diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3933fcb4..3f6a0576 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -4,8 +4,6 @@ on: push: branches: - main - tags: - - "v[0-9]+.[0-9]+.[0-9]+" pull_request: branches: - main @@ -21,6 +19,33 @@ permissions: contents: read jobs: + variables: + name: Variables + runs-on: ubuntu-24.04 + permissions: + contents: read + outputs: + go_proxy: ${{ steps.vars.outputs.go_proxy }} + forked_workflow: ${{ steps.vars.outputs.forked_workflow }} + + steps: + - name: Checkout Repository + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - name: Configure pipeline Variables + id: vars + run: | + forked_workflow=${{ (github.event.pull_request && github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name) || github.repository != 'nginx/nginx-prometheus-exporter' }} + echo "forked_workflow=${forked_workflow}" >> $GITHUB_OUTPUT + if [ "$forked_workflow" = "false" ] && [ "${{ github.ref_name }}" != "${{ github.event.repository.default_branch }}" ]; then + go_proxy="${{ secrets.ARTIFACTORY_DEV_ENDPOINT }}" + elif [ "${{ github.ref_name }}" = "${{ github.event.repository.default_branch }}" ]; then + go_proxy="${{ secrets.ARTIFACTORY_ENDPOINT }}" + else + go_proxy="https://proxy.golang.org,direct" + fi + echo "go_proxy=${go_proxy}" >> $GITHUB_OUTPUT + cat $GITHUB_OUTPUT + unit-tests: name: Unit Tests runs-on: ubuntu-24.04 @@ -43,14 +68,18 @@ jobs: build-docker: name: Build Docker Image - runs-on: ubuntu-24.04 + runs-on: ${{ github.event_name == 'pull_request' && 'ubuntu-24.04' || 'ubuntu-24.04-amd64' }} permissions: contents: write # for lucacome/draft-release to create/update release draft security-events: write # for github/codeql-action/upload-sarif to upload SARIF results id-token: write # for OIDC login to AWS ECR and goreleaser/goreleaser-action to sign artifacts packages: write # for docker/build-push-action to push to GHCR issues: write # for goreleaser/goreleaser-action to close milestones - needs: unit-tests + needs: [unit-tests, variables] + env: + GOPROXY: ${{ needs.variables.outputs.go_proxy }} + outputs: + binaries: ${{ steps.prom_binaries.outputs.json }} services: registry: image: registry:3 @@ -59,14 +88,22 @@ jobs: steps: - name: Checkout Repository uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - with: - fetch-depth: 0 - name: Setup Golang Environment uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 with: go-version: stable + - name: Setup netrc + run: | + cat < $HOME/.netrc + machine azr.artifactory.f5net.com + login ${{ secrets.ARTIFACTORY_USER }} + password ${{ secrets.ARTIFACTORY_TOKEN }} + EOF + chmod 600 $HOME/.netrc + if: needs.variables.outputs.forked_workflow == 'false' + - name: Setup QEMU uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 @@ -125,10 +162,6 @@ jobs: tags: | type=edge type=ref,event=pr - type=schedule - type=semver,pattern={{version}} - type=semver,pattern={{major}} - type=semver,pattern={{major}}.{{minor}} labels: | org.opencontainers.image.vendor=NGINX Inc env: @@ -139,14 +172,14 @@ jobs: with: minor-label: "enhancement" major-label: "change" - publish: ${{ github.ref_type == 'tag' }} + publish: false collapse-after: 30 notes-footer: | ## Upgrade - Use the {{version}} image from our [DockerHub](https://hub.docker.com/r/nginx/nginx-prometheus-exporter/tags?page=1&ordering=last_updated&name={{version-number}}), [GitHub Container](https://github.com/nginx/nginx-prometheus-exporter/pkgs/container/nginx-prometheus-exporter), [Amazon ECR Public Gallery](https://gallery.ecr.aws/nginx/nginx-prometheus-exporter) or [Quay.io](https://quay.io/repository/nginx/nginx-prometheus-exporter/tag/{{version-number}}?tab=tags). - Download the latest binaries from the [GitHub releases page](https://github.com/nginx/nginx-prometheus-exporter/releases/tag/{{version}}). - - Update to the latest version with `brew upgrade nginx-prometheus-exporter`, `snap refresh nginx-prometheus-exporter` or `scoop update nginx-prometheus-exporter`. + - Update to the latest version with `brew upgrade nginx-prometheus-exporter` or `scoop update nginx-prometheus-exporter`. ## Compatibility @@ -154,36 +187,32 @@ jobs: - NGINX Plus R19 or newer. if: github.event_name != 'pull_request' + - name: Download Syft uses: anchore/sbom-action/download-syft@f8bdd1d8ac5e901a77a92f111440fdb1b593736b # v0.20.6 - if: github.ref_type == 'tag' - - - name: Install Cosign - uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0 - if: github.ref_type == 'tag' - - - name: Setup Snapcraft - run: | - sudo snap install snapcraft --classic - mkdir -p $HOME/.cache/snapcraft/download - mkdir -p $HOME/.cache/snapcraft/stage-packages - if: github.ref_type == 'tag' - - - name: Install Nix - uses: cachix/install-nix-action@9280e7aca88deada44c930f1e2c78e21c3ae3edd # v31 - with: - github_access_token: ${{ secrets.GITHUB_TOKEN }} - if: github.ref_type == 'tag' + if: github.event_name != 'pull_request' - name: Run GoReleaser uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6.4.0 with: version: v2.12.5 # renovate: datasource=github-tags depName=goreleaser/goreleaser - args: ${{ github.ref_type == 'tag' && 'release' || 'build --snapshot' }} --clean + args: build --snapshot --clean env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} NGINX_GITHUB_TOKEN: ${{ secrets.NGINX_PAT }} - SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_LOGIN }} + + - name: Extract NGINX Prometheus Exporter binary info + id: prom_binaries + run: | + curl -sSL https://raw.githubusercontent.com/nginx/k8s-common/main/files/binary-json.sh -o binary-json.sh + chmod +x binary-json.sh + echo "json=$(./binary-json.sh ${{ github.workspace }}/dist ${{ github.event.repository.name }} "nginx-prometheus-exporter")" >> $GITHUB_OUTPUT + + - name: Store Artifacts in Cache + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + with: + path: ${{ github.workspace }}/dist + key: nginx-prometheus-exporter-${{ github.sha }} - name: Print NGINX Prometheus Exporter info run: ./dist/nginx-prometheus-exporter_linux_amd64_v1/nginx-prometheus-exporter --version @@ -199,7 +228,7 @@ jobs: tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} annotations: ${{ steps.meta.outputs.annotations }} - push: true + push: ${{ github.event_name != 'pull_request' }} cache-from: type=gha,scope=exporter cache-to: type=gha,scope=exporter,mode=max no-cache: ${{ github.event_name != 'pull_request' }} @@ -211,12 +240,91 @@ jobs: id: scan continue-on-error: true with: - image: localhost:5000/nginx/nginx-prometheus-exporter:${{ steps.meta.outputs.version }} + image: localhost:5000/nginx/nginx-prometheus-exporter:edge only-fixed: true add-cpes-if-none: true + if: github.event_name != 'pull_request' - name: Upload scan result to GitHub Security tab uses: github/codeql-action/upload-sarif@f443b600d91635bebf5b0d9ebc620189c0d6fba5 # v4.30.8 continue-on-error: true with: sarif_file: ${{ steps.scan.outputs.sarif }} + if: github.event_name != 'pull_request' + + - name: Clean up NETRC + run: | + rm -f $HOME/.netrc + if: ${{ always() }} + + generate-assertion-doc: + if: ${{ github.event_name != 'pull_request' }} + name: Assertion Doc ${{ matrix.prometheus.arch }} + needs: [build-docker, variables] + runs-on: ubuntu-24.04-amd64 + permissions: + contents: read + id-token: write # for compliance-rules action to sign assertion doc + strategy: + fail-fast: false + matrix: + prometheus: ${{ fromJSON( needs.build-docker.outputs.binaries ) }} + steps: + - name: Checkout Repository + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + + - name: Setup Golang Environment + uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + with: + go-version-file: go.mod + + - name: Setup netrc + run: | + cat < $HOME/.netrc + machine azr.artifactory.f5net.com + login ${{ secrets.ARTIFACTORY_USER }} + password ${{ secrets.ARTIFACTORY_TOKEN }} + EOF + chmod 600 $HOME/.netrc + + - name: Fetch Cached Artifacts + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + with: + path: ${{ github.workspace }}/dist + key: nginx-prometheus-exporter-${{ github.sha }} + fail-on-cache-miss: true + + - name: List packages in Go binary + id: godeps + env: + GOPROXY: ${{ needs.variables.outputs.go_proxy }} + run: | + go version -m ${{ matrix.prometheus.path }} > go_version_out_${{ github.run_id }}_${{ github.run_number }}.txt + echo "go_version_out=$(find -type f -name "go_version_out*.txt" | head -n 1)" >> $GITHUB_OUTPUT + echo "artifact_digest=$(openssl dgst -sha256 -r ${{ matrix.prometheus.path }} | cut -d ' ' -f 1)" >> $GITHUB_OUTPUT + cat $GITHUB_OUTPUT + + - name: Generate Assertion Document + id: assertiondoc + uses: nginxinc/compliance-rules/.github/actions/assertion@83e452166aaf0ad8f07caf91a4f1f903b3dea1e6 # v0.3.0 + with: + artifact-name: "${{ github.event.repository.name }}_${{ github.sha }}_${{ github.run_number }}_${{ matrix.prometheus.os }}_${{ matrix.prometheus.arch }}" + artifact-digest: ${{ steps.godeps.outputs.artifact_digest }} + build-type: "github.com" + builder-id: "github" + builder-version: v0.1.0 + started-on: ${{ github.event.head_commit.timestamp }} + finished-on: ${{ github.event.head_commit.timestamp }} + invocation-id: ${{ github.run_id }}.${{ github.run_number }}.${{ github.run_attempt }} + artifactory-user: ${{ secrets.ARTIFACTORY_USER }} + artifactory-api-token: ${{ secrets.ARTIFACTORY_TOKEN }} + artifactory-url: ${{ secrets.ARTIFACTORY_URL }} + artifactory-repo: 'f5-nginx-go-local-approved-dependency' + assertion-doc-file: assertion_${{ github.event.repository.name }}_${{ github.sha }}_${{ github.run_id }}_${{ github.run_number }}_${{ matrix.prometheus.os }}_${{ matrix.prometheus.arch }}.json + build-content-path: ${{ steps.godeps.outputs.go_version_out }} + + - name: Sign and Store Assertion Document + id: sign + uses: nginxinc/compliance-rules/.github/actions/sign@83e452166aaf0ad8f07caf91a4f1f903b3dea1e6 # v0.3.0 + with: + assertion-doc: ${{ steps.assertiondoc.outputs.assertion-document-path }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 00000000..7a45e620 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,355 @@ +name: Release NGINX Prometheus Exporter + +on: + workflow_dispatch: + inputs: + version: + description: 'Release version (e.g. 1.0.0)' + required: true + dry_run: + description: 'Dry run' + required: false + default: false + type: boolean + goreleaser_args: + description: 'Additional GoReleaser args' + required: false + default: '' + type: string + skip_jobs: + description: 'Comma-separated list of jobs to skip (e.g. tag,build-docker,generate-assertion-doc)' + required: false + default: '' + type: string + +env: + DOCKER_PLATFORMS: "linux/arm/v5,linux/arm/v6,linux/arm/v7,linux/arm64,linux/amd64,linux/ppc64le,linux/s390x,linux/mips64le,linux/386,linux/riscv64" + +concurrency: + group: ${{ github.ref_name }}-release + cancel-in-progress: true + +permissions: + contents: read + +jobs: + variables: + name: Setup variables + runs-on: ubuntu-24.04 + outputs: + tag: ${{ steps.vars.outputs.tag }} + steps: + - name: Checkout Repository + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + + - name: Set up Go + uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + with: + go-version: stable + + - name: Get version + id: vars + run: echo "tag=${{ github.event.inputs.version }}" >> $GITHUB_OUTPUT + + tag: + if: ${{ !contains(inputs.skip_jobs, 'tag') }} + name: Create Tag for release + runs-on: ubuntu-24.04 + needs: [variables] + permissions: + contents: write + steps: + - name: Checkout Repository + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + fetch-depth: 0 + + - name: Create new release Tag + run: | + git config --global user.email "kubernetes@nginx.com" + git config --global user.name "NGINX Kubernetes Team" + tag="v${{ needs.variables.outputs.tag }}" + if ! git rev-parse --verify refs/tags/${tag} 2>/dev/null; then + echo "Adding tag ${tag}." + git tag -a ${tag} -m "Version ${tag#v*}" + echo "Pushing tag ${tag} to main branch" + if ! ${{ inputs.dry_run }}; then + git push origin "${tag}" + else + echo "DRY RUN not making any changes" + git push --dry-run origin "${tag}" + fi + else + echo "Warning: Tag ${tag} already exists. Not making any changes" + fi + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + build-docker: + if: ${{ !contains(inputs.skip_jobs, 'build-docker') }} + name: Build Docker Image + runs-on: ubuntu-24.04-amd64 + permissions: + contents: write # for lucacome/draft-release to create/update release draft + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results + id-token: write # for OIDC login to AWS ECR and goreleaser/goreleaser-action to sign artifacts + packages: write # for docker/build-push-action to push to GHCR + issues: write # for goreleaser/goreleaser-action to close milestones + env: + GOPROXY: ${{ secrets.ARTIFACTORY_ENDPOINT }} + outputs: + binaries: ${{ steps.prom_binaries.outputs.json }} + needs: [variables] + services: + registry: + image: registry:3 + ports: + - 5000:5000 + steps: + - name: Checkout Repository + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + fetch-depth: 0 + + - name: Setup Golang Environment + uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + with: + go-version: stable + + - name: Setup netrc + run: | + cat < $HOME/.netrc + machine azr.artifactory.f5net.com + login ${{ secrets.ARTIFACTORY_USER }} + password ${{ secrets.ARTIFACTORY_TOKEN }} + EOF + chmod 600 $HOME/.netrc + + - name: Setup QEMU + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 + + - name: Docker Buildx + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 + with: + version: latest + driver-opts: network=host + + - name: DockerHub Login + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + + - name: Login to GitHub Container Registry + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0 + with: + aws-region: us-east-1 + role-to-assume: ${{ secrets.AWS_ROLE_PUBLIC_ECR }} + + - name: Login to Public ECR + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + with: + registry: public.ecr.aws + + - name: Login to Quay.io + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 + with: + registry: quay.io + username: ${{ secrets.QUAY_USERNAME }} + password: ${{ secrets.QUAY_ROBOT_TOKEN }} + + - name: Docker meta + id: meta + uses: docker/metadata-action@c1e51972afc2121e065aed6d45c65596fe445f3f # v5.8.0 + with: + images: | + name=nginx/nginx-prometheus-exporter,enable=true + name=ghcr.io/nginx/nginx-prometheus-exporter,enable=true + name=public.ecr.aws/nginx/nginx-prometheus-exporter,enable=true + name=quay.io/nginx/nginx-prometheus-exporter,enable=true + name=localhost:5000/nginx/nginx-prometheus-exporter + tags: | + type=raw,value=${{ needs.variables.outputs.tag }} + labels: | + org.opencontainers.image.vendor=NGINX Inc + env: + DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index + + - name: Create/Update Draft + uses: lucacome/draft-release@fd099feb33710d1fa27b915a08a7acd6a1fb7fd2 # v2.0.0 + with: + minor-label: "enhancement" + major-label: "change" + publish: ${{ !github.event.inputs.dry_run }} + collapse-after: 30 + notes-footer: | + ## Upgrade + + - Use the {{version}} image from our [DockerHub](https://hub.docker.com/r/nginx/nginx-prometheus-exporter/tags?page=1&ordering=last_updated&name={{version-number}}), [GitHub Container](https://github.com/nginx/nginx-prometheus-exporter/pkgs/container/nginx-prometheus-exporter), [Amazon ECR Public Gallery](https://gallery.ecr.aws/nginx/nginx-prometheus-exporter) or [Quay.io](https://quay.io/repository/nginx/nginx-prometheus-exporter/tag/{{version-number}}?tab=tags). + - Download the latest binaries from the [GitHub releases page](https://github.com/nginx/nginx-prometheus-exporter/releases/tag/{{version}}). + - Update to the latest version with `brew upgrade nginx-prometheus-exporter` or `scoop update nginx-prometheus-exporter`. + + ## Compatibility + + - NGINX 0.1.18 or newer. + - NGINX Plus R19 or newer. + + - name: Download Syft + uses: anchore/sbom-action/download-syft@f8bdd1d8ac5e901a77a92f111440fdb1b593736b # v0.20.6 + + - name: Install Cosign + uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0 + + - name: Install Nix + uses: cachix/install-nix-action@9280e7aca88deada44c930f1e2c78e21c3ae3edd # v31 + with: + github_access_token: ${{ secrets.GITHUB_TOKEN }} + + - name: Run GoReleaser + uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6.4.0 + with: + version: v2.12.5 # renovate: datasource=github-tags depName=goreleaser/goreleaser + args: ${{ github.event.inputs.dry_run && 'build --snapshot' || 'release' }} --clean ${{ github.event.inputs.goreleaser_args }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + NGINX_GITHUB_TOKEN: ${{ secrets.NGINX_PAT }} + + - name: Extract NGINX Prometheus Exporter binary info + id: prom_binaries + run: | + curl -sSL https://raw.githubusercontent.com/nginx/k8s-common/main/files/binary-json.sh -o binary-json.sh + chmod +x binary-json.sh + echo "json=$(./binary-json.sh ${{ github.workspace }}/dist ${{ github.event.repository.name }} "nginx-prometheus-exporter")" >> $GITHUB_OUTPUT + + - name: Store Artifacts in Cache + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + with: + path: ${{ github.workspace }}/dist + key: nginx-prometheus-exporter-${{ github.sha }} + + - name: Print NGINX Prometheus Exporter info + run: ./dist/nginx-prometheus-exporter_linux_amd64_v1/nginx-prometheus-exporter --version + continue-on-error: false + + - name: Build and Push Docker Image + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 + with: + file: build/Dockerfile + context: "." + target: goreleaser + platforms: ${{ env.DOCKER_PLATFORMS }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + annotations: ${{ steps.meta.outputs.annotations }} + push: ${{ !github.event.inputs.dry_run }} + cache-from: type=gha,scope=exporter + cache-to: type=gha,scope=exporter,mode=max + no-cache: true + provenance: mode=max + sbom: true + + - name: Scan image + uses: anchore/scan-action@1638637db639e0ade3258b51db49a9a137574c3e # v6.5.1 + id: scan + continue-on-error: true + with: + image: localhost:5000/nginx/nginx-prometheus-exporter:${{ steps.meta.outputs.version }} + only-fixed: true + add-cpes-if-none: true + + - name: Upload scan result to GitHub Security tab + uses: github/codeql-action/upload-sarif@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.30.6 + continue-on-error: true + with: + sarif_file: ${{ steps.scan.outputs.sarif }} + + - name: Clean up NETRC + run: | + rm -f $HOME/.netrc + if: ${{ always() }} + + generate-assertion-doc: + if: ${{ !contains(inputs.skip_jobs, 'generate-assertion-doc') }} + name: Assertion Doc ${{ matrix.prometheus.arch }} + needs: [build-docker, variables] + runs-on: ubuntu-24.04-amd64 + permissions: + contents: read + id-token: write # for compliance-rules action to sign assertion doc + strategy: + fail-fast: false + matrix: + prometheus: ${{ fromJSON( needs.build-docker.outputs.binaries ) }} + steps: + - name: Checkout Repository + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + + - name: Setup Golang Environment + uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + with: + go-version-file: go.mod + + - name: Configure pipeline Variables + id: vars + run: | + timestamp=$(date --iso-8601=seconds) + echo "timestamp=${timestamp}" >> $GITHUB_OUTPUT + cat $GITHUB_OUTPUT + + - name: Setup netrc + run: | + cat < $HOME/.netrc + machine azr.artifactory.f5net.com + login ${{ secrets.ARTIFACTORY_USER }} + password ${{ secrets.ARTIFACTORY_TOKEN }} + EOF + chmod 600 $HOME/.netrc + + - name: Fetch Cached Artifacts + uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 + with: + path: ${{ github.workspace }}/dist + key: nginx-prometheus-exporter-${{ github.sha }} + fail-on-cache-miss: true + + - name: List packages in Go binary + id: godeps + env: + GOPROXY: ${{ secrets.ARTIFACTORY_ENDPOINT }} + run: | + go version -m ${{ matrix.prometheus.path }} > go_version_out_${{ github.run_id }}_${{ github.run_number }}.txt + echo "go_version_out=$(find -type f -name "go_version_out*.txt" | head -n 1)" >> $GITHUB_OUTPUT + echo "artifact_digest=$(openssl dgst -sha256 -r ${{ matrix.prometheus.path }} | cut -d ' ' -f 1)" >> $GITHUB_OUTPUT + cat $GITHUB_OUTPUT + + - name: Generate Assertion Document + id: assertiondoc + uses: nginxinc/compliance-rules/.github/actions/assertion@83e452166aaf0ad8f07caf91a4f1f903b3dea1e6 # v0.3.0 + with: + artifact-name: "${{ github.event.repository.name }}_${{ github.sha }}_${{ github.run_number }}_${{ matrix.prometheus.os }}_${{ matrix.prometheus.arch }}" + artifact-digest: ${{ steps.godeps.outputs.artifact_digest }} + build-type: "github.com" + builder-id: "github" + builder-version: v0.1.0 + started-on: ${{ steps.vars.outputs.timestamp }} + finished-on: ${{ steps.vars.outputs.timestamp }} + invocation-id: ${{ github.run_id }}.${{ github.run_number }}.${{ github.run_attempt }} + artifactory-user: ${{ secrets.ARTIFACTORY_USER }} + artifactory-api-token: ${{ secrets.ARTIFACTORY_TOKEN }} + artifactory-url: ${{ secrets.ARTIFACTORY_URL }} + artifactory-repo: 'f5-nginx-go-local-approved-dependency' + assertion-doc-file: assertion_${{ github.event.repository.name }}_${{ github.sha }}_${{ github.run_id }}_${{ github.run_number }}_${{ matrix.prometheus.os }}_${{ matrix.prometheus.arch }}.json + build-content-path: ${{ steps.godeps.outputs.go_version_out }} + + - name: Sign and Store Assertion Document + id: sign + uses: nginxinc/compliance-rules/.github/actions/sign@83e452166aaf0ad8f07caf91a4f1f903b3dea1e6 # v0.3.0 + with: + assertion-doc: ${{ steps.assertiondoc.outputs.assertion-document-path }} diff --git a/.goreleaser.yml b/.goreleaser.yml index 40a7479e..048a1d30 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -56,23 +56,6 @@ sboms: documents: - "${artifact}.spdx.json" -# brews: -# - repository: -# owner: nginx -# name: homebrew-tap -# token: "{{ .Env.NGINX_GITHUB_TOKEN }}" -# directory: Formula -# homepage: https://github.com/nginx/nginx-prometheus-exporter -# description: NGINX Prometheus Exporter for NGINX and NGINX Plus -# license: Apache-2.0 -# commit_author: -# name: nginx-bot -# email: integrations@nginx.com -# extra_install: |- -# bash_completion.install "completions/nginx-prometheus-exporter.bash" => "nginx-prometheus-exporter" -# zsh_completion.install "completions/nginx-prometheus-exporter.zsh" => "_nginx-prometheus-exporter" -# man1.install "manpages/nginx-prometheus-exporter.1.gz" - signs: - cmd: cosign artifacts: checksum @@ -88,69 +71,48 @@ signs: milestones: - close: true -snapcrafts: - - name_template: "{{ .ProjectName }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}" - title: NGINX Prometheus Exporter - summary: NGINX Prometheus Exporter for NGINX and NGINX Plus - description: | - NGINX Prometheus exporter fetches the metrics from NGINX or NGINX Plus, - converts the metrics into appropriate Prometheus metrics types and finally exposes - them via an HTTP server to be collected by Prometheus. - grade: stable - confinement: strict - publish: true - license: "Apache-2.0" - apps: - nginx-prometheus-exporter: - command: nginx-prometheus-exporter - plugs: ["network", "network-bind"] - completer: completions/nginx-prometheus-exporter.bash - disable: "{{ if .IsSnapshot }}true{{ end }}" - -# nix: -# - name: nginx-prometheus-exporter -# repository: -# owner: nginx -# name: nur -# token: "{{ .Env.NGINX_GITHUB_TOKEN }}" -# homepage: https://github.com/nginx/nginx-prometheus-exporter -# description: NGINX Prometheus Exporter for NGINX and NGINX Plus -# license: asl20 -# commit_author: -# name: nginx-bot -# email: integrations@nginx.com -# extra_install: |- -# installManPage ./manpages/nginx-prometheus-exporter.1.gz -# installShellCompletion ./completions/* +brews: + - repository: + owner: nginx + name: homebrew-tap + token: "{{ .Env.NGINX_GITHUB_TOKEN }}" + directory: Formula + homepage: https://github.com/nginx/nginx-prometheus-exporter + description: NGINX Prometheus Exporter for NGINX and NGINX Plus + license: Apache-2.0 + commit_author: + name: nginx-bot + email: integrations@nginx.com + extra_install: |- + bash_completion.install "completions/nginx-prometheus-exporter.bash" => "nginx-prometheus-exporter" + zsh_completion.install "completions/nginx-prometheus-exporter.zsh" => "_nginx-prometheus-exporter" + man1.install "manpages/nginx-prometheus-exporter.1.gz" -# winget: -# - name: nginx-prometheus-exporter -# publisher: nginx -# license: Apache-2.0 -# homepage: https://github.com/nginx/nginx-prometheus-exporter -# short_description: NGINX Prometheus Exporter for NGINX and NGINX Plus -# repository: -# owner: nginx -# name: winget-pkgs -# token: "{{ .Env.NGINX_GITHUB_TOKEN }}" -# branch: "nginx-prometheus-exporter-{{.Version}}" -# pull_request: -# enabled: true -# draft: true -# base: -# owner: microsoft -# name: winget-pkgs -# branch: master +nix: + - name: nginx-prometheus-exporter + repository: + owner: nginx + name: nur + token: "{{ .Env.NGINX_GITHUB_TOKEN }}" + homepage: https://github.com/nginx/nginx-prometheus-exporter + description: NGINX Prometheus Exporter for NGINX and NGINX Plus + license: asl20 + commit_author: + name: nginx-bot + email: integrations@nginx.com + extra_install: |- + installManPage ./manpages/nginx-prometheus-exporter.1.gz + installShellCompletion ./completions/* -# scoops: -# - repository: -# owner: nginx -# name: scoop-bucket -# token: "{{ .Env.NGINX_GITHUB_TOKEN }}" -# directory: bucket -# homepage: https://github.com/nginx/nginx-prometheus-exporter -# description: NGINX Prometheus Exporter for NGINX and NGINX Plus -# license: Apache-2.0 -# commit_author: -# name: nginx-bot -# email: integrations@nginx.com +scoops: + - repository: + owner: nginx + name: scoop-bucket + token: "{{ .Env.NGINX_GITHUB_TOKEN }}" + directory: bucket + homepage: https://github.com/nginx/nginx-prometheus-exporter + description: NGINX Prometheus Exporter for NGINX and NGINX Plus + license: Apache-2.0 + commit_author: + name: nginx-bot + email: integrations@nginx.com