ci: add gh action workflow definition for F5 CLA automation #1726

Workflow file for this run

	name: CI

	on:
	push:
	branches:
	- main
	tags:
	- "v[0-9]+.[0-9]+.[0-9]+"
	pull_request:
	branches:
	- main

	env:
	DOCKER_PLATFORMS: "linux/arm,linux/arm64,linux/amd64,linux/ppc64le,linux/s390x,linux/mips64le,linux/386"

	concurrency:
	group: ${{ github.ref_name }}-ci
	cancel-in-progress: true

	permissions:
	contents: read

	jobs:
	unit-tests:
	name: Unit Tests
	runs-on: ubuntu-22.04
	steps:
	- name: Checkout Repository
	uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

	- name: Setup Golang Environment
	uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
	with:
	go-version: stable

	- name: Run Tests
	run: make test

	- name: Upload coverage reports to Codecov
	uses: codecov/codecov-action@54bcd8715eee62d40e33596ef5e8f0f48dbbccab # v4.1.0
	with:
	token: ${{ secrets.CODECOV_TOKEN }}

	build-docker:
	name: Build Docker Image
	runs-on: ubuntu-22.04
	permissions:
	contents: write # for lucacome/draft-release to create/update release draft
	security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
	id-token: write # for OIDC login to AWS ECR and goreleaser/goreleaser-action to sign artifacts
	packages: write # for docker/build-push-action to push to GHCR
	issues: write # for goreleaser/goreleaser-action to close milestones
	needs: unit-tests
	steps:
	- name: Checkout Repository
	uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
	with:
	fetch-depth: 0

	- name: Setup Golang Environment
	uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
	with:
	go-version: stable

	- name: Determine GOPATH
	id: go
	run: \|
	echo "go_path=$(go env GOPATH)" >> $GITHUB_OUTPUT

	- name: Setup QEMU
	uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
	with:
	platforms: arm,arm64,ppc64le,s390x,mips64le,386
	if: github.event_name != 'pull_request'

	- name: Docker Buildx
	uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
	with:
	version: latest

	- name: DockerHub Login
	uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
	with:
	username: ${{ secrets.DOCKER_USERNAME }}
	password: ${{ secrets.DOCKER_PASSWORD }}
	if: github.event_name != 'pull_request'

	- name: Login to GitHub Container Registry
	uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
	with:
	registry: ghcr.io
	username: ${{ github.repository_owner }}
	password: ${{ secrets.GITHUB_TOKEN }}
	if: github.event_name != 'pull_request'

	- name: Configure AWS Credentials
	uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
	with:
	aws-region: us-east-1
	role-to-assume: ${{ secrets.AWS_ROLE_PUBLIC_ECR }}
	if: github.event_name != 'pull_request'

	- name: Login to Public ECR
	uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
	with:
	registry: public.ecr.aws
	if: github.event_name != 'pull_request'

	- name: Login to Quay.io
	uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
	with:
	registry: quay.io
	username: ${{ secrets.QUAY_USERNAME }}
	password: ${{ secrets.QUAY_ROBOT_TOKEN }}
	if: github.event_name != 'pull_request'

	- name: Docker meta
	id: meta
	uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
	with:
	images: \|
	nginx/nginx-prometheus-exporter
	ghcr.io/nginxinc/nginx-prometheus-exporter
	public.ecr.aws/nginx/nginx-prometheus-exporter
	quay.io/nginx/nginx-prometheus-exporter
	tags: \|
	type=edge
	type=ref,event=pr
	type=schedule
	type=semver,pattern={{version}}
	type=semver,pattern={{major}}.{{minor}}
	labels: \|
	org.opencontainers.image.vendor=NGINX Inc <integrations@nginx.com>
	env:
	DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index

	- name: Create/Update Draft
	uses: lucacome/draft-release@a98777f0bae0a6815cc1df77ebe48ca70e7cb970 # v1.0.3
	with:
	minor-label: "enhancement"
	major-label: "change"
	publish: ${{ github.ref_type == 'tag' }}
	collapse-after: 30
	notes-footer: \|
	## Upgrade

	- Use the {{version}} image from our [DockerHub](https://hub.docker.com/r/nginx/nginx-prometheus-exporter/tags?page=1&ordering=last_updated&name={{version-number}}), [GitHub Container](https://github.com/nginxinc/nginx-prometheus-exporter/pkgs/container/nginx-prometheus-exporter), [Amazon ECR Public Gallery](https://gallery.ecr.aws/nginx/nginx-prometheus-exporter) or [Quay.io](https://quay.io/repository/nginx/nginx-prometheus-exporter/tag/{{version-number}}?tab=tags).
	- Download the latest binaries from the [GitHub releases page](https://github.com/nginxinc/nginx-prometheus-exporter/releases/tag/{{version}}).
	- Update to the latest version with `brew upgrade nginx-prometheus-exporter`, `snap refresh nginx-prometheus-exporter` or `scoop update nginx-prometheus-exporter`.

	## Compatibility

	- NGINX 0.1.18 or newer.
	- NGINX Plus R19 or newer.
	if: github.event_name != 'pull_request'

	- name: Download Syft
	uses: anchore/sbom-action/download-syft@b6a39da80722a2cb0ef5d197531764a89b5d48c3 # v0.15.8
	if: github.ref_type == 'tag'

	- name: Install Cosign
	uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0
	if: github.ref_type == 'tag'

	- name: Setup Snapcraft
	run: \|
	sudo apt-get update
	sudo apt-get -yq --no-install-suggests --no-install-recommends install snapcraft
	mkdir -p $HOME/.cache/snapcraft/download
	mkdir -p $HOME/.cache/snapcraft/stage-packages
	if: github.ref_type == 'tag'

	- name: Install Nix
	uses: cachix/install-nix-action@6004951b182f8860210c8d6f0d808ec5b1a33d28 # v25
	with:
	github_access_token: ${{ secrets.GITHUB_TOKEN }}
	if: github.ref_type == 'tag'

	- name: Run GoReleaser
	uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0
	with:
	version: latest
	args: ${{ github.ref_type == 'tag' && 'release' \|\| 'build --snapshot' }} ${{ github.event_name == 'pull_request' && '--single-target' \|\| '' }} --clean
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	GOPATH: ${{ steps.go.outputs.go_path }}
	NGINX_GITHUB_TOKEN: ${{ secrets.NGINX_PAT }}
	SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_COMMUNITY }}
	SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_LOGIN }}

	- name: Print NGINX Prometheus Exporter info
	run: ./dist/nginx-prometheus-exporter_linux_amd64_v1/nginx-prometheus-exporter --version
	continue-on-error: true

	- name: Build and Push Docker Image
	uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
	with:
	file: build/Dockerfile
	context: "."
	target: goreleaser
	platforms: ${{ github.event_name != 'pull_request' && env.DOCKER_PLATFORMS \|\| '' }}
	tags: ${{ steps.meta.outputs.tags }}
	labels: ${{ steps.meta.outputs.labels }}
	annotations: ${{ github.event_name != 'pull_request' && steps.meta.outputs.annotations \|\| '' }}
	load: ${{ github.event_name == 'pull_request' }}
	push: ${{ github.event_name != 'pull_request' }}
	cache-from: type=gha
	cache-to: type=gha,mode=max
	provenance: ${{ github.event_name != 'pull_request' && 'mode=max' \|\| 'false' }}
	sbom: ${{ github.event_name != 'pull_request' }}

	- name: Scan image
	uses: anchore/scan-action@3343887d815d7b07465f6fdcd395bd66508d486a # v3.6.4
	id: scan
	continue-on-error: true
	with:
	image: nginx/nginx-prometheus-exporter:${{ steps.meta.outputs.version }}
	only-fixed: true
	add-cpes-if-none: true

	- name: Upload scan result to GitHub Security tab
	uses: github/codeql-action/upload-sarif@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5
	continue-on-error: true
	with:
	sarif_file: ${{ steps.scan.outputs.sarif }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ci: add gh action workflow definition for F5 CLA automation #1726

Workflow file

ci: add gh action workflow definition for F5 CLA automation #1726

Jobs

Run details

Workflow file for this run