Merge pull request #73 from newrelic/cciutea/pipeline

ci pipeline
newrelic · Sep 13, 2021 · 6f7ddc4 · 6f7ddc4
2 parents b20cd18 + 1b17a26
commit 6f7ddc4
Show file tree

Hide file tree

Showing 31 changed files with 624 additions and 196 deletions.
diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml
@@ -0,0 +1,113 @@
+name: Prerelease pipeline
+
+on:
+  release:
+    types:
+      - prereleased
+    tags:
+      - '*'
+
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  GPG_MAIL: '[email protected]'
+  GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }}
+  GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded
+  PFX_CERTIFICATE_BASE64: ${{ secrets.OHAI_PFX_CERTIFICATE_BASE64 }} # base64 encoded
+  PFX_CERTIFICATE_DESCRIPTION: 'New Relic'
+  PFX_PASSPHRASE: ${{ secrets.OHAI_PFX_PASSPHRASE }}
+  TAG:  ${{ github.event.release.tag_name }}
+  DOCKER_HUB_ID: ${{ secrets.OHAI_DOCKER_HUB_ID }}
+  DOCKER_HUB_PASSWORD: ${{ secrets.OHAI_DOCKER_HUB_PASSWORD }}
+  SCHEMA_BRANCH: ${{ github.event.release.tag_name }}
+  AWS_S3_BUCKET_NAME: "nr-downloads-ohai-staging"
+  AWS_S3_LOCK_BUCKET_NAME: "onhost-ci-lock-staging"
+  AWS_REGION: "us-east-1"
+
+jobs:
+  test:
+    name: Test
+    runs-on: ubuntu-20.04
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Running unit tests
+        run: make ci/test
+
+  packaging:
+    name: Build and upload artifacts into GH Release assets
+    runs-on: ubuntu-20.04
+    needs: [test]
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ env.DOCKER_HUB_ID }}
+          password: ${{ env.DOCKER_HUB_PASSWORD }}
+
+      - name: Releasing packages
+        run: make ci/release
+
+  packaging-msi:
+    name: Build and upload MSI packages into GH Release assets
+    runs-on: windows-latest
+    needs: [ packaging ]
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Get PFX certificate from GH secrets
+        shell: bash
+        run: printf "%s" "$PFX_CERTIFICATE_BASE64" | base64 -d - > wincert.pfx
+
+      - name: Import PFX certificate
+        shell: pwsh
+        run: build\windows\import_certificates.ps1 -pfx_passphrase "$env:PFX_PASSPHRASE" -pfx_certificate_description "$env:PFX_CERTIFICATE_DESCRIPTION"
+
+      - name: Build MSI amd64
+        shell: pwsh
+        run: build\windows\package_msi.ps1 -arch amd64 -tag ${{env.TAG}}
+
+      - name: Upload MSI to GH
+        shell: bash
+        run: build/upload_artifacts_gh.sh
+
+  publishing-to-s3:
+    name: Publish linux artifacts into s3 staging bucket
+    runs-on: ubuntu-20.04
+    needs: [packaging, packaging-msi]
+
+    steps:
+      - name: Login to DockerHub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ env.DOCKER_HUB_ID }}
+          password: ${{ env.DOCKER_HUB_PASSWORD }}
+      - name: Publish all to S3 action
+        uses: newrelic/[email protected]
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.OHAI_AWS_ACCESS_KEY_ID_STAGING }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.OHAI_AWS_SECRET_ACCESS_KEY_STAGING }}
+          AWS_ROLE_ARN: ${{ secrets.OHAI_AWS_ROLE_ARN_STAGING }}
+          AWS_ROLE_SESSION_NAME: ${{ secrets.OHAI_AWS_ROLE_SESSION_NAME_STAGING }}
+        with:
+          tag: ${{env.TAG}}
+          app_name: "nrjmx"
+          repo_name: "newrelic/nrjmx"
+          schema: "nrjmx"
+          aws_access_key_id: ${{ env.AWS_ACCESS_KEY_ID }}
+          aws_secret_access_key: ${{ env.AWS_SECRET_ACCESS_KEY }}
+          aws_s3_bucket_name: ${{ env.AWS_S3_BUCKET_NAME }}
+          aws_s3_lock_bucket_name: ${{ env.AWS_S3_LOCK_BUCKET_NAME }}
+          access_point_host: "staging"
+          run_id: ${{ github.run_id }}
+          aws_region: ${{ env.AWS_REGION }}
+          aws_role_session_name: ${{ env.AWS_ROLE_SESSION_NAME }}
+          aws_role_arn: ${{ env.AWS_ROLE_ARN }}
+          # used for signing package stuff
+          gpg_passphrase: ${{ env.GPG_PASSPHRASE }}
+          gpg_private_key_base64: ${{ env.GPG_PRIVATE_KEY_BASE64 }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,59 @@
+name: Release pipeline
+
+on:
+  release:
+    types:
+      - released
+    tags:
+      - 'v*'
+
+env:
+  GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }}
+  GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }}
+  TAG: ${{ github.event.release.tag_name }}
+  DOCKER_HUB_ID: ${{ secrets.OHAI_DOCKER_HUB_ID }}
+  DOCKER_HUB_PASSWORD: ${{ secrets.OHAI_DOCKER_HUB_PASSWORD }}
+  SCHEMA_BRANCH: ${{ github.event.release.tag_name }}
+  AWS_S3_BUCKET_NAME: "nr-downloads-main"
+  AWS_S3_LOCK_BUCKET_NAME: "onhost-ci-lock"
+  AWS_REGION: "us-east-1"
+  AWS_ACCESS_KEY_ID: ${{ secrets.OHAI_AWS_ACCESS_KEY_ID_PRODUCTION }}
+  AWS_SECRET_ACCESS_KEY: ${{ secrets.OHAI_AWS_SECRET_ACCESS_KEY_PRODUCTION }}
+  AWS_ROLE_ARN: ${{ secrets.OHAI_AWS_ROLE_ARN_PRODUCTION }}
+  AWS_ROLE_SESSION_NAME: ${{ secrets.OHAI_AWS_ROLE_SESSION_NAME_PRODUCTION }}
+
+jobs:
+  publishing-to-s3:
+    name: Publish linux artifacts into s3 production bucket
+    runs-on: ubuntu-20.04
+
+    steps:
+      - name: Login to DockerHub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ env.DOCKER_HUB_ID }}
+          password: ${{ env.DOCKER_HUB_PASSWORD }}
+      - name: Publish all to S3 action
+        uses: newrelic/[email protected]
+        env:
+          AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }}
+          AWS_ROLE_ARN: ${{ env.AWS_ROLE_ARN }}
+          AWS_ROLE_SESSION_NAME: ${{ env.AWS_ROLE_SESSION_NAME }}
+        with:
+          tag: ${{env.TAG}}
+          app_name: "nrjmx"
+          repo_name: "newrelic/nrjmx"
+          schema: "nrjmx"
+          aws_access_key_id: ${{ env.AWS_ACCESS_KEY_ID }}
+          aws_secret_access_key: ${{ env.AWS_SECRET_ACCESS_KEY }}
+          aws_s3_bucket_name: ${{ env.AWS_S3_BUCKET_NAME }}
+          aws_s3_lock_bucket_name: ${{ env.AWS_S3_LOCK_BUCKET_NAME }}
+          access_point_host: "production"
+          run_id: ${{ github.run_id }}
+          aws_region: ${{ env.AWS_REGION }}
+          aws_role_session_name: ${{ env.AWS_ROLE_SESSION_NAME }}
+          aws_role_arn: ${{ env.AWS_ROLE_ARN }}
+          # used for signing package stuff
+          gpg_passphrase: ${{ env.GPG_PASSPHRASE }}
+          gpg_private_key_base64: ${{ env.GPG_PRIVATE_KEY_BASE64 }}
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -0,0 +1,44 @@
+---
+name: Testing
+
+env:
+  DOCKER_HUB_ID: ${{ secrets.OHAI_DOCKER_HUB_ID }}
+  DOCKER_HUB_PASSWORD: ${{ secrets.OHAI_DOCKER_HUB_PASSWORD }}
+
+on:
+  push:
+    branches:
+      - '**'
+    tags-ignore:
+      - '**'
+    paths-ignore:
+      - README.md
+jobs:
+  unit-test-linux:
+    name: Linux unit tests
+    runs-on: ubuntu-20.04
+
+    steps:
+      - uses: actions/checkout@v2
+      - name: Login to DockerHub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ env.DOCKER_HUB_ID }}
+          password: ${{ env.DOCKER_HUB_PASSWORD }}
+
+      - name: Running unit tests
+        run: make ci/test
+
+  test-build:
+    name: Test jar compilation
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@v2
+      - name: Login to DockerHub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ env.DOCKER_HUB_ID }}
+          password: ${{ env.DOCKER_HUB_PASSWORD }}
+      - name: Build noarch
+        run: make ci/build
+
diff --git a/Makefile b/Makefile
@@ -0,0 +1,11 @@
+PROJECT_WORKSPACE	?= $(CURDIR)
+INCLUDE_BUILD_DIR	?= $(PROJECT_WORKSPACE)/build
+
+DOCKER_BIN 		?= docker
+MAVEN_BIN       ?= mvn
+
+TAG				?= v0.0.0
+
+include $(INCLUDE_BUILD_DIR)/build.mk
+include $(INCLUDE_BUILD_DIR)/ci.mk
+include $(INCLUDE_BUILD_DIR)/release.mk
diff --git a/bin/jmxterm b/bin/jmxterm
diff --git a/bin/jmxterm.bat b/bin/jmxterm.bat
diff --git a/build/Dockerfile b/build/Dockerfile
@@ -0,0 +1,16 @@
+FROM maven:3.6-jdk-8
+
+ARG GH_VERSION='1.1.0'
+
+RUN apt-get update && \
+    apt-get install -y \
+    make \
+    rpm \
+    gnupg2 \
+    gpg-agent \
+    debsigs \
+    unzip \
+    zip
+
+RUN curl -L https://github.com/cli/cli/releases/download/v${GH_VERSION}/gh_${GH_VERSION}_linux_amd64.deb -o gh_${GH_VERSION}_linux_amd64.deb
+RUN dpkg -i gh_${GH_VERSION}_linux_amd64.deb
diff --git a/assembly.xml → build/assembly/targz.xml b/assembly.xml → build/assembly/targz.xml
@@ -1,7 +1,7 @@
 <assembly xmlns="http://maven.apache.org/ASSEMBLY/2.0.0"
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
           xsi:schemaLocation="http://maven.apache.org/ASSEMBLY/2.0.0 http://maven.apache.org/xsd/assembly-2.0.0.xsd">
-    <id>bin</id>
+    <id>targz</id>
     <formats>
         <format>tar.gz</format>
     </formats>
@@ -22,19 +22,12 @@
                 <include>bin/${project.artifactId}</include>
             </includes>
         </fileSet>
-        <fileSet>
-            <directory>${project.basedir}</directory>
-            <outputDirectory>/usr/</outputDirectory>
-            <includes>
-                <include>bin/${project.artifactId}.jar</include>
-            </includes>
-        </fileSet>
-        <fileSet>
-            <directory>${project.basedir}</directory>
-            <outputDirectory>/usr/</outputDirectory>
-            <includes>
-                <include>bin/jmxterm.jar</include>
-            </includes>
-        </fileSet>
     </fileSets>
+    <files>
+        <file>
+            <source>target/${project.artifactId}_${project.version}_noarch.jar</source>
+            <outputDirectory>usr/lib/nrjmx/</outputDirectory>
+            <destName>nrjmx.jar</destName>
+        </file>
+    </files>
 </assembly>
diff --git a/build/assembly/zip.xml b/build/assembly/zip.xml
@@ -0,0 +1,27 @@
+<assembly xmlns="http://maven.apache.org/ASSEMBLY/2.0.0"
+          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+          xsi:schemaLocation="http://maven.apache.org/ASSEMBLY/2.0.0 http://maven.apache.org/xsd/assembly-2.0.0.xsd">
+    <id>zip</id>
+    <formats>
+        <format>zip</format>
+    </formats>
+    <includeBaseDirectory>false</includeBaseDirectory>
+    <fileSets>
+        <fileSet>
+            <directory>${project.basedir}</directory>
+            <outputDirectory>Program Files/New Relic/nrjmx</outputDirectory>
+            <includes>
+                <include>README*</include>
+                <include>LICENSE*</include>
+                <include>bin/${project.artifactId}.bat</include>
+            </includes>
+        </fileSet>
+    </fileSets>
+    <files>
+        <file>
+            <source>target/${project.artifactId}_${project.version}_noarch.jar</source>
+            <outputDirectory>Program Files/New Relic/nrjmx/bin/</outputDirectory>
+            <destName>nrjmx.jar</destName>
+        </file>
+    </files>
+</assembly>
diff --git a/build/build.mk b/build/build.mk
@@ -0,0 +1,8 @@
+.PHONY : build
+build:
+	@($(MAVEN_BIN) clean package -DskipTests -P \!deb,\!rpm,\!tarball,\!test)
+
+.PHONY : test
+test:
+	@($(MAVEN_BIN) clean test -P test)
+
diff --git a/build/ci.mk b/build/ci.mk
@@ -0,0 +1,34 @@
+DOCKER_CMD 		?= $(DOCKER_BIN) run --rm -t \
+					--name "nrjmx-builder" \
+					-v $(HOME)/.docker/:/root/.docker/ \
+					-v /var/run/docker.sock:/var/run/docker.sock \
+					-v $(CURDIR):/src/nrjmx \
+					-w /src/nrjmx \
+					-e GITHUB_TOKEN \
+					-e TAG \
+					-e GPG_MAIL \
+					-e GPG_PASSPHRASE \
+					-e GPG_PRIVATE_KEY_BASE64 \
+					nrjmx_builder
+
+.PHONY : deps
+deps:
+	@docker build -t nrjmx_builder ./build/.
+
+.PHONY : ci/build
+ci/build: deps
+	@($(DOCKER_CMD) make build)
+
+.PHONY : ci/package
+ci/package: deps
+	@($(DOCKER_CMD) make package)
+
+.PHONY : ci/test
+ci/test: deps
+	@($(DOCKER_CMD) make test)
+
+.PHONY : ci/release
+ci/release: deps
+	@($(DOCKER_CMD) make release)
+
+
diff --git a/build/release.mk b/build/release.mk
@@ -0,0 +1,16 @@
+.PHONY : package
+package:
+	@($(MAVEN_BIN) versions:set -DnewVersion=\$(subst v,,$(TAG)))
+	@($(MAVEN_BIN) clean package -DskipTests)
+
+.PHONY : sign
+release/sign:
+	@echo "=== [sign] signing packages"
+	@bash $(CURDIR)/build/sign.sh
+
+publish:
+	@echo "=== [release/publish] publishing artifacts"
+	@bash $(CURDIR)/build/upload_artifacts_gh.sh
+
+release: package sign publish
+	@echo "=== [release] full pre-release cycle complete for nix"