ci(nr): emit CI test-run results to New Relic (Wave 5)#266
Merged
Conversation
Wave 5 of the CI integration plan (docs/ci/01-CI-INTEGRATION-DESIGN.md
§NR observability): push CI test/gate/deploy results to New Relic so ANY
red run is studyable from an NR dashboard, not just the GitHub Actions log.
Adds a reusable composite action .github/actions/nr-ci-event that POSTs an
InstantCITestRun custom event on every gated job (always) plus an
InstantCITestFailure event on failure, via the NR Event API
(insights-collector .../v1/accounts/<acct>/events) authenticated with the
ingest license key. Wired into build-and-test (ci.yml), coverage (coverage.yml),
and the deploy gate (deploy.yml) as an `if: always()` step.
No-op contract: when NEW_RELIC_LICENSE_KEY or NEW_RELIC_ACCOUNT_ID is absent
(fork PRs, unprovisioned repo) the action prints the payload it WOULD send and
exits 0 — observability never reds a PR. Free-form values flow through env, not
shell interpolation (injection-safe). Additive only; gates unchanged.
Schema InstantCITestRun{repo,workflow,branch,commit_sha,pr_number,result,
duration_ms,suite,...}; InstantCITestFailure{...,failed_step,log_url}. NR
dashboard + alerts land in the infra repo (instanode-ci-health).
Operator action: provision NEW_RELIC_LICENSE_KEY + NEW_RELIC_ACCOUNT_ID as
GitHub Actions secrets on the api repo (license key = same k8s instant-secrets
value; account id per infra/newrelic/README.md).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…ses them as inputs The nr-ci-event composite action referenced github.*/secrets.*/job.status in its own env: block; GitHub rejects those contexts inside a composite action (TemplateValidationException 'Unrecognized named-value'). Move all resolution to the caller's with: block (which CAN read those contexts) and have the action read only inputs.*. Adds event-name + actor inputs. Callers now pass repo/workflow/ branch/commit-sha/log-url/event-name/actor from the github context. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
GitHub evaluates ${{ }} even inside input description: strings; the example
'${{ secrets... }}' text triggered Unrecognized-named-value. Plain text now;
only runs: keeps inputs.* expressions.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…eckout)
coverage.yml and deploy.yml check the api repo out into ./api (path: api), so a
local-action 'uses: ./.github/actions/nr-ci-event' resolves to the workspace
root (empty) and 404s ('Can't find action.yml'). Reference the action at its
real nested path ./api/.github/actions/nr-ci-event in those two workflows.
ci.yml checks out at the root, so it keeps ./.github/actions/nr-ci-event.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Wave 5 of the CI integration plan (
docs/ci/01-CI-INTEGRATION-DESIGN.md§NR observability): push CI test/gate/deploy results to New Relic so ANY red run is studyable from an NR dashboard, not just the GitHub Actions log.What
.github/actions/nr-ci-event— reusable composite action. POSTsInstantCITestRun{repo,workflow,branch,commit_sha,pr_number,result,duration_ms,suite,...}on every gated job (always) +InstantCITestFailure{...,failed_step,log_url}on failure, via the NR Event API (insights-collector.../v1/accounts/<acct>/events) authed with the ingest license key.if: always()steps into ci.yml (build-and-test), coverage.yml (coverage gate), deploy.yml (deploy gate).No-op contract
When
NEW_RELIC_LICENSE_KEYorNEW_RELIC_ACCOUNT_IDis absent (fork PRs, unprovisioned repo) the action prints the payload it WOULD send and exits 0 — observability never reds a PR. Free-form values flow throughenv, not shell interpolation (injection-safe). Additive only; gates unchanged.Verify
Operator action
Provision
NEW_RELIC_LICENSE_KEY(same k8s instant-secrets value) +NEW_RELIC_ACCOUNT_IDas GitHub Actions secrets on the api repo.Companion PRs (Wave 5)
🤖 Generated with Claude Code