diff --git a/.github/workflows/component_linux_packaging.yml b/.github/workflows/component_linux_packaging.yml index dd32f3069..652a44aa7 100644 --- a/.github/workflows/component_linux_packaging.yml +++ b/.github/workflows/component_linux_packaging.yml @@ -22,6 +22,10 @@ on: ARCH: required: true type: string + FIPS: + required: false + type: boolean + default: false env: GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} @@ -32,6 +36,7 @@ env: DOCKER_HUB_ID: ${{ secrets.DOCKER_HUB_ID }} DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }} ARCH: ${{ inputs.ARCH }} + FIPS: ${{ inputs.FIPS == true && '-fips' || '' }} jobs: packaging: @@ -49,6 +54,8 @@ jobs: - name: Preparing linux packages run: make ci/prerelease/linux-${{ env.ARCH }} + env: + FIPS: ${{ env.FIPS }} - name: Generate checksum files uses: ./.github/actions/generate-checksums diff --git a/.github/workflows/component_linux_publish.yml b/.github/workflows/component_linux_publish.yml index 5489f25ea..84456d1c2 100644 --- a/.github/workflows/component_linux_publish.yml +++ b/.github/workflows/component_linux_publish.yml @@ -76,6 +76,9 @@ jobs: - "targz" - "deb" - "rpm" + suffix: + - "" + - "-fips" steps: - name: Login to DockerHub @@ -89,10 +92,10 @@ jobs: uses: newrelic/infrastructure-publish-action@v1.3.4 with: tag: ${{env.TAG}} - app_name: "newrelic-infra" + app_name: "newrelic-infra${{ matrix.suffix }}" repo_name: "newrelic/infrastructure-agent" schema: "custom" - schema_url: "https://raw.githubusercontent.com/newrelic/infrastructure-agent/${{ env.SCHEMA_BRANCH }}/build/upload-schema-linux-${{ matrix.assetsType }}.yml" + schema_url: "https://raw.githubusercontent.com/newrelic/infrastructure-agent/${{ env.SCHEMA_BRANCH }}/build/upload-schema-linux-${{ matrix.assetsType }}${{ matrix.suffix }}.yml" aws_access_key_id: ${{ env.AWS_ACCESS_KEY_ID }} aws_secret_access_key: ${{ env.AWS_SECRET_ACCESS_KEY }} aws_s3_bucket_name: ${{ env.AWS_S3_BUCKET_NAME }} diff --git a/.github/workflows/prerelease_linux.yml b/.github/workflows/prerelease_linux.yml index e69a9b34a..d7ce2192d 100644 --- a/.github/workflows/prerelease_linux.yml +++ b/.github/workflows/prerelease_linux.yml @@ -31,6 +31,21 @@ jobs: with: TAG: ${{ github.event.release.tag_name }} ARCH: 'amd64' + + packaging-amd64-fips: + needs: [unit-test, proxy-tests] + uses: ./.github/workflows/component_linux_packaging.yml + secrets: + DOCKER_HUB_ID: ${{secrets.OHAI_DOCKER_HUB_ID}} + DOCKER_HUB_PASSWORD: ${{secrets.OHAI_DOCKER_HUB_PASSWORD}} + GPG_MAIL: 'infrastructure-eng@newrelic.com' + GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} + GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + TAG: ${{ github.event.release.tag_name }} + ARCH: 'amd64' + FIPS: true packaging-arm: needs: [unit-test, proxy-tests] @@ -60,6 +75,21 @@ jobs: TAG: ${{ github.event.release.tag_name }} ARCH: 'arm64' + packaging-arm64-fips: + needs: [unit-test, proxy-tests] + uses: ./.github/workflows/component_linux_packaging.yml + secrets: + DOCKER_HUB_ID: ${{secrets.OHAI_DOCKER_HUB_ID}} + DOCKER_HUB_PASSWORD: ${{secrets.OHAI_DOCKER_HUB_PASSWORD}} + GPG_MAIL: 'infrastructure-eng@newrelic.com' + GPG_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }} + GPG_PRIVATE_KEY_BASE64: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }} # base64 encoded + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + TAG: ${{ github.event.release.tag_name }} + ARCH: 'arm64' + FIPS: true + packaging-legacy: needs: [unit-test, proxy-tests] uses: ./.github/workflows/component_linux_packaging.yml @@ -98,7 +128,7 @@ jobs: # point to staging after tests name: Publish linux artifacts into s3 staging bucket uses: ./.github/workflows/component_linux_publish.yml - needs: [packaging-amd64, packaging-arm, packaging-arm64, packaging-legacy] + needs: [packaging-amd64, packaging-amd64-fips, packaging-arm, packaging-arm64, packaging-arm64-fips, packaging-legacy] secrets: DOCKER_HUB_ID: ${{secrets.OHAI_DOCKER_HUB_ID}} DOCKER_HUB_PASSWORD: ${{secrets.OHAI_DOCKER_HUB_PASSWORD}} diff --git a/build/release.mk b/build/release.mk index 0655ede44..c0fed2057 100644 --- a/build/release.mk +++ b/build/release.mk @@ -71,12 +71,10 @@ release/pkg-linux: release/get-fluentbit-linux-arm64 .PHONY : release/pkg-linux-fips release/pkg-linux-fips: release/deps release/clean generate-goreleaser-multiarch-fips -release/pkg-linux-fips: release/get-integrations-amd64 #NO FIPS ASSETS AVAILABLE FOR NOW -release/pkg-linux-fips: release/get-integrations-arm64 #NO FIPS ASSETS AVAILABLE FOR NOW -# release/pkg-linux-fips: release/get-integrations-arm #NO FIPS ASSETS AVAILABLE FOR NOW -release/pkg-linux-fips: release/get-fluentbit-linux-amd64 #NO FIPS ASSETS AVAILABLE FOR NOW -# #release/pkg-linux: release/get-fluentbit-linux-arm -release/pkg-linux-fips: release/get-fluentbit-linux-arm64 #NO FIPS ASSETS AVAILABLE FOR NOW +release/pkg-linux-fips: release/get-integrations-amd64 +release/pkg-linux-fips: release/get-integrations-arm64 +release/pkg-linux-fips: release/get-fluentbit-linux-amd64 +release/pkg-linux-fips: release/get-fluentbit-linux-arm64 @echo "=== [release/pkg-linux-fips] PRE-RELEASE compiling all binaries, creating packages, archives" $(GORELEASER_BIN) release --config $(GORELEASER_CONFIG_LINUX) $(PKG_FLAGS) @@ -178,7 +176,7 @@ release-macos: release/pkg-macos release/fix-tarballs-macos .PHONY : generate-goreleaser-amd64 generate-goreleaser-amd64: cat $(CURDIR)/build/goreleaser/linux/header.yml\ - $(CURDIR)/build/goreleaser/linux/build_amd64.yml\ + $(CURDIR)/build/goreleaser/linux/build_amd64$(subst -,_,$(FIPS)).yml\ $(CURDIR)/build/goreleaser/linux/archives_header.yml\ $(CURDIR)/build/goreleaser/linux/archives_amd64.yml\ $(CURDIR)/build/goreleaser/linux/nfpms_header.yml\ @@ -232,7 +230,7 @@ generate-goreleaser-amd64: .PHONY : generate-goreleaser-arm64 generate-goreleaser-arm64: cat $(CURDIR)/build/goreleaser/linux/header.yml\ - $(CURDIR)/build/goreleaser/linux/build_arm64.yml\ + $(CURDIR)/build/goreleaser/linux/build_arm64$(subst -,_,$(FIPS)).yml\ $(CURDIR)/build/goreleaser/linux/archives_header.yml\ $(CURDIR)/build/goreleaser/linux/archives_arm64.yml\ $(CURDIR)/build/goreleaser/linux/nfpms_header.yml\