Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ci: build & test otelcol-config #1656

Merged
merged 7 commits into from
Aug 16, 2024
Merged

ci: build & test otelcol-config #1656

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
667cb10
ci: build & test otelcol-config
amdprophet Jul 30, 2024
94f6435
ci: add macOS signing for otelcol-config
amdprophet Aug 15, 2024
6dc89b8
ci: bump go version to 1.21.11 in otelcol-config jobs
amdprophet Aug 15, 2024
52e1737
ci: fix typo
amdprophet Aug 15, 2024
bd8e2d2
only import apple codesigning certs on macOS
amdprophet Aug 15, 2024
ab0b234
ci: add otelcol-config jobs to pull requests workflow
amdprophet Aug 15, 2024
3a30268
ci: fix typo
amdprophet Aug 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
54 changes: 54 additions & 0 deletions .github/workflows/dev_builds.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,25 @@ jobs:
save-cache: true
boringcrypto: ${{ matrix.boringcrypto == true }}

test-otelcol-config:
name: Test (otelcol-config)
uses: ./.github/workflows/workflow-test-otelcol-config.yml
strategy:
matrix:
include:
- arch_os: linux_amd64
runs-on: ubuntu-20.04
- arch_os: linux_amd64
runs-on: ubuntu-20.04
boringcrypto: true
- arch_os: darwin_amd64
runs-on: macos-latest
with:
arch_os: ${{ matrix.arch_os }}
runs-on: ${{ matrix.runs-on }}
save-cache: true
boringcrypto: ${{ matrix.boringcrypto == true }}

build:
name: Build
uses: ./.github/workflows/workflow-build.yml
Expand Down Expand Up @@ -143,6 +162,39 @@ jobs:
microsoft_certificate_name: ${{ secrets.MICROSOFT_CERTNAME }}
microsoft_description: ${{ secrets.MICROSOFT_DESCRIPTION }}

build-otelcol-config:
name: Build (otelcol-config)
uses: ./.github/workflows/workflow-build-otelcol-config.yml
needs: [get-version]
strategy:
fail-fast: false
matrix:
include:
- arch_os: darwin_amd64
runs-on: macos-latest
- arch_os: darwin_arm64
runs-on: macos-latest
- arch_os: linux_amd64
runs-on: ubuntu-20.04
- arch_os: linux_amd64
runs-on: ubuntu-20.04
fips: true
- arch_os: linux_arm64
runs-on: ubuntu-20.04
- arch_os: linux_arm64
runs-on: ubuntu-20.04
fips: true
with:
arch_os: ${{ matrix.arch_os }}
runs-on: ${{ matrix.runs-on }}
fips: ${{ matrix.fips == true }}
save-cache: true
sumo_component_gomod_version: "v${{ needs.get-version.outputs.version }}"
secrets:
apple_developer_certificate_p12_base64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }}
apple_developer_certificate_password: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }}
app_store_connect_password: ${{ secrets.AC_PASSWORD }}

build-container-images:
name: Build container
runs-on: ubuntu-20.04
Expand Down Expand Up @@ -475,6 +527,8 @@ jobs:
trigger-packaging:
name: Trigger Packaging
needs:
- build
- build-otelcol-config
- lint
- package-msi
- push-docker-manifest
Expand Down
50 changes: 50 additions & 0 deletions .github/workflows/pull_requests.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -156,6 +156,25 @@ jobs:
runs-on: ${{ matrix.runs-on }}
boringcrypto: ${{ matrix.boringcrypto == true }}

test-otelcol-config:
name: Test (otelcol-config)
uses: ./.github/workflows/workflow-test-otelcol-config.yml
strategy:
matrix:
include:
- arch_os: linux_amd64
runs-on: ubuntu-20.04
- arch_os: linux_amd64
runs-on: ubuntu-20.04
boringcrypto: true
- arch_os: darwin_amd64
runs-on: macos-latest
with:
arch_os: ${{ matrix.arch_os }}
runs-on: ${{ matrix.runs-on }}
save-cache: true
boringcrypto: ${{ matrix.boringcrypto == true }}

test-wixext:
name: Test (SumoLogic.wixext)
runs-on: windows-2019
Expand Down Expand Up @@ -264,6 +283,37 @@ jobs:
microsoft_certificate_name: ${{ secrets.MICROSOFT_CERTNAME }}
microsoft_description: ${{ secrets.MICROSOFT_DESCRIPTION }}

build-otelcol-config:
name: Build (otelcol-config)
uses: ./.github/workflows/workflow-build-otelcol-config.yml
strategy:
fail-fast: false
matrix:
include:
- arch_os: darwin_amd64
runs-on: macos-latest
- arch_os: darwin_arm64
runs-on: macos-latest
- arch_os: linux_amd64
runs-on: ubuntu-20.04
- arch_os: linux_amd64
runs-on: ubuntu-20.04
fips: true
- arch_os: linux_arm64
runs-on: ubuntu-20.04
- arch_os: linux_arm64
runs-on: ubuntu-20.04
fips: true
with:
arch_os: ${{ matrix.arch_os }}
runs-on: ${{ matrix.runs-on }}
fips: ${{ matrix.fips == true }}
save-cache: true
secrets:
apple_developer_certificate_p12_base64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }}
apple_developer_certificate_password: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }}
app_store_connect_password: ${{ secrets.AC_PASSWORD }}

build-and-test-container-images:
name: Build container
runs-on: ubuntu-20.04
Expand Down
179 changes: 179 additions & 0 deletions .github/workflows/workflow-build-otelcol-config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,179 @@
name: Build Otelcol Config Tool

on:
workflow_call:
inputs:
arch_os:
description: Architecture and OS in the form "{arch}_{os}". See GOARCH and GOOS for accepted values.
default: linux_amd64
type: string
sumo_component_gomod_version:
description: Package version for components hosted in this repo. Normally, this is the v0.0.0-00010101000000-000000000000 placeholder.
type: string
required: false
fips:
description: Build binary with FIPS support
default: false
type: boolean
runs-on:
default: ubuntu-20.04
type: string
save-cache:
description: Save the module and build caches.
default: false
type: boolean
secrets:
apple_developer_certificate_p12_base64:
required: false
apple_developer_certificate_password:
required: false
app_store_connect_password:
required: false

defaults:
run:
shell: bash

env:
GO_VERSION: "1.21.11"

jobs:
build:
name: Build
runs-on: ${{ inputs.runs-on }}
env:
FIPS_SUFFIX: ${{ inputs.fips && '-fips' || '' }}
steps:
- uses: actions/checkout@v4

- name: Fetch current branch
run: ./ci/fetch_current_branch.sh

- name: Setup go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
cache: false

- name: Get Go env values
run: |
echo "GOMODCACHE=$(go env GOMODCACHE)" >> "$GITHUB_ENV"
echo "GOCACHE=$(go env GOCACHE)" >> "$GITHUB_ENV"
echo "GOARCH=$(go env GOARCH)" >> "$GITHUB_ENV"
echo "GOOS=$(go env GOOS)" >> "$GITHUB_ENV"
echo "ARCH_OS=$(go env GOOS)_$(go env GOARCH)" >> $GITHUB_ENV

- name: Get cache key
id: get-cache-key
run: |
echo "cache-key=go-build-${{ env.GO_VERSION }}-otelcol-config${FIPS_SUFFIX}-${{inputs.arch_os}}-${{ hashFiles('pkg/tools/otelcol-config/go.sum') }}" >> $GITHUB_OUTPUT
echo "restore-keys=go-build-${{ env.GO_VERSION }}-otelcol-config${FIPS_SUFFIX}-${{inputs.arch_os}}-" >> $GITHUB_OUTPUT
echo "toolchain-cache-key=toolchain-${{inputs.arch_os}}-${{ hashFiles('pkg/tools/otelcol-config/build-fips/config.mak', 'pkg/tools/otelcol-config/build-fips/Makefile') }}" >> $GITHUB_OUTPUT

- uses: actions/cache/restore@v4
with:
path: |
${{ env.GOMODCACHE }}/cache
${{ env.GOCACHE }}
key: ${{ steps.get-cache-key.outputs.cache-key }}
restore-keys: |
${{ steps.get-cache-key.outputs.restore-keys }}

- name: Build
if: '! inputs.fips'
run: make otelcol-config-${{inputs.arch_os}}
working-directory: ./pkg/tools/otelcol-config

- uses: actions/cache/restore@v4
id: restore-toolchain-cache
if: inputs.fips && contains(inputs.arch_os, 'linux')
with:
path: |
/opt/toolchain
key: ${{ steps.get-cache-key.outputs.toolchain-cache-key }}

- name: Rebuild Toolchains
id: rebuild-toolchain
if: ${{ steps.restore-toolchain-cache.outcome == 'success' && steps.restore-toolchain-cache.outputs.cache-hit != 'true' }}
run: make toolchain-${{ inputs.arch_os }} OUTPUT=/opt/toolchain -j3
working-directory: ./toolchains

- name: Build (FIPS)
if: inputs.fips && contains(inputs.arch_os, 'linux')
run: |
CC=$(find /opt/toolchain/bin -type f -name "*-linux-musl-gcc")
test "$CC"
echo "Using toolchain: $CC"
make otelcol-config-${{inputs.arch_os}} \
FIPS_SUFFIX="-fips" \
CGO_ENABLED="1" \
CC="$CC" \
EXTRA_LDFLAGS="-linkmode external -extldflags '-static'"
working-directory: ./pkg/tools/otelcol-config

- name: Build (FIPS)
if: inputs.fips && contains(inputs.arch_os, 'linux')
run: |
CC=$(find /opt/toolchain/bin -type f -name "*-linux-musl-gcc")
test "$CC"
echo "Using toolchain: $CC"
make otelcol-config-${{inputs.arch_os}} \
FIPS_SUFFIX="-fips" \
CGO_ENABLED="1" \
CC="$CC" \
EXTRA_LDFLAGS="-linkmode external -extldflags '-static'"
working-directory: ./pkg/tools/otelcol-config

- name: Set binary name
id: set-binary-name
run: echo "binary_name=otelcol-config${FIPS_SUFFIX}-${{inputs.arch_os}}" >> $GITHUB_OUTPUT

- name: Show BoringSSL symbols
if: inputs.fips && contains(inputs.arch_os, 'linux')
working-directory: ./pkg/tools/otelcol-config
run: |
go tool nm ${{ steps.set-binary-name.outputs.binary_name }} | \
grep "_Cfunc__goboringcrypto_"

- uses: apple-actions/import-codesign-certs@v3
if: ${{ runner.os == 'macOS' }}
with:
p12-file-base64: ${{ secrets.apple_developer_certificate_p12_base64 }}
p12-password: ${{ secrets.apple_developer_certificate_password }}

- name: Sign the mac binaries
if: ${{ runner.os == 'macOS' }}
env:
AC_PASSWORD: ${{ secrets.app_store_connect_password }}
working-directory: ./pkg/tools/otelcol-config
run: make ${{ inputs.arch_os }}-sign

- name: Store binary as action artifact
uses: actions/upload-artifact@v4
with:
name: ${{ steps.set-binary-name.outputs.binary_name }}
path: ./pkg/tools/otelcol-config/${{ steps.set-binary-name.outputs.binary_name }}
if-no-files-found: error

- name: Store macOS .dmg as action artifact
uses: actions/upload-artifact@v4
if: runner.os == 'macOS'
with:
name: ${{ steps.set-binary-name.outputs.binary_name }}.dmg
path: ./pkg/tools/otelcol-config/${{ steps.set-binary-name.outputs.binary_name }}.dmg
if-no-files-found: error

- uses: actions/cache/save@v4
if: ${{ steps.rebuild-toolchain.outcome == 'success' }}
with:
path: |
/opt/toolchain
key: ${{ steps.get-cache-key.outputs.toolchain-cache-key }}

- uses: actions/cache/save@v4
if: inputs.save-cache
with:
path: |
${{ env.GOMODCACHE }}/cache
${{ env.GOCACHE }}
key: ${{ steps.get-cache-key.outputs.cache-key }}
15 changes: 4 additions & 11 deletions .github/workflows/workflow-build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -186,18 +186,11 @@ jobs:
go tool nm ${{ steps.set-binary-name.outputs.binary_name }} | \
grep "vendor/github.com/microsoft/go-crypto-winnative/internal/bcrypt.GetFipsAlgorithmMode"

# TODO: Go back to using Apple-Actions/import-codesign-certs once https://github.com/Apple-Actions/import-codesign-certs/pull/58 is merged
- name: Import macOS Code-Signing Certificates
- uses: apple-actions/import-codesign-certs@v3
if: ${{ runner.os == 'macOS' && env.MACOS_SIGNING_ENABLED == 'true' }}
run: |
export p12_filepath=$(mktemp)
echo '${{ secrets.apple_developer_certificate_p12_base64 }}' | base64 --decode >${p12_filepath}
/usr/bin/security create-keychain -p ${{ secrets.apple_developer_certificate_password }} signing_temp.keychain
/usr/bin/security set-keychain-settings -lut 21600 signing_temp.keychain
/usr/bin/security unlock-keychain -p ${{ secrets.apple_developer_certificate_password }} signing_temp.keychain
/usr/bin/security import ${p12_filepath} -k signing_temp.keychain -f pkcs12 -A -T /usr/bin/codesign -T /usr/bin/security -P ${{ secrets.apple_developer_certificate_password }}
/usr/bin/security set-key-partition-list -S apple-tool:,apple: -k ${{ secrets.apple_developer_certificate_password }} signing_temp.keychain
/usr/bin/security list-keychains -d user -s signing_temp.keychain login.keychain
with:
p12-file-base64: ${{ secrets.apple_developer_certificate_p12_base64 }}
p12-password: ${{ secrets.apple_developer_certificate_password }}

- name: Sign the mac binaries
if: ${{ runner.os == 'macOS' && env.MACOS_SIGNING_ENABLED == 'true' }}
Expand Down
Loading
Loading