pin github action version (#268) #484
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Continuous Build and Publish | |
| on: | |
| push: | |
| branches: | |
| - master | |
| pull_request: | |
| branches: | |
| - master | |
| workflow_dispatch: | |
| inputs: | |
| region: | |
| description: The region to test the daemon binaries in. | |
| required: true | |
| default: us-west-2 | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| build: | |
| name: Build on ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| os: | |
| - macos-latest | |
| - ubuntu-latest | |
| - windows-latest | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v2 | |
| - name: Setup Go | |
| uses: actions/setup-go@v2 | |
| with: | |
| go-version: '^1.24.13' | |
| - uses: actions/cache@v4 | |
| with: | |
| path: ~/go/pkg/mod | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go- | |
| - name: Build archives and test | |
| run: make build test | |
| env: | |
| VERSION: 0.${{ github.sha }} # debian package requires version to start with a digit | |
| - name: Build linux archives | |
| if: ${{ runner.os == 'Linux' }} | |
| run: make packaging | |
| env: | |
| VERSION: 0.${{ github.sha }} # debian package requires version to start with a digit | |
| - name: Configure AWS Credentials | |
| if: ${{ runner.os == 'Linux' && github.event_name == 'push' }} | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN_RELEASE }} | |
| aws-region: us-east-1 | |
| - name: Verify Daemon binary | |
| if: ${{ runner.os == 'Linux' && github.event_name == 'push' }} | |
| run: | | |
| build/xray-linux-amd64/xray -o -l dev & | |
| sleep 10 | |
| echo -e '{"format":"json","version":1}\nx' | nc -w 1 -u 127.0.0.1 2000 | |
| sleep 10 | |
| ProcNumber=$(ps -ef |grep -w xray|grep -v grep|wc -l) | |
| echo $ProcNumber | |
| if [[ $ProcNumber == 0 ]]; then | |
| exit 1 | |
| fi | |
| - name: Download package signing GPG secret key | |
| if: ${{ runner.os == 'Linux' && github.event_name == 'push' }} | |
| run: | | |
| aws secretsmanager get-secret-value --region us-east-1 --secret-id "XRayDaemonSecrets" | jq -r ".SecretString" > aws-xray-secret.gpg | |
| md5sum aws-xray-secret.gpg | |
| - name: Import signing GPG key | |
| if: ${{ runner.os == 'Linux' && github.event_name == 'push' }} | |
| run: | | |
| gpg --import aws-xray-secret.gpg | |
| gpg --list-keys | |
| gpg --armor --export -a "aws-xray@amazon.com" > aws-xray-public.gpg | |
| rpm --import aws-xray-public.gpg | |
| shred -fuvz aws-xray-secret.gpg | |
| shred -fuvz aws-xray-public.gpg | |
| - name: Sign daemon packages | |
| if: ${{ runner.os == 'Linux' && github.event_name == 'push' }} | |
| run: ./Tool/src/packaging/sign-packages.sh | |
| - name: Remove Package Signing GPG Key from local GPG Key Ring | |
| if: ${{ runner.os == 'Linux' && github.event_name == 'push' }} | |
| run: | | |
| gpg --fingerprint --with-colons aws-xray@amazon.com | grep -m 1 "fpr" | sed -n 's/^fpr:::::::::\([[:alnum:]]\+\):/\1/p' | xargs gpg --batch --yes --delete-secret-keys | |
| gpg --list-secret-keys | |
| - name: Upload archives as actions artifact | |
| if: ${{ runner.os == 'Linux' }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: distributions | |
| path: build/dist/ | |
| - name: Login to Public ECR | |
| if: ${{ runner.os == 'Linux' && github.event_name == 'push' }} | |
| run: aws ecr-public get-login-password | docker login --username AWS --password-stdin public.ecr.aws | |
| - name: Login to DockerHub | |
| if: ${{ runner.os == 'Linux' && github.event_name == 'push' }} | |
| uses: docker/login-action@v1 | |
| with: | |
| username: ${{ secrets.DOCKER_USER }} | |
| password: ${{ secrets.DOCKER_PASS }} | |
| - name: Set up Docker Buildx | |
| if: ${{ runner.os == 'Linux' }} | |
| uses: docker/setup-buildx-action@v1 | |
| - name: Cache Docker layers | |
| uses: actions/cache@v4 | |
| with: | |
| path: /tmp/.buildx-cache | |
| key: ${{ runner.os }}-buildx-${{ github.sha }} | |
| restore-keys: | | |
| ${{ runner.os }}-buildx- | |
| - name: Build docker image for public ECR | |
| if: ${{ runner.os == 'Linux' }} | |
| uses: docker/build-push-action@v2 | |
| with: | |
| context: . | |
| file: ./Dockerfile | |
| push: ${{ github.event_name == 'push' }} | |
| platforms: linux/amd64,linux/arm64 | |
| tags: | | |
| public.ecr.aws/xray/aws-xray-daemon:alpha | |
| cache-from: type=local,src=/tmp/.buildx-cache | |
| cache-to: type=local,dest=/tmp/.buildx-cache | |
| - name: Build docker image for DockerHub | |
| if: ${{ runner.os == 'Linux' }} | |
| uses: docker/build-push-action@v2 | |
| with: | |
| context: . | |
| file: ./Dockerfile.amazonlinux | |
| push: ${{ github.event_name == 'push' }} | |
| platforms: linux/amd64,linux/arm64 | |
| tags: | | |
| amazon/aws-xray-daemon:alpha | |
| cache-from: type=local,src=/tmp/.buildx-cache | |
| cache-to: type=local,dest=/tmp/.buildx-cache | |
| # Verify the daemon is able to run with the new changes | |
| - name: Run Daemon Image (Amazon Linux) | |
| if: ${{ runner.os == 'Linux' }} | |
| run: | | |
| # Build a single-platform image locally for testing | |
| docker build -f ./Dockerfile.amazonlinux -t amazon/aws-xray-daemon:linux . | |
| docker run --name xray-daemon amazon/aws-xray-daemon:linux -o -n us-west-2 & | |
| sleep 30 | |
| - name: Verify daemon is running in Docker (Amazon Linux) | |
| if: ${{ runner.os == 'Linux' }} | |
| run: | | |
| if [[ "$(docker container inspect -f '{{.State.Status}}' xray-daemon )" != "running" ]]; then | |
| echo "XRay Daemon (Amazon Linux) failed to start in Docker" | |
| exit 1 | |
| else | |
| echo "XRay Daemon (Amazon Linux) is running successfully in Docker" | |
| fi | |
| - name: Run Daemon Image (Scratch) | |
| if: ${{ runner.os == 'Linux' }} | |
| run: | | |
| # Stop and remove previous container | |
| docker stop xray-daemon || true | |
| docker rm xray-daemon || true | |
| # Build a single-platform image locally for testing | |
| docker build -f ./Dockerfile -t amazon/aws-xray-daemon:scratch . | |
| docker run --name xray-daemon amazon/aws-xray-daemon:scratch -o -n us-west-2 & | |
| sleep 30 | |
| - name: Verify daemon is running in Docker (Scratch) | |
| if: ${{ runner.os == 'Linux' }} | |
| run: | | |
| if [[ "$(docker container inspect -f '{{.State.Status}}' xray-daemon )" != "running" ]]; then | |
| echo "XRay Daemon (Scratch) failed to start in Docker" | |
| exit 1 | |
| else | |
| echo "XRay Daemon (Scratch) is running successfully in Docker" | |
| fi | |
| test: | |
| name: Integration testing | |
| if: ${{ github.event_name != 'pull_request' }} #Cannot run integration tests on PR as there is no access to the IAM Role via GH secrets. | |
| needs: [build] | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| testcases: | |
| - linux_deb | |
| - linux_rpm | |
| - linux_zip | |
| - linux_zip_cn | |
| - linux_zip_us_gov | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v2 | |
| - name: Download build artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: distributions | |
| path: distributions | |
| - name: Display structure of downloaded files | |
| run: ls -R | |
| - name: Set up terraform | |
| uses: hashicorp/setup-terraform@v2 | |
| # workaround for handling input value for auto-triggered workflows | |
| # https://dev.to/mrmike/github-action-handling-input-default-value-5f2g | |
| - name: Set AWS region and partition values | |
| id: setRegion | |
| run: | | |
| if [[ ${{ matrix.testcases }} == "linux_zip_cn" ]]; then | |
| echo "::set-output name=region::cn-north-1" | |
| echo "::set-output name=partition::aws-cn" | |
| elif [[ ${{ matrix.testcases }} == "linux_zip_us_gov" ]]; then | |
| echo "::set-output name=region::us-gov-west-1" | |
| echo "::set-output name=partition::aws-us-gov" | |
| else | |
| USER_INPUT=${{ github.event.inputs.region }} | |
| # Use user input region or fall back to "us-west-2" | |
| REGION=${USER_INPUT:-"us-west-2"} | |
| echo "::set-output name=region::$REGION" | |
| echo "::set-output name=partition::aws" | |
| fi | |
| - name: Configure AWS Credentials | |
| if: ${{ steps.setRegion.outputs.partition == 'aws' }} | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| role-to-assume: ${{ secrets.TESTING_ROLE_ARN }} | |
| aws-region: ${{ steps.setRegion.outputs.region }} | |
| - name: Configure AWS Credentials - China | |
| if: ${{ steps.setRegion.outputs.partition == 'aws-cn' }} | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| role-to-assume: ${{ secrets.TESTING_ROLE_ARN_CN }} | |
| aws-region: cn-north-1 | |
| - name: Configure AWS Credentials - US Gov | |
| if: ${{ steps.setRegion.outputs.partition == 'aws-us-gov' }} | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| role-to-assume: ${{ secrets.TESTING_ROLE_ARN_US_GOV }} | |
| aws-region: us-gov-west-1 | |
| - name: Generate trace data | |
| id: traceData | |
| run: | | |
| sudo chmod +x ./testing/generate_trace_data.sh | |
| ./testing/generate_trace_data.sh | |
| - name: Run terraform and send trace data | |
| id: terraformSendData | |
| run: | | |
| cd testing/terraform | |
| terraform init | |
| terraform validate | |
| terraform apply -auto-approve -var-file=./testcases/${{ matrix.testcases }}.tfvars -var=aws_region=${{ steps.setRegion.outputs.region }} | |
| - name: Validate trace data | |
| if: steps.terraformSendData.outcome == 'success' | |
| run: | | |
| echo "trace-id: ${{ env.TRACE_ID }}" | |
| echo "sleeping for 60 seconds" | |
| for i in {1..60}; do echo 'Sleeping...'$i && sleep 1; done | |
| var=$(aws xray batch-get-traces --trace-ids ${{ env.TRACE_ID }} --region ${{ steps.setRegion.outputs.region }} | jq -r '.Traces[0].Id') | |
| if [[ $var == ${{ env.TRACE_ID }} ]]; then | |
| echo "Found matching trace." | |
| else | |
| echo "Trace not found" | |
| exit 1 | |
| fi | |
| - name: Terraform destroy | |
| if: always() | |
| run: | | |
| cd testing/terraform | |
| terraform destroy -auto-approve -var=aws_region=${{ steps.setRegion.outputs.region }} |