Sidecar build #127
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Sidecar build | |
| on: | |
| schedule: | |
| - cron: "0 4 * * *" | |
| push: | |
| branches: | |
| - main | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| ORIGINAL_REPO_NAME: ${{ github.event.repository.full_name }} | |
| jobs: | |
| build: | |
| name: Build integration for | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| goos: [ linux ] | |
| goarch: [ amd64, arm64, arm ] | |
| steps: | |
| - uses: actions/checkout@v7 | |
| - uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: 'go.mod' | |
| - name: Build integration | |
| env: | |
| GOOS: ${{ matrix.goos }} | |
| GOARCH: ${{ matrix.goarch }} | |
| run: | | |
| make compile TAG=testing-$(git rev-parse --short HEAD) | |
| - name: Upload artifact for docker build step | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| retention-days: 1 | |
| name: nri-kubernetes-${{ matrix.goos }}-${{ matrix.goarch }} | |
| path: bin/nri-kubernetes-${{ matrix.goos }}-${{ matrix.goarch }} | |
| docker: | |
| name: Build and push images | |
| needs: [ build ] | |
| runs-on: ubuntu-latest | |
| env: | |
| DOCKER_IMAGE_NAME: newrelic/nri-kubernetes | |
| DOCKER_IMAGE_TAG: sidecar | |
| DOCKER_PLATFORMS: "linux/amd64,linux/arm64,linux/arm" # Must be consistent with the matrix from the job above | |
| steps: | |
| - uses: actions/checkout@v7 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v4 | |
| - name: Download all artifacts from build job | |
| uses: actions/download-artifact@v8 | |
| with: | |
| path: bin | |
| - uses: docker/login-action@v4 | |
| with: | |
| username: ${{ secrets.K8S_AGENTS_DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.K8S_AGENTS_DOCKERHUB_TOKEN }} | |
| - name: Build docker images | |
| run: | | |
| docker buildx build --platform=$DOCKER_PLATFORMS \ | |
| --build-arg "MODE=unprivileged" \ | |
| -t $DOCKER_IMAGE_NAME:$DOCKER_IMAGE_TAG \ | |
| -f Dockerfile.sidecar \ | |
| . | |
| - name: Build and load x64 image for security scanning | |
| # We need to build a single-arch image again to be able to --load it into the host | |
| run: | | |
| docker buildx build --load --platform=linux/amd64 \ | |
| -t $DOCKER_IMAGE_NAME:ci-scan \ | |
| -f Dockerfile.sidecar \ | |
| . | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@v0.36.0 | |
| with: | |
| image-ref: '${{ env.DOCKER_IMAGE_NAME }}:ci-scan' | |
| format: 'table' | |
| exit-code: '0' | |
| ignore-unfixed: true | |
| severity: 'HIGH,CRITICAL' | |
| - name: Push versioned images | |
| run: | | |
| docker buildx build --push --platform=$DOCKER_PLATFORMS \ | |
| -t $DOCKER_IMAGE_NAME:$DOCKER_IMAGE_TAG \ | |
| -f Dockerfile.sidecar \ | |
| . | |
| notify-failure: | |
| if: ${{ always() && failure() }} | |
| needs: [build, docker] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Notify failure via Slack | |
| uses: archive/github-actions-slack@v3.1.0 | |
| with: | |
| slack-bot-user-oauth-access-token: ${{ secrets.K8S_AGENTS_SLACK_TOKEN }} | |
| slack-channel: ${{ secrets.K8S_AGENTS_SLACK_CHANNEL }} | |
| slack-text: "❌ `${{ env.ORIGINAL_REPO_NAME }}`: <${{ github.server_url }}/${{ env.ORIGINAL_REPO_NAME }}/actions/runs/${{ github.run_id }}|'Nightly and main build' failed>." |