diff --git a/.github/workflows/test-build-docker.yml b/.github/workflows/test-build-docker.yml index 25487a811e..f0cbc3ad51 100644 --- a/.github/workflows/test-build-docker.yml +++ b/.github/workflows/test-build-docker.yml @@ -124,218 +124,9 @@ jobs: ${{ steps.login-ecr.outputs.registry }}/${{ steps.repo_name.outputs.ContainerRepositoryName }}:linux-arm64 platforms: linux/arm64 - MakeMSIZip: - name: 'MakeMSIZip' - runs-on: ubuntu-latest - permissions: - id-token: write - contents: read - steps: - - uses: actions/checkout@v3 - with: - repository: ${{env.CWA_GITHUB_TEST_REPO_NAME}} - - - name: Set up Go 1.x - uses: actions/setup-go@v4 - with: - go-version: ~1.22.2 - - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 - with: - role-to-assume: ${{ secrets.TERRAFORM_AWS_ASSUME_ROLE }} - aws-region: us-west-2 - - - name: Cache win zip - id: cached_win_zip - uses: actions/cache@v3 - with: - key: "cached_win_zip_${{ github.sha }}_${{ inputs.PackageBucketKey }}_${{ inputs.Bucket }}_${{ inputs.BucketKey }}" - path: go.mod - - - name: Copy binary - if: contains(inputs.BucketKey, 'test') == false || steps.cached_win_zip.outputs.cache-hit == false - run: | - aws s3 cp s3://${{ secrets.S3_INTEGRATION_BUCKET }}/${{ inputs.BucketKey }} . --recursive - - name: Unzip - if: contains(inputs.BucketKey, 'test') == false || steps.cached_win_zip.outputs.cache-hit == false - run: | - sudo apt install unzip - unzip windows/amd64/amazon-cloudwatch-agent.zip -d windows-agent - - name: Create msi dep folder and copy deps - if: contains(inputs.BucketKey, 'test') == false || steps.cached_win_zip.outputs.cache-hit == false - run: | - export version=$(cat CWAGENT_VERSION) - echo cw agent version $version - mkdir msi_dep - cp -r msi/tools/. msi_dep/ - cp -r windows-agent/amazon-cloudwatch-agent/. msi_dep/ - go run msi/tools/msiversion/msiversionconverter.go $version msi_dep/amazon-cloudwatch-agent.wxs '' - go run msi/tools/msiversion/msiversionconverter.go $version msi_dep/manifest.json __VERSION__ - - - name: Zip - if: contains(inputs.BucketKey, 'test') == false || steps.cached_win_zip.outputs.cache-hit == false - run: | - sudo apt install zip - zip buildMSI.zip msi_dep/* - - - name: Upload zip - if: contains(inputs.BucketKey, 'test') == false || steps.cached_win_zip.outputs.cache-hit == false - run: aws s3 cp buildMSI.zip s3://${{ secrets.S3_INTEGRATION_BUCKET }}/${{ inputs.BucketKey }}/buildMSI.zip - - BuildMSI-2022: - name: 'BuildMSI-2022' - runs-on: windows-latest - needs: [ MakeMSIZip ] - permissions: - id-token: write - contents: read - steps: - - uses: actions/checkout@v3 - - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 - with: - role-to-assume: ${{ secrets.TERRAFORM_AWS_ASSUME_ROLE }} - aws-region: us-west-2 - - - name: Cache msi - id: cached_msi - uses: actions/cache@v3 - with: - key: "cached_msi_${{ github.sha }}" - path: go.mod - - # Using the env variable returns "" for bucket name thus use the secret - - name: Copy msi - if: contains(inputs.BucketKey, 'test') == false || steps.cached_msi.outputs.cache-hit == false - run: aws s3 cp s3://${{ secrets.S3_INTEGRATION_BUCKET }}/${{ inputs.BucketKey }}/buildMSI.zip . - - - name: Create msi - if: contains(inputs.BucketKey, 'test') == false || steps.cached_msi.outputs.cache-hit == false - run: | - curl -OLS https://github.com/wixtoolset/wix3/releases/download/wix314rtm/wix314.exe - .\wix314.exe /install /quiet /norestart - $wixToolsetBinPath = ";C:\Program Files (x86)\WiX Toolset v3.14\bin;" - $env:PATH = $env:PATH + $wixToolsetBinPath - Expand-Archive buildMSI.zip -Force - cd buildMSI/msi_dep - .\create_msi.ps1 "nosha" ${{ secrets.S3_INTEGRATION_BUCKET }}/${{ inputs.PackageBucketKey }} - - - name: clean ecr login credential cache - if: contains(inputs.BucketKey, 'test') == false || steps.cached_msi.outputs.cache-hit == false - run : | - echo '{"auths": {"https://index.docker.io/v1/": {}}, "HttpHeaders": { "User-Agent": "Docker-Client/19.03.12 (windows)"}}' > ~/.docker/config.json - - - name: Login ECR - if: contains(inputs.BucketKey, 'test') == false || steps.cached_msi.outputs.cache-hit == false - id: login-ecr - uses: aws-actions/amazon-ecr-login@v2 - - # Build dir is ignored in our .dockerignore thus need to copy to another dir. - - name: Copy Binary For Agent Image Build - if: contains(inputs.BucketKey, 'test') == false || steps.cached_msi.outputs.cache-hit == false - run: | - pwd - mkdir amd64 - cp -r buildMSI/msi_dep/amazon-cloudwatch-agent.msi amd64/ - - - name: Get ECR Repo name - id: repo_name - env: - ContainerRepositoryNameAndTag: ${{ inputs.ContainerRepositoryNameAndTag }} - run: | - $splitArray = $env:ContainerRepositoryNameAndTag.Split(":")[0] - Write-Output "::set-output name=ContainerRepositoryName::$splitArray" - - - name: Build Windows Cloudwatch Agent Image - env: - REGISTRY: ${{ steps.login-ecr.outputs.registry }} - REPOSITORY: ${{ steps.repo_name.outputs.ContainerRepositoryName }}:2022 - if: contains(inputs.BucketKey, 'test') == false || steps.cached_msi.outputs.cache-hit == false - run: | - Write-Output "$env:REGISTRY/$env:REPOSITORY" - docker build --platform windows/amd64 -f ./amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/localmsi/Dockerfile.Windows . -t $env:REGISTRY/$env:REPOSITORY - docker push $env:REGISTRY/$env:REPOSITORY - - BuildMSI-2019: - name: 'BuildMSI-2019' - runs-on: windows-2019 - needs: [MakeMSIZip] - permissions: - id-token: write - contents: read - steps: - - uses: actions/checkout@v3 - - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 - with: - role-to-assume: ${{ secrets.TERRAFORM_AWS_ASSUME_ROLE }} - aws-region: us-west-2 - - - name: Cache msi - id: cached_msi - uses: actions/cache@v3 - with: - key: "cached_msi_${{ github.sha }}" - path: go.mod - - # Using the env variable returns "" for bucket name thus use the secret - - name: Copy msi - if: contains(inputs.BucketKey, 'test') == false || steps.cached_msi.outputs.cache-hit == false - run: aws s3 cp s3://${{ secrets.S3_INTEGRATION_BUCKET }}/${{ inputs.BucketKey }}/buildMSI.zip . - - - name: Create msi - if: contains(inputs.BucketKey, 'test') == false || steps.cached_msi.outputs.cache-hit == false - run : | - curl -OLS https://github.com/wixtoolset/wix3/releases/download/wix314rtm/wix314.exe - .\wix314.exe /install /quiet /norestart - $wixToolsetBinPath = ";C:\Program Files (x86)\WiX Toolset v3.14\bin;" - $env:PATH = $env:PATH + $wixToolsetBinPath - Expand-Archive buildMSI.zip -Force - cd buildMSI/msi_dep - .\create_msi.ps1 "nosha" ${{ secrets.S3_INTEGRATION_BUCKET }}/${{ inputs.PackageBucketKey }} - - - name: clean ecr login credential cache - if: contains(inputs.BucketKey, 'test') == false || steps.cached_msi.outputs.cache-hit == false - run : | - echo '{"auths": {"https://index.docker.io/v1/": {}}, "HttpHeaders": { "User-Agent": "Docker-Client/19.03.12 (windows)"}}' > ~/.docker/config.json - - - name: Login ECR - if: contains(inputs.BucketKey, 'test') == false || steps.cached_msi.outputs.cache-hit == false - id: login-ecr - uses: aws-actions/amazon-ecr-login@v2 - - # Build dir is ignored in our .dockerignore thus need to copy to another dir. - - name: Copy Binary For Agent Image Build - if: contains(inputs.BucketKey, 'test') == false || steps.cached_msi.outputs.cache-hit == false - run: | - pwd - mkdir amd64 - cp -r buildMSI/msi_dep/amazon-cloudwatch-agent.msi amd64/ - - - name: Get ECR Repo name - id: repo_name - env: - ContainerRepositoryNameAndTag: ${{ inputs.ContainerRepositoryNameAndTag }} - run: | - $splitArray = $env:ContainerRepositoryNameAndTag.Split(":")[0] - Write-Output "::set-output name=ContainerRepositoryName::$splitArray" - - - name: Build Windows Cloudwatch Agent Image - env: - REGISTRY: ${{ steps.login-ecr.outputs.registry }} - REPOSITORY: ${{ steps.repo_name.outputs.ContainerRepositoryName }}:2019 - if: contains(inputs.BucketKey, 'test') == false || steps.cached_msi.outputs.cache-hit == false - run: | - Write-Output "$env:REGISTRY/$env:REPOSITORY" - docker build --platform windows/amd64 -f ./amazon-cloudwatch-container-insights/cloudwatch-agent-dockerfile/localmsi/Dockerfile.Windows --build-arg IMAGE_TAG=ltsc2019 . -t $env:REGISTRY/$env:REPOSITORY - docker push $env:REGISTRY/$env:REPOSITORY - CreateContainerManifest: name: 'CreateManifest' - needs: ['BuildMSI-2019', 'BuildMSI-2022', 'MakeBinary'] + needs: ['MakeBinary'] runs-on: ubuntu-latest permissions: id-token: write @@ -393,46 +184,3 @@ jobs: docker buildx imagetools create -f linux-amd.json -f linux-arm.json -f 2019.json -f 2022.json --tag $REGISTRY/$OrigREPOSITORY - #GH actions set up gpg only works on ubuntu as of this commit date - GPGSignWindowsPackage: - name: 'GPGSignWindowsPackage' - runs-on: ubuntu-latest - needs: [ BuildMSI-2022 ] - permissions: - id-token: write - contents: read - steps: - - uses: actions/checkout@v3 - - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 - with: - role-to-assume: ${{ secrets.TERRAFORM_AWS_ASSUME_ROLE }} - aws-region: us-west-2 - - - name: Cache sig - id: cached_sig - uses: actions/cache@v3 - with: - key: "cached_sig_${{ github.sha }}" - path: go.mod - - - name: Download from s3 - if: contains(inputs.BucketKey, 'test') == false || steps.cached_sig.outputs.cache-hit == false - run: | - mkdir -p packages/amd64 - mkdir packages/arm64 - aws s3 cp s3://${{ secrets.S3_INTEGRATION_BUCKET }}/${{ inputs.PackageBucketKey }}/amazon-cloudwatch-agent.msi ./packages/amazon-cloudwatch-agent.msi - - name: Import GPG Key - uses: crazy-max/ghaction-import-gpg@v5 - with: - gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} - passphrase: ${{ secrets.PASSPHRASE }} - - - name: Sign Build Files - run: for f in $(find packages/); do if [ ! -d $f ]; then echo "Signing file $f" && gpg --detach-sign $f ; fi ; done - - - name: Upload to s3 - if: contains(inputs.BucketKey, 'test') == false || steps.cached_sig.outputs.cache-hit == false - run: | - aws s3 cp packages/amazon-cloudwatch-agent.msi.sig s3://${{ secrets.S3_INTEGRATION_BUCKET }}/${{ inputs.PackageBucketKey }}/amazon-cloudwatch-agent.msi.sig