chore(deps): bump golang.org/x/sys from 0.33.0 to 0.35.0 in /agent #147
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Multi Environment Build | |
| on: | |
| push: | |
| branches: [ 'v10', 'release/v10**' ] | |
| tags: [ 'v10.*' ] | |
| pull_request: | |
| branches: [ 'v10' ] | |
| jobs: | |
| setup_deployment: | |
| name: Setup Deployment | |
| runs-on: ubuntu-24.04 | |
| outputs: | |
| tag: ${{ steps.set-env.outputs.tag }} | |
| steps: | |
| - name: Determine Build Environment | |
| id: set-env | |
| run: | | |
| if ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/heads/release/v10') }}; then | |
| echo "DEV environment" | |
| echo "tag=v10-dev" >> $GITHUB_OUTPUT | |
| elif ${{ github.event_name == 'push' && github.ref == 'refs/heads/v10' }}; then | |
| echo "RC environment" | |
| echo "tag=v10-rc" >> $GITHUB_OUTPUT | |
| elif ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v10.') }}; then | |
| echo "RELEASE environment" | |
| echo "tag=v10" >> $GITHUB_OUTPUT | |
| fi | |
| validations: | |
| name: Validate permissions | |
| runs-on: ubuntu-24.04 | |
| needs: setup_deployment | |
| if: ${{ needs.setup_deployment.outputs.tag != '' }} | |
| steps: | |
| - name: Check permissions | |
| run: | | |
| echo "Validating user permissions..." | |
| RESPONSE=$(curl -s -H "Authorization: Bearer ${{ secrets.API_SECRET }}" \ | |
| -H "Accept: application/vnd.github.json" \ | |
| "https://api.github.com/orgs/utmstack/teams/integration-developers/memberships/${{ github.actor }}") | |
| if echo "$RESPONSE" | grep -q '"state": "active"'; then | |
| echo "✅ User ${{ github.actor }} is a member of the integration-developers team." | |
| else | |
| RESPONSE=$(curl -s -H "Authorization: Bearer ${{ secrets.API_SECRET }}" \ | |
| -H "Accept: application/vnd.github.json" \ | |
| "https://api.github.com/orgs/utmstack/teams/core-developers/memberships/${{ github.actor }}") | |
| if echo "$RESPONSE" | grep -q '"state": "active"'; then | |
| echo "✅ User ${{ github.actor }} is a member of the core-developers team." | |
| else | |
| echo "⛔ ERROR: User ${{ github.actor }} is not a member of the core-developers or integration-developers team." | |
| echo $RESPONSE | |
| exit 1 | |
| fi | |
| fi | |
| build_agent: | |
| name: Build Agent-Manager Image & Agent & Dependencies | |
| needs: [validations,setup_deployment] | |
| if: ${{ needs.setup_deployment.outputs.tag != '' }} | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Check out code into the right branch | |
| uses: actions/checkout@v4 | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: utmstack | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and Sign Agent | |
| run: | | |
| cd ${{ github.workspace }}/agent/config | |
| sed -i 's|const REPLACE_KEY string = ""|const REPLACE_KEY string = "${{ secrets.AGENT_SECRET_PREFIX }}"|' const.go | |
| echo "Building Agent..." | |
| cd ${{ github.workspace }}/agent | |
| GOOS=linux GOARCH=amd64 go build -o utmstack_agent_service -v . | |
| GOOS=windows GOARCH=amd64 go build -o utmstack_agent_service.exe -v . | |
| GOOS=windows GOARCH=arm64 go build -o utmstack_agent_service_arm64.exe -v . | |
| if [[ ${{ needs.setup_deployment.outputs.tag }} != "v10-dev" ]]; then | |
| echo "Signing Windows Agent..." | |
| FILES_TO_SIGN=("utmstack_agent_service.exe" "utmstack_agent_service_arm64.exe") | |
| for file in "${FILES_TO_SIGN[@]}"; do | |
| echo "Uploading $file for signing..." | |
| RESPONSE=$(curl -sS -f -X POST http://customermanager.utmstack.com:8081/api/v1/upload \ | |
| -H "Authorization: Bearer ${{ secrets.SIGNER_TOKEN }}" \ | |
| -F "file=@$file") | |
| FILE_ID=$(echo "$RESPONSE" | jq -r '.file_id') | |
| if [[ -z "$FILE_ID" || "$FILE_ID" == "null" ]]; then | |
| echo "❌ Failed to upload $file for signing." | |
| exit 1 | |
| fi | |
| echo "Uploaded $file with file_id: $FILE_ID" | |
| echo "Waiting for signing to complete..." | |
| while true; do | |
| STATUS=$(curl -sS -H "Authorization: Bearer ${{ secrets.SIGNER_TOKEN }}" \ | |
| http://customermanager.utmstack.com:8081/api/v1/status/$FILE_ID | jq -r '.status') | |
| if [[ "$STATUS" == "ready" ]]; then | |
| echo "✅ $file has been signed." | |
| break | |
| elif [[ "$STATUS" == "signing" ]]; then | |
| echo "⏳ Still signing $file... waiting 5s" | |
| sleep 5 | |
| else | |
| echo "❌ Unexpected status: $STATUS" | |
| exit 1 | |
| fi | |
| done | |
| echo "Downloading signed $file..." | |
| curl -sS -f -H "Authorization: Bearer ${{ secrets.SIGNER_TOKEN }}" \ | |
| -o "$file" \ | |
| http://customermanager.utmstack.com:8081/api/v1/download/$FILE_ID | |
| echo "Marking $file as finished..." | |
| curl -sS -X POST -H "Authorization: Bearer ${{ secrets.SIGNER_TOKEN }}" \ | |
| http://customermanager.utmstack.com:8081/api/v1/finish/$FILE_ID > /dev/null || true | |
| done | |
| echo "✅ All agents signed successfully." | |
| else | |
| echo "Skipping signing for Alpha environment." | |
| fi | |
| - name: Prepare dependencies for Agent Manager Image | |
| run: | | |
| cd ${{ github.workspace }}/agent-manager | |
| GOOS=linux GOARCH=amd64 go build -o agent-manager -v . | |
| mkdir -p ./dependencies/collector | |
| curl -sSL -H "Authorization: Bearer ${{ secrets.SIGNER_TOKEN }}" \ | |
| "http://customermanager.utmstack.com:8081/api/v1/fs/${{ needs.setup_deployment.outputs.tag }}/collector/linux-as400-collector.zip" -o ./dependencies/collector/linux-as400-collector.zip | |
| curl -sSL -H "Authorization: Bearer ${{ secrets.SIGNER_TOKEN }}" \ | |
| "http://customermanager.utmstack.com:8081/api/v1/fs/${{ needs.setup_deployment.outputs.tag }}/collector/windows-as400-collector.zip" -o ./dependencies/collector/windows-as400-collector.zip | |
| mkdir -p ./dependencies/agent/ | |
| curl -sSL -H "Authorization: Bearer ${{ secrets.SIGNER_TOKEN }}" \ | |
| "http://customermanager.utmstack.com:8081/api/v1/fs/${{ needs.setup_deployment.outputs.tag }}/agent/utmstack_agent_dependencies_linux.zip" -o ./dependencies/agent/utmstack_agent_dependencies_linux.zip | |
| curl -sSL -H "Authorization: Bearer ${{ secrets.SIGNER_TOKEN }}" \ | |
| "http://customermanager.utmstack.com:8081/api/v1/fs/${{ needs.setup_deployment.outputs.tag }}/agent/utmstack_agent_dependencies_windows.zip" -o ./dependencies/agent/utmstack_agent_dependencies_windows.zip | |
| curl -sSL -H "Authorization: Bearer ${{ secrets.SIGNER_TOKEN }}" \ | |
| "http://customermanager.utmstack.com:8081/api/v1/fs/${{ needs.setup_deployment.outputs.tag }}/agent/utmstack_agent_dependencies_windows_arm64.zip" -o ./dependencies/agent/utmstack_agent_dependencies_windows_arm64.zip | |
| cp "${{ github.workspace }}/agent/utmstack_agent_service" ./dependencies/agent/ | |
| # cp "${{ github.workspace }}/agent/utmstack_agent_service_arm64" ./dependencies/agent/ | |
| cp "${{ github.workspace }}/agent/utmstack_agent_service.exe" ./dependencies/agent/ | |
| cp "${{ github.workspace }}/agent/utmstack_agent_service_arm64.exe" ./dependencies/agent/ | |
| cp "${{ github.workspace }}/agent/version.json" ./dependencies/agent/ | |
| - name: Build and Push the Agent Manager Image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: ./agent-manager | |
| push: true | |
| tags: ghcr.io/utmstack/utmstack/agent-manager:${{ needs.setup_deployment.outputs.tag }} | |
| runner_release: | |
| name: Images deployment | |
| needs: [validations,setup_deployment] | |
| if: ${{ needs.setup_deployment.outputs.tag != '' }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| service: ['aws', 'backend', 'correlation', 'frontend', 'bitdefender', 'mutate', 'office365', 'log-auth-proxy', 'soc-ai', 'sophos', 'user-auditor', 'web-pdf'] | |
| uses: ./.github/workflows/v10-used-runner.yml | |
| with: | |
| microservice: ${{ matrix.service }} | |
| environment: ${{ needs.setup_deployment.outputs.tag }} | |
| secrets: inherit | |
| deploy_dev: | |
| name: Deploy to v10-dev environment | |
| needs: [build_agent, runner_release, setup_deployment] | |
| if: ${{ needs.setup_deployment.outputs.tag == 'v10-dev' }} | |
| runs-on: utmstack-v10-dev | |
| steps: | |
| - name: Check out code into the right branch | |
| uses: actions/checkout@v4 | |
| - name: Set up Go 1.x | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: ^1.20 | |
| id: go | |
| - name: Build | |
| working-directory: ./installer | |
| env: | |
| GOOS: linux | |
| GOARCH: amd64 | |
| run: | | |
| go build -o installer -v . | |
| mv installer /home/utmstack/installer | |
| chmod +x /home/utmstack/installer | |
| - name: Run | |
| working-directory: /home/utmstack | |
| run: | | |
| sudo ./installer | |
| deploy_rc: | |
| name: Deploy to v10-rc environment | |
| needs: [build_agent, runner_release, setup_deployment] | |
| if: ${{ needs.setup_deployment.outputs.tag == 'v10-rc' }} | |
| runs-on: utmstack-v10-rc | |
| steps: | |
| - name: Check out code into the right branch | |
| uses: actions/checkout@v4 | |
| - name: Set up Go 1.x | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: ^1.20 | |
| id: go | |
| - name: Build | |
| working-directory: ./installer | |
| env: | |
| GOOS: linux | |
| GOARCH: amd64 | |
| run: | | |
| go build -o installer -v . | |
| mv installer /home/utmstack/installer | |
| chmod +x /home/utmstack/installer | |
| - name: Run | |
| working-directory: /home/utmstack | |
| run: | | |
| sudo ./installer |