From c748ec67b4bc0579d04a31b58fa31c5753d2993c Mon Sep 17 00:00:00 2001 From: Rohan Yadav Date: Thu, 5 Dec 2024 18:07:33 +0530 Subject: [PATCH] second solution --- .github/workflows/release-integration.yml | 26 ++++++++++++++++-- .goreleaser-fips.yml | 33 +++++++++++++++++++++++ .goreleaser.yml | 26 ------------------ build/ci.mk | 4 +-- build/release.mk | 16 +++++++++++ 5 files changed, 75 insertions(+), 30 deletions(-) create mode 100644 .goreleaser-fips.yml diff --git a/.github/workflows/release-integration.yml b/.github/workflows/release-integration.yml index 4c1a8179..e61ec219 100644 --- a/.github/workflows/release-integration.yml +++ b/.github/workflows/release-integration.yml @@ -54,7 +54,17 @@ jobs: needs: [ test-nix, test-windows ] steps: - name: checkout - uses: actions/checkout@v4 + uses: actions/checkout@v3 + with: + fetch-depth: 0 + - name: setup Go + uses: actions/setup-go@v5 + with: + go-version-file: 'go.mod' + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 - name: Login to DockerHub uses: docker/login-action@v3 with: @@ -65,7 +75,19 @@ jobs: run: | echo "TAG_SUFFIX=-pre" >> $GITHUB_ENV - name: do the release - run: make ci/prerelease + # The release target is not being executed inside a container (ci/release) since the target + # compiles docker images (from goreleaser) and that cannot be done inside a container. + run: make release + env: + GENERATE_PACKAGES: true + UPLOAD_PACKAGES: ${{ github.event.release.prerelease }} + GPG_MAIL: 'infrastructure-eng@newrelic.com' + # The upload script expects this to authenticate. + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: release fips + # The release target is not being executed inside a container (ci/release) since the target + # compiles docker images (from goreleaser) and that cannot be done inside a container. + run: make ci/prerelease-fips env: GENERATE_PACKAGES: true UPLOAD_PACKAGES: ${{ github.event.release.prerelease }} diff --git a/.goreleaser-fips.yml b/.goreleaser-fips.yml new file mode 100644 index 00000000..a200e9ae --- /dev/null +++ b/.goreleaser-fips.yml @@ -0,0 +1,33 @@ +--- +version: 2 +project_name: nri-prometheus +builds: + - id: nri-prometheus-nix-fips + main: ./cmd/nri-prometheus/ + binary: nri-prometheus + ldflags: + - -s -w -X github.com/newrelic/nri-prometheus/internal/integration.Version={{.Version}} #-X main.gitCommit={{.Commit}} -X main.buildDate={{.Date}} + env: + - CGO_ENABLED=1 + - GOEXPERIMENT=boringcrypto + - >- + {{- if eq .Arch "arm64" -}} + CC=aarch64-linux-gnu-gcc + {{- end }} + goos: + - linux + goarch: + - amd64 + - arm64 + tags: + - fips + +archives: + - id: nri-prometheus-nix-fips + builds: + - nri-prometheus-nix-fips + name_template: "{{ .ProjectName }}-fips_{{ .Os }}_{{ .Version }}_{{ .Arch }}_dirty" + format: tar.gz + +release: + disable: true diff --git a/.goreleaser.yml b/.goreleaser.yml index 64f873c2..06cde5f3 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -22,26 +22,6 @@ builds: goarch: 386 - goos: darwin goarch: arm - - - id: nri-prometheus-nix-fips - main: ./cmd/nri-prometheus/ - binary: nri-prometheus - ldflags: - - -s -w -X github.com/newrelic/nri-prometheus/internal/integration.Version={{.Version}} #-X main.gitCommit={{.Commit}} -X main.buildDate={{.Date}} - env: - - CGO_ENABLED=1 - - GOEXPERIMENT=boringcrypto - - >- - {{- if eq .Arch "arm64" -}} - CC=aarch64-linux-gnu-gcc - {{- end }} - goos: - - linux - goarch: - - amd64 - - arm64 - tags: - - fips - id: nri-prometheus-win main: ./cmd/nri-prometheus/ @@ -64,12 +44,6 @@ archives: - nri-prometheus-nix name_template: "{{ .ProjectName }}_{{ .Os }}_{{ .Version }}_{{ .Arch }}_dirty" format: tar.gz - - - id: nri-prometheus-nix-fips - builds: - - nri-prometheus-nix-fips - name_template: "{{ .ProjectName }}-fips_{{ .Os }}_{{ .Version }}_{{ .Arch }}_dirty" - format: tar.gz - id: nri-prometheus-win builds: diff --git a/build/ci.mk b/build/ci.mk index ae6ae189..8046f341 100644 --- a/build/ci.mk +++ b/build/ci.mk @@ -55,7 +55,7 @@ else exit 1 endif -.PHONY : ci/prerelease +.PHONY : ci/prerelease-fips ci/prerelease: ci/deps ifdef TAG @docker run --rm -t \ @@ -70,7 +70,7 @@ ifdef TAG -e TAG \ -e TAG_SUFFIX \ -e GENERATE_PACKAGES \ - $(BUILDER_IMAGE) make release + $(BUILDER_IMAGE) make release-fips else @echo "===> $(INTEGRATION) === [ci/prerelease] TAG env variable expected to be set" exit 1 diff --git a/build/release.mk b/build/release.mk index 043b0bf1..661fcf3d 100644 --- a/build/release.mk +++ b/build/release.mk @@ -38,6 +38,18 @@ else @$(GORELEASER_BIN) build --config $(CURDIR)/.goreleaser.yml --skip=validate --snapshot --clean endif +.PHONY : release/build-fips +release/build-fips: release/deps release/clean +ifeq ($(GENERATE_PACKAGES), true) + @echo "===> $(INTEGRATION) === [release/build] PRERELEASE/RELEASE compiling fips binaries, creating packages, archives" + # TAG_SUFFIX should be set as "-pre" during prereleases + @$(GORELEASER_BIN) release --config $(CURDIR)/.goreleaser-fips.yml --skip=validate --clean +else + @echo "===> $(INTEGRATION) === [release/build] build compiling fips binaries" + # release/build with PRERELEASE unset is actually called only from push/pr pipeline to check everything builds correctly + @$(GORELEASER_BIN) build --config $(CURDIR)/.goreleaser-fips.yml --skip=validate --snapshot --clean +endif + .PHONY : release/fix-archive release/fix-archive: @echo "===> $(INTEGRATION) === [release/fix-archive] fixing tar.gz archives internal structure" @@ -60,6 +72,10 @@ endif release: release/build release/fix-archive release/publish release/clean @echo "===> $(INTEGRATION) === [release/publish] full pre-release cycle complete for nix" +.PHONY : release-fips +release-fips: release/build-fips release/fix-archive release/publish release/clean + @echo "===> $(INTEGRATION) === [release/publish] fips pre-release cycle complete for nix" + OS := $(shell uname -s) ifeq ($(OS), Darwin) OS_DOWNLOAD := "darwin"