chore(deps): update golang version to 1.21 #200
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Push/PR pipeline | |
on: | |
push: | |
branches: | |
- main | |
- master | |
- renovate/** | |
pull_request: | |
env: | |
INTEGRATION: "mssql" | |
ORIGINAL_REPO_NAME: ${{ github.event.repository.full_name }} | |
REPO_FULL_NAME: ${{ github.event.repository.full_name }} | |
TAG: "v0.0.0" # needed for goreleaser windows builds | |
jobs: | |
static-analysis: | |
name: Run all static analysis checks | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: newrelic/newrelic-infra-checkers@v1 | |
- name: Semgrep | |
uses: returntocorp/semgrep-action@v1 | |
with: | |
auditOn: push | |
- name: golangci-lint | |
uses: golangci/golangci-lint-action@v3 | |
continue-on-error: ${{ github.event_name != 'pull_request' }} | |
with: | |
only-new-issues: true | |
- name: Check if CHANGELOG is valid | |
uses: newrelic/release-toolkit/validate-markdown@v1 | |
snyk: | |
name: Run security checks via snyk | |
runs-on: ubuntu-latest | |
env: | |
SNYK_TOKEN: ${{ secrets.COREINT_SNYK_TOKEN }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Scan code for vulnerabilities | |
if: ${{env.SNYK_TOKEN}} | |
run: make ci/snyk-test | |
test-nix: | |
name: Run unit tests on *Nix | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Unit tests | |
run: make ci/test | |
test-windows: | |
name: Run unit tests on Windows | |
runs-on: windows-latest | |
env: | |
GOPATH: ${{ github.workspace }} | |
defaults: | |
run: | |
working-directory: src/github.com/${{ env.ORIGINAL_REPO_NAME }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
path: src/github.com/${{env.ORIGINAL_REPO_NAME}} | |
- name: Install Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version-file: "src/github.com/${{ env.ORIGINAL_REPO_NAME }}/go.mod" | |
- name: Running unit tests | |
shell: pwsh | |
run: | | |
.\build\windows\unit_tests.ps1 | |
test-integration-nix: | |
name: Run integration tests on *Nix | |
runs-on: ubuntu-latest | |
defaults: | |
run: | |
working-directory: src/github.com/${{env.ORIGINAL_REPO_NAME}} | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 1 | |
path: src/github.com/${{env.ORIGINAL_REPO_NAME}} | |
- name: Install Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version-file: "src/github.com/${{ env.ORIGINAL_REPO_NAME }}/go.mod" | |
- name: Integration test | |
env: | |
GOPATH: ${{ github.workspace }} | |
run: make integration-test | |
test-build-nix: | |
name: Test binary compilation and packaging for linux | |
runs-on: ubuntu-latest | |
env: | |
GPG_MAIL: '[email protected]' | |
GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} | |
GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded | |
steps: | |
- uses: actions/checkout@v4 | |
- run: | | |
git tag "$TAG" | |
if [ -z "$GPG_PASSPHRASE" ]; then | |
echo NO_SIGN=true >> $GITHUB_ENV | |
fi | |
- name: Build all platforms:arch | |
run: make ci/fake-prerelease | |
- name: Upload artifacts for next job | |
uses: actions/upload-artifact@v3 | |
with: | |
name: windows-packages | |
path: dist/nri-*.zip | |
test-build-windows: | |
name: Create MSI | |
runs-on: windows-latest | |
needs: [test-build-nix] | |
env: | |
GOPATH: ${{ github.workspace }} | |
PFX_CERTIFICATE_BASE64: ${{ secrets.OHAI_PFX_CERTIFICATE_BASE64 }} # base64 encoded | |
PFX_CERTIFICATE_DESCRIPTION: 'New Relic' | |
PFX_PASSPHRASE: ${{ secrets.OHAI_PFX_PASSPHRASE }} | |
defaults: | |
run: | |
working-directory: src/github.com/${{ env.ORIGINAL_REPO_NAME }} | |
strategy: | |
matrix: | |
goarch: [amd64,386] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
path: src/github.com/${{ env.ORIGINAL_REPO_NAME }} | |
- shell: bash | |
run: git tag "$TAG" | |
- name: Download artifact from previous job | |
uses: actions/download-artifact@v3 | |
with: | |
name: windows-packages | |
path: src/github.com/${{ env.ORIGINAL_REPO_NAME }}/dist/ | |
- name: Get PFX certificate from GH secrets | |
shell: bash | |
run: | | |
if [ -z "$PFX_CERTIFICATE_BASE64" ]; then | |
echo NO_SIGN=true >> $GITHUB_ENV | |
else | |
printf "%s" "$PFX_CERTIFICATE_BASE64" | base64 -d - > wincert.pfx | |
fi | |
- name: Extract .exe | |
shell: pwsh | |
run: build\windows\extract_exe.ps1 "$env:INTEGRATION" ${{ matrix.goarch }} "$env:TAG" | |
- name: Create MSI | |
shell: pwsh | |
run: build\windows\package_msi.ps1 -integration "$env:INTEGRATION" -arch ${{ matrix.goarch }} -tag "$env:TAG" -pfx_passphrase "$env:PFX_PASSPHRASE" -pfx_certificate_description "$env:PFX_CERTIFICATE_DESCRIPTION" |