diff --git a/.actrc b/.actrc new file mode 100644 index 00000000..f35f3c43 --- /dev/null +++ b/.actrc @@ -0,0 +1,4 @@ +# .actrc +--container-architecture=linux/arm64 +-P ubuntu-latest=catthehacker/ubuntu:act-latest +-e event.json \ No newline at end of file diff --git a/.github/workflows/ci_nightly.yaml b/.github/workflows/ci-nightly.yaml similarity index 65% rename from .github/workflows/ci_nightly.yaml rename to .github/workflows/ci-nightly.yaml index ebd98002..ed8aaf80 100644 --- a/.github/workflows/ci_nightly.yaml +++ b/.github/workflows/ci-nightly.yaml @@ -13,7 +13,7 @@ on: env: TEST_CLUSTER_NAME: ci-e2etest-nightly - REGISTRY: ${{ secrets.OTELCOMM_AWS_TEST_ACC_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com/nr-otel-collector + REGISTRY: ${{ secrets.OTELCOMM_AWS_TEST_ACC_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com jobs: slow-tests: @@ -39,15 +39,41 @@ jobs: - uses: docker/setup-buildx-action@v2 + - name: Import GPG key + id: import_gpg + uses: crazy-max/ghaction-import-gpg@v6 + with: + gpg_private_key: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} + passphrase: ${{ secrets.OHAI_GPG_PASSPHRASE }} + + - name: Write GPG to path in memory for signing rpm/deb + id: write_gpg_to_path + run: | + GPG_KEY_PATH="$(mktemp /dev/shm/gpg.XXXXXX)" + echo "$GPG_PRIVATE_KEY" | base64 -d >> "$GPG_KEY_PATH" + echo "gpg_key_path=$GPG_KEY_PATH" >> $GITHUB_OUTPUT + env: + GPG_PRIVATE_KEY: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} + - name: Build binaries & packages with GoReleaser + id: goreleaser_snapshot uses: goreleaser/goreleaser-action@v6 + env: + NFPM_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} + GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }} + GPG_KEY_PATH: ${{ steps.write_gpg_to_path.outputs.gpg_key_path }} + REGISTRY: "newrelic/nr-otel-collector" with: distribution: goreleaser version: '~> v2' - args: --snapshot --clean --skip=sign --timeout 2h + args: --snapshot --clean --skip=publish,validate --timeout 2h --config .goreleaser-nightly.yaml + workdir: distributions/nr-otel-collector + + - name: List contents of dist folder + run: ls -la distributions/nr-otel-collector/dist - name: Extract image version - run: echo "version=$(jq -r '.version' dist/metadata.json)" >> $GITHUB_ENV + run: echo "version=$(echo '${{ steps.goreleaser_snapshot.outputs.metadata }}' | jq -r '.version')" >> $GITHUB_ENV - name: Setup local kind cluster uses: helm/kind-action@v1 @@ -58,7 +84,7 @@ jobs: - name: Run slow local tests run: | - IMAGE_TAG=${{ env.version }}-rc-amd64 \ + IMAGE_TAG=${{ env.version }}-nightly-amd64 \ KIND_CLUSTER_NAME=${{ env.TEST_CLUSTER_NAME }} \ NR_BACKEND_URL=${{ secrets.NR_STAGING_BACKEND_URL }} \ NR_INGEST_KEY=${{ secrets.OTELCOMM_NR_INGEST_KEY }} \ @@ -83,10 +109,15 @@ jobs: - name: Build and publish nightly binaries & packages with GoReleaser uses: goreleaser/goreleaser-action@v6 + env: + NFPM_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} + GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }} + GPG_KEY_PATH: ${{ steps.write_gpg_to_path.outputs.gpg_key_path }} with: distribution: goreleaser version: '~> v2' args: --skip=announce,validate --clean --timeout 2h --config .goreleaser-nightly.yaml + workdir: distributions/nr-otel-collector - name: Run nightly tests run: | diff --git a/.github/workflows/ci-prerelease.yml b/.github/workflows/ci-prerelease.yml deleted file mode 100644 index a95a9abe..00000000 --- a/.github/workflows/ci-prerelease.yml +++ /dev/null @@ -1,75 +0,0 @@ -name: Prerelease - -on: - release: - types: - - prereleased - tags: - - '*' - -jobs: - prerelease: - name: Pre-release - - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - - name: Set and validate distribution name and version - run: .github/workflows/scripts/set_version.sh - - - uses: docker/setup-qemu-action@v2 - - - uses: docker/setup-buildx-action@v2 - - - uses: actions/setup-go@v5 - with: - go-version: '1.23' - check-latest: true - - - name: Generate distribution sources - run: make generate-sources - - - name: Log into Docker.io - uses: docker/login-action@v2 - with: - username: ${{ secrets.OHAI_DOCKER_HUB_ID }} - password: ${{ secrets.OHAI_DOCKER_HUB_PASSWORD }} - - - name: Build binaries & packages with GoReleaser - uses: goreleaser/goreleaser-action@v6 - with: - distribution: goreleaser - version: '~> v2' - args: release --clean --timeout 2h - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} - GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded - GPG_MAIL: 'infrastructure-eng@newrelic.com' - - # Artifacts not used - keep in place as a test for publish process until we have something more stable - publishing-to-s3: - name: Publish artifacts into s3 staging bucket - uses: ./.github/workflows/component_publish.yml - needs: [prerelease] - secrets: - DOCKER_HUB_ID: ${{ secrets.OHAI_DOCKER_HUB_ID }} - DOCKER_HUB_PASSWORD: ${{ secrets.OHAI_DOCKER_HUB_PASSWORD }} - GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} - GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded - AWS_ACCESS_KEY_ID: ${{ secrets.OHAI_AWS_ACCESS_KEY_ID_STAGING }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.OHAI_AWS_SECRET_ACCESS_KEY_STAGING }} - AWS_ROLE_ARN: ${{ secrets.OHAI_AWS_ROLE_ARN_STAGING }} - AWS_ROLE_SESSION_NAME: ${{ secrets.OHAI_AWS_ROLE_SESSION_NAME_STAGING }} - with: - ACCESS_POINT_HOST: "staging" - SCHEMA_BRANCH: "main" - RUN_ID: ${{ github.run_id }} - TAG: ${{ github.event.release.tag_name }} - AWS_S3_BUCKET_NAME: "nr-downloads-ohai-staging" - AWS_S3_LOCK_BUCKET_NAME: "onhost-ci-lock-staging" - ASSETS_TYPE: "all" diff --git a/.github/workflows/ci-release.yml b/.github/workflows/ci-release.yml deleted file mode 100644 index 94abdc69..00000000 --- a/.github/workflows/ci-release.yml +++ /dev/null @@ -1,53 +0,0 @@ -name: Release - -on: - release: - types: - - released - tags: - - '*' - -jobs: - publishing-to-s3: - name: Publish artifacts into s3 production bucket - uses: ./.github/workflows/component_publish.yml - - secrets: - DOCKER_HUB_ID: ${{ secrets.OHAI_DOCKER_HUB_ID }} - DOCKER_HUB_PASSWORD: ${{ secrets.OHAI_DOCKER_HUB_PASSWORD }} - GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} - GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded - AWS_ACCESS_KEY_ID: ${{ secrets.OHAI_AWS_ACCESS_KEY_ID_PRODUCTION }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.OHAI_AWS_SECRET_ACCESS_KEY_PRODUCTION }} - AWS_ROLE_ARN: ${{ secrets.OHAI_AWS_ROLE_ARN_PRODUCTION }} - AWS_ROLE_SESSION_NAME: ${{ secrets.OHAI_AWS_ROLE_SESSION_NAME_PRODUCTION }} - with: - ACCESS_POINT_HOST: "production" - SCHEMA_BRANCH: "main" - RUN_ID: ${{ github.run_id }} - TAG: ${{ github.event.release.tag_name }} - AWS_S3_BUCKET_NAME: "nr-downloads-main" - AWS_S3_LOCK_BUCKET_NAME: "onhost-ci-lock" - ASSETS_TYPE: "all" - - release-docker: - name: Release docker images - - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - - name: Set and validate distribution name and version - run: .github/workflows/scripts/set_version.sh - - - name: Log into Docker.io - uses: docker/login-action@v2 - with: - username: ${{ secrets.OHAI_DOCKER_HUB_ID }} - password: ${{ secrets.OHAI_DOCKER_HUB_PASSWORD }} - - - name: Publish docker manifest - run: .github/workflows/scripts/docker_manifest_release.sh -i newrelic/nr-otel-collector -v ${{ env.NR_VERSION }} diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 1f2dfc67..7a461d0a 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -17,6 +17,11 @@ jobs: build: name: Validate distributions build, third party libraries and security runs-on: ubuntu-latest + strategy: + matrix: + dist: + - nr-otel-collector + - nrdot-collector-k8s steps: - name: Checkout uses: actions/checkout@v4 @@ -29,25 +34,55 @@ jobs: go-version: '1.23' check-latest: true + - name: Tidy go.mod files + run: go mod tidy + - name: Verify build - run: make ci + run: make ci DISTRIBUTIONS=${{ matrix.dist }} - - name: Validate distributions third party libraries - run: make licenses-check + - name: Login to Docker + uses: docker/login-action@v3 + with: + registry: docker.io + username: ${{ secrets.OTELCOMM_DOCKER_HUB_USERNAME }} + password: ${{ secrets.OTELCOMM_DOCKER_HUB_PASSWORD }} - uses: docker/setup-qemu-action@v2 - uses: docker/setup-buildx-action@v2 + - name: Import GPG key + id: import_gpg + uses: crazy-max/ghaction-import-gpg@v6 + with: + gpg_private_key: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} + passphrase: ${{ secrets.OHAI_GPG_PASSPHRASE }} + + - name: Write GPG to path in memory for signing rpm/deb + id: write_gpg_to_path + run: | + GPG_KEY_PATH="$(mktemp /dev/shm/gpg.XXXXXX)" + echo "$GPG_PRIVATE_KEY" | base64 -d >> "$GPG_KEY_PATH" + echo "gpg_key_path=$GPG_KEY_PATH" >> $GITHUB_OUTPUT + env: + GPG_PRIVATE_KEY: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} + - name: Build binaries & packages with GoReleaser + id: goreleaser uses: goreleaser/goreleaser-action@v6 + env: + NFPM_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} + GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }} + GPG_KEY_PATH: ${{ steps.write_gpg_to_path.outputs.gpg_key_path }} + REGISTRY: "newrelic/${{ matrix.dist }}" with: distribution: goreleaser version: '~> v2' - args: --snapshot --clean --skip=sign --timeout 2h + args: --snapshot --clean --skip=publish,validate --timeout 2h + workdir: distributions/${{ matrix.dist }} - name: Extract image version - run: echo "version=$(jq -r '.version' dist/metadata.json)" >> $GITHUB_ENV + run: echo "version=$(echo '${{ steps.goreleaser.outputs.metadata }}' | jq -r '.version')" >> $GITHUB_ENV - name: Setup local kind cluster uses: helm/kind-action@v1 @@ -56,28 +91,31 @@ jobs: cluster_name: ${{ env.TEST_CLUSTER_NAME }} wait: 60s + - uses: azure/setup-helm@v4.2.0 + - name: Run local e2e tests run: | - IMAGE_TAG=${{ env.version }}-rc-amd64 \ + IMAGE_TAG=${{ env.version }}-amd64 \ KIND_CLUSTER_NAME=${{ env.TEST_CLUSTER_NAME }} \ - make -f ./test/e2e/Makefile ci_test-fast + make -f ./test/e2e/Makefile ci_test-fast DISTRO=${{ matrix.dist }} - name: Trivy security check - uses: aquasecurity/trivy-action@0.28.0 + uses: aquasecurity/trivy-action@0.29.0 with: - image-ref: "newrelic/nr-otel-collector:${{ env.version }}-rc-amd64" + image-ref: "newrelic/${{ matrix.dist }}:${{ env.version }}-amd64" format: 'table' exit-code: '1' ignore-unfixed: true vuln-type: 'os,library' severity: "HIGH,CRITICAL" env: - # dbs are downloaded async in download_trivy_db.yml - TRIVY_SKIP_DB_UPDATE: true + # dbs are downloaded async in trivy-cache.yml + TRIVY_SKIP_DB_UPDATE: ${{ !env.ACT }} TRIVY_SKIP_JAVA_DB_UPDATE: true + terraform: - uses: ./.github/workflows/component_terraform.yml - if: github.event.pull_request.user.login != 'dependabot[bot]' + uses: ./.github/workflows/terraform.yml + if: ${{ !github.event.act && github.event.pull_request.user.login != 'dependabot[bot]' }} with: branch: ${{ github.ref }} tf_work_subdir: permanent diff --git a/.github/workflows/component_publish.yml b/.github/workflows/component_publish.yml deleted file mode 100644 index 5f65447c..00000000 --- a/.github/workflows/component_publish.yml +++ /dev/null @@ -1,123 +0,0 @@ -name: 🚧 Linux | Publish to S3 - -on: - workflow_call: - secrets: - DOCKER_HUB_ID: - required: true - DOCKER_HUB_PASSWORD: - required: true - GPG_PASSPHRASE: - required: true - GPG_PRIVATE_KEY_BASE64: - required: true - AWS_ACCESS_KEY_ID: - required: true - AWS_SECRET_ACCESS_KEY: - required: true - AWS_ROLE_ARN: - required: true - AWS_ROLE_SESSION_NAME: - required: true - - inputs: - TAG: - required: true - type: string - AWS_S3_BUCKET_NAME: - required: true - type: string - AWS_S3_LOCK_BUCKET_NAME: - required: true - type: string - ACCESS_POINT_HOST: - required: true - type: string - RUN_ID: - required: true - type: string - ASSETS_TYPE: - required: true - type: string - SCHEMA_BRANCH: - required: true - type: string - -env: - GPG_MAIL: "infrastructure-eng@newrelic.com" - GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} - GPG_PRIVATE_KEY_BASE64: ${{ secrets.GPG_PRIVATE_KEY_BASE64 }} # base64 encoded - TAG: ${{ inputs.TAG }} - DOCKER_HUB_ID: ${{ secrets.DOCKER_HUB_ID }} - DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }} - SCHEMA_BRANCH: ${{ inputs.SCHEMA_BRANCH }} - AWS_S3_BUCKET_NAME: ${{ inputs.AWS_S3_BUCKET_NAME }} - AWS_S3_LOCK_BUCKET_NAME: ${{ inputs.AWS_S3_LOCK_BUCKET_NAME }} - RUN_ID: ${{ inputs.RUN_ID }} - ASSETS_TYPE: ${{ inputs.ASSETS_TYPE }} - DISABLE_LOCK: ${{ inputs.DISABLE_LOCK == true }} - AWS_REGION: "us-east-1" - ACCESS_POINT_HOST: ${{ inputs.ACCESS_POINT_HOST }} - - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_ROLE_ARN: ${{ secrets.AWS_ROLE_ARN }} - AWS_ROLE_SESSION_NAME: ${{ secrets.AWS_ROLE_SESSION_NAME }} - -jobs: - publish: - name: Publish linux artifacts into s3 bucket - runs-on: ubuntu-latest - - strategy: - max-parallel: 1 - matrix: - assetsType: - - "targz" - - "zip" - - "deb" - - "rpm" - # add os field to the matrix and overwrite it when the assetsType is 'zip' - include: - - os: linux - - os: windows - assetsType: zip - - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - - name: Set and validate distribution name and version - run: .github/workflows/scripts/set_version.sh - - - name: Login to DockerHub - if: ${{ (env.ASSETS_TYPE == 'all' || env.ASSETS_TYPE == matrix.assetsType) }} - uses: docker/login-action@v2 - with: - username: ${{ env.DOCKER_HUB_ID }} - password: ${{ env.DOCKER_HUB_PASSWORD }} - - - name: Publish ${{ matrix.assetsType }} to S3 action - if: ${{ (env.ASSETS_TYPE == 'all' || env.ASSETS_TYPE == matrix.assetsType) }} - uses: newrelic/infrastructure-publish-action@v1 - with: - tag: ${{ env.TAG }} - app_version: ${{ env.NR_VERSION }} - app_name: "nr-otel-collector" - repo_name: "newrelic/opentelemetry-collector-releases" - schema: "custom" - schema_url: "https://raw.githubusercontent.com/newrelic/opentelemetry-collector-releases/${{ env.SCHEMA_BRANCH }}/distributions/nr-otel-collector/upload-schema-${{ matrix.os }}-${{ matrix.assetsType }}.yml" - aws_access_key_id: ${{ env.AWS_ACCESS_KEY_ID }} - aws_secret_access_key: ${{ env.AWS_SECRET_ACCESS_KEY }} - aws_s3_bucket_name: ${{ env.AWS_S3_BUCKET_NAME }} - aws_s3_lock_bucket_name: ${{ env.AWS_S3_LOCK_BUCKET_NAME }} - access_point_host: ${{ env.ACCESS_POINT_HOST }} - run_id: ${{ env.RUN_ID }} - aws_region: ${{ env.AWS_REGION }} - aws_role_session_name: ${{ env.AWS_ROLE_SESSION_NAME }} - aws_role_arn: ${{ env.AWS_ROLE_ARN }} - # used for signing package stuff - gpg_passphrase: ${{ env.GPG_PASSPHRASE }} - gpg_private_key_base64: ${{ env.GPG_PRIVATE_KEY_BASE64 }} - disable_lock: ${{ env.DISABLE_LOCK }} diff --git a/.github/workflows/component_trivy.yml b/.github/workflows/component_trivy.yml deleted file mode 100644 index bf3a7f0c..00000000 --- a/.github/workflows/component_trivy.yml +++ /dev/null @@ -1,69 +0,0 @@ -name: .. 🚧 🕵🏼 Trivy - -on: - workflow_call: - secrets: - slack_webhook: - required: false - inputs: - image: - required: false - type: string - description: "Image to scan with Trivy" - default: "docker.io/newrelic/nr-otel-collector" - tag: - required: true - type: string - severity: - required: true - type: string - -jobs: - trivy_scanner: - name: Trivy scanner for docker - runs-on: ubuntu-22.04 - steps: - - name: Sarif newrelic/nr-otel-collector - uses: aquasecurity/trivy-action@0.28.0 - with: - image-ref: "${{ inputs.image }}:${{ inputs.tag }}" - format: "sarif" - output: "trivy-results.sarif" - vuln-type: "os,library" - severity: "${{ inputs.severity }}" - exit-code: "1" - ignore-unfixed: true - limit-severities-for-sarif: true - env: - # dbs are downloaded async in download_trivy_db.yml - TRIVY_SKIP_DB_UPDATE: true - TRIVY_SKIP_JAVA_DB_UPDATE: true - - - name: Print Trivy scan results # action can't do both table/sarif output, so we just print the sarif file - if: ${{ (success() || failure()) && inputs.tag == 'latest' }} - run: | - if [[ -s trivy-results.sarif ]]; then - cat trivy-results.sarif - else - echo "No sarif file found" - fi - - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v3 - # Upload sarif only for latest - if: ${{ (success() || failure()) && inputs.tag == 'latest' }} - with: - sarif_file: "trivy-results.sarif" - - - name: Send notification to Slack Workflow - if: ${{ failure() && inputs.tag == 'latest' }} - id: slack - uses: slackapi/slack-github-action@v1.27.0 - with: - # This data can be any valid JSON from a previous step in the GitHub Action - payload: | - { - "text": ":rotating_light: Hi from your Github Action, vulnerabilities found in NRDOT, see: https://github.com/newrelic/opentelemetry-collector-releases/security :rotating_light:" - } - env: - SLACK_WEBHOOK_URL: ${{ secrets.slack_webhook }} - SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK diff --git a/.github/workflows/scripts/docker_manifest_release.sh b/.github/workflows/scripts/docker_manifest_release.sh deleted file mode 100755 index 193de73b..00000000 --- a/.github/workflows/scripts/docker_manifest_release.sh +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/bash - -# This script will create a new manifest from an existing one that has -rc suffix. -# During the pre-release docker images are tagged using -rc suffix -# On release this suffix will be removed. - -set -e - -print_usage() { - printf -- "Usage: %s\n" "$(basename "${0}")" - printf -- "-i: Docker image name\n" - printf -- "-v: Version of the release\n" - printf -- "-h: Print help page\n" -} - -while getopts 'i:v:ph' flag -do - case "${flag}" in - h) - print_usage - exit 0 - ;; - i) - image_name="${OPTARG}" - continue - ;; - v) - version="${OPTARG}" - continue - ;; - *) - print_usage - exit 1 - ;; - esac -done - -# Get the list of docker images sha digest contained by the rc manifest. -images=$(docker manifest inspect "${image_name}":"${version}"-rc | jq --arg image "${image_name}" '.manifests[] | ($image+"@"+.digest)' | tr -d \") - -printf "Images:\n%s\n" "${images}" - -# Create and push two new manifests latest and versioned, without -rc suffix. -docker manifest create "${image_name}:latest" $images -docker manifest create "${image_name}:${version}" $images - -docker manifest push "${image_name}:latest" -docker manifest push "${image_name}:${version}" diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index 4abdaf9e..dae57d73 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -2,7 +2,7 @@ name: . 🕵🏼 Security scanner on: schedule: # Scheduled to run in the morning (PT) on every day-of-week from Monday through Friday. - - cron: '0 15 * * 1-5' + - cron: '0 15 * * 1-5' workflow_dispatch: inputs: tag: @@ -12,9 +12,54 @@ on: jobs: docker-trivy: - uses: ./.github/workflows/component_trivy.yml - secrets: - slack_webhook: ${{ secrets.OTELCOMM_BOTS_SLACK_HOOK }} - with: - tag: "${{ inputs.tag || 'latest' }}" - severity: "CRITICAL,HIGH" + name: Trivy scanner for docker + runs-on: ubuntu-22.04 + + strategy: + matrix: + image: + - newrelic/nr-otel-collector + + steps: + - name: Run Trivy image vulnerability scanner + uses: aquasecurity/trivy-action@0.29.0 + with: + image-ref: ${{ matrix.image }}:${{ inputs.tag }} + format: sarif + output: trivy-${{ matrix.image }}-results.sarif + vuln-type: os,library + severity: CRITICAL,HIGH + exit-code: 1 + ignore-unfixed: true + limit-severities-for-sarif: true + env: + # dbs are downloaded async in download_trivy_db.yml + TRIVY_SKIP_DB_UPDATE: true + TRIVY_SKIP_JAVA_DB_UPDATE: true + + - name: Print Trivy scan results # action can't do both table/sarif output, so we just print the sarif file + if: ${{ (success() || failure()) && inputs.tag == 'latest' }} + run: | + if [[ -s trivy-${{ matrix.image }}-results.sarif ]]; then + cat trivy-${{ matrix.image }}-results.sarif + else + echo "No sarif file found" + fi + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v3 + # Upload sarif only for latest + if: ${{ (success() || failure()) && inputs.tag == 'latest' }} + with: + category: "trivy-${{ matrix.image }}" + sarif_file: "trivy-${{ matrix.image }}-results.sarif" + + + - name: Send notification to Slack Workflow + if: ${{ failure() && inputs.tag == 'latest' }} + uses: slackapi/slack-github-action@v2.0.0 + with: + webhook: ${{ secrets.OTELCOMM_BOTS_SLACK_HOOK }} + webhook-type: incoming-webhook + # This data can be any valid JSON from a previous step in the GitHub Action + payload: | + text: ":rotating_light: Hi from your Github Action, vulnerabilities found in NRDOT ${{ matrix.image }}:${{ inputs.tag }}, see: https://github.com/newrelic/opentelemetry-collector-releases/security :rotating_light:" diff --git a/.github/workflows/debug_terraform.yml b/.github/workflows/terraform-debug.yml similarity index 97% rename from .github/workflows/debug_terraform.yml rename to .github/workflows/terraform-debug.yml index 360c4f5f..20ab3ea5 100644 --- a/.github/workflows/debug_terraform.yml +++ b/.github/workflows/terraform-debug.yml @@ -1,4 +1,4 @@ -name: 🪲 Terraform +name: 🪲 Terraform Debug on: workflow_dispatch: @@ -38,7 +38,7 @@ on: default: "WARN" jobs: - terraform: + terraform-debug: uses: ./.github/workflows/component_terraform.yml with: branch: ${{ inputs.branch }} diff --git a/.github/workflows/component_terraform.yml b/.github/workflows/terraform.yml similarity index 100% rename from .github/workflows/component_terraform.yml rename to .github/workflows/terraform.yml diff --git a/.github/workflows/download_trivy_db.yml b/.github/workflows/trivy-cache.yml similarity index 100% rename from .github/workflows/download_trivy_db.yml rename to .github/workflows/trivy-cache.yml diff --git a/.gitignore b/.gitignore index 39c653a1..8fb63bd7 100644 --- a/.gitignore +++ b/.gitignore @@ -16,4 +16,9 @@ ci/terraform/caos.auto.tfvars *.tfstate.* *.auto.tfvars # rely on pinned provider versions for now to avoid having to deal with multi-platform lock file hashes -.terraform.lock.hcl \ No newline at end of file +.terraform.lock.hcl + +.env +.secrets +.input +.tools \ No newline at end of file diff --git a/.goreleaser-nightly.yaml b/.goreleaser-nightly.yaml deleted file mode 100644 index 9f6ff244..00000000 --- a/.goreleaser-nightly.yaml +++ /dev/null @@ -1,138 +0,0 @@ -# yaml-language-server: $schema=https://goreleaser.com/static/schema.json -version: 2 -project_name: opentelemetry-collector-releases-nightly -builds: - - id: nr-otel-collector - goos: - - linux - - windows - goarch: - - amd64 - - arm64 - ignore: - - goos: windows - goarch: arm64 - dir: distributions/nr-otel-collector/_build - binary: nr-otel-collector - ldflags: - - -s - - -w - flags: - - -trimpath - env: - - CGO_ENABLED=0 - -archives: - - id: nr-otel-collector - builds: - - nr-otel-collector - name_template: '{{ .Binary }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}{{ if .Mips }}_{{ .Mips }}{{ end }}' - - format_overrides: - - goos: windows - format: zip - -nfpms: - - package_name: nr-otel-collector - - # Replace arch for rpm from amd64 to x86_64 to be consistent with our rpm repo. - file_name_template: >- - {{ .PackageName }}_{{ .Version }}_{{ .Os }}_ - {{- if not (eq (filter .ConventionalFileName "\\.rpm$") "") }} - {{- replace .Arch "amd64" "x86_64" }} - {{- else }} - {{- .Arch }} - {{- end }} - {{- with .Arm }}v{{ . }}{{- end }} - {{- with .Mips }}_{{ . }}{{- end }} - {{- if not (eq .Amd64 "v1") }}{{ .Amd64 }}{{- end }} - - contents: - - src: distributions/nr-otel-collector/nr-otel-collector.service - dst: /lib/systemd/system/nr-otel-collector.service - - src: distributions/nr-otel-collector/nr-otel-collector.conf - dst: /etc/nr-otel-collector/nr-otel-collector.conf - type: config|noreplace - - src: configs/nr-otel-collector-agent-linux.yaml - dst: /etc/nr-otel-collector/config.yaml - type: config - scripts: - preinstall: distributions/nr-otel-collector/preinstall.sh - postinstall: distributions/nr-otel-collector/postinstall.sh - preremove: distributions/nr-otel-collector/preremove.sh - id: nr-otel-collector - builds: - - nr-otel-collector - formats: - - deb - - rpm - maintainer: New Relic - description: OpenTelemetry Collector - nr-otel-collector - license: Apache 2.0 - -dockers: - - goos: linux - goarch: amd64 - dockerfile: distributions/nr-otel-collector/Dockerfile - image_templates: - - '{{ .Env.REGISTRY }}:{{ .Version }}-nightly-amd64' - - '{{ .Env.REGISTRY }}:nightly-amd64' - extra_files: - - configs/nr-otel-collector-agent-linux.yaml - build_flag_templates: - - --pull - - --platform=linux/amd64 - - --label=org.opencontainers.image.created={{.Date}} - - --label=org.opencontainers.image.name={{.ProjectName}} - - --label=org.opencontainers.image.revision={{.FullCommit}} - - --label=org.opencontainers.image.version={{.Version}}-nightly - - --label=org.opencontainers.image.source={{.GitURL}} - use: buildx - - goos: linux - goarch: arm64 - dockerfile: distributions/nr-otel-collector/Dockerfile - image_templates: - - '{{ .Env.REGISTRY }}:{{ .Version }}-nightly-arm64' - - '{{ .Env.REGISTRY }}:nightly-arm64' - extra_files: - - configs/nr-otel-collector-agent-linux.yaml - build_flag_templates: - - --pull - - --platform=linux/arm64 - - --label=org.opencontainers.image.created={{.Date}} - - --label=org.opencontainers.image.name={{.ProjectName}} - - --label=org.opencontainers.image.revision={{.FullCommit}} - - --label=org.opencontainers.image.version={{.Version}}-nightly - - --label=org.opencontainers.image.source={{.GitURL}} - use: buildx - -docker_manifests: - - name_template: '{{ .Env.REGISTRY }}:{{ .Version }}-nightly' - image_templates: - - '{{ .Env.REGISTRY }}:{{ .Version }}-nightly-amd64' - - '{{ .Env.REGISTRY }}:{{ .Version }}-nightly-arm64' - - name_template: '{{ .Env.REGISTRY }}:nightly' - image_templates: - - '{{ .Env.REGISTRY }}:nightly-amd64' - - '{{ .Env.REGISTRY }}:nightly-arm64' - -# Skip creating/updating gh release. -release: - disable: true - -# Disable default checksum generator as we use a custom one per each artifact. -checksum: - disable: true - -# Skip auto-generating changelog. -changelog: - disable: true - -snapshot: - version_template: "{{ incpatch .Version }}-SNAPSHOT-{{.ShortCommit}}-nightly" - -blobs: - - provider: s3 - region: us-east-1 - bucket: nr-releases - directory: 'opentelemetry-collector-releases/nightly' diff --git a/.goreleaser.yaml b/.goreleaser.yaml deleted file mode 100644 index 4f6a87fd..00000000 --- a/.goreleaser.yaml +++ /dev/null @@ -1,162 +0,0 @@ -# yaml-language-server: $schema=https://goreleaser.com/static/schema.json -version: 2 -project_name: opentelemetry-collector-releases -builds: - - id: nr-otel-collector - goos: - - linux - - windows - goarch: - - amd64 - - arm64 - ignore: - - goos: windows - goarch: arm64 - dir: distributions/nr-otel-collector/_build - binary: nr-otel-collector - ldflags: - - -s - - -w - flags: - - -trimpath - env: - - CGO_ENABLED=0 -archives: - - id: nr-otel-collector - builds: - - nr-otel-collector - name_template: '{{ .Binary }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}{{ if .Mips }}_{{ .Mips }}{{ end }}' - - format_overrides: - - goos: windows - format: zip - -nfpms: - - package_name: nr-otel-collector - - # Replace arch for rpm from amd64 to x86_64 to be consistent with our rpm repo. - file_name_template: >- - {{ .PackageName }}_{{ .Version }}_{{ .Os }}_ - {{- if not (eq (filter .ConventionalFileName "\\.rpm$") "") }} - {{- replace .Arch "amd64" "x86_64" }} - {{- else }} - {{- .Arch }} - {{- end }} - {{- with .Arm }}v{{ . }}{{- end }} - {{- with .Mips }}_{{ . }}{{- end }} - {{- if not (eq .Amd64 "v1") }}{{ .Amd64 }}{{- end }} - - contents: - - src: distributions/nr-otel-collector/nr-otel-collector.service - dst: /lib/systemd/system/nr-otel-collector.service - - src: distributions/nr-otel-collector/nr-otel-collector.conf - dst: /etc/nr-otel-collector/nr-otel-collector.conf - type: config|noreplace - - src: configs/nr-otel-collector-agent-linux.yaml - dst: /etc/nr-otel-collector/config.yaml - type: config - scripts: - preinstall: distributions/nr-otel-collector/preinstall.sh - postinstall: distributions/nr-otel-collector/postinstall.sh - preremove: distributions/nr-otel-collector/preremove.sh - id: nr-otel-collector - builds: - - nr-otel-collector - formats: - - deb - - rpm - maintainer: New Relic - description: OpenTelemetry Collector - nr-otel-collector - license: Apache 2.0 - -dockers: - - goos: linux - goarch: amd64 - dockerfile: distributions/nr-otel-collector/Dockerfile - image_templates: - - newrelic/nr-otel-collector:{{ .Version }}-rc-amd64 - extra_files: - - configs/nr-otel-collector-agent-linux.yaml - build_flag_templates: - - --pull - - --platform=linux/amd64 - - --label=org.opencontainers.image.created={{.Date}} - - --label=org.opencontainers.image.name={{.ProjectName}} - - --label=org.opencontainers.image.revision={{.FullCommit}} - - --label=org.opencontainers.image.version={{.Version}} - - --label=org.opencontainers.image.source={{.GitURL}} - use: buildx - - goos: linux - goarch: arm64 - dockerfile: distributions/nr-otel-collector/Dockerfile - image_templates: - - newrelic/nr-otel-collector:{{ .Version }}-rc-arm64 - extra_files: - - configs/nr-otel-collector-agent-linux.yaml - build_flag_templates: - - --pull - - --platform=linux/arm64 - - --label=org.opencontainers.image.created={{.Date}} - - --label=org.opencontainers.image.name={{.ProjectName}} - - --label=org.opencontainers.image.revision={{.FullCommit}} - - --label=org.opencontainers.image.version={{.Version}} - - --label=org.opencontainers.image.source={{.GitURL}} - use: buildx -docker_manifests: - - name_template: newrelic/nr-otel-collector:{{ .Version }}-rc - image_templates: - - newrelic/nr-otel-collector:{{ .Version }}-rc-amd64 - - newrelic/nr-otel-collector:{{ .Version }}-rc-arm64 - -signs: - - - id: checksums - - # Path to the checksum command. - cmd: ./scripts/generate_checksum.sh - args: [ - "-f", "{{ .Env.artifact }}", - ] - artifacts: all - - - id: signing - - # Path to the signature command. - cmd: ./scripts/signing/sign.sh - args: [ - "-f", "{{ .Env.artifact }}", - "-m", "{{ .Env.GPG_MAIL }}", - "-p", "{{ .Env.GPG_PASSPHRASE }}", - "-k", "{{ .Env.GPG_PRIVATE_KEY_BASE64 }}" - ] - artifacts: all - -publishers: - - name: GH Publisher - cmd: ./scripts/gh_publisher.sh -t {{ .Env.NR_RELEASE_TAG }} -f {{ abs .ArtifactPath }} - extra_files: - - glob: "./dist/*.asc" - - glob: "./dist/*.sum" - env: - - GITHUB_TOKEN={{ .Env.GITHUB_TOKEN }} - -git: - # What should be used to sort tags when gathering the current and previous - # tags if there are more than one tag in the same commit. - # - # This is required because of the SemVer tag renaming. - # - # Default: `-version:refname` - tag_sort: -version:creatordate - -# Skip creating/updating gh release. -release: - disable: true - -# Disable default checksum generator as we use a custom one per each artifact. -checksum: - disable: true - -# Skip auto-generating changelog. -changelog: - disable: true diff --git a/.secrets.example b/.secrets.example new file mode 100644 index 00000000..a025ccec --- /dev/null +++ b/.secrets.example @@ -0,0 +1,8 @@ +GITHUB_TOKEN= +OTELCOMM_DOCKER_HUB_USERNAME= +OTELCOMM_DOCKER_HUB_PASSWORD= +OTELCOMM_AWS_TEST_ACC_ACCESS_KEY_ID= +OTELCOMM_AWS_TEST_ACC_SECRET_ACCESS_KEY= +OTELCOMM_AWS_TEST_ACC_ACCOUNT_ID= +OHAI_GPG_PASSPHRASE= +OHAI_GPG_PRIVATE_KEY_BASE64= diff --git a/Brewfile b/Brewfile new file mode 100644 index 00000000..3fe02628 --- /dev/null +++ b/Brewfile @@ -0,0 +1,6 @@ +brew 'go@1.23' +brew 'goreleaser/tap/goreleaser' +brew 'gnupg' +brew 'pinentry-mac' +brew 'act' +brew 'helm' \ No newline at end of file diff --git a/Makefile b/Makefile index 4937e163..b66274df 100644 --- a/Makefile +++ b/Makefile @@ -1,45 +1,106 @@ -########################################## -# Dynamic targets # -########################################## -# Exclude current, distributions and hidden directories -FIND_PATH = . -mindepth 2 -not -path '*/\.*' -not -path '*/distributions/*' -# Define the list of subdirectories that contain a Makefile -SUBDIRS := $(patsubst ./%/Makefile,%,$(shell find $(FIND_PATH) -name Makefile)) -TARGETS := $(SUBDIRS) +GO ?= go +GORELEASER ?= goreleaser -.PHONY: all $(TARGETS) clean $(addsuffix -clean,$(TARGETS)) help +# SRC_ROOT is the top of the source tree. +SRC_ROOT := $(shell git rev-parse --show-toplevel) +OTELCOL_BUILDER_VERSION ?= 0.118.0 +OTELCOL_BUILDER_DIR ?= ${HOME}/bin +OTELCOL_BUILDER ?= ${OTELCOL_BUILDER_DIR}/ocb -$(TARGETS): - $(MAKE) -C $@ +GOCMD?= go +TOOLS_MOD_DIR := $(SRC_ROOT)/internal/tools +TOOLS_BIN_DIR := $(SRC_ROOT)/.tools +TOOLS_MOD_REGEX := "\s+_\s+\".*\"" +TOOLS_PKG_NAMES := $(shell grep -E $(TOOLS_MOD_REGEX) < $(TOOLS_MOD_DIR)/tools.go | tr -d " _\"" | grep -vE '/v[0-9]+$$') +TOOLS_BIN_NAMES := $(addprefix $(TOOLS_BIN_DIR)/, $(notdir $(shell echo $(TOOLS_PKG_NAMES)))) +GO_LICENCE_DETECTOR := $(TOOLS_BIN_DIR)/go-licence-detector +GO_LICENCE_DETECTOR_CONFIG := $(SRC_ROOT)/internal/assets/license/rules.json -clean: $(addsuffix -clean,$(SUBDIRS)) +DISTRIBUTIONS ?= "nr-otel-collector,nrdot-collector-k8s" -$(addsuffix -clean,$(TARGETS)): - $(MAKE) -C $(patsubst %-clean,%,$@) clean +ci: check build licenses-check +check: ensure-goreleaser-up-to-date +build: go ocb + @./scripts/build.sh -d "${DISTRIBUTIONS}" -b ${OTELCOL_BUILDER} -########################################## -# Static targets # -########################################## -FIND_MOD_ARGS=-type f -name "manifest.yaml" -TO_DIR=dirname {} \; | sort | grep -E '^./' +generate: generate-sources generate-goreleaser -ALL_DISTRIBUTIONS := $(shell find ./distributions/* $(FIND_MOD_ARGS) -exec $(TO_DIR) ) +generate-goreleaser: go + @./scripts/generate-goreleaser.sh -d "${DISTRIBUTIONS}" -g ${GO} -# Define a delegation target for each distribution -.PHONY: $(ALL_DISTRIBUTIONS) -$(ALL_DISTRIBUTIONS): - $(MAKE) -C $@ $(TARGET) +generate-sources: go ocb + @./scripts/build.sh -d "${DISTRIBUTIONS}" -s true -b ${OTELCOL_BUILDER} -# trigger target for each module's delegation target -.PHONY: for-all-target -for-all-target: $(ALL_DISTRIBUTIONS) +goreleaser-verify: goreleaser + @${GORELEASER} release --snapshot --clean -include build.mk -include check.mk +ensure-goreleaser-up-to-date: generate-goreleaser + @git diff -s --exit-code distributions/*/.goreleaser.yaml || (echo "Check failed: The goreleaser templates have changed but the .goreleaser.yamls haven't. Run 'make generate-goreleaser' and update your PR." && exit 1) -help: - @echo "## Available targets:" - @echo $(TARGETS) - @echo "## Available clean targets:" - @echo $(addsuffix -clean,$(TARGETS)) +validate-components: + @./scripts/validate-components.sh + +.PHONY: ocb +ocb: +ifeq (, $(shell command -v ocb 2>/dev/null)) + @{ \ + [ ! -x '$(OTELCOL_BUILDER)' ] || exit 0; \ + set -e ;\ + os=$$(uname | tr A-Z a-z) ;\ + machine=$$(uname -m) ;\ + [ "$${machine}" != x86 ] || machine=386 ;\ + [ "$${machine}" != x86_64 ] || machine=amd64 ;\ + echo "Installing ocb ($${os}/$${machine}) at $(OTELCOL_BUILDER_DIR)";\ + mkdir -p $(OTELCOL_BUILDER_DIR) ;\ + CGO_ENABLED=0 go install -trimpath -ldflags="-s -w" go.opentelemetry.io/collector/cmd/builder@v$(OTELCOL_BUILDER_VERSION) ;\ + mv $$(go env GOPATH)/bin/builder $(OTELCOL_BUILDER) ;\ + } +else +OTELCOL_BUILDER=$(shell command -v ocb) +endif + +.PHONY: go +go: + @{ \ + if ! command -v '$(GO)' >/dev/null 2>/dev/null; then \ + echo >&2 '$(GO) command not found. Please install golang. https://go.dev/doc/install'; \ + exit 1; \ + fi \ + } + +.PHONY: goreleaser +goreleaser: + @{ \ + if ! command -v '$(GORELEASER)' >/dev/null 2>/dev/null; then \ + echo >&2 '$(GORELEASER) command not found. Please install goreleaser. https://goreleaser.com/install/'; \ + exit 1; \ + fi \ + } + +.PHONY: install-tools +install-tools: $(TOOLS_BIN_NAMES) + +$(TOOLS_BIN_DIR): + mkdir -p $@ + +$(TOOLS_BIN_NAMES): $(TOOLS_BIN_DIR) $(TOOLS_MOD_DIR)/go.mod + cd $(TOOLS_MOD_DIR) && $(GOCMD) build -o $@ -trimpath $(filter %/$(notdir $@),$(TOOLS_PKG_NAMES)) + +FILENAME?=$(shell git branch --show-current) +NOTICE_OUTPUT?=THIRD_PARTY_NOTICES.md + +.PHONY: licenses +licenses: go generate-sources $(GO_LICENCE_DETECTOR) + @./scripts/licenses.sh -d "${DISTRIBUTIONS}" -b ${GO_LICENCE_DETECTOR} -n ${NOTICE_OUTPUT} -g ${GO} + +.PHONY: licenses-check +licenses-check: licenses + @git diff --name-only | grep -q $(NOTICE_OUTPUT) \ + && { \ + echo "Third party notices out of date, please run \"make licenses\" and commit the changes in this PR.";\ + echo "Diff of $(NOTICE_OUTPUT):";\ + git --no-pager diff HEAD -- */$(NOTICE_OUTPUT);\ + exit 1;\ + } \ + || exit 0 diff --git a/Makefile.common b/Makefile.common deleted file mode 100644 index 2fbd1a31..00000000 --- a/Makefile.common +++ /dev/null @@ -1,72 +0,0 @@ -############################################# -#### Common Makefiles for distributions ##### -############################################# -# Note: file is included in Makefile within distro folders, -# so paths are relative to distro folder unless they use SRC_ROOT - -# SRC_ROOT is the top of the source tree. -SRC_ROOT := $(realpath $(dir $(lastword $(MAKEFILE_LIST)))) -BUILD_DIR=$(shell basename $(shell yq '.dist.output_path' 'manifest.yaml')) -DISTRO_NAME=$(shell basename $(shell pwd)) - -######################## -#### Check targets ##### -######################## - -.PHONY: assert_build-dir -assert_build-dir: - @test $(BUILD_DIR) = _build || (echo "expected build directory _build but was $(BUILD_DIR): required because it is hardcoded for goreleaser" && exit 1) - -NOTICE_OUTPUT ?= THIRD_PARTY_NOTICES.md -GO_MOD_TMP_FILE ?= /tmp/tmp_notices.json - -.PHONY: third-party-notices -third-party-notices: assert_build-dir - @command -v go-licence-detector &> /dev/null || (echo "go-license-detector tool not found, install it from the base directory with \"make internal/tools\"" && exit 1) - echo '' > $(GO_MOD_TMP_FILE);\ - cd $(BUILD_DIR) && go list -mod=mod -m -json all >> $(GO_MOD_TMP_FILE);\ - go-licence-detector \ - -in $(GO_MOD_TMP_FILE) \ - -rules $(SRC_ROOT)/internal/assets/license/rules.json \ - -noticeTemplate $(SRC_ROOT)/internal/assets/license/THIRD_PARTY_NOTICES.md.tmpl \ - -noticeOut $(NOTICE_OUTPUT) - -.PHONY: third-party-notices-check -third-party-notices-check: third-party-notices - @git diff --name-only | grep -q $(NOTICE_OUTPUT) \ - && { \ - echo "Third party notices out of date, please run \"make licenses\" and commit the changes in this PR.";\ - echo "Diff of $(NOTICE_OUTPUT):";\ - git --no-pager diff HEAD -- $(NOTICE_OUTPUT);\ - echo "go.mod file used:";\ - cat $(BUILD_DIR)/go.mod;\ - exit 1;\ - } \ - || exit 0 - -trivy-check: IMAGE_NAME=newrelic/$(DISTRO_NAME) -trivy-check: IMAGE_TAG_TO_CHECK=$(shell git describe --tags --abbrev=0)-SNAPSHOT-$(shell git rev-parse --short=7 HEAD) -trivy-check: - docker images -a --filter 'reference=$(IMAGE_NAME)' | grep $(IMAGE_TAG_TO_CHECK) -q \ - || { echo 'Expected snapshot image "$(IMAGE_NAME):$(IMAGE_TAG_TO_CHECK)" to be present for trivy test' && exit 1; }; \ - trivy image --scanners=vuln --vuln-type=os,library --severity=CRITICAL,HIGH --ignore-unfixed --format sarif \ - --db-repository public.ecr.aws/aquasecurity/trivy-db:2 \ - --java-db-repository public.ecr.aws/aquasecurity/trivy-java-db:1 \ - $(IMAGE_NAME):$(IMAGE_TAG_TO_CHECK)-rc-amd64 - -######################## -#### Build targets ##### -######################## -BINARY_NAME=$(shell yq '.dist.name' 'manifest.yaml') - -build-distro: assert_build-dir $(BUILD_DIR)/$(BINARY_NAME) -$(BUILD_DIR)/$(BINARY_NAME): manifest.yaml - $(SRC_ROOT)/scripts/build.sh -d $(DISTRO_NAME) - -generate-sources-for-distro: assert_build-dir $(BUILD_DIR)/go.mod -$(BUILD_DIR)/go.mod: manifest.yaml - $(SRC_ROOT)/scripts/build.sh -d $(DISTRO_NAME) -s true - -.PHONY: clean-build-dir-distro -clean-build-dir-distro: - rm -rf $(BUILD_DIR) diff --git a/build.mk b/build.mk deleted file mode 100644 index 3bb3bfc0..00000000 --- a/build.mk +++ /dev/null @@ -1,14 +0,0 @@ -.PHONY: ci -ci: build - -.PHONY: build -build: - @$(MAKE) for-all-target TARGET="build-distro" - -.PHONY: generate-sources -generate-sources: - @$(MAKE) for-all-target TARGET="generate-sources-for-distro" - -.PHONY: clean-build-dir -clean-build-dir: - @$(MAKE) for-all-target TARGET="clean-build-dir-distro" diff --git a/check.mk b/check.mk deleted file mode 100644 index db4c3174..00000000 --- a/check.mk +++ /dev/null @@ -1,7 +0,0 @@ -.PHONY: licenses -licenses: internal/tools generate-sources - @$(MAKE) for-all-target TARGET="third-party-notices" - -.PHONY: licenses-check -licenses-check: internal/tools generate-sources - @$(MAKE) for-all-target TARGET="third-party-notices-check" diff --git a/cmd/goreleaser/internal/configure.go b/cmd/goreleaser/internal/configure.go new file mode 100644 index 00000000..2d29ba4c --- /dev/null +++ b/cmd/goreleaser/internal/configure.go @@ -0,0 +1,421 @@ +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package internal + +// This file is a script which generates the .goreleaser.yaml file for all +// supported NRDOT Collector distributions. +// +// Run it with `make generate-goreleaser`. + +import ( + "fmt" + "path" + "strings" + + "github.com/goreleaser/goreleaser/v2/pkg/config" +) + +const ( + ArmArch = "arm" + + HostDistro = "nr-otel-collector" + K8sDistro = "nrdot-collector-k8s" + + DockerHub = "newrelic" + EnvRegistry = "{{ .Env.REGISTRY }}" + + BinaryNamePrefix = "nrdot-collector" + ImageNamePrefix = "nrdot-collector" +) + +var ( + ImagePrefixes = []string{DockerHub} + NightlyImagePrefixes = []string{EnvRegistry} + + Architectures = []string{"amd64", "arm64"} + DefaultConfigDists = map[string]bool{HostDistro: true} + K8sDockerSkipArchs = map[string]bool{"arm": true, "386": true} + K8sGoos = []string{"linux"} + K8sArchs = []string{"amd64", "arm64"} +) + +func Generate(dist string, nightly bool) config.Project { + + projectName := "nrdot-collector-releases" + + if nightly { + projectName = "nrdot-collector-releases-nightly" + } + + return config.Project{ + ProjectName: projectName, + Checksum: config.Checksum{ + NameTemplate: "{{ .ArtifactName }}.sum", + Split: true, + Algorithm: "sha256", + }, + Builds: Builds(dist), + Archives: Archives(dist), + NFPMs: Packages(dist), + Dockers: DockerImages(dist, nightly), + DockerManifests: DockerManifests(dist, nightly), + Signs: Sign(), + DockerSigns: DockerSigns(), + Version: 2, + Changelog: config.Changelog{Disable: "true"}, + Snapshot: config.Snapshot{ + VersionTemplate: "{{ incpatch .Version }}-SNAPSHOT-{{.ShortCommit}}", + }, + Blobs: Blobs(dist, nightly), + } +} + +func Blobs(dist string, nightly bool) []config.Blob { + if dist == K8sDistro { + return nil + } + + version := "{{ .Version }}" + + if nightly { + version = "nightly" + } + + return []config.Blob{ + { + Provider: "s3", + Region: "us-east-1", + Bucket: "nr-releases", + Directory: fmt.Sprintf("nrdot-collector-releases/%s/%s", dist, version), + }, + } +} + +func Builds(dist string) []config.Build { + return []config.Build{ + Build(dist), + } +} + +// Build configures a goreleaser build. +// https://goreleaser.com/customization/build/ +func Build(dist string) config.Build { + goos := []string{"linux", "windows"} + archs := Architectures + + if dist == K8sDistro { + goos = K8sGoos + archs = K8sArchs + } + + return config.Build{ + ID: dist, + Dir: "_build", + Binary: dist, + BuildDetails: config.BuildDetails{ + Env: []string{"CGO_ENABLED=0"}, + Flags: []string{"-trimpath"}, + Ldflags: []string{"-s", "-w"}, + }, + Goos: goos, + Goarch: archs, + Ignore: IgnoreBuildCombinations(dist), + } +} + +func IgnoreBuildCombinations(dist string) []config.IgnoredBuild { + if dist == K8sDistro { + return nil + } + return []config.IgnoredBuild{ + {Goos: "windows", Goarch: "arm64"}, + } +} + +func ArmVersions(dist string) []string { + if dist == K8sDistro { + return nil + } + return []string{"7"} +} + +func Archives(dist string) []config.Archive { + return []config.Archive{ + Archive(dist), + } +} + +// Archive configures a goreleaser archive (tarball). +// https://goreleaser.com/customization/archive/ +func Archive(dist string) config.Archive { + return config.Archive{ + ID: dist, + NameTemplate: "{{ .Binary }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}{{ if .Mips }}_{{ .Mips }}{{ end }}", + Builds: []string{dist}, + FormatOverrides: []config.FormatOverride{ + { + Goos: "windows", Formats: []string{"zip"}, + }, + }, + } +} + +func Packages(dist string) []config.NFPM { + if dist == K8sDistro { + return nil + } + return []config.NFPM{ + Package(dist), + } +} + +// Package configures goreleaser to build a system package. +// https://goreleaser.com/customization/nfpm/ +func Package(dist string) config.NFPM { + nfpmContents := []config.NFPMContent{ + { + Source: fmt.Sprintf("%s.service", dist), + Destination: path.Join("/lib", "systemd", "system", fmt.Sprintf("%s.service", dist)), + }, + { + Source: fmt.Sprintf("%s.conf", dist), + Destination: path.Join("/etc", dist, fmt.Sprintf("%s.conf", dist)), + Type: "config|noreplace", + }, + } + if _, ok := DefaultConfigDists[dist]; ok { + nfpmContents = append(nfpmContents, config.NFPMContent{ + Source: "config.yaml", + Destination: path.Join("/etc", dist, "config.yaml"), + Type: "config", + }) + } + return config.NFPM{ + ID: dist, + Builds: []string{dist}, + Formats: []string{"deb", "rpm"}, + License: "Apache 2.0", + Description: fmt.Sprintf("NRDOT Collector - %s", dist), + Maintainer: "New Relic ", + Overrides: map[string]config.NFPMOverridables{ + "rpm": { + Dependencies: []string{"/bin/sh"}, + }, + }, + NFPMOverridables: config.NFPMOverridables{ + PackageName: dist, + FileNameTemplate: "{{ .PackageName }}_{{ .Version }}_{{ .Os }}_" + + "{{- if not (eq (filter .ConventionalFileName \"\\\\.rpm$\") \"\") }}" + + "{{- replace .Arch \"amd64\" \"x86_64\" }}" + + "{{- else }}" + + "{{- .Arch }}" + + "{{- end }}" + + "{{- with .Arm }}v{{ . }}{{- end }}" + + "{{- with .Mips }}_{{ . }}{{- end }}" + + "{{- if not (eq .Amd64 \"v1\") }}{{ .Amd64 }}{{- end }}", + Scripts: config.NFPMScripts{ + PreInstall: "preinstall.sh", + PostInstall: "postinstall.sh", + PreRemove: "preremove.sh", + }, + Contents: nfpmContents, + RPM: config.NFPMRPM{ + Signature: config.NFPMRPMSignature{ + KeyFile: "{{ .Env.GPG_KEY_PATH }}", + }, + }, + Deb: config.NFPMDeb{ + Signature: config.NFPMDebSignature{ + KeyFile: "{{ .Env.GPG_KEY_PATH }}", + }, + }, + }, + } +} + +func DockerImages(dist string, nightly bool) []config.Docker { + var r []config.Docker + for _, arch := range Architectures { + if dist == K8sDistro && K8sDockerSkipArchs[arch] { + continue + } + switch arch { + case ArmArch: + for _, vers := range ArmVersions(dist) { + r = append(r, DockerImage(dist, nightly, arch, vers)) + } + default: + r = append(r, DockerImage(dist, nightly, arch, "")) + } + } + return r +} + +// DockerImage configures goreleaser to build a container image. +// https://goreleaser.com/customization/docker/ +func DockerImage(dist string, nightly bool, arch string, armVersion string) config.Docker { + dockerArchName := archName(arch, armVersion) + imageTemplates := make([]string, 0) + + imagePrefixes := ImagePrefixes + prefixFormat := "%s/%s:{{ .Version }}-%s" + latestPrefixFormat := "%s/%s:latest-%s" + + if nightly { + imagePrefixes = NightlyImagePrefixes + prefixFormat = "%s/%s:{{ .Version }}-nightly-%s" + latestPrefixFormat = "%s/%s:nightly-%s" + } + + for _, prefix := range imagePrefixes { + dockerArchTag := strings.ReplaceAll(dockerArchName, "/", "") + imageTemplates = append( + imageTemplates, + fmt.Sprintf(prefixFormat, prefix, imageName(dist), dockerArchTag), + fmt.Sprintf(latestPrefixFormat, prefix, imageName(dist), dockerArchTag), + ) + } + + label := func(name, template string) string { + return fmt.Sprintf("--label=org.opencontainers.image.%s={{%s}}", name, template) + } + files := make([]string, 0) + if _, ok := DefaultConfigDists[dist]; ok { + files = append(files, "config.yaml") + } + return config.Docker{ + ImageTemplates: imageTemplates, + Dockerfile: "Dockerfile", + + Use: "buildx", + BuildFlagTemplates: []string{ + "--pull", + fmt.Sprintf("--platform=linux/%s", dockerArchName), + label("created", ".Date"), + label("name", ".ProjectName"), + label("revision", ".FullCommit"), + label("version", ".Version"), + label("source", ".GitURL"), + "--label=org.opencontainers.image.licenses=Apache-2.0", + }, + Files: files, + Goos: "linux", + Goarch: arch, + Goarm: armVersion, + } +} + +func DockerManifests(dist string, nightly bool) []config.DockerManifest { + r := make([]config.DockerManifest, 0) + + imagePrefixes := ImagePrefixes + + if nightly { + imagePrefixes = NightlyImagePrefixes + } + + for _, prefix := range imagePrefixes { + if nightly { + r = append(r, DockerManifest(prefix, "nightly", dist, nightly)) + } else { + r = append(r, DockerManifest(prefix, `{{ .Version }}`, dist, nightly)) + r = append(r, DockerManifest(prefix, "latest", dist, nightly)) + } + } + return r +} + +// DockerManifest configures goreleaser to build a multi-arch container image manifest. +// https://goreleaser.com/customization/docker_manifest/ +func DockerManifest(prefix, version, dist string, nightly bool) config.DockerManifest { + var imageTemplates []string + prefixFormat := "%s/%s:%s-%s" + + //if nightly { + // prefixFormat = "%s/%s:%s-nightly-%s" + //} + + for _, arch := range Architectures { + if dist == K8sDistro { + if _, ok := K8sDockerSkipArchs[arch]; ok { + continue + } + } + switch arch { + case ArmArch: + for _, armVers := range ArmVersions(dist) { + dockerArchTag := strings.ReplaceAll(archName(arch, armVers), "/", "") + imageTemplates = append( + imageTemplates, + fmt.Sprintf(prefixFormat, prefix, imageName(dist), version, dockerArchTag), + ) + } + default: + imageTemplates = append( + imageTemplates, + fmt.Sprintf(prefixFormat, prefix, imageName(dist), version, arch), + ) + } + } + + return config.DockerManifest{ + NameTemplate: fmt.Sprintf("%s/%s:%s", prefix, imageName(dist), version), + ImageTemplates: imageTemplates, + } +} + +// imageName translates a distribution name to a container image name. +func imageName(dist string) string { + return strings.Replace(dist, BinaryNamePrefix, ImageNamePrefix, 1) +} + +// archName translates architecture to docker platform names. +func archName(arch, armVersion string) string { + switch arch { + case ArmArch: + return fmt.Sprintf("%s/v%s", arch, armVersion) + default: + return arch + } +} + +func Sign() []config.Sign { + return []config.Sign{ + { + Artifacts: "all", + Signature: "${artifact}.sig", + Certificate: "${artifact}.pem", + Args: []string{ + "--batch", + "-u", + "{{ .Env.GPG_FINGERPRINT }}", + "--output", + "${signature}", + "--detach-sign", + "${artifact}", + }, + }, + } +} + +func DockerSigns() []config.Sign { + return []config.Sign{ + { + Artifacts: "all", + Args: []string{ + "sign", + "${artifact}", + }, + }, + } +} diff --git a/cmd/goreleaser/main.go b/cmd/goreleaser/main.go new file mode 100644 index 00000000..b0c0cc6c --- /dev/null +++ b/cmd/goreleaser/main.go @@ -0,0 +1,45 @@ +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package main + +import ( + "flag" + "log" + "os" + + "github.com/goreleaser/goreleaser/v2/pkg/config" + "gopkg.in/yaml.v3" + + "github.com/newrelic/opentelemetry-collector-releases/cmd/goreleaser/internal" +) + +var distFlag = flag.String("d", "", "Collector distributions to build") +var nightlyFlag = flag.Bool("n", false, "Whether we're building a nightly config") + +func main() { + flag.Parse() + + if len(*distFlag) == 0 { + log.Fatal("no distribution to build") + } + + var project config.Project + + project = internal.Generate(*distFlag, *nightlyFlag) + + e := yaml.NewEncoder(os.Stdout) + e.SetIndent(2) + if err := e.Encode(&project); err != nil { + log.Fatal(err) + } +} diff --git a/distributions/nr-otel-collector/.goreleaser-nightly.yaml b/distributions/nr-otel-collector/.goreleaser-nightly.yaml new file mode 100644 index 00000000..5447e4ec --- /dev/null +++ b/distributions/nr-otel-collector/.goreleaser-nightly.yaml @@ -0,0 +1,138 @@ +version: 2 +project_name: nrdot-collector-releases-nightly +builds: + - id: nr-otel-collector + goos: + - linux + - windows + goarch: + - amd64 + - arm64 + ignore: + - goos: windows + goarch: arm64 + dir: _build + binary: nr-otel-collector + ldflags: + - -s + - -w + flags: + - -trimpath + env: + - CGO_ENABLED=0 +archives: + - id: nr-otel-collector + builds: + - nr-otel-collector + name_template: '{{ .Binary }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}{{ if .Mips }}_{{ .Mips }}{{ end }}' + format_overrides: + - goos: windows + formats: + - zip +nfpms: + - file_name_template: '{{ .PackageName }}_{{ .Version }}_{{ .Os }}_{{- if not (eq (filter .ConventionalFileName "\\.rpm$") "") }}{{- replace .Arch "amd64" "x86_64" }}{{- else }}{{- .Arch }}{{- end }}{{- with .Arm }}v{{ . }}{{- end }}{{- with .Mips }}_{{ . }}{{- end }}{{- if not (eq .Amd64 "v1") }}{{ .Amd64 }}{{- end }}' + package_name: nr-otel-collector + contents: + - src: nr-otel-collector.service + dst: /lib/systemd/system/nr-otel-collector.service + - src: nr-otel-collector.conf + dst: /etc/nr-otel-collector/nr-otel-collector.conf + type: config|noreplace + - src: config.yaml + dst: /etc/nr-otel-collector/config.yaml + type: config + scripts: + preinstall: preinstall.sh + postinstall: postinstall.sh + preremove: preremove.sh + rpm: + signature: + key_file: '{{ .Env.GPG_KEY_PATH }}' + deb: + signature: + key_file: '{{ .Env.GPG_KEY_PATH }}' + overrides: + rpm: + dependencies: + - /bin/sh + id: nr-otel-collector + builds: + - nr-otel-collector + formats: + - deb + - rpm + maintainer: New Relic + description: NRDOT Collector - nr-otel-collector + license: Apache 2.0 +snapshot: + version_template: '{{ incpatch .Version }}-SNAPSHOT-{{.ShortCommit}}' +checksum: + name_template: '{{ .ArtifactName }}.sum' + algorithm: sha256 + split: true +dockers: + - goos: linux + goarch: amd64 + dockerfile: Dockerfile + image_templates: + - '{{ .Env.REGISTRY }}/nr-otel-collector:{{ .Version }}-nightly-amd64' + - '{{ .Env.REGISTRY }}/nr-otel-collector:nightly-amd64' + extra_files: + - config.yaml + build_flag_templates: + - --pull + - --platform=linux/amd64 + - --label=org.opencontainers.image.created={{.Date}} + - --label=org.opencontainers.image.name={{.ProjectName}} + - --label=org.opencontainers.image.revision={{.FullCommit}} + - --label=org.opencontainers.image.version={{.Version}} + - --label=org.opencontainers.image.source={{.GitURL}} + - --label=org.opencontainers.image.licenses=Apache-2.0 + use: buildx + - goos: linux + goarch: arm64 + dockerfile: Dockerfile + image_templates: + - '{{ .Env.REGISTRY }}/nr-otel-collector:{{ .Version }}-nightly-arm64' + - '{{ .Env.REGISTRY }}/nr-otel-collector:nightly-arm64' + extra_files: + - config.yaml + build_flag_templates: + - --pull + - --platform=linux/arm64 + - --label=org.opencontainers.image.created={{.Date}} + - --label=org.opencontainers.image.name={{.ProjectName}} + - --label=org.opencontainers.image.revision={{.FullCommit}} + - --label=org.opencontainers.image.version={{.Version}} + - --label=org.opencontainers.image.source={{.GitURL}} + - --label=org.opencontainers.image.licenses=Apache-2.0 + use: buildx +docker_manifests: + - name_template: '{{ .Env.REGISTRY }}/nr-otel-collector:nightly' + image_templates: + - '{{ .Env.REGISTRY }}/nr-otel-collector:nightly-amd64' + - '{{ .Env.REGISTRY }}/nr-otel-collector:nightly-arm64' +blobs: + - bucket: nr-releases + provider: s3 + region: us-east-1 + directory: nrdot-collector-releases/nr-otel-collector/nightly +changelog: + disable: "true" +signs: + - args: + - --batch + - -u + - '{{ .Env.GPG_FINGERPRINT }}' + - --output + - ${signature} + - --detach-sign + - ${artifact} + signature: ${artifact}.sig + artifacts: all + certificate: ${artifact}.pem +docker_signs: + - args: + - sign + - ${artifact} + artifacts: all diff --git a/distributions/nr-otel-collector/.goreleaser.yaml b/distributions/nr-otel-collector/.goreleaser.yaml new file mode 100644 index 00000000..18afda72 --- /dev/null +++ b/distributions/nr-otel-collector/.goreleaser.yaml @@ -0,0 +1,142 @@ +version: 2 +project_name: nrdot-collector-releases +builds: + - id: nr-otel-collector + goos: + - linux + - windows + goarch: + - amd64 + - arm64 + ignore: + - goos: windows + goarch: arm64 + dir: _build + binary: nr-otel-collector + ldflags: + - -s + - -w + flags: + - -trimpath + env: + - CGO_ENABLED=0 +archives: + - id: nr-otel-collector + builds: + - nr-otel-collector + name_template: '{{ .Binary }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}{{ if .Mips }}_{{ .Mips }}{{ end }}' + format_overrides: + - goos: windows + formats: + - zip +nfpms: + - file_name_template: '{{ .PackageName }}_{{ .Version }}_{{ .Os }}_{{- if not (eq (filter .ConventionalFileName "\\.rpm$") "") }}{{- replace .Arch "amd64" "x86_64" }}{{- else }}{{- .Arch }}{{- end }}{{- with .Arm }}v{{ . }}{{- end }}{{- with .Mips }}_{{ . }}{{- end }}{{- if not (eq .Amd64 "v1") }}{{ .Amd64 }}{{- end }}' + package_name: nr-otel-collector + contents: + - src: nr-otel-collector.service + dst: /lib/systemd/system/nr-otel-collector.service + - src: nr-otel-collector.conf + dst: /etc/nr-otel-collector/nr-otel-collector.conf + type: config|noreplace + - src: config.yaml + dst: /etc/nr-otel-collector/config.yaml + type: config + scripts: + preinstall: preinstall.sh + postinstall: postinstall.sh + preremove: preremove.sh + rpm: + signature: + key_file: '{{ .Env.GPG_KEY_PATH }}' + deb: + signature: + key_file: '{{ .Env.GPG_KEY_PATH }}' + overrides: + rpm: + dependencies: + - /bin/sh + id: nr-otel-collector + builds: + - nr-otel-collector + formats: + - deb + - rpm + maintainer: New Relic + description: NRDOT Collector - nr-otel-collector + license: Apache 2.0 +snapshot: + version_template: '{{ incpatch .Version }}-SNAPSHOT-{{.ShortCommit}}' +checksum: + name_template: '{{ .ArtifactName }}.sum' + algorithm: sha256 + split: true +dockers: + - goos: linux + goarch: amd64 + dockerfile: Dockerfile + image_templates: + - newrelic/nr-otel-collector:{{ .Version }}-amd64 + - newrelic/nr-otel-collector:latest-amd64 + extra_files: + - config.yaml + build_flag_templates: + - --pull + - --platform=linux/amd64 + - --label=org.opencontainers.image.created={{.Date}} + - --label=org.opencontainers.image.name={{.ProjectName}} + - --label=org.opencontainers.image.revision={{.FullCommit}} + - --label=org.opencontainers.image.version={{.Version}} + - --label=org.opencontainers.image.source={{.GitURL}} + - --label=org.opencontainers.image.licenses=Apache-2.0 + use: buildx + - goos: linux + goarch: arm64 + dockerfile: Dockerfile + image_templates: + - newrelic/nr-otel-collector:{{ .Version }}-arm64 + - newrelic/nr-otel-collector:latest-arm64 + extra_files: + - config.yaml + build_flag_templates: + - --pull + - --platform=linux/arm64 + - --label=org.opencontainers.image.created={{.Date}} + - --label=org.opencontainers.image.name={{.ProjectName}} + - --label=org.opencontainers.image.revision={{.FullCommit}} + - --label=org.opencontainers.image.version={{.Version}} + - --label=org.opencontainers.image.source={{.GitURL}} + - --label=org.opencontainers.image.licenses=Apache-2.0 + use: buildx +docker_manifests: + - name_template: newrelic/nr-otel-collector:{{ .Version }} + image_templates: + - newrelic/nr-otel-collector:{{ .Version }}-amd64 + - newrelic/nr-otel-collector:{{ .Version }}-arm64 + - name_template: newrelic/nr-otel-collector:latest + image_templates: + - newrelic/nr-otel-collector:latest-amd64 + - newrelic/nr-otel-collector:latest-arm64 +blobs: + - bucket: nr-releases + provider: s3 + region: us-east-1 + directory: nrdot-collector-releases/nr-otel-collector/{{ .Version }} +changelog: + disable: "true" +signs: + - args: + - --batch + - -u + - '{{ .Env.GPG_FINGERPRINT }}' + - --output + - ${signature} + - --detach-sign + - ${artifact} + signature: ${artifact}.sig + artifacts: all + certificate: ${artifact}.pem +docker_signs: + - args: + - sign + - ${artifact} + artifacts: all diff --git a/distributions/nr-otel-collector/Dockerfile b/distributions/nr-otel-collector/Dockerfile index 60ef7142..c555ba3d 100644 --- a/distributions/nr-otel-collector/Dockerfile +++ b/distributions/nr-otel-collector/Dockerfile @@ -10,7 +10,7 @@ USER ${USER_UID} COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt COPY --chmod=755 nr-otel-collector /nr-otel-collector -COPY configs/nr-otel-collector-agent-linux.yaml /etc/nr-otel-collector/config.yaml +COPY config.yaml /etc/nr-otel-collector/config.yaml ENTRYPOINT ["/nr-otel-collector"] CMD ["--config", "/etc/nr-otel-collector/config.yaml", "--feature-gates=-pkg.translator.prometheus.NormalizeName"] EXPOSE 4317 55678 55679 diff --git a/distributions/nr-otel-collector/config.yaml b/distributions/nr-otel-collector/config.yaml new file mode 100644 index 00000000..3d5ab7d3 --- /dev/null +++ b/distributions/nr-otel-collector/config.yaml @@ -0,0 +1,251 @@ +# The following environment variables require manual modification: +# - NEW_RELIC_LICENSE_KEY: New Relic ingest key. + +# If the collector is not installed through a package manager, the following +# environment variables need to be set: +# - NEW_RELIC_MEMORY_LIMIT_MIB: Maximum amount of memory to be used. (default: 100) +# - OTEL_EXPORTER_OTLP_ENDPOINT: New Relic OTLP endpoint to export metrics to (see: https://docs.newrelic.com/docs/opentelemetry/best-practices/opentelemetry-otlp/) + +# Keep host monitoring configuration in sync with: https://github.com/newrelic/newrelic-opentelemetry-examples/blob/main/other-examples/collector/host-monitoring/k8s/collector.yaml +extensions: + health_check: + +receivers: + otlp: + protocols: + grpc: + http: + + hostmetrics: + # Default collection interval is 60s. Lower if you need finer granularity. + collection_interval: 60s + scrapers: + cpu: + metrics: + system.cpu.time: + enabled: false + system.cpu.utilization: + enabled: true + load: + memory: + metrics: + system.memory.utilization: + enabled: true + paging: + metrics: + system.paging.utilization: + enabled: false + system.paging.faults: + enabled: false + filesystem: + metrics: + system.filesystem.utilization: + enabled: true + disk: + metrics: + system.disk.merged: + enabled: false + system.disk.pending_operations: + enabled: false + system.disk.weighted_io_time: + enabled: false + network: + metrics: + system.network.connections: + enabled: false + # Uncomment to enable process metrics, which can be noisy but valuable. + # processes: + # process: + # metrics: + # process.cpu.utilization: + # enabled: true + # process.cpu.time: + # enabled: false + + filelog: + include: + - /var/log/alternatives.log + - /var/log/cloud-init.log + - /var/log/auth.log + - /var/log/dpkg.log + - /var/log/syslog + - /var/log/messages + - /var/log/secure + - /var/log/yum.log + +processors: + # group system.cpu metrics by cpu + metricstransform: + transforms: + - include: system.cpu.utilization + action: update + operations: + - action: aggregate_labels + label_set: [ state ] + aggregation_type: mean + - include: system.paging.operations + action: update + operations: + - action: aggregate_labels + label_set: [ direction ] + aggregation_type: sum + # remove system.cpu metrics for states + filter/exclude_cpu_utilization: + metrics: + datapoint: + - 'metric.name == "system.cpu.utilization" and attributes["state"] == "interrupt"' + - 'metric.name == "system.cpu.utilization" and attributes["state"] == "nice"' + - 'metric.name == "system.cpu.utilization" and attributes["state"] == "softirq"' + filter/exclude_memory_utilization: + metrics: + datapoint: + - 'metric.name == "system.memory.utilization" and attributes["state"] == "slab_unreclaimable"' + - 'metric.name == "system.memory.utilization" and attributes["state"] == "inactive"' + - 'metric.name == "system.memory.utilization" and attributes["state"] == "cached"' + - 'metric.name == "system.memory.utilization" and attributes["state"] == "buffered"' + - 'metric.name == "system.memory.utilization" and attributes["state"] == "slab_reclaimable"' + filter/exclude_memory_usage: + metrics: + datapoint: + - 'metric.name == "system.memory.usage" and attributes["state"] == "slab_unreclaimable"' + - 'metric.name == "system.memory.usage" and attributes["state"] == "inactive"' + filter/exclude_filesystem_utilization: + metrics: + datapoint: + - 'metric.name == "system.filesystem.utilization" and attributes["type"] == "squashfs"' + filter/exclude_filesystem_usage: + metrics: + datapoint: + - 'metric.name == "system.filesystem.usage" and attributes["type"] == "squashfs"' + - 'metric.name == "system.filesystem.usage" and attributes["state"] == "reserved"' + filter/exclude_filesystem_inodes_usage: + metrics: + datapoint: + - 'metric.name == "system.filesystem.inodes.usage" and attributes["type"] == "squashfs"' + - 'metric.name == "system.filesystem.inodes.usage" and attributes["state"] == "reserved"' + filter/exclude_system_disk: + metrics: + datapoint: + - 'metric.name == "system.disk.operations" and IsMatch(attributes["device"], "^loop.*") == true' + - 'metric.name == "system.disk.merged" and IsMatch(attributes["device"], "^loop.*") == true' + - 'metric.name == "system.disk.io" and IsMatch(attributes["device"], "^loop.*") == true' + - 'metric.name == "system.disk.io_time" and IsMatch(attributes["device"], "^loop.*") == true' + - 'metric.name == "system.disk.operation_time" and IsMatch(attributes["device"], "^loop.*") == true' + filter/exclude_system_paging: + metrics: + datapoint: + - 'metric.name == "system.paging.usage" and attributes["state"] == "cached"' + - 'metric.name == "system.paging.operations" and attributes["type"] == "cached"' + filter/exclude_network: + metrics: + datapoint: + - 'IsMatch(metric.name, "^system.network.*") == true and attributes["device"] == "lo"' + + attributes/exclude_system_paging: + include: + match_type: strict + metric_names: + - system.paging.operations + actions: + - key: type + action: delete + + cumulativetodelta: + + transform/host: + metric_statements: + - context: metric + statements: + - set(description, "") + - set(unit, "") + + transform: + trace_statements: + - context: span + statements: + - truncate_all(attributes, 4095) + - truncate_all(resource.attributes, 4095) + log_statements: + - context: log + statements: + - truncate_all(attributes, 4095) + - truncate_all(resource.attributes, 4095) + + # used to prevent out of memory situations on the collector + memory_limiter: + check_interval: 1s + limit_mib: ${NEW_RELIC_MEMORY_LIMIT_MIB} + + batch: + + resourcedetection: + detectors: ["system"] + system: + hostname_sources: ["os"] + resource_attributes: + host.id: + enabled: true + + resourcedetection/cloud: + detectors: ["gcp", "ec2", "azure"] + timeout: 2s + ec2: + resource_attributes: + host.name: + enabled: false + + # Gives OTEL_RESOURCE_ATTRIBUTES precedence over other sources. + # host.id is set from env whenever the collector is orchestrated by NR Agents. + resourcedetection/env: + detectors: ["env"] + timeout: 2s + override: true + +exporters: + debug: + otlphttp: + endpoint: ${OTEL_EXPORTER_OTLP_ENDPOINT} + headers: + api-key: ${NEW_RELIC_LICENSE_KEY} + +service: + pipelines: + metrics/host: + receivers: [hostmetrics] + processors: + - memory_limiter + - metricstransform + - filter/exclude_cpu_utilization + - filter/exclude_memory_utilization + - filter/exclude_memory_usage + - filter/exclude_filesystem_utilization + - filter/exclude_filesystem_usage + - filter/exclude_filesystem_inodes_usage + - filter/exclude_system_disk + - filter/exclude_network + - attributes/exclude_system_paging + - transform/host + - resourcedetection + - resourcedetection/cloud + - resourcedetection/env + - cumulativetodelta + - batch + exporters: [debug, otlphttp] + logs/host: + receivers: [filelog] + processors: [transform, resourcedetection, resourcedetection/cloud, resourcedetection/env, batch] + exporters: [debug, otlphttp] + traces: + receivers: [otlp] + processors: [transform, resourcedetection, resourcedetection/cloud, resourcedetection/env, batch] + exporters: [debug, otlphttp] + metrics: + receivers: [otlp] + processors: [transform, resourcedetection, resourcedetection/cloud, resourcedetection/env, batch] + exporters: [debug, otlphttp] + logs: + receivers: [otlp] + processors: [transform, resourcedetection, resourcedetection/cloud, resourcedetection/env, batch] + exporters: [debug, otlphttp] + + extensions: [health_check] diff --git a/distributions/nr-otel-collector/manifest.yaml b/distributions/nr-otel-collector/manifest.yaml index df1c6e60..0b5242cc 100644 --- a/distributions/nr-otel-collector/manifest.yaml +++ b/distributions/nr-otel-collector/manifest.yaml @@ -4,42 +4,41 @@ dist: description: New Relic OpenTelemetry Collector version: 0.8.10 output_path: ./_build - otelcol_version: 0.112.0 extensions: - - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/extension/healthcheckextension v0.112.0 - - gomod: go.opentelemetry.io/collector/extension/zpagesextension v0.112.0 + - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/extension/healthcheckextension v0.118.0 + - gomod: go.opentelemetry.io/collector/extension/zpagesextension v0.118.0 exporters: - - gomod: go.opentelemetry.io/collector/exporter/otlpexporter v0.112.0 - - gomod: go.opentelemetry.io/collector/exporter/otlphttpexporter v0.112.0 - - gomod: go.opentelemetry.io/collector/exporter/debugexporter v0.112.0 - - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/exporter/prometheusremotewriteexporter v0.112.0 + - gomod: go.opentelemetry.io/collector/exporter/otlpexporter v0.118.0 + - gomod: go.opentelemetry.io/collector/exporter/otlphttpexporter v0.118.0 + - gomod: go.opentelemetry.io/collector/exporter/debugexporter v0.118.0 + - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/exporter/prometheusremotewriteexporter v0.118.0 processors: - - gomod: go.opentelemetry.io/collector/processor/batchprocessor v0.112.0 - - gomod: go.opentelemetry.io/collector/processor/memorylimiterprocessor v0.112.0 - - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/processor/attributesprocessor v0.112.0 - - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/processor/cumulativetodeltaprocessor v0.112.0 - - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/processor/filterprocessor v0.112.0 - - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/processor/groupbyattrsprocessor v0.112.0 - - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/processor/metricstransformprocessor v0.112.0 - - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/processor/resourcedetectionprocessor v0.112.0 - - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/processor/resourceprocessor v0.112.0 - - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/processor/transformprocessor v0.112.0 - - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/processor/k8sattributesprocessor v0.112.0 + - gomod: go.opentelemetry.io/collector/processor/batchprocessor v0.118.0 + - gomod: go.opentelemetry.io/collector/processor/memorylimiterprocessor v0.118.0 + - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/processor/attributesprocessor v0.118.0 + - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/processor/cumulativetodeltaprocessor v0.118.0 + - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/processor/filterprocessor v0.118.0 + - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/processor/groupbyattrsprocessor v0.118.0 + - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/processor/metricstransformprocessor v0.118.0 + - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/processor/resourcedetectionprocessor v0.118.0 + - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/processor/resourceprocessor v0.118.0 + - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/processor/transformprocessor v0.118.0 + - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/processor/k8sattributesprocessor v0.118.0 receivers: - - gomod: go.opentelemetry.io/collector/receiver/otlpreceiver v0.112.0 - - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/receiver/dockerstatsreceiver v0.112.0 - - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/receiver/filelogreceiver v0.112.0 - - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/receiver/hostmetricsreceiver v0.112.0 - - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/receiver/prometheusreceiver v0.112.0 - - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/receiver/statsdreceiver v0.112.0 - - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/receiver/redisreceiver v0.112.0 - - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/receiver/kubeletstatsreceiver v0.112.0 - - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/receiver/k8seventsreceiver v0.112.0 - - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/receiver/k8sclusterreceiver v0.112.0 + - gomod: go.opentelemetry.io/collector/receiver/otlpreceiver v0.118.0 + - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/receiver/dockerstatsreceiver v0.118.0 + - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/receiver/filelogreceiver v0.118.0 + - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/receiver/hostmetricsreceiver v0.118.0 + - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/receiver/prometheusreceiver v0.118.0 + - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/receiver/statsdreceiver v0.118.0 + - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/receiver/redisreceiver v0.118.0 + - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/receiver/kubeletstatsreceiver v0.118.0 + - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/receiver/k8seventsreceiver v0.118.0 + - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/receiver/k8sclusterreceiver v0.118.0 providers: - gomod: go.opentelemetry.io/collector/confmap/provider/envprovider v1.18.0 diff --git a/distributions/nr-otel-collector/upload-schema-linux-deb.yml b/distributions/nr-otel-collector/upload-schema-linux-deb.yml deleted file mode 100644 index 9b21e040..00000000 --- a/distributions/nr-otel-collector/upload-schema-linux-deb.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -- src: "nr-otel-collector_{version}_linux_{arch}.deb" - arch: - - amd64 - - arm64 - uploads: - - type: apt - src_repo: "{access_point_host}/infrastructure_agent/linux/apt" - dest: "{dest_prefix}linux/apt/" - os_version: - - noble - - jammy - - focal - - bionic - - xenial - - bullseye - - bookworm - -######################### - # UPLOAD CHECKSUMS # -######################### - -- src: "nr-otel-collector_{version}_linux_{arch}.deb.sum" - arch: - - amd64 - - arm64 - uploads: - - type: file - dest: "{dest_prefix}linux/apt/pool/main/n/nr-otel-collector/{src}" diff --git a/distributions/nr-otel-collector/upload-schema-linux-rpm.yml b/distributions/nr-otel-collector/upload-schema-linux-rpm.yml deleted file mode 100644 index f0181969..00000000 --- a/distributions/nr-otel-collector/upload-schema-linux-rpm.yml +++ /dev/null @@ -1,112 +0,0 @@ ---- -- src: "nr-otel-collector_{version}_linux_{arch}.rpm" - arch: - - x86_64 - - arm64 - uploads: - - type: yum - dest: "{dest_prefix}linux/yum/el/{os_version}/{arch}/" - os_version: - - 7 - - 8 - - 9 - -- src: "nr-otel-collector_{version}_linux_{arch}.rpm" - arch: - - x86_64 - - arm64 - uploads: - - type: zypp - dest: "{dest_prefix}linux/zypp/sles/{os_version}/{arch}/" - os_version: - - 12.4 - - 12.5 - - 15.1 - - 15.2 - - 15.3 - - 15.4 - -- src: "nr-otel-collector_{version}_linux_{arch}.rpm" - arch: - - x86_64 - - arm64 - uploads: - - type: yum - dest: "{dest_prefix}linux/yum/amazonlinux/{os_version}/{arch}/" - os_version: - - 2 - - 2023 - -######################### - # UPLOAD CHECKSUMS # -######################### - -- src: "nr-otel-collector_{version}_linux_{arch}.rpm.sum" - arch: - - x86_64 - uploads: - - type: file - dest: "{dest_prefix}linux/yum/el/{os_version}/{arch}/{src}" - os_version: - - 7 - - 8 - - 9 - -- src: "nr-otel-collector_{version}_linux_{arch}.rpm.sum" - arch: - - arm64 - uploads: - - type: file - dest: "{dest_prefix}linux/yum/el/{os_version}/aarch64/{src}" - os_version: - - 7 - - 8 - - 9 - -- src: "nr-otel-collector_{version}_linux_{arch}.rpm.sum" - arch: - - x86_64 - uploads: - - type: file - dest: "{dest_prefix}linux/zypp/sles/{os_version}/{arch}/{src}" - os_version: - - 12.4 - - 12.5 - - 15.1 - - 15.2 - - 15.3 - - 15.4 - -- src: "nr-otel-collector_{version}_linux_{arch}.rpm.sum" - arch: - - arm64 - uploads: - - type: file - dest: "{dest_prefix}linux/zypp/sles/{os_version}/aarch64/{src}" - os_version: - - 12.4 - - 12.5 - - 15.1 - - 15.2 - - 15.3 - - 15.4 - -- src: "nr-otel-collector_{version}_linux_{arch}.rpm.sum" - arch: - - x86_64 - uploads: - - type: file - dest: "{dest_prefix}linux/yum/amazonlinux/{os_version}/{arch}/{src}" - os_version: - - 2 - - 2023 - -- src: "nr-otel-collector_{version}_linux_{arch}.rpm.sum" - arch: - - arm64 - uploads: - - type: file - dest: "{dest_prefix}linux/yum/amazonlinux/{os_version}/aarch64/{src}" - os_version: - - 2 - - 2023 diff --git a/distributions/nr-otel-collector/upload-schema-linux-targz.yml b/distributions/nr-otel-collector/upload-schema-linux-targz.yml deleted file mode 100644 index 16dcc652..00000000 --- a/distributions/nr-otel-collector/upload-schema-linux-targz.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -- src: "nr-otel-collector_{version}_linux_{arch}.tar.gz" - uploads: - - type: file - dest: "{dest_prefix}binaries/linux/{arch}/{src}" - arch: - - amd64 - - arm64 - - -######################### - # UPLOAD CHECKSUMS # -######################### - -- src: "nr-otel-collector_{version}_linux_{arch}.tar.gz.sum" - uploads: - - type: file - dest: "{dest_prefix}binaries/linux/{arch}/{src}" - arch: - - amd64 - - arm64 diff --git a/distributions/nr-otel-collector/upload-schema-windows-zip.yml b/distributions/nr-otel-collector/upload-schema-windows-zip.yml deleted file mode 100644 index 2017a72a..00000000 --- a/distributions/nr-otel-collector/upload-schema-windows-zip.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -- src: "nr-otel-collector_{version}_windows_amd64.zip" - uploads: - - type: file - dest: "{dest_prefix}binaries/windows/amd64/{src}" - -######################### - # UPLOAD CHECKSUMS # -######################### - -- src: "nr-otel-collector_{version}_windows_amd64.zip.sum" - uploads: - - type: file - dest: "{dest_prefix}binaries/windows/amd64/{src}" diff --git a/distributions/nrdot-collector-k8s/.goreleaser-nightly.yaml b/distributions/nrdot-collector-k8s/.goreleaser-nightly.yaml new file mode 100644 index 00000000..ab1e4c64 --- /dev/null +++ b/distributions/nrdot-collector-k8s/.goreleaser-nightly.yaml @@ -0,0 +1,90 @@ +version: 2 +project_name: nrdot-collector-releases-nightly +builds: + - id: nrdot-collector-k8s + goos: + - linux + goarch: + - amd64 + - arm64 + dir: _build + binary: nrdot-collector-k8s + ldflags: + - -s + - -w + flags: + - -trimpath + env: + - CGO_ENABLED=0 +archives: + - id: nrdot-collector-k8s + builds: + - nrdot-collector-k8s + name_template: '{{ .Binary }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}{{ if .Mips }}_{{ .Mips }}{{ end }}' + format_overrides: + - goos: windows + formats: + - zip +snapshot: + version_template: '{{ incpatch .Version }}-SNAPSHOT-{{.ShortCommit}}' +checksum: + name_template: '{{ .ArtifactName }}.sum' + algorithm: sha256 + split: true +dockers: + - goos: linux + goarch: amd64 + dockerfile: Dockerfile + image_templates: + - '{{ .Env.REGISTRY }}/nrdot-collector-k8s:{{ .Version }}-nightly-amd64' + - '{{ .Env.REGISTRY }}/nrdot-collector-k8s:nightly-amd64' + build_flag_templates: + - --pull + - --platform=linux/amd64 + - --label=org.opencontainers.image.created={{.Date}} + - --label=org.opencontainers.image.name={{.ProjectName}} + - --label=org.opencontainers.image.revision={{.FullCommit}} + - --label=org.opencontainers.image.version={{.Version}} + - --label=org.opencontainers.image.source={{.GitURL}} + - --label=org.opencontainers.image.licenses=Apache-2.0 + use: buildx + - goos: linux + goarch: arm64 + dockerfile: Dockerfile + image_templates: + - '{{ .Env.REGISTRY }}/nrdot-collector-k8s:{{ .Version }}-nightly-arm64' + - '{{ .Env.REGISTRY }}/nrdot-collector-k8s:nightly-arm64' + build_flag_templates: + - --pull + - --platform=linux/arm64 + - --label=org.opencontainers.image.created={{.Date}} + - --label=org.opencontainers.image.name={{.ProjectName}} + - --label=org.opencontainers.image.revision={{.FullCommit}} + - --label=org.opencontainers.image.version={{.Version}} + - --label=org.opencontainers.image.source={{.GitURL}} + - --label=org.opencontainers.image.licenses=Apache-2.0 + use: buildx +docker_manifests: + - name_template: '{{ .Env.REGISTRY }}/nrdot-collector-k8s:nightly' + image_templates: + - '{{ .Env.REGISTRY }}/nrdot-collector-k8s:nightly-amd64' + - '{{ .Env.REGISTRY }}/nrdot-collector-k8s:nightly-arm64' +changelog: + disable: "true" +signs: + - args: + - --batch + - -u + - '{{ .Env.GPG_FINGERPRINT }}' + - --output + - ${signature} + - --detach-sign + - ${artifact} + signature: ${artifact}.sig + artifacts: all + certificate: ${artifact}.pem +docker_signs: + - args: + - sign + - ${artifact} + artifacts: all diff --git a/distributions/nrdot-collector-k8s/.goreleaser.yaml b/distributions/nrdot-collector-k8s/.goreleaser.yaml new file mode 100644 index 00000000..f04af0ff --- /dev/null +++ b/distributions/nrdot-collector-k8s/.goreleaser.yaml @@ -0,0 +1,94 @@ +version: 2 +project_name: nrdot-collector-releases +builds: + - id: nrdot-collector-k8s + goos: + - linux + goarch: + - amd64 + - arm64 + dir: _build + binary: nrdot-collector-k8s + ldflags: + - -s + - -w + flags: + - -trimpath + env: + - CGO_ENABLED=0 +archives: + - id: nrdot-collector-k8s + builds: + - nrdot-collector-k8s + name_template: '{{ .Binary }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}{{ if .Mips }}_{{ .Mips }}{{ end }}' + format_overrides: + - goos: windows + formats: + - zip +snapshot: + version_template: '{{ incpatch .Version }}-SNAPSHOT-{{.ShortCommit}}' +checksum: + name_template: '{{ .ArtifactName }}.sum' + algorithm: sha256 + split: true +dockers: + - goos: linux + goarch: amd64 + dockerfile: Dockerfile + image_templates: + - newrelic/nrdot-collector-k8s:{{ .Version }}-amd64 + - newrelic/nrdot-collector-k8s:latest-amd64 + build_flag_templates: + - --pull + - --platform=linux/amd64 + - --label=org.opencontainers.image.created={{.Date}} + - --label=org.opencontainers.image.name={{.ProjectName}} + - --label=org.opencontainers.image.revision={{.FullCommit}} + - --label=org.opencontainers.image.version={{.Version}} + - --label=org.opencontainers.image.source={{.GitURL}} + - --label=org.opencontainers.image.licenses=Apache-2.0 + use: buildx + - goos: linux + goarch: arm64 + dockerfile: Dockerfile + image_templates: + - newrelic/nrdot-collector-k8s:{{ .Version }}-arm64 + - newrelic/nrdot-collector-k8s:latest-arm64 + build_flag_templates: + - --pull + - --platform=linux/arm64 + - --label=org.opencontainers.image.created={{.Date}} + - --label=org.opencontainers.image.name={{.ProjectName}} + - --label=org.opencontainers.image.revision={{.FullCommit}} + - --label=org.opencontainers.image.version={{.Version}} + - --label=org.opencontainers.image.source={{.GitURL}} + - --label=org.opencontainers.image.licenses=Apache-2.0 + use: buildx +docker_manifests: + - name_template: newrelic/nrdot-collector-k8s:{{ .Version }} + image_templates: + - newrelic/nrdot-collector-k8s:{{ .Version }}-amd64 + - newrelic/nrdot-collector-k8s:{{ .Version }}-arm64 + - name_template: newrelic/nrdot-collector-k8s:latest + image_templates: + - newrelic/nrdot-collector-k8s:latest-amd64 + - newrelic/nrdot-collector-k8s:latest-arm64 +changelog: + disable: "true" +signs: + - args: + - --batch + - -u + - '{{ .Env.GPG_FINGERPRINT }}' + - --output + - ${signature} + - --detach-sign + - ${artifact} + signature: ${artifact}.sig + artifacts: all + certificate: ${artifact}.pem +docker_signs: + - args: + - sign + - ${artifact} + artifacts: all diff --git a/distributions/nrdot-collector-k8s/Dockerfile b/distributions/nrdot-collector-k8s/Dockerfile new file mode 100644 index 00000000..4d840cf6 --- /dev/null +++ b/distributions/nrdot-collector-k8s/Dockerfile @@ -0,0 +1,17 @@ +FROM alpine:3.21 as certs +RUN apk --update add ca-certificates + +FROM scratch + +ARG USER_UID=10001 +USER ${USER_UID} + +COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt +COPY --chmod=755 nrdot-collector-k8s /nrdot-collector-k8s +ENTRYPOINT ["/nrdot-collector-k8s"] +# `4137` and `4318`: OTLP +# `55678`: OpenCensus +# `55679`: zpages +# `6831`, `14268`, and `14250`: Jaeger +# `9411`: Zipkin +EXPOSE 4317 4318 55678 55679 6831 14268 14250 9411 \ No newline at end of file diff --git a/distributions/nrdot-collector-k8s/THIRD_PARTY_NOTICES.md b/distributions/nrdot-collector-k8s/THIRD_PARTY_NOTICES.md new file mode 100644 index 00000000..93e8cfd5 --- /dev/null +++ b/distributions/nrdot-collector-k8s/THIRD_PARTY_NOTICES.md @@ -0,0 +1,295 @@ +# Third Party Notices + +The New Relic infrastructure agent uses source code from third party libraries which carry their own copyright notices +and license terms. These notices are provided below. + +In the event that a required notice is missing or incorrect, please notify us by e-mailing +[open-source@newrelic.com](mailto:open-source@newrelic.com). + +For any licenses that require the disclosure of source code, the source code +can be found at https://github.com/newrelic/opentelemetry-collector-releases. + + + + +## [github.com/open-telemetry/opentelemetry-collector-contrib/extension/healthcheckextension](https://github.com/open-telemetry/opentelemetry-collector-contrib) + +Distributed under the following license(s): + +* Apache-2.0 + + + +## [github.com/open-telemetry/opentelemetry-collector-contrib/processor/attributesprocessor](https://github.com/open-telemetry/opentelemetry-collector-contrib) + +Distributed under the following license(s): + +* Apache-2.0 + + + +## [github.com/open-telemetry/opentelemetry-collector-contrib/processor/cumulativetodeltaprocessor](https://github.com/open-telemetry/opentelemetry-collector-contrib) + +Distributed under the following license(s): + +* Apache-2.0 + + + +## [github.com/open-telemetry/opentelemetry-collector-contrib/processor/filterprocessor](https://github.com/open-telemetry/opentelemetry-collector-contrib) + +Distributed under the following license(s): + +* Apache-2.0 + + + +## [github.com/open-telemetry/opentelemetry-collector-contrib/processor/groupbyattrsprocessor](https://github.com/open-telemetry/opentelemetry-collector-contrib) + +Distributed under the following license(s): + +* Apache-2.0 + + + +## [github.com/open-telemetry/opentelemetry-collector-contrib/processor/k8sattributesprocessor](https://github.com/open-telemetry/opentelemetry-collector-contrib) + +Distributed under the following license(s): + +* Apache-2.0 + + + +## [github.com/open-telemetry/opentelemetry-collector-contrib/processor/metricstransformprocessor](https://github.com/open-telemetry/opentelemetry-collector-contrib) + +Distributed under the following license(s): + +* Apache-2.0 + + + +## [github.com/open-telemetry/opentelemetry-collector-contrib/processor/resourcedetectionprocessor](https://github.com/open-telemetry/opentelemetry-collector-contrib) + +Distributed under the following license(s): + +* Apache-2.0 + + + +## [github.com/open-telemetry/opentelemetry-collector-contrib/processor/resourceprocessor](https://github.com/open-telemetry/opentelemetry-collector-contrib) + +Distributed under the following license(s): + +* Apache-2.0 + + + +## [github.com/open-telemetry/opentelemetry-collector-contrib/processor/transformprocessor](https://github.com/open-telemetry/opentelemetry-collector-contrib) + +Distributed under the following license(s): + +* Apache-2.0 + + + +## [github.com/open-telemetry/opentelemetry-collector-contrib/receiver/filelogreceiver](https://github.com/open-telemetry/opentelemetry-collector-contrib) + +Distributed under the following license(s): + +* Apache-2.0 + + + +## [github.com/open-telemetry/opentelemetry-collector-contrib/receiver/hostmetricsreceiver](https://github.com/open-telemetry/opentelemetry-collector-contrib) + +Distributed under the following license(s): + +* Apache-2.0 + + + +## [github.com/open-telemetry/opentelemetry-collector-contrib/receiver/k8seventsreceiver](https://github.com/open-telemetry/opentelemetry-collector-contrib) + +Distributed under the following license(s): + +* Apache-2.0 + + + +## [github.com/open-telemetry/opentelemetry-collector-contrib/receiver/kubeletstatsreceiver](https://github.com/open-telemetry/opentelemetry-collector-contrib) + +Distributed under the following license(s): + +* Apache-2.0 + + + +## [github.com/open-telemetry/opentelemetry-collector-contrib/receiver/prometheusreceiver](https://github.com/open-telemetry/opentelemetry-collector-contrib) + +Distributed under the following license(s): + +* Apache-2.0 + + + +## [go.opentelemetry.io/collector/component](https://go.opentelemetry.io/collector/component) + +Distributed under the following license(s): + +* Apache-2.0 + + + +## [go.opentelemetry.io/collector/confmap](https://go.opentelemetry.io/collector/confmap) + +Distributed under the following license(s): + +* Apache-2.0 + + + +## [go.opentelemetry.io/collector/confmap/provider/envprovider](https://go.opentelemetry.io/collector/confmap/provider/envprovider) + +Distributed under the following license(s): + +* Apache-2.0 + + + +## [go.opentelemetry.io/collector/confmap/provider/fileprovider](https://go.opentelemetry.io/collector/confmap/provider/fileprovider) + +Distributed under the following license(s): + +* Apache-2.0 + + + +## [go.opentelemetry.io/collector/confmap/provider/httpprovider](https://go.opentelemetry.io/collector/confmap/provider/httpprovider) + +Distributed under the following license(s): + +* Apache-2.0 + + + +## [go.opentelemetry.io/collector/confmap/provider/httpsprovider](https://go.opentelemetry.io/collector/confmap/provider/httpsprovider) + +Distributed under the following license(s): + +* Apache-2.0 + + + +## [go.opentelemetry.io/collector/confmap/provider/yamlprovider](https://go.opentelemetry.io/collector/confmap/provider/yamlprovider) + +Distributed under the following license(s): + +* Apache-2.0 + + + +## [go.opentelemetry.io/collector/connector](https://go.opentelemetry.io/collector/connector) + +Distributed under the following license(s): + +* Apache-2.0 + + + +## [go.opentelemetry.io/collector/exporter](https://go.opentelemetry.io/collector/exporter) + +Distributed under the following license(s): + +* Apache-2.0 + + + +## [go.opentelemetry.io/collector/exporter/debugexporter](https://go.opentelemetry.io/collector/exporter/debugexporter) + +Distributed under the following license(s): + +* Apache-2.0 + + + +## [go.opentelemetry.io/collector/exporter/otlpexporter](https://go.opentelemetry.io/collector/exporter/otlpexporter) + +Distributed under the following license(s): + +* Apache-2.0 + + + +## [go.opentelemetry.io/collector/exporter/otlphttpexporter](https://go.opentelemetry.io/collector/exporter/otlphttpexporter) + +Distributed under the following license(s): + +* Apache-2.0 + + + +## [go.opentelemetry.io/collector/extension](https://go.opentelemetry.io/collector/extension) + +Distributed under the following license(s): + +* Apache-2.0 + + + +## [go.opentelemetry.io/collector/otelcol](https://go.opentelemetry.io/collector/otelcol) + +Distributed under the following license(s): + +* Apache-2.0 + + + +## [go.opentelemetry.io/collector/processor](https://go.opentelemetry.io/collector/processor) + +Distributed under the following license(s): + +* Apache-2.0 + + + +## [go.opentelemetry.io/collector/processor/batchprocessor](https://go.opentelemetry.io/collector/processor/batchprocessor) + +Distributed under the following license(s): + +* Apache-2.0 + + + +## [go.opentelemetry.io/collector/processor/memorylimiterprocessor](https://go.opentelemetry.io/collector/processor/memorylimiterprocessor) + +Distributed under the following license(s): + +* Apache-2.0 + + + +## [go.opentelemetry.io/collector/receiver](https://go.opentelemetry.io/collector/receiver) + +Distributed under the following license(s): + +* Apache-2.0 + + + +## [go.opentelemetry.io/collector/receiver/otlpreceiver](https://go.opentelemetry.io/collector/receiver/otlpreceiver) + +Distributed under the following license(s): + +* Apache-2.0 + + + +## [golang.org/x/sys](https://golang.org/x/sys) + +Distributed under the following license(s): + +* BSD-3-Clause + + + + diff --git a/distributions/nrdot-collector-k8s/manifest.yaml b/distributions/nrdot-collector-k8s/manifest.yaml new file mode 100644 index 00000000..3ca35269 --- /dev/null +++ b/distributions/nrdot-collector-k8s/manifest.yaml @@ -0,0 +1,53 @@ +dist: + module: github.com/newrelic/opentelemetry-collector-releases/nrdot-collector-k8s + name: nrdot-collector-k8s + description: New Relic OpenTelemetry Collector + version: 0.8.9 + output_path: ./_build + +receivers: + # shared + - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/receiver/prometheusreceiver v0.118.0 + # daemonset-only + - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/receiver/filelogreceiver v0.118.0 + - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/receiver/hostmetricsreceiver v0.118.0 + - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/receiver/kubeletstatsreceiver v0.118.0 + # deployment-only + - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/receiver/k8seventsreceiver v0.118.0 + - gomod: go.opentelemetry.io/collector/receiver/otlpreceiver v0.118.0 # only in commented out gateway pipeline but useful for piping + +processors: + # shared + - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/processor/attributesprocessor v0.118.0 + - gomod: go.opentelemetry.io/collector/processor/batchprocessor v0.118.0 + - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/processor/cumulativetodeltaprocessor v0.118.0 + - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/processor/filterprocessor v0.118.0 + - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/processor/k8sattributesprocessor v0.118.0 + - gomod: go.opentelemetry.io/collector/processor/memorylimiterprocessor v0.118.0 + - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/processor/metricstransformprocessor v0.118.0 + - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/processor/resourcedetectionprocessor v0.118.0 + - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/processor/resourceprocessor v0.118.0 + - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/processor/transformprocessor v0.118.0 + # deployment-only + - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/processor/groupbyattrsprocessor v0.118.0 + +exporters: + # shared + - gomod: go.opentelemetry.io/collector/exporter/debugexporter v0.118.0 # added + - gomod: go.opentelemetry.io/collector/exporter/otlpexporter v0.118.0 # added + - gomod: go.opentelemetry.io/collector/exporter/otlphttpexporter v0.118.0 + +extensions: + - gomod: github.com/open-telemetry/opentelemetry-collector-contrib/extension/healthcheckextension v0.118.0 # added +# When adding a replace, add a comment before it to document why it's needed and when it can be removed +replaces: + ### Transitive deps determined via `go mod graph | grep $dep@$dep_replace_version` + # Why: Fixes CVE-2024-41110 + # Transitive dep of: prometheusreceiver + - github.com/docker/docker v27.0.3+incompatible => github.com/docker/docker v27.3.1+incompatible + # Why: Fixes CVE-2024-45337 + # Transitive dep of: x/net, hostmetricsreceiver, prometheusreceiver + - golang.org/x/crypto v0.28.0 => golang.org/x/crypto v0.31.0 + # Why: Fixes CVE-2024-45338 + # Transitive dep of: almost all components + - golang.org/x/net v0.30.0 => golang.org/x/net v0.33.0 diff --git a/distributions/nrdot-collector-k8s/test-spec.yaml b/distributions/nrdot-collector-k8s/test-spec.yaml new file mode 100644 index 00000000..891ce7cc --- /dev/null +++ b/distributions/nrdot-collector-k8s/test-spec.yaml @@ -0,0 +1,3 @@ +nightly: + ec2: + enabled: true \ No newline at end of file diff --git a/event.json b/event.json new file mode 100644 index 00000000..176cfa80 --- /dev/null +++ b/event.json @@ -0,0 +1,3 @@ +{ + "act": true +} diff --git a/go.mod b/go.mod new file mode 100644 index 00000000..ec3d58d6 --- /dev/null +++ b/go.mod @@ -0,0 +1,61 @@ +module github.com/newrelic/opentelemetry-collector-releases + +go 1.23.4 + +require ( + github.com/goreleaser/goreleaser/v2 v2.6.1 + gopkg.in/yaml.v3 v3.0.1 +) + +require ( + dario.cat/mergo v1.0.1 // indirect + github.com/AlekSi/pointer v1.2.0 // indirect + github.com/Masterminds/goutils v1.1.1 // indirect + github.com/Masterminds/semver/v3 v3.3.1 // indirect + github.com/Masterminds/sprig/v3 v3.3.0 // indirect + github.com/Microsoft/go-winio v0.6.2 // indirect + github.com/ProtonMail/go-crypto v1.1.4 // indirect + github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect + github.com/bahlo/generic-list-go v0.2.0 // indirect + github.com/buger/jsonparser v1.1.1 // indirect + github.com/caarlos0/log v0.4.8 // indirect + github.com/charmbracelet/lipgloss v1.0.0 // indirect + github.com/charmbracelet/x/ansi v0.4.5 // indirect + github.com/cloudflare/circl v1.3.8 // indirect + github.com/cyphar/filepath-securejoin v0.3.6 // indirect + github.com/elliotchance/orderedmap/v2 v2.7.0 // indirect + github.com/emirpasic/gods v1.18.1 // indirect + github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect + github.com/go-git/go-billy/v5 v5.6.1 // indirect + github.com/go-git/go-git/v5 v5.13.1 // indirect + github.com/gobwas/glob v0.2.3 // indirect + github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect + github.com/google/uuid v1.6.0 // indirect + github.com/goreleaser/chglog v0.6.2 // indirect + github.com/goreleaser/fileglob v1.3.0 // indirect + github.com/goreleaser/nfpm/v2 v2.41.2 // indirect + github.com/huandu/xstrings v1.5.0 // indirect + github.com/invopop/jsonschema v0.13.0 // indirect + github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect + github.com/kevinburke/ssh_config v1.2.0 // indirect + github.com/lucasb-eyer/go-colorful v1.2.0 // indirect + github.com/mailru/easyjson v0.7.7 // indirect + github.com/mattn/go-isatty v0.0.20 // indirect + github.com/mattn/go-runewidth v0.0.16 // indirect + github.com/mitchellh/copystructure v1.2.0 // indirect + github.com/mitchellh/reflectwalk v1.0.2 // indirect + github.com/muesli/termenv v0.15.2 // indirect + github.com/pjbgf/sha1cd v0.3.0 // indirect + github.com/rivo/uniseg v0.4.7 // indirect + github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect + github.com/shopspring/decimal v1.4.0 // indirect + github.com/skeema/knownhosts v1.3.0 // indirect + github.com/spf13/cast v1.7.0 // indirect + github.com/wk8/go-ordered-map/v2 v2.1.8 // indirect + github.com/xanzy/ssh-agent v0.3.3 // indirect + gitlab.com/digitalxero/go-conventional-commit v1.0.7 // indirect + golang.org/x/crypto v0.32.0 // indirect + golang.org/x/net v0.34.0 // indirect + golang.org/x/sys v0.29.0 // indirect + gopkg.in/warnings.v0 v0.1.2 // indirect +) diff --git a/go.sum b/go.sum new file mode 100644 index 00000000..56435359 --- /dev/null +++ b/go.sum @@ -0,0 +1,195 @@ +dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s= +dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= +github.com/AlekSi/pointer v1.2.0 h1:glcy/gc4h8HnG2Z3ZECSzZ1IX1x2JxRVuDzaJwQE0+w= +github.com/AlekSi/pointer v1.2.0/go.mod h1:gZGfd3dpW4vEc/UlyfKKi1roIqcCgwOIvb0tSNSBle0= +github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= +github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= +github.com/Masterminds/semver/v3 v3.3.1 h1:QtNSWtVZ3nBfk8mAOu/B6v7FMJ+NHTIgUPi7rj+4nv4= +github.com/Masterminds/semver/v3 v3.3.1/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= +github.com/Masterminds/sprig/v3 v3.3.0 h1:mQh0Yrg1XPo6vjYXgtf5OtijNAKJRNcTdOOGZe3tPhs= +github.com/Masterminds/sprig/v3 v3.3.0/go.mod h1:Zy1iXRYNqNLUolqCpL4uhk6SHUMAOSCzdgBfDb35Lz0= +github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY= +github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY= +github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= +github.com/ProtonMail/go-crypto v1.1.4 h1:G5U5asvD5N/6/36oIw3k2bOfBn5XVcZrb7PBjzzKKoE= +github.com/ProtonMail/go-crypto v1.1.4/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= +github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= +github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= +github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= +github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= +github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k= +github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8= +github.com/bahlo/generic-list-go v0.2.0 h1:5sz/EEAK+ls5wF+NeqDpk5+iNdMDXrh3z3nPnH1Wvgk= +github.com/bahlo/generic-list-go v0.2.0/go.mod h1:2KvAjgMlE5NNynlg/5iLrrCCZ2+5xWbdbCW3pNTGyYg= +github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb h1:m935MPodAbYS46DG4pJSv7WO+VECIWUQ7OJYSoTrMh4= +github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb/go.mod h1:PkYb9DJNAwrSvRx5DYA+gUcOIgTGVMNkfSCbZM8cWpI= +github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs= +github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= +github.com/caarlos0/log v0.4.8 h1:k2URuG28jxzVUSltOjY1qy0zmCNVhMeNr8cP5P/2jB4= +github.com/caarlos0/log v0.4.8/go.mod h1:oGfAH1ldO3nYYrbXtofO6y2K/QTPF/VaGMFmD/LRa+M= +github.com/caarlos0/testfs v0.4.4 h1:3PHvzHi5Lt+g332CiShwS8ogTgS3HjrmzZxCm6JCDr8= +github.com/caarlos0/testfs v0.4.4/go.mod h1:bRN55zgG4XCUVVHZCeU+/Tz1Q6AxEJOEJTliBy+1DMk= +github.com/cavaliergopher/cpio v1.0.1 h1:KQFSeKmZhv0cr+kawA3a0xTQCU4QxXF1vhU7P7av2KM= +github.com/cavaliergopher/cpio v1.0.1/go.mod h1:pBdaqQjnvXxdS/6CvNDwIANIFSP0xRKI16PX4xejRQc= +github.com/charmbracelet/lipgloss v1.0.0 h1:O7VkGDvqEdGi93X+DeqsQ7PKHDgtQfF8j8/O2qFMQNg= +github.com/charmbracelet/lipgloss v1.0.0/go.mod h1:U5fy9Z+C38obMs+T+tJqst9VGzlOYGj4ri9reL3qUlo= +github.com/charmbracelet/x/ansi v0.4.5 h1:LqK4vwBNaXw2AyGIICa5/29Sbdq58GbGdFngSexTdRM= +github.com/charmbracelet/x/ansi v0.4.5/go.mod h1:dk73KoMTT5AX5BsX0KrqhsTqAnhZZoCBjs7dGWp4Ktw= +github.com/cloudflare/circl v1.3.8 h1:j+V8jJt09PoeMFIu2uh5JUyEaIHTXVOHslFoLNAKqwI= +github.com/cloudflare/circl v1.3.8/go.mod h1:PDRU+oXvdD7KCtgKxW95M5Z8BpSCJXQORiZFnBQS5QU= +github.com/cyphar/filepath-securejoin v0.3.6 h1:4d9N5ykBnSp5Xn2JkhocYDkOpURL/18CYMpo6xB9uWM= +github.com/cyphar/filepath-securejoin v0.3.6/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/elazarl/goproxy v1.2.3 h1:xwIyKHbaP5yfT6O9KIeYJR5549MXRQkoQMRXGztz8YQ= +github.com/elazarl/goproxy v1.2.3/go.mod h1:YfEbZtqP4AetfO6d40vWchF3znWX7C7Vd6ZMfdL8z64= +github.com/elliotchance/orderedmap/v2 v2.7.0 h1:WHuf0DRo63uLnldCPp9ojm3gskYwEdIIfAUVG5KhoOc= +github.com/elliotchance/orderedmap/v2 v2.7.0/go.mod h1:85lZyVbpGaGvHvnKa7Qhx7zncAdBIBq6u56Hb1PRU5Q= +github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc= +github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ= +github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= +github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= +github.com/gliderlabs/ssh v0.3.8 h1:a4YXD1V7xMF9g5nTkdfnja3Sxy1PVDCj1Zg4Wb8vY6c= +github.com/gliderlabs/ssh v0.3.8/go.mod h1:xYoytBv1sV0aL3CavoDuJIQNURXkkfPA/wxQ1pL1fAU= +github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI= +github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic= +github.com/go-git/go-billy/v5 v5.6.1 h1:u+dcrgaguSSkbjzHwelEjc0Yj300NUevrrPphk/SoRA= +github.com/go-git/go-billy/v5 v5.6.1/go.mod h1:0AsLr1z2+Uksi4NlElmMblP5rPcDZNRCD8ujZCRR2BE= +github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4= +github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII= +github.com/go-git/go-git/v5 v5.13.1 h1:DAQ9APonnlvSWpvolXWIuV6Q6zXy2wHbN4cVlNR5Q+M= +github.com/go-git/go-git/v5 v5.13.1/go.mod h1:qryJB4cSBoq3FRoBRf5A77joojuBcmPJ0qu3XXXVixc= +github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= +github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= +github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= +github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/rpmpack v0.6.1-0.20240329070804-c2247cbb881a h1:JJBdjSfqSy3mnDT0940ASQFghwcZ4y4cb6ttjAoXqwE= +github.com/google/rpmpack v0.6.1-0.20240329070804-c2247cbb881a/go.mod h1:uqVAUVQLq8UY2hCDfmJ/+rtO3aw7qyhc90rCVEabEfI= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/gopherjs/gopherjs v1.17.2 h1:fQnZVsXk8uxXIStYb0N4bGk7jeyTalG/wsZjQ25dO0g= +github.com/gopherjs/gopherjs v1.17.2/go.mod h1:pRRIvn/QzFLrKfvEz3qUuEhtE/zLCWfreZ6J5gM2i+k= +github.com/goreleaser/chglog v0.6.2 h1:qroqdMHzwoAPTHHzJtbCfYbwg/yWJrNQApZ6IQAq8bU= +github.com/goreleaser/chglog v0.6.2/go.mod h1:BP0xQQc6B8aM+4dhvSLlVTv0rvhuOF0JacDO1+h7L3U= +github.com/goreleaser/fileglob v1.3.0 h1:/X6J7U8lbDpQtBvGcwwPS6OpzkNVlVEsFUVRx9+k+7I= +github.com/goreleaser/fileglob v1.3.0/go.mod h1:Jx6BoXv3mbYkEzwm9THo7xbr5egkAraxkGorbJb4RxU= +github.com/goreleaser/goreleaser/v2 v2.6.1 h1:wszzGB1PkrkbtjJIKIEdJv5EX6VCFpqYYlP6kH8dQXE= +github.com/goreleaser/goreleaser/v2 v2.6.1/go.mod h1:1cJ5aWR6YKTt5Aba4dxszwobdBQPyisSBW6ZNPfIccY= +github.com/goreleaser/nfpm/v2 v2.41.2 h1:yOjpPlft5zpMPusbIWICphycIjE5orpY/IyMbkBbIJU= +github.com/goreleaser/nfpm/v2 v2.41.2/go.mod h1:zvk0z+wsPKe7Qdsp7z0ZJ9asnbwwhJUEsdOsPkgVC1E= +github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI= +github.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= +github.com/invopop/jsonschema v0.13.0 h1:KvpoAJWEjR3uD9Kbm2HWJmqsEaHt8lBUpd0qHcIi21E= +github.com/invopop/jsonschema v0.13.0/go.mod h1:ffZ5Km5SWWRAIN6wbDXItl95euhFz2uON45H2qjYt+0= +github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= +github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= +github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= +github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo= +github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= +github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4= +github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= +github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc= +github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0= +github.com/klauspost/pgzip v1.2.6 h1:8RXeL5crjEUFnR2/Sn6GJNWtSQ3Dk8pq4CL3jvdDyjU= +github.com/klauspost/pgzip v1.2.6/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs= +github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69Aj6K7nkY= +github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0= +github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= +github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= +github.com/matryer/is v1.4.0 h1:sosSmIWwkYITGrxZ25ULNDeKiMNzFSr4V/eqBQP0PeE= +github.com/matryer/is v1.4.0/go.mod h1:8I/i5uYgLzgsgEloJE1U6xx5HkBQpAZvepWuujKwMRU= +github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= +github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc= +github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= +github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= +github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= +github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= +github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= +github.com/muesli/termenv v0.15.2 h1:GohcuySI0QmI3wN8Ok9PtKGkgkFIk7y6Vpb5PvrY+Wo= +github.com/muesli/termenv v0.15.2/go.mod h1:Epx+iuz8sNs7mNKhxzH4fWXGNpZwUaJKRS1noLXviQ8= +github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k= +github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY= +github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4= +github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI= +github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= +github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ= +github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= +github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= +github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= +github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8= +github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4= +github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k= +github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME= +github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= +github.com/skeema/knownhosts v1.3.0 h1:AM+y0rI04VksttfwjkSTNQorvGqmwATnvnAHpSgc0LY= +github.com/skeema/knownhosts v1.3.0/go.mod h1:sPINvnADmT/qYH1kfv+ePMmOBTH6Tbl7b5LvTDjFK7M= +github.com/smarty/assertions v1.15.0 h1:cR//PqUBUiQRakZWqBiFFQ9wb8emQGDb0HeGdqGByCY= +github.com/smarty/assertions v1.15.0/go.mod h1:yABtdzeQs6l1brC900WlRNwj6ZR55d7B+E8C6HtKdec= +github.com/smartystreets/goconvey v1.8.1 h1:qGjIddxOk4grTu9JPOU31tVfq3cNdBlNa5sSznIX1xY= +github.com/smartystreets/goconvey v1.8.1/go.mod h1:+/u4qLyY6x1jReYOp7GOM2FSt8aP9CzCZL03bI28W60= +github.com/spf13/cast v1.7.0 h1:ntdiHjuueXFgm5nzDRdOS4yfT43P5Fnud6DH50rz/7w= +github.com/spf13/cast v1.7.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= +github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/ulikunitz/xz v0.5.12 h1:37Nm15o69RwBkXM0J6A5OlE67RZTfzUxTj8fB3dfcsc= +github.com/ulikunitz/xz v0.5.12/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= +github.com/wk8/go-ordered-map/v2 v2.1.8 h1:5h/BUHu93oj4gIdvHHHGsScSTMijfx5PeYkE/fJgbpc= +github.com/wk8/go-ordered-map/v2 v2.1.8/go.mod h1:5nJHM5DyteebpVlHnWMV0rPz6Zp7+xBAnxjb1X5vnTw= +github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= +github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= +gitlab.com/digitalxero/go-conventional-commit v1.0.7 h1:8/dO6WWG+98PMhlZowt/YjuiKhqhGlOCwlIV8SqqGh8= +gitlab.com/digitalxero/go-conventional-commit v1.0.7/go.mod h1:05Xc2BFsSyC5tKhK0y+P3bs0AwUtNuTp+mTpbCU/DZ0= +golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc= +golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc= +golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c h1:7dEasQXItcW1xKJ2+gg5VOiBnqWrJc+rq0DPKyvvdbY= +golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c/go.mod h1:NQtJDoLvd6faHhE7m4T/1IY708gDefGGjR/iUW8yQQ8= +golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0= +golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k= +golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU= +golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.28.0 h1:/Ts8HFuMR2E6IP/jlo7QVLZHggjKQbhu/7H0LJFr3Gg= +golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek= +golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= +golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME= +gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/internal/tools/Makefile b/internal/tools/Makefile deleted file mode 100644 index 090ce26a..00000000 --- a/internal/tools/Makefile +++ /dev/null @@ -1,5 +0,0 @@ -GOCMD?= go - - -all: - $(GOCMD) install go.elastic.co/go-licence-detector diff --git a/internal/tools/go.mod b/internal/tools/go.mod index 2bcb6f48..1f58df9a 100644 --- a/internal/tools/go.mod +++ b/internal/tools/go.mod @@ -2,15 +2,16 @@ module github.com/newrelic/opentelemetry-collector-releases/internal/tools go 1.23 -require go.elastic.co/go-licence-detector v0.6.0 +require go.elastic.co/go-licence-detector v0.7.0 require ( - github.com/cyphar/filepath-securejoin v0.2.5 // indirect + github.com/cyphar/filepath-securejoin v0.4.0 // indirect github.com/gobuffalo/here v0.6.7 // indirect - github.com/google/licenseclassifier v0.0.0-20200402202327-879cb1424de0 // indirect + github.com/google/licenseclassifier v0.0.0-20250108172508-0c3884c4cd43 // indirect github.com/karrick/godirwalk v1.15.6 // indirect github.com/markbates/pkger v0.17.0 // indirect - github.com/sergi/go-diff v1.1.0 // indirect - golang.org/x/mod v0.3.0 // indirect - golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a // indirect + github.com/sergi/go-diff v1.3.1 // indirect + golang.org/x/mod v0.22.0 // indirect + golang.org/x/sync v0.10.0 // indirect + golang.org/x/sys v0.29.0 // indirect ) diff --git a/internal/tools/go.sum b/internal/tools/go.sum index 4e9ab47d..d73a8d57 100644 --- a/internal/tools/go.sum +++ b/internal/tools/go.sum @@ -1,6 +1,8 @@ github.com/cyphar/filepath-securejoin v0.2.2/go.mod h1:FpkQEhXnPnOthhzymB7CGsFk2G9VLXONKD9G7QGMM+4= github.com/cyphar/filepath-securejoin v0.2.5 h1:6iR5tXJ/e6tJZzzdMc1km3Sa7RRIVBKAK32O2s7AYfo= github.com/cyphar/filepath-securejoin v0.2.5/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= +github.com/cyphar/filepath-securejoin v0.4.0 h1:PioTG9TBRSApBpYGnDU8HC+miIsX8vitBH9LGNNMoLQ= +github.com/cyphar/filepath-securejoin v0.4.0/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -9,8 +11,12 @@ github.com/gobuffalo/here v0.6.0/go.mod h1:wAG085dHOYqUpf+Ap+WOdrPTp5IYcDAs/x7PL github.com/gobuffalo/here v0.6.7 h1:hpfhh+kt2y9JLDfhYUxxCRxQol540jsVfKUZzjlbp8o= github.com/gobuffalo/here v0.6.7/go.mod h1:vuCfanjqckTuRlqAitJz6QC4ABNnS27wLb816UhsPcc= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= +github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/licenseclassifier v0.0.0-20200402202327-879cb1424de0 h1:OggOMmdI0JLwg1FkOKH9S7fVHF0oEm8PX6S8kAdpOps= github.com/google/licenseclassifier v0.0.0-20200402202327-879cb1424de0/go.mod h1:qsqn2hxC+vURpyBRygGUuinTO42MFRLcsmQ/P8v94+M= +github.com/google/licenseclassifier v0.0.0-20250108172508-0c3884c4cd43 h1:KvqPipDBTmDrRe6gLp1+7YXKVIbd6z1Y3AI4hautrV0= +github.com/google/licenseclassifier v0.0.0-20250108172508-0c3884c4cd43/go.mod h1:jkYIPv59uiw+1MxTWlqQEKebsUDV1DCXQtBBn5lVzf4= +github.com/google/licenseclassifier/v2 v2.0.0-alpha.1/go.mod h1:YAgBGGTeNDMU+WfIgaFvjZe4rudym4f6nIn8ZH5X+VM= github.com/karrick/godirwalk v1.15.6 h1:Yf2mmR8TJy+8Fa0SuQVto5SYap6IF7lNVX4Jdl8G1qA= github.com/karrick/godirwalk v1.15.6/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= @@ -24,6 +30,8 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0= github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= +github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8= +github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= @@ -34,27 +42,39 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= go.elastic.co/go-licence-detector v0.6.0 h1:QJ+cUIHC0JpxEKgp5Bj0pabEiOOt9H1O9CCcUNe6yRQ= go.elastic.co/go-licence-detector v0.6.0/go.mod h1:fSJQU8au4SAgDK+UQFbgUPsXKYNBDv4E/dwWevrMpXU= +go.elastic.co/go-licence-detector v0.7.0 h1:qC31sfyfNcNx/zMYcLABU0ac3MbGHZgksCAb5lMDUMg= +go.elastic.co/go-licence-detector v0.7.0/go.mod h1:f5ty8pjynzQD8BcS+s0qtlOGKc35/HKQxCVi8SHhV5k= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/mod v0.3.0 h1:RM4zey1++hCTbCVQfnWeKs9/IEsaBLA8vTkd0WVtmH4= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4= +golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a h1:WXEvlFVvvGxCJLG6REjsT03iWnKLEWinaScsxF2Vm2o= golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= +golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU= +golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.7/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/scripts/build.sh b/scripts/build.sh index 097f39f9..bac4c2c0 100755 --- a/scripts/build.sh +++ b/scripts/build.sh @@ -1,23 +1,28 @@ #!/bin/bash -REPO_DIR="$( cd "$(dirname $( dirname "${BASH_SOURCE[0]}" ))" &> /dev/null && pwd )" -# flag for ci-only behavior (CI is auto-populated with 'true' in github actions) -ensure_docker_write_permissions=$CI +REPO_DIR="$( cd "$(dirname "$( dirname "${BASH_SOURCE[0]}" )")" &> /dev/null && pwd )" +BUILDER='' # default values skipcompilation=false +validate=true -while getopts d:s: flag +while getopts d:s:b: flag do case "${flag}" in - d) distribution=${OPTARG};; + d) distributions=${OPTARG};; s) skipcompilation=${OPTARG};; + l) validate=${OPTARG};; + b) BUILDER=${OPTARG};; + *) exit 1;; esac done -if [[ -z $distribution ]]; then - echo "Distribution to build not provided. Use '-d' to specify the name of the distribution to build. Ex.:" - echo "$0 -d nr-otel-collector" +[[ -n "$BUILDER" ]] || BUILDER='ocb' + +if [[ -z $distributions ]]; then + echo "List of distributions to build not provided. Use '-d' to specify the names of the distributions to build. Ex.:" + echo "$0 -d otelcol" exit 1 fi @@ -25,40 +30,27 @@ if [[ "$skipcompilation" = true ]]; then echo "Skipping the compilation, we'll only generate the sources." fi -echo "Distribution to build: $distribution"; - -pushd "${REPO_DIR}/distributions/${distribution}" > /dev/null -ocb_config="manifest.yaml" -output_dir=$(yq '.dist.output_path' "${ocb_config}") -echo "Output dir: $(pwd)/${output_dir}" -if [[ -d "${output_dir}" ]]; then - # cleanup build dir as reruns of workflows seem to reuse the same filesystem - rm -rf "${output_dir}" -fi -mkdir "${output_dir}" -if [[ "$ensure_docker_write_permissions" == "true" ]]; then - # ocb dockerfile user/group id is 10001 (https://github.com/open-telemetry/opentelemetry-collector-releases/blob/main/cmd/builder/Dockerfile#L6) - sudo chown 10001:10001 "${output_dir}" -fi - -builder_version=$(yq '.dist.otelcol_version' "${ocb_config}") -builder_image="otel/opentelemetry-collector-builder:${builder_version}" -docker pull "${builder_image}" +echo "Distributions to build: $distributions"; -container_work_dir=$(docker image inspect -f '{{.Config.WorkingDir}}' ${builder_image}) -container_path_ocb_config="${container_work_dir}/${ocb_config}" - -echo "Building: $distribution" -docker run \ - -v "$(pwd)/${ocb_config}:${container_path_ocb_config}" \ - -v "$(pwd)/${output_dir}:${container_work_dir}/${output_dir}:rw" \ - "${builder_image}" \ - --config "${container_path_ocb_config}" \ - --skip-compilation=${skipcompilation} - -if [[ "$ensure_docker_write_permissions" == "true" ]]; then - # change owner of output dir back to the 'build' user to allow access for following steps - sudo chown -R $(id -u):$(id -g) "${output_dir}" -fi - -popd > /dev/null +for distribution in $(echo "$distributions" | tr "," "\n") +do + pushd "${REPO_DIR}/distributions/${distribution}" > /dev/null || exit + mkdir -p _build + + echo "Building: $distribution" + echo "Using Builder: $(command -v "$BUILDER")" + echo "Using Go: $(command -v go)" + + if "$BUILDER" --skip-compilation="${skipcompilation}" --config manifest.yaml > _build/build.log 2>&1; then + echo "✅ SUCCESS: distribution '${distribution}' built." + else + echo "❌ ERROR: failed to build the distribution '${distribution}'." + echo "🪵 Build logs for '${distribution}'" + echo "----------------------" + cat _build/build.log + echo "----------------------" + exit 1 + fi + + popd > /dev/null || exit +done \ No newline at end of file diff --git a/scripts/generate-goreleaser.sh b/scripts/generate-goreleaser.sh new file mode 100755 index 00000000..05879dde --- /dev/null +++ b/scripts/generate-goreleaser.sh @@ -0,0 +1,28 @@ +#!/bin/bash + +GO='' + +while getopts d:g: flag +do + case "${flag}" in + d) distributions=${OPTARG};; + g) GO=${OPTARG};; + *) exit 1;; + esac +done + +[[ -n "$GO" ]] || GO='go' + +if [[ -z $distributions ]]; then + echo "List of distributions to generate the goreleaser not provided. Use '-d' to specify the names of the distributions use. Ex.:" + echo "$0 -d nr-otel-collector" + exit 1 +fi + +echo "Distributions to generate: $distributions"; + +for distribution in $(echo "$distributions" | tr "," "\n") +do + ${GO} run cmd/goreleaser/main.go -d "${distribution}" > "./distributions/${distribution}/.goreleaser.yaml" + ${GO} run cmd/goreleaser/main.go -d "${distribution}" -n > "./distributions/${distribution}/.goreleaser-nightly.yaml" +done \ No newline at end of file diff --git a/scripts/generate_checksum.sh b/scripts/generate_checksum.sh deleted file mode 100755 index c326f0ad..00000000 --- a/scripts/generate_checksum.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash -set -eo pipefail - -print_usage() { - printf -- "Usage: %s\n" $(basename "${0}") - printf -- "-o: Output file for generated checksum\n" - printf -- "-f: File to generate checksum for\n" -} - -while getopts 'o:f:h' flag -do - if [ -z "${OPTARG}" ]; then - continue - fi - case "${flag}" in - h) - print_usage - exit 0 - ;; - o) - OUTPUT_FILE="${OPTARG}" - continue - ;; - f) - FILE="${OPTARG}" - continue - ;; - *) - print_usage - exit 1 - ;; - esac -done - -if [ -z "${FILE}" ]; then - echo "-f file not provided\n" >&2 - print_usage - exit 1 -fi - -# if OUTPUT_FILE was provided we use it as destination filename. -if [ -n "${OUTPUT_FILE}" ]; then - output_file="./${OUTPUT_FILE}" -else - output_file="./${FILE}.sum" -fi - -echo -n > "${output_file}" - -echo "Processing file: ${FILE}, creating ${output_file}" -sha256sum "${FILE}" | awk -F ' ' '{gsub(".*/", "", $2); print $1 " " $2}' >> "${output_file}" diff --git a/scripts/gh_publisher.sh b/scripts/gh_publisher.sh deleted file mode 100755 index f82a25c0..00000000 --- a/scripts/gh_publisher.sh +++ /dev/null @@ -1,102 +0,0 @@ -#!/bin/bash -# -# -# Upload file to GH Release assets -# -# - -print_usage() { - printf -- "Usage: %s\n" "$(basename "${0}")" - printf -- "-f: File to uplload\n" - printf -- "-t: tag of the release\n" - printf -- "-h: Print help page\n" -} - -while getopts 'f:t:h' flag -do - case "${flag}" in - h) - print_usage - exit 0 - ;; - f) - file_name="${OPTARG}" - continue - ;; - t) - tag="${OPTARG}" - continue - ;; - *) - print_usage - exit 1 - ;; - esac -done - -# delete_asset_by_name is used when we want to re-upload an asset that failed or was partially published. -delete_asset_by_name() { - artifact="${1}" - - repo=$(git config --get remote.origin.url | sed -En "s/.*github.com[:/]//p") - repo=${repo%.*} - - assets_url=$(gh api "repos/${repo}/releases/tags/${tag}" --jq '[.assets_url] | @tsv') - if [ "${?}" -ne 0 ]; then - exit 1 - fi - - page=1 - while [ "${page}" -lt 20 ]; do - echo "fetching assets page: ${page}..." - assets=$(gh api "${assets_url}?page=${page}" --jq '.[] | [.url,.name] | @tsv' | tee) - if [ "${?}" -ne 0 ]; then - exit 2 - fi - - if [ "${assets}" = "" ]; then - break - fi - - while IFS= read -r asset; - do - assetArray=("${asset}") - if [ "${assetArray[1]}" = "${artifact}" ]; then - gh api -X DELETE "${assetArray[0]}" - if [ "${?}" -ne 0 ]; then - exit 3 - fi - echo "deleted ${artifact}, retry..." - return - fi - done < <(echo "$assets") - ((page++)) - done - echo "no assets found to delete with the name: ${artifact}" -} - -MAX_ATTEMPTS=20 -ATTEMPTS=$MAX_ATTEMPTS - -echo "===> Uploading to GH ${tag}: ${file_name}" - -while [ "${ATTEMPTS}" -gt 0 ];do - gh release upload "${tag}" "${file_name}" --clobber - - if [[ "${?}" -eq 0 ]];then - echo "===> uploaded ${file_name}" - break - fi - - set -e - delete_asset_by_name "$(basename "${file_name}")" - set +e - sleep 3s - (( ATTEMPTS-- )) -done - -if [ "${ATTEMPTS}" -eq 0 ];then - echo "too many attempts to upload ${file_name}" - exit 1 -fi - diff --git a/scripts/licenses.sh b/scripts/licenses.sh new file mode 100755 index 00000000..8e2c1391 --- /dev/null +++ b/scripts/licenses.sh @@ -0,0 +1,41 @@ +#!/bin/bash + +REPO_DIR="$( cd "$(dirname "$( dirname "${BASH_SOURCE[0]}" )")" &> /dev/null && pwd )" + +GO_LICENCE_DETECTOR='' +NOTICE_FILE='' + +while getopts d:b:n:g: flag +do + case "${flag}" in + d) distributions=${OPTARG};; + b) GO_LICENCE_DETECTOR=${OPTARG};; + n) NOTICE_FILE=${OPTARG};; + g) GO=${OPTARG};; + *) exit 1;; + esac +done + +[[ -n "$NOTICE_FILE" ]] || NOTICE_FILE='THIRD_PARTY_NOTICES.md' + +[[ -n "$GO_LICENCE_DETECTOR" ]] || GO_LICENCE_DETECTOR='go-licence-detector' + +if [[ -z $distributions ]]; then + echo "List of distributions to build not provided. Use '-d' to specify the names of the distributions to build. Ex.:" + echo "$0 -d nrdot-collector-k8s" + exit 1 +fi + +for distribution in $(echo "$distributions" | tr "," "\n") +do + pushd "${REPO_DIR}/distributions/${distribution}/_build" > /dev/null || exit + + echo "📜 Building notice for ${distribution}..." + + ${GO} list -mod=mod -m -json all | ${GO_LICENCE_DETECTOR} \ + -rules "${REPO_DIR}/internal/assets/license/rules.json" \ + -noticeTemplate "${REPO_DIR}/internal/assets/license/THIRD_PARTY_NOTICES.md.tmpl" \ + -noticeOut "${REPO_DIR}/distributions/${distribution}/${NOTICE_FILE}" + + popd > /dev/null || exit +done diff --git a/scripts/signing/Dockerfile b/scripts/signing/Dockerfile deleted file mode 100644 index f4d97b2e..00000000 --- a/scripts/signing/Dockerfile +++ /dev/null @@ -1,12 +0,0 @@ -FROM debian:bullseye - -RUN apt-get update \ - && apt-get -y install \ - rpm \ - gnupg2 \ - gpg-agent \ - debsigs - -ADD entrypoint.sh /entrypoint.sh - -ENTRYPOINT ["/entrypoint.sh"] diff --git a/scripts/signing/entrypoint.sh b/scripts/signing/entrypoint.sh deleted file mode 100755 index 5b54623f..00000000 --- a/scripts/signing/entrypoint.sh +++ /dev/null @@ -1,96 +0,0 @@ -#!/bin/bash -set -eo pipefail - -print_usage() { - printf -- "Usage: %s\n" "$(basename "${0}")" - printf -- "-f: Package file to sign\n" - printf -- "-h: Print help page\n" -} - -while getopts 'f:h' flag -do - case "${flag}" in - h) - print_usage - exit 0 - ;; - f) - file_name="${OPTARG}" - continue - ;; - *) - print_usage - exit 1 - ;; - esac -done - -if [ -z "${file_name}" ] ; then - echo "-f package not provided" >&2 - print_usage - exit 1 -fi - -if [ ! -f "${file_name}" ]; then - echo "file: ${file_name} doesn't exist" >&2 - print_usage - exit 1 -fi - -prepare() { - # prepare RPM's - echo "===> Create .rpmmacros to sign rpm's from Goreleaser" - echo "%_gpg_name ${GPG_MAIL}" >> ~/.rpmmacros - echo "%_signature gpg" >> ~/.rpmmacros - echo "%_gpg_path /root/.gnupg" >> ~/.rpmmacros - echo "%_gpgbin /usr/bin/gpg" >> ~/.rpmmacros - echo "%__gpg_sign_cmd %{__gpg} gpg --no-verbose --no-armor --batch --pinentry-mode loopback --passphrase ${GPG_PASSPHRASE} --no-secmem-warning -u "%{_gpg_name}" -sbo %{__signature_filename} %{__plaintext_filename}" >> ~/.rpmmacros - - echo "===> Importing GPG private key from GHA secrets..." - printf %s ${GPG_PRIVATE_KEY_BASE64} | base64 -d | gpg --batch --import - - - echo "===> Importing GPG signature, needed from Goreleaser to verify signature" - gpg --export -a ${GPG_MAIL} > /tmp/RPM-GPG-KEY-${GPG_MAIL} - rpm --import /tmp/RPM-GPG-KEY-${GPG_MAIL} - - # prepare DEB's - GNUPGHOME="/root/.gnupg" - echo "${GPG_PASSPHRASE}" > "${GNUPGHOME}/gpg-passphrase" - echo "passphrase-file ${GNUPGHOME}/gpg-passphrase" >> "$GNUPGHOME/gpg.conf" - echo 'allow-loopback-pinentry' >> "${GNUPGHOME}/gpg-agent.conf" - echo 'pinentry-mode loopback' >> "${GNUPGHOME}/gpg.conf" - echo 'use-agent' >> "${GNUPGHOME}/gpg.conf" - echo RELOADAGENT | gpg-connect-agent -} - -sign_rpm() { - rpm_file="${1}" - echo "===> Signing ${rpm_file}" - rpm --addsign "${rpm_file}" - echo "===> Sign verification ${rpm_file}" - rpm -v --checksig "${rpm_file}" -} - -sign_deb() { - deb_file="${1}" - echo "===> Signing ${deb_file}" - debsigs --sign=origin --verify --check -v -k "${GPG_MAIL}" "${deb_file}" -} - -sign_file() { - targz_file="${1}" - echo "===> Signing ${targz_file}" - gpg --sign --armor --detach-sig "${targz_file}" - echo "===> Sign verification ${targz_file}" - gpg --verify ${targz_file}.asc "${targz_file}" -} - -prepare - -if [[ "${file_name}" =~ .*\.(rpm) ]]; then - sign_rpm "${file_name}" -elif [[ "${file_name}" =~ .*\.(deb) ]]; then - sign_deb "${file_name}" -elif [[ "${file_name}" =~ .*\.(tar.gz) ]]; then - sign_file "${file_name}" -fi diff --git a/scripts/signing/sign.sh b/scripts/signing/sign.sh deleted file mode 100755 index 4131486c..00000000 --- a/scripts/signing/sign.sh +++ /dev/null @@ -1,93 +0,0 @@ -#!/bin/bash -set -eo pipefail - -# -# -# GPG signing for packages packages -# -# - -print_usage() { - printf -- "Usage: %s\n" "$(basename "${0}")" - printf -- "-f: File to sign\n" - printf -- "-m: gpg mail address\n" - printf -- "-p: gpg passphrase\n" - printf -- "-k: gpg private key base64\n" - printf -- "-b: Force build of the docker image\n" - printf -- "-h: Print help page\n" -} - -current_dir="$( dirname $( readlink -f ${BASH_SOURCE[0]} ) )" - -while getopts 'f:m:p:k:bh' flag -do - case "${flag}" in - h) - print_usage - exit 0 - ;; - f) - file_name="${OPTARG}" - continue - ;; - m) - gpg_mail="${OPTARG}" - continue - ;; - p) - gpg_passphrase="${OPTARG}" - continue - ;; - k) - gpg_private_key_base64="${OPTARG}" - continue - ;; - b) - should_build=true - continue - ;; - *) - print_usage - exit 1 - ;; - esac -done - -if [ -z "${file_name}" ]; then - echo "-f file_name not provided\n" >&2 - print_usage - exit 1 -fi - -image_name="assets_signer" - -# Build docker image only if doesn't already exist or explicitly requested. -if [ "$(docker images -q ${image_name} 2> /dev/null)" = "" ] || [ "${should_build}" = true ]; then - docker build -t "${image_name}" "${current_dir}/." -fi - -if [ -z "${gpg_mail}" ]; then - echo "-m gpg_mail not provided\n" >&2 - print_usage - exit 1 -fi - -if [ -z "${gpg_passphrase}" ]; then - echo "-p gpg_passphrase not provided\n" >&2 - print_usage - exit 1 -fi - -if [ -z "${gpg_private_key_base64}" ]; then - echo "-k gpg_private_key_base64 not provided\n" >&2 - print_usage - exit 1 -fi - -docker run --rm -t --name "assets_signer" \ - -v "${current_dir}/../../:/srv/workdir" \ - -w /srv/workdir \ - -e GPG_MAIL="${gpg_mail}" \ - -e GPG_PASSPHRASE="${gpg_passphrase}" \ - -e GPG_PRIVATE_KEY_BASE64="${gpg_private_key_base64}" \ - "${image_name}" -f "${file_name}"