Skip to content

NH-37575: migrate to GitHub actions #26

NH-37575: migrate to GitHub actions

NH-37575: migrate to GitHub actions #26

Workflow file for this run

name: Push
on:
workflow_dispatch:
push:
permissions:
packages: write
contents: read
id-token: write
env:
SW_APM_DEBUG_LEVEL: trace
AGENT_DOWNLOAD_URL: https://agent-binaries.global.st-ssp.solarwinds.com/apm/java/latest/solarwinds-apm-agent.jar
SW_APM_COLLECTOR: apm.collector.na-01.st-ssp.solarwinds.com
OTEL_EXPORTER_OTLP_ENDPOINT: ${{ secrets.OTEL_EXPORTER_OTLP_ENDPOINT }}
SW_APM_SERVICE_KEY_AO: ${{ secrets.SW_APM_SERVICE_KEY_AO }}
SW_APM_SERVICE_KEY: ${{ secrets.SW_APM_SERVICE_KEY }}
GITHUB_USERNAME: ${{ github.actor }}
SWO_LOGIN_URL: ${{ secrets.SWO_LOGIN_URL }}
SWO_HOST_URL: ${{ secrets.SWO_HOST_URL }}
SWO_EMAIL: ${{ secrets.SWO_EMAIL }}
SWO_PWORD: ${{ secrets.SWO_PWORD }}
STAGE_BUCKET: ${{ secrets.STAGE_BUCKET }}
jobs:
s3-stage-upload: # this job uploads the jar to stage s3
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
- uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_S3_ROLE_ARN_SSP_STAGE }}
aws-region: "us-east-1"
- name: Build agent
run: ./gradlew clean build -x test
- name: Set agent version env
run: |
echo "AGENT_VERSION=v$(cd agent/build/libs && unzip -p solarwinds-apm-agent.jar META-INF/MANIFEST.MF | grep Implementation-Version | awk '{ print $2 }')" >> $GITHUB_ENV
- name: Copy to S3
run: |
ls -al
aws s3 cp agent/build/libs/solarwinds-apm-agent.jar \
s3://$STAGE_BUCKET/apm/java/$AGENT_VERSION/solarwinds-apm-agent.jar \
--acl public-read
aws s3 cp agent-lambda/build/libs/solarwinds-apm-agent-lambda.jar \
s3://$STAGE_BUCKET/apm/java/$AGENT_VERSION/solarwinds-apm-agent-lambda.jar \
--acl public-read
aws s3 cp custom/shared/src/main/resources/solarwinds-apm-config.json \
s3://$STAGE_BUCKET/apm/java/$AGENT_VERSION/solarwinds-apm-config.json \
--acl public-read
- name: Copy to S3(latest)
run: |
aws s3 cp s3://$STAGE_BUCKET/apm/java/$AGENT_VERSION/solarwinds-apm-agent.jar \
s3://$STAGE_BUCKET/apm/java/latest/solarwinds-apm-agent.jar \
--acl public-read
aws s3 cp s3://$STAGE_BUCKET/apm/java/$AGENT_VERSION/solarwinds-apm-agent-lambda.jar \
s3://$STAGE_BUCKET/apm/java/latest/solarwinds-apm-agent-lambda.jar \
--acl public-read
aws s3 cp s3://$STAGE_BUCKET/apm/java/$AGENT_VERSION/solarwinds-apm-config.json \
s3://$STAGE_BUCKET/apm/java/latest/solarwinds-apm-config.json \
--acl public-read
touch VERSION
echo "version: $AGENT_VERSION" >> VERSION
SHA256=$(sha256sum agent/build/libs/solarwinds-apm-agent.jar)
echo "sha256: $SHA256" >> VERSION
aws s3 cp VERSION \
s3://$STAGE_BUCKET/apm/java/latest/VERSION \
--acl public-read
build-test-images:
runs-on: ubuntu-latest
needs:
- s3-stage-upload
steps:
- uses: actions/checkout@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Docker login
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $GITHUB_USERNAME --password-stdin
- name: Docker push
run: |
cd long-running-test-arch
IMAGE_ID_RC=$(echo "ghcr.io/$GITHUB_REPOSITORY_OWNER/petclinic:agent-rc" | tr '[:upper:]' '[:lower:]')
IMAGE_ID_ST=$(echo "ghcr.io/$GITHUB_REPOSITORY_OWNER/petclinic:agent-latest" | tr '[:upper:]' '[:lower:]')
IMAGE_ID_XK6=$(echo "ghcr.io/$GITHUB_REPOSITORY_OWNER/xk6:latest" | tr '[:upper:]' '[:lower:]')
docker buildx create --use --name multiarch
docker buildx build --tag $IMAGE_ID_RC --push -f Dockerfile-rc .
docker buildx build --tag $IMAGE_ID_ST --push -f Dockerfile .
docker buildx build --tag $IMAGE_ID_XK6 --push xk6/
- name: Docker logout
run: docker logout
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
- name: Build agent
run: ./gradlew clean build -x test
- name: Muzzle check
run: ./gradlew muzzle
- name: Execute tests
run: ./gradlew test
- name: Check shading
run: |
code=0
for path in $(jar -tf agent/build/libs/solarwinds-apm-agent.jar | grep -E -v '^((com/solarwinds|inst|io/open|META))')
do
PACKAGE=$(echo "$path" | awk -F/ '{print $2}')
if [ -n "$PACKAGE" ] && [ "$PACKAGE" != "annotation" ]; then
echo "Package ($path) is not shaded"
code=1
fi
done
exit $code
lambda=0
for path in $(jar -tf agent-lambda/build/libs/solarwinds-apm-agent-lambda.jar | grep -E -v '^((com/solarwinds|inst|io/open|META))')
do
PACKAGE=$(echo "$path" | awk -F/ '{print $2}')
if [ -n "$PACKAGE" ] && [ "$PACKAGE" != "annotation" ]; then
echo "Package ($path) is not shaded"
lambda=1
fi
done
exit $lambda
lambda-release-test:
runs-on: ubuntu-latest
needs:
- s3-stage-upload
env:
LAMBDA: "true"
steps:
- uses: actions/checkout@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
- name: Build smoke-test
run: |
cd smoke-tests
./gradlew build -x test
- name: Docker login
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $GITHUB_USERNAME --password-stdin
- name: Execute smoke tests
run: |
cd smoke-tests
./gradlew test
- uses: actions/upload-artifact@v4
with:
path: smoke-tests/build/reports/tests/test
- name: Docker logout
run: docker logout
lambda-publish:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
- name: Aws setup
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_LAMBDA_ROLE_STAGE }}
aws-region: "us-east-1"
- name: Build agent
run: ./gradlew clean build -x test
- name: Create zip
run: ./gradlew :agent-lambda:lambda-layer
- name: Set agent version env
run: |
echo "AGENT_VERSION=v$(cd agent/build/libs && unzip -p solarwinds-apm-agent.jar META-INF/MANIFEST.MF | grep Implementation-Version | awk '{ print $2 }' | sed 's/[^a-z0-9.-]//g')" >> $GITHUB_ENV
- name: Create lambda layer
run: |
regions=(
"ap-northeast-1"
"ap-northeast-2"
"ap-south-1"
"ap-southeast-1"
"ap-southeast-2"
"ca-central-1"
"eu-central-1"
"eu-north-1"
"eu-west-1"
"eu-west-2"
"eu-west-3"
"sa-east-1"
"us-east-1"
"us-east-2"
"us-west-1"
"us-west-2")
VERSION=$(echo "$AGENT_VERSION" | sed 's/[.]/_/g')
LAYER_NAME="solarwinds-apm-java-$VERSION"
touch arns.txt
layer_size=$(stat --printf=%s agent-lambda/build/lambda-layer/layer.zip)
set +e
for region in "${regions[@]}"; do
status=0
aws lambda publish-layer-version \
--layer-name $LAYER_NAME \
--compatible-runtimes "java21" "java17" "java11" "java8.al2" \
--compatible-architectures "x86_64" "arm64" \
--description "Solarwinds' apm java lambda instrumentation layer, version: $AGENT_VERSION" \
--region "$region" \
--zip-file fileb://agent-lambda/build/lambda-layer/layer.zip \
--output json > output.json
status=$?
if [ "$status" != 0 ]; then
echo "FAILED: publish $region"
continue
fi
pub_versionarn=$(jq -r '.LayerVersionArn' output.json)
pub_arn=$(jq -r '.LayerArn' output.json)
pub_version=$(jq -r '.Version' output.json)
pub_size=$(jq -r '.Content.CodeSize' output.json)
echo '-- verifying published layer --'
if [ "$pub_size" != "$layer_size" ]; then
echo "FAILED: Region = $region, versonArn = $pub_versionarn published size = $pub_size, expected size = $layer_size"
continue
fi
aws lambda add-layer-version-permission \
--region "$region" \
--layer-name "$pub_arn" \
--version-number "$pub_version" \
--principal '*' \
--action lambda:GetLayerVersion \
--statement-id global-GetLayerVersion
status=$?
if [ "$status" != 0 ]; then
echo "FAILED: add permission region = $region, versionArn = $pub_versionarn"
continue
fi
echo "$pub_versionarn" >> arns.txt
done
- uses: actions/upload-artifact@v4
with:
path: arns.txt
smoke-test-linux:
runs-on: ubuntu-latest
needs:
- s3-stage-upload
steps:
- uses: actions/checkout@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
- name: Run application
working-directory: smoke-tests
run: |
./gradlew :netty-test:run
env:
SW_APM_SERVICE_KEY: ${{ secrets.SW_APM_SERVICE_KEY }}:smoke-test-linux
smoke-test-windows:
runs-on: windows-latest
needs:
- s3-stage-upload
steps:
- uses: actions/checkout@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
- name: Run application
working-directory: smoke-tests
run: |
.\gradlew.bat :netty-test:run
env:
SW_APM_SERVICE_KEY: ${{ secrets.SW_APM_SERVICE_KEY }}:smoke-test-windows
release-test:
runs-on: windows-latest
env:
LAMBDA: "false"
needs:
- s3-stage-upload
steps:
- uses: actions/checkout@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
- name: Build smoke-test
run: |
cd smoke-tests
./gradlew build -x test
- name: Docker login
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $GITHUB_USERNAME --password-stdin
- name: Build webmvc jar
run: |
cd smoke-tests
./gradlew :spring-boot-webmvc:build
- name: Build webmvc image
run: |
cd smoke-tests/spring-boot-webmvc
docker image build --tag smt:webmvc .
- name: Execute smoke tests
run: |
cd smoke-tests
./gradlew test
- uses: actions/upload-artifact@v4
with:
path: smoke-tests/build/reports/tests/test
- name: Docker logout
run: docker logout