From f2eaa415ceba5a579d9f882a11ad0bf4eaef67d4 Mon Sep 17 00:00:00 2001 From: mbolla22 Date: Tue, 11 Nov 2025 16:45:38 +0530 Subject: [PATCH 01/23] Added RHEL10 support --- .../component_molecule_packaging.yml | 4 +- build/goreleaser/linux/rhel_10_amd64.yml | 95 +++++++++++++++++++ build/goreleaser/linux/rhel_10_arm.yml | 87 +++++++++++++++++ build/goreleaser/linux/rhel_10_arm64.yml | 88 +++++++++++++++++ build/release.mk | 8 ++ build/upload-schema-linux-rpm-fips.yml | 4 + build/upload-schema-linux-rpm.yml | 5 + .../ansible/group_vars/localhost/main.yml | 14 +++ .../provision/terraform/caos.auto.tfvars.dist | 4 +- 9 files changed, 305 insertions(+), 4 deletions(-) create mode 100644 build/goreleaser/linux/rhel_10_amd64.yml create mode 100644 build/goreleaser/linux/rhel_10_arm.yml create mode 100644 build/goreleaser/linux/rhel_10_arm64.yml diff --git a/.github/workflows/component_molecule_packaging.yml b/.github/workflows/component_molecule_packaging.yml index b4c19af7c..123aac54b 100644 --- a/.github/workflows/component_molecule_packaging.yml +++ b/.github/workflows/component_molecule_packaging.yml @@ -28,7 +28,7 @@ jobs: repo_base_url: ${{ inputs.REPO_ENDPOINT }} package_name: 'newrelic-infra' package_version: ${{ inputs.TAG }} - platforms: "al2,al2023,debian-bullseye,debian-bookworm,debian-trixie,redhat8,redhat9,suse15.3,suse15.4,suse15.5,suse15.6,suse15.7,ubuntu1604,ubuntu1804,ubuntu2004,ubuntu2204,ubuntu2404" + platforms: "al2,al2023,debian-bullseye,debian-bookworm,debian-trixie,redhat8,redhat9,redhat10,suse15.3,suse15.4,suse15.5,suse15.6,suse15.7,ubuntu1604,ubuntu1804,ubuntu2004,ubuntu2204,ubuntu2404" - name: Test FIPS package installation uses: newrelic/pkg-installation-testing-action@v1 with: @@ -37,4 +37,4 @@ jobs: package_name: 'newrelic-infra-fips' exec_name: 'newrelic-infra' package_version: ${{ inputs.TAG }} - platforms: "al2,al2023,debian-bullseye,debian-bookworm,debian-trixie,redhat8,redhat9,suse15.3,suse15.4,suse15.5,suse15.6,suse15.7,ubuntu1604,ubuntu1804,ubuntu2004,ubuntu2204,ubuntu2404" + platforms: "al2,al2023,debian-bullseye,debian-bookworm,debian-trixie,redhat8,redhat9,redhat10,suse15.3,suse15.4,suse15.5,suse15.6,suse15.7,ubuntu1604,ubuntu1804,ubuntu2004,ubuntu2204,ubuntu2404" diff --git a/build/goreleaser/linux/rhel_10_amd64.yml b/build/goreleaser/linux/rhel_10_amd64.yml new file mode 100644 index 000000000..4d1c9b686 --- /dev/null +++ b/build/goreleaser/linux/rhel_10_amd64.yml @@ -0,0 +1,95 @@ + # RHEL 10 amd64 + + - id: rhel-10-infrastructure-agent + builds: + - linux-agent-amd64 + - linux-ctl-amd64 + - linux-service-amd64 + package_name: "newrelic-infra{{ .Env.FIPS }}" + file_name_template: >- + newrelic-infra{{ .Env.FIPS }}- + {{- .Env.TAG }}-1.el10. + {{- if eq .Arch "amd64" -}}x86_64 + {{- else -}} + {{ .Arch }} + {{- end }} + vendor: 'New Relic, Inc.' + homepage: 'https://docs.newrelic.com/docs/release-notes/infrastructure-release-notes/infrastructure-agent-release-notes' + maintainer: 'caos-team@newrelic.com' + description: 'New Relic Infrastructure provides flexible, dynamic server monitoring. With real-time data collection and a UI that scales from a handful of hosts to thousands, Infrastructure is designed for modern Operations teams with fast-changing systems.' + license: 'Copyright (c) 2008-2021 New Relic, Inc. All rights reserved.' + formats: + - rpm + bindir: /usr/bin + contents: + - src: 'assets/examples/logging/linux/file.yml.example' + dst: '/etc/newrelic-infra/logging.d/file.yml.example' + - src: 'assets/examples/logging/linux/fluentbit.yml.example' + dst: '/etc/newrelic-infra/logging.d/fluentbit.yml.example' + - src: 'assets/examples/logging/linux/syslog.yml.example' + dst: '/etc/newrelic-infra/logging.d/syslog.yml.example' + - src: 'assets/examples/logging/linux/systemd.yml.example' + dst: '/etc/newrelic-infra/logging.d/systemd.yml.example' + - src: 'assets/examples/logging/linux/tcp.yml.example' + dst: '/etc/newrelic-infra/logging.d/tcp.yml.example' + + - src: 'build/package/systemd/newrelic-infra.service' + dst: '/etc/systemd/system/newrelic-infra.service' + - src: 'LICENSE' + dst: '/var/db/newrelic-infra/LICENSE.txt' + - src: 'target/nridocker/amd64/etc/newrelic-infra/integrations.d/docker-config.yml' + dst: '/etc/newrelic-infra/integrations.d/docker-config.yml' + type: config + - src: 'target/nridocker/amd64/var/db/newrelic-infra/newrelic-integrations/bin/nri-docker' + dst: '/opt/newrelic-infra/newrelic-integrations/bin/nri-docker' + - src: 'target/nriflex/amd64/nri-flex' + dst: '/opt/newrelic-infra/newrelic-integrations/bin/nri-flex' + - src: 'target/nriprometheus/amd64/var/db/newrelic-infra/newrelic-integrations/bin/nri-prometheus' + dst: '/opt/newrelic-infra/newrelic-integrations/bin/nri-prometheus' + - src: 'target/fluent-bit-plugin/amd64/out_newrelic.so' + dst: '/var/db/newrelic-infra/newrelic-integrations/logging/out_newrelic.so' + - src: 'assets/examples/logging/parsers.conf' + dst: '/var/db/newrelic-infra/newrelic-integrations/logging/parsers.conf' + + - dst: /opt/newrelic-infra/custom-integrations + type: dir + - dst: /opt/newrelic-infra/newrelic-integrations + type: dir + - dst: /var/db/newrelic-infra/custom-integrations + type: dir + - dst: /var/db/newrelic-infra/integrations.d + type: dir + - dst: /var/log/newrelic-infra + type: dir + - dst: /var/run/newrelic-infra + type: dir + epoch: 0 + release: 1.el10 + + # Scripts to execute during the installation of the package. + scripts: + preinstall: "build/package/before-install.sh" + preremove: "build/package/rpm/prerm-systemd.sh" + + # Packages to replace according to old packaging scripts. + replaces: + - opspro-agent + - opspro-agent-systemd + # Section. + section: default + # Priority. + priority: extra + rpm: + scripts: + posttrans: "build/package/rpm/postinst-systemd.sh" + + summary: "New Relic Infrastructure Agent" + group: default + # Recommended packages. If they fail to install installation of the agent will not be interrupted. + recommends: + - fluent-bit + # conflicts is not "templatable", so we add the conflicts-suffix-placeholder to be replaced later + conflicts: + - newrelic-infra#conflicts-suffix-placeholder# + + # end RHEL 10 amd64 \ No newline at end of file diff --git a/build/goreleaser/linux/rhel_10_arm.yml b/build/goreleaser/linux/rhel_10_arm.yml new file mode 100644 index 000000000..1f385d76f --- /dev/null +++ b/build/goreleaser/linux/rhel_10_arm.yml @@ -0,0 +1,87 @@ + # RHEL 10 arm + + - id: rhel-10-infrastructure-agent-arm + builds: + - linux-agent-arm + - linux-ctl-arm + - linux-service-arm + package_name: newrelic-infra + file_name_template: "newrelic-infra-{{ .Env.TAG }}-1.el10.{{ .Arch }}" + vendor: 'New Relic, Inc.' + homepage: 'https://docs.newrelic.com/docs/release-notes/infrastructure-release-notes/infrastructure-agent-release-notes' + maintainer: 'caos-team@newrelic.com' + description: 'New Relic Infrastructure provides flexible, dynamic server monitoring. With real-time data collection and a UI that scales from a handful of hosts to thousands, Infrastructure is designed for modern Operations teams with fast-changing systems.' + license: 'Copyright (c) 2008-2021 New Relic, Inc. All rights reserved.' + formats: + - rpm + bindir: /usr/bin + contents: + # - src: 'assets/examples/logging/linux/file.yml.example' + # dst: '/etc/newrelic-infra/logging.d/file.yml.example' + # - src: 'assets/examples/logging/linux/fluentbit.yml.example' + # dst: '/etc/newrelic-infra/logging.d/fluentbit.yml.example' + # - src: 'assets/examples/logging/linux/syslog.yml.example' + # dst: '/etc/newrelic-infra/logging.d/syslog.yml.example' + # - src: 'assets/examples/logging/linux/systemd.yml.example' + # dst: '/etc/newrelic-infra/logging.d/systemd.yml.example' + # - src: 'assets/examples/logging/linux/tcp.yml.example' + # dst: '/etc/newrelic-infra/logging.d/tcp.yml.example' + + - src: 'build/package/systemd/newrelic-infra.service' + dst: '/etc/systemd/system/newrelic-infra.service' + - src: 'LICENSE' + dst: '/var/db/newrelic-infra/LICENSE.txt' + - src: 'target/nridocker/{{ .Arch }}/etc/newrelic-infra/integrations.d/docker-config.yml' + dst: '/etc/newrelic-infra/integrations.d/docker-config.yml' + type: config + - src: 'target/nridocker/{{ .Arch }}/var/db/newrelic-infra/newrelic-integrations/bin/nri-docker' + dst: '/opt/newrelic-infra/newrelic-integrations/bin/nri-docker' + - src: 'target/nriflex/{{ .Arch }}/nri-flex' + dst: '/opt/newrelic-infra/newrelic-integrations/bin/nri-flex' + - src: 'target/nriprometheus/{{ .Arch }}/var/db/newrelic-infra/newrelic-integrations/bin/nri-prometheus' + dst: '/opt/newrelic-infra/newrelic-integrations/bin/nri-prometheus' + # - src: 'target/fluent-bit-plugin/{{ .Arch }}/out_newrelic.so' + # dst: '/var/db/newrelic-infra/newrelic-integrations/logging/out_newrelic.so' + # - src: 'assets/examples/logging/parsers.conf' + # dst: '/var/db/newrelic-infra/newrelic-integrations/logging/parsers.conf' + + - dst: /opt/newrelic-infra/custom-integrations + type: dir + - dst: /opt/newrelic-infra/newrelic-integrations + type: dir + - dst: /var/db/newrelic-infra/custom-integrations + type: dir + - dst: /var/db/newrelic-infra/integrations.d + type: dir + - dst: /var/log/newrelic-infra + type: dir + - dst: /var/run/newrelic-infra + type: dir + epoch: 0 + release: 1.el10 + + # Scripts to execute during the installation of the package. + scripts: + preinstall: "build/package/before-install.sh" + preremove: "build/package/rpm/prerm-systemd.sh" + # Packages to replace according to old packaging scripts. + replaces: + - opspro-agent + - opspro-agent-systemd + # Section. + section: default + # Priority. + priority: extra + rpm: + scripts: + posttrans: "build/package/rpm/postinst-systemd.sh" + + summary: "New Relic Infrastructure Agent" + group: default + # Recommended packages. If they fail to install installation of the agent will not be interrupted. +# recommends: +# FB not supported yet +# - td-agent-bit #To be removed on removal of the ff fluent_bit_19 +# - fluent-bit + + # end RHEL 10 arm \ No newline at end of file diff --git a/build/goreleaser/linux/rhel_10_arm64.yml b/build/goreleaser/linux/rhel_10_arm64.yml new file mode 100644 index 000000000..e1090fa9f --- /dev/null +++ b/build/goreleaser/linux/rhel_10_arm64.yml @@ -0,0 +1,88 @@ + # RHEL 10 arm64 + + - id: rhel-10-infrastructure-agent-arm64 + builds: + - linux-agent-arm64 + - linux-ctl-arm64 + - linux-service-arm64 + package_name: "newrelic-infra{{ .Env.FIPS }}" + file_name_template: "newrelic-infra{{ .Env.FIPS }}-{{ .Env.TAG }}-1.el10.{{ .Arch }}" + vendor: 'New Relic, Inc.' + homepage: 'https://docs.newrelic.com/docs/release-notes/infrastructure-release-notes/infrastructure-agent-release-notes' + maintainer: 'caos-team@newrelic.com' + description: 'New Relic Infrastructure provides flexible, dynamic server monitoring. With real-time data collection and a UI that scales from a handful of hosts to thousands, Infrastructure is designed for modern Operations teams with fast-changing systems.' + license: 'Copyright (c) 2008-2021 New Relic, Inc. All rights reserved.' + formats: + - rpm + bindir: /usr/bin + contents: + - src: 'assets/examples/logging/linux/file.yml.example' + dst: '/etc/newrelic-infra/logging.d/file.yml.example' + - src: 'assets/examples/logging/linux/fluentbit.yml.example' + dst: '/etc/newrelic-infra/logging.d/fluentbit.yml.example' + - src: 'assets/examples/logging/linux/syslog.yml.example' + dst: '/etc/newrelic-infra/logging.d/syslog.yml.example' + - src: 'assets/examples/logging/linux/systemd.yml.example' + dst: '/etc/newrelic-infra/logging.d/systemd.yml.example' + - src: 'assets/examples/logging/linux/tcp.yml.example' + dst: '/etc/newrelic-infra/logging.d/tcp.yml.example' + + - src: 'build/package/systemd/newrelic-infra.service' + dst: '/etc/systemd/system/newrelic-infra.service' + - src: 'LICENSE' + dst: '/var/db/newrelic-infra/LICENSE.txt' + - src: 'target/nridocker/{{ .Arch }}/etc/newrelic-infra/integrations.d/docker-config.yml' + dst: '/etc/newrelic-infra/integrations.d/docker-config.yml' + type: config + - src: 'target/nridocker/{{ .Arch }}/var/db/newrelic-infra/newrelic-integrations/bin/nri-docker' + dst: '/opt/newrelic-infra/newrelic-integrations/bin/nri-docker' + - src: 'target/nriflex/{{ .Arch }}/nri-flex' + dst: '/opt/newrelic-infra/newrelic-integrations/bin/nri-flex' + - src: 'target/nriprometheus/{{ .Arch }}/var/db/newrelic-infra/newrelic-integrations/bin/nri-prometheus' + dst: '/opt/newrelic-infra/newrelic-integrations/bin/nri-prometheus' + - src: 'target/fluent-bit-plugin/{{ .Arch }}/out_newrelic.so' + dst: '/var/db/newrelic-infra/newrelic-integrations/logging/out_newrelic.so' + - src: 'assets/examples/logging/parsers.conf' + dst: '/var/db/newrelic-infra/newrelic-integrations/logging/parsers.conf' + + - dst: /opt/newrelic-infra/custom-integrations + type: dir + - dst: /opt/newrelic-infra/newrelic-integrations + type: dir + - dst: /var/db/newrelic-infra/custom-integrations + type: dir + - dst: /var/db/newrelic-infra/integrations.d + type: dir + - dst: /var/log/newrelic-infra + type: dir + - dst: /var/run/newrelic-infra + type: dir + epoch: 0 + release: 1.el10 + + # Scripts to execute during the installation of the package. + scripts: + preinstall: "build/package/before-install.sh" + preremove: "build/package/rpm/prerm-systemd.sh" + # Packages to replace according to old packaging scripts. + replaces: + - opspro-agent + - opspro-agent-systemd + # Section. + section: default + # Priority. + priority: extra + rpm: + scripts: + posttrans: "build/package/rpm/postinst-systemd.sh" + + summary: "New Relic Infrastructure Agent" + group: default + # Recommended packages. If they fail to install installation of the agent will not be interrupted. + recommends: + - fluent-bit + # conflicts is not "templatable", so we add the conflicts-suffix-placeholder to be replaced later + conflicts: + - newrelic-infra#conflicts-suffix-placeholder# + + # end RHEL 10 arm64 \ No newline at end of file diff --git a/build/release.mk b/build/release.mk index c9f98ce4c..7fb3665ba 100644 --- a/build/release.mk +++ b/build/release.mk @@ -195,6 +195,7 @@ generate-goreleaser-amd64: $(CURDIR)/build/goreleaser/linux/centos_7_amd64.yml\ $(CURDIR)/build/goreleaser/linux/centos_8_amd64.yml\ $(CURDIR)/build/goreleaser/linux/rhel_9_amd64.yml\ + $(CURDIR)/build/goreleaser/linux/rhel_10_amd64.yml\ $(CURDIR)/build/goreleaser/linux/debian_systemd_amd64.yml\ $(CURDIR)/build/goreleaser/linux/debian_upstart_amd64.yml\ $(CURDIR)/build/goreleaser/linux/sles_114_amd64.yml\ @@ -225,6 +226,7 @@ generate-goreleaser-amd64: $(CURDIR)/build/goreleaser/linux/centos_7_arm.yml\ $(CURDIR)/build/goreleaser/linux/centos_8_arm.yml\ $(CURDIR)/build/goreleaser/linux/rhel_9_arm.yml\ + $(CURDIR)/build/goreleaser/linux/rhel_10_arm.yml\ $(CURDIR)/build/goreleaser/linux/debian_systemd_arm.yml\ $(CURDIR)/build/goreleaser/linux/sles_122_arm.yml\ $(CURDIR)/build/goreleaser/linux/sles_123_arm.yml\ @@ -251,6 +253,7 @@ generate-goreleaser-arm64: $(CURDIR)/build/goreleaser/linux/centos_7_arm64.yml\ $(CURDIR)/build/goreleaser/linux/centos_8_arm64.yml\ $(CURDIR)/build/goreleaser/linux/rhel_9_arm64.yml\ + $(CURDIR)/build/goreleaser/linux/rhel_10_arm64.yml\ $(CURDIR)/build/goreleaser/linux/debian_systemd_arm64.yml\ $(CURDIR)/build/goreleaser/linux/sles_122_arm64.yml\ $(CURDIR)/build/goreleaser/linux/sles_123_arm64.yml\ @@ -303,6 +306,9 @@ generate-goreleaser-multiarch: $(CURDIR)/build/goreleaser/linux/rhel_9_amd64.yml\ $(CURDIR)/build/goreleaser/linux/rhel_9_arm.yml\ $(CURDIR)/build/goreleaser/linux/rhel_9_arm64.yml\ + $(CURDIR)/build/goreleaser/linux/rhel_10_amd64.yml\ + $(CURDIR)/build/goreleaser/linux/rhel_10_arm.yml\ + $(CURDIR)/build/goreleaser/linux/rhel_10_arm64.yml\ $(CURDIR)/build/goreleaser/linux/debian_systemd_amd64.yml\ $(CURDIR)/build/goreleaser/linux/debian_systemd_arm.yml\ $(CURDIR)/build/goreleaser/linux/debian_systemd_arm64.yml\ @@ -364,6 +370,8 @@ generate-goreleaser-multiarch-fips: $(CURDIR)/build/goreleaser/linux/centos_8_arm64.yml\ $(CURDIR)/build/goreleaser/linux/rhel_9_amd64.yml\ $(CURDIR)/build/goreleaser/linux/rhel_9_arm64.yml\ + $(CURDIR)/build/goreleaser/linux/rhel_10_amd64.yml\ + $(CURDIR)/build/goreleaser/linux/rhel_10_arm64.yml\ $(CURDIR)/build/goreleaser/linux/debian_systemd_amd64.yml\ $(CURDIR)/build/goreleaser/linux/debian_systemd_arm64.yml\ $(CURDIR)/build/goreleaser/linux/debian_upstart_amd64.yml\ diff --git a/build/upload-schema-linux-rpm-fips.yml b/build/upload-schema-linux-rpm-fips.yml index dab995041..efc51b9c7 100644 --- a/build/upload-schema-linux-rpm-fips.yml +++ b/build/upload-schema-linux-rpm-fips.yml @@ -9,6 +9,7 @@ - 7 - 8 - 9 + - 10 - src: "newrelic-infra-fips-{version}-1.el{os_version}.{arch}.rpm" arch: @@ -20,6 +21,7 @@ - 7 - 8 - 9 + - 10 - src: "newrelic-infra-fips-{version}-1.sles{os_version}.{arch}.rpm" arch: @@ -76,6 +78,7 @@ - 7 - 8 - 9 + - 10 - src: "newrelic-infra-fips-{version}-1.el{os_version}.{arch}.rpm.sum" arch: @@ -87,6 +90,7 @@ - 7 - 8 - 9 + - 10 - src: "newrelic-infra-fips-{version}-1.sles{os_version}.{arch}.rpm.sum" arch: diff --git a/build/upload-schema-linux-rpm.yml b/build/upload-schema-linux-rpm.yml index fe549d045..d9a55ed45 100644 --- a/build/upload-schema-linux-rpm.yml +++ b/build/upload-schema-linux-rpm.yml @@ -10,6 +10,7 @@ - 7 - 8 - 9 + - 10 - src: "newrelic-infra-{version}-1.el{os_version}.{arch}.rpm" arch: @@ -22,6 +23,7 @@ - 7 - 8 - 9 + - 10 - src: "newrelic-infra-{version}-1.sles{os_version}.{arch}.rpm" arch: @@ -91,6 +93,7 @@ - 7 - 8 - 9 + - 10 - src: "newrelic-infra-{version}-1.el{os_version}.{arch}.rpm.sum" arch: @@ -102,6 +105,7 @@ - 7 - 8 - 9 + - 10 - src: "newrelic-infra-{version}-1.el{os_version}.{arch}.rpm.sum" arch: @@ -113,6 +117,7 @@ - 7 - 8 - 9 + - 10 - src: "newrelic-infra-{version}-1.sles{os_version}.{arch}.rpm.sum" arch: diff --git a/test/automated/ansible/group_vars/localhost/main.yml b/test/automated/ansible/group_vars/localhost/main.yml index 256dd682f..4ecc3f768 100644 --- a/test/automated/ansible/group_vars/localhost/main.yml +++ b/test/automated/ansible/group_vars/localhost/main.yml @@ -204,6 +204,13 @@ instances: platform: "linux" python_interpreter: "/usr/bin/python" launch_template: "LaunchTemplateId=lt-0b00afb3f5110a0e6,Version=3" + - ami: "ami-068d5d5ed1eeea07c" + type: "t3a.small" + name: "amd64:redhat-10.0" + username: "ec2-user" + platform: "linux" + python_interpreter: "/usr/bin/python3" + launch_template: "LaunchTemplateId=lt-0b00afb3f5110a0e6,Version=3" ############################ # redhat arm64 ############################ @@ -214,6 +221,13 @@ instances: platform: "linux" python_interpreter: "/usr/bin/python" launch_template: "LaunchTemplateId=lt-0b00afb3f5110a0e6,Version=3" + - ami: "ami-07b21932ee4cac8c0" + type: "t4g.small" + name: "arm64:redhat-10.0" + username: "ec2-user" + platform: "linux" + python_interpreter: "/usr/bin/python3" + launch_template: "LaunchTemplateId=lt-0b00afb3f5110a0e6,Version=3" ############################ # debian amd64 ############################ diff --git a/test/provision/terraform/caos.auto.tfvars.dist b/test/provision/terraform/caos.auto.tfvars.dist index 5f669bc9b..3cb83e7c1 100644 --- a/test/provision/terraform/caos.auto.tfvars.dist +++ b/test/provision/terraform/caos.auto.tfvars.dist @@ -2,9 +2,9 @@ ec2_prefix = "PREFIX:TAG_OR_UNIQUE_NAME" windows_ec2 = ["windows_2016", "windows_2019", "windows_2022", "windows_2025"] -linux_ec2_amd = ["amd64:ubuntu24.04", "amd64:ubuntu22.04", "amd64:ubuntu20.04", "amd64:ubuntu18.04", "amd64:ubuntu16.04", "amd64:centos-stream", "amd64:sles-12.5", "amd64:sles-15.3", "amd64:sles-15.4", "amd64:sles-15.5", "amd64:sles-15.6", "amd64:sles-15.7", "amd64:redhat-8.4", "amd64:redhat-9.0", "amd64:debian-bookworm", "amd64:debian-trixie", "amd64:al-2", "amd64:al-2023", "amd64:al-2023-fips"] +linux_ec2_amd = ["amd64:ubuntu24.04", "amd64:ubuntu22.04", "amd64:ubuntu20.04", "amd64:ubuntu18.04", "amd64:ubuntu16.04", "amd64:centos-stream", "amd64:sles-12.5", "amd64:sles-15.3", "amd64:sles-15.4", "amd64:sles-15.5", "amd64:sles-15.6", "amd64:sles-15.7", "amd64:redhat-8.4", "amd64:redhat-9.0", "amd64:redhat-10.0", "amd64:debian-bookworm", "amd64:debian-trixie", "amd64:al-2", "amd64:al-2023", "amd64:al-2023-fips"] -linux_ec2_arm = ["arm64:ubuntu24.04", "arm64:ubuntu22.04", "arm64:ubuntu20.04", "arm64:ubuntu18.04", "arm64:ubuntu16.04", "arm64:centos-stream", "arm64:sles-15.4", "arm64:sles-15.5", "arm64:sles-15.6", "arm64:sles-15.7", "arm64:redhat-9.0", "arm64:debian-bookworm", "arm64:debian-trixie", "arm64:al-2", "arm64:al-2023", "arm64:al-2023-fips"] +linux_ec2_arm = ["arm64:ubuntu24.04", "arm64:ubuntu22.04", "arm64:ubuntu20.04", "arm64:ubuntu18.04", "arm64:ubuntu16.04", "arm64:centos-stream", "arm64:sles-15.4", "arm64:sles-15.5", "arm64:sles-15.6", "arm64:sles-15.7", "arm64:redhat-9.0", "arm64:redhat-10.0", "arm64:debian-bookworm", "arm64:debian-trixie", "arm64:al-2", "arm64:al-2023", "arm64:al-2023-fips"] ssh_pub_key = "AAAAB3NzaC1yc2EAAAADAQABAAABAQDH9C7BS2XrtXGXFFyL0pNku/Hfy84RliqvYKpuslJFeUivf5QY6Ipi8yXfXn6TsRDbdxfGPi6oOR60Fa+4cJmCo6N5g57hBS6f2IdzQBNrZr7i1I/a3cFeK6XOc1G1tQaurx7Pu+qvACfJjLXKG66tHlaVhAHd/1l2FocgFNUDFFuKS3mnzt9hKys7sB4aO3O0OdohN/0NJC4ldV8/OmeXqqfkiPWcgPx3C8bYyXCX7QJNBHKrzbX1jW51Px7SIDWFDV6kxGwpQGGBMJg/k79gjjM+jhn4fg1/VP/Fx37mAnfLqpcTfiOkzSE80ORGefQ1XfGK/Dpa3ITrzRYW8xlR caos-dev-arm" pvt_key = "~/.ssh/caos-dev-arm.cer" From ad547053595b236cb539ac1db902744a481e4bbb Mon Sep 17 00:00:00 2001 From: mbolla22 Date: Tue, 11 Nov 2025 18:24:27 +0530 Subject: [PATCH 02/23] Added RHEL10 support --- build/sign.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/build/sign.sh b/build/sign.sh index 0ab29daa1..b615aaea5 100644 --- a/build/sign.sh +++ b/build/sign.sh @@ -28,13 +28,16 @@ echo "%_gpg_name ${GPG_MAIL}" >> ~/.rpmmacros echo "%_signature gpg" >> ~/.rpmmacros echo "%_gpg_path /root/.gnupg" >> ~/.rpmmacros echo "%_gpgbin /usr/bin/gpg" >> ~/.rpmmacros -echo "%__gpg_sign_cmd %{__gpg} gpg --no-verbose --no-armor --passphrase ${GPG_PASSPHRASE} --no-secmem-warning --digest-algo sha256 -u "%{_gpg_name}" -sbo %{__signature_filename} %{__plaintext_filename}" >> ~/.rpmmacros +echo "%__gpg_sign_cmd %{__gpg} gpg --no-verbose --no-armor --passphrase ${GPG_PASSPHRASE} --no-secmem-warning --digest-algo sha256 --cert-digest-algo sha256 -u "%{_gpg_name}" -sbo %{__signature_filename} %{__plaintext_filename}" >> ~/.rpmmacros echo "===> Importing GPG private key from GHA secrets..." printf %s ${GPG_PRIVATE_KEY_BASE64} | base64 -d | gpg --batch --import - +echo "===> Adding binding signature for RHEL 10 compatibility..." +gpg --batch --yes --passphrase "${GPG_PASSPHRASE}" --quick-sign-key ${GPG_MAIL} + echo "===> Importing GPG signature, needed from Goreleaser to verify signature" -gpg --export -a ${GPG_MAIL} > /tmp/RPM-GPG-KEY-${GPG_MAIL} +gpg --export -a --cert-digest-algo sha256 ${GPG_MAIL} > /tmp/RPM-GPG-KEY-${GPG_MAIL} rpm --import /tmp/RPM-GPG-KEY-${GPG_MAIL} cd dist From e2f04d6729ab435e9a00b19a9d3f637c6330d4aa Mon Sep 17 00:00:00 2001 From: mbolla22 Date: Tue, 11 Nov 2025 18:55:06 +0530 Subject: [PATCH 03/23] Added RHEL10 support --- build/sign.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/sign.sh b/build/sign.sh index b615aaea5..274235052 100644 --- a/build/sign.sh +++ b/build/sign.sh @@ -34,7 +34,7 @@ echo "===> Importing GPG private key from GHA secrets..." printf %s ${GPG_PRIVATE_KEY_BASE64} | base64 -d | gpg --batch --import - echo "===> Adding binding signature for RHEL 10 compatibility..." -gpg --batch --yes --passphrase "${GPG_PASSPHRASE}" --quick-sign-key ${GPG_MAIL} +gpg --batch --yes --passphrase "${GPG_PASSPHRASE}" --sign-key ${GPG_MAIL} echo "===> Importing GPG signature, needed from Goreleaser to verify signature" gpg --export -a --cert-digest-algo sha256 ${GPG_MAIL} > /tmp/RPM-GPG-KEY-${GPG_MAIL} From f4550d6ea8e21a88b24332df9333db9563b38082 Mon Sep 17 00:00:00 2001 From: mbolla22 Date: Tue, 11 Nov 2025 19:55:03 +0530 Subject: [PATCH 04/23] Added gpg owner trust --- build/sign.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/build/sign.sh b/build/sign.sh index 274235052..d3d14a5dd 100644 --- a/build/sign.sh +++ b/build/sign.sh @@ -34,7 +34,8 @@ echo "===> Importing GPG private key from GHA secrets..." printf %s ${GPG_PRIVATE_KEY_BASE64} | base64 -d | gpg --batch --import - echo "===> Adding binding signature for RHEL 10 compatibility..." -gpg --batch --yes --passphrase "${GPG_PASSPHRASE}" --sign-key ${GPG_MAIL} +echo "${GPG_MAIL}:6:" | gpg --import-ownertrust +echo "y" | gpg --batch --yes --passphrase "${GPG_PASSPHRASE}" --command-fd 0 --sign-key ${GPG_MAIL} echo "===> Importing GPG signature, needed from Goreleaser to verify signature" gpg --export -a --cert-digest-algo sha256 ${GPG_MAIL} > /tmp/RPM-GPG-KEY-${GPG_MAIL} From 2fa945e884f43a9661c3bfd18d8adda1a5a46bab Mon Sep 17 00:00:00 2001 From: mbolla22 Date: Wed, 12 Nov 2025 09:32:59 +0530 Subject: [PATCH 05/23] Added Different GPG signing for el10 packages --- build/sign.sh | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) diff --git a/build/sign.sh b/build/sign.sh index d3d14a5dd..b32843dd1 100644 --- a/build/sign.sh +++ b/build/sign.sh @@ -28,17 +28,13 @@ echo "%_gpg_name ${GPG_MAIL}" >> ~/.rpmmacros echo "%_signature gpg" >> ~/.rpmmacros echo "%_gpg_path /root/.gnupg" >> ~/.rpmmacros echo "%_gpgbin /usr/bin/gpg" >> ~/.rpmmacros -echo "%__gpg_sign_cmd %{__gpg} gpg --no-verbose --no-armor --passphrase ${GPG_PASSPHRASE} --no-secmem-warning --digest-algo sha256 --cert-digest-algo sha256 -u "%{_gpg_name}" -sbo %{__signature_filename} %{__plaintext_filename}" >> ~/.rpmmacros +echo "%__gpg_sign_cmd %{__gpg} gpg --no-verbose --no-armor --passphrase ${GPG_PASSPHRASE} --no-secmem-warning --digest-algo sha256 -u "%{_gpg_name}" -sbo %{__signature_filename} %{__plaintext_filename}" >> ~/.rpmmacros echo "===> Importing GPG private key from GHA secrets..." -printf %s ${GPG_PRIVATE_KEY_BASE64} | base64 -d | gpg --batch --import - - -echo "===> Adding binding signature for RHEL 10 compatibility..." -echo "${GPG_MAIL}:6:" | gpg --import-ownertrust -echo "y" | gpg --batch --yes --passphrase "${GPG_PASSPHRASE}" --command-fd 0 --sign-key ${GPG_MAIL} +# We'll import the appropriate key for each package type in the loop echo "===> Importing GPG signature, needed from Goreleaser to verify signature" -gpg --export -a --cert-digest-algo sha256 ${GPG_MAIL} > /tmp/RPM-GPG-KEY-${GPG_MAIL} +gpg --export -a ${GPG_MAIL} > /tmp/RPM-GPG-KEY-${GPG_MAIL} rpm --import /tmp/RPM-GPG-KEY-${GPG_MAIL} cd dist @@ -48,7 +44,20 @@ sles_regex="(.*sles12.*)" for rpm_file in $(find -regex ".*\.\(rpm\)");do echo "===> Signing $rpm_file" - ../build/sign_rpm.exp $rpm_file ${GPG_PASSPHRASE} + # Check if this is an el10 RPM file + if echo "$rpm_file" | grep -q "el10"; then + echo "===> el10 RPM detected, using OHAI GPG key" + # Clear GPG keyring and import only OHAI key + gpg --batch --yes --delete-secret-keys ${GPG_MAIL} 2>/dev/null || true + printf %s ${OHAI_GPG_PRIVATE_KEY_SHA256_BASE64} | base64 -d | gpg --batch --import - + ../build/sign_rpm.exp $rpm_file ${GPG_PASSPHRASE} + else + echo "===> Non-el10 RPM detected, using regular GPG key" + # Clear GPG keyring and import only regular key + gpg --batch --yes --delete-secret-keys ${GPG_MAIL} 2>/dev/null || true + printf %s ${GPG_PRIVATE_KEY_BASE64} | base64 -d | gpg --batch --import - + ../build/sign_rpm.exp $rpm_file ${GPG_PASSPHRASE} + fi echo "===> Sign verification $rpm_file" rpm -v --checksig $rpm_file @@ -85,4 +94,4 @@ for targz_file in $(find . -type f -name "*.tar.gz"); do else echo "Error: Signature file $asc_file not found." fi -done +done \ No newline at end of file From 1ffa75645a046b1dfe8fbc85dc0666341114bc66 Mon Sep 17 00:00:00 2001 From: mbolla22 Date: Wed, 12 Nov 2025 10:16:38 +0530 Subject: [PATCH 06/23] Added Different GPG signing for el10 packages separately --- build/sign.sh | 52 ++++++++++++++++++++++++++++++++++----------------- 1 file changed, 35 insertions(+), 17 deletions(-) diff --git a/build/sign.sh b/build/sign.sh index b32843dd1..483b4225a 100644 --- a/build/sign.sh +++ b/build/sign.sh @@ -22,7 +22,7 @@ start_gpg_agent() { start_gpg_agent -# Sign RPM's +# Sign RPM's (excluding EL10) echo "===> Create .rpmmacros to sign rpm's from Goreleaser" echo "%_gpg_name ${GPG_MAIL}" >> ~/.rpmmacros echo "%_signature gpg" >> ~/.rpmmacros @@ -31,7 +31,7 @@ echo "%_gpgbin /usr/bin/gpg" >> ~/.rpmmacros echo "%__gpg_sign_cmd %{__gpg} gpg --no-verbose --no-armor --passphrase ${GPG_PASSPHRASE} --no-secmem-warning --digest-algo sha256 -u "%{_gpg_name}" -sbo %{__signature_filename} %{__plaintext_filename}" >> ~/.rpmmacros echo "===> Importing GPG private key from GHA secrets..." -# We'll import the appropriate key for each package type in the loop +printf %s ${GPG_PRIVATE_KEY_BASE64} | base64 -d | gpg --batch --import - echo "===> Importing GPG signature, needed from Goreleaser to verify signature" gpg --export -a ${GPG_MAIL} > /tmp/RPM-GPG-KEY-${GPG_MAIL} @@ -41,28 +41,46 @@ cd dist sles_regex="(.*sles12.*)" -for rpm_file in $(find -regex ".*\.\(rpm\)");do +for rpm_file in $(find -regex ".*\.\(rpm\)" | grep -v "el10");do echo "===> Signing $rpm_file" - # Check if this is an el10 RPM file - if echo "$rpm_file" | grep -q "el10"; then - echo "===> el10 RPM detected, using OHAI GPG key" - # Clear GPG keyring and import only OHAI key - gpg --batch --yes --delete-secret-keys ${GPG_MAIL} 2>/dev/null || true - printf %s ${OHAI_GPG_PRIVATE_KEY_SHA256_BASE64} | base64 -d | gpg --batch --import - - ../build/sign_rpm.exp $rpm_file ${GPG_PASSPHRASE} - else - echo "===> Non-el10 RPM detected, using regular GPG key" - # Clear GPG keyring and import only regular key - gpg --batch --yes --delete-secret-keys ${GPG_MAIL} 2>/dev/null || true - printf %s ${GPG_PRIVATE_KEY_BASE64} | base64 -d | gpg --batch --import - - ../build/sign_rpm.exp $rpm_file ${GPG_PASSPHRASE} - fi + ../build/sign_rpm.exp $rpm_file ${GPG_PASSPHRASE} echo "===> Sign verification $rpm_file" rpm -v --checksig $rpm_file done +# Sign EL10 RPM's with OHAI GPG key +echo "===> Create .rpmmacros for EL10 rpm's with OHAI GPG key" +echo "%_gpg_name ${GPG_MAIL}" > ~/.rpmmacros_sha256 +echo "%_signature gpg" >> ~/.rpmmacros_sha256 +echo "%_gpg_path /root/.gnupg" >> ~/.rpmmacros_sha256 +echo "%_gpgbin /usr/bin/gpg" >> ~/.rpmmacros_sha256 +echo "%__gpg_sign_cmd %{__gpg} gpg --no-verbose --no-armor --passphrase ${GPG_PASSPHRASE} --no-secmem-warning --digest-algo sha256 -u "%{_gpg_name}" -sbo %{__signature_filename} %{__plaintext_filename}" >> ~/.rpmmacros_sha256 + +echo "===> Importing OHAI GPG private key for EL10 from GHA secrets..." +printf %s ${OHAI_GPG_PRIVATE_KEY_SHA256_BASE64} | base64 -d | gpg --batch --import - + +echo "===> Importing OHAI GPG signature for EL10, needed from Goreleaser to verify signature" +gpg --export -a ${GPG_MAIL} > /tmp/RPM-GPG-KEY-SHA256-${GPG_MAIL} +rpm --import /tmp/RPM-GPG-KEY-SHA256-${GPG_MAIL} + +# Backup original .rpmmacros and use SHA256 specific one +cp ~/.rpmmacros ~/.rpmmacros_backup +cp ~/.rpmmacros_sha256 ~/.rpmmacros + +for rpm_file in $(find -regex ".*\.\(rpm\)" | grep "el10");do + echo "===> Signing EL10 $rpm_file with OHAI GPG key" + + ../build/sign_rpm.exp $rpm_file ${GPG_PASSPHRASE} + + echo "===> Sign verification $rpm_file" + rpm -v --checksig $rpm_file +done + +# Restore original .rpmmacros +cp ~/.rpmmacros_backup ~/.rpmmacros + # Sign DEB's GNUPGHOME="/root/.gnupg" echo "${GPG_PASSPHRASE}" > "${GNUPGHOME}/gpg-passphrase" From b6bbf9ca7fd4c7033d55f4e2d6932b1478263016 Mon Sep 17 00:00:00 2001 From: mbolla22 Date: Wed, 12 Nov 2025 10:49:34 +0530 Subject: [PATCH 07/23] Added New GPG KEY Variable in all flows --- .github/workflows/build_agent_rc_container.yml | 1 + .github/workflows/component_linux_packaging.yml | 3 +++ .github/workflows/component_linux_publish.yml | 4 ++++ .github/workflows/prerelease_linux.yml | 9 +++++++++ .github/workflows/prerelease_linux_on_demand.yml | 9 ++++++++- .github/workflows/prerelease_staged_publish.yml | 3 +++ .github/workflows/release.yml | 2 ++ .github/workflows/release_staged.yml | 2 ++ build/ci.mk | 1 + 9 files changed, 33 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build_agent_rc_container.yml b/.github/workflows/build_agent_rc_container.yml index 41885ac83..bfc23e398 100644 --- a/.github/workflows/build_agent_rc_container.yml +++ b/.github/workflows/build_agent_rc_container.yml @@ -16,6 +16,7 @@ jobs: GPG_MAIL: 'infrastructure-eng@newrelic.com' GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded + OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} # base64 encoded GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: TAG: ${{ github.event.inputs.tag }} \ No newline at end of file diff --git a/.github/workflows/component_linux_packaging.yml b/.github/workflows/component_linux_packaging.yml index 141d42092..eb1268fe3 100644 --- a/.github/workflows/component_linux_packaging.yml +++ b/.github/workflows/component_linux_packaging.yml @@ -13,6 +13,8 @@ on: required: true GPG_PRIVATE_KEY_BASE64: required: true + OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: + required: true GH_TOKEN: required: true inputs: @@ -32,6 +34,7 @@ env: GPG_MAIL: ${{ secrets.GPG_MAIL }} GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.GPG_PRIVATE_KEY_BASE64 }} # base64 encoded + OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} # base64 encoded TAG: ${{ inputs.TAG }} DOCKER_HUB_ID: ${{ secrets.DOCKER_HUB_ID }} DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }} diff --git a/.github/workflows/component_linux_publish.yml b/.github/workflows/component_linux_publish.yml index 0d62af8d1..14b189653 100644 --- a/.github/workflows/component_linux_publish.yml +++ b/.github/workflows/component_linux_publish.yml @@ -11,6 +11,8 @@ on: required: true GPG_PRIVATE_KEY_BASE64: required: true + OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: + required: true AWS_ACCESS_KEY_ID: required: true AWS_SECRET_ACCESS_KEY: @@ -47,6 +49,7 @@ env: GPG_MAIL: 'infrastructure-eng@newrelic.com' GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.GPG_PRIVATE_KEY_BASE64 }} # base64 encoded + OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} # base64 encoded TAG: ${{ inputs.TAG }} DOCKER_HUB_ID: ${{ secrets.DOCKER_HUB_ID }} DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }} @@ -108,4 +111,5 @@ jobs: # used for signing package stuff gpg_passphrase: ${{ env.GPG_PASSPHRASE }} gpg_private_key_base64: ${{ env.GPG_PRIVATE_KEY_BASE64 }} + ohai_gpg_private_key_sha256_base64: ${{ env.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} disable_lock: ${{ env.DISABLE_LOCK }} diff --git a/.github/workflows/prerelease_linux.yml b/.github/workflows/prerelease_linux.yml index 2c9490a7f..dd105e7ea 100644 --- a/.github/workflows/prerelease_linux.yml +++ b/.github/workflows/prerelease_linux.yml @@ -27,6 +27,7 @@ jobs: GPG_MAIL: 'infrastructure-eng@newrelic.com' GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded + OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} # base64 encoded GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: TAG: ${{ github.event.release.tag_name }} @@ -41,6 +42,7 @@ jobs: GPG_MAIL: 'infrastructure-eng@newrelic.com' GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded + OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} # base64 encoded GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: TAG: ${{ github.event.release.tag_name }} @@ -56,6 +58,7 @@ jobs: GPG_MAIL: 'infrastructure-eng@newrelic.com' GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded + OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} # base64 encoded GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: TAG: ${{ github.event.release.tag_name }} @@ -70,6 +73,7 @@ jobs: GPG_MAIL: 'infrastructure-eng@newrelic.com' GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded + OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} # base64 encoded GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: TAG: ${{ github.event.release.tag_name }} @@ -84,6 +88,7 @@ jobs: GPG_MAIL: 'infrastructure-eng@newrelic.com' GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded + OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} # base64 encoded GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: TAG: ${{ github.event.release.tag_name }} @@ -99,6 +104,7 @@ jobs: GPG_MAIL: 'infrastructure-eng@newrelic.com' GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded + OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} # base64 encoded GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: TAG: ${{ github.event.release.tag_name }} @@ -113,6 +119,7 @@ jobs: GPG_MAIL: 'infrastructure-eng@newrelic.com' GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded + OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} # base64 encoded GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: TAG: ${{ github.event.release.tag_name }} @@ -133,6 +140,7 @@ jobs: GPG_MAIL: 'infrastructure-eng@newrelic.com' GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded + OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} # base64 encoded GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: TAG: ${{ github.event.release.tag_name }} @@ -156,6 +164,7 @@ jobs: DOCKER_HUB_PASSWORD: ${{secrets.OHAI_DOCKER_HUB_PASSWORD}} GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded + OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} # base64 encoded AWS_ACCESS_KEY_ID: ${{ secrets.OHAI_AWS_ACCESS_KEY_ID_STAGING }} AWS_SECRET_ACCESS_KEY: ${{ secrets.OHAI_AWS_SECRET_ACCESS_KEY_STAGING }} AWS_ROLE_ARN: ${{ secrets.OHAI_AWS_ROLE_ARN_STAGING }} diff --git a/.github/workflows/prerelease_linux_on_demand.yml b/.github/workflows/prerelease_linux_on_demand.yml index 049c610bd..98d7c1c80 100644 --- a/.github/workflows/prerelease_linux_on_demand.yml +++ b/.github/workflows/prerelease_linux_on_demand.yml @@ -31,6 +31,7 @@ env: # required for GHA publish action, should be moved into optional GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded + OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} # base64 encoded BRANCH: ${{ github.event.inputs.branch }} # publish packages to a custom path DEST_PREFIX: ${{ github.event.inputs.dest_prefix }} @@ -116,6 +117,7 @@ jobs: # used for signing package stuff gpg_passphrase: ${{ env.GPG_PASSPHRASE }} gpg_private_key_base64: ${{ env.GPG_PRIVATE_KEY_BASE64 }} + ohai_gpg_private_key_sha256_base64: ${{ env.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} disable_lock: ${{ env.DISABLE_LOCK }} dest_prefix: ${{ env.DEST_PREFIX }} local_packages_path: "/srv/dist/" @@ -142,6 +144,7 @@ jobs: # used for signing package stuff gpg_passphrase: ${{ env.GPG_PASSPHRASE }} gpg_private_key_base64: ${{ env.GPG_PRIVATE_KEY_BASE64 }} + ohai_gpg_private_key_sha256_base64: ${{ env.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} disable_lock: ${{ env.DISABLE_LOCK }} dest_prefix: ${{ env.DEST_PREFIX }} local_packages_path: "/srv/dist/" @@ -167,6 +170,7 @@ jobs: # used for signing package stuff gpg_passphrase: ${{ env.GPG_PASSPHRASE }} gpg_private_key_base64: ${{ env.GPG_PRIVATE_KEY_BASE64 }} + ohai_gpg_private_key_sha256_base64: ${{ env.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} disable_lock: ${{ env.DISABLE_LOCK }} dest_prefix: ${{ env.DEST_PREFIX }} local_packages_path: "/srv/dist/" @@ -211,6 +215,7 @@ jobs: # used for signing package stuff gpg_passphrase: ${{ env.GPG_PASSPHRASE }} gpg_private_key_base64: ${{ env.GPG_PRIVATE_KEY_BASE64 }} + ohai_gpg_private_key_sha256_base64: ${{ env.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} disable_lock: ${{ env.DISABLE_LOCK }} dest_prefix: ${{ env.DEST_PREFIX }} local_packages_path: "/srv/dist/" @@ -236,7 +241,8 @@ jobs: aws_role_arn: ${{ env.AWS_ROLE_ARN }} # used for signing package stuff gpg_passphrase: ${{ env.GPG_PASSPHRASE }} - gpg_private_key_base64: ${{ env.GPG_PRIVATE_KEY_BASE64 }} + gpg_private_key_base64: ${{ env.GPG_PRIVATE_KEY_BASE64 }} + ohai_gpg_private_key_sha256_base64: ${{ env.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} disable_lock: ${{ env.DISABLE_LOCK }} dest_prefix: ${{ env.DEST_PREFIX }} local_packages_path: "/srv/dist/" @@ -262,6 +268,7 @@ jobs: # used for signing package stuff gpg_passphrase: ${{ env.GPG_PASSPHRASE }} gpg_private_key_base64: ${{ env.GPG_PRIVATE_KEY_BASE64 }} + ohai_gpg_private_key_sha256_base64: ${{ env.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} disable_lock: ${{ env.DISABLE_LOCK }} dest_prefix: ${{ env.DEST_PREFIX }} local_packages_path: "/srv/dist/" diff --git a/.github/workflows/prerelease_staged_publish.yml b/.github/workflows/prerelease_staged_publish.yml index d5278b097..f2a990ea9 100644 --- a/.github/workflows/prerelease_staged_publish.yml +++ b/.github/workflows/prerelease_staged_publish.yml @@ -14,6 +14,7 @@ on: env: GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} + OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} TAG: ${{ github.event.inputs.tag }} DOCKER_HUB_ID: ${{ secrets.OHAI_DOCKER_HUB_ID }} DOCKER_HUB_PASSWORD: ${{ secrets.OHAI_DOCKER_HUB_PASSWORD }} @@ -36,6 +37,7 @@ jobs: DOCKER_HUB_PASSWORD: ${{secrets.OHAI_DOCKER_HUB_PASSWORD}} GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded + OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} # base64 encoded AWS_ACCESS_KEY_ID: ${{ secrets.OHAI_AWS_ACCESS_KEY_ID_STAGING }} AWS_SECRET_ACCESS_KEY: ${{ secrets.OHAI_AWS_SECRET_ACCESS_KEY_STAGING }} AWS_ROLE_ARN: ${{ secrets.OHAI_AWS_ROLE_ARN_STAGING }} @@ -58,6 +60,7 @@ jobs: DOCKER_HUB_PASSWORD: ${{secrets.OHAI_DOCKER_HUB_PASSWORD}} GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded + OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} # base64 encoded AWS_ACCESS_KEY_ID: ${{ secrets.OHAI_AWS_ACCESS_KEY_ID_STAGING }} AWS_SECRET_ACCESS_KEY: ${{ secrets.OHAI_AWS_SECRET_ACCESS_KEY_STAGING }} AWS_ROLE_ARN: ${{ secrets.OHAI_AWS_ROLE_ARN_STAGING }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index da6285ca1..c2c402bda 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -17,6 +17,7 @@ jobs: DOCKER_HUB_PASSWORD: ${{secrets.OHAI_DOCKER_HUB_PASSWORD}} GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded + OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} # base64 encoded AWS_ACCESS_KEY_ID: ${{ secrets.OHAI_AWS_ACCESS_KEY_ID_PRODUCTION }} AWS_SECRET_ACCESS_KEY: ${{ secrets.OHAI_AWS_SECRET_ACCESS_KEY_PRODUCTION }} AWS_ROLE_ARN: ${{ secrets.OHAI_AWS_ROLE_ARN_PRODUCTION }} @@ -38,6 +39,7 @@ jobs: DOCKER_HUB_PASSWORD: ${{secrets.OHAI_DOCKER_HUB_PASSWORD}} GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded + OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} # base64 encoded AWS_ACCESS_KEY_ID: ${{ secrets.OHAI_AWS_ACCESS_KEY_ID_PRODUCTION }} AWS_SECRET_ACCESS_KEY: ${{ secrets.OHAI_AWS_SECRET_ACCESS_KEY_PRODUCTION }} AWS_ROLE_ARN: ${{ secrets.OHAI_AWS_ROLE_ARN_PRODUCTION }} diff --git a/.github/workflows/release_staged.yml b/.github/workflows/release_staged.yml index 3520ec650..dc395837f 100644 --- a/.github/workflows/release_staged.yml +++ b/.github/workflows/release_staged.yml @@ -24,6 +24,7 @@ jobs: DOCKER_HUB_PASSWORD: ${{secrets.OHAI_DOCKER_HUB_PASSWORD}} GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded + OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} # base64 encoded AWS_ACCESS_KEY_ID: ${{ secrets.OHAI_AWS_ACCESS_KEY_ID_PRODUCTION }} AWS_SECRET_ACCESS_KEY: ${{ secrets.OHAI_AWS_SECRET_ACCESS_KEY_PRODUCTION }} AWS_ROLE_ARN: ${{ secrets.OHAI_AWS_ROLE_ARN_PRODUCTION }} @@ -45,6 +46,7 @@ jobs: DOCKER_HUB_PASSWORD: ${{secrets.OHAI_DOCKER_HUB_PASSWORD}} GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded + OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} # base64 encoded AWS_ACCESS_KEY_ID: ${{ secrets.OHAI_AWS_ACCESS_KEY_ID_PRODUCTION }} AWS_SECRET_ACCESS_KEY: ${{ secrets.OHAI_AWS_SECRET_ACCESS_KEY_PRODUCTION }} AWS_ROLE_ARN: ${{ secrets.OHAI_AWS_ROLE_ARN_PRODUCTION }} diff --git a/build/ci.mk b/build/ci.mk index 9f2642827..cafd0ca92 100644 --- a/build/ci.mk +++ b/build/ci.mk @@ -113,6 +113,7 @@ ifdef TAG -e GPG_MAIL \ -e GPG_PASSPHRASE \ -e GPG_PRIVATE_KEY_BASE64 \ + -e OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 \ -e SNAPSHOT=false \ -e FIPS=$(FIPS) \ $(BUILDER_IMG_TAG) make release-${TARGET_OS} From ce440b53ed88b013bc74684cd285214e97d1d397 Mon Sep 17 00:00:00 2001 From: mbolla22 Date: Thu, 13 Nov 2025 12:41:18 +0530 Subject: [PATCH 08/23] Added rhel 10 for publish separatly --- .../workflows/prerelease_linux_on_demand.yml | 32 +++++++++--- build/sign.sh | 16 +++--- build/upload-schema-linux-rpm-el10.yml | 51 +++++++++++++++++++ build/upload-schema-linux-rpm.yml | 5 -- 4 files changed, 87 insertions(+), 17 deletions(-) create mode 100644 build/upload-schema-linux-rpm-el10.yml diff --git a/.github/workflows/prerelease_linux_on_demand.yml b/.github/workflows/prerelease_linux_on_demand.yml index 98d7c1c80..a8448ac78 100644 --- a/.github/workflows/prerelease_linux_on_demand.yml +++ b/.github/workflows/prerelease_linux_on_demand.yml @@ -123,7 +123,32 @@ jobs: local_packages_path: "/srv/dist/" apt_skip_mirror: ${{ env.SKIP_MIRROR_REPO }} - - name: Publish NON-FIPS rpm to S3 action + - name: Publish NON-FIPS rpm to S3 action (EL10) + if: ${{ inputs.BUILD_MODE == 'ALL' || inputs.BUILD_MODE == 'NON-FIPS' }} + uses: newrelic/infrastructure-publish-action@v1 + with: + tag: ${{env.FAKE_TAG}} + app_name: "newrelic-infra" + repo_name: "newrelic/infrastructure-agent" + schema: "custom" + schema_url: "https://raw.githubusercontent.com/newrelic/infrastructure-agent/${{ env.BRANCH }}/build/upload-schema-linux-rpm-el10.yml" + aws_access_key_id: ${{ env.AWS_ACCESS_KEY_ID }} + aws_secret_access_key: ${{ env.AWS_SECRET_ACCESS_KEY }} + aws_s3_bucket_name: ${{ env.AWS_S3_BUCKET_NAME }} + aws_s3_lock_bucket_name: ${{ env.AWS_S3_LOCK_BUCKET_NAME }} + access_point_host: ${{ env.ACCESS_POINT_HOST }} + run_id: ${{ env.RUN_ID }} + aws_region: ${{ env.AWS_REGION }} + aws_role_session_name: ${{ env.AWS_ROLE_SESSION_NAME }} + aws_role_arn: ${{ env.AWS_ROLE_ARN }} + # used for signing package stuff + gpg_passphrase: ${{ env.GPG_PASSPHRASE }} + gpg_private_key_base64: ${{ env.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} + disable_lock: ${{ env.DISABLE_LOCK }} + dest_prefix: ${{ env.DEST_PREFIX }} + local_packages_path: "/srv/dist/" + + - name: Publish NON-FIPS rpm to S3 action if: ${{ inputs.BUILD_MODE == 'ALL' || inputs.BUILD_MODE == 'NON-FIPS' }} uses: newrelic/infrastructure-publish-action@v1 with: @@ -144,7 +169,6 @@ jobs: # used for signing package stuff gpg_passphrase: ${{ env.GPG_PASSPHRASE }} gpg_private_key_base64: ${{ env.GPG_PRIVATE_KEY_BASE64 }} - ohai_gpg_private_key_sha256_base64: ${{ env.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} disable_lock: ${{ env.DISABLE_LOCK }} dest_prefix: ${{ env.DEST_PREFIX }} local_packages_path: "/srv/dist/" @@ -170,7 +194,6 @@ jobs: # used for signing package stuff gpg_passphrase: ${{ env.GPG_PASSPHRASE }} gpg_private_key_base64: ${{ env.GPG_PRIVATE_KEY_BASE64 }} - ohai_gpg_private_key_sha256_base64: ${{ env.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} disable_lock: ${{ env.DISABLE_LOCK }} dest_prefix: ${{ env.DEST_PREFIX }} local_packages_path: "/srv/dist/" @@ -215,7 +238,6 @@ jobs: # used for signing package stuff gpg_passphrase: ${{ env.GPG_PASSPHRASE }} gpg_private_key_base64: ${{ env.GPG_PRIVATE_KEY_BASE64 }} - ohai_gpg_private_key_sha256_base64: ${{ env.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} disable_lock: ${{ env.DISABLE_LOCK }} dest_prefix: ${{ env.DEST_PREFIX }} local_packages_path: "/srv/dist/" @@ -242,7 +264,6 @@ jobs: # used for signing package stuff gpg_passphrase: ${{ env.GPG_PASSPHRASE }} gpg_private_key_base64: ${{ env.GPG_PRIVATE_KEY_BASE64 }} - ohai_gpg_private_key_sha256_base64: ${{ env.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} disable_lock: ${{ env.DISABLE_LOCK }} dest_prefix: ${{ env.DEST_PREFIX }} local_packages_path: "/srv/dist/" @@ -268,7 +289,6 @@ jobs: # used for signing package stuff gpg_passphrase: ${{ env.GPG_PASSPHRASE }} gpg_private_key_base64: ${{ env.GPG_PRIVATE_KEY_BASE64 }} - ohai_gpg_private_key_sha256_base64: ${{ env.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} disable_lock: ${{ env.DISABLE_LOCK }} dest_prefix: ${{ env.DEST_PREFIX }} local_packages_path: "/srv/dist/" diff --git a/build/sign.sh b/build/sign.sh index 483b4225a..2b4f4992e 100644 --- a/build/sign.sh +++ b/build/sign.sh @@ -52,18 +52,22 @@ done # Sign EL10 RPM's with OHAI GPG key echo "===> Create .rpmmacros for EL10 rpm's with OHAI GPG key" -echo "%_gpg_name ${GPG_MAIL}" > ~/.rpmmacros_sha256 + +echo "===> Importing OHAI GPG private key for EL10 from GHA secrets..." +printf %s ${OHAI_GPG_PRIVATE_KEY_SHA256_BASE64} | base64 -d | gpg --batch --import - + +# Get the key ID of the OHAI key (last imported key) +OHAI_KEY_ID=$(gpg --list-secret-keys --with-colons | grep -A1 "^sec" | grep "^fpr" | tail -1 | cut -d: -f10 | tail -c 17) + +echo "%_gpg_name ${OHAI_KEY_ID}" > ~/.rpmmacros_sha256 echo "%_signature gpg" >> ~/.rpmmacros_sha256 echo "%_gpg_path /root/.gnupg" >> ~/.rpmmacros_sha256 echo "%_gpgbin /usr/bin/gpg" >> ~/.rpmmacros_sha256 echo "%__gpg_sign_cmd %{__gpg} gpg --no-verbose --no-armor --passphrase ${GPG_PASSPHRASE} --no-secmem-warning --digest-algo sha256 -u "%{_gpg_name}" -sbo %{__signature_filename} %{__plaintext_filename}" >> ~/.rpmmacros_sha256 -echo "===> Importing OHAI GPG private key for EL10 from GHA secrets..." -printf %s ${OHAI_GPG_PRIVATE_KEY_SHA256_BASE64} | base64 -d | gpg --batch --import - - echo "===> Importing OHAI GPG signature for EL10, needed from Goreleaser to verify signature" -gpg --export -a ${GPG_MAIL} > /tmp/RPM-GPG-KEY-SHA256-${GPG_MAIL} -rpm --import /tmp/RPM-GPG-KEY-SHA256-${GPG_MAIL} +gpg --export -a ${OHAI_KEY_ID} > /tmp/RPM-GPG-KEY-SHA256-${OHAI_KEY_ID} +rpm --import /tmp/RPM-GPG-KEY-SHA256-${OHAI_KEY_ID} # Backup original .rpmmacros and use SHA256 specific one cp ~/.rpmmacros ~/.rpmmacros_backup diff --git a/build/upload-schema-linux-rpm-el10.yml b/build/upload-schema-linux-rpm-el10.yml new file mode 100644 index 000000000..fc452a2a5 --- /dev/null +++ b/build/upload-schema-linux-rpm-el10.yml @@ -0,0 +1,51 @@ +--- +# Schema for EL10 RPM packages only - uses OHAI GPG key with SHA256 +- src: "newrelic-infra-{version}-1.el{os_version}.{arch}.rpm" + arch: + - x86_64 + uploads: + - type: yum + dest: "{dest_prefix}linux/yum/el/{os_version}/{arch}/" + os_version: + - 10 + +- src: "newrelic-infra-{version}-1.el{os_version}.{arch}.rpm" + arch: + - arm + - arm64 + uploads: + - type: yum + dest: "{dest_prefix}linux/yum/el/{os_version}/{arch}/" + os_version: + - 10 + +######################### + # UPLOAD CHECKSUMS # +######################### + +- src: "newrelic-infra-{version}-1.el{os_version}.{arch}.rpm.sum" + arch: + - x86_64 + uploads: + - type: file + dest: "{dest_prefix}linux/yum/el/{os_version}/{arch}/{src}" + os_version: + - 10 + +- src: "newrelic-infra-{version}-1.el{os_version}.{arch}.rpm.sum" + arch: + - arm + uploads: + - type: file + dest: "{dest_prefix}linux/yum/el/{os_version}/{arch}/{src}" + os_version: + - 10 + +- src: "newrelic-infra-{version}-1.el{os_version}.{arch}.rpm.sum" + arch: + - arm64 + uploads: + - type: file + dest: "{dest_prefix}linux/yum/el/{os_version}/aarch64/{src}" + os_version: + - 10 \ No newline at end of file diff --git a/build/upload-schema-linux-rpm.yml b/build/upload-schema-linux-rpm.yml index d9a55ed45..fe549d045 100644 --- a/build/upload-schema-linux-rpm.yml +++ b/build/upload-schema-linux-rpm.yml @@ -10,7 +10,6 @@ - 7 - 8 - 9 - - 10 - src: "newrelic-infra-{version}-1.el{os_version}.{arch}.rpm" arch: @@ -23,7 +22,6 @@ - 7 - 8 - 9 - - 10 - src: "newrelic-infra-{version}-1.sles{os_version}.{arch}.rpm" arch: @@ -93,7 +91,6 @@ - 7 - 8 - 9 - - 10 - src: "newrelic-infra-{version}-1.el{os_version}.{arch}.rpm.sum" arch: @@ -105,7 +102,6 @@ - 7 - 8 - 9 - - 10 - src: "newrelic-infra-{version}-1.el{os_version}.{arch}.rpm.sum" arch: @@ -117,7 +113,6 @@ - 7 - 8 - 9 - - 10 - src: "newrelic-infra-{version}-1.sles{os_version}.{arch}.rpm.sum" arch: From 8cfa219102626b278be43ad5dea9afe8b91f8c99 Mon Sep 17 00:00:00 2001 From: mbolla22 Date: Thu, 13 Nov 2025 13:26:38 +0530 Subject: [PATCH 09/23] Added rhel 10 for publish separatly --- build/sign.sh | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/build/sign.sh b/build/sign.sh index 2b4f4992e..8b39b9a9f 100644 --- a/build/sign.sh +++ b/build/sign.sh @@ -56,8 +56,18 @@ echo "===> Create .rpmmacros for EL10 rpm's with OHAI GPG key" echo "===> Importing OHAI GPG private key for EL10 from GHA secrets..." printf %s ${OHAI_GPG_PRIVATE_KEY_SHA256_BASE64} | base64 -d | gpg --batch --import - -# Get the key ID of the OHAI key (last imported key) -OHAI_KEY_ID=$(gpg --list-secret-keys --with-colons | grep -A1 "^sec" | grep "^fpr" | tail -1 | cut -d: -f10 | tail -c 17) +# Extract OHAI key ID using fingerprint (most reliable method) +echo "===> Extracting OHAI key ID..." +OHAI_KEY_ID=$(gpg --list-secret-keys --with-colons | grep "^fpr:" | tail -1 | cut -d: -f10) + +echo "===> Using OHAI Key ID: ${OHAI_KEY_ID}" + +# Verify we have a valid key ID +if [ -z "$OHAI_KEY_ID" ]; then + echo "ERROR: Could not extract OHAI key ID" + gpg --list-secret-keys + exit 1 +fi echo "%_gpg_name ${OHAI_KEY_ID}" > ~/.rpmmacros_sha256 echo "%_signature gpg" >> ~/.rpmmacros_sha256 From 9c3a330017555d4f2bb060baeac3cbc9858479ce Mon Sep 17 00:00:00 2001 From: mbolla22 Date: Thu, 13 Nov 2025 14:21:04 +0530 Subject: [PATCH 10/23] Added rhel 10 for publish separatly --- build/sign.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/build/sign.sh b/build/sign.sh index 8b39b9a9f..c0ee8374e 100644 --- a/build/sign.sh +++ b/build/sign.sh @@ -56,15 +56,15 @@ echo "===> Create .rpmmacros for EL10 rpm's with OHAI GPG key" echo "===> Importing OHAI GPG private key for EL10 from GHA secrets..." printf %s ${OHAI_GPG_PRIVATE_KEY_SHA256_BASE64} | base64 -d | gpg --batch --import - -# Extract OHAI key ID using fingerprint (most reliable method) -echo "===> Extracting OHAI key ID..." -OHAI_KEY_ID=$(gpg --list-secret-keys --with-colons | grep "^fpr:" | tail -1 | cut -d: -f10) +# Use hardcoded OHAI key ID +echo "===> Using hardcoded OHAI key ID..." +OHAI_KEY_ID="0779B98F" echo "===> Using OHAI Key ID: ${OHAI_KEY_ID}" -# Verify we have a valid key ID -if [ -z "$OHAI_KEY_ID" ]; then - echo "ERROR: Could not extract OHAI key ID" +# Verify the key exists +if ! gpg --list-secret-keys | grep -q "$OHAI_KEY_ID"; then + echo "ERROR: OHAI key ID $OHAI_KEY_ID not found" gpg --list-secret-keys exit 1 fi From b1cfdec44fd3f7ec6d4edf2347c08f615c0b4125 Mon Sep 17 00:00:00 2001 From: mbolla22 Date: Thu, 13 Nov 2025 18:48:22 +0530 Subject: [PATCH 11/23] testing for publish action --- .github/workflows/prerelease_linux_on_demand.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/prerelease_linux_on_demand.yml b/.github/workflows/prerelease_linux_on_demand.yml index a8448ac78..e0955c741 100644 --- a/.github/workflows/prerelease_linux_on_demand.yml +++ b/.github/workflows/prerelease_linux_on_demand.yml @@ -98,7 +98,7 @@ jobs: - name: Publish NON-FIPS deb to S3 action if: ${{ inputs.BUILD_MODE == 'ALL' || inputs.BUILD_MODE == 'NON-FIPS' }} - uses: newrelic/infrastructure-publish-action@v1 + uses: newrelic/infrastructure-publish-action@rhel10 with: tag: ${{env.FAKE_TAG}} app_name: "newrelic-infra" @@ -125,7 +125,7 @@ jobs: - name: Publish NON-FIPS rpm to S3 action (EL10) if: ${{ inputs.BUILD_MODE == 'ALL' || inputs.BUILD_MODE == 'NON-FIPS' }} - uses: newrelic/infrastructure-publish-action@v1 + uses: newrelic/infrastructure-publish-action@rhel10 with: tag: ${{env.FAKE_TAG}} app_name: "newrelic-infra" From 9ee5d88ecb194ae000dd47dd4a6bbb481d1fe96c Mon Sep 17 00:00:00 2001 From: mbolla22 Date: Mon, 17 Nov 2025 11:27:16 +0530 Subject: [PATCH 12/23] Testing pkg-installation-testing-action --- .github/workflows/component_molecule_packaging.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/component_molecule_packaging.yml b/.github/workflows/component_molecule_packaging.yml index 123aac54b..00b1dc396 100644 --- a/.github/workflows/component_molecule_packaging.yml +++ b/.github/workflows/component_molecule_packaging.yml @@ -10,7 +10,7 @@ on: required: false type: string description: 'Repository endpoint to fetch packages from' - default: "https://download.newrelic.com/infrastructure_agent" + default: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/testing-pre-releases/madhu_rhel10/infrastructure_agent" env: TAG: ${{ inputs.TAG }} @@ -22,19 +22,19 @@ jobs: runs-on: ubuntu-latest steps: - name: Test NON-FIPS package installation - uses: newrelic/pkg-installation-testing-action@v1 + uses: newrelic/pkg-installation-testing-action@rhel10 with: gpg_key: 'https://download.newrelic.com/infrastructure_agent/gpg/newrelic-infra.gpg' repo_base_url: ${{ inputs.REPO_ENDPOINT }} package_name: 'newrelic-infra' package_version: ${{ inputs.TAG }} - platforms: "al2,al2023,debian-bullseye,debian-bookworm,debian-trixie,redhat8,redhat9,redhat10,suse15.3,suse15.4,suse15.5,suse15.6,suse15.7,ubuntu1604,ubuntu1804,ubuntu2004,ubuntu2204,ubuntu2404" + platforms: "al2023,debian-bullseye,debian-bookworm,debian-trixie,redhat8,redhat9,redhat10,suse15.3,suse15.4,suse15.5,suse15.6,suse15.7,ubuntu1604,ubuntu1804,ubuntu2004,ubuntu2204,ubuntu2404" - name: Test FIPS package installation - uses: newrelic/pkg-installation-testing-action@v1 + uses: newrelic/pkg-installation-testing-action@rhel10 with: gpg_key: 'https://download.newrelic.com/infrastructure_agent/gpg/newrelic-infra.gpg' repo_base_url: ${{ inputs.REPO_ENDPOINT }} package_name: 'newrelic-infra-fips' exec_name: 'newrelic-infra' package_version: ${{ inputs.TAG }} - platforms: "al2,al2023,debian-bullseye,debian-bookworm,debian-trixie,redhat8,redhat9,redhat10,suse15.3,suse15.4,suse15.5,suse15.6,suse15.7,ubuntu1604,ubuntu1804,ubuntu2004,ubuntu2204,ubuntu2404" + platforms: "al2023,debian-bullseye,debian-bookworm,debian-trixie,redhat8,redhat9,redhat10,suse15.3,suse15.4,suse15.5,suse15.6,suse15.7,ubuntu1604,ubuntu1804,ubuntu2004,ubuntu2204,ubuntu2404" From 3ffa10f500f9a26ab8948aae11296f5e6fd3662f Mon Sep 17 00:00:00 2001 From: mbolla22 Date: Mon, 17 Nov 2025 11:55:33 +0530 Subject: [PATCH 13/23] Testing pkg-installation-testing-action --- .github/workflows/molecule_packaging_tag.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/molecule_packaging_tag.yml b/.github/workflows/molecule_packaging_tag.yml index 66f1b7e53..d5fe005fd 100644 --- a/.github/workflows/molecule_packaging_tag.yml +++ b/.github/workflows/molecule_packaging_tag.yml @@ -18,4 +18,4 @@ jobs: uses: ./.github/workflows/component_molecule_packaging.yml with: TAG: "${{ github.event.inputs.tag }}" - REPO_ENDPOINT: ${{ github.event.inputs.staging == 'true' && 'http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/infrastructure_agent' || 'https://download.newrelic.com/infrastructure_agent' }} \ No newline at end of file + REPO_ENDPOINT: ${{ github.event.inputs.staging == 'true' && 'http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/testing-pre-releases/madhu_rhel10/infrastructure_agent' || 'https://download.newrelic.com/infrastructure_agent' }} \ No newline at end of file From 5847c3705e306c460877eccf83839fe89b7cd332 Mon Sep 17 00:00:00 2001 From: mbolla22 Date: Mon, 17 Nov 2025 21:04:16 +0530 Subject: [PATCH 14/23] Testing packaging ansible --- test/packaging/ansible/agent-upgrade.yml | 4 ++-- test/packaging/ansible/installation-pinned.yml | 6 +++--- test/packaging/ansible/installation-privileged.yml | 2 +- test/packaging/ansible/installation-root.yml | 2 +- test/packaging/ansible/installation-unprivileged.yml | 2 +- test/packaging/ansible/installation-windows.yml | 2 +- test/packaging/ansible/log-forwarder.yml | 8 ++++---- test/packaging/ansible/shutdown-and-terminate.yml | 2 +- 8 files changed, 14 insertions(+), 14 deletions(-) diff --git a/test/packaging/ansible/agent-upgrade.yml b/test/packaging/ansible/agent-upgrade.yml index 087e0f7df..e83ccb533 100644 --- a/test/packaging/ansible/agent-upgrade.yml +++ b/test/packaging/ansible/agent-upgrade.yml @@ -16,7 +16,7 @@ tasks: - name: agent upgrade tests suite vars: - target_agent_version: "1.60.0" + target_agent_version: "1.71.5" block: @@ -25,7 +25,7 @@ name: caos.ansible_roles.infra_agent vars: target_version: "{{ target_agent_version }}" - repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/infrastructure_agent" + repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/testing-pre-releases/madhu_rhel10/infrastructure_agent" fips_enabled: "{{ '-fips' in inventory_hostname }}" - name: Assert version diff --git a/test/packaging/ansible/installation-pinned.yml b/test/packaging/ansible/installation-pinned.yml index 2ba9e8dd6..971413622 100644 --- a/test/packaging/ansible/installation-pinned.yml +++ b/test/packaging/ansible/installation-pinned.yml @@ -15,8 +15,8 @@ tasks: - name: Installation tests suite vars: - target_agent_version: "1.57.1" # minimum version for ubuntu sles 15.6 - target_agent_version_fips: "1.60.0" # minimum version for FIPS + target_agent_version: "1.71.5" # minimum version for ubuntu sles 15.6 + target_agent_version_fips: "1.71.5" # minimum version for FIPS block: - name: Install agent @@ -24,7 +24,7 @@ name: caos.ansible_roles.infra_agent vars: target_version: "{{ target_agent_version_fips if ('-fips' in inventory_hostname) else target_agent_version }}" - repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/infrastructure_agent" + repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/testing-pre-releases/madhu_rhel10/infrastructure_agent" fips_enabled: "{{ '-fips' in inventory_hostname }}" - name: Assert version diff --git a/test/packaging/ansible/installation-privileged.yml b/test/packaging/ansible/installation-privileged.yml index 0a18dba1c..583c9c9a2 100644 --- a/test/packaging/ansible/installation-privileged.yml +++ b/test/packaging/ansible/installation-privileged.yml @@ -25,7 +25,7 @@ ansible.builtin.include_role: name: caos.ansible_roles.infra_agent vars: - repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/infrastructure_agent" + repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/testing-pre-releases/madhu_rhel10/infrastructure_agent" fips_enabled: "{{ '-fips' in inventory_hostname }}" - name: Assert privileged caps diff --git a/test/packaging/ansible/installation-root.yml b/test/packaging/ansible/installation-root.yml index 04ca099cd..d9497a5d4 100644 --- a/test/packaging/ansible/installation-root.yml +++ b/test/packaging/ansible/installation-root.yml @@ -25,7 +25,7 @@ ansible.builtin.include_role: name: caos.ansible_roles.infra_agent vars: - repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/infrastructure_agent" + repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/testing-pre-releases/madhu_rhel10/infrastructure_agent" fips_enabled: "{{ '-fips' in inventory_hostname }}" - name: Assert root diff --git a/test/packaging/ansible/installation-unprivileged.yml b/test/packaging/ansible/installation-unprivileged.yml index 488074047..8aec48484 100644 --- a/test/packaging/ansible/installation-unprivileged.yml +++ b/test/packaging/ansible/installation-unprivileged.yml @@ -25,7 +25,7 @@ ansible.builtin.include_role: name: caos.ansible_roles.infra_agent vars: - repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/infrastructure_agent" + repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/testing-pre-releases/madhu_rhel10/infrastructure_agent" fips_enabled: "{{ '-fips' in inventory_hostname }}" - name: Assert no privileged caps diff --git a/test/packaging/ansible/installation-windows.yml b/test/packaging/ansible/installation-windows.yml index 49d0963b5..f79193292 100644 --- a/test/packaging/ansible/installation-windows.yml +++ b/test/packaging/ansible/installation-windows.yml @@ -23,7 +23,7 @@ name: caos.ansible_roles.infra_agent vars: target_version: "{{ target_agent_version }}" - repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/infrastructure_agent" + repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/testing-pre-releases/madhu_rhel10/infrastructure_agent" - name: Assert version include_role: diff --git a/test/packaging/ansible/log-forwarder.yml b/test/packaging/ansible/log-forwarder.yml index 4bc127392..81eb885da 100644 --- a/test/packaging/ansible/log-forwarder.yml +++ b/test/packaging/ansible/log-forwarder.yml @@ -43,7 +43,7 @@ vars: log_level: 'debug' log_forward: 'true' - repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/infrastructure_agent" + repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/testing-pre-releases/madhu_rhel10/infrastructure_agent" when: log_forwader_supported is defined # Not available for ARM yet @@ -90,7 +90,7 @@ vars: log_level: 'debug' log_forward: 'true' - repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/infrastructure_agent" + repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/testing-pre-releases/madhu_rhel10/infrastructure_agent" when: log_forwader_supported_arm64 is defined # Not available for ARM yet @@ -130,7 +130,7 @@ vars: log_level: 'debug' log_forward: 'true' - repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/infrastructure_agent" + repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/testing-pre-releases/madhu_rhel10/infrastructure_agent" when: log_forwader_supported is defined # Not available for ARM yet @@ -167,7 +167,7 @@ vars: log_level: 'debug' log_forward: 'true' - repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/infrastructure_agent" + repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/testing-pre-releases/madhu_rhel10/infrastructure_agent" when: log_forwader_supported is defined # Not available for ARM yet diff --git a/test/packaging/ansible/shutdown-and-terminate.yml b/test/packaging/ansible/shutdown-and-terminate.yml index ace3a6547..6c008796d 100644 --- a/test/packaging/ansible/shutdown-and-terminate.yml +++ b/test/packaging/ansible/shutdown-and-terminate.yml @@ -21,7 +21,7 @@ name: caos.ansible_roles.infra_agent vars: display_name: "{{ iid }}:{{ inventory_hostname }}" - repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/infrastructure_agent" + repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/testing-pre-releases/madhu_rhel10/infrastructure_agent" fips_enabled: "{{ '-fips' in inventory_hostname }}" - name: Install agent windows (HNR) From 88111b64a9994037bd957ea20f488736d6ff93fe Mon Sep 17 00:00:00 2001 From: mbolla22 Date: Mon, 17 Nov 2025 22:15:58 +0530 Subject: [PATCH 15/23] Testing packaging ansible --- test/provision/terraform/caos.auto.tfvars.dist | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/provision/terraform/caos.auto.tfvars.dist b/test/provision/terraform/caos.auto.tfvars.dist index 3cb83e7c1..dd1288704 100644 --- a/test/provision/terraform/caos.auto.tfvars.dist +++ b/test/provision/terraform/caos.auto.tfvars.dist @@ -2,9 +2,9 @@ ec2_prefix = "PREFIX:TAG_OR_UNIQUE_NAME" windows_ec2 = ["windows_2016", "windows_2019", "windows_2022", "windows_2025"] -linux_ec2_amd = ["amd64:ubuntu24.04", "amd64:ubuntu22.04", "amd64:ubuntu20.04", "amd64:ubuntu18.04", "amd64:ubuntu16.04", "amd64:centos-stream", "amd64:sles-12.5", "amd64:sles-15.3", "amd64:sles-15.4", "amd64:sles-15.5", "amd64:sles-15.6", "amd64:sles-15.7", "amd64:redhat-8.4", "amd64:redhat-9.0", "amd64:redhat-10.0", "amd64:debian-bookworm", "amd64:debian-trixie", "amd64:al-2", "amd64:al-2023", "amd64:al-2023-fips"] +linux_ec2_amd = ["amd64:ubuntu24.04", "amd64:ubuntu22.04", "amd64:ubuntu20.04", "amd64:ubuntu18.04", "amd64:ubuntu16.04", "amd64:centos-stream", "amd64:sles-12.5", "amd64:sles-15.3", "amd64:sles-15.4", "amd64:sles-15.5", "amd64:sles-15.6", "amd64:sles-15.7", "amd64:redhat-8.4", "amd64:redhat-9.0", "amd64:redhat-10.0", "amd64:debian-bookworm", "amd64:debian-trixie", "amd64:al-2"] -linux_ec2_arm = ["arm64:ubuntu24.04", "arm64:ubuntu22.04", "arm64:ubuntu20.04", "arm64:ubuntu18.04", "arm64:ubuntu16.04", "arm64:centos-stream", "arm64:sles-15.4", "arm64:sles-15.5", "arm64:sles-15.6", "arm64:sles-15.7", "arm64:redhat-9.0", "arm64:redhat-10.0", "arm64:debian-bookworm", "arm64:debian-trixie", "arm64:al-2", "arm64:al-2023", "arm64:al-2023-fips"] +linux_ec2_arm = ["arm64:ubuntu24.04", "arm64:ubuntu22.04", "arm64:ubuntu20.04", "arm64:ubuntu18.04", "arm64:ubuntu16.04", "arm64:centos-stream", "arm64:sles-15.4", "arm64:sles-15.5", "arm64:sles-15.6", "arm64:sles-15.7", "arm64:redhat-9.0", "arm64:redhat-10.0", "arm64:debian-bookworm", "arm64:debian-trixie", "arm64:al-2"] ssh_pub_key = "AAAAB3NzaC1yc2EAAAADAQABAAABAQDH9C7BS2XrtXGXFFyL0pNku/Hfy84RliqvYKpuslJFeUivf5QY6Ipi8yXfXn6TsRDbdxfGPi6oOR60Fa+4cJmCo6N5g57hBS6f2IdzQBNrZr7i1I/a3cFeK6XOc1G1tQaurx7Pu+qvACfJjLXKG66tHlaVhAHd/1l2FocgFNUDFFuKS3mnzt9hKys7sB4aO3O0OdohN/0NJC4ldV8/OmeXqqfkiPWcgPx3C8bYyXCX7QJNBHKrzbX1jW51Px7SIDWFDV6kxGwpQGGBMJg/k79gjjM+jhn4fg1/VP/Fx37mAnfLqpcTfiOkzSE80ORGefQ1XfGK/Dpa3ITrzRYW8xlR caos-dev-arm" pvt_key = "~/.ssh/caos-dev-arm.cer" From acb3604e13cf6932bf044ef1c27496331883addd Mon Sep 17 00:00:00 2001 From: mbolla22 Date: Mon, 17 Nov 2025 22:26:41 +0530 Subject: [PATCH 16/23] Testing packaging ansible --- .../ansible/group_vars/localhost/main.yml | 40 ------------------- 1 file changed, 40 deletions(-) diff --git a/test/automated/ansible/group_vars/localhost/main.yml b/test/automated/ansible/group_vars/localhost/main.yml index 4ecc3f768..67289a235 100644 --- a/test/automated/ansible/group_vars/localhost/main.yml +++ b/test/automated/ansible/group_vars/localhost/main.yml @@ -297,46 +297,6 @@ instances: python_interpreter: "/usr/bin/python" launch_template: "LaunchTemplateId=lt-0b00afb3f5110a0e6,Version=3" ############################ - # amazon linux 2023 amd64 - ############################ - - ami: "ami-0103f211a154d64a6" - type: "t3a.small" - name: "amd64:al-2023" - username: "ec2-user" - platform: "linux" - python_interpreter: "/usr/bin/python3" - launch_template: "LaunchTemplateId=lt-0b00afb3f5110a0e6,Version=3" - ################################# - # amazon linux 2023 amd64 FIPS - ################################# - - ami: "ami-085fa628e46dcb929" - type: "t3a.small" - name: "amd64:al-2023-fips" - username: "ec2-user" - platform: "linux" - python_interpreter: "/usr/bin/python3" - launch_template: "LaunchTemplateId=lt-0b00afb3f5110a0e6,Version=3" - ############################ - # amazon linux 2023 arm64 - ############################ - - ami: "ami-07d16074c2fdf3a19" - type: "t4g.small" - name: "arm64:al-2023" - username: "ec2-user" - platform: "linux" - python_interpreter: "/usr/bin/python3" - launch_template: "LaunchTemplateId=lt-0b00afb3f5110a0e6,Version=3" - ################################# - # amazon linux 2023 arm64 FIPS - ################################# - - ami: "ami-06014e12b8efb52e2" - type: "t4g.small" - name: "arm64:al-2023-fips" - username: "ec2-user" - platform: "linux" - python_interpreter: "/usr/bin/python3" - launch_template: "LaunchTemplateId=lt-0b00afb3f5110a0e6,Version=3" - ############################ # windows amd64 ############################ - ami: "ami-03d46abfa414238dd" From 5c7b6dc4ceb84a58e642261b468d40aa885584a4 Mon Sep 17 00:00:00 2001 From: mbolla22 Date: Tue, 18 Nov 2025 11:00:56 +0530 Subject: [PATCH 17/23] Testing with latest env-provisioner --- .../ansible/group_vars/localhost/main.yml | 40 +++++++++++++++++++ .../provision/terraform/caos.auto.tfvars.dist | 4 +- test/provision/terraform/main.tf | 2 +- 3 files changed, 43 insertions(+), 3 deletions(-) diff --git a/test/automated/ansible/group_vars/localhost/main.yml b/test/automated/ansible/group_vars/localhost/main.yml index 67289a235..4ecc3f768 100644 --- a/test/automated/ansible/group_vars/localhost/main.yml +++ b/test/automated/ansible/group_vars/localhost/main.yml @@ -297,6 +297,46 @@ instances: python_interpreter: "/usr/bin/python" launch_template: "LaunchTemplateId=lt-0b00afb3f5110a0e6,Version=3" ############################ + # amazon linux 2023 amd64 + ############################ + - ami: "ami-0103f211a154d64a6" + type: "t3a.small" + name: "amd64:al-2023" + username: "ec2-user" + platform: "linux" + python_interpreter: "/usr/bin/python3" + launch_template: "LaunchTemplateId=lt-0b00afb3f5110a0e6,Version=3" + ################################# + # amazon linux 2023 amd64 FIPS + ################################# + - ami: "ami-085fa628e46dcb929" + type: "t3a.small" + name: "amd64:al-2023-fips" + username: "ec2-user" + platform: "linux" + python_interpreter: "/usr/bin/python3" + launch_template: "LaunchTemplateId=lt-0b00afb3f5110a0e6,Version=3" + ############################ + # amazon linux 2023 arm64 + ############################ + - ami: "ami-07d16074c2fdf3a19" + type: "t4g.small" + name: "arm64:al-2023" + username: "ec2-user" + platform: "linux" + python_interpreter: "/usr/bin/python3" + launch_template: "LaunchTemplateId=lt-0b00afb3f5110a0e6,Version=3" + ################################# + # amazon linux 2023 arm64 FIPS + ################################# + - ami: "ami-06014e12b8efb52e2" + type: "t4g.small" + name: "arm64:al-2023-fips" + username: "ec2-user" + platform: "linux" + python_interpreter: "/usr/bin/python3" + launch_template: "LaunchTemplateId=lt-0b00afb3f5110a0e6,Version=3" + ############################ # windows amd64 ############################ - ami: "ami-03d46abfa414238dd" diff --git a/test/provision/terraform/caos.auto.tfvars.dist b/test/provision/terraform/caos.auto.tfvars.dist index dd1288704..3cb83e7c1 100644 --- a/test/provision/terraform/caos.auto.tfvars.dist +++ b/test/provision/terraform/caos.auto.tfvars.dist @@ -2,9 +2,9 @@ ec2_prefix = "PREFIX:TAG_OR_UNIQUE_NAME" windows_ec2 = ["windows_2016", "windows_2019", "windows_2022", "windows_2025"] -linux_ec2_amd = ["amd64:ubuntu24.04", "amd64:ubuntu22.04", "amd64:ubuntu20.04", "amd64:ubuntu18.04", "amd64:ubuntu16.04", "amd64:centos-stream", "amd64:sles-12.5", "amd64:sles-15.3", "amd64:sles-15.4", "amd64:sles-15.5", "amd64:sles-15.6", "amd64:sles-15.7", "amd64:redhat-8.4", "amd64:redhat-9.0", "amd64:redhat-10.0", "amd64:debian-bookworm", "amd64:debian-trixie", "amd64:al-2"] +linux_ec2_amd = ["amd64:ubuntu24.04", "amd64:ubuntu22.04", "amd64:ubuntu20.04", "amd64:ubuntu18.04", "amd64:ubuntu16.04", "amd64:centos-stream", "amd64:sles-12.5", "amd64:sles-15.3", "amd64:sles-15.4", "amd64:sles-15.5", "amd64:sles-15.6", "amd64:sles-15.7", "amd64:redhat-8.4", "amd64:redhat-9.0", "amd64:redhat-10.0", "amd64:debian-bookworm", "amd64:debian-trixie", "amd64:al-2", "amd64:al-2023", "amd64:al-2023-fips"] -linux_ec2_arm = ["arm64:ubuntu24.04", "arm64:ubuntu22.04", "arm64:ubuntu20.04", "arm64:ubuntu18.04", "arm64:ubuntu16.04", "arm64:centos-stream", "arm64:sles-15.4", "arm64:sles-15.5", "arm64:sles-15.6", "arm64:sles-15.7", "arm64:redhat-9.0", "arm64:redhat-10.0", "arm64:debian-bookworm", "arm64:debian-trixie", "arm64:al-2"] +linux_ec2_arm = ["arm64:ubuntu24.04", "arm64:ubuntu22.04", "arm64:ubuntu20.04", "arm64:ubuntu18.04", "arm64:ubuntu16.04", "arm64:centos-stream", "arm64:sles-15.4", "arm64:sles-15.5", "arm64:sles-15.6", "arm64:sles-15.7", "arm64:redhat-9.0", "arm64:redhat-10.0", "arm64:debian-bookworm", "arm64:debian-trixie", "arm64:al-2", "arm64:al-2023", "arm64:al-2023-fips"] ssh_pub_key = "AAAAB3NzaC1yc2EAAAADAQABAAABAQDH9C7BS2XrtXGXFFyL0pNku/Hfy84RliqvYKpuslJFeUivf5QY6Ipi8yXfXn6TsRDbdxfGPi6oOR60Fa+4cJmCo6N5g57hBS6f2IdzQBNrZr7i1I/a3cFeK6XOc1G1tQaurx7Pu+qvACfJjLXKG66tHlaVhAHd/1l2FocgFNUDFFuKS3mnzt9hKys7sB4aO3O0OdohN/0NJC4ldV8/OmeXqqfkiPWcgPx3C8bYyXCX7QJNBHKrzbX1jW51Px7SIDWFDV6kxGwpQGGBMJg/k79gjjM+jhn4fg1/VP/Fx37mAnfLqpcTfiOkzSE80ORGefQ1XfGK/Dpa3ITrzRYW8xlR caos-dev-arm" pvt_key = "~/.ssh/caos-dev-arm.cer" diff --git a/test/provision/terraform/main.tf b/test/provision/terraform/main.tf index 4d5396bf2..4bf29cffd 100644 --- a/test/provision/terraform/main.tf +++ b/test/provision/terraform/main.tf @@ -59,7 +59,7 @@ locals { } module "env-provisioner" { - source = "git::https://github.com/newrelic-experimental/env-provisioner//terraform/otel-ec2" + source = "git::https://github.com/newrelic-experimental/env-provisioner//terraform/otel-ec2?ref=rhel10" ec2_prefix = var.ec2_prefix ec2_filters = local.filtered_ec2 ec2_delimiter = "-" From 62051ab0f1f1b0ce1b965f5b80206f25924a51a0 Mon Sep 17 00:00:00 2001 From: mbolla22 Date: Tue, 18 Nov 2025 11:56:01 +0530 Subject: [PATCH 18/23] Testing with latest caos.ansible_roles --- test/ansible/requirements.yml | 1 + test/canaries/requirements.yml | 1 + test/provision/terraform/requirements.yml | 1 + 3 files changed, 3 insertions(+) diff --git a/test/ansible/requirements.yml b/test/ansible/requirements.yml index d58ead113..2b77adf3c 100644 --- a/test/ansible/requirements.yml +++ b/test/ansible/requirements.yml @@ -1,3 +1,4 @@ collections: - name: git+https://github.com/newrelic-experimental/caos-ansible-roles.git#/caos.ansible_roles/ type: git + version: rhel10 diff --git a/test/canaries/requirements.yml b/test/canaries/requirements.yml index db3e14dfa..e1bbf4d01 100644 --- a/test/canaries/requirements.yml +++ b/test/canaries/requirements.yml @@ -1,6 +1,7 @@ collections: - name: git+https://github.com/newrelic-experimental/caos-ansible-roles.git#/caos.ansible_roles/ type: git + version: rhel10 roles: - name: geerlingguy.pip diff --git a/test/provision/terraform/requirements.yml b/test/provision/terraform/requirements.yml index db3e14dfa..e1bbf4d01 100644 --- a/test/provision/terraform/requirements.yml +++ b/test/provision/terraform/requirements.yml @@ -1,6 +1,7 @@ collections: - name: git+https://github.com/newrelic-experimental/caos-ansible-roles.git#/caos.ansible_roles/ type: git + version: rhel10 roles: - name: geerlingguy.pip From fe6b5591864f47a2b9bc7316723ed1874f1dd753 Mon Sep 17 00:00:00 2001 From: mbolla22 Date: Tue, 18 Nov 2025 15:03:50 +0530 Subject: [PATCH 19/23] Testing with latest caos.ansible_roles --- test/packaging/ansible/agent-upgrade.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/packaging/ansible/agent-upgrade.yml b/test/packaging/ansible/agent-upgrade.yml index e83ccb533..5d333f3e0 100644 --- a/test/packaging/ansible/agent-upgrade.yml +++ b/test/packaging/ansible/agent-upgrade.yml @@ -16,7 +16,7 @@ tasks: - name: agent upgrade tests suite vars: - target_agent_version: "1.71.5" + target_agent_version: "1.71.6" block: From 846e800cda32d165f15207de5743b4f12bfd82fe Mon Sep 17 00:00:00 2001 From: mbolla22 Date: Tue, 18 Nov 2025 19:52:38 +0530 Subject: [PATCH 20/23] Testing with latest caos.ansible_roles --- test/packaging/ansible/agent-upgrade.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/packaging/ansible/agent-upgrade.yml b/test/packaging/ansible/agent-upgrade.yml index 5d333f3e0..e83ccb533 100644 --- a/test/packaging/ansible/agent-upgrade.yml +++ b/test/packaging/ansible/agent-upgrade.yml @@ -16,7 +16,7 @@ tasks: - name: agent upgrade tests suite vars: - target_agent_version: "1.71.6" + target_agent_version: "1.71.5" block: From f396998981949d30aad752b8dc78ae4c20f092b9 Mon Sep 17 00:00:00 2001 From: mbolla22 Date: Wed, 19 Nov 2025 14:06:31 +0530 Subject: [PATCH 21/23] Removed all the testing paths --- .../workflows/build_agent_rc_container.yml | 1 - .../workflows/component_linux_packaging.yml | 3 ++ .github/workflows/component_linux_publish.yml | 24 ++++++++++- .../component_molecule_packaging.yml | 10 ++--- .github/workflows/molecule_packaging_tag.yml | 2 +- .github/workflows/prerelease_linux.yml | 8 ++++ .../workflows/prerelease_linux_on_demand.yml | 34 ++++++++++++++-- build/ci.mk | 1 + build/sign.sh | 13 ------ build/upload-schema-linux-rpm-fips-latest.yml | 40 +++++++++++++++++++ ...yml => upload-schema-linux-rpm-latest.yml} | 0 test/ansible/requirements.yml | 1 - test/canaries/requirements.yml | 1 - test/packaging/ansible/agent-upgrade.yml | 2 +- .../packaging/ansible/installation-pinned.yml | 2 +- .../ansible/installation-privileged.yml | 2 +- test/packaging/ansible/installation-root.yml | 2 +- .../ansible/installation-unprivileged.yml | 2 +- .../ansible/installation-windows.yml | 2 +- test/packaging/ansible/log-forwarder.yml | 8 ++-- .../ansible/shutdown-and-terminate.yml | 2 +- test/provision/terraform/main.tf | 2 +- test/provision/terraform/requirements.yml | 1 - 23 files changed, 123 insertions(+), 40 deletions(-) create mode 100644 build/upload-schema-linux-rpm-fips-latest.yml rename build/{upload-schema-linux-rpm-el10.yml => upload-schema-linux-rpm-latest.yml} (100%) diff --git a/.github/workflows/build_agent_rc_container.yml b/.github/workflows/build_agent_rc_container.yml index bfc23e398..41885ac83 100644 --- a/.github/workflows/build_agent_rc_container.yml +++ b/.github/workflows/build_agent_rc_container.yml @@ -16,7 +16,6 @@ jobs: GPG_MAIL: 'infrastructure-eng@newrelic.com' GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded - OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} # base64 encoded GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: TAG: ${{ github.event.inputs.tag }} \ No newline at end of file diff --git a/.github/workflows/component_linux_packaging.yml b/.github/workflows/component_linux_packaging.yml index eb1268fe3..0d3165724 100644 --- a/.github/workflows/component_linux_packaging.yml +++ b/.github/workflows/component_linux_packaging.yml @@ -15,6 +15,8 @@ on: required: true OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: required: true + OHAI_KEY_ID: + required: true GH_TOKEN: required: true inputs: @@ -35,6 +37,7 @@ env: GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.GPG_PRIVATE_KEY_BASE64 }} # base64 encoded OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} # base64 encoded + OHAI_KEY_ID: ${{ secrets.OHAI_KEY_ID }} TAG: ${{ inputs.TAG }} DOCKER_HUB_ID: ${{ secrets.DOCKER_HUB_ID }} DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }} diff --git a/.github/workflows/component_linux_publish.yml b/.github/workflows/component_linux_publish.yml index 14b189653..dc48f7825 100644 --- a/.github/workflows/component_linux_publish.yml +++ b/.github/workflows/component_linux_publish.yml @@ -111,5 +111,27 @@ jobs: # used for signing package stuff gpg_passphrase: ${{ env.GPG_PASSPHRASE }} gpg_private_key_base64: ${{ env.GPG_PRIVATE_KEY_BASE64 }} - ohai_gpg_private_key_sha256_base64: ${{ env.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} disable_lock: ${{ env.DISABLE_LOCK }} + + - name: Publish ${{ matrix.assetsType }} latest to S3 action + if: ${{ (env.ASSETS_TYPE == 'rpm' || 'rpm' == matrix.assetsType) }} + uses: newrelic/infrastructure-publish-action@v1 + with: + tag: ${{env.TAG}} + app_name: "newrelic-infra${{ matrix.suffix }}" + repo_name: "newrelic/infrastructure-agent" + schema: "custom" + schema_url: "https://raw.githubusercontent.com/newrelic/infrastructure-agent/${{ env.SCHEMA_BRANCH }}/build/upload-schema-linux-${{ matrix.assetsType }}${{ matrix.suffix }}-latest.yml" + aws_access_key_id: ${{ env.AWS_ACCESS_KEY_ID }} + aws_secret_access_key: ${{ env.AWS_SECRET_ACCESS_KEY }} + aws_s3_bucket_name: ${{ env.AWS_S3_BUCKET_NAME }} + aws_s3_lock_bucket_name: ${{ env.AWS_S3_LOCK_BUCKET_NAME }} + access_point_host: ${{ env.ACCESS_POINT_HOST }} + run_id: ${{ env.RUN_ID }} + aws_region: ${{ env.AWS_REGION }} + aws_role_session_name: ${{ env.AWS_ROLE_SESSION_NAME }} + aws_role_arn: ${{ env.AWS_ROLE_ARN }} + # used for signing package stuff + gpg_passphrase: ${{ env.GPG_PASSPHRASE }} + gpg_private_key_base64: ${{ env.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} + disable_lock: ${{ env.DISABLE_LOCK }} \ No newline at end of file diff --git a/.github/workflows/component_molecule_packaging.yml b/.github/workflows/component_molecule_packaging.yml index 00b1dc396..ce99fcdf2 100644 --- a/.github/workflows/component_molecule_packaging.yml +++ b/.github/workflows/component_molecule_packaging.yml @@ -10,7 +10,7 @@ on: required: false type: string description: 'Repository endpoint to fetch packages from' - default: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/testing-pre-releases/madhu_rhel10/infrastructure_agent" + default: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/infrastructure_agent" env: TAG: ${{ inputs.TAG }} @@ -22,19 +22,19 @@ jobs: runs-on: ubuntu-latest steps: - name: Test NON-FIPS package installation - uses: newrelic/pkg-installation-testing-action@rhel10 + uses: newrelic/pkg-installation-testing-action@v1 with: gpg_key: 'https://download.newrelic.com/infrastructure_agent/gpg/newrelic-infra.gpg' repo_base_url: ${{ inputs.REPO_ENDPOINT }} package_name: 'newrelic-infra' package_version: ${{ inputs.TAG }} - platforms: "al2023,debian-bullseye,debian-bookworm,debian-trixie,redhat8,redhat9,redhat10,suse15.3,suse15.4,suse15.5,suse15.6,suse15.7,ubuntu1604,ubuntu1804,ubuntu2004,ubuntu2204,ubuntu2404" + platforms: "al2,al2023,debian-bullseye,debian-bookworm,debian-trixie,redhat8,redhat9,redhat10,suse15.3,suse15.4,suse15.5,suse15.6,suse15.7,ubuntu1604,ubuntu1804,ubuntu2004,ubuntu2204,ubuntu2404" - name: Test FIPS package installation - uses: newrelic/pkg-installation-testing-action@rhel10 + uses: newrelic/pkg-installation-testing-action@v1 with: gpg_key: 'https://download.newrelic.com/infrastructure_agent/gpg/newrelic-infra.gpg' repo_base_url: ${{ inputs.REPO_ENDPOINT }} package_name: 'newrelic-infra-fips' exec_name: 'newrelic-infra' package_version: ${{ inputs.TAG }} - platforms: "al2023,debian-bullseye,debian-bookworm,debian-trixie,redhat8,redhat9,redhat10,suse15.3,suse15.4,suse15.5,suse15.6,suse15.7,ubuntu1604,ubuntu1804,ubuntu2004,ubuntu2204,ubuntu2404" + platforms: "al2,al2023,debian-bullseye,debian-bookworm,debian-trixie,redhat8,redhat9,redhat10,suse15.3,suse15.4,suse15.5,suse15.6,suse15.7,ubuntu1604,ubuntu1804,ubuntu2004,ubuntu2204,ubuntu2404" diff --git a/.github/workflows/molecule_packaging_tag.yml b/.github/workflows/molecule_packaging_tag.yml index d5fe005fd..66f1b7e53 100644 --- a/.github/workflows/molecule_packaging_tag.yml +++ b/.github/workflows/molecule_packaging_tag.yml @@ -18,4 +18,4 @@ jobs: uses: ./.github/workflows/component_molecule_packaging.yml with: TAG: "${{ github.event.inputs.tag }}" - REPO_ENDPOINT: ${{ github.event.inputs.staging == 'true' && 'http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/testing-pre-releases/madhu_rhel10/infrastructure_agent' || 'https://download.newrelic.com/infrastructure_agent' }} \ No newline at end of file + REPO_ENDPOINT: ${{ github.event.inputs.staging == 'true' && 'http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/infrastructure_agent' || 'https://download.newrelic.com/infrastructure_agent' }} \ No newline at end of file diff --git a/.github/workflows/prerelease_linux.yml b/.github/workflows/prerelease_linux.yml index dd105e7ea..fa0b063a7 100644 --- a/.github/workflows/prerelease_linux.yml +++ b/.github/workflows/prerelease_linux.yml @@ -28,6 +28,7 @@ jobs: GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} # base64 encoded + OHAI_KEY_ID: ${{ secrets.OHAI_KEY_ID }} GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: TAG: ${{ github.event.release.tag_name }} @@ -43,6 +44,7 @@ jobs: GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} # base64 encoded + OHAI_KEY_ID: ${{ secrets.OHAI_KEY_ID }} GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: TAG: ${{ github.event.release.tag_name }} @@ -59,6 +61,7 @@ jobs: GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} # base64 encoded + OHAI_KEY_ID: ${{ secrets.OHAI_KEY_ID }} GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: TAG: ${{ github.event.release.tag_name }} @@ -74,6 +77,7 @@ jobs: GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} # base64 encoded + OHAI_KEY_ID: ${{ secrets.OHAI_KEY_ID }} GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: TAG: ${{ github.event.release.tag_name }} @@ -89,6 +93,7 @@ jobs: GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} # base64 encoded + OHAI_KEY_ID: ${{ secrets.OHAI_KEY_ID }} GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: TAG: ${{ github.event.release.tag_name }} @@ -105,6 +110,7 @@ jobs: GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} # base64 encoded + OHAI_KEY_ID: ${{ secrets.OHAI_KEY_ID }} GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: TAG: ${{ github.event.release.tag_name }} @@ -120,6 +126,7 @@ jobs: GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} # base64 encoded + OHAI_KEY_ID: ${{ secrets.OHAI_KEY_ID }} GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: TAG: ${{ github.event.release.tag_name }} @@ -141,6 +148,7 @@ jobs: GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} # base64 encoded + OHAI_KEY_ID: ${{ secrets.OHAI_KEY_ID }} GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: TAG: ${{ github.event.release.tag_name }} diff --git a/.github/workflows/prerelease_linux_on_demand.yml b/.github/workflows/prerelease_linux_on_demand.yml index e0955c741..be815ae54 100644 --- a/.github/workflows/prerelease_linux_on_demand.yml +++ b/.github/workflows/prerelease_linux_on_demand.yml @@ -32,6 +32,7 @@ env: GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded OHAI_GPG_PRIVATE_KEY_SHA256_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} # base64 encoded + OHAI_KEY_ID: ${{ secrets.OHAI_KEY_ID }} BRANCH: ${{ github.event.inputs.branch }} # publish packages to a custom path DEST_PREFIX: ${{ github.event.inputs.dest_prefix }} @@ -98,7 +99,7 @@ jobs: - name: Publish NON-FIPS deb to S3 action if: ${{ inputs.BUILD_MODE == 'ALL' || inputs.BUILD_MODE == 'NON-FIPS' }} - uses: newrelic/infrastructure-publish-action@rhel10 + uses: newrelic/infrastructure-publish-action@v1 with: tag: ${{env.FAKE_TAG}} app_name: "newrelic-infra" @@ -123,15 +124,15 @@ jobs: local_packages_path: "/srv/dist/" apt_skip_mirror: ${{ env.SKIP_MIRROR_REPO }} - - name: Publish NON-FIPS rpm to S3 action (EL10) + - name: Publish NON-FIPS rpm to S3 action for latest OS if: ${{ inputs.BUILD_MODE == 'ALL' || inputs.BUILD_MODE == 'NON-FIPS' }} - uses: newrelic/infrastructure-publish-action@rhel10 + uses: newrelic/infrastructure-publish-action@v1 with: tag: ${{env.FAKE_TAG}} app_name: "newrelic-infra" repo_name: "newrelic/infrastructure-agent" schema: "custom" - schema_url: "https://raw.githubusercontent.com/newrelic/infrastructure-agent/${{ env.BRANCH }}/build/upload-schema-linux-rpm-el10.yml" + schema_url: "https://raw.githubusercontent.com/newrelic/infrastructure-agent/${{ env.BRANCH }}/build/upload-schema-linux-rpm-latest.yml" aws_access_key_id: ${{ env.AWS_ACCESS_KEY_ID }} aws_secret_access_key: ${{ env.AWS_SECRET_ACCESS_KEY }} aws_s3_bucket_name: ${{ env.AWS_S3_BUCKET_NAME }} @@ -243,6 +244,31 @@ jobs: local_packages_path: "/srv/dist/" apt_skip_mirror: ${{ env.SKIP_MIRROR_REPO }} + - name: Publish FIPS rpm to S3 action for latest OS + if: ${{ inputs.BUILD_MODE == 'ALL' || inputs.BUILD_MODE == 'FIPS' }} + uses: newrelic/infrastructure-publish-action@v1 + with: + tag: ${{env.FAKE_TAG}} + app_name: "newrelic-infra-fips" + repo_name: "newrelic/infrastructure-agent" + schema: "custom" + schema_url: "https://raw.githubusercontent.com/newrelic/infrastructure-agent/${{ env.BRANCH }}/build/upload-schema-linux-rpm-fips-latest.yml" + aws_access_key_id: ${{ env.AWS_ACCESS_KEY_ID }} + aws_secret_access_key: ${{ env.AWS_SECRET_ACCESS_KEY }} + aws_s3_bucket_name: ${{ env.AWS_S3_BUCKET_NAME }} + aws_s3_lock_bucket_name: ${{ env.AWS_S3_LOCK_BUCKET_NAME }} + access_point_host: ${{ env.ACCESS_POINT_HOST }} + run_id: ${{ env.RUN_ID }} + aws_region: ${{ env.AWS_REGION }} + aws_role_session_name: ${{ env.AWS_ROLE_SESSION_NAME }} + aws_role_arn: ${{ env.AWS_ROLE_ARN }} + # used for signing package stuff + gpg_passphrase: ${{ env.GPG_PASSPHRASE }} + gpg_private_key_base64: ${{ env.OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 }} + disable_lock: ${{ env.DISABLE_LOCK }} + dest_prefix: ${{ env.DEST_PREFIX }} + local_packages_path: "/srv/dist/" + - name: Publish FIPS rpm to S3 action if: ${{ inputs.BUILD_MODE == 'ALL' || inputs.BUILD_MODE == 'FIPS' }} uses: newrelic/infrastructure-publish-action@v1 diff --git a/build/ci.mk b/build/ci.mk index cafd0ca92..6aba83303 100644 --- a/build/ci.mk +++ b/build/ci.mk @@ -114,6 +114,7 @@ ifdef TAG -e GPG_PASSPHRASE \ -e GPG_PRIVATE_KEY_BASE64 \ -e OHAI_GPG_PRIVATE_KEY_SHA256_BASE64 \ + -e OHAI_KEY_ID \ -e SNAPSHOT=false \ -e FIPS=$(FIPS) \ $(BUILDER_IMG_TAG) make release-${TARGET_OS} diff --git a/build/sign.sh b/build/sign.sh index c0ee8374e..bccb0b57e 100644 --- a/build/sign.sh +++ b/build/sign.sh @@ -56,19 +56,6 @@ echo "===> Create .rpmmacros for EL10 rpm's with OHAI GPG key" echo "===> Importing OHAI GPG private key for EL10 from GHA secrets..." printf %s ${OHAI_GPG_PRIVATE_KEY_SHA256_BASE64} | base64 -d | gpg --batch --import - -# Use hardcoded OHAI key ID -echo "===> Using hardcoded OHAI key ID..." -OHAI_KEY_ID="0779B98F" - -echo "===> Using OHAI Key ID: ${OHAI_KEY_ID}" - -# Verify the key exists -if ! gpg --list-secret-keys | grep -q "$OHAI_KEY_ID"; then - echo "ERROR: OHAI key ID $OHAI_KEY_ID not found" - gpg --list-secret-keys - exit 1 -fi - echo "%_gpg_name ${OHAI_KEY_ID}" > ~/.rpmmacros_sha256 echo "%_signature gpg" >> ~/.rpmmacros_sha256 echo "%_gpg_path /root/.gnupg" >> ~/.rpmmacros_sha256 diff --git a/build/upload-schema-linux-rpm-fips-latest.yml b/build/upload-schema-linux-rpm-fips-latest.yml new file mode 100644 index 000000000..88a8fccf3 --- /dev/null +++ b/build/upload-schema-linux-rpm-fips-latest.yml @@ -0,0 +1,40 @@ +--- +- src: "newrelic-infra-fips-{version}-1.el{os_version}.{arch}.rpm" + arch: + - x86_64 + uploads: + - type: yum + dest: "{dest_prefix}linux/yum/el/{os_version}/{arch}/" + os_version: + - 10 + +- src: "newrelic-infra-fips-{version}-1.el{os_version}.{arch}.rpm" + arch: + - arm64 + uploads: + - type: yum + dest: "{dest_prefix}linux/yum/el/{os_version}/{arch}/" + os_version: + - 10 + +######################### + # UPLOAD CHECKSUMS # +######################### + +- src: "newrelic-infra-fips-{version}-1.el{os_version}.{arch}.rpm.sum" + arch: + - x86_64 + uploads: + - type: file + dest: "{dest_prefix}linux/yum/el/{os_version}/{arch}/{src}" + os_version: + - 10 + +- src: "newrelic-infra-fips-{version}-1.el{os_version}.{arch}.rpm.sum" + arch: + - arm64 + uploads: + - type: file + dest: "{dest_prefix}linux/yum/el/{os_version}/aarch64/{src}" + os_version: + - 10 diff --git a/build/upload-schema-linux-rpm-el10.yml b/build/upload-schema-linux-rpm-latest.yml similarity index 100% rename from build/upload-schema-linux-rpm-el10.yml rename to build/upload-schema-linux-rpm-latest.yml diff --git a/test/ansible/requirements.yml b/test/ansible/requirements.yml index 2b77adf3c..d58ead113 100644 --- a/test/ansible/requirements.yml +++ b/test/ansible/requirements.yml @@ -1,4 +1,3 @@ collections: - name: git+https://github.com/newrelic-experimental/caos-ansible-roles.git#/caos.ansible_roles/ type: git - version: rhel10 diff --git a/test/canaries/requirements.yml b/test/canaries/requirements.yml index e1bbf4d01..db3e14dfa 100644 --- a/test/canaries/requirements.yml +++ b/test/canaries/requirements.yml @@ -1,7 +1,6 @@ collections: - name: git+https://github.com/newrelic-experimental/caos-ansible-roles.git#/caos.ansible_roles/ type: git - version: rhel10 roles: - name: geerlingguy.pip diff --git a/test/packaging/ansible/agent-upgrade.yml b/test/packaging/ansible/agent-upgrade.yml index aa5b09a40..4db1942d6 100644 --- a/test/packaging/ansible/agent-upgrade.yml +++ b/test/packaging/ansible/agent-upgrade.yml @@ -25,7 +25,7 @@ name: caos.ansible_roles.infra_agent vars: target_version: "{{ target_agent_version }}" - repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/testing-pre-releases/madhu_rhel10/infrastructure_agent" + repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/infrastructure_agent" fips_enabled: "{{ '-fips' in inventory_hostname }}" - name: Assert version diff --git a/test/packaging/ansible/installation-pinned.yml b/test/packaging/ansible/installation-pinned.yml index 6156e7459..a62665d0f 100644 --- a/test/packaging/ansible/installation-pinned.yml +++ b/test/packaging/ansible/installation-pinned.yml @@ -23,7 +23,7 @@ name: caos.ansible_roles.infra_agent vars: target_version: "{{ target_agent_version_fips if ('-fips' in inventory_hostname) else target_agent_version }}" - repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/testing-pre-releases/madhu_rhel10/infrastructure_agent" + repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/infrastructure_agent" fips_enabled: "{{ '-fips' in inventory_hostname }}" - name: Assert version diff --git a/test/packaging/ansible/installation-privileged.yml b/test/packaging/ansible/installation-privileged.yml index 583c9c9a2..0a18dba1c 100644 --- a/test/packaging/ansible/installation-privileged.yml +++ b/test/packaging/ansible/installation-privileged.yml @@ -25,7 +25,7 @@ ansible.builtin.include_role: name: caos.ansible_roles.infra_agent vars: - repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/testing-pre-releases/madhu_rhel10/infrastructure_agent" + repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/infrastructure_agent" fips_enabled: "{{ '-fips' in inventory_hostname }}" - name: Assert privileged caps diff --git a/test/packaging/ansible/installation-root.yml b/test/packaging/ansible/installation-root.yml index d9497a5d4..04ca099cd 100644 --- a/test/packaging/ansible/installation-root.yml +++ b/test/packaging/ansible/installation-root.yml @@ -25,7 +25,7 @@ ansible.builtin.include_role: name: caos.ansible_roles.infra_agent vars: - repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/testing-pre-releases/madhu_rhel10/infrastructure_agent" + repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/infrastructure_agent" fips_enabled: "{{ '-fips' in inventory_hostname }}" - name: Assert root diff --git a/test/packaging/ansible/installation-unprivileged.yml b/test/packaging/ansible/installation-unprivileged.yml index 8aec48484..488074047 100644 --- a/test/packaging/ansible/installation-unprivileged.yml +++ b/test/packaging/ansible/installation-unprivileged.yml @@ -25,7 +25,7 @@ ansible.builtin.include_role: name: caos.ansible_roles.infra_agent vars: - repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/testing-pre-releases/madhu_rhel10/infrastructure_agent" + repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/infrastructure_agent" fips_enabled: "{{ '-fips' in inventory_hostname }}" - name: Assert no privileged caps diff --git a/test/packaging/ansible/installation-windows.yml b/test/packaging/ansible/installation-windows.yml index f79193292..49d0963b5 100644 --- a/test/packaging/ansible/installation-windows.yml +++ b/test/packaging/ansible/installation-windows.yml @@ -23,7 +23,7 @@ name: caos.ansible_roles.infra_agent vars: target_version: "{{ target_agent_version }}" - repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/testing-pre-releases/madhu_rhel10/infrastructure_agent" + repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/infrastructure_agent" - name: Assert version include_role: diff --git a/test/packaging/ansible/log-forwarder.yml b/test/packaging/ansible/log-forwarder.yml index 81eb885da..4bc127392 100644 --- a/test/packaging/ansible/log-forwarder.yml +++ b/test/packaging/ansible/log-forwarder.yml @@ -43,7 +43,7 @@ vars: log_level: 'debug' log_forward: 'true' - repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/testing-pre-releases/madhu_rhel10/infrastructure_agent" + repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/infrastructure_agent" when: log_forwader_supported is defined # Not available for ARM yet @@ -90,7 +90,7 @@ vars: log_level: 'debug' log_forward: 'true' - repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/testing-pre-releases/madhu_rhel10/infrastructure_agent" + repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/infrastructure_agent" when: log_forwader_supported_arm64 is defined # Not available for ARM yet @@ -130,7 +130,7 @@ vars: log_level: 'debug' log_forward: 'true' - repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/testing-pre-releases/madhu_rhel10/infrastructure_agent" + repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/infrastructure_agent" when: log_forwader_supported is defined # Not available for ARM yet @@ -167,7 +167,7 @@ vars: log_level: 'debug' log_forward: 'true' - repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/testing-pre-releases/madhu_rhel10/infrastructure_agent" + repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/infrastructure_agent" when: log_forwader_supported is defined # Not available for ARM yet diff --git a/test/packaging/ansible/shutdown-and-terminate.yml b/test/packaging/ansible/shutdown-and-terminate.yml index 6c008796d..ace3a6547 100644 --- a/test/packaging/ansible/shutdown-and-terminate.yml +++ b/test/packaging/ansible/shutdown-and-terminate.yml @@ -21,7 +21,7 @@ name: caos.ansible_roles.infra_agent vars: display_name: "{{ iid }}:{{ inventory_hostname }}" - repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/testing-pre-releases/madhu_rhel10/infrastructure_agent" + repo_endpoint: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/infrastructure_agent" fips_enabled: "{{ '-fips' in inventory_hostname }}" - name: Install agent windows (HNR) diff --git a/test/provision/terraform/main.tf b/test/provision/terraform/main.tf index 4bf29cffd..4d5396bf2 100644 --- a/test/provision/terraform/main.tf +++ b/test/provision/terraform/main.tf @@ -59,7 +59,7 @@ locals { } module "env-provisioner" { - source = "git::https://github.com/newrelic-experimental/env-provisioner//terraform/otel-ec2?ref=rhel10" + source = "git::https://github.com/newrelic-experimental/env-provisioner//terraform/otel-ec2" ec2_prefix = var.ec2_prefix ec2_filters = local.filtered_ec2 ec2_delimiter = "-" diff --git a/test/provision/terraform/requirements.yml b/test/provision/terraform/requirements.yml index e1bbf4d01..db3e14dfa 100644 --- a/test/provision/terraform/requirements.yml +++ b/test/provision/terraform/requirements.yml @@ -1,7 +1,6 @@ collections: - name: git+https://github.com/newrelic-experimental/caos-ansible-roles.git#/caos.ansible_roles/ type: git - version: rhel10 roles: - name: geerlingguy.pip From c8fa6d524f22d4d89039e1fbadab4dc90ac1e095 Mon Sep 17 00:00:00 2001 From: mbolla22 Date: Wed, 19 Nov 2025 14:18:31 +0530 Subject: [PATCH 22/23] Removed all the testing paths --- .github/workflows/component_molecule_packaging.yml | 2 +- .github/workflows/prerelease_linux_on_demand.yml | 2 +- build/upload-schema-linux-rpm-fips.yml | 4 ---- test/packaging/ansible/installation-pinned.yml | 1 + 4 files changed, 3 insertions(+), 6 deletions(-) diff --git a/.github/workflows/component_molecule_packaging.yml b/.github/workflows/component_molecule_packaging.yml index ce99fcdf2..123aac54b 100644 --- a/.github/workflows/component_molecule_packaging.yml +++ b/.github/workflows/component_molecule_packaging.yml @@ -10,7 +10,7 @@ on: required: false type: string description: 'Repository endpoint to fetch packages from' - default: "http://nr-downloads-ohai-staging.s3-website-us-east-1.amazonaws.com/infrastructure_agent" + default: "https://download.newrelic.com/infrastructure_agent" env: TAG: ${{ inputs.TAG }} diff --git a/.github/workflows/prerelease_linux_on_demand.yml b/.github/workflows/prerelease_linux_on_demand.yml index be815ae54..b8553a765 100644 --- a/.github/workflows/prerelease_linux_on_demand.yml +++ b/.github/workflows/prerelease_linux_on_demand.yml @@ -289,7 +289,7 @@ jobs: aws_role_arn: ${{ env.AWS_ROLE_ARN }} # used for signing package stuff gpg_passphrase: ${{ env.GPG_PASSPHRASE }} - gpg_private_key_base64: ${{ env.GPG_PRIVATE_KEY_BASE64 }} + gpg_private_key_base64: ${{ env.GPG_PRIVATE_KEY_BASE64 }} disable_lock: ${{ env.DISABLE_LOCK }} dest_prefix: ${{ env.DEST_PREFIX }} local_packages_path: "/srv/dist/" diff --git a/build/upload-schema-linux-rpm-fips.yml b/build/upload-schema-linux-rpm-fips.yml index efc51b9c7..dab995041 100644 --- a/build/upload-schema-linux-rpm-fips.yml +++ b/build/upload-schema-linux-rpm-fips.yml @@ -9,7 +9,6 @@ - 7 - 8 - 9 - - 10 - src: "newrelic-infra-fips-{version}-1.el{os_version}.{arch}.rpm" arch: @@ -21,7 +20,6 @@ - 7 - 8 - 9 - - 10 - src: "newrelic-infra-fips-{version}-1.sles{os_version}.{arch}.rpm" arch: @@ -78,7 +76,6 @@ - 7 - 8 - 9 - - 10 - src: "newrelic-infra-fips-{version}-1.el{os_version}.{arch}.rpm.sum" arch: @@ -90,7 +87,6 @@ - 7 - 8 - 9 - - 10 - src: "newrelic-infra-fips-{version}-1.sles{os_version}.{arch}.rpm.sum" arch: diff --git a/test/packaging/ansible/installation-pinned.yml b/test/packaging/ansible/installation-pinned.yml index a62665d0f..3d314133c 100644 --- a/test/packaging/ansible/installation-pinned.yml +++ b/test/packaging/ansible/installation-pinned.yml @@ -17,6 +17,7 @@ vars: target_agent_version: "1.71.0" # minimum version for debian 13 & sles 15.7 target_agent_version_fips: "1.71.0" # minimum version for debian 13 & sles 15.7 + block: - name: Install agent ansible.builtin.include_role: From 62167959bdacb2b46827cb1f605309ac5101fc5e Mon Sep 17 00:00:00 2001 From: mbolla22 Date: Wed, 19 Nov 2025 14:19:47 +0530 Subject: [PATCH 23/23] Removed spaces in one file --- test/packaging/ansible/installation-pinned.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/packaging/ansible/installation-pinned.yml b/test/packaging/ansible/installation-pinned.yml index 3d314133c..1046a9ca4 100644 --- a/test/packaging/ansible/installation-pinned.yml +++ b/test/packaging/ansible/installation-pinned.yml @@ -17,7 +17,7 @@ vars: target_agent_version: "1.71.0" # minimum version for debian 13 & sles 15.7 target_agent_version_fips: "1.71.0" # minimum version for debian 13 & sles 15.7 - + block: - name: Install agent ansible.builtin.include_role: