Deploy the .NET Agent #110
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy the .NET Agent | |
on: | |
workflow_dispatch: | |
inputs: | |
get-version-automatically: | |
description: 'Automatically determine the Agent Version and Run ID' | |
type: boolean | |
required: true | |
default: true | |
agent_version: | |
description: 'OVERRIDE: Agent Version to deploy. Format: X.X.X - ignored unless "Automatically determine..." is unchecked' | |
required: false | |
run_id: | |
description: 'OVERRIDE: Run ID of the all_solutions.yml workflow that was triggered by creating a Release in GitHub. ID can be found in URL for run. Ignored unless "Automatically determine..." is unchecked' | |
required: false | |
deploy: | |
type: boolean | |
description: Deploy Build Artifacts. (If not selected, do everything except deploy.) | |
required: true | |
default: true | |
downloadsite: | |
type: boolean | |
description: Deploy MSI / ZIP / Tarball to the Download Site | |
required: true | |
default: true | |
nuget: | |
type: boolean | |
description: Deploy Nuget Packages | |
required: true | |
default: true | |
linux: | |
type: boolean | |
description: Deploy APT / YUM Packages | |
required: true | |
default: true | |
linux-deploy-to-production: | |
type: boolean | |
description: Deploy APT / YUM Packages to Production Repository. (If not selected, will deploy to a test respository.) | |
required: true | |
default: true | |
indexdownloadsite: | |
type: boolean | |
description: Re-Index the Download Site S3 container | |
required: true | |
default: true | |
permissions: | |
contents: read | |
packages: read | |
env: | |
DOTNET_NOLOGO: true | |
jobs: | |
get-release-info: | |
name: Get Release Version and Run ID | |
runs-on: ubuntu-latest | |
outputs: | |
release_version: ${{ steps.step2.outputs.release_version }} | |
workflow_run_id: ${{ steps.step2.outputs.workflow_run_id }} | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 | |
with: | |
disable-sudo: true | |
egress-policy: audit | |
- name: Checkout | |
if: ${{ inputs.get-version-automatically }} | |
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 | |
with: | |
fetch-depth: 0 | |
- name: Get Release Version and Run ID | |
if: ${{ inputs.get-version-automatically }} | |
id: step1 | |
run: | | |
# Get the commit sha for the most recent release | |
COMMIT_SHA=$(git rev-list -n 1 "$(gh release list --limit 1 | awk '{ print $1 }')") | |
if [[ -z "$COMMIT_SHA" ]]; then | |
echo "::error::Unable to find SHA of most recent release" | |
exit 1 | |
fi | |
echo "Found commit sha: $COMMIT_SHA" | |
# get info on the most recent release, writing output to a json file | |
gh release view --json name,isDraft,isPrerelease,publishedAt > release.json | |
# Get the version id of the most recent release (reported as "v99.99.99" so we strip off the "v") | |
RELEASE_VERSION=$(cat release.json | jq --raw-output ".name | .[1:]") | |
if [[ -z "$RELEASE_VERSION" ]]; then | |
echo "::error::Could not find the latest release." | |
exit 1 | |
fi | |
echo "Found release version: $RELEASE_VERSION" | |
if [ "$(cat release.json | jq --raw-output '.isDraft')" = "true" ]; then | |
echo "::error::$RELEASE_VERSION is marked as 'Draft'. Use manual overrides to continue." | |
exit 1 | |
fi | |
if [ "$(cat release.json | jq --raw-output '.isPrerelease')" = "true" ]; then | |
echo "::error::$RELEASE_VERSION is marked as 'Pre-Release'. Use manual overrides to continue." | |
exit 1 | |
fi | |
# check release date - should be within the last 7 days (to ensure we don't grab an old release) | |
PUBLISHED_AT=$(cat release.json | jq --raw-output '.publishedAt') | |
if [[ -z "$PUBLISHED_AT" ]]; then | |
echo "::error::Release publish date is empty. Use manual overrides to continue." | |
exit 1 | |
fi | |
LAST_WEEK=$(date --date "-7days" -u +"%s") | |
PUBLISH_DATE=$(date --date "$PUBLISHED_AT" -u +"%s") | |
if [ $LAST_WEEK -ge $PUBLISH_DATE ]; then | |
echo "::error::$RELEASE_VERSION was published more than a week ago. Use manual overrides to continue." | |
exit 1 | |
fi | |
echo "release_version=$RELEASE_VERSION" >> "$GITHUB_OUTPUT" | |
# get the run id of the most recent successful run of the all_solutions workflow triggered by a release event, against the given commit sha | |
WORKFLOW_RUN_ID=$(gh run list --commit $COMMIT_SHA --workflow all_solutions.yml --event release --status success --limit 1 --json databaseId,status --jq ".[0] | .databaseId") | |
if [[ -z "$WORKFLOW_RUN_ID" ]]; then | |
echo "::error::Could not find a successful all_solutions workflow run for the Release event against commit SHA $COMMIT_SHA. Use manual overrides to continue." | |
exit 1 | |
fi | |
echo "Found workflow run id: $WORKFLOW_RUN_ID" | |
echo "workflow_run_id=$WORKFLOW_RUN_ID" >> "$GITHUB_OUTPUT" | |
- name: Set Output Release Version and Build Run ID | |
id: step2 | |
run: | | |
if [ "${{ inputs.get-version-automatically}}" = "true" ]; then | |
echo "release_version=${{steps.step1.outputs.release_version}}" >> "$GITHUB_OUTPUT" | |
echo "workflow_run_id=${{steps.step1.outputs.workflow_run_id}}" >> "$GITHUB_OUTPUT" | |
else | |
if [[ -z "${{inputs.agent_version}}" ]]; then | |
echo "::error::Agent Version not specified." | |
exit 1 | |
fi | |
if [[ -z "${{inputs.run_id}}" ]]; then | |
echo "::error::Run ID not specified." | |
exit 1 | |
fi | |
echo "release_version=${{inputs.agent_version}}" >> "$GITHUB_OUTPUT" | |
echo "workflow_run_id=${{inputs.run_id}}" >> "$GITHUB_OUTPUT" | |
fi | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
get-external-artifacts: | |
name: Get and Publish Deploy Artifacts Locally | |
needs: get-release-info | |
runs-on: ubuntu-latest | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 | |
with: | |
disable-sudo: true | |
egress-policy: audit | |
- name: Download Deploy Artifacts | |
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
run-id: ${{ needs.get-release-info.outputs.workflow_run_id }} | |
name: deploy-artifacts | |
path: ${{ github.workspace }} | |
repository: ${{ github.repository }} | |
- name: Upload Deploy Artifacts Locally | |
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
with: | |
name: deploy-artifacts | |
path: ${{ github.workspace }} | |
if-no-files-found: error | |
deploy-downloadsite: | |
needs: [get-release-info, get-external-artifacts] | |
if: ${{ inputs.downloadsite }} | |
name: Deploy MSI to Download Site | |
runs-on: windows-2019 | |
steps: | |
- name: Download Deploy Artifacts | |
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 | |
with: | |
name: deploy-artifacts | |
path: ${{ github.workspace }}\staging_dir | |
- name: Move Artifacts to working_dir | |
run: | | |
Copy-Item -Path .\staging_dir\DownloadSite -Destination .\working_dir -Recurse | |
shell: powershell | |
- name: Create Version-less Installers | |
run: | | |
Copy-Item .\working_dir\NewRelicDotNetAgent_*_x64.msi .\working_dir\NewRelicDotNetAgent_x64.msi -Force -Recurse | |
Copy-Item .\working_dir\NewRelicDotNetAgent_*_x86.msi .\working_dir\NewRelicDotNetAgent_x86.msi -Force -Recurse | |
shell: powershell | |
- name: Deploy latest_release to Download Site | |
run: | | |
$Env:AWS_ACCESS_KEY_ID="${{ secrets.AWS_ACCESS_KEY_ID }}" | |
$Env:AWS_SECRET_ACCESS_KEY="${{ secrets.AWS_SECRET_ACCESS_KEY }}" | |
$Env:AWS_DEFAULT_REGION="us-west-2" | |
New-Item -ItemType directory -Path .\latest_release -Force | |
Copy-Item .\working_dir\* .\latest_release\ -Force -Recurse | |
cd .\latest_release | |
if ("${{ inputs.deploy }}" -eq "true") { | |
aws s3 sync . ${{ secrets.BUCKET_NAME }}/dot_net_agent/latest_release/ --include "*" --exclude ".DS_Store" --delete | |
} | |
else { | |
Write-Host "Input:deploy was not true. The following deploy command was not run:" | |
Write-Host "aws s3 sync . ${{ secrets.BUCKET_NAME }}/dot_net_agent/latest_release/ --include `"*`" --exclude `".DS_Store`" --delete" | |
} | |
shell: pwsh | |
- name: Deploy previous_release to Download Site | |
run: | | |
$Env:AWS_ACCESS_KEY_ID="${{ secrets.AWS_ACCESS_KEY_ID }}" | |
$Env:AWS_SECRET_ACCESS_KEY="${{ secrets.AWS_SECRET_ACCESS_KEY }}" | |
$Env:AWS_DEFAULT_REGION="us-west-2" | |
New-Item -ItemType directory -Path .\previous_releases\${{ needs.get-release-info.outputs.release_version }} -Force | |
Copy-Item .\working_dir\* ".\previous_releases\${{ needs.get-release-info.outputs.release_version }}\" -Force -Recurse | |
cd .\previous_releases\${{ needs.get-release-info.outputs.release_version }} | |
if ("${{ inputs.deploy }}" -eq "true") { | |
aws s3 sync . ${{ secrets.BUCKET_NAME }}/dot_net_agent/previous_releases/${{ needs.get-release-info.outputs.release_version }}/ --include "*" --exclude ".DS_Store" --delete | |
} | |
else { | |
Write-Host "Input:deploy was not true. The following deploy command was not run:" | |
Write-Host "aws s3 sync . ${{ secrets.BUCKET_NAME }}/dot_net_agent/previous_releases/${{ needs.get-release-info.outputs.release_version }}/ --include `"*`" --exclude `".DS_Store`" --delete" | |
} | |
shell: pwsh | |
index-download-site: | |
needs: deploy-downloadsite | |
name: Rebuild indexes on the download site | |
if: ${{ inputs.indexdownloadsite }} | |
uses: ./.github/workflows/build_download_site_index_files.yml | |
strategy: | |
matrix: | |
prefix: ["dot_net_agent/latest_release", "dot_net_agent/previous_releases"] | |
with: | |
prefix: ${{ matrix.prefix }} | |
aws-region: "us-east-1" | |
dry-run: false | |
secrets: inherit | |
deploy-nuget: | |
needs: get-external-artifacts | |
if: ${{ inputs.nuget }} | |
name: Deploy Agent to NuGet | |
runs-on: windows-2019 | |
env: | |
nuget_source: https://www.nuget.org | |
steps: | |
- name: Download Deploy Artifacts | |
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 | |
with: | |
name: deploy-artifacts | |
path: ${{ github.workspace }}\working_dir | |
- name: Setup NuGet API Key | |
run: | | |
nuget.exe setApiKey ${{ secrets.NUGET_APIKEY }} -Source ${{ env.nuget_source }} | |
shell: pwsh | |
- name: Deploy Agent to Nuget | |
run: | | |
$packageName = Get-ChildItem ${{ github.workspace }}\working_dir\NugetAgent\NewRelic.Agent.*.nupkg -Name | |
$packagePath = Convert-Path ${{ github.workspace }}\working_dir\NugetAgent\$packageName | |
$version = $packageName.TrimStart('NewRelic.Agent').TrimStart('.').TrimEnd('.nupkg') | |
if ("${{ inputs.deploy }}" -eq "true") { | |
nuget.exe push $packagePath -Source ${{ env.nuget_source }} | |
} | |
else { | |
Write-Host "Input:deploy was not true. The following deploy command was not run:" | |
Write-Host "nuget.exe push $packagePath -Source ${{ env.nuget_source }}" | |
} | |
shell: powershell | |
- name: Deploy Agent API to Nuget | |
run: | | |
$packageName = Get-ChildItem ${{ github.workspace }}\working_dir\NugetAgentApi\NewRelic.Agent.Api.*.nupkg -Name | |
$packagePath = Convert-Path ${{ github.workspace }}\working_dir\NugetAgentApi\$packageName | |
$version = $packageName.TrimStart('NewRelic.Agent.Api').TrimStart('.').TrimEnd('.nupkg') | |
if ("${{ inputs.deploy }}" -eq "true") { | |
nuget.exe push $packagePath -Source ${{ env.nuget_source }} | |
} | |
else { | |
Write-Host "Input:deploy was not true. The following deploy command was not run:" | |
Write-Host "nuget.exe push $packagePath -Source ${{ env.nuget_source }}" | |
} | |
shell: powershell | |
- name: Deploy Azure Cloud Services to Nuget | |
run: | | |
$packageName = Get-ChildItem ${{ github.workspace }}\working_dir\NugetAzureCloudServices\NewRelicWindowsAzure.*.nupkg -Name | |
$packagePath = Convert-Path ${{ github.workspace }}\working_dir\NugetAzureCloudServices\$packageName | |
$version = $packageName.TrimStart('NewRelicWindowsAzure').TrimStart('.').TrimEnd('.nupkg') | |
if ("${{ inputs.deploy }}" -eq "true") { | |
nuget.exe push $packagePath -Source ${{ env.nuget_source }} | |
} | |
else { | |
Write-Host "Input:deploy was not true. The following deploy command was not run:" | |
Write-Host "nuget.exe push $packagePath -Source ${{ env.nuget_source }}" | |
} | |
shell: powershell | |
- name: Deploy Azure WebSites-x64 to Nuget | |
run: | | |
$packageName = Get-ChildItem ${{ github.workspace }}\working_dir\NugetAzureWebSites-x64\NewRelic.Azure.WebSites.*.nupkg -Name | |
$packagePath = Convert-Path ${{ github.workspace }}\working_dir\NugetAzureWebSites-x64\$packageName | |
$version = $packageName.TrimStart('NewRelic.Azure.WebSites.x').TrimStart('.').TrimEnd('.nupkg') | |
if ("${{ inputs.deploy }}" -eq "true") { | |
nuget.exe push $packagePath -Source ${{ env.nuget_source }} | |
} | |
else { | |
Write-Host "Input:deploy was not true. The following deploy command was not run:" | |
Write-Host "nuget.exe push $packagePath -Source ${{ env.nuget_source }}" | |
} | |
shell: powershell | |
- name: Deploy Azure WebSites-x86 to Nuget | |
run: | | |
$packageName = Get-ChildItem ${{ github.workspace }}\working_dir\NugetAzureWebSites-x86\NewRelic.Azure.WebSites.*.nupkg -Name | |
$packagePath = Convert-Path ${{ github.workspace }}\working_dir\NugetAzureWebSites-x86\$packageName | |
$version = $packageName.TrimStart('NewRelic.Azure.WebSites.x').TrimStart('.').TrimEnd('.nupkg') | |
if ("${{ inputs.deploy }}" -eq "true") { | |
nuget.exe push $packagePath -Source ${{ env.nuget_source }} | |
} | |
else { | |
Write-Host "Input:deploy was not true. The following deploy command was not run:" | |
Write-Host "nuget.exe push $packagePath -Source ${{ env.nuget_source }}" | |
} | |
shell: powershell | |
deploy-linux: | |
needs: [get-release-info, get-external-artifacts] | |
if: ${{ inputs.linux }} | |
name: Deploy Linux to APT and YUM | |
runs-on: ubuntu-latest | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1 | |
with: | |
egress-policy: audit | |
- name: Install dos2unix | |
run: | | |
sudo apt-get update -y | |
sudo apt-get install -y dos2unix | |
shell: bash | |
- name: Checkout | |
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 | |
with: | |
fetch-depth: 0 | |
- name: Download Deploy Artifacts | |
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 | |
with: | |
name: deploy-artifacts | |
path: ${{ github.workspace }}/ | |
- name: Get GPG Key | |
id: write_gpgkey | |
run: | | |
filePath="/tmp/gpg.tar.bz2" | |
echo "${{ secrets.GPG_KEY }}" | base64 -d > $filePath | |
echo "filePath=$filePath" >> $GITHUB_OUTPUT | |
shell: bash | |
- name: Move Artifacts and GPG Key to Staging Location | |
run: | | |
cp LinuxRpm/*.rpm ${{ github.workspace }}/deploy/linux/packages | |
cp LinuxDeb/*.deb ${{ github.workspace }}/deploy/linux/packages | |
cp -f ${{ steps.write_gpgkey.outputs.filePath }} ${{ github.workspace }}/deploy/linux/deploy_scripts/gpg.tar.bz2 | |
shell: bash | |
- name: Prepare docker.env | |
run: | | |
# Confirm that the version is in the proper format. | |
IFS='.' read -ra agent_version_array <<< "${{ needs.get-release-info.outputs.release_version }}" | |
agent_version_count=${#agent_version_array[@]} | |
if [ $agent_version_count -ne 3 ] ; then | |
echo "::error Supplied agent version from Workflow (${{ needs.get-release-info.outputs.release_version }}) is malformed. It needs to be like '10.0.0'." | |
exit 1 | |
else | |
AGENT_VERSION=${{ needs.get-release-info.outputs.release_version }} | |
fi | |
# Build the docker.env | |
cd ${{ github.workspace }}/deploy/linux/ | |
touch docker.env | |
echo "AGENT_VERSION=$AGENT_VERSION" >> docker.env | |
echo "ACTION=release" >> docker.env | |
if [ "${{ inputs.linux-deploy-to-production }}" == "true" ] ; then | |
# We're actually deploying to production (apt.newrelic.com and yum.newrelic.com) | |
echo "S3_BUCKET=${{ secrets.PROD_MAIN_S3 }}" >> docker.env | |
echo "AWS_ACCESS_KEY_ID=${{ secrets.LINUX_AWS_ACCESS_KEY_ID }}" >> docker.env | |
echo "AWS_SECRET_ACCESS_KEY=${{ secrets.LINUX_AWS_SECRET_ACCESS_KEY }}" >> docker.env | |
else | |
# Deploy to the test bucket that mirrors apt/yum.newrelic.com | |
echo "S3_BUCKET=${{ secrets.TEST_S3_BUCKET }}" >> docker.env | |
echo "AWS_ACCESS_KEY_ID=${{ secrets.TEST_BUCKET_AWS_ACCESS_KEY_ID }}" >> docker.env | |
echo "AWS_SECRET_ACCESS_KEY=${{ secrets.TEST_BUCKET_AWS_SECRET_ACCESS_KEY }}" >> docker.env | |
fi | |
echo "GPG_KEYS=/data/deploy_scripts/gpg.tar.bz2" >> docker.env | |
shell: bash | |
- name: Build and Run Container | |
run: | | |
cd ${{ github.workspace }}/deploy/linux/ | |
find . -name "*.bash" |xargs chmod a+x | |
find . -type f |xargs dos2unix | |
docker-compose build | |
if [ "${{ inputs.deploy }}" == "true" ] ; then | |
docker-compose run deploy_packages | |
else | |
echo "Input:deploy was not true. The following deploy command was not run:" | |
echo "docker-compose run deploy_packages" | |
fi | |
shell: bash | |
- name: Clear Fastly cache | |
if: ${{ inputs.deploy && success() }} | |
run: | | |
curl -i -X POST -H 'Fastly-Key:${{ secrets.FASTLY_TOKEN }}' ${{ secrets.FASTLY_URL }} | |
shell: bash | |
publish-release-notes: | |
needs: [get-release-info, deploy-linux, deploy-nuget, index-download-site] | |
if: ${{ inputs.deploy && inputs.downloadsite && inputs.nuget && inputs.linux && inputs.linux-deploy-to-production }} | |
name: Create and Publish Release Notes | |
uses: newrelic/newrelic-dotnet-agent/.github/workflows/publish_release_notes.yml@main | |
with: | |
agent_version: ${{ needs.get-release-info.outputs.release_version }} | |
run_id: ${{ needs.get-release-info.outputs.workflow_run_id }} | |
secrets: inherit | |
post-deploy: | |
permissions: | |
issues: write | |
contents: read | |
packages: read | |
needs: [get-release-info, deploy-linux, deploy-nuget, index-download-site] | |
if: ${{ inputs.deploy && inputs.downloadsite && inputs.nuget && inputs.linux && inputs.linux-deploy-to-production }} | |
name: Run Post Deploy Workflow | |
uses: newrelic/newrelic-dotnet-agent/.github/workflows/post_deploy_agent.yml@main | |
with: | |
agent_version: ${{ needs.get-release-info.outputs.release_version }} | |
wait_for_apt_and_yum: true | |
secrets: inherit | |