nginx · dhurley · May 29, 2024 · Apr 17, 2024 · May 2, 2024 · May 3, 2024
@@ -0,0 +1,134 @@
+name: Build Agent V3 packages
+
+on:
+  workflow_call:
+    inputs:
+      version:
+        description: "Package version in the format x.x.x"
+        type: string
+        required: true
+      build:
+        description: "Package build"
+        type: string
+        required: true
+      force_build:
+        description: "Force building packages, ignore cache"
+        type: boolean
+        default: false
+      branch:
+        description: "branch to build package from, in the form refs/head/<branch>"
+        type: string
+        default: ${{ github.ref_name }}
+    secrets:
+      gpg-key:
+        description: 'The GPG Key to sign packages'
+        required: true
+    outputs:
+      package_cache_key:
+        description: "Github cache key for the packages built"
+        value: "agent-v3-packages-${{ jobs.vars.outputs.package_build_md5 }}"
+
+defaults:
+  run:
+    shell: bash
+
+concurrency:
+  group: ${{ github.ref_name }}-build
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+jobs:
+  vars:
+    name: Setup variables
+    runs-on: ubuntu-22.04
+    outputs:
+      go_code_md5: ${{ steps.vars.outputs.go_code_md5 }}
+      package_rebuild: ${{ inputs.force_build || steps.package-cache.outputs.cache-hit != 'true' }}
+      packaging_md5: ${{ steps.vars.outputs.packaging_md5 }}
+      actions_md5: ${{ steps.vars.outputs.actions_md5 }}
+      package_build_md5: ${{ steps.vars.outputs.package_build_md5 }}
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+        with:
+          ref: ${{ inputs.branch }}
+
+      - name: Output Variables
+        id: vars
+        run: |
+          go_code_md5=$(find . -type f \( -name "*.go" -o -name go.mod -o -name go.sum -o -name -o -name "*.proto" -o -name "*.pgo" -o -name "buf.yaml" -o -name "data-plane-api.yaml" \) -not -path "./site*" -exec md5sum {} + | LC_ALL=C sort  | md5sum | awk '{ print $1 }')
+          echo "go_code_md5=$go_code_md5" >> $GITHUB_OUTPUT
+          packaging_md5=$(find scripts/packages nginx-agent.conf Makefile.packaging .nfpm.yaml -type f -exec md5sum {} + | LC_ALL=C sort  | md5sum | awk '{ print $1 }')
+          echo "packaging_md5=$packaging_md5" >> $GITHUB_OUTPUT
+          actions_md5=$(find .github -type f -exec md5sum {} + | LC_ALL=C sort  | md5sum | awk '{ print $1 }')
+          echo "actions_md5=$actions_md5" >> $GITHUB_OUTPUT
+          package_build_md5=$(echo "$go_code_md5 $packaging_md5 ${{ inputs.version }}-${{ inputs.build }}" | md5sum | awk '{ print $1 }')
+          echo "package_build_md5=$package_build_md5" >> $GITHUB_OUTPUT
+          cat $GITHUB_OUTPUT
+
+      - name: Fetch Cached Package Artifacts
+        id: package-cache
+        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        with:
+          path: build
+          key: agent-v3-packages-${{ steps.vars.outputs.package_build_md5 }}
+        if: ${{ ! inputs.force_build }}
+
+      - name: Display contents of release tarball
+        run: tar -tzf build/packages/nginx-agentv3.tar.gz
+        if: ${{ steps.package-cache.outputs.cache-hit == 'true' }}
+
+  build-packages:
+    if: ${{ needs.vars.outputs.package_rebuild == 'true' }}
+    name: Build packages
+    runs-on: ubuntu-22.04
+    needs: [vars]
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+        with:
+          ref: ${{ inputs.branch }}
+
+      - name: Setup package build environment
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y gpgv1 monkeysphere 
+          make install-tools
+          export PATH=$PATH:~/go/bin
+          nfpm --version
+
+      - name: Docker Buildx
+        uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
+
+      - name: Build Docker Image
+        uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
+        with:
+          file: scripts/packages/packager/Dockerfile
+          tags: build-signed-packager:1.0.0
+          context: '.'
+          push: false
+          load: true
+          cache-from: type=gha,scope=build-signed-packager
+          cache-to: type=gha,scope=build-signed-packager,mode=max
+          build-args: |
+            package_type=signed-package
+
+      - name: Build Packages
+        env:
+          GPG_KEY: ${{ secrets.gpg-key }}
+          NFPM_SIGNING_KEY_FILE: .key.asc
+          VERSION: ${{ inputs.version }}
+          PACKAGE_BUILD: ${{ inputs.build }}
+        run: |
+          export PATH=$PATH:~/go/bin
+          echo "$GPG_KEY" | base64 --decode > ${NFPM_SIGNING_KEY_FILE}
+          make package
+
+      - name: Store Artifacts in Cache
+        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        with:
+          path: build
+          key: agent-v3-packages-${{ needs.vars.outputs.package_build_md5 }}