From adc5ba59556538a22516b2b01a2f701e5fa951ee Mon Sep 17 00:00:00 2001 From: musa-asad Date: Tue, 17 Dec 2024 04:00:32 -0500 Subject: [PATCH] Ready for review --- .github/workflows/e2e-test.yml | 2 +- .github/workflows/test-build-docker.yml | 254 +++++++++++++++++++++++- 2 files changed, 254 insertions(+), 2 deletions(-) diff --git a/.github/workflows/e2e-test.yml b/.github/workflows/e2e-test.yml index da20805d92..8da0476c10 100644 --- a/.github/workflows/e2e-test.yml +++ b/.github/workflows/e2e-test.yml @@ -8,7 +8,7 @@ env: ECR_INTEGRATION_TEST_REPO: "cwagent-integration-test" CWA_GITHUB_TEST_REPO_NAME: "aws/amazon-cloudwatch-agent-test" CWA_GITHUB_TEST_REPO_URL: "https://github.com/aws/amazon-cloudwatch-agent-test.git" - CWA_GITHUB_TEST_REPO_BRANCH: "e2e-jmx" + CWA_GITHUB_TEST_REPO_BRANCH: "main" TERRAFORM_AWS_ASSUME_ROLE_ITAR: ${{ vars.TERRAFORM_AWS_ASSUME_ROLE_ITAR }} TERRAFORM_AWS_ASSUME_ROLE_CN: ${{ vars.TERRAFORM_AWS_ASSUME_ROLE_CN }} OPERATOR_GITHUB_REPO_NAME: "aws/amazon-cloudwatch-agent-operator" diff --git a/.github/workflows/test-build-docker.yml b/.github/workflows/test-build-docker.yml index f0cbc3ad51..25487a811e 100644 --- a/.github/workflows/test-build-docker.yml +++ b/.github/workflows/test-build-docker.yml @@ -124,9 +124,218 @@ jobs: ${{ steps.login-ecr.outputs.registry }}/${{ steps.repo_name.outputs.ContainerRepositoryName }}:linux-arm64 platforms: linux/arm64 + MakeMSIZip: + name: 'MakeMSIZip' + runs-on: ubuntu-latest + permissions: + id-token: write + contents: read + steps: + - uses: actions/checkout@v3 + with: + repository: ${{env.CWA_GITHUB_TEST_REPO_NAME}} + + - name: Set up Go 1.x + uses: actions/setup-go@v4 + with: + go-version: ~1.22.2 + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v2 + with: + role-to-assume: ${{ secrets.TERRAFORM_AWS_ASSUME_ROLE }} + aws-region: us-west-2 + + - name: Cache win zip + id: cached_win_zip + uses: actions/cache@v3 + with: + key: "cached_win_zip_${{ github.sha }}_${{ inputs.PackageBucketKey }}_${{ inputs.Bucket }}_${{ inputs.BucketKey }}" + path: go.mod + + - name: Copy binary + if: contains(inputs.BucketKey, 'test') == false || steps.cached_win_zip.outputs.cache-hit == false + run: | + aws s3 cp s3://${{ secrets.S3_INTEGRATION_BUCKET }}/${{ inputs.BucketKey }} . --recursive + - name: Unzip + if: contains(inputs.BucketKey, 'test') == false || steps.cached_win_zip.outputs.cache-hit == false + run: | + sudo apt install unzip + unzip windows/amd64/amazon-cloudwatch-agent.zip -d windows-agent + - name: Create msi dep folder and copy deps + if: contains(inputs.BucketKey, 'test') == false || steps.cached_win_zip.outputs.cache-hit == false + run: | + export version=$(cat CWAGENT_VERSION) + echo cw agent version $version + mkdir msi_dep + cp -r msi/tools/. msi_dep/ + cp -r windows-agent/amazon-cloudwatch-agent/. msi_dep/ + go run msi/tools/msiversion/msiversionconverter.go $version msi_dep/amazon-cloudwatch-agent.wxs '' + go run msi/tools/msiversion/msiversionconverter.go $version msi_dep/manifest.json __VERSION__ + + - name: Zip + if: contains(inputs.BucketKey, 'test') == false || steps.cached_win_zip.outputs.cache-hit == false + run: | + sudo apt install zip + zip buildMSI.zip msi_dep/* + + - name: Upload zip + if: contains(inputs.BucketKey, 'test') == false || steps.cached_win_zip.outputs.cache-hit == false + run: aws s3 cp buildMSI.zip s3://${{ secrets.S3_INTEGRATION_BUCKET }}/${{ inputs.BucketKey }}/buildMSI.zip + + BuildMSI-2022: + name: 'BuildMSI-2022' + runs-on: windows-latest + needs: [ MakeMSIZip ] + permissions: + id-token: write + contents: read + steps: + - uses: actions/checkout@v3 + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v2 + with: + role-to-assume: ${{ secrets.TERRAFORM_AWS_ASSUME_ROLE }} + aws-region: us-west-2 + + - name: Cache msi + id: cached_msi + uses: actions/cache@v3 + with: + key: "cached_msi_${{ github.sha }}" + path: go.mod + + # Using the env variable returns "" for bucket name thus use the secret + - name: Copy msi + if: contains(inputs.BucketKey, 'test') == false || steps.cached_msi.outputs.cache-hit == false + run: aws s3 cp s3://${{ secrets.S3_INTEGRATION_BUCKET }}/${{ inputs.BucketKey }}/buildMSI.zip . + + - name: Create msi + if: contains(inputs.BucketKey, 'test') == false || steps.cached_msi.outputs.cache-hit == false + run: | + curl -OLS https://github.com/wixtoolset/wix3/releases/download/wix314rtm/wix314.exe + .\wix314.exe /install /quiet /norestart + $wixToolsetBinPath = ";C:\Program Files (x86)\WiX Toolset v3.14\bin;" + $env:PATH = $env:PATH + $wixToolsetBinPath + Expand-Archive buildMSI.zip -Force + cd buildMSI/msi_dep + .\create_msi.ps1 "nosha" ${{ secrets.S3_INTEGRATION_BUCKET }}/${{ inputs.PackageBucketKey }} + + - name: clean ecr login credential cache + if: contains(inputs.BucketKey, 'test') == false || steps.cached_msi.outputs.cache-hit == false + run : | + echo '{"auths": {"https://index.docker.io/v1/": {}}, "HttpHeaders": { "User-Agent": "Docker-Client/19.03.12 (windows)"}}' > ~/.docker/config.json + + - name: Login ECR + if: contains(inputs.BucketKey, 'test') == false || steps.cached_msi.outputs.cache-hit == false + id: login-ecr + uses: aws-actions/amazon-ecr-login@v2 + + # Build dir is ignored in our .dockerignore thus need to copy to another dir. + - name: Copy Binary For Agent Image Build + if: contains(inputs.BucketKey, 'test') == false || steps.cached_msi.outputs.cache-hit == false + run: | + pwd + mkdir amd64 + cp -r buildMSI/msi_dep/amazon-cloudwatch-agent.msi amd64/ + + - name: Get ECR Repo name + id: repo_name + env: + ContainerRepositoryNameAndTag: ${{ inputs.ContainerRepositoryNameAndTag }} + run: | + $splitArray = $env:ContainerRepositoryNameAndTag.Split(":")[0] + Write-Output "::set-output name=ContainerRepositoryName::$splitArray" + + - name: Build Windows Cloudwatch Agent Image + env: + REGISTRY: ${{ steps.login-ecr.outputs.registry }} + REPOSITORY: ${{ steps.repo_name.outputs.ContainerRepositoryName }}:2022 + if: contains(inputs.BucketKey, 'test') == false || steps.cached_msi.outputs.cache-hit == false + run: | + Write-Output "$env:REGISTRY/$env:REPOSITORY" + docker build --platform windows/amd64 -f ./amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/localmsi/Dockerfile.Windows . -t $env:REGISTRY/$env:REPOSITORY + docker push $env:REGISTRY/$env:REPOSITORY + + BuildMSI-2019: + name: 'BuildMSI-2019' + runs-on: windows-2019 + needs: [MakeMSIZip] + permissions: + id-token: write + contents: read + steps: + - uses: actions/checkout@v3 + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v2 + with: + role-to-assume: ${{ secrets.TERRAFORM_AWS_ASSUME_ROLE }} + aws-region: us-west-2 + + - name: Cache msi + id: cached_msi + uses: actions/cache@v3 + with: + key: "cached_msi_${{ github.sha }}" + path: go.mod + + # Using the env variable returns "" for bucket name thus use the secret + - name: Copy msi + if: contains(inputs.BucketKey, 'test') == false || steps.cached_msi.outputs.cache-hit == false + run: aws s3 cp s3://${{ secrets.S3_INTEGRATION_BUCKET }}/${{ inputs.BucketKey }}/buildMSI.zip . + + - name: Create msi + if: contains(inputs.BucketKey, 'test') == false || steps.cached_msi.outputs.cache-hit == false + run : | + curl -OLS https://github.com/wixtoolset/wix3/releases/download/wix314rtm/wix314.exe + .\wix314.exe /install /quiet /norestart + $wixToolsetBinPath = ";C:\Program Files (x86)\WiX Toolset v3.14\bin;" + $env:PATH = $env:PATH + $wixToolsetBinPath + Expand-Archive buildMSI.zip -Force + cd buildMSI/msi_dep + .\create_msi.ps1 "nosha" ${{ secrets.S3_INTEGRATION_BUCKET }}/${{ inputs.PackageBucketKey }} + + - name: clean ecr login credential cache + if: contains(inputs.BucketKey, 'test') == false || steps.cached_msi.outputs.cache-hit == false + run : | + echo '{"auths": {"https://index.docker.io/v1/": {}}, "HttpHeaders": { "User-Agent": "Docker-Client/19.03.12 (windows)"}}' > ~/.docker/config.json + + - name: Login ECR + if: contains(inputs.BucketKey, 'test') == false || steps.cached_msi.outputs.cache-hit == false + id: login-ecr + uses: aws-actions/amazon-ecr-login@v2 + + # Build dir is ignored in our .dockerignore thus need to copy to another dir. + - name: Copy Binary For Agent Image Build + if: contains(inputs.BucketKey, 'test') == false || steps.cached_msi.outputs.cache-hit == false + run: | + pwd + mkdir amd64 + cp -r buildMSI/msi_dep/amazon-cloudwatch-agent.msi amd64/ + + - name: Get ECR Repo name + id: repo_name + env: + ContainerRepositoryNameAndTag: ${{ inputs.ContainerRepositoryNameAndTag }} + run: | + $splitArray = $env:ContainerRepositoryNameAndTag.Split(":")[0] + Write-Output "::set-output name=ContainerRepositoryName::$splitArray" + + - name: Build Windows Cloudwatch Agent Image + env: + REGISTRY: ${{ steps.login-ecr.outputs.registry }} + REPOSITORY: ${{ steps.repo_name.outputs.ContainerRepositoryName }}:2019 + if: contains(inputs.BucketKey, 'test') == false || steps.cached_msi.outputs.cache-hit == false + run: | + Write-Output "$env:REGISTRY/$env:REPOSITORY" + docker build --platform windows/amd64 -f ./amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/localmsi/Dockerfile.Windows --build-arg IMAGE_TAG=ltsc2019 . -t $env:REGISTRY/$env:REPOSITORY + docker push $env:REGISTRY/$env:REPOSITORY + CreateContainerManifest: name: 'CreateManifest' - needs: ['MakeBinary'] + needs: ['BuildMSI-2019', 'BuildMSI-2022', 'MakeBinary'] runs-on: ubuntu-latest permissions: id-token: write @@ -184,3 +393,46 @@ jobs: docker buildx imagetools create -f linux-amd.json -f linux-arm.json -f 2019.json -f 2022.json --tag $REGISTRY/$OrigREPOSITORY + #GH actions set up gpg only works on ubuntu as of this commit date + GPGSignWindowsPackage: + name: 'GPGSignWindowsPackage' + runs-on: ubuntu-latest + needs: [ BuildMSI-2022 ] + permissions: + id-token: write + contents: read + steps: + - uses: actions/checkout@v3 + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v2 + with: + role-to-assume: ${{ secrets.TERRAFORM_AWS_ASSUME_ROLE }} + aws-region: us-west-2 + + - name: Cache sig + id: cached_sig + uses: actions/cache@v3 + with: + key: "cached_sig_${{ github.sha }}" + path: go.mod + + - name: Download from s3 + if: contains(inputs.BucketKey, 'test') == false || steps.cached_sig.outputs.cache-hit == false + run: | + mkdir -p packages/amd64 + mkdir packages/arm64 + aws s3 cp s3://${{ secrets.S3_INTEGRATION_BUCKET }}/${{ inputs.PackageBucketKey }}/amazon-cloudwatch-agent.msi ./packages/amazon-cloudwatch-agent.msi + - name: Import GPG Key + uses: crazy-max/ghaction-import-gpg@v5 + with: + gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} + passphrase: ${{ secrets.PASSPHRASE }} + + - name: Sign Build Files + run: for f in $(find packages/); do if [ ! -d $f ]; then echo "Signing file $f" && gpg --detach-sign $f ; fi ; done + + - name: Upload to s3 + if: contains(inputs.BucketKey, 'test') == false || steps.cached_sig.outputs.cache-hit == false + run: | + aws s3 cp packages/amazon-cloudwatch-agent.msi.sig s3://${{ secrets.S3_INTEGRATION_BUCKET }}/${{ inputs.PackageBucketKey }}/amazon-cloudwatch-agent.msi.sig