Skip to content

NH-96772: add docker scout #467

NH-96772: add docker scout

NH-96772: add docker scout #467

Workflow file for this run

name: Push
on:
workflow_dispatch:
push:
permissions:
packages: write
contents: read
id-token: write
env:
SW_APM_DEBUG_LEVEL: trace
AGENT_DOWNLOAD_URL: https://agent-binaries.global.st-ssp.solarwinds.com/apm/java/latest/solarwinds-apm-agent.jar
SW_APM_COLLECTOR: ${{ secrets.SW_APM_COLLECTOR }}
SW_APM_SERVICE_KEY_AO: ${{ secrets.SW_APM_SERVICE_KEY_AO }}
SW_APM_SERVICE_KEY: ${{ secrets.SW_APM_SERVICE_KEY }}
GITHUB_USERNAME: ${{ github.actor }}
SWO_LOGIN_URL: ${{ secrets.SWO_LOGIN_URL }}
SWO_HOST_URL: ${{ secrets.SWO_HOST_URL }}
SWO_EMAIL: ${{ secrets.SWO_EMAIL }}
SWO_PWORD: ${{ secrets.SWO_PWORD }}
STAGE_BUCKET: ${{ secrets.STAGE_BUCKET }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
SONATYPE_TOKEN: ${{ secrets.SONATYPE_TOKEN }}
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
GPG_PRIVATE_KEY_PASSPHRASE: ${{ secrets.GPG_PRIVATE_KEY_PASSPHRASE }}
jobs:
s3-stage-upload: # this job uploads the jar to stage s3
needs:
- maven_snapshot_release
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
- uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_S3_ROLE_ARN_SSP_STAGE }}
aws-region: "us-east-1"
- name: Build agent
run: ./gradlew clean build -x test
- name: Set agent version
id: set_version
uses: ./.github/actions/version
- name: Copy to S3
run: |
aws s3 cp agent/build/libs/solarwinds-apm-agent.jar \
s3://$STAGE_BUCKET/apm/java/$AGENT_VERSION/solarwinds-apm-agent.jar \
--acl public-read
aws s3 cp agent-lambda/build/libs/solarwinds-apm-agent-lambda.jar \
s3://$STAGE_BUCKET/apm/java/$AGENT_VERSION/solarwinds-apm-agent-lambda.jar \
--acl public-read
aws s3 cp custom/shared/src/main/resources/solarwinds-apm-config.json \
s3://$STAGE_BUCKET/apm/java/$AGENT_VERSION/solarwinds-apm-config.json \
--acl public-read
env:
AGENT_VERSION: ${{ steps.set_version.outputs.version }}
- name: Copy to S3(latest)
run: |
aws s3 cp s3://$STAGE_BUCKET/apm/java/$AGENT_VERSION/solarwinds-apm-agent.jar \
s3://$STAGE_BUCKET/apm/java/latest/solarwinds-apm-agent.jar \
--acl public-read
aws s3 cp s3://$STAGE_BUCKET/apm/java/$AGENT_VERSION/solarwinds-apm-agent-lambda.jar \
s3://$STAGE_BUCKET/apm/java/latest/solarwinds-apm-agent-lambda.jar \
--acl public-read
aws s3 cp s3://$STAGE_BUCKET/apm/java/$AGENT_VERSION/solarwinds-apm-config.json \
s3://$STAGE_BUCKET/apm/java/latest/solarwinds-apm-config.json \
--acl public-read
touch VERSION
echo "version: $AGENT_VERSION" >> VERSION
SHA256=$(sha256sum agent/build/libs/solarwinds-apm-agent.jar)
echo "sha256: $SHA256" >> VERSION
aws s3 cp VERSION \
s3://$STAGE_BUCKET/apm/java/latest/VERSION \
--acl public-read
env:
AGENT_VERSION: ${{ steps.set_version.outputs.version }}
build-test-images:
runs-on: ubuntu-latest
needs:
- s3-stage-upload
steps:
- uses: actions/checkout@v4
- name: Docker login
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $GITHUB_USERNAME --password-stdin
- name: Docker push
run: |
cd long-running-test-arch
IMAGE_ID_RC=$(echo "ghcr.io/$GITHUB_REPOSITORY_OWNER/petclinic:agent-rc" | tr '[:upper:]' '[:lower:]')
IMAGE_ID_ST=$(echo "ghcr.io/$GITHUB_REPOSITORY_OWNER/petclinic:agent-latest" | tr '[:upper:]' '[:lower:]')
IMAGE_ID_XK6=$(echo "ghcr.io/$GITHUB_REPOSITORY_OWNER/xk6:latest" | tr '[:upper:]' '[:lower:]')
docker buildx create --use --name multiarch
docker buildx build --tag $IMAGE_ID_RC --push -f Dockerfile-rc .
docker buildx build --tag $IMAGE_ID_ST --push -f Dockerfile .
docker buildx build --tag $IMAGE_ID_XK6 --push xk6/
- name: Docker logout
if: always()
run: docker logout
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
- name: Build agent
run: ./gradlew clean build -x test
- name: Muzzle check
run: ./gradlew muzzle
- name: Execute tests
run: ./gradlew test
- name: Check shading
run: |
code=0
for path in $(jar -tf agent/build/libs/solarwinds-apm-agent.jar | grep -E -v '^((com/solarwinds|inst|io/open|META))')
do
PACKAGE=$(echo "$path" | awk -F/ '{print $2}')
if [ -n "$PACKAGE" ] && [ "$PACKAGE" != "annotation" ]; then
echo "Package ($path) is not shaded"
code=1
fi
done
exit $code
lambda=0
for path in $(jar -tf agent-lambda/build/libs/solarwinds-apm-agent-lambda.jar | grep -E -v '^((com/solarwinds|inst|io/open|META))')
do
PACKAGE=$(echo "$path" | awk -F/ '{print $2}')
if [ -n "$PACKAGE" ] && [ "$PACKAGE" != "annotation" ]; then
echo "Package ($path) is not shaded"
lambda=1
fi
done
exit $lambda
lambda-release-test:
runs-on: ubuntu-latest
needs:
- s3-stage-upload
env:
LAMBDA: "true"
OTEL_EXPORTER_OTLP_ENDPOINT: ${{ secrets.OTEL_EXPORTER_OTLP_ENDPOINT }}
steps:
- uses: actions/checkout@v4
- name: Free Disk Space before Build
run: |
echo "Disk space before pre-build cleanup:"
df -h
sudo rm -rf /usr/local/.ghcup
sudo rm -rf /opt/hostedtoolcache/CodeQL
sudo rm -rf /usr/local/lib/android/sdk/ndk
sudo rm -rf /usr/share/dotnet
sudo rm -rf /opt/ghc
sudo rm -rf /usr/local/share/boost
echo "Disk space after pre-build cleanup:"
df -h
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
- name: Set agent version
id: set_version
uses: ./.github/actions/version
- name: Set snapshot version
run: |
GIT_HASH=$(git rev-parse --short "$GITHUB_SHA")
echo "AGENT_VERSION=${{ steps.set_version.outputs.version }}.$GIT_HASH" >> $GITHUB_ENV
- name: Build smoke-test
run: |
cd smoke-tests
./gradlew build -x test
- name: Build webmvc jar
run: |
cd smoke-tests
./gradlew :spring-boot-webmvc:build
- name: Build webmvc image
run: |
cd smoke-tests/spring-boot-webmvc
docker image build --tag smt:webmvc .
- name: Docker login
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $GITHUB_USERNAME --password-stdin
- name: Execute smoke tests
run: |
cd smoke-tests
./gradlew test
- uses: actions/upload-artifact@v4
if: always()
with:
path: smoke-tests/build/reports/tests/test
name: lambda-release-test
- name: Free Disk Space After Build
run: |
echo "Disk space before post-build cleanup:"
df -h
sudo rm -rf /usr/local/.ghcup
sudo rm -rf /opt/hostedtoolcache/CodeQL
sudo rm -rf /usr/local/lib/android/sdk/ndk
sudo rm -rf /usr/share/dotnet
sudo rm -rf /opt/ghc
sudo rm -rf /usr/local/share/boost
sudo rm -rf smoke-tests/build/
echo "Disk space after post-build cleanup:"
df -h
- name: Docker logout
if: always()
run: docker logout
lambda-publish-stage:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
- name: Aws setup
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_LAMBDA_ROLE_STAGE }}
aws-region: "us-east-1"
- name: Build agent
run: ./gradlew clean build -x test
- name: Create zip
run: ./gradlew :agent-lambda:lambda-layer
- name: Set agent version
id: set_version
uses: ./.github/actions/version
- name: Create lambda layer
run: |
regions=(
"ap-northeast-1"
"ap-northeast-2"
"ap-south-1"
"ap-southeast-1"
"ap-southeast-2"
"ca-central-1"
"eu-central-1"
"eu-north-1"
"eu-west-1"
"eu-west-2"
"eu-west-3"
"sa-east-1"
"us-east-1"
"us-east-2"
"us-west-1"
"us-west-2")
VERSION=$(echo "$AGENT_VERSION" | sed 's/[.]/_/g')
LAYER_NAME="solarwinds-apm-java-$VERSION"
touch arns.txt
layer_size=$(stat --printf=%s agent-lambda/build/lambda-layer/layer.zip)
set +e
for region in "${regions[@]}"; do
status=0
aws lambda publish-layer-version \
--layer-name $LAYER_NAME \
--compatible-runtimes "java21" "java17" "java11" "java8.al2" \
--compatible-architectures "x86_64" "arm64" \
--description "Solarwinds' apm java lambda instrumentation layer, version: $AGENT_VERSION" \
--region "$region" \
--zip-file fileb://agent-lambda/build/lambda-layer/layer.zip \
--output json > output.json
status=$?
if [ "$status" != 0 ]; then
echo "FAILED: publish $region"
continue
fi
pub_versionarn=$(jq -r '.LayerVersionArn' output.json)
pub_arn=$(jq -r '.LayerArn' output.json)
pub_version=$(jq -r '.Version' output.json)
pub_size=$(jq -r '.Content.CodeSize' output.json)
echo '-- verifying published layer --'
if [ "$pub_size" != "$layer_size" ]; then
echo "FAILED: Region = $region, versonArn = $pub_versionarn published size = $pub_size, expected size = $layer_size"
continue
fi
aws lambda add-layer-version-permission \
--region "$region" \
--layer-name "$pub_arn" \
--version-number "$pub_version" \
--principal '*' \
--action lambda:GetLayerVersion \
--statement-id global-GetLayerVersion
status=$?
if [ "$status" != 0 ]; then
echo "FAILED: add permission region = $region, versionArn = $pub_versionarn"
continue
fi
echo "$pub_versionarn" >> arns.txt
done
env:
AGENT_VERSION: ${{ steps.set_version.outputs.version }}
- uses: actions/upload-artifact@v4
with:
path: arns.txt
name: arns
smoke-test-linux:
runs-on: ubuntu-latest
needs:
- s3-stage-upload
steps:
- uses: actions/checkout@v4
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
- name: Set agent version
id: set_version
uses: ./.github/actions/version
- name: Set snapshot version
run: |
GIT_HASH=$(git rev-parse --short "$GITHUB_SHA")
echo "AGENT_VERSION=${{ steps.set_version.outputs.version }}.$GIT_HASH" >> $GITHUB_ENV
- name: Run application
working-directory: smoke-tests
run: |
./gradlew :netty-test:run
env:
SW_APM_SERVICE_KEY: ${{ secrets.SW_APM_SERVICE_KEY }}:smoke-test-linux
smoke-test-no-agent:
runs-on: ubuntu-latest
needs:
- s3-stage-upload
steps:
- uses: actions/checkout@v4
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
- name: Set agent version
id: set_version
uses: ./.github/actions/version
- name: Set snapshot version
run: |
GIT_HASH=$(git rev-parse --short "$GITHUB_SHA")
echo "AGENT_VERSION=${{ steps.set_version.outputs.version }}.$GIT_HASH" >> $GITHUB_ENV
- name: Run application
working-directory: smoke-tests
run: |
./gradlew :netty-test-no-agent:run
smoke-test-windows:
runs-on: windows-latest
needs:
- s3-stage-upload
steps:
- uses: actions/checkout@v4
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
- name: Set agent version
id: set_version
uses: ./.github/actions/version
- name: Set snapshot version
shell: bash
run: |
GIT_HASH=$(git rev-parse --short "$GITHUB_SHA")
echo "AGENT_VERSION=${{ steps.set_version.outputs.version }}.$GIT_HASH" >> $GITHUB_ENV
- name: Run application
working-directory: smoke-tests
run: |
.\gradlew.bat :netty-test:run
env:
SW_APM_SERVICE_KEY: ${{ secrets.SW_APM_SERVICE_KEY }}:smoke-test-windows
release-test:
runs-on: ubuntu-latest
env:
LAMBDA: "false"
needs:
- s3-stage-upload
steps:
- uses: actions/checkout@v4
- name: Free Disk Space before Build
run: |
echo "Disk space before pre-build cleanup:"
df -h
sudo rm -rf /usr/local/.ghcup
sudo rm -rf /opt/hostedtoolcache/CodeQL
sudo rm -rf /usr/local/lib/android/sdk/ndk
sudo rm -rf /usr/share/dotnet
sudo rm -rf /opt/ghc
sudo rm -rf /usr/local/share/boost
echo "Disk space after pre-build cleanup:"
df -h
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
- name: Docker login
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $GITHUB_USERNAME --password-stdin
- name: Set agent version
id: set_version
uses: ./.github/actions/version
- name: Set snapshot version
run: |
GIT_HASH=$(git rev-parse --short "$GITHUB_SHA")
echo "AGENT_VERSION=${{ steps.set_version.outputs.version }}.$GIT_HASH" >> $GITHUB_ENV
- name: Build smoke-test
run: |
cd smoke-tests
./gradlew build -x test
- name: Build webmvc jar
run: |
cd smoke-tests
./gradlew :spring-boot-webmvc:build
- name: Build webmvc image
run: |
cd smoke-tests/spring-boot-webmvc
docker image build --tag smt:webmvc .
- name: Execute smoke tests
run: |
cd smoke-tests
./gradlew test
- uses: actions/upload-artifact@v4
if: always()
with:
path: smoke-tests/build/reports/tests/test
name: release-test
- name: Free Disk Space After Build
run: |
echo "Disk space before post-build cleanup:"
df -h
sudo rm -rf /usr/local/.ghcup
sudo rm -rf /opt/hostedtoolcache/CodeQL
sudo rm -rf /usr/local/lib/android/sdk/ndk
sudo rm -rf /usr/share/dotnet
sudo rm -rf /opt/ghc
sudo rm -rf /usr/local/share/boost
sudo rm -rf smoke-tests/build/
echo "Disk space after post-build cleanup:"
df -h
- name: Docker logout
if: always()
run: docker logout
benchmark:
runs-on: ubuntu-latest
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
needs:
- s3-stage-upload
steps:
- uses: actions/checkout@v4
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
- name: Docker login
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $GITHUB_USERNAME --password-stdin
- name: Benchmark test
working-directory: benchmark
run: ./gradlew test
- uses: actions/upload-artifact@v4
with:
path: benchmark/results/release/summary.txt
name: benchmark-summary
- uses: actions/upload-artifact@v4
if: always()
with:
path: benchmark/build/reports/tests/test/
name: benchmark-test
- name: Docker logout
if: always()
run: docker logout
maven_snapshot_release:
runs-on: ubuntu-latest
env:
SNAPSHOT_BUILD: true
steps:
- uses: actions/checkout@v4
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v3
- name: Set agent version
id: set_version
uses: ./.github/actions/version
- name: Set snapshot version
run: |
GIT_HASH=$(git rev-parse --short "$GITHUB_SHA")
echo "AGENT_VERSION=${{ steps.set_version.outputs.version }}.$GIT_HASH" >> $GITHUB_ENV
- name: Publish
run: ./gradlew publishToSonatype