Skip to content

Commit

Permalink
Nr 351326 linux prerelease fips (#1976)
Browse files Browse the repository at this point in the history
* Create new FIPS packages on prerelease for linux
* Add FIPS molecule tests. (#1981)
  • Loading branch information
alvarocabanas authored Jan 7, 2025
1 parent 8869d88 commit dca5719
Show file tree
Hide file tree
Showing 5 changed files with 59 additions and 12 deletions.
7 changes: 7 additions & 0 deletions .github/workflows/component_linux_packaging.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,10 @@ on:
ARCH:
required: true
type: string
FIPS:
required: false
type: boolean
default: false

env:
GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
Expand All @@ -32,6 +36,7 @@ env:
DOCKER_HUB_ID: ${{ secrets.DOCKER_HUB_ID }}
DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
ARCH: ${{ inputs.ARCH }}
FIPS: ${{ inputs.FIPS == true && '-fips' || '' }}

jobs:
packaging:
Expand All @@ -49,6 +54,8 @@ jobs:

- name: Preparing linux packages
run: make ci/prerelease/linux-${{ env.ARCH }}
env:
FIPS: ${{ env.FIPS }}

- name: Generate checksum files
uses: ./.github/actions/generate-checksums
Expand Down
7 changes: 5 additions & 2 deletions .github/workflows/component_linux_publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,9 @@ jobs:
- "targz"
- "deb"
- "rpm"
suffix:
- ""
- "-fips"

steps:
- name: Login to DockerHub
Expand All @@ -89,10 +92,10 @@ jobs:
uses: newrelic/infrastructure-publish-action@v1.3.4
with:
tag: ${{env.TAG}}
app_name: "newrelic-infra"
app_name: "newrelic-infra${{ matrix.suffix }}"
repo_name: "newrelic/infrastructure-agent"
schema: "custom"
schema_url: "https://raw.githubusercontent.com/newrelic/infrastructure-agent/${{ env.SCHEMA_BRANCH }}/build/upload-schema-linux-${{ matrix.assetsType }}.yml"
schema_url: "https://raw.githubusercontent.com/newrelic/infrastructure-agent/${{ env.SCHEMA_BRANCH }}/build/upload-schema-linux-${{ matrix.assetsType }}${{ matrix.suffix }}.yml"
aws_access_key_id: ${{ env.AWS_ACCESS_KEY_ID }}
aws_secret_access_key: ${{ env.AWS_SECRET_ACCESS_KEY }}
aws_s3_bucket_name: ${{ env.AWS_S3_BUCKET_NAME }}
Expand Down
11 changes: 10 additions & 1 deletion .github/workflows/component_molecule_packaging.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,10 +21,19 @@ jobs:
name: Test package installation
runs-on: ubuntu-latest
steps:
- uses: newrelic/pkg-installation-testing-action@v1
- name: Test NON-FIPS package installation
uses: newrelic/pkg-installation-testing-action@v1
with:
gpg_key: 'https://download.newrelic.com/infrastructure_agent/gpg/newrelic-infra.gpg'
repo_base_url: ${{ inputs.REPO_ENDPOINT }}
package_name: 'newrelic-infra'
package_version: ${{ inputs.TAG }}
platforms: "al2,al2023,debian-bullseye,debian-bookworm,redhat8,redhat9,suse15.3,suse15.4,suse15.5,suse15.6,ubuntu1604,ubuntu1804,ubuntu2004,ubuntu2204,ubuntu2404"
- name: Test FIPS package installation
uses: newrelic/pkg-installation-testing-action@v1
with:
gpg_key: 'https://download.newrelic.com/infrastructure_agent/gpg/newrelic-infra.gpg'
repo_base_url: ${{ inputs.REPO_ENDPOINT }}
package_name: 'newrelic-infra-fips'
package_version: ${{ inputs.TAG }}
platforms: "al2,al2023,debian-bullseye,debian-bookworm,redhat8,redhat9,suse15.3,suse15.4,suse15.5,suse15.6,ubuntu1604,ubuntu1804,ubuntu2004,ubuntu2204,ubuntu2404"
32 changes: 31 additions & 1 deletion .github/workflows/prerelease_linux.yml
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,21 @@ jobs:
with:
TAG: ${{ github.event.release.tag_name }}
ARCH: 'amd64'

packaging-amd64-fips:
needs: [unit-test, proxy-tests]
uses: ./.github/workflows/component_linux_packaging.yml
secrets:
DOCKER_HUB_ID: ${{secrets.OHAI_DOCKER_HUB_ID}}
DOCKER_HUB_PASSWORD: ${{secrets.OHAI_DOCKER_HUB_PASSWORD}}
GPG_MAIL: 'infrastructure-eng@newrelic.com'
GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }}
GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
TAG: ${{ github.event.release.tag_name }}
ARCH: 'amd64'
FIPS: true

packaging-arm:
needs: [unit-test, proxy-tests]
Expand Down Expand Up @@ -60,6 +75,21 @@ jobs:
TAG: ${{ github.event.release.tag_name }}
ARCH: 'arm64'

packaging-arm64-fips:
needs: [unit-test, proxy-tests]
uses: ./.github/workflows/component_linux_packaging.yml
secrets:
DOCKER_HUB_ID: ${{secrets.OHAI_DOCKER_HUB_ID}}
DOCKER_HUB_PASSWORD: ${{secrets.OHAI_DOCKER_HUB_PASSWORD}}
GPG_MAIL: 'infrastructure-eng@newrelic.com'
GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }}
GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
TAG: ${{ github.event.release.tag_name }}
ARCH: 'arm64'
FIPS: true

packaging-legacy:
needs: [unit-test, proxy-tests]
uses: ./.github/workflows/component_linux_packaging.yml
Expand Down Expand Up @@ -98,7 +128,7 @@ jobs:
# point to staging after tests
name: Publish linux artifacts into s3 staging bucket
uses: ./.github/workflows/component_linux_publish.yml
needs: [packaging-amd64, packaging-arm, packaging-arm64, packaging-legacy]
needs: [packaging-amd64, packaging-amd64-fips, packaging-arm, packaging-arm64, packaging-arm64-fips, packaging-legacy]
secrets:
DOCKER_HUB_ID: ${{secrets.OHAI_DOCKER_HUB_ID}}
DOCKER_HUB_PASSWORD: ${{secrets.OHAI_DOCKER_HUB_PASSWORD}}
Expand Down
14 changes: 6 additions & 8 deletions build/release.mk
Original file line number Diff line number Diff line change
Expand Up @@ -71,12 +71,10 @@ release/pkg-linux: release/get-fluentbit-linux-arm64

.PHONY : release/pkg-linux-fips
release/pkg-linux-fips: release/deps release/clean generate-goreleaser-multiarch-fips
release/pkg-linux-fips: release/get-integrations-amd64 #NO FIPS ASSETS AVAILABLE FOR NOW
release/pkg-linux-fips: release/get-integrations-arm64 #NO FIPS ASSETS AVAILABLE FOR NOW
# release/pkg-linux-fips: release/get-integrations-arm #NO FIPS ASSETS AVAILABLE FOR NOW
release/pkg-linux-fips: release/get-fluentbit-linux-amd64 #NO FIPS ASSETS AVAILABLE FOR NOW
# #release/pkg-linux: release/get-fluentbit-linux-arm
release/pkg-linux-fips: release/get-fluentbit-linux-arm64 #NO FIPS ASSETS AVAILABLE FOR NOW
release/pkg-linux-fips: release/get-integrations-amd64
release/pkg-linux-fips: release/get-integrations-arm64
release/pkg-linux-fips: release/get-fluentbit-linux-amd64
release/pkg-linux-fips: release/get-fluentbit-linux-arm64
@echo "=== [release/pkg-linux-fips] PRE-RELEASE compiling all binaries, creating packages, archives"
$(GORELEASER_BIN) release --config $(GORELEASER_CONFIG_LINUX) $(PKG_FLAGS)

Expand Down Expand Up @@ -178,7 +176,7 @@ release-macos: release/pkg-macos release/fix-tarballs-macos
.PHONY : generate-goreleaser-amd64
generate-goreleaser-amd64:
cat $(CURDIR)/build/goreleaser/linux/header.yml\
$(CURDIR)/build/goreleaser/linux/build_amd64.yml\
$(CURDIR)/build/goreleaser/linux/build_amd64$(subst -,_,$(FIPS)).yml\
$(CURDIR)/build/goreleaser/linux/archives_header.yml\
$(CURDIR)/build/goreleaser/linux/archives_amd64.yml\
$(CURDIR)/build/goreleaser/linux/nfpms_header.yml\
Expand Down Expand Up @@ -232,7 +230,7 @@ generate-goreleaser-amd64:
.PHONY : generate-goreleaser-arm64
generate-goreleaser-arm64:
cat $(CURDIR)/build/goreleaser/linux/header.yml\
$(CURDIR)/build/goreleaser/linux/build_arm64.yml\
$(CURDIR)/build/goreleaser/linux/build_arm64$(subst -,_,$(FIPS)).yml\
$(CURDIR)/build/goreleaser/linux/archives_header.yml\
$(CURDIR)/build/goreleaser/linux/archives_arm64.yml\
$(CURDIR)/build/goreleaser/linux/nfpms_header.yml\
Expand Down

0 comments on commit dca5719

Please sign in to comment.