Nr 332129 automate release of nri statsd (#93)

* Added workflow reusable_push_pr * Removed unnecassary on_pr_push jobs * Added Repolinter * Modified security.yaml to use the reusable security workflow Also included the docker image scanning from the old security workflow * Used resuable workflow for push PR * Added integration test to on_push_pr * Nightly no longer uses snyk * Updated gostatsd version -- test -- * Removed Integration Tests on branch push * Push PR no longer uses reusable action * Removed reusable push_pr_workflow * Added working directory for static checks * Introduced changelog and automated releases * changelog header fix * GHA publish is no longer used * Updated dependencies to solve for security threats. * Bumped Go, Updated releases scheduled time * -pre suffix now is added to the tag * Bumped go version in CHANGELOG * Modified test image version * Bumped docker build-push-action This will enable build summary for the images in GHA tab * automated release changed to Thursday
newrelic · Nov 21, 2024 · 539790a · 539790a
1 parent 9e0eb76
commit 539790a
Show file tree

Hide file tree

Showing 13 changed files with 322 additions and 185 deletions.
diff --git a/.github/workflows/automated_release.yml b/.github/workflows/automated_release.yml
@@ -0,0 +1,11 @@
+name: Automated release creation
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 17 * * 4"
+
+jobs:
+  release_management:
+    uses: newrelic/coreint-automation/.github/workflows/reusable_release_automation.yaml@v3
+    secrets: inherit
diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
@@ -7,7 +7,6 @@ on:
       - master
 
 env:
-  SNYK_TOKEN: ${{ secrets.CAOS_SNYK_TOKEN }}
   TEST_IMAGE: "newrelic/nri-statsd:nightly"
   DOCKER_IMAGE_TAG: "nightly"
 
@@ -28,14 +27,6 @@ jobs:
         run: |
           make build/docker-amd64 DOCKER_IMAGE_TAG=${{ env.DOCKER_IMAGE_TAG }}
 
-      - name: Run Snyk to check Docker image for vulnerabilities
-        uses: snyk/actions/docker@master
-        env:
-          SNYK_TOKEN: ${{ env.SNYK_TOKEN }}
-        with:
-          image: ${{ env.TEST_IMAGE }}
-          args: --file=Dockerfile --severity-threshold=high
-
       - name: Run Trivy to check Docker image for vulnerabilities
         uses: aquasecurity/trivy-action@master
         with:

diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
diff --git a/.github/workflows/push_pr.yaml b/.github/workflows/push_pr.yaml
@@ -0,0 +1,56 @@
+name: Push/PR
+
+on:
+  push:
+    branches:
+      - main
+      - master
+      - renovate/**
+  pull_request:
+  workflow_dispatch:
+
+jobs:
+
+  static-analysis:
+    name: Run static analysis checks
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-go@v5
+        with:
+          go-version-file: 'tests/integration/go.mod'
+      - uses: newrelic/newrelic-infra-checkers@v1
+        with:
+          golangci-lint-config: golangci-lint-limited
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v3
+        continue-on-error: ${{ github.event_name != 'pull_request' }}
+        with:
+          only-new-issues: true
+          working-directory: tests/integration/
+      - name: Check if CHANGELOG is valid
+        uses: newrelic/release-toolkit/validate-markdown@v1
+
+  integration-test:
+    name: 🚧 integration tests
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        arch: [  arm64, amd64 ]
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.OHAI_DOCKER_HUB_ID }}
+          password: ${{ secrets.OHAI_DOCKER_HUB_PASSWORD }}
+
+      - name: Running integration tests
+        run: |
+          make integration-tests-${{ matrix.arch }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,128 @@
+name: Release
+
+on:
+  release:
+    types:
+      - prereleased
+      - released
+
+env:
+    ORIGINAL_REPO_NAME: "newrelic/nri-statsd"
+    DOCKER_PLATFORMS: "linux/amd64,linux/arm64"
+    DOCKER_IMAGE_NAME: newrelic/nri-statsd
+    TAG: ${{ github.event.release.tag_name }}
+    VERSION: ""
+    TAG_SUFFIX: ""
+
+jobs:
+  integration-tests:
+    name: 🚧 integration tests
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        arch: [  arm64, amd64 ]
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.OHAI_DOCKER_HUB_ID }}
+          password: ${{ secrets.OHAI_DOCKER_HUB_PASSWORD }}
+
+      - name: Running integration tests
+        run: |
+          make integration-tests-${{ matrix.arch }}
+
+  release-integration:
+    name: Publish container images to registry
+    runs-on: ubuntu-latest
+    needs: [integration-tests]
+    steps:
+        - name: Checkout master
+          uses: actions/checkout@v4
+
+        - name: Add pre-release tag suffix
+          if: ${{ github.event.release.prerelease }}
+          run: |
+            echo "TAG_SUFFIX=-pre" >> $GITHUB_ENV
+        
+        - name: Generate version from tag
+          run: |
+            TAG_WITHOUT_V=$(echo "${{ env.TAG }}" | sed 's/^v//')
+            echo "VERSION=$TAG_WITHOUT_V" >> $GITHUB_ENV
+        
+        - name: Set up QEMU
+          uses: docker/setup-qemu-action@v3
+
+        - name: Set up Docker Buildx
+          uses: docker/setup-buildx-action@v3
+
+        - name: Login to DockerHub
+          uses: docker/login-action@v3
+          with:
+            username: ${{ secrets.OHAI_DOCKER_HUB_ID }}
+            password: ${{ secrets.OHAI_DOCKER_HUB_PASSWORD }}
+
+        - name: Build and push docker image
+          uses: docker/build-push-action@v6
+          with:
+            platforms: ${{ env.DOCKER_PLATFORMS }}
+            context: .
+            push: true
+            tags: |
+              ${{ env.DOCKER_IMAGE_NAME }}:${{ env.VERSION }}${{ env.TAG_SUFFIX }}
+        
+        - name: Push latest tag
+          if: ${{ ! github.event.release.prerelease }}
+          uses: docker/build-push-action@v5
+          with:
+            platforms: ${{ env.DOCKER_PLATFORMS }}
+            context: .
+            push: true
+            tags: ${{ env.DOCKER_IMAGE_NAME }}:latest
+
+        - name: Update title for successful pre-release
+          if: ${{ github.event.release.prerelease }}
+          env:
+            GH_TOKEN: "${{ secrets.COREINT_BOT_TOKEN }}"
+          run: |
+            gh release edit ${{ env.TAG }} --title "${{ env.TAG }}"
+
+  notify-failure:
+    if: ${{ always() && failure() }}
+    needs: [release-integration]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Notify failure via Slack
+        uses: archive/github-actions-slack@master
+        with:
+          slack-bot-user-oauth-access-token: ${{ secrets.COREINT_SLACK_TOKEN }}
+          slack-channel: ${{ secrets.COREINT_SLACK_CHANNEL }}
+          slack-text: "❌ `${{ env.ORIGINAL_REPO_NAME }}`: [image release failed](${{ github.server_url }}/${{ env.ORIGINAL_REPO_NAME }}/actions/runs/${{ github.run_id }})."
+
+  update-title-on-failure:
+    if: ${{ always() && failure() }}
+    needs: [release-integration]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - if: ${{ github.event.release.prerelease }}
+        name: Reflect failure in pre-release title
+        env:
+          GH_TOKEN: "${{ secrets.COREINT_BOT_TOKEN }}"
+        run: |
+          gh release edit ${{ github.event.release.tag_name }} --title "${{ github.event.release.tag_name }} (pre-release-failure)"
+      
+      - if: ${{ ! github.event.release.prerelease }}
+        name: Reflect failure in release title
+        env:
+          GH_TOKEN: "${{ secrets.COREINT_BOT_TOKEN }}"
+        run: |
+          gh release edit ${{ github.event.release.tag_name }} --title "${{ github.event.release.tag_name }} (release-failure)"
diff --git a/.github/workflows/repolinter.yml b/.github/workflows/repolinter.yml
@@ -0,0 +1,9 @@
+name: Repolinter Action
+
+on:
+  push:
+  workflow_dispatch:
+
+jobs:
+  repolinter:
+    uses: newrelic/coreint-automation/.github/workflows/reusable_repolinter.yaml@v3
diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml
@@ -3,18 +3,23 @@ name: 🕵🏼 Security scan
 on:
   push:
     branches:
-      - '**'
-    tags-ignore:
-      - '**'
-    paths-ignore:
-      - README.md
+      - master
+      - main
+      - renovate/**
+  pull_request:
+  schedule:
+    - cron: "0 3 * * *"
 
 env:
-  SNYK_TOKEN: ${{ secrets.CAOS_SNYK_TOKEN }}
   TEST_IMAGE: "newrelic/nri-statsd:test"
 
 jobs:
-  trivy_scanner:
+  security:
+    uses: newrelic/coreint-automation/.github/workflows/reusable_security.yaml@v3
+    with:
+      skip-dirs: "build"
+
+  scan-image:
     name: Security scanner for docker image
     runs-on: ubuntu-latest
     steps:
@@ -29,15 +34,7 @@ jobs:
       - name: Build image
         run: |
           make build/docker-amd64
-
-      - name: Run Snyk to check Docker image for vulnerabilities
-        uses: snyk/actions/docker@master
-        env:
-          SNYK_TOKEN: ${{ env.SNYK_TOKEN }}
-        with:
-          image: ${{ env.TEST_IMAGE }}
-          args: --file=Dockerfile --severity-threshold=high
-
+      
       - name: Run Trivy to check Docker image for vulnerabilities
         uses: aquasecurity/trivy-action@master
         with:
@@ -46,4 +43,4 @@ jobs:
           exit-code: '1'
           ignore-unfixed: true
           vuln-type: 'os,library'
-          severity: "CRITICAL,HIGH"
+          severity: "CRITICAL,HIGH"
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -0,0 +1,26 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](http://keepachangelog.com/)
+and this project adheres to [Semantic Versioning](http://semver.org/).
+
+Unreleased section should follow [Release Toolkit](https://github.com/newrelic/release-toolkit#render-markdown-and-update-markdown)
+
+## Unreleased
+
+### enhancements
+- Intoduced Changelog
+- Introduced automated release pipeline
+
+### dependencies
+- Updated alpine docker tag to v3.20.3
+- Updated atlassianlabs/gostatsd to v40.0.0
+- Updated testcontainers-go to v0.34
+- Updated go version to v1.22.3
+
+## v2.9.2 - 2024-08-08
+
+### ⛓️ Dependencies
+- Updated alpine docker tag to v3.20.2
+- Updated build pipelines to use alpine v3.20.2
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM atlassianlabs/gostatsd:36.0.2 as gostatsd
+FROM atlassianlabs/gostatsd:40.0.0 AS gostatsd
 
 FROM alpine:3.20.3