Skip to content

fix: replace go packages with CVEs with newer versions (#154) #564

fix: replace go packages with CVEs with newer versions (#154)

fix: replace go packages with CVEs with newer versions (#154) #564

name: Observe Agent Integration Tests
on:
workflow_dispatch:
pull_request:
push:
branches:
- main
schedule:
- cron: "0 7 * * *" #Runs at 07:00 UTC Daily
#Special permissions required for OIDC authentication
permissions:
id-token: write
contents: write
pull-requests: write
env:
TF_VAR_name_format: "tf-observe-agent-test-%s"
TF_VAR_PUBLIC_KEY_PATH: "./test_key.pub"
TF_VAR_PRIVATE_KEY_PATH: "./test_key.pem"
TF_VAR_OBSERVE_URL: ${{secrets.OBSERVE_URL}}
TF_VAR_OBSERVE_TOKEN: ${{secrets.OBSERVE_TOKEN}}
jobs:
build:
runs-on: ubuntu-observe-agent-8cpu
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: 1.22.7
- name: Install msitools
run: sudo apt-get install -y wixl
- name: Install qemu
uses: docker/setup-qemu-action@v3
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v6
with:
distribution: goreleaser-pro
version: '2.4.4'
args: release --prepare --clean --snapshot --verbose --parallelism 8
env:
GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
- name: Save docker as .tar #Save docker images to tar
run: |
amd64_image=$(docker images --format "{{.Repository}}:{{.Tag}}" | grep "amd64"| grep "observe-agent" | sort -r -k4 | head -n 1)
arm64v8_image=$(docker images --format "{{.Repository}}:{{.Tag}}" | grep "arm64v8"| grep "observe-agent" | sort -r -k4 | head -n 1)
echo "amd64_image: ${amd64_image}"
echo "arm64v8_image: ${arm64v8_image}"
docker save -o dist/observe-agent_docker_arm64v8.tar ${arm64v8_image}
docker save -o dist/observe-agent_docker_amd64.tar ${amd64_image}
- run: ls -l && ls -l dist/
- name: Upload build artifacts
uses: actions/upload-artifact@v4
with:
name: dist
path: dist/
retention-days: 10
observe-agent-integration-tests:
name: observe-agent-integration-tests-${{ matrix.AWS_MACHINE}}
runs-on: ubuntu-latest
needs: build
strategy:
fail-fast: false
matrix:
AWS_MACHINE: ["AMAZON_LINUX_2023", "UBUNTU_22_04_LTS", "WINDOWS_SERVER_2016_BASE", "WINDOWS_SERVER_2019_BASE", "WINDOWS_SERVER_2022_BASE", "DOCKER_AMD64_UBUNTU_22_04_LTS"]
defaults:
run:
working-directory: integration #Terrafrom commands and tests are ran from integration directory
steps:
- name: Checkout code
uses: actions/checkout@v4
- run: git branch && df -h
- name: Configure AWS Credentials ## Terraform provider automatically uses these creds
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
role-session-name: ${{ github.sha }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: '3.10'
- run: pip install -r scripts/requirements.txt
- name: Setup SSH Keys
run: |
echo "${{ secrets.SSH_PRIVATE_KEY }}" > ${{env.TF_VAR_PRIVATE_KEY_PATH}}
chmod 600 ${{env.TF_VAR_PRIVATE_KEY_PATH}}
echo "${{ secrets.SSH_PUBLIC_KEY }}" >${{env.TF_VAR_PUBLIC_KEY_PATH}}
chmod 644 ${{env.TF_VAR_PUBLIC_KEY_PATH}}
- name: Setup additional terraform variable
run: echo "TF_VAR_AWS_MACHINE=$(echo ${{matrix.AWS_MACHINE}})" >> $GITHUB_ENV
- name: Download build artifacts
uses: actions/download-artifact@v4
id: artifact-download-step
with:
name: dist
path: dist
- name: Setup Terraform
uses: hashicorp/setup-terraform@v3
with:
terraform_version: 1.8.5
- name: Terraform Init
id: init
run: terraform init
- name: Terraform Validate
id: validate
run: terraform validate -no-color
- name: Terraform Test
id: test
run: |
terraform test -verbose