chore: Move nightly config and add signign #860
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Continuous Integration | |
on: | |
push: | |
branches: [main] | |
pull_request: | |
branches: [main] | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
cancel-in-progress: true | |
env: | |
TEST_CLUSTER_NAME: ci-e2etest | |
jobs: | |
build: | |
name: Validate distributions build, third party libraries and security | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # required for tag metadata | |
- name: Setup Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: '1.23' | |
check-latest: true | |
- name: Verify build | |
run: make ci | |
- name: Validate distributions third party libraries | |
run: make licenses-check | |
- uses: docker/setup-qemu-action@v2 | |
- uses: docker/setup-buildx-action@v2 | |
- name: Build binaries & packages with GoReleaser | |
uses: goreleaser/goreleaser-action@v6 | |
with: | |
distribution: goreleaser | |
version: '~> v2' | |
args: --snapshot --clean --skip=sign --timeout 2h | |
- name: Extract image version | |
run: echo "version=$(jq -r '.version' dist/metadata.json)" >> $GITHUB_ENV | |
- name: Setup local kind cluster | |
uses: helm/kind-action@v1 | |
with: | |
version: v0.21.0 | |
cluster_name: ${{ env.TEST_CLUSTER_NAME }} | |
wait: 60s | |
- name: Run local e2e tests | |
run: | | |
IMAGE_TAG=${{ env.version }}-rc-amd64 \ | |
KIND_CLUSTER_NAME=${{ env.TEST_CLUSTER_NAME }} \ | |
make -f ./test/e2e/Makefile ci_test-fast | |
- name: Trivy security check | |
uses: aquasecurity/[email protected] | |
with: | |
image-ref: "newrelic/nr-otel-collector:${{ env.version }}-rc-amd64" | |
format: 'table' | |
exit-code: '1' | |
ignore-unfixed: true | |
vuln-type: 'os,library' | |
severity: "HIGH,CRITICAL" | |
env: | |
# dbs are downloaded async in download_trivy_db.yml | |
TRIVY_SKIP_DB_UPDATE: true | |
TRIVY_SKIP_JAVA_DB_UPDATE: true | |
terraform: | |
uses: ./.github/workflows/component_terraform.yml | |
if: github.event.pull_request.user.login != 'dependabot[bot]' | |
with: | |
branch: ${{ github.ref }} | |
tf_work_subdir: permanent | |
execute_plan: true | |
# apply only after merge to main | |
execute_apply: ${{ github.ref_name == 'main' && github.event_name == 'push' }} | |
secrets: | |
aws_access_key_id: ${{ secrets.OTELCOMM_AWS_TEST_ACC_ACCESS_KEY_ID }} | |
aws_secret_access_key: ${{secrets.OTELCOMM_AWS_TEST_ACC_SECRET_ACCESS_KEY}} | |
aws_account_id: ${{ secrets.OTELCOMM_AWS_TEST_ACC_ACCOUNT_ID }} | |
nr_backend_url: ${{secrets.NR_STAGING_BACKEND_URL}} | |
nr_ingest_key: ${{ secrets.OTELCOMM_NR_INGEST_KEY }} |