Feat/reausable2 (#286)

newrelic · Mar 11, 2024 · 31854fd · 31854fd
1 parent 0e61599
commit 31854fd
Show file tree

Hide file tree

Showing 7 changed files with 52 additions and 273 deletions.
diff --git a/.github/workflows/on_prerelease.yaml b/.github/workflows/on_prerelease.yaml
@@ -1,138 +1,42 @@
-name: Create prerelease artifacts
-
+name: Prerelease pipeline
 on:
   release:
     types:
       - prereleased
     tags:
       - 'v*'
 
-env:
-  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  NRJMX_VERSION: '2.3.2'
-  INTEGRATION: "kafka"
-  ORIGINAL_REPO_NAME: ${{ github.event.repository.full_name }}
-  REPO_FULL_NAME: ${{ github.event.repository.full_name }}
-  TAG: ${{ github.event.release.tag_name }}
-  CONSUMER_PRODUCER_DOCKER_IMAGE_NAME: ghcr.io/newrelic/kafka-consumer-producer
-  CONSUMER_PRODUCER_DOCKER_PLATFORMS: "linux/amd64"
-
 jobs:
-  test-nix:
-    name: Run unit tests on *Nix
-    runs-on: ubuntu-22.04
-    steps:
-      - uses: actions/checkout@v4
-      - name: Login to DockerHub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.OHAI_DOCKER_HUB_ID }}
-          password: ${{ secrets.OHAI_DOCKER_HUB_PASSWORD }}
-      - name: Unit tests
-        run: make ci/test
-
-  test-windows:
-    name: Run unit tests on Windows
-    runs-on: windows-2022
+  consumer-producer-image:
     env:
-      GOPATH: ${{ github.workspace }}
-    defaults:
-      run:
-        working-directory: src/github.com/${{env.ORIGINAL_REPO_NAME}}
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          path: src/github.com/${{env.ORIGINAL_REPO_NAME}}
-      - name: Install Go
-        uses: actions/setup-go@v4
-        with:
-          go-version-file: 'src/github.com/${{env.ORIGINAL_REPO_NAME}}/go.mod'
-      - name: Running unit tests
-        shell: pwsh
-        run: |
-          .\build\windows\unit_tests.ps1
-
-  prerelease:
-    name: Build binary for *Nix/Win, create archives for *Nix/Win, create packages for *Nix, upload all artifacts into GH Release assets
+      ORIGINAL_REPO_NAME: ${{ github.event.repository.full_name }}
+      CONSUMER_PRODUCER_DOCKER_IMAGE_NAME: ghcr.io/newrelic/kafka-consumer-producer
+    name: Build and push consumer-producer image to use in our canaries
     runs-on: ubuntu-22.04
-    needs: [test-nix, test-windows, test-integration-nix]
     steps:
       - uses: actions/checkout@v4
-      - name: Login to DockerHub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.OHAI_DOCKER_HUB_ID }}
-          password: ${{ secrets.OHAI_DOCKER_HUB_PASSWORD }}
-      - name: Pre release
-        run: make ci/prerelease
-        env:
-          GPG_MAIL: '[email protected]'
-          GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }}
-          GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded
-      - name: Test package installability
-        uses: newrelic/integrations-pkg-test-action/linux@v1
         with:
-          tag: ${{ env.TAG }}
-          integration: nri-${{ env.INTEGRATION }}
-
-  package-win:
-    name: Create MSI & Upload into GH Release assets
-    runs-on: windows-2022
-    needs: [prerelease]
-    env:
-      PFX_CERTIFICATE_BASE64: ${{ secrets.OHAI_PFX_CERTIFICATE_BASE64 }} # base64 encoded
-      PFX_CERTIFICATE_DESCRIPTION: 'New Relic'
-      PFX_PASSPHRASE: ${{ secrets.OHAI_PFX_PASSPHRASE }}
-      GOPATH: ${{ github.workspace }}
-    defaults:
-      run:
-        working-directory: src/github.com/${{env.ORIGINAL_REPO_NAME}}
-    strategy:
-      matrix:
-        goarch: [ amd64 ] # 386 not supported in jmx integrations
-        test-upgrade: [true,false]
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          path: src/github.com/${{env.ORIGINAL_REPO_NAME}}
-      - name: Get PFX certificate from GH secrets
-        shell: bash
-        run: printf "%s" "$PFX_CERTIFICATE_BASE64" | base64 -d - > wincert.pfx
-      - name: Download zip from GH Release assets and extract .exe
-        shell: pwsh
-        run: |
-          build\windows\download_zip_extract_exe.ps1 "$env:INTEGRATION" ${{ matrix.goarch }} "$env:TAG" "$env:REPO_FULL_NAME"
-      - name: Download nrjmx
-        shell: bash
-        env:
-          # TODO: override latest with 1.5.3 until a fix is released (2020-01-28)
-          NRJMX_URL: "https://download.newrelic.com/infrastructure_agent/windows/integrations/nrjmx/nrjmx-amd64.1.5.3.msi"
-        run: |
-          build/windows/download_nrjmx.sh
-      - name: Create MSI
-        shell: pwsh
-        run: |
-          build\windows\package_msi.ps1 -integration "$env:INTEGRATION" -arch ${{ matrix.goarch }} -tag "$env:TAG" -pfx_passphrase "$env:PFX_PASSPHRASE" -pfx_certificate_description "$env:PFX_CERTIFICATE_DESCRIPTION"
-      - name: Test win packages installation
-        uses: newrelic/integrations-pkg-test-action/windows@v1
+          path: src/github.com/${{ env.ORIGINAL_REPO_NAME }}
+      - uses: docker/setup-buildx-action@v3
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
         with:
-          tag: ${{ env.TAG }}
-          integration: nri-${{ env.INTEGRATION }}
-          arch: ${{ matrix.goarch }}
-          upgrade: ${{ matrix.test-upgrade }}
-          pkgType: "exe" # JMX integrations are shipped in .exe format
-      - name: Upload MSI to GH
-        # To avoid upload packages twice
-        if: startsWith(matrix.test-upgrade, 'false')
-        shell: bash
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build and push Docker image
+        working-directory: src/github.com/${{ env.ORIGINAL_REPO_NAME }}/tests/integration/consumer-producer
         run: |
-          build/windows/upload_msi.sh ${INTEGRATION} ${{ matrix.goarch }} ${TAG}
-
-  # can't run this step inside of container because of tests specific
+          docker buildx build --push --platform=linux/amd64 \
+            -t $CONSUMER_PRODUCER_DOCKER_IMAGE_NAME:latest \
+            .
+  # This is currently not covered by reusable workflow due to the retry mechanism
   test-integration-nix:
     name: Run integration tests on *Nix
     runs-on: ubuntu-22.04
+    env:
+      ORIGINAL_REPO_NAME: ${{ github.event.repository.full_name }}
+      NRJMX_VERSION: '2.3.2' ## this is needed in the makefile
     defaults:
       run:
         working-directory: src/github.com/${{env.ORIGINAL_REPO_NAME}}
@@ -147,80 +51,17 @@ jobs:
         with:
           go-version-file: 'src/github.com/${{env.ORIGINAL_REPO_NAME}}/go.mod'
       - name: Integration test
-        run:  for i in 1 2 3; do make integration-test && break; done
+        # One of the integration consumer tests is not working as expected to the environment bootstrap, to keep it
+        run: for i in 1 2 3; do make integration-test && break; done
 
-  publish-to-s3:
-    name: Send release assets to S3
-    runs-on: ubuntu-22.04
-    needs: [package-win]
-    steps:
-      - name: Login to DockerHub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.OHAI_DOCKER_HUB_ID }}
-          password: ${{ secrets.OHAI_DOCKER_HUB_PASSWORD }}
-      - name: Publish to S3 action
-        uses: newrelic/infrastructure-publish-action@v1
-        env:
-          AWS_S3_BUCKET_NAME: "nr-downloads-ohai-staging"
-          AWS_S3_LOCK_BUCKET_NAME: "onhost-ci-lock-staging"
-        with:
-          disable_lock: false
-          run_id: ${{ github.run_id }}
-          tag: ${{env.TAG}}
-          app_name: "nri-${{env.INTEGRATION}}"
-          repo_name: ${{ env.ORIGINAL_REPO_NAME }}
-          access_point_host: "staging"
-          schema: "ohi-jmx" # ohi-jmx for integrations that bundle JMX on windows installers
-          aws_region: "us-east-1"
-          aws_role_arn: ${{ secrets.OHAI_AWS_ROLE_ARN_STAGING }}
-          aws_role_session_name: ${{ secrets.OHAI_AWS_ROLE_SESSION_NAME_STAGING }}
-          aws_access_key_id: ${{ secrets.OHAI_AWS_ACCESS_KEY_ID_STAGING }}
-          aws_secret_access_key: ${{ secrets.OHAI_AWS_SECRET_ACCESS_KEY_STAGING }}
-          aws_s3_bucket_name: ${{ env.AWS_S3_BUCKET_NAME }}
-          # used for locking in case of concurrent releases
-          aws_s3_lock_bucket_name: ${{ env.AWS_S3_LOCK_BUCKET_NAME }}
-          # used for signing package stuff
-          gpg_passphrase: ${{ secrets.OHAI_GPG_PASSPHRASE }}
-          gpg_private_key_base64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }}
-      - name: Test uploaded package installability
-        uses: newrelic/integrations-pkg-test-action/linux@v1
-        with:
-          tag: ${{ env.TAG }}
-          integration: nri-${{ env.INTEGRATION }}
-          packageLocation: repo
-          stagingRepo: true
-          upgrade: false
+  pre-release:
+    needs: [test-integration-nix]
+    uses: newrelic/coreint-automation/.github/workflows/reusable_pre_release.yaml@v2
+    with:
+      tag: ${{ github.event.release.tag_name }}
+      integration: kafka
+      publish_schema: "ohi-jmx"
+      run_integration_nix: false
+    secrets: inherit
 
-  consumer-producer-image:
-    name: Build and push consumer-producer image to use in our canaries
-    runs-on: ubuntu-22.04
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          path: src/github.com/${{ env.ORIGINAL_REPO_NAME }}
-      - uses: docker/setup-buildx-action@v3
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Build and push Docker image
-        working-directory: src/github.com/${{ env.ORIGINAL_REPO_NAME }}/tests/integration/consumer-producer
-        run: |
-          docker buildx build --push --platform=$CONSUMER_PRODUCER_DOCKER_PLATFORMS \
-            -t $CONSUMER_PRODUCER_DOCKER_IMAGE_NAME:latest \
-            .
 
-  notify-failure:
-    if: ${{ always() && failure() }}
-    needs: [test-nix,test-windows, test-integration-nix, prerelease, publish-to-s3,package-win, consumer-producer-image]
-    runs-on: ubuntu-latest
-    steps:
-      - name: Notify failure via Slack
-        uses: archive/github-actions-slack@master
-        with:
-          slack-bot-user-oauth-access-token: ${{ secrets.COREINT_SLACK_TOKEN }}
-          slack-channel: ${{ secrets.COREINT_SLACK_CHANNEL }}
-          slack-text: "❌ `${{ env.ORIGINAL_REPO_NAME }}`: [prerelease pipeline failed](${{ github.server_url }}/${{ env.ORIGINAL_REPO_NAME }}/actions/runs/${{ github.run_id }})."
diff --git a/.github/workflows/on_push_pr.yaml b/.github/workflows/on_push_pr.yaml
@@ -7,73 +7,23 @@ on:
       - master
       - renovate/**
   pull_request:
-
-env:
-  TAG: "v0.0.0" # needed for goreleaser windows builds
-  REPO_FULL_NAME: ${{ github.event.repository.full_name }}
-  ORIGINAL_REPO_NAME: "newrelic/nri-kafka"
-  NRJMX_VERSION: '2.3.2'
-  DOCKER_LOGIN_AVAILABLE: ${{ secrets.OHAI_DOCKER_HUB_ID }}
+  workflow_dispatch:
 
 jobs:
-  static-analysis:
-    name: Run all static analysis checks
-    runs-on: ubuntu-22.04
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v4
-        with:
-          go-version-file: 'go.mod'
-      - uses: newrelic/newrelic-infra-checkers@v1
-        with:
-          golangci-lint-config: golangci-lint-limited
-      - name: golangci-lint
-        uses: golangci/golangci-lint-action@v3
-        continue-on-error: ${{ github.event_name != 'pull_request' }}
-        with:
-          only-new-issues: true
-      - name: Check if CHANGELOG is valid
-        uses: newrelic/release-toolkit/validate-markdown@v1
-
-  test-nix:
-    name: Run unit tests on *Nix
-    runs-on: ubuntu-22.04
-    steps:
-      - uses: actions/checkout@v4
-      - name: Login to DockerHub
-        if: ${{env.DOCKER_LOGIN_AVAILABLE}}
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.OHAI_DOCKER_HUB_ID }}
-          password: ${{ secrets.OHAI_DOCKER_HUB_PASSWORD }}
-      - name: Unit tests
-        run: make ci/test
-
-  test-windows:
-    name: Run unit tests on Windows
-    runs-on: windows-2022
-    env:
-      GOPATH: ${{ github.workspace }}
-    defaults:
-      run:
-        working-directory: src/github.com/${{ env.ORIGINAL_REPO_NAME }}
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          path: src/github.com/${{env.ORIGINAL_REPO_NAME}}
-      - name: Install Go
-        uses: actions/setup-go@v4
-        with:
-          go-version-file: 'src/github.com/${{env.ORIGINAL_REPO_NAME}}/go.mod'
-      - name: Running unit tests
-        shell: pwsh
-        run: |
-          .\build\windows\unit_tests.ps1
+  push-pr:
+    uses: newrelic/coreint-automation/.github/workflows/reusable_push_pr.yaml@v2
+    with:
+      integration: kafka
+      run_integration_nix: false
+    secrets: inherit
 
-  # can't run this step inside of container because of tests specific
+# This is currently not covered by reusable workflow due to the retry mechanism
   test-integration-nix:
     name: Run integration tests on *Nix
     runs-on: ubuntu-22.04
+    env:
+      ORIGINAL_REPO_NAME: ${{ github.event.repository.full_name }}
+      NRJMX_VERSION: '2.3.2' ## this is needed in the makefile
     defaults:
       run:
         working-directory: src/github.com/${{env.ORIGINAL_REPO_NAME}}
@@ -87,21 +37,6 @@ jobs:
         uses: actions/setup-go@v4
         with:
           go-version-file: 'src/github.com/${{env.ORIGINAL_REPO_NAME}}/go.mod'
-      # One of the integration consumer tests is not working as expected to the environment bootstrap, to keep it
-      # we have a simple retry mechanism spawning again the system.
       - name: Integration test
-        run:  for i in 1 2 3; do make integration-test && break; done
-
-  test-build:
-    name: Test binary compilation for all platforms:arch
-    runs-on: ubuntu-22.04
-    steps:
-      - uses: actions/checkout@v4
-      - name: Login to DockerHub
-        if: ${{env.DOCKER_LOGIN_AVAILABLE}}
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.OHAI_DOCKER_HUB_ID }}
-          password: ${{ secrets.OHAI_DOCKER_HUB_PASSWORD }}
-      - name: Build all platforms:arch
-        run: make ci/build
+        # One of the integration consumer tests is not working as expected to the environment bootstrap, to keep it
+        run: for i in 1 2 3; do make integration-test && break; done
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,9 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 
 ## Unreleased
 
+### bugfix
+- Updated golang to version v1.21.7 to fix a vulnerability
+
 ## v3.7.1 - 2024-02-21
 
 ### ⛓️ Dependencies

diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.21.3 as builder-kafka
+FROM golang:1.21.7 as builder-kafka
 COPY . /go/src/github.com/newrelic/nri-kafka/
 RUN cd /go/src/github.com/newrelic/nri-kafka && \
     make && \

diff --git a/build/Dockerfile b/build/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.21.3-bookworm
+FROM golang:1.21.7-bookworm
 
 ARG GH_VERSION='1.6.0'
 

diff --git a/go.mod b/go.mod
@@ -1,6 +1,6 @@
 module github.com/newrelic/nri-kafka
 
-go 1.21
+go 1.21.7
 
 require (
 	github.com/IBM/sarama v1.41.3

diff --git a/tests/integration/Dockerfile b/tests/integration/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.21.3 as builder
+FROM golang:1.21.7 as builder
 ARG CGO_ENABLED=0
 ARG NRJMX_VERSION
 WORKDIR /go/src/github.com/newrelic/nri-kafka