Bump multiple github action versions #6687
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - 'main' | |
| - 'release-*' | |
| paths-ignore: | |
| - "**.md" | |
| - "docs/**" | |
| - "hugo/**" | |
| pull_request: | |
| types: | |
| - opened | |
| - reopened | |
| - synchronize | |
| permissions: | |
| contents: read | |
| env: | |
| NFPM_VERSION: 'v2.35.3' | |
| GOPROXY: "direct" | |
| jobs: | |
| cache-dependencies: | |
| name: Cache Dependencies | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| id-token: write # for OIDC authentication | |
| if: github.ref == 'refs/heads/main' | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| fetch-tags: 'true' | |
| - name: Get Secrets from Azure Key Vault | |
| uses: ./.github/actions/az-sync | |
| with: | |
| az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }} | |
| az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }} | |
| az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }} | |
| keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }} | |
| secrets-filter: 'artifactory' | |
| - name: Configure Go Proxy | |
| uses: ./.github/actions/configure-goproxy | |
| - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: false | |
| - name: Download Go modules | |
| run: go mod download | |
| - name: Setup Build Environment | |
| run: go install github.com/goreleaser/nfpm/v2/cmd/nfpm@${{ env.NFPM_VERSION }} | |
| - name: Fix golang dependency permissions | |
| run: chmod -R 0755 ~/go/pkg/mod ~/.cache/go-build | |
| - uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go- | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| id-token: write # for OIDC authentication | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Get Secrets from Azure Key Vault | |
| uses: ./.github/actions/az-sync | |
| with: | |
| az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }} | |
| az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }} | |
| az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }} | |
| keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }} | |
| secrets-filter: 'artifactory' | |
| - name: Configure Go Proxy | |
| uses: ./.github/actions/configure-goproxy | |
| - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: false | |
| - uses: actions/cache/restore@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go- | |
| - name: Lint Go | |
| uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9.2.0 | |
| with: | |
| version: v2.4.0 | |
| skip-cache: true | |
| vulnerability-scan: | |
| name: Vulnerability Scan | |
| uses: ./.github/workflows/vulncheck.yml | |
| permissions: | |
| contents: read | |
| security-events: write # for reporting vulnerabilities via code-scanning API | |
| with: | |
| target-branch: ${{ github.event.pull_request.base.ref || github.ref_name }} | |
| unit-test: | |
| name: Unit Tests | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| id-token: write # for OIDC authentication | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Get Secrets from Azure Key Vault | |
| uses: ./.github/actions/az-sync | |
| with: | |
| az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }} | |
| az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }} | |
| az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }} | |
| keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }} | |
| secrets-filter: 'artifactory' | |
| - name: Configure Go Proxy | |
| uses: ./.github/actions/configure-goproxy | |
| - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: false | |
| - uses: actions/cache/restore@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go- | |
| - name: Run Unit Tests | |
| run: make unit-test | |
| - name: Uplaod Test Coverage | |
| uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2 | |
| with: | |
| files: ./build/test/coverage.out | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| race-condition-test: | |
| name: Unit tests with race condition detection | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| id-token: write # for OIDC authentication | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Get Secrets from Azure Key Vault | |
| uses: ./.github/actions/az-sync | |
| with: | |
| az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }} | |
| az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }} | |
| az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }} | |
| keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }} | |
| secrets-filter: 'artifactory' | |
| - name: Configure Go Proxy | |
| uses: ./.github/actions/configure-goproxy | |
| - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: false | |
| - uses: actions/cache/restore@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go- | |
| - name: Run unit tests with race condition detection | |
| run: make race-condition-test | |
| build-unsigned-snapshot: | |
| name: Build Unsigned Snapshot | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| id-token: write # for OIDC authentication | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| fetch-tags: 'true' | |
| - name: Get Secrets from Azure Key Vault | |
| uses: ./.github/actions/az-sync | |
| with: | |
| az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }} | |
| az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }} | |
| az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }} | |
| keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }} | |
| secrets-filter: 'artifactory' | |
| - name: Configure Go Proxy | |
| uses: ./.github/actions/configure-goproxy | |
| - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: false | |
| - name: Download Go modules | |
| run: go mod download | |
| - name: Setup Build Environment | |
| run: go install github.com/goreleaser/nfpm/v2/cmd/nfpm@${{ env.NFPM_VERSION }} | |
| - name: Fix golang dependency permissions | |
| run: chmod -R 0755 ~/go/pkg/mod ~/.cache/go-build | |
| - uses: actions/cache/restore@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go- | |
| - name: Build Packages | |
| run: | | |
| make clean local-deb-package local-rpm-package local-apk-package | |
| - name: Upload Artifacts | |
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 | |
| with: | |
| name: nginx-agent-unsigned-snapshots | |
| path: build | |
| retention-days: 1 | |
| integration-tests: | |
| name: Integration Tests | |
| needs: build-unsigned-snapshot | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| id-token: write # for OIDC authentication | |
| strategy: | |
| matrix: | |
| container: | |
| - image: "ubuntu" | |
| version: "24.04" | |
| - image: "redhatenterprise" | |
| version: "9" | |
| - image: "alpine" | |
| version: "3.23" | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Get Secrets from Azure Key Vault | |
| uses: ./.github/actions/az-sync | |
| with: | |
| az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }} | |
| az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }} | |
| az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }} | |
| keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }} | |
| secrets-filter: 'artifactory' | |
| - name: Configure Go Proxy | |
| uses: ./.github/actions/configure-goproxy | |
| - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: false | |
| - uses: actions/cache/restore@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go- | |
| - name: Download Packages | |
| uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 | |
| with: | |
| name: nginx-agent-unsigned-snapshots | |
| path: build | |
| - name: Create Results Directory | |
| run: mkdir -p ${{ github.workspace }}/test/dashboard/logs/${{ github.job }}/${{matrix.container.image}}-${{matrix.container.version}} | |
| - name: Start Promtail | |
| uses: ./.github/actions/start-promtail | |
| with: | |
| loki_url: ${{ secrets.LOKI_DASHBOARD_URL }} | |
| - name: Run Integration Tests | |
| run: | | |
| go install github.com/goreleaser/nfpm/v2/cmd/nfpm@${{ env.NFPM_VERSION }} | |
| OS_RELEASE="${{ matrix.container.image }}" OS_VERSION="${{ matrix.container.version }}" \ | |
| make integration-test | tee ${{github.workspace}}/test/dashboard/logs/${{github.job}}/${{matrix.container.image}}-${{matrix.container.version}}/raw_logs.log | |
| exit "${PIPESTATUS[0]}" | |
| - name: Format Results | |
| if: always() | |
| run: bash ./scripts/dashboard/format_results.sh ${{job.status}} ${{github.job}}/${{matrix.container.image}}-${{matrix.container.version}} ${{github.workspace}} | |
| upgrade-tests: | |
| name: Upgrade Tests | |
| needs: build-unsigned-snapshot | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| id-token: write # for OIDC authentication | |
| strategy: | |
| matrix: | |
| container: | |
| - image: "ubuntu" | |
| version: "24.04" | |
| - image: "redhatenterprise" | |
| version: "9" | |
| - image: "alpine" | |
| version: "3.22" | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Get Secrets from Azure Key Vault | |
| uses: ./.github/actions/az-sync | |
| with: | |
| az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }} | |
| az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }} | |
| az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }} | |
| keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }} | |
| secrets-filter: 'artifactory' | |
| - name: Configure Go Proxy | |
| uses: ./.github/actions/configure-goproxy | |
| - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: false | |
| - uses: actions/cache/restore@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go- | |
| - name: Download Packages | |
| uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 | |
| with: | |
| name: nginx-agent-unsigned-snapshots | |
| path: build | |
| - name: Create Results Directory | |
| run: mkdir -p ${{ github.workspace }}/test/dashboard/logs/${{ github.job }}/${{matrix.container.image}}-${{matrix.container.version}} | |
| - name: Start Promtail | |
| uses: ./.github/actions/start-promtail | |
| with: | |
| loki_url: ${{ secrets.LOKI_DASHBOARD_URL }} | |
| - name: Run Upgrade Tests | |
| run: | | |
| go install github.com/goreleaser/nfpm/v2/cmd/nfpm@${{ env.NFPM_VERSION }} | |
| OS_RELEASE="${{ matrix.container.image }}" OS_VERSION="${{ matrix.container.version }}" \ | |
| make upgrade-test | tee ${{github.workspace}}/test/dashboard/logs/${{github.job}}/${{matrix.container.image}}-${{matrix.container.version}}/raw_logs.log | |
| exit "${PIPESTATUS[0]}" | |
| - name: Format Results | |
| if: always() | |
| run: bash ./scripts/dashboard/format_results.sh ${{job.status}} ${{github.job}}/${{matrix.container.image}}-${{matrix.container.version}} ${{github.workspace}} | |
| official-oss-image-integration-tests: | |
| name: Integration Tests - Official OSS Images | |
| needs: build-unsigned-snapshot | |
| if: ${{ !github.event.pull_request.head.repo.fork && !startsWith(github.head_ref, 'dependabot-') }} | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| id-token: write # for OIDC authentication | |
| strategy: | |
| matrix: | |
| container: | |
| - image: "bookworm" | |
| version: "stable" | |
| release: "debian" | |
| - image: "bookworm" | |
| version: "mainline" | |
| release: "debian" | |
| - image: "alpine" | |
| version: "stable" | |
| release: "alpine" | |
| - image: "alpine" | |
| version: "mainline" | |
| release: "alpine" | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Get Secrets from Azure Key Vault | |
| uses: ./.github/actions/az-sync | |
| with: | |
| az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }} | |
| az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }} | |
| az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }} | |
| keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }} | |
| secrets-filter: 'artifactory' | |
| - name: Configure Go Proxy | |
| uses: ./.github/actions/configure-goproxy | |
| - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: false | |
| - uses: actions/cache/restore@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go- | |
| - name: Download Packages | |
| uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 | |
| with: | |
| name: nginx-agent-unsigned-snapshots | |
| path: build | |
| - name: Create Results Directory | |
| run: mkdir -p ${{ github.workspace }}/test/dashboard/logs/${{ github.job }}/${{matrix.container.image}}-${{matrix.container.version}} | |
| - name: Start Promtail | |
| uses: ./.github/actions/start-promtail | |
| with: | |
| loki_url: ${{ secrets.LOKI_DASHBOARD_URL }} | |
| - name: Run Integration Tests | |
| run: | | |
| go install github.com/goreleaser/nfpm/v2/cmd/nfpm@${{ env.NFPM_VERSION }} | |
| CONTAINER_NGINX_IMAGE_REGISTRY="docker-registry.nginx.com" \ | |
| TAG="${{ matrix.container.version }}-${{ matrix.container.image }}" \ | |
| OS_RELEASE="${{ matrix.container.release }}" OS_VERSION="${{ matrix.container.version }}" \ | |
| make official-image-integration-test | tee ${{github.workspace}}/test/dashboard/logs/${{github.job}}/${{matrix.container.image}}-${{matrix.container.version}}/raw_logs.log | |
| exit "${PIPESTATUS[0]}" | |
| - name: Format Results | |
| if: always() | |
| run: bash ./scripts/dashboard/format_results.sh ${{job.status}} ${{github.job}}/${{matrix.container.image}}-${{matrix.container.version}} ${{github.workspace}} | |
| official-plus-image-integration-tests: | |
| name: Integration Tests - Official Plus Images | |
| needs: build-unsigned-snapshot | |
| if: ${{ !github.event.pull_request.head.repo.fork && !startsWith(github.head_ref, 'dependabot-') }} | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| id-token: write # for OIDC authentication | |
| strategy: | |
| matrix: | |
| container: | |
| - image: "alpine" | |
| version: "3.22" | |
| plus: "r35" | |
| release: "alpine" | |
| path: "/nginx-plus/agent" | |
| - image: "alpine" | |
| version: "3.21" | |
| plus: "r34" | |
| release: "alpine" | |
| path: "/nginx-plus/agent" | |
| - image: "debian" | |
| version: "bookworm" | |
| plus: "r35" | |
| release: "debian" | |
| path: "/nginx-plus/agent" | |
| - image: "debian" | |
| version: "bookworm" | |
| plus: "r34" | |
| release: "debian" | |
| path: "/nginx-plus/agent" | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Get Secrets from Azure Key Vault | |
| uses: ./.github/actions/az-sync | |
| with: | |
| az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }} | |
| az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }} | |
| az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }} | |
| keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }} | |
| secrets-filter: 'artifactory' | |
| - name: Configure Go Proxy | |
| uses: ./.github/actions/configure-goproxy | |
| - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: false | |
| - uses: actions/cache/restore@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go- | |
| - name: Sync NGINX Plus License | |
| uses: ./.github/actions/az-sync | |
| with: | |
| az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }} | |
| az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }} | |
| az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }} | |
| keyvault: ${{ secrets.AZ_KEYVAULT_COMMON }} | |
| secrets-filter: 'docker,nginx-private-registry,nginx-pkg' | |
| - name: Download Packages | |
| uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 | |
| with: | |
| name: nginx-agent-unsigned-snapshots | |
| path: build | |
| - name: Login to Docker Registry | |
| uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 | |
| with: | |
| registry: ${{ env.nginx-private-registry-url }} | |
| username: ${{ env.nginx-pkg-jwt }} | |
| password: "none" | |
| - name: Create Results Directory | |
| run: mkdir -p ${{ github.workspace }}/test/dashboard/logs/${{ github.job }}/${{matrix.container.image}}-${{matrix.container.version}} | |
| - name: Start Promtail | |
| uses: ./.github/actions/start-promtail | |
| with: | |
| loki_url: ${{ secrets.LOKI_DASHBOARD_URL }} | |
| - name: Run Integration Tests | |
| run: | | |
| go install github.com/goreleaser/nfpm/v2/cmd/nfpm@${{ env.NFPM_VERSION }} | |
| CONTAINER_NGINX_IMAGE_REGISTRY="${{ env.nginx-private-registry-url }}" \ | |
| TAG="${{ matrix.container.plus }}-${{ matrix.container.image }}-${{ matrix.container.version }}" \ | |
| OS_RELEASE="${{ matrix.container.release }}" OS_VERSION="${{ matrix.container.version }}" IMAGE_PATH="${{ matrix.container.path }}" \ | |
| NGINX_LICENSE_JWT='${{ env.nginx-pkg-jwt }}' \ | |
| make official-image-integration-test | tee ${{github.workspace}}/test/dashboard/logs/${{github.job}}/${{matrix.container.image}}-${{matrix.container.version}}/raw_logs.log | |
| exit "${PIPESTATUS[0]}" | |
| - name: Format Results | |
| if: always() | |
| run: bash ./scripts/dashboard/format_results.sh ${{job.status}} ${{github.job}}/${{matrix.container.image}}-${{matrix.container.version}} ${{github.workspace}} | |
| oss-metrics-tests: | |
| name: Metrics Integration Tests - Official OSS Images | |
| needs: build-unsigned-snapshot | |
| if: ${{ !github.event.pull_request.head.repo.fork && !startsWith(github.head_ref, 'dependabot-') }} | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| id-token: write # for OIDC authentication | |
| strategy: | |
| matrix: | |
| container: | |
| - image: "bookworm" | |
| version: "stable" | |
| release: "debian" | |
| - image: "bookworm" | |
| version: "mainline" | |
| release: "debian" | |
| - image: "alpine" | |
| version: "stable" | |
| release: "alpine" | |
| - image: "alpine" | |
| version: "mainline" | |
| release: "alpine" | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Get Secrets from Azure Key Vault | |
| uses: ./.github/actions/az-sync | |
| with: | |
| az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }} | |
| az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }} | |
| az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }} | |
| keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }} | |
| secrets-filter: 'artifactory' | |
| - name: Configure Go Proxy | |
| uses: ./.github/actions/configure-goproxy | |
| - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: false | |
| - uses: actions/cache/restore@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go- | |
| - name: Download Packages | |
| uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 | |
| with: | |
| name: nginx-agent-unsigned-snapshots | |
| path: build | |
| - name: Create Results Directory | |
| run: mkdir -p ${{ github.workspace }}/test/dashboard/logs/${{ github.job }}/${{matrix.container.image}}-${{matrix.container.version}} | |
| - name: Start Promtail | |
| uses: ./.github/actions/start-promtail | |
| with: | |
| loki_url: ${{ secrets.LOKI_DASHBOARD_URL }} | |
| - name: Run Integration Tests | |
| run: | | |
| go install github.com/goreleaser/nfpm/v2/cmd/nfpm@${{ env.NFPM_VERSION }} | |
| CONTAINER_NGINX_IMAGE_REGISTRY="docker-registry.nginx.com" \ | |
| TAG="${{ matrix.container.version }}-${{ matrix.container.image }}" \ | |
| OS_RELEASE="${{ matrix.container.release }}" OS_VERSION="${{ matrix.container.version }}" \ | |
| make metrics-test | tee ${{github.workspace}}/test/dashboard/logs/${{github.job}}/${{matrix.container.image}}-${{matrix.container.version}}/raw_logs.log | |
| exit "${PIPESTATUS[0]}" | |
| - name: Format Results | |
| if: always() | |
| run: bash ./scripts/dashboard/format_results.sh ${{job.status}} ${{github.job}}/${{matrix.container.image}}-${{matrix.container.version}} ${{github.workspace}} | |
| plus-metrics-tests: | |
| name: Metrics Integration Tests - Official Plus Images | |
| needs: build-unsigned-snapshot | |
| if: ${{ !github.event.pull_request.head.repo.fork && !startsWith(github.head_ref, 'dependabot-') }} | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| id-token: write # for OIDC authentication | |
| strategy: | |
| matrix: | |
| container: | |
| - image: "alpine" | |
| version: "3.22" | |
| plus: "r35" | |
| release: "alpine" | |
| path: "/nginx-plus/agent" | |
| - image: "alpine" | |
| version: "3.21" | |
| plus: "r34" | |
| release: "alpine" | |
| path: "/nginx-plus/agent" | |
| - image: "debian" | |
| version: "bookworm" | |
| plus: "r35" | |
| release: "debian" | |
| path: "/nginx-plus/agent" | |
| - image: "debian" | |
| version: "bookworm" | |
| plus: "r34" | |
| release: "debian" | |
| path: "/nginx-plus/agent" | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Get Secrets from Azure Key Vault | |
| uses: ./.github/actions/az-sync | |
| with: | |
| az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }} | |
| az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }} | |
| az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }} | |
| keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }} | |
| secrets-filter: 'artifactory' | |
| - name: Configure Go Proxy | |
| uses: ./.github/actions/configure-goproxy | |
| - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: false | |
| - uses: actions/cache/restore@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go- | |
| - name: Download Packages | |
| uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 | |
| with: | |
| name: nginx-agent-unsigned-snapshots | |
| path: build | |
| - name: Sync NGINX Plus License | |
| uses: ./.github/actions/az-sync | |
| with: | |
| az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }} | |
| az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }} | |
| az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }} | |
| keyvault: ${{ secrets.AZ_KEYVAULT_COMMON }} | |
| secrets-filter: 'docker,nginx-private-registry,nginx-pkg-jwt' | |
| - name: Login to Docker Registry | |
| uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 | |
| with: | |
| registry: ${{ env.nginx-private-registry-url }} | |
| username: ${{ env.nginx-pkg-jwt }} | |
| password: "none" | |
| - name: Create Results Directory | |
| run: mkdir -p ${{ github.workspace }}/test/dashboard/logs/${{ github.job }}/${{matrix.container.image}}-${{matrix.container.version}} | |
| - name: Start Promtail | |
| uses: ./.github/actions/start-promtail | |
| with: | |
| loki_url: ${{ secrets.LOKI_DASHBOARD_URL }} | |
| - name: Run Integration Tests | |
| run: | | |
| go install github.com/goreleaser/nfpm/v2/cmd/nfpm@${{ env.NFPM_VERSION }} | |
| CONTAINER_NGINX_IMAGE_REGISTRY="${{ env.nginx-private-registry-url }}" \ | |
| TAG="${{ matrix.container.plus }}-${{ matrix.container.image }}-${{ matrix.container.version }}" \ | |
| OS_RELEASE="${{ matrix.container.release }}" OS_VERSION="${{ matrix.container.version }}" IMAGE_PATH="${{ matrix.container.path }}" \ | |
| NGINX_LICENSE_JWT="${{ env.nginx-pkg-jwt }}" \ | |
| make metrics-test | tee ${{github.workspace}}/test/dashboard/logs/${{github.job}}/${{matrix.container.image}}-${{matrix.container.version}}/raw_logs.log | |
| exit "${PIPESTATUS[0]}" | |
| - name: Format Results | |
| if: always() | |
| run: bash ./scripts/dashboard/format_results.sh ${{job.status}} ${{github.job}}/${{matrix.container.image}}-${{matrix.container.version}} ${{github.workspace}} | |
| performance-tests: | |
| name: Performance Tests | |
| runs-on: ubuntu-22.04 | |
| needs: build-unsigned-snapshot | |
| permissions: | |
| id-token: write # for OIDC authentication | |
| contents: write # Needed for pushing benchmark results to github branch | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Get Secrets from Azure Key Vault | |
| uses: ./.github/actions/az-sync | |
| with: | |
| az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }} | |
| az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }} | |
| az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }} | |
| keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }} | |
| secrets-filter: 'artifactory' | |
| - name: Configure Go Proxy | |
| uses: ./.github/actions/configure-goproxy | |
| - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: false | |
| - uses: actions/cache/restore@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go- | |
| - name: Run Performance Tests | |
| run: | | |
| make performance-test | |
| - name: Store benchmark result | |
| uses: benchmark-action/github-action-benchmark@4bdcce38c94cec68da58d012ac24b7b1155efe8b # v1.20.7 | |
| with: | |
| name: Compare Benchmark Results | |
| tool: 'go' | |
| output-file-path: ./build/test/benchmark.txt | |
| benchmark-data-dir-path: "" | |
| # Set auto-push to false since GitHub API token is not given | |
| auto-push: false | |
| alert-threshold: '150%' | |
| gh-pages-branch: "benchmark-results" | |
| fail-on-alert: true | |
| - name: Push benchmark result | |
| if: ${{ success() && github.ref_name == 'main'}} | |
| run: git push 'https://github-actions:${{ secrets.GITHUB_TOKEN }}@github.com/nginx/agent.git' benchmark-results:benchmark-results | |
| load-tests: | |
| name: Load Tests | |
| if: ${{ !github.event.pull_request.head.repo.fork && !startsWith(github.head_ref, 'dependabot-') }} | |
| permissions: | |
| id-token: write # for OIDC authentication | |
| contents: write # Needed for pushing benchmark results to github branch | |
| runs-on: ubuntu-22.04 | |
| needs: build-unsigned-snapshot | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 | |
| with: | |
| go-version-file: 'go.mod' | |
| cache: false | |
| - uses: actions/cache/restore@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| key: ${{ runner.os }}-go- | |
| - name: Download Packages | |
| uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 | |
| with: | |
| name: nginx-agent-unsigned-snapshots | |
| path: build | |
| - name: Set up Docker Build | |
| uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 | |
| - name: Set env | |
| run: echo "GO_VERSION=$(cat go.mod | grep toolchain | sed 's/toolchain //; s/go//')" >> $GITHUB_ENV | |
| - name: Get Secrets from Azure Key Vault | |
| uses: ./.github/actions/az-sync | |
| with: | |
| az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }} | |
| az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }} | |
| az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }} | |
| keyvault: ${{ secrets.AZ_KEYVAULT_COMMON }} | |
| secrets-filter: 'nginx-pkg' | |
| - name: Build Docker Image | |
| uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 | |
| env: | |
| GO_VERSION: ${{ env.GO_VERSION }} | |
| with: | |
| file: test/docker/load/Dockerfile | |
| tags: nginx-agent-load-test:1.0.0 | |
| context: '.' | |
| push: false | |
| load: true | |
| no-cache: true | |
| secrets: | | |
| "nginx-crt=${{ env.nginx-pkg-certificate }}" | |
| "nginx-key=${{ env.nginx-pkg-key }}" | |
| build-args: | | |
| OSARCH=amd64 | |
| GO_VERSION=${{ env.GO_VERSION }} | |
| - name: Run Load Tests | |
| run: | | |
| results=$(docker run --rm nginx-agent-load-test:1.0.0) | |
| echo "$results" > benchmarks.json | |
| echo "$results" | |
| - name: Upload Load Test Results | |
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 | |
| with: | |
| name: load-test-results | |
| path: benchmarks.json | |
| if-no-files-found: error | |
| - name: Store benchmark result | |
| uses: benchmark-action/github-action-benchmark@4bdcce38c94cec68da58d012ac24b7b1155efe8b # v1.20.7 | |
| with: | |
| name: Compare Benchmark Results | |
| tool: 'customSmallerIsBetter' | |
| output-file-path: benchmarks.json | |
| benchmark-data-dir-path: "" | |
| # Set auto-push to false since GitHub API token is not given | |
| auto-push: false | |
| alert-threshold: '150%' | |
| gh-pages-branch: "benchmark-results" | |
| fail-on-alert: true | |
| - name: Push load test result | |
| if: ${{ success() && github.ref_name == 'main' }} | |
| run: git push 'https://github-actions:${{ github.token }}@github.com/nginx/agent.git' benchmark-results:benchmark-results |