Skip to content
Build And Upload

Build And Upload #103

Sign in to view logs

Build And Upload

Build And Upload #103

Workflow file for this run

.github/workflows/test-build.yml at e5ed07a
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: MIT
name: Build And Upload
env:
CWA_GITHUB_TEST_REPO_NAME: "aws/amazon-cloudwatch-agent-test"
CWA_GITHUB_REPO_NAME: "aws/amazon-cloudwatch-agent"
on:
# push:
## branches:
### - uniform-build-env
workflow_dispatch:
inputs:
ContainerRepositoryNameAndTag:
# e.g. "cwagent-integration-test:SHA"
# e.g. "cwa-release:latest"
# e.g. "cwa_nonprod:latest"
description: "ECR repo name and tag"
required: true
type: string
BucketKey:
# e.g. s3://<bucket>/integration-test/binary/<SHA>"
# e.g. s3://<bucket>/nonprod
# e.g. s3://<bucket>/release
description: "S3 URI to upload artifacts into."
required: true
type: string
PackageBucketKey:
description: "Integration tests put the MSI and PKG in a different bucket path than the binaries."
required: true
type: string
workflow_call:
inputs:
ContainerRepositoryNameAndTag:
# e.g. "cwagent-integration-test:SHA"
# e.g. "cwa-release:latest"
# e.g. "cwa_nonprod:latest"
description: "ECR repo name and tag"
required: true
type: string
BucketKey:
# e.g. s3://<bucket>/integration-test/binary/<SHA>"
# e.g. s3://<bucket>/nonprod
# e.g. s3://<bucket>/release
description: "S3 URI to upload artifacts into."
required: true
type: string
PackageBucketKey:
description: "Integration tests put the MSI and PKG in a different bucket path than the binaries."
required: true
type: string
jobs:
MakeBinary:
name: 'MakeBinary'
runs-on: ubuntu-latest
# environment: Build-Instance
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
# Set up building environment, patch the dev repo code on dispatch events.
- name: Set up Go 1.x
uses: actions/setup-go@v4
with:
go-version: ~1.21.1
cache: false
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: ${{ secrets.TERRAFORM_AWS_ASSUME_ROLE }}
aws-region: us-west-2
- name: Cache binaries
id: cached_binaries
uses: actions/cache@v3
with:
key: "cached_binaries_${{ github.sha }}"
path: go.mod
- name: Extract branch name
shell: bash
run: echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT
id: extract_branch
- name: Build Uniform Build Env
if: contains(inputs.BucketKey, 'test') == false || steps.cached_binaries.outputs.cache-hit == false
run: |
cd packaging/uniformBuild
go build .
- name: Run Uniform Build Env.
if: contains(inputs.BucketKey, 'test') == false || steps.cached_binaries.outputs.cache-hit == false
run: |
cd packaging/uniformBuild
./uniformBuild -r "https://github.com/${{env.CWA_GITHUB_REPO_NAME}}.git" -b ${{ steps.extract_branch.outputs.branch }} -o "${{inputs.BucketKey}}" -p "${{inputs.PackageBucketKey}}" -a "${{secrets.AWS_TEST_ACCOUNT_ID}}"
# - name: Cache go ^^^ make it not main
# # Only skip for integration builds not release builds.
# if: contains(inputs.BucketKey, 'test') == false || steps.cached_binaries.outputs.cache-hit == false
# uses: actions/cache@v3
# with:
# path: |
# ~/go/pkg/mod
# ~/.cache/go-build
# key: v1-go-pkg-mod-${{ runner.os }}-${{ hashFiles('**/go.sum') }}
DockerBuild:
name: "Build Docker Container"
runs-on: ubuntu-latest
needs: [MakeBinary]
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@v3
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: ${{ secrets.TERRAFORM_AWS_ASSUME_ROLE }}
aws-region: us-west-2
- name: Download from s3
if: contains(inputs.BucketKey, 'test') == false || steps.cached_sig.outputs.cache-hit == false
run: |
mkdir -p packages/amd64
mkdir packages/arm64
aws s3 cp s3://${{ secrets.S3_INTEGRATION_BUCKET }}/${{ inputs.PackageBucketKey }}/amazon-cloudwatch-agent.msi ./packages/amazon-cloudwatch-agent.msi
aws s3 cp s3://${{ secrets.S3_INTEGRATION_BUCKET }}/${{ inputs.PackageBucketKey }}/amd64/amazon-cloudwatch-agent.pkg ./packages/amd64/amazon-cloudwatch-agent.pkg
aws s3 cp s3://${{ secrets.S3_INTEGRATION_BUCKET }}/${{ inputs.PackageBucketKey }}/arm64/amazon-cloudwatch-agent.pkg ./packages/arm64/amazon-cloudwatch-agent.pkg
- name: Import GPG Key
if: contains(inputs.BucketKey, 'test') == false || steps.cached_binaries.outputs.cache-hit == false
uses: crazy-max/ghaction-import-gpg@v5
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.PASSPHRASE }}
- name: Login ECR
if: contains(inputs.BucketKey, 'test') == false || steps.cached_binaries.outputs.cache-hit == false
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Set up Docker Buildx
if: contains(inputs.BucketKey, 'test') == false || steps.cached_binaries.outputs.cache-hit == false
uses: docker/setup-buildx-action@v1
- name: Set up QEMU
if: contains(inputs.BucketKey, 'test') == false || steps.cached_binaries.outputs.cache-hit == false
uses: docker/setup-qemu-action@v1
# Build dir is ignored in our .dockerignore thus need to copy to another dir.
- name: Copy Binary For Agent Image Build
if: contains(inputs.BucketKey, 'test') == false || steps.cached_binaries.outputs.cache-hit == false
run: aws s3 cp s3://${{ secrets.S3_INTEGRATION_BUCKET }}/${{inputs.BucketKey}}/ . --recursive
- name: Sign Build Files
if: contains(inputs.BucketKey, 'test') == false || steps.cached_binaries.outputs.cache-hit == false
run: for f in $(ls); do if [ ! -d $f ]; then echo "Signing file $f" && gpg --detach-sign $f ; fi ; done
- name: Build Cloudwatch Agent Image
uses: docker/build-push-action@v4
if: contains(inputs.BucketKey, 'test') == false || steps.cached_binaries.outputs.cache-hit == false
with:
file: amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/localdeb/Dockerfile
context: .
push: true
tags: |
${{ steps.login-ecr.outputs.registry }}/${{ inputs.ContainerRepositoryNameAndTag }}
platforms: linux/amd64, linux/arm64
# #GH actions set up gpg only works on ubuntu as of this commit date
GPGSignMacAndWindowsPackage:
name: 'SignMacAndWindowsPackage'
runs-on: ubuntu-latest
needs: [MakeBinary]
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@v3
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: ${{ secrets.TERRAFORM_AWS_ASSUME_ROLE }}
aws-region: us-west-2
- name: Cache sig
id: cached_sig
uses: actions/cache@v3
with:
key: "cached_sig_${{ github.sha }}"
path: go.mod
- name: Download from s3
if: contains(inputs.BucketKey, 'test') == false || steps.cached_sig.outputs.cache-hit == false
run: |
mkdir -p packages/amd64
mkdir packages/arm64
aws s3 cp s3://${{ secrets.S3_INTEGRATION_BUCKET }}/${{ inputs.PackageBucketKey }}/amazon-cloudwatch-agent.msi ./packages/amazon-cloudwatch-agent.msi
aws s3 cp s3://${{ secrets.S3_INTEGRATION_BUCKET }}/${{ inputs.PackageBucketKey }}/amd64/amazon-cloudwatch-agent.pkg ./packages/amd64/amazon-cloudwatch-agent.pkg
aws s3 cp s3://${{ secrets.S3_INTEGRATION_BUCKET }}/${{ inputs.PackageBucketKey }}/arm64/amazon-cloudwatch-agent.pkg ./packages/arm64/amazon-cloudwatch-agent.pkg
- name: Import GPG Key
uses: crazy-max/ghaction-import-gpg@v5
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.PASSPHRASE }}
- name: Sign Build Files
run: for f in $(find packages/); do if [ ! -d $f ]; then echo "Signing file $f" && gpg --detach-sign $f ; fi ; done
- name: Upload to s3
if: contains(inputs.BucketKey, 'test') == false || steps.cached_sig.outputs.cache-hit == false
run: |
aws s3 cp packages/amazon-cloudwatch-agent.msi.sig s3://${{ secrets.S3_INTEGRATION_BUCKET }}/${{ inputs.PackageBucketKey }}/amazon-cloudwatch-agent.msi.sig
aws s3 cp packages/amd64/amazon-cloudwatch-agent.pkg.sig s3://${{ secrets.S3_INTEGRATION_BUCKET }}/${{ inputs.PackageBucketKey }}/amd64/amazon-cloudwatch-agent.pkg.sig
aws s3 cp packages/arm64/amazon-cloudwatch-agent.pkg.sig s3://${{ secrets.S3_INTEGRATION_BUCKET }}/${{ inputs.PackageBucketKey }}/arm64/amazon-cloudwatch-agent.pkg.sig