Skip to content

Revert "Release commit v3.3.14 (#224)" (#225) #347

Revert "Release commit v3.3.14 (#224)" (#225)

Revert "Release commit v3.3.14 (#224)" (#225) #347

name: Continuous Build and Publish
on:
push:
branches:
- master
pull_request:
branches:
- master
workflow_dispatch:
inputs:
region:
description: The region to test the daemon binaries in.
required: true
default: us-west-2
permissions:
id-token: write
contents: read
jobs:
build:
name: Build on ${{ matrix.os }}
strategy:
matrix:
os:
- macos-latest
- ubuntu-latest
- windows-latest
runs-on: ${{ matrix.os }}
steps:
- name: Checkout Repository
uses: actions/checkout@v2
- name: Setup Go
uses: actions/setup-go@v2
with:
go-version: '^1.22.4'
- uses: actions/cache@v2
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Build archives and test
run: make build test
env:
VERSION: 0.${{ github.sha }} # debian package requires version to start with a digit
- name: Build linux archives
if: ${{ runner.os == 'Linux' }}
run: make packaging
env:
VERSION: 0.${{ github.sha }} # debian package requires version to start with a digit
- name: Configure AWS Credentials
if: ${{ runner.os == 'Linux' && github.event_name == 'push' }}
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN_RELEASE }}
aws-region: us-east-1
- name: Verify Daemon binary
if: ${{ runner.os == 'Linux' && github.event_name == 'push' }}
run: |
build/xray-linux-amd64/xray -o -l dev &
sleep 10
echo -e '{"format":"json","version":1}\nx' | nc -w 1 -u 127.0.0.1 2000
sleep 10
ProcNumber=$(ps -ef |grep -w xray|grep -v grep|wc -l)
echo $ProcNumber
if [[ $ProcNumber == 0 ]]; then
exit 1
fi
- name: Download package signing GPG secret key
if: ${{ runner.os == 'Linux' && github.event_name == 'push' }}
run: |
aws secretsmanager get-secret-value --region us-east-1 --secret-id "XRayDaemonSecrets" | jq -r ".SecretString" > aws-xray-secret.gpg
md5sum aws-xray-secret.gpg
- name: Import signing GPG key
if: ${{ runner.os == 'Linux' && github.event_name == 'push' }}
run: |
gpg --import aws-xray-secret.gpg
gpg --list-keys
gpg --armor --export -a "[email protected]" > aws-xray-public.gpg
rpm --import aws-xray-public.gpg
shred -fuvz aws-xray-secret.gpg
shred -fuvz aws-xray-public.gpg
- name: Sign daemon packages
if: ${{ runner.os == 'Linux' && github.event_name == 'push' }}
run: ./Tool/src/packaging/sign-packages.sh
- name: Remove Package Signing GPG Key from local GPG Key Ring
if: ${{ runner.os == 'Linux' && github.event_name == 'push' }}
run: |
gpg --fingerprint --with-colons [email protected] | grep -m 1 "fpr" | sed -n 's/^fpr:::::::::\([[:alnum:]]\+\):/\1/p' | xargs gpg --batch --yes --delete-secret-keys
gpg --list-secret-keys
- name: Upload archives as actions artifact
if: ${{ runner.os == 'Linux' }}
uses: actions/upload-artifact@v2
with:
name: distributions
path: build/dist/
- name: Login to Public ECR
if: ${{ runner.os == 'Linux' && github.event_name == 'push' }}
run: aws ecr-public get-login-password | docker login --username AWS --password-stdin public.ecr.aws
- name: Login to DockerHub
if: ${{ runner.os == 'Linux' && github.event_name == 'push' }}
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKER_USER }}
password: ${{ secrets.DOCKER_PASS }}
- name: Set up Docker Buildx
if: ${{ runner.os == 'Linux' }}
uses: docker/setup-buildx-action@v1
- name: Cache Docker layers
uses: actions/cache@v2
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Build docker image for public ECR
if: ${{ runner.os == 'Linux' }}
uses: docker/build-push-action@v2
with:
context: .
file: ./Dockerfile
push: ${{ github.event_name == 'push' }}
platforms: linux/amd64,linux/arm64
tags: |
public.ecr.aws/xray/aws-xray-daemon:alpha
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache
- name: Build docker image for DockerHub
if: ${{ runner.os == 'Linux' }}
uses: docker/build-push-action@v2
with:
context: .
file: ./Dockerfile.amazonlinux
push: ${{ github.event_name == 'push' }}
platforms: linux/amd64,linux/arm64
tags: |
amazon/aws-xray-daemon:alpha
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache
test:
name: Integration testing
if: ${{ github.event_name != 'pull_request' }} #Cannot run integration tests on PR as there is no access to the IAM Role via GH secrets.
needs: [build]
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
testcases:
- linux_deb
- linux_rpm
- linux_zip
- linux_zip_cn
- linux_zip_us_gov
steps:
- name: Checkout repo
uses: actions/checkout@v2
- name: Download build artifacts
uses: actions/download-artifact@v3
with:
name: distributions
path: distributions
- name: Display structure of downloaded files
run: ls -R
- name: Set up terraform
uses: hashicorp/setup-terraform@v2
# workaround for handling input value for auto-triggered workflows
# https://dev.to/mrmike/github-action-handling-input-default-value-5f2g
- name: Set AWS region and partition values
id: setRegion
run: |
if [[ ${{ matrix.testcases }} == "linux_zip_cn" ]]; then
echo "::set-output name=region::cn-north-1"
echo "::set-output name=partition::aws-cn"
elif [[ ${{ matrix.testcases }} == "linux_zip_us_gov" ]]; then
echo "::set-output name=region::us-gov-west-1"
echo "::set-output name=partition::aws-us-gov"
else
USER_INPUT=${{ github.event.inputs.region }}
# Use user input region or fall back to "us-west-2"
REGION=${USER_INPUT:-"us-west-2"}
echo "::set-output name=region::$REGION"
echo "::set-output name=partition::aws"
fi
- name: Configure AWS Credentials
if: ${{ steps.setRegion.outputs.partition == 'aws' }}
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ secrets.TESTING_ROLE_ARN }}
aws-region: ${{ steps.setRegion.outputs.region }}
- name: Configure AWS Credentials - China
if: ${{ steps.setRegion.outputs.partition == 'aws-cn' }}
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ secrets.TESTING_ROLE_ARN_CN }}
aws-region: cn-north-1
- name: Configure AWS Credentials - US Gov
if: ${{ steps.setRegion.outputs.partition == 'aws-us-gov' }}
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ secrets.TESTING_ROLE_ARN_US_GOV }}
aws-region: us-gov-west-1
- name: Generate trace data
id: traceData
run: |
sudo chmod +x ./testing/generate_trace_data.sh
./testing/generate_trace_data.sh
- name: Run terraform and send trace data
id: terraformSendData
run: |
cd testing/terraform
terraform init
terraform validate
terraform apply -auto-approve -var-file=./testcases/${{ matrix.testcases }}.tfvars -var=aws_region=${{ steps.setRegion.outputs.region }}
- name: Validate trace data
if: steps.terraformSendData.outcome == 'success'
run: |
echo "trace-id: ${{ env.TRACE_ID }}"
echo "sleeping for 60 seconds"
for i in {1..60}; do echo 'Sleeping...'$i && sleep 1; done
var=$(aws xray batch-get-traces --trace-ids ${{ env.TRACE_ID }} --region ${{ steps.setRegion.outputs.region }} | jq -r '.Traces[0].Id')
if [[ $var == ${{ env.TRACE_ID }} ]]; then
echo "Found matching trace."
else
echo "Trace not found"
exit 1
fi
- name: Terraform destroy
if: always()
run: |
cd testing/terraform
terraform destroy -auto-approve -var=aws_region=${{ steps.setRegion.outputs.region }}