-
Notifications
You must be signed in to change notification settings - Fork 168
97 lines (86 loc) · 3.62 KB
/
Copy pathAgent-Config-Schema.yml
File metadata and controls
97 lines (86 loc) · 3.62 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
name: Agent Config Schema
# Permissions granted to all jobs in the workflow.
# Permissions that aren't explicitly defined here will default to a value of none.
permissions: {}
# Regenerates .fleetControl/schemas/config.json from reference-newrelic.yml
# whenever a push touches relevant inputs, then commits the regenerated schema
# back to the pushed branch.
#
# Version bumps to .fleetControl/configurationDefinitions.yml are NOT done
# here — they happen at release time via Agent-Config-Schema-Bump.yml.
#
# Also fails the current push if newrelic.yml changed but reference-newrelic.yml
# didn't. The check is per-push, so a follow-up push that updates
# reference-newrelic.yml will pass and re-green the PR.
#
# Skips main because branch protection blocks the bot from pushing there.
on:
push:
branches-ignore:
- main
paths:
- 'newrelic-agent/src/main/resources/newrelic.yml'
- '.fleetControl/schemaGeneration/**'
concurrency:
group: agent-config-schema-${{ github.ref }}
cancel-in-progress: true
jobs:
regenerate:
name: Regenerate config schema
runs-on: ubuntu-24.04
permissions:
contents: write
steps:
# - uses: GitHubSecurityLab/actions-permissions/monitor@v1 # detects minimum permissions required to run the workflow, uncomment to use
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # pin@v4
with:
fetch-depth: 0
token: ${{ secrets.GITHUB_TOKEN }}
- name: Check newrelic.yml / reference-newrelic.yml drift
run: |
before='${{ github.event.before }}'
after='${{ github.event.after }}'
echo "Comparing $before...$after"
changed=$(git diff --name-only "$before" "$after")
echo "Changed files:"
echo "$changed" | sed 's/^/ /'
agent_yml=$(echo "$changed" | grep -c '^newrelic-agent/src/main/resources/newrelic.yml$' || true)
ref_yml=$(echo "$changed" | grep -c '^\.fleetControl/schemaGeneration/reference-newrelic.yml$' || true)
echo "agent_yml=$agent_yml ref_yml=$ref_yml"
if [ "$agent_yml" -gt 0 ] && [ "$ref_yml" -eq 0 ]; then
echo "::error::newrelic.yml changed in this push but reference-newrelic.yml did not. Update reference-newrelic.yml in a follow-up push to clear this check."
exit 1
fi
- name: Set up Java
uses: actions/setup-java@b36c23c0d998641eff861008f374ee103c25ac73 # pin@v4
with:
distribution: 'temurin'
java-version: '17'
- name: Install Groovy
run: |
sudo apt-get update
sudo apt-get install -y groovy
- name: Run schema generator
id: generate
run: |
set +e
groovy .fleetControl/schemaGeneration/GenerateSchema.groovy
code=$?
set -e
case "$code" in
0) echo "changed=false" >> "$GITHUB_OUTPUT" ;;
1) echo "changed=true" >> "$GITHUB_OUTPUT" ;;
*) echo "Schema generator failed (exit $code)"; exit "$code" ;;
esac
- name: Commit and push regenerated schema
if: steps.generate.outputs.changed == 'true'
run: |
if [ -z "$(git status --porcelain .fleetControl/schemas/config.json)" ]; then
echo "Generator reported changes but config.json is clean — nothing to commit."
exit 0
fi
git config user.name 'github-actions[bot]'
git config user.email '41898282+github-actions[bot]@users.noreply.github.com'
git add .fleetControl/schemas/config.json
git commit -m "chore: regenerate agent config schema"
git push