v2.13.12 #109
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| release: | |
| types: [prereleased, released] | |
| jobs: | |
| build: | |
| name: Build integration for | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| goos: [ linux ] | |
| goarch: [ amd64, arm64, arm ] | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - uses: actions/setup-go@v2 | |
| with: | |
| go-version: '1.19' | |
| - name: Build integration | |
| env: | |
| GOOS: ${{ matrix.goos }} | |
| GOARCH: ${{ matrix.goarch }} | |
| TAG: ${{ github.event.release.tag_name }} # Will be picked up by make and used as version | |
| run: | | |
| make compile | |
| - name: Upload artifact for docker build step | |
| uses: actions/upload-artifact@v2 | |
| with: | |
| retention-days: 1 | |
| name: nri-kubernetes-${{ matrix.goos }}-${{ matrix.goarch }} | |
| path: bin/nri-kubernetes-${{ matrix.goos }}-${{ matrix.goarch }} | |
| release: | |
| name: Release docker images and config | |
| needs: [ build ] | |
| runs-on: ubuntu-latest | |
| env: | |
| DOCKER_IMAGE_NAME: newrelic/infrastructure-k8s | |
| DOCKER_PLATFORMS: "linux/amd64,linux/arm64,linux/arm" # Must be consistent with the matrix from the job above | |
| steps: | |
| - name: Generate docker image version from git tag | |
| run: | | |
| echo "${{ github.event.release.tag_name }}" | grep -E '^v[0-9.]*[0-9]$' | |
| DOCKER_IMAGE_TAG=$(echo "${{ github.event.release.tag_name }}" | sed 's/^v//') | |
| echo "DOCKER_IMAGE_TAG=$DOCKER_IMAGE_TAG" >> $GITHUB_ENV | |
| - if: ${{ github.event.release.prerelease }} | |
| run: | | |
| echo "DOCKER_IMAGE_TAG=${DOCKER_IMAGE_TAG}-pre" >> $GITHUB_ENV | |
| - uses: actions/checkout@v2 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v1 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v1 | |
| - name: Download all artifacts from build job | |
| uses: actions/download-artifact@v2 | |
| with: | |
| path: bin | |
| - uses: docker/login-action@v1 | |
| with: | |
| username: ${{ secrets.FSI_DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.FSI_DOCKERHUB_TOKEN }} | |
| - name: Build docker images | |
| run: | | |
| docker buildx build --platform=$DOCKER_PLATFORMS \ | |
| -t $DOCKER_IMAGE_NAME:$DOCKER_IMAGE_TAG \ | |
| . | |
| docker buildx build --platform=$DOCKER_PLATFORMS \ | |
| --build-arg 'MODE=unprivileged' \ | |
| -t $DOCKER_IMAGE_NAME:$DOCKER_IMAGE_TAG-unprivileged \ | |
| . | |
| - name: Build and load x64 image for security scanning | |
| # We need to build a single-arch image again to be able to --load it into the host | |
| run: | | |
| docker buildx build --load --platform=linux/amd64 \ | |
| -t $DOCKER_IMAGE_NAME:ci-scan \ | |
| . | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/[email protected] | |
| with: | |
| image-ref: '${{ env.DOCKER_IMAGE_NAME }}:ci-scan' | |
| format: 'table' | |
| exit-code: '0' | |
| ignore-unfixed: true | |
| severity: 'CRITICAL,HIGH' | |
| - name: Push versioned images | |
| run: | | |
| docker buildx build --push --platform=$DOCKER_PLATFORMS \ | |
| -t $DOCKER_IMAGE_NAME:$DOCKER_IMAGE_TAG \ | |
| . | |
| docker buildx build --push --platform=$DOCKER_PLATFORMS \ | |
| --build-arg 'MODE=unprivileged' \ | |
| -t $DOCKER_IMAGE_NAME:$DOCKER_IMAGE_TAG-unprivileged \ | |
| . | |
| - name: Push :latest images | |
| if: ${{ ! github.event.release.prerelease }} | |
| run: | | |
| docker buildx build --push --platform=$DOCKER_PLATFORMS \ | |
| -t $DOCKER_IMAGE_NAME:latest \ | |
| . | |
| docker buildx build --push --platform=$DOCKER_PLATFORMS \ | |
| --build-arg 'MODE=unprivileged' \ | |
| -t $DOCKER_IMAGE_NAME:latest-unprivileged \ | |
| . |