. 🚀 🐧 🦺 Prerelease Linux On Demand #206
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: . 🚀 🐧 🦺 Prerelease Linux On Demand | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| branch: | |
| description: 'Branch to build from' | |
| required: true | |
| fake_tag: | |
| description: 'Version to be given to the packages' | |
| default: '0.0.0' | |
| dest_prefix: | |
| description: 'Repo prefix' | |
| required: true | |
| BUILD_MODE: | |
| description: 'Enable NON-FIPS, FIPS or ALL' | |
| required: false | |
| default: 'ALL' # "ALL" "NON-FIPS" "FIPS": | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| TAG: ${{ inputs.fake_tag }} | |
| FAKE_TAG: ${{ inputs.fake_tag }} | |
| DOCKER_HUB_ID: ${{secrets.OHAI_DOCKER_HUB_ID}} | |
| DOCKER_HUB_PASSWORD: ${{secrets.OHAI_DOCKER_HUB_PASSWORD}} | |
| # required for GHA publish action, should be moved into optional | |
| GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} | |
| GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded | |
| BRANCH: ${{ github.event.inputs.branch }} | |
| DEST_PREFIX: ${{ github.event.inputs.dest_prefix }} | |
| AWS_S3_BUCKET_NAME: "nr-downloads-ohai-staging" | |
| AWS_REGION: "us-east-1" | |
| AWS_S3_LOCK_BUCKET_NAME: "onhost-ci-lock-staging" | |
| ACCESS_POINT_HOST: "staging" | |
| RUN_ID: ${{ github.run_id }} | |
| GPG_MAIL: '[email protected]' | |
| AWS_ACCESS_KEY_ID: ${{ secrets.OHAI_AWS_ACCESS_KEY_ID_STAGING }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.OHAI_AWS_SECRET_ACCESS_KEY_STAGING }} | |
| AWS_ROLE_ARN: ${{ secrets.OHAI_AWS_ROLE_ARN_STAGING }} | |
| AWS_ROLE_SESSION_NAME: ${{ secrets.OHAI_AWS_ROLE_SESSION_NAME_STAGING }} | |
| DISABLE_PUBLISH: true | |
| jobs: | |
| packaging: | |
| name: Build and publish packages to custom repo | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| ref: ${{ env.BRANCH }} | |
| - name: "Tag this commit" # required for Goreleaser | |
| run: git tag ${{ env.FAKE_TAG }} | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v1 | |
| with: | |
| username: ${{ env.DOCKER_HUB_ID }} | |
| password: ${{ env.DOCKER_HUB_PASSWORD }} | |
| - name: Preparing all NON-FIPS linux packages | |
| if: ${{ inputs.BUILD_MODE == 'ALL' || inputs.BUILD_MODE == 'NON-FIPS' }} | |
| run: make ci/prerelease/linux | |
| env: | |
| TAG: ${{ env.FAKE_TAG }} | |
| FIPS: "" | |
| - name: Generate checksum files | |
| uses: ./.github/actions/generate-checksums | |
| with: | |
| files_regex: '.*\(tar.gz\|deb\|rpm\)' | |
| files_path: 'dist' | |
| run_sudo: true | |
| - name: Publish NON-FIPS deb to S3 action | |
| if: ${{ inputs.BUILD_MODE == 'ALL' || inputs.BUILD_MODE == 'NON-FIPS' }} | |
| uses: newrelic/[email protected] | |
| with: | |
| tag: ${{env.FAKE_TAG}} | |
| app_name: "newrelic-infra" | |
| repo_name: "newrelic/infrastructure-agent" | |
| schema: "custom" | |
| schema_url: "https://raw.githubusercontent.com/newrelic/infrastructure-agent/${{ env.BRANCH }}/build/upload-schema-linux-deb.yml" | |
| aws_access_key_id: ${{ env.AWS_ACCESS_KEY_ID }} | |
| aws_secret_access_key: ${{ env.AWS_SECRET_ACCESS_KEY }} | |
| aws_s3_bucket_name: ${{ env.AWS_S3_BUCKET_NAME }} | |
| aws_s3_lock_bucket_name: ${{ env.AWS_S3_LOCK_BUCKET_NAME }} | |
| access_point_host: ${{ env.ACCESS_POINT_HOST }} | |
| run_id: ${{ env.RUN_ID }} | |
| aws_region: ${{ env.AWS_REGION }} | |
| aws_role_session_name: ${{ env.AWS_ROLE_SESSION_NAME }} | |
| aws_role_arn: ${{ env.AWS_ROLE_ARN }} | |
| # used for signing package stuff | |
| gpg_passphrase: ${{ env.GPG_PASSPHRASE }} | |
| gpg_private_key_base64: ${{ env.GPG_PRIVATE_KEY_BASE64 }} | |
| disable_lock: ${{ env.DISABLE_LOCK }} | |
| dest_prefix: ${{ env.DEST_PREFIX }} | |
| local_packages_path: "/srv/dist/" | |
| apt_skip_mirror: true | |
| - name: Publish NON-FIPS rpm to S3 action | |
| if: ${{ inputs.BUILD_MODE == 'ALL' || inputs.BUILD_MODE == 'NON-FIPS' }} | |
| uses: newrelic/[email protected] | |
| with: | |
| tag: ${{env.FAKE_TAG}} | |
| app_name: "newrelic-infra" | |
| repo_name: "newrelic/infrastructure-agent" | |
| schema: "custom" | |
| schema_url: "https://raw.githubusercontent.com/newrelic/infrastructure-agent/${{ env.BRANCH }}/build/upload-schema-linux-rpm.yml" | |
| aws_access_key_id: ${{ env.AWS_ACCESS_KEY_ID }} | |
| aws_secret_access_key: ${{ env.AWS_SECRET_ACCESS_KEY }} | |
| aws_s3_bucket_name: ${{ env.AWS_S3_BUCKET_NAME }} | |
| aws_s3_lock_bucket_name: ${{ env.AWS_S3_LOCK_BUCKET_NAME }} | |
| access_point_host: ${{ env.ACCESS_POINT_HOST }} | |
| run_id: ${{ env.RUN_ID }} | |
| aws_region: ${{ env.AWS_REGION }} | |
| aws_role_session_name: ${{ env.AWS_ROLE_SESSION_NAME }} | |
| aws_role_arn: ${{ env.AWS_ROLE_ARN }} | |
| # used for signing package stuff | |
| gpg_passphrase: ${{ env.GPG_PASSPHRASE }} | |
| gpg_private_key_base64: ${{ env.GPG_PRIVATE_KEY_BASE64 }} | |
| disable_lock: ${{ env.DISABLE_LOCK }} | |
| dest_prefix: ${{ env.DEST_PREFIX }} | |
| local_packages_path: "/srv/dist/" | |
| - name: Publish NON-FIPS targz to S3 action | |
| if: ${{ inputs.BUILD_MODE == 'ALL' || inputs.BUILD_MODE == 'NON-FIPS' }} | |
| uses: newrelic/[email protected] | |
| with: | |
| tag: ${{env.FAKE_TAG}} | |
| app_name: "newrelic-infra" | |
| repo_name: "newrelic/infrastructure-agent" | |
| schema: "custom" | |
| schema_url: "https://raw.githubusercontent.com/newrelic/infrastructure-agent/${{ env.BRANCH }}/build/upload-schema-linux-targz.yml" | |
| aws_access_key_id: ${{ env.AWS_ACCESS_KEY_ID }} | |
| aws_secret_access_key: ${{ env.AWS_SECRET_ACCESS_KEY }} | |
| aws_s3_bucket_name: ${{ env.AWS_S3_BUCKET_NAME }} | |
| aws_s3_lock_bucket_name: ${{ env.AWS_S3_LOCK_BUCKET_NAME }} | |
| access_point_host: ${{ env.ACCESS_POINT_HOST }} | |
| run_id: ${{ env.RUN_ID }} | |
| aws_region: ${{ env.AWS_REGION }} | |
| aws_role_session_name: ${{ env.AWS_ROLE_SESSION_NAME }} | |
| aws_role_arn: ${{ env.AWS_ROLE_ARN }} | |
| # used for signing package stuff | |
| gpg_passphrase: ${{ env.GPG_PASSPHRASE }} | |
| gpg_private_key_base64: ${{ env.GPG_PRIVATE_KEY_BASE64 }} | |
| disable_lock: ${{ env.DISABLE_LOCK }} | |
| dest_prefix: ${{ env.DEST_PREFIX }} | |
| local_packages_path: "/srv/dist/" | |
| - name: Preparing all FIPS linux packages | |
| if: ${{ inputs.BUILD_MODE == 'ALL' || inputs.BUILD_MODE == 'FIPS' }} | |
| run: make ci/prerelease/linux-fips | |
| env: | |
| TAG: ${{ env.FAKE_TAG }} | |
| FIPS: "_fips" | |
| - name: Generate checksum files | |
| uses: ./.github/actions/generate-checksums | |
| with: | |
| files_regex: '.*\(tar.gz\|deb\|rpm\)' | |
| files_path: 'dist' | |
| run_sudo: true | |
| - name: Publish FIPS deb to S3 action | |
| if: ${{ inputs.BUILD_MODE == 'ALL' || inputs.BUILD_MODE == 'FIPS' }} | |
| uses: newrelic/[email protected] | |
| with: | |
| tag: ${{env.FAKE_TAG}} | |
| app_name: "newrelic-infra" | |
| repo_name: "newrelic/infrastructure-agent" | |
| schema: "custom" | |
| schema_url: "https://raw.githubusercontent.com/newrelic/infrastructure-agent/${{ env.BRANCH }}/build/upload-schema-linux-deb-fips.yml" | |
| aws_access_key_id: ${{ env.AWS_ACCESS_KEY_ID }} | |
| aws_secret_access_key: ${{ env.AWS_SECRET_ACCESS_KEY }} | |
| aws_s3_bucket_name: ${{ env.AWS_S3_BUCKET_NAME }} | |
| aws_s3_lock_bucket_name: ${{ env.AWS_S3_LOCK_BUCKET_NAME }} | |
| access_point_host: ${{ env.ACCESS_POINT_HOST }} | |
| run_id: ${{ env.RUN_ID }} | |
| aws_region: ${{ env.AWS_REGION }} | |
| aws_role_session_name: ${{ env.AWS_ROLE_SESSION_NAME }} | |
| aws_role_arn: ${{ env.AWS_ROLE_ARN }} | |
| # used for signing package stuff | |
| gpg_passphrase: ${{ env.GPG_PASSPHRASE }} | |
| gpg_private_key_base64: ${{ env.GPG_PRIVATE_KEY_BASE64 }} | |
| disable_lock: ${{ env.DISABLE_LOCK }} | |
| dest_prefix: ${{ env.DEST_PREFIX }} | |
| local_packages_path: "/srv/dist/" | |
| apt_skip_mirror: true | |
| - name: Publish FIPS rpm to S3 action | |
| if: ${{ inputs.BUILD_MODE == 'ALL' || inputs.BUILD_MODE == 'FIPS' }} | |
| uses: newrelic/[email protected] | |
| with: | |
| tag: ${{env.FAKE_TAG}} | |
| app_name: "newrelic-infra" | |
| repo_name: "newrelic/infrastructure-agent" | |
| schema: "custom" | |
| schema_url: "https://raw.githubusercontent.com/newrelic/infrastructure-agent/${{ env.BRANCH }}/build/upload-schema-linux-rpm-fips.yml" | |
| aws_access_key_id: ${{ env.AWS_ACCESS_KEY_ID }} | |
| aws_secret_access_key: ${{ env.AWS_SECRET_ACCESS_KEY }} | |
| aws_s3_bucket_name: ${{ env.AWS_S3_BUCKET_NAME }} | |
| aws_s3_lock_bucket_name: ${{ env.AWS_S3_LOCK_BUCKET_NAME }} | |
| access_point_host: ${{ env.ACCESS_POINT_HOST }} | |
| run_id: ${{ env.RUN_ID }} | |
| aws_region: ${{ env.AWS_REGION }} | |
| aws_role_session_name: ${{ env.AWS_ROLE_SESSION_NAME }} | |
| aws_role_arn: ${{ env.AWS_ROLE_ARN }} | |
| # used for signing package stuff | |
| gpg_passphrase: ${{ env.GPG_PASSPHRASE }} | |
| gpg_private_key_base64: ${{ env.GPG_PRIVATE_KEY_BASE64 }} | |
| disable_lock: ${{ env.DISABLE_LOCK }} | |
| dest_prefix: ${{ env.DEST_PREFIX }} | |
| local_packages_path: "/srv/dist/" | |
| - name: Publish FIPS targz to S3 action | |
| if: ${{ inputs.BUILD_MODE == 'ALL' || inputs.BUILD_MODE == 'FIPS' }} | |
| uses: newrelic/[email protected] | |
| with: | |
| tag: ${{env.FAKE_TAG}} | |
| app_name: "newrelic-infra" | |
| repo_name: "newrelic/infrastructure-agent" | |
| schema: "custom" | |
| schema_url: "https://raw.githubusercontent.com/newrelic/infrastructure-agent/${{ env.BRANCH }}/build/upload-schema-linux-targz-fips.yml" | |
| aws_access_key_id: ${{ env.AWS_ACCESS_KEY_ID }} | |
| aws_secret_access_key: ${{ env.AWS_SECRET_ACCESS_KEY }} | |
| aws_s3_bucket_name: ${{ env.AWS_S3_BUCKET_NAME }} | |
| aws_s3_lock_bucket_name: ${{ env.AWS_S3_LOCK_BUCKET_NAME }} | |
| access_point_host: ${{ env.ACCESS_POINT_HOST }} | |
| run_id: ${{ env.RUN_ID }} | |
| aws_region: ${{ env.AWS_REGION }} | |
| aws_role_session_name: ${{ env.AWS_ROLE_SESSION_NAME }} | |
| aws_role_arn: ${{ env.AWS_ROLE_ARN }} | |
| # used for signing package stuff | |
| gpg_passphrase: ${{ env.GPG_PASSPHRASE }} | |
| gpg_private_key_base64: ${{ env.GPG_PRIVATE_KEY_BASE64 }} | |
| disable_lock: ${{ env.DISABLE_LOCK }} | |
| dest_prefix: ${{ env.DEST_PREFIX }} | |
| local_packages_path: "/srv/dist/" |