From eaf29cb5a85c2cfaa40991d3f5979ade149789ba Mon Sep 17 00:00:00 2001 From: Carlos Date: Fri, 23 Oct 2020 14:55:08 +0100 Subject: [PATCH] ci: Added test and package steps to Github Actions (#61) * doc: Added ISSUE_TEMPLATE content that was missing * ci: Release workflow * release: Bumped version of project to 1.6.0 --- .github/ISSUE_TEMPLATE/bug-report.md | 30 ++++++ .github/ISSUE_TEMPLATE/config.yml | 5 + .github/ISSUE_TEMPLATE/feature_request.md | 24 +++++ .github/workflows/build.yml | 15 --- .github/workflows/prerelease.yml | 112 ++++++++++++++++++++++ .github/workflows/push_pr.yml | 41 +++++--- .java-version | 1 - bin/nrjmx.bat | 2 +- build.gradle.kts | 44 ++++++--- gradle.properties | 2 +- pkg/windows/Product.wxs | 13 +-- pkg/windows/nrjmx-installer.wixproj | 9 +- script/sign.sh | 54 +++++++++++ script/upload_to_linux_release.sh | 32 +++++++ script/upload_to_release.sh | 16 ++++ src/deb/usr/bin/jmxterm | 2 +- src/deb/usr/bin/nrjmx | 2 +- src/rpm/usr/bin/jmxterm | 2 +- src/rpm/usr/bin/nrjmx | 2 +- win_build.ps1 | 9 +- 20 files changed, 355 insertions(+), 62 deletions(-) create mode 100644 .github/ISSUE_TEMPLATE/bug-report.md create mode 100644 .github/ISSUE_TEMPLATE/config.yml create mode 100644 .github/ISSUE_TEMPLATE/feature_request.md delete mode 100644 .github/workflows/build.yml create mode 100644 .github/workflows/prerelease.yml delete mode 100644 .java-version create mode 100755 script/sign.sh create mode 100755 script/upload_to_linux_release.sh create mode 100755 script/upload_to_release.sh diff --git a/.github/ISSUE_TEMPLATE/bug-report.md b/.github/ISSUE_TEMPLATE/bug-report.md new file mode 100644 index 00000000..06001c9c --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug-report.md @@ -0,0 +1,30 @@ +--- +name: "Bug report \U0001F41B" +about: Create a report to help us improve +title: '' +labels: bug +assignees: '' +--- + +[NOTE]: # ( ^^ Provide a general summary of the issue in the title above. ^^ ) + +## Description +[NOTE]: # ( Describe the problem you're encountering. ) +[TIP]: # ( Do NOT share sensitive information, whether personal, proprietary, or otherwise! ) + +## Expected Behavior +[NOTE]: # ( Tell us what you expected to happen. ) + +## [NR Diag](https://docs.newrelic.com/docs/using-new-relic/cross-product-functions/troubleshooting/new-relic-diagnostics) results +[NOTE]: # ( Provide any other relevant log data. ) +[TIP]: # ( Scrub logs and diagnostic information for sensitive information ) + +## Steps to Reproduce +[NOTE]: # ( Please be as specific as possible. ) +[TIP]: # ( Link a sample application that demonstrates the issue. ) + +## Your Environment +[TIP]: # ( Include as many relevant details about your environment as possible including the running version of New Relic software and any relevant configurations. ) + +## Additional context +[TIP]: # ( Add any other context about the problem here. For example, relevant community posts or support tickets. ) diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 00000000..5df7e2fd --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,5 @@ +blank_issues_enabled: false +contact_links: + - name: Troubleshooting + url: https://github.com/newrelic/nri-redis/blob/master/README.md#support + about: Check out the README for troubleshooting directions diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 00000000..57447999 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,24 @@ +--- +name: Feature request +about: Suggest an idea for this project +title: '' +labels: '' +assignees: '' +priority: '' +--- + +## Is your feature request related to a problem? Please describe. +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + +## Feature Description +A clear and concise description of the feature you want or need. + +## Describe Alternatives +A clear and concise description of any alternative solutions or features you've considered. Are there examples you could link us to? + +## Additional context +Add any other context here. + +## Priority +Please help us better understand this feature request by choosing a priority from the following options: +[Nice to Have, Really Want, Must Have, Blocker] diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml deleted file mode 100644 index efaf76ed..00000000 --- a/.github/workflows/build.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -name: Java CI -on: [ push ] -jobs: - build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: Set up JDK 11 - uses: actions/setup-java@v1 - with: - java-version: '11' - java-package: jdk - - name: Build with Gradle - run: ./gradlew build -i -s \ No newline at end of file diff --git a/.github/workflows/prerelease.yml b/.github/workflows/prerelease.yml new file mode 100644 index 00000000..e6e0d579 --- /dev/null +++ b/.github/workflows/prerelease.yml @@ -0,0 +1,112 @@ +--- +name: Prerelease pipeline + +on: + release: + types: + - prereleased + tags: + - 'v*' + +env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GPG_MAIL: 'infrastructure-eng@newrelic.com' # info@newrelic.com + GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} + GPG_PRIVATE_KEY_BASE64: ${{ secrets.GPG_PRIVATE_KEY_BASE64 }} # base64 encoded + PFX_CERTIFICATE_BASE64: ${{ secrets.PFX_CERTIFICATE_BASE64 }} # base64 encoded + PFX_PASSPHRASE: ${{ secrets.PFX_PASSPHRASE }} + SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + TAG: ${{ github.event.release.tag_name }} + +jobs: + + test: + name: Run tests + runs-on: ubuntu-18.04 + steps: + - name: Checkout code + uses: actions/checkout@v2 + - name: Restore gradle cache + uses: actions/cache@v2 + with: + path: | + ~/.gradle/caches + ~/.gradle/wrapper + key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*') }} + restore-keys: | + ${{ runner.os }}-gradle- + - name: Set up JDK 11 + uses: actions/setup-java@v1 + with: + java-version: '11' + java-package: jdk + - name: Build with Gradle + run: ./gradlew build --info --stacktrace + + package-linux: + name: Run Linux package task + runs-on: ubuntu-18.04 + needs: test + steps: + - name: Checkout code + uses: actions/checkout@v2 + - name: Restore gradle cache + uses: actions/cache@v2 + with: + path: | + ~/.gradle/caches + ~/.gradle/wrapper + key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*') }} + restore-keys: | + ${{ runner.os }}-gradle- + - name: Set up JDK 11 + uses: actions/setup-java@v1 + with: + java-version: '11' + java-package: jdk + - name: Package with Gradle + run: ./gradlew package --warn --stacktrace + - name: Install debsigs + run: sudo apt-get install -y debsigs + - name: Sign packages + run: ./script/sign.sh + - name: Upload release asset to GitHub Release + run: script/upload_to_linux_release.sh ./build/distributions/nrjmx ${{ env.TAG }} + + package-windows: + name: Run Windows package task + runs-on: windows-2019 + strategy: + matrix: + arch: [ amd64 ] + needs: test + steps: + - name: Checkout code + uses: actions/checkout@v2 + - name: Restore gradle cache + uses: actions/cache@v2 + with: + path: | + ~/.gradle/caches + ~/.gradle/wrapper + key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*') }} + restore-keys: | + ${{ runner.os }}-gradle- + - name: Set up JDK 11 + uses: actions/setup-java@v1 + with: + java-version: '11' + java-package: jdk + - name: Build jlink code + run: ./gradlew jlink --info --stacktrace + - name: Get PFX certificate from GH secrets + run: '[IO.File]::WriteAllBytes("wincert.pfx", [Convert]::FromBase64String($env:PFX_CERTIFICATE_BASE64))' + - name: Install cert + run: Import-PfxCertificate -FilePath wincert.pfx -Password (ConvertTo-SecureString -String $env:PFX_PASSPHRASE -AsPlainText -Force) -CertStoreLocation Cert:\CurrentUser\My + - name: Create MSI + run: ./win_build.ps1 -arch ${{ matrix.arch }} -version ${{ env.TAG }} + - name: Upload release asset to GitHub Release + shell: bash + run: script/upload_to_release.sh ./target/msi/Release/nrjmx-${{ matrix.arch }} ${{ env.TAG }} diff --git a/.github/workflows/push_pr.yml b/.github/workflows/push_pr.yml index 74aff5c7..844934d1 100644 --- a/.github/workflows/push_pr.yml +++ b/.github/workflows/push_pr.yml @@ -1,17 +1,36 @@ --- -name: Java CI - PR +name: Push/PR pipeline -on: [ pull_request ] +on: + push: + branches: + - '**' + tags-ignore: + - '**' env: + GPG_MAIL: 'infrastructure-eng@newrelic.com' # info@newrelic.com + GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} + GPG_PRIVATE_KEY_BASE64: ${{ secrets.GPG_PRIVATE_KEY_BASE64 }} # base64 encoded SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} jobs: test: - runs-on: ubuntu-20.04 + name: Run tests + runs-on: ubuntu-18.04 steps: - - uses: actions/checkout@v2 + - name: Checkout code + uses: actions/checkout@v2 + - name: Restore gradle cache + uses: actions/cache@v2 + with: + path: | + ~/.gradle/caches + ~/.gradle/wrapper + key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*') }} + restore-keys: | + ${{ runner.os }}-gradle- - name: Set up JDK 11 uses: actions/setup-java@v1 with: @@ -21,17 +40,17 @@ jobs: run: ./gradlew build --info --stacktrace - name: Package with Gradle run: ./gradlew package --warn --stacktrace - - name: Push bin to GH workflow artifacts cache - uses: actions/upload-artifact@v2 - with: - name: dist-linux - path: build/distributions + - name: Install debsigs + run: sudo apt-get install -y debsigs + - name: Sign packages + run: ./script/sign.sh snyk: name: Run security checks via snyk - runs-on: ubuntu-20.04 + runs-on: ubuntu-18.04 steps: - - uses: actions/checkout@v2 + - name: Checkout code + uses: actions/checkout@v2 - name: Run Snyk to check for vulnerabilities uses: snyk/actions/gradle-jdk11@master env: diff --git a/.java-version b/.java-version deleted file mode 100644 index 62593409..00000000 --- a/.java-version +++ /dev/null @@ -1 +0,0 @@ -1.8 diff --git a/bin/nrjmx.bat b/bin/nrjmx.bat index b00a5014..923dac65 100644 --- a/bin/nrjmx.bat +++ b/bin/nrjmx.bat @@ -1,2 +1,2 @@ @echo off -java -jar "C:\Program Files\New Relic\nrjmx\nrjmx.jar" %* +"%~dp0/bin/nrjmx.bat" diff --git a/build.gradle.kts b/build.gradle.kts index d46a0aff..a7d28f36 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -124,21 +124,34 @@ tasks.register("jlinkDistZip") { tasks.register("jlinkDistTar") { dependsOn(tasks.jlink, "downloadJmxTerm", "jmxtermScripts") destinationDirectory.set(file("${buildDir}/distributions")) - archiveFileName.set("${project.name}-${project.version}-jlink.tar.bz2") - compression = Compression.BZIP2 + archiveFileName.set("${project.name}-${project.version}-jlink.tar.gz") + compression = Compression.GZIP - into("${project.name}-${project.version}") + from("LICENSE") { + into("usr/share/doc/nrjmx") + } - from("LICENSE") - from("README.md") - from("${buildDir}/image") + from("README.md") { + into("usr/share/doc/nrjmx") + } + + from("${buildDir}/image") { + into("usr/lib/nrjmx") + } from("${buildDir}/jmxterm/lib") { include("jmxterm-uber.jar") - into("lib") + into("usr/lib/nrjmx/lib") } + from("${buildDir}/jmxterm/bin") { - into("bin") + into("usr/lib/nrjmx/bin") + fileMode = 0x1ED + } + + from("src/rpm/usr/bin") { + into("usr/bin") + include("**") fileMode = 0x1ED } } @@ -146,6 +159,13 @@ tasks.register("jlinkDistTar") { tasks.buildDeb { dependsOn(tasks.jlink, "downloadJmxTerm", "jmxtermScripts") + setRelease("1") + setArch("amd64") + setOs(LINUX) + setVendor("New Relic Infrastructure Team ") + setPackageGroup("Application/System") + setLicense("Apache 2.0") + from("${buildDir}/jmxterm") { include("lib/jmxterm-uber.jar") into("/usr/lib/${project.name}") @@ -168,6 +188,8 @@ tasks.buildDeb { } tasks.buildRpm { + dependsOn(tasks.jlink, "downloadJmxTerm", "jmxtermScripts") + setRelease("1") setArch(X86_64) setOs(LINUX) @@ -175,8 +197,6 @@ tasks.buildRpm { setPackageGroup("Application/System") setLicense("Apache 2.0") - dependsOn(tasks.jlink, "downloadJmxTerm", "jmxtermScripts") - from("${buildDir}/jmxterm") { include("lib/jmxterm-uber.jar") into("/usr/lib/${project.name}") @@ -210,8 +230,8 @@ tasks.distZip { tasks.distTar { dependsOn("downloadJmxTerm", "jmxtermScripts") - archiveExtension.set("tar.bz2") - compression = Compression.BZIP2 + archiveExtension.set("tar.gz") + compression = Compression.GZIP from("${buildDir}/jmxterm") { include("**") diff --git a/gradle.properties b/gradle.properties index 42e4999b..c48ec148 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,4 +1,4 @@ group=nrjmx -version=1.6.0-SNAPSHOT +version=1.6.0 description=The New Relic JMX tool provides a command line tool to connect to a JMX server and retrieve the MBeans it exposes jmxTermVersion=1.0.2 diff --git a/pkg/windows/Product.wxs b/pkg/windows/Product.wxs index e3b7563a..6954dcd3 100755 --- a/pkg/windows/Product.wxs +++ b/pkg/windows/Product.wxs @@ -23,8 +23,8 @@ - + @@ -32,8 +32,7 @@ - - + @@ -48,14 +47,6 @@ - - - - - $(MSBuildExtensionsPath)\Microsoft\WiX\v3.x\Wix.targets newrelic-nrjmx-installer false + HarvestPath=..\..\build\image ..\..\target\msi\$(Configuration)\ obj\$(Configuration)\ - Debug;ProjectRootPath=..\..\..\;JarPath=..\..\target\ + Debug;ProjectRootPath=..\..\..\;BuildDir=..\..\build\image;BinPath=..\..\bin\ True False -arch x64 @@ -25,13 +26,17 @@ ..\..\target\msi\$(Configuration)\ obj\$(Configuration)\ - Debug;ProjectRootPath=..\..\..\;JarPath=..\..\target\;BinPath=..\..\bin\ + Debug;ProjectRootPath=..\..\..\;BuildDir=..\..\build\image;BinPath=..\..\bin\ -arch x64 + + + + diff --git a/script/sign.sh b/script/sign.sh new file mode 100755 index 00000000..af70eda6 --- /dev/null +++ b/script/sign.sh @@ -0,0 +1,54 @@ +#!/usr/bin/env sh +set -e + +# +# +# +# Setup GPG key for GH Release Assets +# +# +# + + +echo "===> Making sure we can connect to gpg-agent" +export GPG_TTY=$(tty) + +echo "===> Create .rpmmacros to sign rpm's from Goreleaser" +echo "%_gpg_name ${GPG_MAIL}" >> ~/.rpmmacros +echo "%_signature gpg" >> ~/.rpmmacros +echo "%_gpg_path ${HOME}/.gnupg" >> ~/.rpmmacros +echo "%_gpgbin /usr/bin/gpg" >> ~/.rpmmacros +echo "%__gpg_sign_cmd %{__gpg} gpg --no-verbose --no-armor --batch --pinentry-mode loopback --passphrase ${GPG_PASSPHRASE} --no-secmem-warning -u "%{_gpg_name}" -sbo %{__signature_filename} %{__plaintext_filename}" >> ~/.rpmmacros + +echo "===> Importing GPG private key from GHA secrets..." +printf %s ${GPG_PRIVATE_KEY_BASE64} | base64 -d | gpg --batch --import - + +echo "===> Importing GPG signature" +gpg --export -a ${GPG_MAIL} > /tmp/RPM-GPG-KEY-${GPG_MAIL} +rpm --import /tmp/RPM-GPG-KEY-${GPG_MAIL} + + +echo "===> Move to build distributions dir" +cd build/distributions + +# Sign RPM's +for rpm_file in $(find -regex ".*\.\(rpm\)");do + echo "===> Signing $rpm_file" + rpm --addsign $rpm_file + echo "===> Sign verification $rpm_file" + rpm -v --checksig $rpm_file +done + +# Sign DEB's +GNUPGHOME="${HOME}/.gnupg" +echo "${GPG_PASSPHRASE}" > "${GNUPGHOME}/gpg-passphrase" +echo "passphrase-file ${GNUPGHOME}/gpg-passphrase" >> "$GNUPGHOME/gpg.conf" +echo 'allow-loopback-pinentry' >> "${GNUPGHOME}/gpg-agent.conf" +echo 'pinentry-mode loopback' >> "${GNUPGHOME}/gpg.conf" +echo 'use-agent' >> "${GNUPGHOME}/gpg.conf" +echo RELOADAGENT | gpg-connect-agent + +for deb_file in $(find -regex ".*\.\(deb\)");do + echo "===> Signing $deb_file" + debsigs --sign=origin --verify --check -v -k ${GPG_MAIL} $deb_file +done diff --git a/script/upload_to_linux_release.sh b/script/upload_to_linux_release.sh new file mode 100755 index 00000000..af6586c9 --- /dev/null +++ b/script/upload_to_linux_release.sh @@ -0,0 +1,32 @@ +#!/usr/bin/env sh +set -e + +# +# +# +# Upload binary to release page +# +# +# + +INTEGRATION_PATH=$1 +TAG=$2 +SEMVER=`echo "${TAG}" | cut -c 2-` + +echo "===> Uploading ${INTEGRATION_PATH}_${SEMVER}-1_amd64.deb to ${TAG}" +hub release edit -a "${INTEGRATION_PATH}_${SEMVER}-1_amd64.deb" -m "${TAG}" "${TAG}" + +echo "===> Uploading ${INTEGRATION_PATH}-${SEMVER}-1.x86_64.rpm to ${TAG}" +hub release edit -a "${INTEGRATION_PATH}-${SEMVER}-1.x86_64.rpm" -m "${TAG}" "${TAG}" + +echo "===> Uploading ${INTEGRATION_PATH}-${SEMVER}-noarch.ja to ${TAG}" +hub release edit -a "${INTEGRATION_PATH}-${SEMVER}-noarch.jar" -m "${TAG}" "${TAG}" + +echo "===> Uploading ${INTEGRATION_PATH}-${SEMVER}-jlink.zip to ${TAG}" +hub release edit -a "${INTEGRATION_PATH}-${SEMVER}-jlink.zip" -m "${TAG}" "${TAG}" + +echo "===> Uploading ${INTEGRATION_PATH}-${SEMVER}.tar.gz to ${TAG}" +hub release edit -a "${INTEGRATION_PATH}-${SEMVER}.tar.gz" -m "${TAG}" "${TAG}" + +echo "===> Uploading ${INTEGRATION_PATH}-${SEMVER}-jlink.tar.gz to ${TAG}" +hub release edit -a "${INTEGRATION_PATH}-${SEMVER}-jlink.tar.gz" -m "${TAG}" "${TAG}" diff --git a/script/upload_to_release.sh b/script/upload_to_release.sh new file mode 100755 index 00000000..53cb44e4 --- /dev/null +++ b/script/upload_to_release.sh @@ -0,0 +1,16 @@ +#!/usr/bin/env sh +set -e + +# +# +# +# Upload binary to release page +# +# +# + +INTEGRATION=$1 +TAG=$2 +SEMVER=`echo "${TAG}" | cut -c 2-` + +hub release edit -a "${INTEGRATION}.${SEMVER}.msi" -m "${TAG}" "${TAG}" diff --git a/src/deb/usr/bin/jmxterm b/src/deb/usr/bin/jmxterm index 36394871..f396ae76 100755 --- a/src/deb/usr/bin/jmxterm +++ b/src/deb/usr/bin/jmxterm @@ -1,2 +1,2 @@ -#!/usr/bin/env bash +#!/usr/bin/env sh exec /usr/lib/nrjmx/bin/java -jar /usr/lib/nrjmx/lib/jmxterm-uber.jar \ No newline at end of file diff --git a/src/deb/usr/bin/nrjmx b/src/deb/usr/bin/nrjmx index ba7d40a6..45e75e23 100755 --- a/src/deb/usr/bin/nrjmx +++ b/src/deb/usr/bin/nrjmx @@ -1,2 +1,2 @@ -#!/usr/bin/env bash +#!/usr/bin/env sh exec /usr/lib/nrjmx/bin/$(basename $0) "$@" \ No newline at end of file diff --git a/src/rpm/usr/bin/jmxterm b/src/rpm/usr/bin/jmxterm index 36394871..f396ae76 100755 --- a/src/rpm/usr/bin/jmxterm +++ b/src/rpm/usr/bin/jmxterm @@ -1,2 +1,2 @@ -#!/usr/bin/env bash +#!/usr/bin/env sh exec /usr/lib/nrjmx/bin/java -jar /usr/lib/nrjmx/lib/jmxterm-uber.jar \ No newline at end of file diff --git a/src/rpm/usr/bin/nrjmx b/src/rpm/usr/bin/nrjmx index ba7d40a6..45e75e23 100755 --- a/src/rpm/usr/bin/nrjmx +++ b/src/rpm/usr/bin/nrjmx @@ -1,2 +1,2 @@ -#!/usr/bin/env bash +#!/usr/bin/env sh exec /usr/lib/nrjmx/bin/$(basename $0) "$@" \ No newline at end of file diff --git a/win_build.ps1 b/win_build.ps1 index ed9a75f6..bd9ec7dd 100644 --- a/win_build.ps1 +++ b/win_build.ps1 @@ -7,12 +7,13 @@ param ( [ValidateSet("amd64", "386")] [string]$arch="amd64", [string]$version="0.0.0" - # Creates a signed installer - #[switch]$installer=$false, - # Skip tests - #[switch]$skipTests=$false ) +If ($version.startswith("v")) + { + $version = $version.substring(1) + } + echo "Checking MSBuild.exe..." $msBuild = (Get-ItemProperty hklm:\software\Microsoft\MSBuild\ToolsVersions\4.0).MSBuildToolsPath if ($msBuild.Length -eq 0) {