NH-37575: migrate to GitHub actions #26
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Push | |
on: | |
workflow_dispatch: | |
push: | |
permissions: | |
packages: write | |
contents: read | |
id-token: write | |
env: | |
SW_APM_DEBUG_LEVEL: trace | |
AGENT_DOWNLOAD_URL: https://agent-binaries.global.st-ssp.solarwinds.com/apm/java/latest/solarwinds-apm-agent.jar | |
SW_APM_COLLECTOR: apm.collector.na-01.st-ssp.solarwinds.com | |
OTEL_EXPORTER_OTLP_ENDPOINT: ${{ secrets.OTEL_EXPORTER_OTLP_ENDPOINT }} | |
SW_APM_SERVICE_KEY_AO: ${{ secrets.SW_APM_SERVICE_KEY_AO }} | |
SW_APM_SERVICE_KEY: ${{ secrets.SW_APM_SERVICE_KEY }} | |
GITHUB_USERNAME: ${{ github.actor }} | |
SWO_LOGIN_URL: ${{ secrets.SWO_LOGIN_URL }} | |
SWO_HOST_URL: ${{ secrets.SWO_HOST_URL }} | |
SWO_EMAIL: ${{ secrets.SWO_EMAIL }} | |
SWO_PWORD: ${{ secrets.SWO_PWORD }} | |
STAGE_BUCKET: ${{ secrets.STAGE_BUCKET }} | |
jobs: | |
s3-stage-upload: # this job uploads the jar to stage s3 | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v4 | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
- uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ secrets.AWS_S3_ROLE_ARN_SSP_STAGE }} | |
aws-region: "us-east-1" | |
- name: Build agent | |
run: ./gradlew clean build -x test | |
- name: Set agent version env | |
run: | | |
echo "AGENT_VERSION=v$(cd agent/build/libs && unzip -p solarwinds-apm-agent.jar META-INF/MANIFEST.MF | grep Implementation-Version | awk '{ print $2 }')" >> $GITHUB_ENV | |
- name: Copy to S3 | |
run: | | |
ls -al | |
aws s3 cp agent/build/libs/solarwinds-apm-agent.jar \ | |
s3://$STAGE_BUCKET/apm/java/$AGENT_VERSION/solarwinds-apm-agent.jar \ | |
--acl public-read | |
aws s3 cp agent-lambda/build/libs/solarwinds-apm-agent-lambda.jar \ | |
s3://$STAGE_BUCKET/apm/java/$AGENT_VERSION/solarwinds-apm-agent-lambda.jar \ | |
--acl public-read | |
aws s3 cp custom/shared/src/main/resources/solarwinds-apm-config.json \ | |
s3://$STAGE_BUCKET/apm/java/$AGENT_VERSION/solarwinds-apm-config.json \ | |
--acl public-read | |
- name: Copy to S3(latest) | |
run: | | |
aws s3 cp s3://$STAGE_BUCKET/apm/java/$AGENT_VERSION/solarwinds-apm-agent.jar \ | |
s3://$STAGE_BUCKET/apm/java/latest/solarwinds-apm-agent.jar \ | |
--acl public-read | |
aws s3 cp s3://$STAGE_BUCKET/apm/java/$AGENT_VERSION/solarwinds-apm-agent-lambda.jar \ | |
s3://$STAGE_BUCKET/apm/java/latest/solarwinds-apm-agent-lambda.jar \ | |
--acl public-read | |
aws s3 cp s3://$STAGE_BUCKET/apm/java/$AGENT_VERSION/solarwinds-apm-config.json \ | |
s3://$STAGE_BUCKET/apm/java/latest/solarwinds-apm-config.json \ | |
--acl public-read | |
touch VERSION | |
echo "version: $AGENT_VERSION" >> VERSION | |
SHA256=$(sha256sum agent/build/libs/solarwinds-apm-agent.jar) | |
echo "sha256: $SHA256" >> VERSION | |
aws s3 cp VERSION \ | |
s3://$STAGE_BUCKET/apm/java/latest/VERSION \ | |
--acl public-read | |
build-test-images: | |
runs-on: ubuntu-latest | |
needs: | |
- s3-stage-upload | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Docker login | |
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $GITHUB_USERNAME --password-stdin | |
- name: Docker push | |
run: | | |
cd long-running-test-arch | |
IMAGE_ID_RC=$(echo "ghcr.io/$GITHUB_REPOSITORY_OWNER/petclinic:agent-rc" | tr '[:upper:]' '[:lower:]') | |
IMAGE_ID_ST=$(echo "ghcr.io/$GITHUB_REPOSITORY_OWNER/petclinic:agent-latest" | tr '[:upper:]' '[:lower:]') | |
IMAGE_ID_XK6=$(echo "ghcr.io/$GITHUB_REPOSITORY_OWNER/xk6:latest" | tr '[:upper:]' '[:lower:]') | |
docker buildx create --use --name multiarch | |
docker buildx build --tag $IMAGE_ID_RC --push -f Dockerfile-rc . | |
docker buildx build --tag $IMAGE_ID_ST --push -f Dockerfile . | |
docker buildx build --tag $IMAGE_ID_XK6 --push xk6/ | |
- name: Docker logout | |
run: docker logout | |
test: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v4 | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
- name: Build agent | |
run: ./gradlew clean build -x test | |
- name: Muzzle check | |
run: ./gradlew muzzle | |
- name: Execute tests | |
run: ./gradlew test | |
- name: Check shading | |
run: | | |
code=0 | |
for path in $(jar -tf agent/build/libs/solarwinds-apm-agent.jar | grep -E -v '^((com/solarwinds|inst|io/open|META))') | |
do | |
PACKAGE=$(echo "$path" | awk -F/ '{print $2}') | |
if [ -n "$PACKAGE" ] && [ "$PACKAGE" != "annotation" ]; then | |
echo "Package ($path) is not shaded" | |
code=1 | |
fi | |
done | |
exit $code | |
lambda=0 | |
for path in $(jar -tf agent-lambda/build/libs/solarwinds-apm-agent-lambda.jar | grep -E -v '^((com/solarwinds|inst|io/open|META))') | |
do | |
PACKAGE=$(echo "$path" | awk -F/ '{print $2}') | |
if [ -n "$PACKAGE" ] && [ "$PACKAGE" != "annotation" ]; then | |
echo "Package ($path) is not shaded" | |
lambda=1 | |
fi | |
done | |
exit $lambda | |
lambda-release-test: | |
runs-on: ubuntu-latest | |
needs: | |
- s3-stage-upload | |
env: | |
LAMBDA: "true" | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v4 | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
- name: Build smoke-test | |
run: | | |
cd smoke-tests | |
./gradlew build -x test | |
- name: Docker login | |
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $GITHUB_USERNAME --password-stdin | |
- name: Execute smoke tests | |
run: | | |
cd smoke-tests | |
./gradlew test | |
- uses: actions/upload-artifact@v4 | |
with: | |
path: smoke-tests/build/reports/tests/test | |
- name: Docker logout | |
run: docker logout | |
lambda-publish: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v4 | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
- name: Aws setup | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ secrets.AWS_LAMBDA_ROLE_STAGE }} | |
aws-region: "us-east-1" | |
- name: Build agent | |
run: ./gradlew clean build -x test | |
- name: Create zip | |
run: ./gradlew :agent-lambda:lambda-layer | |
- name: Set agent version env | |
run: | | |
echo "AGENT_VERSION=v$(cd agent/build/libs && unzip -p solarwinds-apm-agent.jar META-INF/MANIFEST.MF | grep Implementation-Version | awk '{ print $2 }' | sed 's/[^a-z0-9.-]//g')" >> $GITHUB_ENV | |
- name: Create lambda layer | |
run: | | |
regions=( | |
"ap-northeast-1" | |
"ap-northeast-2" | |
"ap-south-1" | |
"ap-southeast-1" | |
"ap-southeast-2" | |
"ca-central-1" | |
"eu-central-1" | |
"eu-north-1" | |
"eu-west-1" | |
"eu-west-2" | |
"eu-west-3" | |
"sa-east-1" | |
"us-east-1" | |
"us-east-2" | |
"us-west-1" | |
"us-west-2") | |
VERSION=$(echo "$AGENT_VERSION" | sed 's/[.]/_/g') | |
LAYER_NAME="solarwinds-apm-java-$VERSION" | |
touch arns.txt | |
layer_size=$(stat --printf=%s agent-lambda/build/lambda-layer/layer.zip) | |
set +e | |
for region in "${regions[@]}"; do | |
status=0 | |
aws lambda publish-layer-version \ | |
--layer-name $LAYER_NAME \ | |
--compatible-runtimes "java21" "java17" "java11" "java8.al2" \ | |
--compatible-architectures "x86_64" "arm64" \ | |
--description "Solarwinds' apm java lambda instrumentation layer, version: $AGENT_VERSION" \ | |
--region "$region" \ | |
--zip-file fileb://agent-lambda/build/lambda-layer/layer.zip \ | |
--output json > output.json | |
status=$? | |
if [ "$status" != 0 ]; then | |
echo "FAILED: publish $region" | |
continue | |
fi | |
pub_versionarn=$(jq -r '.LayerVersionArn' output.json) | |
pub_arn=$(jq -r '.LayerArn' output.json) | |
pub_version=$(jq -r '.Version' output.json) | |
pub_size=$(jq -r '.Content.CodeSize' output.json) | |
echo '-- verifying published layer --' | |
if [ "$pub_size" != "$layer_size" ]; then | |
echo "FAILED: Region = $region, versonArn = $pub_versionarn published size = $pub_size, expected size = $layer_size" | |
continue | |
fi | |
aws lambda add-layer-version-permission \ | |
--region "$region" \ | |
--layer-name "$pub_arn" \ | |
--version-number "$pub_version" \ | |
--principal '*' \ | |
--action lambda:GetLayerVersion \ | |
--statement-id global-GetLayerVersion | |
status=$? | |
if [ "$status" != 0 ]; then | |
echo "FAILED: add permission region = $region, versionArn = $pub_versionarn" | |
continue | |
fi | |
echo "$pub_versionarn" >> arns.txt | |
done | |
- uses: actions/upload-artifact@v4 | |
with: | |
path: arns.txt | |
smoke-test-linux: | |
runs-on: ubuntu-latest | |
needs: | |
- s3-stage-upload | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v4 | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
- name: Run application | |
working-directory: smoke-tests | |
run: | | |
./gradlew :netty-test:run | |
env: | |
SW_APM_SERVICE_KEY: ${{ secrets.SW_APM_SERVICE_KEY }}:smoke-test-linux | |
smoke-test-windows: | |
runs-on: windows-latest | |
needs: | |
- s3-stage-upload | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v4 | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
- name: Run application | |
working-directory: smoke-tests | |
run: | | |
.\gradlew.bat :netty-test:run | |
env: | |
SW_APM_SERVICE_KEY: ${{ secrets.SW_APM_SERVICE_KEY }}:smoke-test-windows | |
release-test: | |
runs-on: windows-latest | |
env: | |
LAMBDA: "false" | |
needs: | |
- s3-stage-upload | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v4 | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
- name: Build smoke-test | |
run: | | |
cd smoke-tests | |
./gradlew build -x test | |
- name: Docker login | |
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $GITHUB_USERNAME --password-stdin | |
- name: Build webmvc jar | |
run: | | |
cd smoke-tests | |
./gradlew :spring-boot-webmvc:build | |
- name: Build webmvc image | |
run: | | |
cd smoke-tests/spring-boot-webmvc | |
docker image build --tag smt:webmvc . | |
- name: Execute smoke tests | |
run: | | |
cd smoke-tests | |
./gradlew test | |
- uses: actions/upload-artifact@v4 | |
with: | |
path: smoke-tests/build/reports/tests/test | |
- name: Docker logout | |
run: docker logout |