diff --git a/.github/workflows/component_linux_packaging.yml b/.github/workflows/component_linux_packaging.yml index 141d42092..0d3165724 100644 --- a/.github/workflows/component_linux_packaging.yml +++ b/.github/workflows/component_linux_packaging.yml @@ -13,6 +13,10 @@ on: required: true GPG_PRIVATE_KEY_BASE64: required: true + OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: + required: true + OHAI_KEY_ID: + required: true GH_TOKEN: required: true inputs: @@ -32,6 +36,8 @@ env: GPG_MAIL: ${{ secrets.GPG_MAIL }} GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.GPG_PRIVATE_KEY_BASE64 }} # base64 encoded + OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} # base64 encoded + OHAI_KEY_ID: ${{ secrets.OHAI_KEY_ID }} TAG: ${{ inputs.TAG }} DOCKER_HUB_ID: ${{ secrets.DOCKER_HUB_ID }} DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }} diff --git a/.github/workflows/component_linux_publish.yml b/.github/workflows/component_linux_publish.yml index 0d62af8d1..dc48f7825 100644 --- a/.github/workflows/component_linux_publish.yml +++ b/.github/workflows/component_linux_publish.yml @@ -11,6 +11,8 @@ on: required: true GPG_PRIVATE_KEY_BASE64: required: true + OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: + required: true AWS_ACCESS_KEY_ID: required: true AWS_SECRET_ACCESS_KEY: @@ -47,6 +49,7 @@ env: GPG_MAIL: 'infrastructure-eng@newrelic.com' GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.GPG_PRIVATE_KEY_BASE64 }} # base64 encoded + OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} # base64 encoded TAG: ${{ inputs.TAG }} DOCKER_HUB_ID: ${{ secrets.DOCKER_HUB_ID }} DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }} @@ -109,3 +112,26 @@ jobs: gpg_passphrase: ${{ env.GPG_PASSPHRASE }} gpg_private_key_base64: ${{ env.GPG_PRIVATE_KEY_BASE64 }} disable_lock: ${{ env.DISABLE_LOCK }} + + - name: Publish ${{ matrix.assetsType }} latest to S3 action + if: ${{ (env.ASSETS_TYPE == 'rpm' || 'rpm' == matrix.assetsType) }} + uses: newrelic/infrastructure-publish-action@v1 + with: + tag: ${{env.TAG}} + app_name: "newrelic-infra${{ matrix.suffix }}" + repo_name: "newrelic/infrastructure-agent" + schema: "custom" + schema_url: "https://raw.githubusercontent.com/newrelic/infrastructure-agent/${{ env.SCHEMA_BRANCH }}/build/upload-schema-linux-${{ matrix.assetsType }}${{ matrix.suffix }}-latest.yml" + aws_access_key_id: ${{ env.AWS_ACCESS_KEY_ID }} + aws_secret_access_key: ${{ env.AWS_SECRET_ACCESS_KEY }} + aws_s3_bucket_name: ${{ env.AWS_S3_BUCKET_NAME }} + aws_s3_lock_bucket_name: ${{ env.AWS_S3_LOCK_BUCKET_NAME }} + access_point_host: ${{ env.ACCESS_POINT_HOST }} + run_id: ${{ env.RUN_ID }} + aws_region: ${{ env.AWS_REGION }} + aws_role_session_name: ${{ env.AWS_ROLE_SESSION_NAME }} + aws_role_arn: ${{ env.AWS_ROLE_ARN }} + # used for signing package stuff + gpg_passphrase: ${{ env.GPG_PASSPHRASE }} + gpg_private_key_base64: ${{ env.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} + disable_lock: ${{ env.DISABLE_LOCK }} \ No newline at end of file diff --git a/.github/workflows/component_molecule_packaging.yml b/.github/workflows/component_molecule_packaging.yml index b4c19af7c..123aac54b 100644 --- a/.github/workflows/component_molecule_packaging.yml +++ b/.github/workflows/component_molecule_packaging.yml @@ -28,7 +28,7 @@ jobs: repo_base_url: ${{ inputs.REPO_ENDPOINT }} package_name: 'newrelic-infra' package_version: ${{ inputs.TAG }} - platforms: "al2,al2023,debian-bullseye,debian-bookworm,debian-trixie,redhat8,redhat9,suse15.3,suse15.4,suse15.5,suse15.6,suse15.7,ubuntu1604,ubuntu1804,ubuntu2004,ubuntu2204,ubuntu2404" + platforms: "al2,al2023,debian-bullseye,debian-bookworm,debian-trixie,redhat8,redhat9,redhat10,suse15.3,suse15.4,suse15.5,suse15.6,suse15.7,ubuntu1604,ubuntu1804,ubuntu2004,ubuntu2204,ubuntu2404" - name: Test FIPS package installation uses: newrelic/pkg-installation-testing-action@v1 with: @@ -37,4 +37,4 @@ jobs: package_name: 'newrelic-infra-fips' exec_name: 'newrelic-infra' package_version: ${{ inputs.TAG }} - platforms: "al2,al2023,debian-bullseye,debian-bookworm,debian-trixie,redhat8,redhat9,suse15.3,suse15.4,suse15.5,suse15.6,suse15.7,ubuntu1604,ubuntu1804,ubuntu2004,ubuntu2204,ubuntu2404" + platforms: "al2,al2023,debian-bullseye,debian-bookworm,debian-trixie,redhat8,redhat9,redhat10,suse15.3,suse15.4,suse15.5,suse15.6,suse15.7,ubuntu1604,ubuntu1804,ubuntu2004,ubuntu2204,ubuntu2404" diff --git a/.github/workflows/prerelease_linux.yml b/.github/workflows/prerelease_linux.yml index 2c9490a7f..fa0b063a7 100644 --- a/.github/workflows/prerelease_linux.yml +++ b/.github/workflows/prerelease_linux.yml @@ -27,6 +27,8 @@ jobs: GPG_MAIL: 'infrastructure-eng@newrelic.com' GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded + OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} # base64 encoded + OHAI_KEY_ID: ${{ secrets.OHAI_KEY_ID }} GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: TAG: ${{ github.event.release.tag_name }} @@ -41,6 +43,8 @@ jobs: GPG_MAIL: 'infrastructure-eng@newrelic.com' GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded + OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} # base64 encoded + OHAI_KEY_ID: ${{ secrets.OHAI_KEY_ID }} GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: TAG: ${{ github.event.release.tag_name }} @@ -56,6 +60,8 @@ jobs: GPG_MAIL: 'infrastructure-eng@newrelic.com' GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded + OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} # base64 encoded + OHAI_KEY_ID: ${{ secrets.OHAI_KEY_ID }} GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: TAG: ${{ github.event.release.tag_name }} @@ -70,6 +76,8 @@ jobs: GPG_MAIL: 'infrastructure-eng@newrelic.com' GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded + OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} # base64 encoded + OHAI_KEY_ID: ${{ secrets.OHAI_KEY_ID }} GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: TAG: ${{ github.event.release.tag_name }} @@ -84,6 +92,8 @@ jobs: GPG_MAIL: 'infrastructure-eng@newrelic.com' GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded + OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} # base64 encoded + OHAI_KEY_ID: ${{ secrets.OHAI_KEY_ID }} GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: TAG: ${{ github.event.release.tag_name }} @@ -99,6 +109,8 @@ jobs: GPG_MAIL: 'infrastructure-eng@newrelic.com' GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded + OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} # base64 encoded + OHAI_KEY_ID: ${{ secrets.OHAI_KEY_ID }} GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: TAG: ${{ github.event.release.tag_name }} @@ -113,6 +125,8 @@ jobs: GPG_MAIL: 'infrastructure-eng@newrelic.com' GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded + OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} # base64 encoded + OHAI_KEY_ID: ${{ secrets.OHAI_KEY_ID }} GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: TAG: ${{ github.event.release.tag_name }} @@ -133,6 +147,8 @@ jobs: GPG_MAIL: 'infrastructure-eng@newrelic.com' GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded + OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} # base64 encoded + OHAI_KEY_ID: ${{ secrets.OHAI_KEY_ID }} GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: TAG: ${{ github.event.release.tag_name }} @@ -156,6 +172,7 @@ jobs: DOCKER_HUB_PASSWORD: ${{secrets.OHAI_DOCKER_HUB_PASSWORD}} GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded + OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} # base64 encoded AWS_ACCESS_KEY_ID: ${{ secrets.OHAI_AWS_ACCESS_KEY_ID_STAGING }} AWS_SECRET_ACCESS_KEY: ${{ secrets.OHAI_AWS_SECRET_ACCESS_KEY_STAGING }} AWS_ROLE_ARN: ${{ secrets.OHAI_AWS_ROLE_ARN_STAGING }} diff --git a/.github/workflows/prerelease_linux_on_demand.yml b/.github/workflows/prerelease_linux_on_demand.yml index 049c610bd..b8553a765 100644 --- a/.github/workflows/prerelease_linux_on_demand.yml +++ b/.github/workflows/prerelease_linux_on_demand.yml @@ -31,6 +31,8 @@ env: # required for GHA publish action, should be moved into optional GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded + OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} # base64 encoded + OHAI_KEY_ID: ${{ secrets.OHAI_KEY_ID }} BRANCH: ${{ github.event.inputs.branch }} # publish packages to a custom path DEST_PREFIX: ${{ github.event.inputs.dest_prefix }} @@ -116,12 +118,38 @@ jobs: # used for signing package stuff gpg_passphrase: ${{ env.GPG_PASSPHRASE }} gpg_private_key_base64: ${{ env.GPG_PRIVATE_KEY_BASE64 }} + ohai_gpg_private_key_sha256_base64: ${{ env.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} disable_lock: ${{ env.DISABLE_LOCK }} dest_prefix: ${{ env.DEST_PREFIX }} local_packages_path: "/srv/dist/" apt_skip_mirror: ${{ env.SKIP_MIRROR_REPO }} - - name: Publish NON-FIPS rpm to S3 action + - name: Publish NON-FIPS rpm to S3 action for latest OS + if: ${{ inputs.BUILD_MODE == 'ALL' || inputs.BUILD_MODE == 'NON-FIPS' }} + uses: newrelic/infrastructure-publish-action@v1 + with: + tag: ${{env.FAKE_TAG}} + app_name: "newrelic-infra" + repo_name: "newrelic/infrastructure-agent" + schema: "custom" + schema_url: "https://raw.githubusercontent.com/newrelic/infrastructure-agent/${{ env.BRANCH }}/build/upload-schema-linux-rpm-latest.yml" + aws_access_key_id: ${{ env.AWS_ACCESS_KEY_ID }} + aws_secret_access_key: ${{ env.AWS_SECRET_ACCESS_KEY }} + aws_s3_bucket_name: ${{ env.AWS_S3_BUCKET_NAME }} + aws_s3_lock_bucket_name: ${{ env.AWS_S3_LOCK_BUCKET_NAME }} + access_point_host: ${{ env.ACCESS_POINT_HOST }} + run_id: ${{ env.RUN_ID }} + aws_region: ${{ env.AWS_REGION }} + aws_role_session_name: ${{ env.AWS_ROLE_SESSION_NAME }} + aws_role_arn: ${{ env.AWS_ROLE_ARN }} + # used for signing package stuff + gpg_passphrase: ${{ env.GPG_PASSPHRASE }} + gpg_private_key_base64: ${{ env.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} + disable_lock: ${{ env.DISABLE_LOCK }} + dest_prefix: ${{ env.DEST_PREFIX }} + local_packages_path: "/srv/dist/" + + - name: Publish NON-FIPS rpm to S3 action if: ${{ inputs.BUILD_MODE == 'ALL' || inputs.BUILD_MODE == 'NON-FIPS' }} uses: newrelic/infrastructure-publish-action@v1 with: @@ -216,6 +244,31 @@ jobs: local_packages_path: "/srv/dist/" apt_skip_mirror: ${{ env.SKIP_MIRROR_REPO }} + - name: Publish FIPS rpm to S3 action for latest OS + if: ${{ inputs.BUILD_MODE == 'ALL' || inputs.BUILD_MODE == 'FIPS' }} + uses: newrelic/infrastructure-publish-action@v1 + with: + tag: ${{env.FAKE_TAG}} + app_name: "newrelic-infra-fips" + repo_name: "newrelic/infrastructure-agent" + schema: "custom" + schema_url: "https://raw.githubusercontent.com/newrelic/infrastructure-agent/${{ env.BRANCH }}/build/upload-schema-linux-rpm-fips-latest.yml" + aws_access_key_id: ${{ env.AWS_ACCESS_KEY_ID }} + aws_secret_access_key: ${{ env.AWS_SECRET_ACCESS_KEY }} + aws_s3_bucket_name: ${{ env.AWS_S3_BUCKET_NAME }} + aws_s3_lock_bucket_name: ${{ env.AWS_S3_LOCK_BUCKET_NAME }} + access_point_host: ${{ env.ACCESS_POINT_HOST }} + run_id: ${{ env.RUN_ID }} + aws_region: ${{ env.AWS_REGION }} + aws_role_session_name: ${{ env.AWS_ROLE_SESSION_NAME }} + aws_role_arn: ${{ env.AWS_ROLE_ARN }} + # used for signing package stuff + gpg_passphrase: ${{ env.GPG_PASSPHRASE }} + gpg_private_key_base64: ${{ env.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} + disable_lock: ${{ env.DISABLE_LOCK }} + dest_prefix: ${{ env.DEST_PREFIX }} + local_packages_path: "/srv/dist/" + - name: Publish FIPS rpm to S3 action if: ${{ inputs.BUILD_MODE == 'ALL' || inputs.BUILD_MODE == 'FIPS' }} uses: newrelic/infrastructure-publish-action@v1 @@ -236,7 +289,7 @@ jobs: aws_role_arn: ${{ env.AWS_ROLE_ARN }} # used for signing package stuff gpg_passphrase: ${{ env.GPG_PASSPHRASE }} - gpg_private_key_base64: ${{ env.GPG_PRIVATE_KEY_BASE64 }} + gpg_private_key_base64: ${{ env.GPG_PRIVATE_KEY_BASE64 }} disable_lock: ${{ env.DISABLE_LOCK }} dest_prefix: ${{ env.DEST_PREFIX }} local_packages_path: "/srv/dist/" diff --git a/.github/workflows/prerelease_staged_publish.yml b/.github/workflows/prerelease_staged_publish.yml index d5278b097..f2a990ea9 100644 --- a/.github/workflows/prerelease_staged_publish.yml +++ b/.github/workflows/prerelease_staged_publish.yml @@ -14,6 +14,7 @@ on: env: GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} + OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} TAG: ${{ github.event.inputs.tag }} DOCKER_HUB_ID: ${{ secrets.OHAI_DOCKER_HUB_ID }} DOCKER_HUB_PASSWORD: ${{ secrets.OHAI_DOCKER_HUB_PASSWORD }} @@ -36,6 +37,7 @@ jobs: DOCKER_HUB_PASSWORD: ${{secrets.OHAI_DOCKER_HUB_PASSWORD}} GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded + OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} # base64 encoded AWS_ACCESS_KEY_ID: ${{ secrets.OHAI_AWS_ACCESS_KEY_ID_STAGING }} AWS_SECRET_ACCESS_KEY: ${{ secrets.OHAI_AWS_SECRET_ACCESS_KEY_STAGING }} AWS_ROLE_ARN: ${{ secrets.OHAI_AWS_ROLE_ARN_STAGING }} @@ -58,6 +60,7 @@ jobs: DOCKER_HUB_PASSWORD: ${{secrets.OHAI_DOCKER_HUB_PASSWORD}} GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded + OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} # base64 encoded AWS_ACCESS_KEY_ID: ${{ secrets.OHAI_AWS_ACCESS_KEY_ID_STAGING }} AWS_SECRET_ACCESS_KEY: ${{ secrets.OHAI_AWS_SECRET_ACCESS_KEY_STAGING }} AWS_ROLE_ARN: ${{ secrets.OHAI_AWS_ROLE_ARN_STAGING }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index da6285ca1..c2c402bda 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -17,6 +17,7 @@ jobs: DOCKER_HUB_PASSWORD: ${{secrets.OHAI_DOCKER_HUB_PASSWORD}} GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded + OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} # base64 encoded AWS_ACCESS_KEY_ID: ${{ secrets.OHAI_AWS_ACCESS_KEY_ID_PRODUCTION }} AWS_SECRET_ACCESS_KEY: ${{ secrets.OHAI_AWS_SECRET_ACCESS_KEY_PRODUCTION }} AWS_ROLE_ARN: ${{ secrets.OHAI_AWS_ROLE_ARN_PRODUCTION }} @@ -38,6 +39,7 @@ jobs: DOCKER_HUB_PASSWORD: ${{secrets.OHAI_DOCKER_HUB_PASSWORD}} GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded + OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} # base64 encoded AWS_ACCESS_KEY_ID: ${{ secrets.OHAI_AWS_ACCESS_KEY_ID_PRODUCTION }} AWS_SECRET_ACCESS_KEY: ${{ secrets.OHAI_AWS_SECRET_ACCESS_KEY_PRODUCTION }} AWS_ROLE_ARN: ${{ secrets.OHAI_AWS_ROLE_ARN_PRODUCTION }} diff --git a/.github/workflows/release_staged.yml b/.github/workflows/release_staged.yml index 3520ec650..dc395837f 100644 --- a/.github/workflows/release_staged.yml +++ b/.github/workflows/release_staged.yml @@ -24,6 +24,7 @@ jobs: DOCKER_HUB_PASSWORD: ${{secrets.OHAI_DOCKER_HUB_PASSWORD}} GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded + OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} # base64 encoded AWS_ACCESS_KEY_ID: ${{ secrets.OHAI_AWS_ACCESS_KEY_ID_PRODUCTION }} AWS_SECRET_ACCESS_KEY: ${{ secrets.OHAI_AWS_SECRET_ACCESS_KEY_PRODUCTION }} AWS_ROLE_ARN: ${{ secrets.OHAI_AWS_ROLE_ARN_PRODUCTION }} @@ -45,6 +46,7 @@ jobs: DOCKER_HUB_PASSWORD: ${{secrets.OHAI_DOCKER_HUB_PASSWORD}} GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded + OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} # base64 encoded AWS_ACCESS_KEY_ID: ${{ secrets.OHAI_AWS_ACCESS_KEY_ID_PRODUCTION }} AWS_SECRET_ACCESS_KEY: ${{ secrets.OHAI_AWS_SECRET_ACCESS_KEY_PRODUCTION }} AWS_ROLE_ARN: ${{ secrets.OHAI_AWS_ROLE_ARN_PRODUCTION }} diff --git a/build/ci.mk b/build/ci.mk index 9f2642827..6aba83303 100644 --- a/build/ci.mk +++ b/build/ci.mk @@ -113,6 +113,8 @@ ifdef TAG -e GPG_MAIL \ -e GPG_PASSPHRASE \ -e GPG_PRIVATE_KEY_BASE64 \ + -e OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 \ + -e OHAI_KEY_ID \ -e SNAPSHOT=false \ -e FIPS=$(FIPS) \ $(BUILDER_IMG_TAG) make release-${TARGET_OS} diff --git a/build/goreleaser/linux/rhel_10_amd64.yml b/build/goreleaser/linux/rhel_10_amd64.yml new file mode 100644 index 000000000..4d1c9b686 --- /dev/null +++ b/build/goreleaser/linux/rhel_10_amd64.yml @@ -0,0 +1,95 @@ + # RHEL 10 amd64 + + - id: rhel-10-infrastructure-agent + builds: + - linux-agent-amd64 + - linux-ctl-amd64 + - linux-service-amd64 + package_name: "newrelic-infra{{ .Env.FIPS }}" + file_name_template: >- + newrelic-infra{{ .Env.FIPS }}- + {{- .Env.TAG }}-1.el10. + {{- if eq .Arch "amd64" -}}x86_64 + {{- else -}} + {{ .Arch }} + {{- end }} + vendor: 'New Relic, Inc.' + homepage: 'https://docs.newrelic.com/docs/release-notes/infrastructure-release-notes/infrastructure-agent-release-notes' + maintainer: 'caos-team@newrelic.com' + description: 'New Relic Infrastructure provides flexible, dynamic server monitoring. With real-time data collection and a UI that scales from a handful of hosts to thousands, Infrastructure is designed for modern Operations teams with fast-changing systems.' + license: 'Copyright (c) 2008-2021 New Relic, Inc. All rights reserved.' + formats: + - rpm + bindir: /usr/bin + contents: + - src: 'assets/examples/logging/linux/file.yml.example' + dst: '/etc/newrelic-infra/logging.d/file.yml.example' + - src: 'assets/examples/logging/linux/fluentbit.yml.example' + dst: '/etc/newrelic-infra/logging.d/fluentbit.yml.example' + - src: 'assets/examples/logging/linux/syslog.yml.example' + dst: '/etc/newrelic-infra/logging.d/syslog.yml.example' + - src: 'assets/examples/logging/linux/systemd.yml.example' + dst: '/etc/newrelic-infra/logging.d/systemd.yml.example' + - src: 'assets/examples/logging/linux/tcp.yml.example' + dst: '/etc/newrelic-infra/logging.d/tcp.yml.example' + + - src: 'build/package/systemd/newrelic-infra.service' + dst: '/etc/systemd/system/newrelic-infra.service' + - src: 'LICENSE' + dst: '/var/db/newrelic-infra/LICENSE.txt' + - src: 'target/nridocker/amd64/etc/newrelic-infra/integrations.d/docker-config.yml' + dst: '/etc/newrelic-infra/integrations.d/docker-config.yml' + type: config + - src: 'target/nridocker/amd64/var/db/newrelic-infra/newrelic-integrations/bin/nri-docker' + dst: '/opt/newrelic-infra/newrelic-integrations/bin/nri-docker' + - src: 'target/nriflex/amd64/nri-flex' + dst: '/opt/newrelic-infra/newrelic-integrations/bin/nri-flex' + - src: 'target/nriprometheus/amd64/var/db/newrelic-infra/newrelic-integrations/bin/nri-prometheus' + dst: '/opt/newrelic-infra/newrelic-integrations/bin/nri-prometheus' + - src: 'target/fluent-bit-plugin/amd64/out_newrelic.so' + dst: '/var/db/newrelic-infra/newrelic-integrations/logging/out_newrelic.so' + - src: 'assets/examples/logging/parsers.conf' + dst: '/var/db/newrelic-infra/newrelic-integrations/logging/parsers.conf' + + - dst: /opt/newrelic-infra/custom-integrations + type: dir + - dst: /opt/newrelic-infra/newrelic-integrations + type: dir + - dst: /var/db/newrelic-infra/custom-integrations + type: dir + - dst: /var/db/newrelic-infra/integrations.d + type: dir + - dst: /var/log/newrelic-infra + type: dir + - dst: /var/run/newrelic-infra + type: dir + epoch: 0 + release: 1.el10 + + # Scripts to execute during the installation of the package. + scripts: + preinstall: "build/package/before-install.sh" + preremove: "build/package/rpm/prerm-systemd.sh" + + # Packages to replace according to old packaging scripts. + replaces: + - opspro-agent + - opspro-agent-systemd + # Section. + section: default + # Priority. + priority: extra + rpm: + scripts: + posttrans: "build/package/rpm/postinst-systemd.sh" + + summary: "New Relic Infrastructure Agent" + group: default + # Recommended packages. If they fail to install installation of the agent will not be interrupted. + recommends: + - fluent-bit + # conflicts is not "templatable", so we add the conflicts-suffix-placeholder to be replaced later + conflicts: + - newrelic-infra#conflicts-suffix-placeholder# + + # end RHEL 10 amd64 \ No newline at end of file diff --git a/build/goreleaser/linux/rhel_10_arm.yml b/build/goreleaser/linux/rhel_10_arm.yml new file mode 100644 index 000000000..1f385d76f --- /dev/null +++ b/build/goreleaser/linux/rhel_10_arm.yml @@ -0,0 +1,87 @@ + # RHEL 10 arm + + - id: rhel-10-infrastructure-agent-arm + builds: + - linux-agent-arm + - linux-ctl-arm + - linux-service-arm + package_name: newrelic-infra + file_name_template: "newrelic-infra-{{ .Env.TAG }}-1.el10.{{ .Arch }}" + vendor: 'New Relic, Inc.' + homepage: 'https://docs.newrelic.com/docs/release-notes/infrastructure-release-notes/infrastructure-agent-release-notes' + maintainer: 'caos-team@newrelic.com' + description: 'New Relic Infrastructure provides flexible, dynamic server monitoring. With real-time data collection and a UI that scales from a handful of hosts to thousands, Infrastructure is designed for modern Operations teams with fast-changing systems.' + license: 'Copyright (c) 2008-2021 New Relic, Inc. All rights reserved.' + formats: + - rpm + bindir: /usr/bin + contents: + # - src: 'assets/examples/logging/linux/file.yml.example' + # dst: '/etc/newrelic-infra/logging.d/file.yml.example' + # - src: 'assets/examples/logging/linux/fluentbit.yml.example' + # dst: '/etc/newrelic-infra/logging.d/fluentbit.yml.example' + # - src: 'assets/examples/logging/linux/syslog.yml.example' + # dst: '/etc/newrelic-infra/logging.d/syslog.yml.example' + # - src: 'assets/examples/logging/linux/systemd.yml.example' + # dst: '/etc/newrelic-infra/logging.d/systemd.yml.example' + # - src: 'assets/examples/logging/linux/tcp.yml.example' + # dst: '/etc/newrelic-infra/logging.d/tcp.yml.example' + + - src: 'build/package/systemd/newrelic-infra.service' + dst: '/etc/systemd/system/newrelic-infra.service' + - src: 'LICENSE' + dst: '/var/db/newrelic-infra/LICENSE.txt' + - src: 'target/nridocker/{{ .Arch }}/etc/newrelic-infra/integrations.d/docker-config.yml' + dst: '/etc/newrelic-infra/integrations.d/docker-config.yml' + type: config + - src: 'target/nridocker/{{ .Arch }}/var/db/newrelic-infra/newrelic-integrations/bin/nri-docker' + dst: '/opt/newrelic-infra/newrelic-integrations/bin/nri-docker' + - src: 'target/nriflex/{{ .Arch }}/nri-flex' + dst: '/opt/newrelic-infra/newrelic-integrations/bin/nri-flex' + - src: 'target/nriprometheus/{{ .Arch }}/var/db/newrelic-infra/newrelic-integrations/bin/nri-prometheus' + dst: '/opt/newrelic-infra/newrelic-integrations/bin/nri-prometheus' + # - src: 'target/fluent-bit-plugin/{{ .Arch }}/out_newrelic.so' + # dst: '/var/db/newrelic-infra/newrelic-integrations/logging/out_newrelic.so' + # - src: 'assets/examples/logging/parsers.conf' + # dst: '/var/db/newrelic-infra/newrelic-integrations/logging/parsers.conf' + + - dst: /opt/newrelic-infra/custom-integrations + type: dir + - dst: /opt/newrelic-infra/newrelic-integrations + type: dir + - dst: /var/db/newrelic-infra/custom-integrations + type: dir + - dst: /var/db/newrelic-infra/integrations.d + type: dir + - dst: /var/log/newrelic-infra + type: dir + - dst: /var/run/newrelic-infra + type: dir + epoch: 0 + release: 1.el10 + + # Scripts to execute during the installation of the package. + scripts: + preinstall: "build/package/before-install.sh" + preremove: "build/package/rpm/prerm-systemd.sh" + # Packages to replace according to old packaging scripts. + replaces: + - opspro-agent + - opspro-agent-systemd + # Section. + section: default + # Priority. + priority: extra + rpm: + scripts: + posttrans: "build/package/rpm/postinst-systemd.sh" + + summary: "New Relic Infrastructure Agent" + group: default + # Recommended packages. If they fail to install installation of the agent will not be interrupted. +# recommends: +# FB not supported yet +# - td-agent-bit #To be removed on removal of the ff fluent_bit_19 +# - fluent-bit + + # end RHEL 10 arm \ No newline at end of file diff --git a/build/goreleaser/linux/rhel_10_arm64.yml b/build/goreleaser/linux/rhel_10_arm64.yml new file mode 100644 index 000000000..e1090fa9f --- /dev/null +++ b/build/goreleaser/linux/rhel_10_arm64.yml @@ -0,0 +1,88 @@ + # RHEL 10 arm64 + + - id: rhel-10-infrastructure-agent-arm64 + builds: + - linux-agent-arm64 + - linux-ctl-arm64 + - linux-service-arm64 + package_name: "newrelic-infra{{ .Env.FIPS }}" + file_name_template: "newrelic-infra{{ .Env.FIPS }}-{{ .Env.TAG }}-1.el10.{{ .Arch }}" + vendor: 'New Relic, Inc.' + homepage: 'https://docs.newrelic.com/docs/release-notes/infrastructure-release-notes/infrastructure-agent-release-notes' + maintainer: 'caos-team@newrelic.com' + description: 'New Relic Infrastructure provides flexible, dynamic server monitoring. With real-time data collection and a UI that scales from a handful of hosts to thousands, Infrastructure is designed for modern Operations teams with fast-changing systems.' + license: 'Copyright (c) 2008-2021 New Relic, Inc. All rights reserved.' + formats: + - rpm + bindir: /usr/bin + contents: + - src: 'assets/examples/logging/linux/file.yml.example' + dst: '/etc/newrelic-infra/logging.d/file.yml.example' + - src: 'assets/examples/logging/linux/fluentbit.yml.example' + dst: '/etc/newrelic-infra/logging.d/fluentbit.yml.example' + - src: 'assets/examples/logging/linux/syslog.yml.example' + dst: '/etc/newrelic-infra/logging.d/syslog.yml.example' + - src: 'assets/examples/logging/linux/systemd.yml.example' + dst: '/etc/newrelic-infra/logging.d/systemd.yml.example' + - src: 'assets/examples/logging/linux/tcp.yml.example' + dst: '/etc/newrelic-infra/logging.d/tcp.yml.example' + + - src: 'build/package/systemd/newrelic-infra.service' + dst: '/etc/systemd/system/newrelic-infra.service' + - src: 'LICENSE' + dst: '/var/db/newrelic-infra/LICENSE.txt' + - src: 'target/nridocker/{{ .Arch }}/etc/newrelic-infra/integrations.d/docker-config.yml' + dst: '/etc/newrelic-infra/integrations.d/docker-config.yml' + type: config + - src: 'target/nridocker/{{ .Arch }}/var/db/newrelic-infra/newrelic-integrations/bin/nri-docker' + dst: '/opt/newrelic-infra/newrelic-integrations/bin/nri-docker' + - src: 'target/nriflex/{{ .Arch }}/nri-flex' + dst: '/opt/newrelic-infra/newrelic-integrations/bin/nri-flex' + - src: 'target/nriprometheus/{{ .Arch }}/var/db/newrelic-infra/newrelic-integrations/bin/nri-prometheus' + dst: '/opt/newrelic-infra/newrelic-integrations/bin/nri-prometheus' + - src: 'target/fluent-bit-plugin/{{ .Arch }}/out_newrelic.so' + dst: '/var/db/newrelic-infra/newrelic-integrations/logging/out_newrelic.so' + - src: 'assets/examples/logging/parsers.conf' + dst: '/var/db/newrelic-infra/newrelic-integrations/logging/parsers.conf' + + - dst: /opt/newrelic-infra/custom-integrations + type: dir + - dst: /opt/newrelic-infra/newrelic-integrations + type: dir + - dst: /var/db/newrelic-infra/custom-integrations + type: dir + - dst: /var/db/newrelic-infra/integrations.d + type: dir + - dst: /var/log/newrelic-infra + type: dir + - dst: /var/run/newrelic-infra + type: dir + epoch: 0 + release: 1.el10 + + # Scripts to execute during the installation of the package. + scripts: + preinstall: "build/package/before-install.sh" + preremove: "build/package/rpm/prerm-systemd.sh" + # Packages to replace according to old packaging scripts. + replaces: + - opspro-agent + - opspro-agent-systemd + # Section. + section: default + # Priority. + priority: extra + rpm: + scripts: + posttrans: "build/package/rpm/postinst-systemd.sh" + + summary: "New Relic Infrastructure Agent" + group: default + # Recommended packages. If they fail to install installation of the agent will not be interrupted. + recommends: + - fluent-bit + # conflicts is not "templatable", so we add the conflicts-suffix-placeholder to be replaced later + conflicts: + - newrelic-infra#conflicts-suffix-placeholder# + + # end RHEL 10 arm64 \ No newline at end of file diff --git a/build/release.mk b/build/release.mk index c9f98ce4c..7fb3665ba 100644 --- a/build/release.mk +++ b/build/release.mk @@ -195,6 +195,7 @@ generate-goreleaser-amd64: $(CURDIR)/build/goreleaser/linux/centos_7_amd64.yml\ $(CURDIR)/build/goreleaser/linux/centos_8_amd64.yml\ $(CURDIR)/build/goreleaser/linux/rhel_9_amd64.yml\ + $(CURDIR)/build/goreleaser/linux/rhel_10_amd64.yml\ $(CURDIR)/build/goreleaser/linux/debian_systemd_amd64.yml\ $(CURDIR)/build/goreleaser/linux/debian_upstart_amd64.yml\ $(CURDIR)/build/goreleaser/linux/sles_114_amd64.yml\ @@ -225,6 +226,7 @@ generate-goreleaser-amd64: $(CURDIR)/build/goreleaser/linux/centos_7_arm.yml\ $(CURDIR)/build/goreleaser/linux/centos_8_arm.yml\ $(CURDIR)/build/goreleaser/linux/rhel_9_arm.yml\ + $(CURDIR)/build/goreleaser/linux/rhel_10_arm.yml\ $(CURDIR)/build/goreleaser/linux/debian_systemd_arm.yml\ $(CURDIR)/build/goreleaser/linux/sles_122_arm.yml\ $(CURDIR)/build/goreleaser/linux/sles_123_arm.yml\ @@ -251,6 +253,7 @@ generate-goreleaser-arm64: $(CURDIR)/build/goreleaser/linux/centos_7_arm64.yml\ $(CURDIR)/build/goreleaser/linux/centos_8_arm64.yml\ $(CURDIR)/build/goreleaser/linux/rhel_9_arm64.yml\ + $(CURDIR)/build/goreleaser/linux/rhel_10_arm64.yml\ $(CURDIR)/build/goreleaser/linux/debian_systemd_arm64.yml\ $(CURDIR)/build/goreleaser/linux/sles_122_arm64.yml\ $(CURDIR)/build/goreleaser/linux/sles_123_arm64.yml\ @@ -303,6 +306,9 @@ generate-goreleaser-multiarch: $(CURDIR)/build/goreleaser/linux/rhel_9_amd64.yml\ $(CURDIR)/build/goreleaser/linux/rhel_9_arm.yml\ $(CURDIR)/build/goreleaser/linux/rhel_9_arm64.yml\ + $(CURDIR)/build/goreleaser/linux/rhel_10_amd64.yml\ + $(CURDIR)/build/goreleaser/linux/rhel_10_arm.yml\ + $(CURDIR)/build/goreleaser/linux/rhel_10_arm64.yml\ $(CURDIR)/build/goreleaser/linux/debian_systemd_amd64.yml\ $(CURDIR)/build/goreleaser/linux/debian_systemd_arm.yml\ $(CURDIR)/build/goreleaser/linux/debian_systemd_arm64.yml\ @@ -364,6 +370,8 @@ generate-goreleaser-multiarch-fips: $(CURDIR)/build/goreleaser/linux/centos_8_arm64.yml\ $(CURDIR)/build/goreleaser/linux/rhel_9_amd64.yml\ $(CURDIR)/build/goreleaser/linux/rhel_9_arm64.yml\ + $(CURDIR)/build/goreleaser/linux/rhel_10_amd64.yml\ + $(CURDIR)/build/goreleaser/linux/rhel_10_arm64.yml\ $(CURDIR)/build/goreleaser/linux/debian_systemd_amd64.yml\ $(CURDIR)/build/goreleaser/linux/debian_systemd_arm64.yml\ $(CURDIR)/build/goreleaser/linux/debian_upstart_amd64.yml\ diff --git a/build/sign.sh b/build/sign.sh index 0ab29daa1..bccb0b57e 100644 --- a/build/sign.sh +++ b/build/sign.sh @@ -22,7 +22,7 @@ start_gpg_agent() { start_gpg_agent -# Sign RPM's +# Sign RPM's (excluding EL10) echo "===> Create .rpmmacros to sign rpm's from Goreleaser" echo "%_gpg_name ${GPG_MAIL}" >> ~/.rpmmacros echo "%_signature gpg" >> ~/.rpmmacros @@ -41,7 +41,7 @@ cd dist sles_regex="(.*sles12.*)" -for rpm_file in $(find -regex ".*\.\(rpm\)");do +for rpm_file in $(find -regex ".*\.\(rpm\)" | grep -v "el10");do echo "===> Signing $rpm_file" ../build/sign_rpm.exp $rpm_file ${GPG_PASSPHRASE} @@ -50,6 +50,38 @@ for rpm_file in $(find -regex ".*\.\(rpm\)");do rpm -v --checksig $rpm_file done +# Sign EL10 RPM's with OHAI GPG key +echo "===> Create .rpmmacros for EL10 rpm's with OHAI GPG key" + +echo "===> Importing OHAI GPG private key for EL10 from GHA secrets..." +printf %s ${OHAI_GPG_PRIVATE_KEY_SHA256_BASE64} | base64 -d | gpg --batch --import - + +echo "%_gpg_name ${OHAI_KEY_ID}" > ~/.rpmmacros_sha256 +echo "%_signature gpg" >> ~/.rpmmacros_sha256 +echo "%_gpg_path /root/.gnupg" >> ~/.rpmmacros_sha256 +echo "%_gpgbin /usr/bin/gpg" >> ~/.rpmmacros_sha256 +echo "%__gpg_sign_cmd %{__gpg} gpg --no-verbose --no-armor --passphrase ${GPG_PASSPHRASE} --no-secmem-warning --digest-algo sha256 -u "%{_gpg_name}" -sbo %{__signature_filename} %{__plaintext_filename}" >> ~/.rpmmacros_sha256 + +echo "===> Importing OHAI GPG signature for EL10, needed from Goreleaser to verify signature" +gpg --export -a ${OHAI_KEY_ID} > /tmp/RPM-GPG-KEY-SHA256-${OHAI_KEY_ID} +rpm --import /tmp/RPM-GPG-KEY-SHA256-${OHAI_KEY_ID} + +# Backup original .rpmmacros and use SHA256 specific one +cp ~/.rpmmacros ~/.rpmmacros_backup +cp ~/.rpmmacros_sha256 ~/.rpmmacros + +for rpm_file in $(find -regex ".*\.\(rpm\)" | grep "el10");do + echo "===> Signing EL10 $rpm_file with OHAI GPG key" + + ../build/sign_rpm.exp $rpm_file ${GPG_PASSPHRASE} + + echo "===> Sign verification $rpm_file" + rpm -v --checksig $rpm_file +done + +# Restore original .rpmmacros +cp ~/.rpmmacros_backup ~/.rpmmacros + # Sign DEB's GNUPGHOME="/root/.gnupg" echo "${GPG_PASSPHRASE}" > "${GNUPGHOME}/gpg-passphrase" @@ -81,4 +113,4 @@ for targz_file in $(find . -type f -name "*.tar.gz"); do else echo "Error: Signature file $asc_file not found." fi -done +done \ No newline at end of file diff --git a/build/upload-schema-linux-rpm-fips-latest.yml b/build/upload-schema-linux-rpm-fips-latest.yml new file mode 100644 index 000000000..88a8fccf3 --- /dev/null +++ b/build/upload-schema-linux-rpm-fips-latest.yml @@ -0,0 +1,40 @@ +--- +- src: "newrelic-infra-fips-{version}-1.el{os_version}.{arch}.rpm" + arch: + - x86_64 + uploads: + - type: yum + dest: "{dest_prefix}linux/yum/el/{os_version}/{arch}/" + os_version: + - 10 + +- src: "newrelic-infra-fips-{version}-1.el{os_version}.{arch}.rpm" + arch: + - arm64 + uploads: + - type: yum + dest: "{dest_prefix}linux/yum/el/{os_version}/{arch}/" + os_version: + - 10 + +######################### + # UPLOAD CHECKSUMS # +######################### + +- src: "newrelic-infra-fips-{version}-1.el{os_version}.{arch}.rpm.sum" + arch: + - x86_64 + uploads: + - type: file + dest: "{dest_prefix}linux/yum/el/{os_version}/{arch}/{src}" + os_version: + - 10 + +- src: "newrelic-infra-fips-{version}-1.el{os_version}.{arch}.rpm.sum" + arch: + - arm64 + uploads: + - type: file + dest: "{dest_prefix}linux/yum/el/{os_version}/aarch64/{src}" + os_version: + - 10 diff --git a/build/upload-schema-linux-rpm-latest.yml b/build/upload-schema-linux-rpm-latest.yml new file mode 100644 index 000000000..fc452a2a5 --- /dev/null +++ b/build/upload-schema-linux-rpm-latest.yml @@ -0,0 +1,51 @@ +--- +# Schema for EL10 RPM packages only - uses OHAI GPG key with SHA256 +- src: "newrelic-infra-{version}-1.el{os_version}.{arch}.rpm" + arch: + - x86_64 + uploads: + - type: yum + dest: "{dest_prefix}linux/yum/el/{os_version}/{arch}/" + os_version: + - 10 + +- src: "newrelic-infra-{version}-1.el{os_version}.{arch}.rpm" + arch: + - arm + - arm64 + uploads: + - type: yum + dest: "{dest_prefix}linux/yum/el/{os_version}/{arch}/" + os_version: + - 10 + +######################### + # UPLOAD CHECKSUMS # +######################### + +- src: "newrelic-infra-{version}-1.el{os_version}.{arch}.rpm.sum" + arch: + - x86_64 + uploads: + - type: file + dest: "{dest_prefix}linux/yum/el/{os_version}/{arch}/{src}" + os_version: + - 10 + +- src: "newrelic-infra-{version}-1.el{os_version}.{arch}.rpm.sum" + arch: + - arm + uploads: + - type: file + dest: "{dest_prefix}linux/yum/el/{os_version}/{arch}/{src}" + os_version: + - 10 + +- src: "newrelic-infra-{version}-1.el{os_version}.{arch}.rpm.sum" + arch: + - arm64 + uploads: + - type: file + dest: "{dest_prefix}linux/yum/el/{os_version}/aarch64/{src}" + os_version: + - 10 \ No newline at end of file diff --git a/test/automated/ansible/group_vars/localhost/main.yml b/test/automated/ansible/group_vars/localhost/main.yml index 256dd682f..4ecc3f768 100644 --- a/test/automated/ansible/group_vars/localhost/main.yml +++ b/test/automated/ansible/group_vars/localhost/main.yml @@ -204,6 +204,13 @@ instances: platform: "linux" python_interpreter: "/usr/bin/python" launch_template: "LaunchTemplateId=lt-0b00afb3f5110a0e6,Version=3" + - ami: "ami-068d5d5ed1eeea07c" + type: "t3a.small" + name: "amd64:redhat-10.0" + username: "ec2-user" + platform: "linux" + python_interpreter: "/usr/bin/python3" + launch_template: "LaunchTemplateId=lt-0b00afb3f5110a0e6,Version=3" ############################ # redhat arm64 ############################ @@ -214,6 +221,13 @@ instances: platform: "linux" python_interpreter: "/usr/bin/python" launch_template: "LaunchTemplateId=lt-0b00afb3f5110a0e6,Version=3" + - ami: "ami-07b21932ee4cac8c0" + type: "t4g.small" + name: "arm64:redhat-10.0" + username: "ec2-user" + platform: "linux" + python_interpreter: "/usr/bin/python3" + launch_template: "LaunchTemplateId=lt-0b00afb3f5110a0e6,Version=3" ############################ # debian amd64 ############################ diff --git a/test/provision/terraform/caos.auto.tfvars.dist b/test/provision/terraform/caos.auto.tfvars.dist index 5f669bc9b..3cb83e7c1 100644 --- a/test/provision/terraform/caos.auto.tfvars.dist +++ b/test/provision/terraform/caos.auto.tfvars.dist @@ -2,9 +2,9 @@ ec2_prefix = "PREFIX:TAG_OR_UNIQUE_NAME" windows_ec2 = ["windows_2016", "windows_2019", "windows_2022", "windows_2025"] -linux_ec2_amd = ["amd64:ubuntu24.04", "amd64:ubuntu22.04", "amd64:ubuntu20.04", "amd64:ubuntu18.04", "amd64:ubuntu16.04", "amd64:centos-stream", "amd64:sles-12.5", "amd64:sles-15.3", "amd64:sles-15.4", "amd64:sles-15.5", "amd64:sles-15.6", "amd64:sles-15.7", "amd64:redhat-8.4", "amd64:redhat-9.0", "amd64:debian-bookworm", "amd64:debian-trixie", "amd64:al-2", "amd64:al-2023", "amd64:al-2023-fips"] +linux_ec2_amd = ["amd64:ubuntu24.04", "amd64:ubuntu22.04", "amd64:ubuntu20.04", "amd64:ubuntu18.04", "amd64:ubuntu16.04", "amd64:centos-stream", "amd64:sles-12.5", "amd64:sles-15.3", "amd64:sles-15.4", "amd64:sles-15.5", "amd64:sles-15.6", "amd64:sles-15.7", "amd64:redhat-8.4", "amd64:redhat-9.0", "amd64:redhat-10.0", "amd64:debian-bookworm", "amd64:debian-trixie", "amd64:al-2", "amd64:al-2023", "amd64:al-2023-fips"] -linux_ec2_arm = ["arm64:ubuntu24.04", "arm64:ubuntu22.04", "arm64:ubuntu20.04", "arm64:ubuntu18.04", "arm64:ubuntu16.04", "arm64:centos-stream", "arm64:sles-15.4", "arm64:sles-15.5", "arm64:sles-15.6", "arm64:sles-15.7", "arm64:redhat-9.0", "arm64:debian-bookworm", "arm64:debian-trixie", "arm64:al-2", "arm64:al-2023", "arm64:al-2023-fips"] +linux_ec2_arm = ["arm64:ubuntu24.04", "arm64:ubuntu22.04", "arm64:ubuntu20.04", "arm64:ubuntu18.04", "arm64:ubuntu16.04", "arm64:centos-stream", "arm64:sles-15.4", "arm64:sles-15.5", "arm64:sles-15.6", "arm64:sles-15.7", "arm64:redhat-9.0", "arm64:redhat-10.0", "arm64:debian-bookworm", "arm64:debian-trixie", "arm64:al-2", "arm64:al-2023", "arm64:al-2023-fips"] ssh_pub_key = "AAAAB3NzaC1yc2EAAAADAQABAAABAQDH9C7BS2XrtXGXFFyL0pNku/Hfy84RliqvYKpuslJFeUivf5QY6Ipi8yXfXn6TsRDbdxfGPi6oOR60Fa+4cJmCo6N5g57hBS6f2IdzQBNrZr7i1I/a3cFeK6XOc1G1tQaurx7Pu+qvACfJjLXKG66tHlaVhAHd/1l2FocgFNUDFFuKS3mnzt9hKys7sB4aO3O0OdohN/0NJC4ldV8/OmeXqqfkiPWcgPx3C8bYyXCX7QJNBHKrzbX1jW51Px7SIDWFDV6kxGwpQGGBMJg/k79gjjM+jhn4fg1/VP/Fx37mAnfLqpcTfiOkzSE80ORGefQ1XfGK/Dpa3ITrzRYW8xlR caos-dev-arm" pvt_key = "~/.ssh/caos-dev-arm.cer"