Bump multiple github action versions #6687

Workflow file for this run

	name: CI

	on:
	push:
	branches:
	- 'main'
	- 'release-*'
	paths-ignore:
	- "**.md"
	- "docs/**"
	- "hugo/**"
	pull_request:
	types:
	- opened
	- reopened
	- synchronize

	permissions:
	contents: read

	env:
	NFPM_VERSION: 'v2.35.3'
	GOPROXY: "direct"

	jobs:
	cache-dependencies:
	name: Cache Dependencies
	runs-on: ubuntu-22.04
	permissions:
	id-token: write # for OIDC authentication
	if: github.ref == 'refs/heads/main'
	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	with:
	fetch-tags: 'true'

	- name: Get Secrets from Azure Key Vault
	uses: ./.github/actions/az-sync
	with:
	az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }}
	az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }}
	az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }}
	keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }}
	secrets-filter: 'artifactory'
	- name: Configure Go Proxy
	uses: ./.github/actions/configure-goproxy
	- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
	with:
	go-version-file: 'go.mod'
	cache: false
	- name: Download Go modules
	run: go mod download
	- name: Setup Build Environment
	run: go install github.com/goreleaser/nfpm/v2/cmd/nfpm@${{ env.NFPM_VERSION }}
	- name: Fix golang dependency permissions
	run: chmod -R 0755 ~/go/pkg/mod ~/.cache/go-build
	- uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
	with:
	path: \|
	~/.cache/go-build
	~/go/pkg/mod
	key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
	restore-keys: \|
	${{ runner.os }}-go-

	lint:
	name: Lint
	runs-on: ubuntu-22.04
	permissions:
	id-token: write # for OIDC authentication
	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	- name: Get Secrets from Azure Key Vault
	uses: ./.github/actions/az-sync
	with:
	az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }}
	az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }}
	az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }}
	keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }}
	secrets-filter: 'artifactory'
	- name: Configure Go Proxy
	uses: ./.github/actions/configure-goproxy
	- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
	with:
	go-version-file: 'go.mod'
	cache: false
	- uses: actions/cache/restore@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
	with:
	path: \|
	~/.cache/go-build
	~/go/pkg/mod
	key: ${{ runner.os }}-go-
	- name: Lint Go
	uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9.2.0
	with:
	version: v2.4.0
	skip-cache: true

	vulnerability-scan:
	name: Vulnerability Scan
	uses: ./.github/workflows/vulncheck.yml
	permissions:
	contents: read
	security-events: write # for reporting vulnerabilities via code-scanning API
	with:
	target-branch: ${{ github.event.pull_request.base.ref \|\| github.ref_name }}

	unit-test:
	name: Unit Tests
	runs-on: ubuntu-22.04
	permissions:
	id-token: write # for OIDC authentication
	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	- name: Get Secrets from Azure Key Vault
	uses: ./.github/actions/az-sync
	with:
	az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }}
	az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }}
	az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }}
	keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }}
	secrets-filter: 'artifactory'
	- name: Configure Go Proxy
	uses: ./.github/actions/configure-goproxy
	- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
	with:
	go-version-file: 'go.mod'
	cache: false
	- uses: actions/cache/restore@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
	with:
	path: \|
	~/.cache/go-build
	~/go/pkg/mod
	key: ${{ runner.os }}-go-
	- name: Run Unit Tests
	run: make unit-test
	- name: Uplaod Test Coverage
	uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
	with:
	files: ./build/test/coverage.out
	token: ${{ secrets.CODECOV_TOKEN }}

	race-condition-test:
	name: Unit tests with race condition detection
	runs-on: ubuntu-22.04
	permissions:
	id-token: write # for OIDC authentication
	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	- name: Get Secrets from Azure Key Vault
	uses: ./.github/actions/az-sync
	with:
	az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }}
	az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }}
	az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }}
	keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }}
	secrets-filter: 'artifactory'
	- name: Configure Go Proxy
	uses: ./.github/actions/configure-goproxy
	- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
	with:
	go-version-file: 'go.mod'
	cache: false
	- uses: actions/cache/restore@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
	with:
	path: \|
	~/.cache/go-build
	~/go/pkg/mod
	key: ${{ runner.os }}-go-
	- name: Run unit tests with race condition detection
	run: make race-condition-test

	build-unsigned-snapshot:
	name: Build Unsigned Snapshot
	runs-on: ubuntu-22.04
	permissions:
	id-token: write # for OIDC authentication
	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	with:
	fetch-tags: 'true'
	- name: Get Secrets from Azure Key Vault
	uses: ./.github/actions/az-sync
	with:
	az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }}
	az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }}
	az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }}
	keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }}
	secrets-filter: 'artifactory'
	- name: Configure Go Proxy
	uses: ./.github/actions/configure-goproxy
	- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
	with:
	go-version-file: 'go.mod'
	cache: false
	- name: Download Go modules
	run: go mod download
	- name: Setup Build Environment
	run: go install github.com/goreleaser/nfpm/v2/cmd/nfpm@${{ env.NFPM_VERSION }}
	- name: Fix golang dependency permissions
	run: chmod -R 0755 ~/go/pkg/mod ~/.cache/go-build
	- uses: actions/cache/restore@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
	with:
	path: \|
	~/.cache/go-build
	~/go/pkg/mod
	key: ${{ runner.os }}-go-
	- name: Build Packages
	run: \|
	make clean local-deb-package local-rpm-package local-apk-package
	- name: Upload Artifacts
	uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
	with:
	name: nginx-agent-unsigned-snapshots
	path: build
	retention-days: 1

	integration-tests:
	name: Integration Tests
	needs: build-unsigned-snapshot
	runs-on: ubuntu-22.04
	permissions:
	id-token: write # for OIDC authentication
	strategy:
	matrix:
	container:
	- image: "ubuntu"
	version: "24.04"
	- image: "redhatenterprise"
	version: "9"
	- image: "alpine"
	version: "3.23"
	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	- name: Get Secrets from Azure Key Vault
	uses: ./.github/actions/az-sync
	with:
	az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }}
	az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }}
	az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }}
	keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }}
	secrets-filter: 'artifactory'
	- name: Configure Go Proxy
	uses: ./.github/actions/configure-goproxy
	- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
	with:
	go-version-file: 'go.mod'
	cache: false
	- uses: actions/cache/restore@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
	with:
	path: \|
	~/.cache/go-build
	~/go/pkg/mod
	key: ${{ runner.os }}-go-
	- name: Download Packages
	uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
	with:
	name: nginx-agent-unsigned-snapshots
	path: build

	- name: Create Results Directory
	run: mkdir -p ${{ github.workspace }}/test/dashboard/logs/${{ github.job }}/${{matrix.container.image}}-${{matrix.container.version}}

	- name: Start Promtail
	uses: ./.github/actions/start-promtail
	with:
	loki_url: ${{ secrets.LOKI_DASHBOARD_URL }}

	- name: Run Integration Tests
	run: \|
	go install github.com/goreleaser/nfpm/v2/cmd/nfpm@${{ env.NFPM_VERSION }}
	OS_RELEASE="${{ matrix.container.image }}" OS_VERSION="${{ matrix.container.version }}" \
	make integration-test \| tee ${{github.workspace}}/test/dashboard/logs/${{github.job}}/${{matrix.container.image}}-${{matrix.container.version}}/raw_logs.log
	exit "${PIPESTATUS[0]}"

	- name: Format Results
	if: always()
	run: bash ./scripts/dashboard/format_results.sh ${{job.status}} ${{github.job}}/${{matrix.container.image}}-${{matrix.container.version}} ${{github.workspace}}

	upgrade-tests:
	name: Upgrade Tests
	needs: build-unsigned-snapshot
	runs-on: ubuntu-22.04
	permissions:
	id-token: write # for OIDC authentication
	strategy:
	matrix:
	container:
	- image: "ubuntu"
	version: "24.04"
	- image: "redhatenterprise"
	version: "9"
	- image: "alpine"
	version: "3.22"
	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	- name: Get Secrets from Azure Key Vault
	uses: ./.github/actions/az-sync
	with:
	az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }}
	az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }}
	az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }}
	keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }}
	secrets-filter: 'artifactory'
	- name: Configure Go Proxy
	uses: ./.github/actions/configure-goproxy
	- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
	with:
	go-version-file: 'go.mod'
	cache: false
	- uses: actions/cache/restore@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
	with:
	path: \|
	~/.cache/go-build
	~/go/pkg/mod
	key: ${{ runner.os }}-go-
	- name: Download Packages
	uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
	with:
	name: nginx-agent-unsigned-snapshots
	path: build

	- name: Create Results Directory
	run: mkdir -p ${{ github.workspace }}/test/dashboard/logs/${{ github.job }}/${{matrix.container.image}}-${{matrix.container.version}}

	- name: Start Promtail
	uses: ./.github/actions/start-promtail
	with:
	loki_url: ${{ secrets.LOKI_DASHBOARD_URL }}

	- name: Run Upgrade Tests
	run: \|
	go install github.com/goreleaser/nfpm/v2/cmd/nfpm@${{ env.NFPM_VERSION }}
	OS_RELEASE="${{ matrix.container.image }}" OS_VERSION="${{ matrix.container.version }}" \
	make upgrade-test \| tee ${{github.workspace}}/test/dashboard/logs/${{github.job}}/${{matrix.container.image}}-${{matrix.container.version}}/raw_logs.log
	exit "${PIPESTATUS[0]}"

	- name: Format Results
	if: always()
	run: bash ./scripts/dashboard/format_results.sh ${{job.status}} ${{github.job}}/${{matrix.container.image}}-${{matrix.container.version}} ${{github.workspace}}

	official-oss-image-integration-tests:
	name: Integration Tests - Official OSS Images
	needs: build-unsigned-snapshot
	if: ${{ !github.event.pull_request.head.repo.fork && !startsWith(github.head_ref, 'dependabot-') }}
	runs-on: ubuntu-22.04
	permissions:
	id-token: write # for OIDC authentication
	strategy:
	matrix:
	container:
	- image: "bookworm"
	version: "stable"
	release: "debian"
	- image: "bookworm"
	version: "mainline"
	release: "debian"
	- image: "alpine"
	version: "stable"
	release: "alpine"
	- image: "alpine"
	version: "mainline"
	release: "alpine"
	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	- name: Get Secrets from Azure Key Vault
	uses: ./.github/actions/az-sync
	with:
	az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }}
	az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }}
	az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }}
	keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }}
	secrets-filter: 'artifactory'
	- name: Configure Go Proxy
	uses: ./.github/actions/configure-goproxy
	- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
	with:
	go-version-file: 'go.mod'
	cache: false
	- uses: actions/cache/restore@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
	with:
	path: \|
	~/.cache/go-build
	~/go/pkg/mod
	key: ${{ runner.os }}-go-
	- name: Download Packages
	uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
	with:
	name: nginx-agent-unsigned-snapshots
	path: build

	- name: Create Results Directory
	run: mkdir -p ${{ github.workspace }}/test/dashboard/logs/${{ github.job }}/${{matrix.container.image}}-${{matrix.container.version}}

	- name: Start Promtail
	uses: ./.github/actions/start-promtail
	with:
	loki_url: ${{ secrets.LOKI_DASHBOARD_URL }}

	- name: Run Integration Tests
	run: \|
	go install github.com/goreleaser/nfpm/v2/cmd/nfpm@${{ env.NFPM_VERSION }}
	CONTAINER_NGINX_IMAGE_REGISTRY="docker-registry.nginx.com" \
	TAG="${{ matrix.container.version }}-${{ matrix.container.image }}" \
	OS_RELEASE="${{ matrix.container.release }}" OS_VERSION="${{ matrix.container.version }}" \
	make official-image-integration-test \| tee ${{github.workspace}}/test/dashboard/logs/${{github.job}}/${{matrix.container.image}}-${{matrix.container.version}}/raw_logs.log
	exit "${PIPESTATUS[0]}"

	- name: Format Results
	if: always()
	run: bash ./scripts/dashboard/format_results.sh ${{job.status}} ${{github.job}}/${{matrix.container.image}}-${{matrix.container.version}} ${{github.workspace}}

	official-plus-image-integration-tests:
	name: Integration Tests - Official Plus Images
	needs: build-unsigned-snapshot
	if: ${{ !github.event.pull_request.head.repo.fork && !startsWith(github.head_ref, 'dependabot-') }}
	runs-on: ubuntu-22.04
	permissions:
	id-token: write # for OIDC authentication
	strategy:
	matrix:
	container:
	- image: "alpine"
	version: "3.22"
	plus: "r35"
	release: "alpine"
	path: "/nginx-plus/agent"
	- image: "alpine"
	version: "3.21"
	plus: "r34"
	release: "alpine"
	path: "/nginx-plus/agent"
	- image: "debian"
	version: "bookworm"
	plus: "r35"
	release: "debian"
	path: "/nginx-plus/agent"
	- image: "debian"
	version: "bookworm"
	plus: "r34"
	release: "debian"
	path: "/nginx-plus/agent"
	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	- name: Get Secrets from Azure Key Vault
	uses: ./.github/actions/az-sync
	with:
	az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }}
	az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }}
	az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }}
	keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }}
	secrets-filter: 'artifactory'

	- name: Configure Go Proxy
	uses: ./.github/actions/configure-goproxy
	- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
	with:
	go-version-file: 'go.mod'
	cache: false
	- uses: actions/cache/restore@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
	with:
	path: \|
	~/.cache/go-build
	~/go/pkg/mod
	key: ${{ runner.os }}-go-

	- name: Sync NGINX Plus License
	uses: ./.github/actions/az-sync
	with:
	az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }}
	az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }}
	az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }}
	keyvault: ${{ secrets.AZ_KEYVAULT_COMMON }}
	secrets-filter: 'docker,nginx-private-registry,nginx-pkg'

	- name: Download Packages
	uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
	with:
	name: nginx-agent-unsigned-snapshots
	path: build

	- name: Login to Docker Registry
	uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
	with:
	registry: ${{ env.nginx-private-registry-url }}
	username: ${{ env.nginx-pkg-jwt }}
	password: "none"

	- name: Create Results Directory
	run: mkdir -p ${{ github.workspace }}/test/dashboard/logs/${{ github.job }}/${{matrix.container.image}}-${{matrix.container.version}}

	- name: Start Promtail
	uses: ./.github/actions/start-promtail
	with:
	loki_url: ${{ secrets.LOKI_DASHBOARD_URL }}

	- name: Run Integration Tests
	run: \|
	go install github.com/goreleaser/nfpm/v2/cmd/nfpm@${{ env.NFPM_VERSION }}
	CONTAINER_NGINX_IMAGE_REGISTRY="${{ env.nginx-private-registry-url }}" \
	TAG="${{ matrix.container.plus }}-${{ matrix.container.image }}-${{ matrix.container.version }}" \
	OS_RELEASE="${{ matrix.container.release }}" OS_VERSION="${{ matrix.container.version }}" IMAGE_PATH="${{ matrix.container.path }}" \
	NGINX_LICENSE_JWT='${{ env.nginx-pkg-jwt }}' \
	make official-image-integration-test \| tee ${{github.workspace}}/test/dashboard/logs/${{github.job}}/${{matrix.container.image}}-${{matrix.container.version}}/raw_logs.log
	exit "${PIPESTATUS[0]}"

	- name: Format Results
	if: always()
	run: bash ./scripts/dashboard/format_results.sh ${{job.status}} ${{github.job}}/${{matrix.container.image}}-${{matrix.container.version}} ${{github.workspace}}

	oss-metrics-tests:
	name: Metrics Integration Tests - Official OSS Images
	needs: build-unsigned-snapshot
	if: ${{ !github.event.pull_request.head.repo.fork && !startsWith(github.head_ref, 'dependabot-') }}
	runs-on: ubuntu-22.04
	permissions:
	id-token: write # for OIDC authentication
	strategy:
	matrix:
	container:
	- image: "bookworm"
	version: "stable"
	release: "debian"
	- image: "bookworm"
	version: "mainline"
	release: "debian"
	- image: "alpine"
	version: "stable"
	release: "alpine"
	- image: "alpine"
	version: "mainline"
	release: "alpine"
	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	- name: Get Secrets from Azure Key Vault
	uses: ./.github/actions/az-sync
	with:
	az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }}
	az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }}
	az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }}
	keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }}
	secrets-filter: 'artifactory'
	- name: Configure Go Proxy
	uses: ./.github/actions/configure-goproxy
	- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
	with:
	go-version-file: 'go.mod'
	cache: false
	- uses: actions/cache/restore@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
	with:
	path: \|
	~/.cache/go-build
	~/go/pkg/mod
	key: ${{ runner.os }}-go-
	- name: Download Packages
	uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
	with:
	name: nginx-agent-unsigned-snapshots
	path: build

	- name: Create Results Directory
	run: mkdir -p ${{ github.workspace }}/test/dashboard/logs/${{ github.job }}/${{matrix.container.image}}-${{matrix.container.version}}

	- name: Start Promtail
	uses: ./.github/actions/start-promtail
	with:
	loki_url: ${{ secrets.LOKI_DASHBOARD_URL }}

	- name: Run Integration Tests
	run: \|
	go install github.com/goreleaser/nfpm/v2/cmd/nfpm@${{ env.NFPM_VERSION }}
	CONTAINER_NGINX_IMAGE_REGISTRY="docker-registry.nginx.com" \
	TAG="${{ matrix.container.version }}-${{ matrix.container.image }}" \
	OS_RELEASE="${{ matrix.container.release }}" OS_VERSION="${{ matrix.container.version }}" \
	make metrics-test \| tee ${{github.workspace}}/test/dashboard/logs/${{github.job}}/${{matrix.container.image}}-${{matrix.container.version}}/raw_logs.log
	exit "${PIPESTATUS[0]}"

	- name: Format Results
	if: always()
	run: bash ./scripts/dashboard/format_results.sh ${{job.status}} ${{github.job}}/${{matrix.container.image}}-${{matrix.container.version}} ${{github.workspace}}

	plus-metrics-tests:
	name: Metrics Integration Tests - Official Plus Images
	needs: build-unsigned-snapshot
	if: ${{ !github.event.pull_request.head.repo.fork && !startsWith(github.head_ref, 'dependabot-') }}
	runs-on: ubuntu-22.04
	permissions:
	id-token: write # for OIDC authentication
	strategy:
	matrix:
	container:
	- image: "alpine"
	version: "3.22"
	plus: "r35"
	release: "alpine"
	path: "/nginx-plus/agent"
	- image: "alpine"
	version: "3.21"
	plus: "r34"
	release: "alpine"
	path: "/nginx-plus/agent"
	- image: "debian"
	version: "bookworm"
	plus: "r35"
	release: "debian"
	path: "/nginx-plus/agent"
	- image: "debian"
	version: "bookworm"
	plus: "r34"
	release: "debian"
	path: "/nginx-plus/agent"
	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	- name: Get Secrets from Azure Key Vault
	uses: ./.github/actions/az-sync
	with:
	az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }}
	az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }}
	az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }}
	keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }}
	secrets-filter: 'artifactory'
	- name: Configure Go Proxy
	uses: ./.github/actions/configure-goproxy
	- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
	with:
	go-version-file: 'go.mod'
	cache: false
	- uses: actions/cache/restore@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
	with:
	path: \|
	~/.cache/go-build
	~/go/pkg/mod
	key: ${{ runner.os }}-go-
	- name: Download Packages
	uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
	with:
	name: nginx-agent-unsigned-snapshots
	path: build
	- name: Sync NGINX Plus License
	uses: ./.github/actions/az-sync
	with:
	az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }}
	az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }}
	az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }}
	keyvault: ${{ secrets.AZ_KEYVAULT_COMMON }}
	secrets-filter: 'docker,nginx-private-registry,nginx-pkg-jwt'

	- name: Login to Docker Registry
	uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
	with:
	registry: ${{ env.nginx-private-registry-url }}
	username: ${{ env.nginx-pkg-jwt }}
	password: "none"

	- name: Create Results Directory
	run: mkdir -p ${{ github.workspace }}/test/dashboard/logs/${{ github.job }}/${{matrix.container.image}}-${{matrix.container.version}}

	- name: Start Promtail
	uses: ./.github/actions/start-promtail
	with:
	loki_url: ${{ secrets.LOKI_DASHBOARD_URL }}

	- name: Run Integration Tests
	run: \|
	go install github.com/goreleaser/nfpm/v2/cmd/nfpm@${{ env.NFPM_VERSION }}
	CONTAINER_NGINX_IMAGE_REGISTRY="${{ env.nginx-private-registry-url }}" \
	TAG="${{ matrix.container.plus }}-${{ matrix.container.image }}-${{ matrix.container.version }}" \
	OS_RELEASE="${{ matrix.container.release }}" OS_VERSION="${{ matrix.container.version }}" IMAGE_PATH="${{ matrix.container.path }}" \
	NGINX_LICENSE_JWT="${{ env.nginx-pkg-jwt }}" \
	make metrics-test \| tee ${{github.workspace}}/test/dashboard/logs/${{github.job}}/${{matrix.container.image}}-${{matrix.container.version}}/raw_logs.log
	exit "${PIPESTATUS[0]}"

	- name: Format Results
	if: always()
	run: bash ./scripts/dashboard/format_results.sh ${{job.status}} ${{github.job}}/${{matrix.container.image}}-${{matrix.container.version}} ${{github.workspace}}

	performance-tests:
	name: Performance Tests
	runs-on: ubuntu-22.04
	needs: build-unsigned-snapshot
	permissions:
	id-token: write # for OIDC authentication
	contents: write # Needed for pushing benchmark results to github branch
	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	- name: Get Secrets from Azure Key Vault
	uses: ./.github/actions/az-sync
	with:
	az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }}
	az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }}
	az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }}
	keyvault: ${{ secrets.AZ_KEYVAULT_AGENT }}
	secrets-filter: 'artifactory'
	- name: Configure Go Proxy
	uses: ./.github/actions/configure-goproxy
	- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
	with:
	go-version-file: 'go.mod'
	cache: false
	- uses: actions/cache/restore@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
	with:
	path: \|
	~/.cache/go-build
	~/go/pkg/mod
	key: ${{ runner.os }}-go-
	- name: Run Performance Tests
	run: \|
	make performance-test
	- name: Store benchmark result
	uses: benchmark-action/github-action-benchmark@4bdcce38c94cec68da58d012ac24b7b1155efe8b # v1.20.7
	with:
	name: Compare Benchmark Results
	tool: 'go'
	output-file-path: ./build/test/benchmark.txt
	benchmark-data-dir-path: ""
	# Set auto-push to false since GitHub API token is not given
	auto-push: false
	alert-threshold: '150%'
	gh-pages-branch: "benchmark-results"
	fail-on-alert: true
	- name: Push benchmark result
	if: ${{ success() && github.ref_name == 'main'}}
	run: git push 'https://github-actions:${{ secrets.GITHUB_TOKEN }}@github.com/nginx/agent.git' benchmark-results:benchmark-results

	load-tests:
	name: Load Tests
	if: ${{ !github.event.pull_request.head.repo.fork && !startsWith(github.head_ref, 'dependabot-') }}
	permissions:
	id-token: write # for OIDC authentication
	contents: write # Needed for pushing benchmark results to github branch
	runs-on: ubuntu-22.04
	needs: build-unsigned-snapshot
	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	- uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0
	with:
	go-version-file: 'go.mod'
	cache: false

	- uses: actions/cache/restore@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
	with:
	path: \|
	~/.cache/go-build
	~/go/pkg/mod
	key: ${{ runner.os }}-go-

	- name: Download Packages
	uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
	with:
	name: nginx-agent-unsigned-snapshots
	path: build

	- name: Set up Docker Build
	uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0

	- name: Set env
	run: echo "GO_VERSION=$(cat go.mod \| grep toolchain \| sed 's/toolchain //; s/go//')" >> $GITHUB_ENV

	- name: Get Secrets from Azure Key Vault
	uses: ./.github/actions/az-sync
	with:
	az_client_id: ${{ secrets.AZ_KEYVAULT_CLIENT_ID }}
	az_tenant_id: ${{ secrets.AZ_KEYVAULT_TENANT_ID }}
	az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }}
	keyvault: ${{ secrets.AZ_KEYVAULT_COMMON }}
	secrets-filter: 'nginx-pkg'

	- name: Build Docker Image
	uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
	env:
	GO_VERSION: ${{ env.GO_VERSION }}
	with:
	file: test/docker/load/Dockerfile
	tags: nginx-agent-load-test:1.0.0
	context: '.'
	push: false
	load: true
	no-cache: true
	secrets: \|
	"nginx-crt=${{ env.nginx-pkg-certificate }}"
	"nginx-key=${{ env.nginx-pkg-key }}"
	build-args: \|
	OSARCH=amd64
	GO_VERSION=${{ env.GO_VERSION }}

	- name: Run Load Tests
	run: \|
	results=$(docker run --rm nginx-agent-load-test:1.0.0)
	echo "$results" > benchmarks.json
	echo "$results"

	- name: Upload Load Test Results
	uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
	with:
	name: load-test-results
	path: benchmarks.json
	if-no-files-found: error

	- name: Store benchmark result
	uses: benchmark-action/github-action-benchmark@4bdcce38c94cec68da58d012ac24b7b1155efe8b # v1.20.7
	with:
	name: Compare Benchmark Results
	tool: 'customSmallerIsBetter'
	output-file-path: benchmarks.json
	benchmark-data-dir-path: ""
	# Set auto-push to false since GitHub API token is not given
	auto-push: false
	alert-threshold: '150%'
	gh-pages-branch: "benchmark-results"
	fail-on-alert: true

	- name: Push load test result
	if: ${{ success() && github.ref_name == 'main' }}
	run: git push 'https://github-actions:${{ github.token }}@github.com/nginx/agent.git' benchmark-results:benchmark-results

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump multiple github action versions #6687

Workflow file

Bump multiple github action versions #6687

Uh oh!

Workflow file for this run