NH-119050: bump joboe #797
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Push | |
| on: | |
| workflow_dispatch: | |
| push: | |
| permissions: | |
| packages: write | |
| contents: read | |
| id-token: write | |
| security-events: write | |
| env: | |
| SW_APM_DEBUG_LEVEL: trace | |
| AGENT_DOWNLOAD_URL: https://agent-binaries.global.st-ssp.solarwinds.com/apm/java/latest/solarwinds-apm-agent.jar | |
| SW_APM_COLLECTOR: ${{ secrets.SW_APM_COLLECTOR }} | |
| SW_APM_SERVICE_KEY_AO: ${{ secrets.SW_APM_SERVICE_KEY_AO }} | |
| SW_APM_SERVICE_KEY: ${{ secrets.SW_APM_SERVICE_KEY }} | |
| GITHUB_USERNAME: ${{ github.actor }} | |
| SWO_LOGIN_URL: ${{ secrets.SWO_LOGIN_URL }} | |
| SWO_HOST_URL: ${{ secrets.SWO_HOST_URL }} | |
| SWO_EMAIL: ${{ secrets.SWO_EMAIL }} | |
| SWO_PWORD: ${{ secrets.SWO_PWORD }} | |
| STAGE_BUCKET: ${{ secrets.STAGE_BUCKET }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }} | |
| SONATYPE_TOKEN: ${{ secrets.SONATYPE_TOKEN }} | |
| CENTRAL_USERNAME: ${{ secrets.CENTRAL_USERNAME }} | |
| CENTRAL_TOKEN: ${{ secrets.CENTRAL_TOKEN }} | |
| GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} | |
| GPG_PRIVATE_KEY_PASSPHRASE: ${{ secrets.GPG_PRIVATE_KEY_PASSPHRASE }} | |
| jobs: | |
| s3-stage-upload: # this job uploads the jar to stage s3 | |
| needs: | |
| - maven_snapshot_release | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| - uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_S3_ROLE_ARN_SSP_STAGE }} | |
| aws-region: "us-east-1" | |
| - name: Build agent | |
| run: ./gradlew clean build -x test | |
| - name: Set agent version | |
| id: set_version | |
| uses: ./.github/actions/version | |
| - name: Copy to S3 | |
| run: | | |
| aws s3 cp agent/build/libs/solarwinds-apm-agent.jar \ | |
| s3://$STAGE_BUCKET/apm/java/$AGENT_VERSION/solarwinds-apm-agent.jar \ | |
| --acl public-read | |
| aws s3 cp agent-lambda/build/libs/solarwinds-apm-agent-lambda.jar \ | |
| s3://$STAGE_BUCKET/apm/java/$AGENT_VERSION/solarwinds-apm-agent-lambda.jar \ | |
| --acl public-read | |
| aws s3 cp custom/shared/src/main/resources/solarwinds-apm-config.json \ | |
| s3://$STAGE_BUCKET/apm/java/$AGENT_VERSION/solarwinds-apm-config.json \ | |
| --acl public-read | |
| env: | |
| AGENT_VERSION: ${{ steps.set_version.outputs.version }} | |
| - name: Copy to S3(latest) | |
| run: | | |
| aws s3 cp s3://$STAGE_BUCKET/apm/java/$AGENT_VERSION/solarwinds-apm-agent.jar \ | |
| s3://$STAGE_BUCKET/apm/java/latest/solarwinds-apm-agent.jar \ | |
| --acl public-read | |
| aws s3 cp s3://$STAGE_BUCKET/apm/java/$AGENT_VERSION/solarwinds-apm-agent-lambda.jar \ | |
| s3://$STAGE_BUCKET/apm/java/latest/solarwinds-apm-agent-lambda.jar \ | |
| --acl public-read | |
| aws s3 cp s3://$STAGE_BUCKET/apm/java/$AGENT_VERSION/solarwinds-apm-config.json \ | |
| s3://$STAGE_BUCKET/apm/java/latest/solarwinds-apm-config.json \ | |
| --acl public-read | |
| touch VERSION | |
| echo "version: $AGENT_VERSION" >> VERSION | |
| SHA256=$(sha256sum agent/build/libs/solarwinds-apm-agent.jar) | |
| echo "sha256: $SHA256" >> VERSION | |
| aws s3 cp VERSION \ | |
| s3://$STAGE_BUCKET/apm/java/latest/VERSION \ | |
| --acl public-read | |
| env: | |
| AGENT_VERSION: ${{ steps.set_version.outputs.version }} | |
| build-test-images: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - s3-stage-upload | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Docker login | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build xk6 image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: long-running-test-arch/xk6 | |
| platforms: linux/amd64 | |
| push: true | |
| tags: "ghcr.io/${{github.repository_owner}}/xk6:latest" | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Build rc image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: long-running-test-arch | |
| file: long-running-test-arch/Dockerfile-rc | |
| platforms: linux/amd64 | |
| push: true | |
| tags: "ghcr.io/${{github.repository_owner}}/petclinic:agent-rc" | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Build stable image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: long-running-test-arch | |
| platforms: linux/amd64 | |
| push: true | |
| tags: "ghcr.io/${{github.repository_owner}}/petclinic:agent-latest" | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| - name: Build agent | |
| run: ./gradlew clean build -x test | |
| - name: Muzzle check | |
| run: ./gradlew muzzle | |
| - name: Execute tests | |
| run: ./gradlew test | |
| - name: Check shading | |
| run: | | |
| code=0 | |
| for path in $(jar -tf agent/build/libs/solarwinds-apm-agent.jar | grep -E -v '^((com/solarwinds|inst|io/open|META))') | |
| do | |
| PACKAGE=$(echo "$path" | awk -F/ '{print $2}') | |
| if [ -n "$PACKAGE" ] && [ "$PACKAGE" != "annotation" ]; then | |
| echo "Package ($path) is not shaded" | |
| code=1 | |
| fi | |
| done | |
| exit $code | |
| lambda=0 | |
| for path in $(jar -tf agent-lambda/build/libs/solarwinds-apm-agent-lambda.jar | grep -E -v '^((com/solarwinds|inst|io/open|META))') | |
| do | |
| PACKAGE=$(echo "$path" | awk -F/ '{print $2}') | |
| if [ -n "$PACKAGE" ] && [ "$PACKAGE" != "annotation" ]; then | |
| echo "Package ($path) is not shaded" | |
| lambda=1 | |
| fi | |
| done | |
| exit $lambda | |
| lambda-release-test: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - s3-stage-upload | |
| env: | |
| LAMBDA: "true" | |
| OTEL_EXPORTER_OTLP_ENDPOINT: ${{ secrets.OTEL_EXPORTER_OTLP_ENDPOINT }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Free Disk Space before Build | |
| run: | | |
| echo "Disk space before pre-build cleanup:" | |
| df -h | |
| sudo rm -rf /usr/local/.ghcup | |
| sudo rm -rf /opt/hostedtoolcache/CodeQL | |
| sudo rm -rf /usr/local/lib/android/sdk/ndk | |
| sudo rm -rf /usr/share/dotnet | |
| sudo rm -rf /opt/ghc | |
| sudo rm -rf /usr/local/share/boost | |
| echo "Disk space after pre-build cleanup:" | |
| df -h | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| - name: Set agent version | |
| id: set_version | |
| uses: ./.github/actions/version | |
| - name: Set snapshot version | |
| run: | | |
| GIT_HASH=$(git rev-parse --short "$GITHUB_SHA") | |
| echo "AGENT_VERSION=${{ steps.set_version.outputs.version }}.$GIT_HASH" >> $GITHUB_ENV | |
| - name: Build smoke-test | |
| run: | | |
| cd smoke-tests | |
| ./gradlew build -x test | |
| - name: Build webmvc jar | |
| run: | | |
| cd smoke-tests | |
| ./gradlew :spring-boot-webmvc:build | |
| - name: Build webmvc image | |
| run: | | |
| cd smoke-tests/spring-boot-webmvc | |
| docker image build --tag smt:webmvc . | |
| - name: Docker login | |
| run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $GITHUB_USERNAME --password-stdin | |
| - name: Execute smoke tests | |
| run: | | |
| cd smoke-tests | |
| ./gradlew test | |
| - uses: actions/upload-artifact@v4 | |
| if: always() | |
| with: | |
| path: smoke-tests/build/reports/tests/test | |
| name: lambda-release-test | |
| - name: Free Disk Space After Build | |
| run: | | |
| echo "Disk space before post-build cleanup:" | |
| df -h | |
| sudo rm -rf /usr/local/.ghcup | |
| sudo rm -rf /opt/hostedtoolcache/CodeQL | |
| sudo rm -rf /usr/local/lib/android/sdk/ndk | |
| sudo rm -rf /usr/share/dotnet | |
| sudo rm -rf /opt/ghc | |
| sudo rm -rf /usr/local/share/boost | |
| sudo rm -rf smoke-tests/build/ | |
| echo "Disk space after post-build cleanup:" | |
| df -h | |
| - name: Docker logout | |
| if: always() | |
| run: docker logout | |
| smoke-test-linux: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - s3-stage-upload | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| - name: Set agent version | |
| id: set_version | |
| uses: ./.github/actions/version | |
| - name: Set snapshot version | |
| run: | | |
| GIT_HASH=$(git rev-parse --short "$GITHUB_SHA") | |
| echo "AGENT_VERSION=${{ steps.set_version.outputs.version }}.$GIT_HASH" >> $GITHUB_ENV | |
| - name: Run application | |
| working-directory: smoke-tests | |
| run: | | |
| ./gradlew :netty-test:run | |
| env: | |
| SW_APM_SERVICE_KEY: ${{ secrets.SW_APM_SERVICE_KEY }}:smoke-test-linux | |
| smoke-test-no-agent: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - s3-stage-upload | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| - name: Set agent version | |
| id: set_version | |
| uses: ./.github/actions/version | |
| - name: Set snapshot version | |
| run: | | |
| GIT_HASH=$(git rev-parse --short "$GITHUB_SHA") | |
| echo "AGENT_VERSION=${{ steps.set_version.outputs.version }}.$GIT_HASH" >> $GITHUB_ENV | |
| - name: Run application | |
| working-directory: smoke-tests | |
| run: | | |
| ./gradlew :netty-test-no-agent:run | |
| smoke-test-windows: | |
| runs-on: windows-latest | |
| needs: | |
| - s3-stage-upload | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| - name: Set agent version | |
| id: set_version | |
| uses: ./.github/actions/version | |
| - name: Set snapshot version | |
| shell: bash | |
| run: | | |
| GIT_HASH=$(git rev-parse --short "$GITHUB_SHA") | |
| echo "AGENT_VERSION=${{ steps.set_version.outputs.version }}.$GIT_HASH" >> $GITHUB_ENV | |
| - name: Run application | |
| working-directory: smoke-tests | |
| run: | | |
| .\gradlew.bat :netty-test:run | |
| env: | |
| SW_APM_SERVICE_KEY: ${{ secrets.SW_APM_SERVICE_KEY }}:smoke-test-windows | |
| release-test: | |
| runs-on: ubuntu-latest | |
| env: | |
| LAMBDA: "false" | |
| needs: | |
| - s3-stage-upload | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Free Disk Space before Build | |
| run: | | |
| echo "Disk space before pre-build cleanup:" | |
| df -h | |
| sudo rm -rf /usr/local/.ghcup | |
| sudo rm -rf /opt/hostedtoolcache/CodeQL | |
| sudo rm -rf /usr/local/lib/android/sdk/ndk | |
| sudo rm -rf /usr/share/dotnet | |
| sudo rm -rf /opt/ghc | |
| sudo rm -rf /usr/local/share/boost | |
| echo "Disk space after pre-build cleanup:" | |
| df -h | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| - name: Docker login | |
| run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $GITHUB_USERNAME --password-stdin | |
| - name: Set agent version | |
| id: set_version | |
| uses: ./.github/actions/version | |
| - name: Set snapshot version | |
| run: | | |
| GIT_HASH=$(git rev-parse --short "$GITHUB_SHA") | |
| echo "AGENT_VERSION=${{ steps.set_version.outputs.version }}.$GIT_HASH" >> $GITHUB_ENV | |
| - name: Build smoke-test | |
| run: | | |
| cd smoke-tests | |
| ./gradlew build -x test | |
| - name: Build webmvc jar | |
| run: | | |
| cd smoke-tests | |
| ./gradlew :spring-boot-webmvc:build | |
| - name: Build webmvc image | |
| run: | | |
| cd smoke-tests/spring-boot-webmvc | |
| docker image build --tag smt:webmvc . | |
| - name: Execute smoke tests | |
| run: | | |
| cd smoke-tests | |
| ./gradlew test | |
| - uses: actions/upload-artifact@v4 | |
| if: always() | |
| with: | |
| path: smoke-tests/build/reports/tests/test | |
| name: release-test | |
| - name: Free Disk Space After Build | |
| run: | | |
| echo "Disk space before post-build cleanup:" | |
| df -h | |
| sudo rm -rf /usr/local/.ghcup | |
| sudo rm -rf /opt/hostedtoolcache/CodeQL | |
| sudo rm -rf /usr/local/lib/android/sdk/ndk | |
| sudo rm -rf /usr/share/dotnet | |
| sudo rm -rf /opt/ghc | |
| sudo rm -rf /usr/local/share/boost | |
| sudo rm -rf smoke-tests/build/ | |
| echo "Disk space after post-build cleanup:" | |
| df -h | |
| - name: Docker logout | |
| if: always() | |
| run: docker logout | |
| release-test-v2: | |
| runs-on: ubuntu-latest | |
| if: always() | |
| env: | |
| SMOKEV2: "true" | |
| needs: | |
| - release-test | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Free Disk Space before Build | |
| run: | | |
| echo "Disk space before pre-build cleanup:" | |
| df -h | |
| sudo rm -rf /usr/local/.ghcup | |
| sudo rm -rf /opt/hostedtoolcache/CodeQL | |
| sudo rm -rf /usr/local/lib/android/sdk/ndk | |
| sudo rm -rf /usr/share/dotnet | |
| sudo rm -rf /opt/ghc | |
| sudo rm -rf /usr/local/share/boost | |
| echo "Disk space after pre-build cleanup:" | |
| df -h | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| - name: Docker login | |
| run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $GITHUB_USERNAME --password-stdin | |
| - name: Set agent version | |
| id: set_version | |
| uses: ./.github/actions/version | |
| - name: Set snapshot version | |
| run: | | |
| GIT_HASH=$(git rev-parse --short "$GITHUB_SHA") | |
| echo "AGENT_VERSION=${{ steps.set_version.outputs.version }}.$GIT_HASH" >> $GITHUB_ENV | |
| - name: Build smoke-test | |
| run: | | |
| cd smoke-tests | |
| ./gradlew build -x test | |
| - name: Build webmvc jar | |
| run: | | |
| cd smoke-tests | |
| ./gradlew :spring-boot-webmvc:build | |
| - name: Build webmvc image | |
| run: | | |
| cd smoke-tests/spring-boot-webmvc | |
| docker image build --tag smt:webmvc . | |
| - name: Execute smoke tests | |
| run: | | |
| cd smoke-tests | |
| ./gradlew test | |
| - uses: actions/upload-artifact@v4 | |
| if: always() | |
| with: | |
| path: smoke-tests/build/reports/tests/test | |
| name: release-test-v2 | |
| - name: Free Disk Space After Build | |
| run: | | |
| echo "Disk space before post-build cleanup:" | |
| df -h | |
| sudo rm -rf /usr/local/.ghcup | |
| sudo rm -rf /opt/hostedtoolcache/CodeQL | |
| sudo rm -rf /usr/local/lib/android/sdk/ndk | |
| sudo rm -rf /usr/share/dotnet | |
| sudo rm -rf /opt/ghc | |
| sudo rm -rf /usr/local/share/boost | |
| sudo rm -rf smoke-tests/build/ | |
| echo "Disk space after post-build cleanup:" | |
| df -h | |
| - name: Docker logout | |
| if: always() | |
| run: docker logout | |
| benchmark: | |
| runs-on: ubuntu-latest | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| needs: | |
| - s3-stage-upload | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| - name: Docker login | |
| run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $GITHUB_USERNAME --password-stdin | |
| - name: Benchmark test | |
| working-directory: benchmark | |
| run: ./gradlew test | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| path: benchmark/results/release/summary.txt | |
| name: benchmark-summary | |
| - uses: actions/upload-artifact@v4 | |
| if: always() | |
| with: | |
| path: benchmark/build/reports/tests/test/ | |
| name: benchmark-test | |
| - name: Docker logout | |
| if: always() | |
| run: docker logout | |
| maven_snapshot_release: | |
| runs-on: ubuntu-latest | |
| env: | |
| SNAPSHOT_BUILD: true | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| - name: Setup Gradle | |
| uses: gradle/actions/setup-gradle@v3 | |
| - name: Set agent version | |
| id: set_version | |
| uses: ./.github/actions/version | |
| - name: Set snapshot version | |
| run: | | |
| GIT_HASH=$(git rev-parse --short "$GITHUB_SHA") | |
| echo "AGENT_VERSION=${{ steps.set_version.outputs.version }}.$GIT_HASH" >> $GITHUB_ENV | |
| - name: Publish | |
| run: ./gradlew publishToSonatype | |
| docker_hub: | |
| name: run scan on commit without pushing image | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| - name: Set agent version | |
| id: set_version | |
| uses: ./.github/actions/version | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ vars.DOCKER_SOLARWINDS_ORG_LOGIN }} | |
| password: ${{ secrets.ENOPS5919_APM_DOCKER_HUB_CI_OAT }} | |
| - name: Extract Docker metadata | |
| id: meta | |
| uses: docker/metadata-action@v4 | |
| with: | |
| images: ${{ github.repository_owner }}/autoinstrumentation-java | |
| tags: | | |
| type=raw,value=${{ steps.set_version.outputs.version }} | |
| type=raw,value=latest | |
| labels: | | |
| maintainer=swo-librarians | |
| org.opencontainers.image.title=apm-java | |
| org.opencontainers.image.description=Solarwinds OTEL distro Java agent | |
| org.opencontainers.image.vendor=SolarWinds Worldwide, LLC | |
| - name: Build | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: agent | |
| platforms: linux/amd64 | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| load: true | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ vars.ENOPS5919_DOCKER_SCOUT_CI_USER }} | |
| password: ${{ secrets.ENOPS5919_DOCKER_SCOUT_CI_PAT }} | |
| - name: Analyze for critical and high CVEs -> linux/amd64 | |
| uses: docker/scout-action@v1 | |
| with: | |
| command: cves | |
| image: ${{ steps.meta.outputs.tags[0] }} | |
| platform: "linux/amd64" | |
| sarif-file: sarif.output.json | |
| - name: Upload SARIF result | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: sarif.output.json |