo "new appVersion to set: ${NEW_APP_VERSION}"
echo "new version to set: $NEXT_VERSION}"
yq e -i ".appVersion=\"${NEW_APP_VERSION}\"" "${{ env.CHART_DIRECTORY }}/Chart.yaml"
yq e -i ".version=\"${NEXT_VERSION}\"" "${{ env.CHART_DIRECTORY }}/Chart.yaml"
else
echo "Error: newVersion is 'error'."
exit 1
fi
- name: Install Helm Docs
run: |
wget https://github.com/norwoodj/helm-docs/releases/download/v1.11.0/helm-docs_1.11.0_Linux_x86_64.tar.gz
tar -xvf helm-docs_1.11.0_Linux_x86_64.tar.gz
sudo mv helm-docs /usr/local/sbin
- name: Run Helm Docs
run: |
helm-docs
- name: Configure Git
run: |
git config user.name "${{ github.actor }}"
git config user.email "${{ github.actor }}@users.noreply.github.com"
- name: Commit Changes
run: |
git checkout -b update-chart-version-${{ github.sha }}
git branch -a
git add ${{ env.CHART_DIRECTORY }}/Chart.yaml
git add ${{ env.CHART_DIRECTORY }}/README.md
git commit -m "Bump versions and update docs"
- name: Push Changes
run: git push origin update-chart-version-${{ github.sha }}
- name: Open pull request
run: gh pr create -B main -H update-chart-version-${{ github.sha }} --title 'Bump version and update docs' --body 'Bump version and appVersion and results of running helm docs as part of release automation.'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
notify-failure:
if: ${{ always() && failure() }}
needs: [docker-integration, open-pr]
runs-on: ubuntu-latest
steps:
- name: Notify failure via Slack
uses: archive/github-actions-slack@b91c7e2ff3852411ad4fbdad441a8133221ac86e
with:
slack-bot-user-oauth-access-token: ${{ secrets.K8S_AGENTS_SLACK_TOKEN }}
slack-channel: ${{ secrets.K8S_AGENTS_SLACK_CHANNEL }}
slack-text: "❌ `${{ env.ORIGINAL_REPO_NAME }}`: <${{ github.server_url }}/${{ env.ORIGINAL_REPO_NAME }}/actions/runs/${{ github.run_id }}|release pipeline failed>."