-
Notifications
You must be signed in to change notification settings - Fork 11
103 lines (94 loc) · 3.97 KB
/
build-integrated-jar.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
name: Create Integrated Agent jar
on:
workflow_dispatch:
inputs:
apm-repo:
description: 'The repo of APM source code to use'
required: true
default: 'k2io/newrelic-java-agent'
apm-source-ref:
description: 'The source-ref of APM source code to use'
required: true
default: 'csec-dev'
csec-run-unittest:
description: 'Whether to run CSEC instrumentation unit tests'
required: true
default: true
csec-run-instrumentation-verify:
description: 'Whether to run CSEC instrumentation verifier'
required: true
default: true
slack-notify:
description: 'Whether to notify build status on slack'
required: true
default: true
description:
description: "A description for the custom jar that will be generated. It will appear in the summary."
required: true
default: ''
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
jobs:
build-csec-agent:
name: Build CSEC agent artifacts
uses: ./.github/workflows/X-Reusable-Build-Security-Agent.yml
with:
apm-repo: ${{ inputs.apm-repo }}
apm-source-ref: ${{ inputs.apm-source-ref }}
run-unit-test: ${{ inputs.csec-run-unittest }}
is-release: false
secrets: inherit
verify-instrumentation:
name: Verify CSEC instrumentation
if: ${{ inputs.csec-run-instrumentation-verify == 'true' }}
uses: ./.github/workflows/verify-instrumentation.yml
secrets: inherit
create_integrated_jar:
name: Create Integrated Agent jar
if: ${{ always() }}
needs: [build-csec-agent, verify-instrumentation]
runs-on: ubuntu-20.04
steps:
- name: Print Inputs
run: echo "${{ toJSON(github.event.inputs) }}"
- name: Checkout CSEC Java agent
uses: actions/checkout@v3
with:
ref: ${{ github.ref }}
- name: Setup environment
uses: ./.github/actions/setup-environment
with:
apm-repo: ${{ inputs.apm-repo }}
apm-branch: ${{ inputs.apm-source-ref }}
apm-aws-access-key-id: ${{ secrets.APM_AWS_ACCESS_KEY_ID }}
apm-aws-secret-access-key: ${{ secrets.APM_AWS_SECRET_ACCESS_KEY }}
apm-aws-region: us-east-2
- name: Build Integrated Agent Jar
uses: ./.github/actions/build-apm-jar
- name: Set summary
run: |
echo "${{ inputs.description }}" >> $GITHUB_STEP_SUMMARY
echo "This jar was built from the ref ${{ github.ref }}." >> $GITHUB_STEP_SUMMARY
- name: Send slack notification
uses: slackapi/[email protected]
if: ${{ inputs.slack-notify == 'true' }}
with:
payload: |
{
"task": "Integrated jar build",
"job-ref": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}",
"build-number": "${{ github.run_id }}-${{ github.run_number }}",
"apm-full-ref": "${{ github.server_url }}/${{ inputs.apm-repo }}/tree/${{ inputs.apm-source-ref }}",
"apm-source-ref": "${{ inputs.apm-source-ref }}",
"apm-version": "${{ env.APM_VERSION }}",
"security-full-ref": "${{ github.server_url }}/${{ github.repository }}/tree/${{ github.ref }}",
"security-source-ref": "${{ github.ref }}",
"security-version": "${{ env.SECURITY_VERSION }}",
"security-json-version": "${{ env.SECURITY_JSON_VERSION }}",
"changelog-url": "${{ github.server_url }}/${{ github.repository }}/blob/${{ github.ref }}/Changelog.md",
"custom-message": "${{ inputs.description }}",
"artifact-download-link": "https://nr-java-sec-agent.s3.us-west-2.amazonaws.com/integrated-builds/${{ github.run_id }}-${{ github.run_number }}/newrelic.zip"
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}