Skip to content

fix: Dockerfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-8235199 - https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-8235199 #8

fix: Dockerfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-8235199 - https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-8235199

fix: Dockerfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-8235199 - https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-8235199 #8

# We use a single workflow to build all packages because github.run_number is
# specific to each workflow. This ensures that each package has an
# OTC_BUILD_NUMBER that is greater than previous runs which allows package
# upgrades from one build to the next.
name: 'Build packages'
# Sets the name of the CI run based on whether the run was triggered by a push
# or remotely with or without workflow_run_id set. The name used for push events
# is the full commit message as I have not been able to find a way to only show
# the commit title (first 72 characters of commit message) - Justin K.
run-name: >
${{
github.event.inputs.workflow_id != '' &&
format('Build for Remote Workflow: {0}', github.event.inputs.workflow_id)
||
github.event.inputs.otc_version != '' &&
github.event.inputs.otc_sumo_version != '' &&
format('Build for GitHub Release: {0}-sumo-{1}',
github.event.inputs.otc_version, github.event.inputs.otc_sumo_version)
||
github.event.head_commit.message
}}
on:
push:
branches:
- '**'
tags-ignore:
- '**'
pull_request:
workflow_dispatch:
inputs:
workflow_id:
description: |
Workflow Run ID from the SumoLogic/sumologic-otel-collector repository
to download artifacts from. The artifacts for the specified workflow
must contain an otelcol-sumo binary for each platform that packages
are being built for.
required: false
type: string
otc_version:
description: |
Version of otelcol-sumo to package in A.B.C format.
required: false
type: string
otc_sumo_version:
description: |
Sumo version of otelcol-sumo to package. E.g. the X in A.B.C-sumo-X.
required: false
type: string
release:
description: Publish release
type: boolean
require: false
default: false
jobs:
# Determines the latest version which will be used to fetch artifacts from a
# GitHub Release and as the version of the packages being built. This is
# skipped if the otc_version and otc_sumo_version inputs have been set.
determine_version:
runs-on: ubuntu-latest
name: Determine version
outputs:
otc_version: >-
${{
github.event.inputs.otc_version ||
steps.version-core.outputs.version
}}
otc_sumo_version: >-
${{
github.event.inputs.otc_sumo_version ||
steps.sumo-version.outputs.version
}}
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Output Remote Workflow URL
if: github.event.inputs.workflow_id != ''
run: echo ::notice title=Remote Workflow URL::https://github.com/SumoLogic/sumologic-otel-collector/actions/runs/${{ github.event.inputs.workflow_id }}
- name: Determine latest release
id: release
uses: ./ci/github-actions/get-latest-release
if: >
github.event.inputs.otc_version == '' &&
github.event.inputs.otc_sumo_version == ''
with:
token: ${{ github.token }}
owner: SumoLogic
repository: sumologic-otel-collector
- name: Determine version core from release
id: version-core
if: >
github.event.inputs.otc_version == '' &&
github.event.inputs.otc_sumo_version == ''
env:
VERSION_TAG: ${{ steps.release.outputs.tag_name }}
run: >
./ci/get_version.sh otc_version > /tmp/otc_version &&
cat /tmp/otc_version &&
echo "version=$(cat /tmp/otc_version)" >> $GITHUB_OUTPUT
- name: Determine sumo version from release
id: sumo-version
if: >
github.event.inputs.otc_version == '' &&
github.event.inputs.otc_sumo_version == ''
env:
VERSION_TAG: ${{ steps.release.outputs.tag_name }}
run: >
./ci/get_version.sh otc_sumo_version > /tmp/otc_sumo_version &&
cat /tmp/otc_sumo_version &&
echo "version=$(cat /tmp/otc_sumo_version)" >> $GITHUB_OUTPUT
- name: Debug 1
run: env
- name: Debug 2
run: cat $GITHUB_OUTPUT
# Builds a package for each cmake target in the matrix. The target must be an
# existing file name (without extension) in the targets directory.
build_packages:
name: ${{ matrix.target }}
uses: ./.github/workflows/_reusable_build_package.yml
needs:
- determine_version
with:
otc_version: ${{ needs.determine_version.outputs.otc_version }}
otc_sumo_version: ${{ needs.determine_version.outputs.otc_sumo_version }}
otc_build_number: ${{ github.run_number }}
cmake_target: ${{ matrix.target }}
workflow_id: ${{ github.event.inputs.workflow_id }}
runs_on: ${{ matrix.runs_on }}
secrets:
gh_artifacts_token: ${{ secrets.GH_ARTIFACTS_TOKEN }}
strategy:
matrix:
include:
- target: otc_linux_amd64_deb
runs_on: ubuntu-latest
- target: otc_linux_amd64_rpm
runs_on: ubuntu-latest
- target: otc_darwin_amd64_productbuild
runs_on: macos-latest
- target: otc_darwin_arm64_productbuild
runs_on: macos-latest
publish_release:
runs-on: ubuntu-latest
needs:
- build_packages
- determine_version
permissions:
contents: write
steps:
- name: Download all packages stored as artifacts
uses: actions/download-artifact@v3
with:
path: artifacts/
- name: Debug
run: env
- uses: ncipollo/release-action@v1
with:
name: v${{ needs.determine_version.outputs.otc_version }}-${{ github.run_number }}
commit: ${{ github.sha }}
tag: v${{ needs.determine_version.outputs.otc_version }}-${{ github.run_number }}
draft: true
prerelease: false
allowUpdates: true
omitBodyDuringUpdate: true
omitNameDuringUpdate: true
artifacts: "artifacts/*/*"
artifactErrorsFailBuild: true
replacesArtifacts: true
body: |
## v${{ needs.determine_version.outputs.otc_version }}-${{ github.run_number }}
**TODO**