-
Notifications
You must be signed in to change notification settings - Fork 23
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
12 changed files
with
126 additions
and
25 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
{ | ||
"extends": [ | ||
"github>newrelic/coreint-automation:renovate-base.json5" | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -108,13 +108,6 @@ jobs: | |
GPG_MAIL: '[email protected]' | ||
GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} | ||
GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded | ||
- name: Notify failure via Slack | ||
if: ${{ failure() }} | ||
uses: archive/github-actions-slack@master | ||
with: | ||
slack-bot-user-oauth-access-token: ${{ secrets.COREINT_SLACK_TOKEN }} | ||
slack-channel: ${{ secrets.COREINT_SLACK_CHANNEL }} | ||
slack-text: "❌ `${{ env.REPO_FULL_NAME }}`: prerelease pipeline failed." | ||
- name: Test package installability | ||
uses: newrelic/integrations-pkg-test-action/linux@v1 | ||
with: | ||
|
@@ -165,13 +158,6 @@ jobs: | |
shell: bash | ||
run: | | ||
build/windows/upload_msi.sh ${INTEGRATION} ${{ matrix.goarch }} ${TAG} | ||
- name: Notify failure via Slack | ||
if: ${{ failure() }} | ||
uses: archive/github-actions-slack@master | ||
with: | ||
slack-bot-user-oauth-access-token: ${{ secrets.COREINT_SLACK_TOKEN }} | ||
slack-channel: ${{ secrets.COREINT_SLACK_CHANNEL }} | ||
slack-text: "❌ `${{ env.REPO_FULL_NAME }}`: prerelease pipeline failed." | ||
publish-to-s3: | ||
name: Send release assets to S3 | ||
|
@@ -216,3 +202,15 @@ jobs: | |
packageLocation: repo | ||
stagingRepo: true | ||
upgrade: false | ||
|
||
notify-failure: | ||
if: ${{ always() && failure() }} | ||
needs: [ test-nix, test-windows, prerelease, package-win, publish-to-s3 ] | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Notify failure via Slack | ||
uses: archive/github-actions-slack@master | ||
with: | ||
slack-bot-user-oauth-access-token: ${{ secrets.COREINT_SLACK_TOKEN }} | ||
slack-channel: ${{ secrets.COREINT_SLACK_CHANNEL }} | ||
slack-text: "❌ `${{ env.ORIGINAL_REPO_NAME }}`: [prerelease pipeline failed](${{ github.server_url }}/${{ env.ORIGINAL_REPO_NAME }}/actions/runs/${{ github.run_id }})." |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
name: Security Scan | ||
|
||
on: | ||
push: | ||
branches: | ||
- master | ||
- main | ||
- renovate/** | ||
pull_request: | ||
schedule: | ||
- cron: "0 3 * * *" | ||
|
||
jobs: | ||
trivy: | ||
name: Trivy security scan | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@v3 | ||
|
||
- name: Run Trivy vulnerability scanner in repo mode | ||
uses: aquasecurity/[email protected] | ||
if: ${{ ! github.event.schedule }} # Do not run inline checks when running periodically | ||
with: | ||
scan-type: fs | ||
ignore-unfixed: true | ||
exit-code: 1 | ||
severity: 'HIGH,CRITICAL' | ||
skip-dirs: 'build' | ||
# test private key | ||
skip-files: 'tests/integration/tls_cert/redis.key' | ||
|
||
- name: Run Trivy vulnerability scanner sarif output | ||
uses: aquasecurity/[email protected] | ||
if: ${{ github.event.schedule }} # Generate sarif when running periodically | ||
with: | ||
scan-type: fs | ||
ignore-unfixed: true | ||
severity: 'HIGH,CRITICAL' | ||
format: 'template' | ||
template: '@/contrib/sarif.tpl' | ||
output: 'trivy-results.sarif' | ||
skip-dirs: 'build' | ||
# test private key | ||
skip-files: 'tests/integration/tls_cert/redis.key' | ||
|
||
- name: Upload Trivy scan results to GitHub Security tab | ||
uses: github/codeql-action/upload-sarif@v2 | ||
if: ${{ github.event.schedule }} # Upload sarif when running periodically | ||
with: | ||
sarif_file: 'trivy-results.sarif' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
name: Trigger prerelease creation | ||
|
||
# This workflow triggers a prerelease creation with changelog and the release notes created by the release toolkit. | ||
# This workflow should be triggered merely from the default branch. | ||
# If you wish to be 100% free creating a prerelease, just create it manually. | ||
|
||
on: | ||
workflow_dispatch: | ||
schedule: | ||
- cron: "30 7 * * 1" | ||
|
||
jobs: | ||
prerelease: | ||
uses: newrelic/coreint-automation/.github/workflows/trigger_prerelease.yaml@v1 | ||
secrets: | ||
bot_token: ${{ secrets.COREINT_BOT_TOKEN }} | ||
slack_channel: ${{ secrets.COREINT_SLACK_CHANNEL }} | ||
slack_token: ${{ secrets.COREINT_SLACK_TOKEN }} | ||
with: | ||
rt-included-files: go.mod,go.sum,build/Dockerfile |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -51,3 +51,7 @@ dist/ | |
# build files | ||
src/versioninfo.json | ||
src/resource.syso | ||
|
||
# Release toolkit | ||
CHANGELOG.partial.md | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
FROM golang:1.20-buster | ||
FROM golang:1.20.6-bookworm | ||
|
||
ARG GH_VERSION='1.9.2' | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters