Skip to content

Commit

Permalink
Ready for review
Browse files Browse the repository at this point in the history
  • Loading branch information
musa-asad committed Dec 17, 2024
1 parent 0a7771a commit adc5ba5
Show file tree
Hide file tree
Showing 2 changed files with 254 additions and 2 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/e2e-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ env:
ECR_INTEGRATION_TEST_REPO: "cwagent-integration-test"
CWA_GITHUB_TEST_REPO_NAME: "aws/amazon-cloudwatch-agent-test"
CWA_GITHUB_TEST_REPO_URL: "https://github.com/aws/amazon-cloudwatch-agent-test.git"
CWA_GITHUB_TEST_REPO_BRANCH: "e2e-jmx"
CWA_GITHUB_TEST_REPO_BRANCH: "main"
TERRAFORM_AWS_ASSUME_ROLE_ITAR: ${{ vars.TERRAFORM_AWS_ASSUME_ROLE_ITAR }}
TERRAFORM_AWS_ASSUME_ROLE_CN: ${{ vars.TERRAFORM_AWS_ASSUME_ROLE_CN }}
OPERATOR_GITHUB_REPO_NAME: "aws/amazon-cloudwatch-agent-operator"
Expand Down
254 changes: 253 additions & 1 deletion .github/workflows/test-build-docker.yml
Original file line number Diff line number Diff line change
Expand Up @@ -124,9 +124,218 @@ jobs:
${{ steps.login-ecr.outputs.registry }}/${{ steps.repo_name.outputs.ContainerRepositoryName }}:linux-arm64
platforms: linux/arm64

MakeMSIZip:
name: 'MakeMSIZip'
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@v3
with:
repository: ${{env.CWA_GITHUB_TEST_REPO_NAME}}

- name: Set up Go 1.x
uses: actions/setup-go@v4
with:
go-version: ~1.22.2

- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: ${{ secrets.TERRAFORM_AWS_ASSUME_ROLE }}
aws-region: us-west-2

- name: Cache win zip
id: cached_win_zip
uses: actions/cache@v3
with:
key: "cached_win_zip_${{ github.sha }}_${{ inputs.PackageBucketKey }}_${{ inputs.Bucket }}_${{ inputs.BucketKey }}"
path: go.mod

- name: Copy binary
if: contains(inputs.BucketKey, 'test') == false || steps.cached_win_zip.outputs.cache-hit == false
run: |
aws s3 cp s3://${{ secrets.S3_INTEGRATION_BUCKET }}/${{ inputs.BucketKey }} . --recursive
- name: Unzip
if: contains(inputs.BucketKey, 'test') == false || steps.cached_win_zip.outputs.cache-hit == false
run: |
sudo apt install unzip
unzip windows/amd64/amazon-cloudwatch-agent.zip -d windows-agent
- name: Create msi dep folder and copy deps
if: contains(inputs.BucketKey, 'test') == false || steps.cached_win_zip.outputs.cache-hit == false
run: |
export version=$(cat CWAGENT_VERSION)
echo cw agent version $version
mkdir msi_dep
cp -r msi/tools/. msi_dep/
cp -r windows-agent/amazon-cloudwatch-agent/. msi_dep/
go run msi/tools/msiversion/msiversionconverter.go $version msi_dep/amazon-cloudwatch-agent.wxs '<version>'
go run msi/tools/msiversion/msiversionconverter.go $version msi_dep/manifest.json __VERSION__
- name: Zip
if: contains(inputs.BucketKey, 'test') == false || steps.cached_win_zip.outputs.cache-hit == false
run: |
sudo apt install zip
zip buildMSI.zip msi_dep/*
- name: Upload zip
if: contains(inputs.BucketKey, 'test') == false || steps.cached_win_zip.outputs.cache-hit == false
run: aws s3 cp buildMSI.zip s3://${{ secrets.S3_INTEGRATION_BUCKET }}/${{ inputs.BucketKey }}/buildMSI.zip

BuildMSI-2022:
name: 'BuildMSI-2022'
runs-on: windows-latest
needs: [ MakeMSIZip ]
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@v3

- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: ${{ secrets.TERRAFORM_AWS_ASSUME_ROLE }}
aws-region: us-west-2

- name: Cache msi
id: cached_msi
uses: actions/cache@v3
with:
key: "cached_msi_${{ github.sha }}"
path: go.mod

# Using the env variable returns "" for bucket name thus use the secret
- name: Copy msi
if: contains(inputs.BucketKey, 'test') == false || steps.cached_msi.outputs.cache-hit == false
run: aws s3 cp s3://${{ secrets.S3_INTEGRATION_BUCKET }}/${{ inputs.BucketKey }}/buildMSI.zip .

- name: Create msi
if: contains(inputs.BucketKey, 'test') == false || steps.cached_msi.outputs.cache-hit == false
run: |
curl -OLS https://github.com/wixtoolset/wix3/releases/download/wix314rtm/wix314.exe
.\wix314.exe /install /quiet /norestart
$wixToolsetBinPath = ";C:\Program Files (x86)\WiX Toolset v3.14\bin;"
$env:PATH = $env:PATH + $wixToolsetBinPath
Expand-Archive buildMSI.zip -Force
cd buildMSI/msi_dep
.\create_msi.ps1 "nosha" ${{ secrets.S3_INTEGRATION_BUCKET }}/${{ inputs.PackageBucketKey }}
- name: clean ecr login credential cache
if: contains(inputs.BucketKey, 'test') == false || steps.cached_msi.outputs.cache-hit == false
run : |
echo '{"auths": {"https://index.docker.io/v1/": {}}, "HttpHeaders": { "User-Agent": "Docker-Client/19.03.12 (windows)"}}' > ~/.docker/config.json
- name: Login ECR
if: contains(inputs.BucketKey, 'test') == false || steps.cached_msi.outputs.cache-hit == false
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2

# Build dir is ignored in our .dockerignore thus need to copy to another dir.
- name: Copy Binary For Agent Image Build
if: contains(inputs.BucketKey, 'test') == false || steps.cached_msi.outputs.cache-hit == false
run: |
pwd
mkdir amd64
cp -r buildMSI/msi_dep/amazon-cloudwatch-agent.msi amd64/
- name: Get ECR Repo name
id: repo_name
env:
ContainerRepositoryNameAndTag: ${{ inputs.ContainerRepositoryNameAndTag }}
run: |
$splitArray = $env:ContainerRepositoryNameAndTag.Split(":")[0]
Write-Output "::set-output name=ContainerRepositoryName::$splitArray"
- name: Build Windows Cloudwatch Agent Image
env:
REGISTRY: ${{ steps.login-ecr.outputs.registry }}
REPOSITORY: ${{ steps.repo_name.outputs.ContainerRepositoryName }}:2022
if: contains(inputs.BucketKey, 'test') == false || steps.cached_msi.outputs.cache-hit == false
run: |
Write-Output "$env:REGISTRY/$env:REPOSITORY"
docker build --platform windows/amd64 -f ./amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/localmsi/Dockerfile.Windows . -t $env:REGISTRY/$env:REPOSITORY
docker push $env:REGISTRY/$env:REPOSITORY
BuildMSI-2019:
name: 'BuildMSI-2019'
runs-on: windows-2019
needs: [MakeMSIZip]
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@v3

- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: ${{ secrets.TERRAFORM_AWS_ASSUME_ROLE }}
aws-region: us-west-2

- name: Cache msi
id: cached_msi
uses: actions/cache@v3
with:
key: "cached_msi_${{ github.sha }}"
path: go.mod

# Using the env variable returns "" for bucket name thus use the secret
- name: Copy msi
if: contains(inputs.BucketKey, 'test') == false || steps.cached_msi.outputs.cache-hit == false
run: aws s3 cp s3://${{ secrets.S3_INTEGRATION_BUCKET }}/${{ inputs.BucketKey }}/buildMSI.zip .

- name: Create msi
if: contains(inputs.BucketKey, 'test') == false || steps.cached_msi.outputs.cache-hit == false
run : |
curl -OLS https://github.com/wixtoolset/wix3/releases/download/wix314rtm/wix314.exe
.\wix314.exe /install /quiet /norestart
$wixToolsetBinPath = ";C:\Program Files (x86)\WiX Toolset v3.14\bin;"
$env:PATH = $env:PATH + $wixToolsetBinPath
Expand-Archive buildMSI.zip -Force
cd buildMSI/msi_dep
.\create_msi.ps1 "nosha" ${{ secrets.S3_INTEGRATION_BUCKET }}/${{ inputs.PackageBucketKey }}
- name: clean ecr login credential cache
if: contains(inputs.BucketKey, 'test') == false || steps.cached_msi.outputs.cache-hit == false
run : |
echo '{"auths": {"https://index.docker.io/v1/": {}}, "HttpHeaders": { "User-Agent": "Docker-Client/19.03.12 (windows)"}}' > ~/.docker/config.json
- name: Login ECR
if: contains(inputs.BucketKey, 'test') == false || steps.cached_msi.outputs.cache-hit == false
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2

# Build dir is ignored in our .dockerignore thus need to copy to another dir.
- name: Copy Binary For Agent Image Build
if: contains(inputs.BucketKey, 'test') == false || steps.cached_msi.outputs.cache-hit == false
run: |
pwd
mkdir amd64
cp -r buildMSI/msi_dep/amazon-cloudwatch-agent.msi amd64/
- name: Get ECR Repo name
id: repo_name
env:
ContainerRepositoryNameAndTag: ${{ inputs.ContainerRepositoryNameAndTag }}
run: |
$splitArray = $env:ContainerRepositoryNameAndTag.Split(":")[0]
Write-Output "::set-output name=ContainerRepositoryName::$splitArray"
- name: Build Windows Cloudwatch Agent Image
env:
REGISTRY: ${{ steps.login-ecr.outputs.registry }}
REPOSITORY: ${{ steps.repo_name.outputs.ContainerRepositoryName }}:2019
if: contains(inputs.BucketKey, 'test') == false || steps.cached_msi.outputs.cache-hit == false
run: |
Write-Output "$env:REGISTRY/$env:REPOSITORY"
docker build --platform windows/amd64 -f ./amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/localmsi/Dockerfile.Windows --build-arg IMAGE_TAG=ltsc2019 . -t $env:REGISTRY/$env:REPOSITORY
docker push $env:REGISTRY/$env:REPOSITORY
CreateContainerManifest:
name: 'CreateManifest'
needs: ['MakeBinary']
needs: ['BuildMSI-2019', 'BuildMSI-2022', 'MakeBinary']
runs-on: ubuntu-latest
permissions:
id-token: write
Expand Down Expand Up @@ -184,3 +393,46 @@ jobs:
docker buildx imagetools create -f linux-amd.json -f linux-arm.json -f 2019.json -f 2022.json --tag $REGISTRY/$OrigREPOSITORY
#GH actions set up gpg only works on ubuntu as of this commit date
GPGSignWindowsPackage:
name: 'GPGSignWindowsPackage'
runs-on: ubuntu-latest
needs: [ BuildMSI-2022 ]
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@v3

- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: ${{ secrets.TERRAFORM_AWS_ASSUME_ROLE }}
aws-region: us-west-2

- name: Cache sig
id: cached_sig
uses: actions/cache@v3
with:
key: "cached_sig_${{ github.sha }}"
path: go.mod

- name: Download from s3
if: contains(inputs.BucketKey, 'test') == false || steps.cached_sig.outputs.cache-hit == false
run: |
mkdir -p packages/amd64
mkdir packages/arm64
aws s3 cp s3://${{ secrets.S3_INTEGRATION_BUCKET }}/${{ inputs.PackageBucketKey }}/amazon-cloudwatch-agent.msi ./packages/amazon-cloudwatch-agent.msi
- name: Import GPG Key
uses: crazy-max/ghaction-import-gpg@v5
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.PASSPHRASE }}

- name: Sign Build Files
run: for f in $(find packages/); do if [ ! -d $f ]; then echo "Signing file $f" && gpg --detach-sign $f ; fi ; done

- name: Upload to s3
if: contains(inputs.BucketKey, 'test') == false || steps.cached_sig.outputs.cache-hit == false
run: |
aws s3 cp packages/amazon-cloudwatch-agent.msi.sig s3://${{ secrets.S3_INTEGRATION_BUCKET }}/${{ inputs.PackageBucketKey }}/amazon-cloudwatch-agent.msi.sig

0 comments on commit adc5ba5

Please sign in to comment.