feat(k8s): support promql historical data queries (#82) #63
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Publish | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - package.nix | |
| concurrency: | |
| group: 'publish-${{ github.workflow }}' | |
| cancel-in-progress: false | |
| jobs: | |
| get-newer-version: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| new-version: ${{ steps.check.outputs.new_version }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v5 | |
| with: | |
| fetch-tags: true | |
| fetch-depth: 0 | |
| - name: Extract version from package.nix | |
| id: extract | |
| run: | | |
| VERSION=$(grep -m1 'version\s*=' package.nix | sed -E 's/.*version\s*=\s*"([^"]+)";.*/\1/') | |
| echo "Extracted version: v$VERSION" | |
| echo "version=v$VERSION" >> $GITHUB_OUTPUT | |
| - name: Get latest tag | |
| id: latest | |
| run: | | |
| LATEST_TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "none") | |
| echo "Latest tag: $LATEST_TAG" | |
| echo "latest_tag=$LATEST_TAG" >> $GITHUB_OUTPUT | |
| - name: Check if version is new | |
| id: check | |
| run: | | |
| VERSION="${{ steps.extract.outputs.version }}" | |
| LATEST="${{ steps.latest.outputs.latest_tag }}" | |
| if [ "$VERSION" = "$LATEST" ]; then | |
| echo "No new version detected." | |
| echo "new_version=" >> $GITHUB_OUTPUT | |
| else | |
| echo "New version detected: $VERSION" | |
| echo "new_version=$VERSION" >> $GITHUB_OUTPUT | |
| fi | |
| build: | |
| name: Build ${{ matrix.arch }} image | |
| runs-on: ubuntu-latest | |
| needs: [ get-newer-version ] | |
| if: needs.get-newer-version.outputs.new-version != '' | |
| defaults: | |
| run: | |
| shell: nix develop --command bash {0} | |
| permissions: | |
| contents: read | |
| packages: write | |
| strategy: | |
| max-parallel: 1 | |
| matrix: | |
| include: | |
| - arch: amd64 | |
| platform: linux/amd64 | |
| nix_package: sysdig-mcp-server-image-amd64 | |
| - arch: arm64 | |
| platform: linux/arm64 | |
| nix_package: sysdig-mcp-server-image-aarch64 | |
| steps: | |
| - name: Check out the repo | |
| uses: actions/checkout@v5 | |
| - name: Install Nix | |
| # Pinned to v21 commit SHA for supply-chain safety. | |
| # To update: git ls-remote https://github.com/DeterminateSystems/nix-installer-action.git <tag> | |
| uses: DeterminateSystems/nix-installer-action@c5a866b6ab867e88becbed4467b93592bce69f8a # v21 | |
| - name: Enable Nix cache | |
| # Pinned to v13 commit SHA for supply-chain safety. | |
| # To update: git ls-remote https://github.com/DeterminateSystems/magic-nix-cache-action.git <tag> | |
| uses: DeterminateSystems/magic-nix-cache-action@565684385bcd71bad329742eefe8d12f2e765b39 # v13 | |
| with: | |
| use-flakehub: false | |
| - name: Build image | |
| run: nix build .#${{ matrix.nix_package }} -o result | |
| - name: Convert to OCI layout | |
| run: | | |
| skopeo copy docker-archive:result oci:/tmp/oci-image:latest | |
| echo "FROM base" > /tmp/Dockerfile.push | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Push image by digest | |
| id: push | |
| uses: docker/build-push-action@v6 | |
| with: | |
| file: /tmp/Dockerfile.push | |
| build-contexts: | | |
| base=oci-layout:///tmp/oci-image | |
| platforms: ${{ matrix.platform }} | |
| provenance: false | |
| outputs: type=image,name=ghcr.io/sysdiglabs/sysdig-mcp-server,push-by-digest=true,name-canonical=true,push=true | |
| - name: Export digest | |
| run: | | |
| mkdir -p /tmp/digests | |
| digest="${{ steps.push.outputs.digest }}" | |
| touch "/tmp/digests/${digest#sha256:}" | |
| - name: Upload digest | |
| uses: actions/upload-artifact@v5 | |
| with: | |
| name: digests-${{ matrix.arch }} | |
| path: /tmp/digests/* | |
| if-no-files-found: error | |
| retention-days: 1 | |
| push_to_registry: | |
| name: Push multi-arch manifest to GitHub Packages | |
| runs-on: ubuntu-latest | |
| needs: [ get-newer-version, build ] | |
| permissions: | |
| contents: read | |
| packages: write | |
| env: | |
| REGISTRY: ghcr.io/sysdiglabs/sysdig-mcp-server | |
| steps: | |
| - name: Download digests | |
| uses: actions/download-artifact@v6 | |
| with: | |
| path: /tmp/digests | |
| pattern: digests-* | |
| merge-multiple: true | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Create manifest list and push | |
| env: | |
| VERSION: ${{ needs.get-newer-version.outputs.new-version }} | |
| working-directory: /tmp/digests | |
| run: | | |
| docker buildx imagetools create --tag $REGISTRY:${VERSION} \ | |
| $(printf "$REGISTRY@sha256:%s " *) | |
| docker buildx imagetools create --tag $REGISTRY:latest \ | |
| $(printf "$REGISTRY@sha256:%s " *) | |
| - name: Inspect image | |
| env: | |
| VERSION: ${{ needs.get-newer-version.outputs.new-version }} | |
| run: docker buildx imagetools inspect $REGISTRY:${VERSION} | |
| build-binaries: | |
| name: Build ${{ matrix.goos }}-${{ matrix.goarch }} binary | |
| runs-on: ubuntu-latest | |
| needs: [ get-newer-version ] | |
| if: needs.get-newer-version.outputs.new-version != '' | |
| defaults: | |
| run: | |
| shell: nix develop --command bash {0} | |
| permissions: | |
| contents: read | |
| strategy: | |
| matrix: | |
| include: | |
| - { goos: darwin, goarch: arm64, ext: tar.gz } | |
| - { goos: darwin, goarch: amd64, ext: tar.gz } | |
| - { goos: linux, goarch: arm64, ext: tar.gz } | |
| - { goos: linux, goarch: amd64, ext: tar.gz } | |
| - { goos: linux, goarch: "386", ext: tar.gz } | |
| - { goos: windows, goarch: arm64, ext: zip } | |
| - { goos: windows, goarch: amd64, ext: zip } | |
| - { goos: windows, goarch: "386", ext: zip } | |
| steps: | |
| - name: Check out the repo | |
| uses: actions/checkout@v5 | |
| - name: Install Nix | |
| # Pinned to v21 commit SHA for supply-chain safety. | |
| # To update: git ls-remote https://github.com/DeterminateSystems/nix-installer-action.git <tag> | |
| uses: DeterminateSystems/nix-installer-action@c5a866b6ab867e88becbed4467b93592bce69f8a # v21 | |
| - name: Enable Nix cache | |
| # Pinned to v13 commit SHA for supply-chain safety. | |
| # To update: git ls-remote https://github.com/DeterminateSystems/magic-nix-cache-action.git <tag> | |
| uses: DeterminateSystems/magic-nix-cache-action@565684385bcd71bad329742eefe8d12f2e765b39 # v13 | |
| with: | |
| use-flakehub: false | |
| - name: Build and package binary | |
| env: | |
| VERSION: ${{ needs.get-newer-version.outputs.new-version }} | |
| ARCHIVE: sysdig-mcp-server_${{ matrix.goos }}-${{ matrix.goarch }} | |
| BINARY: sysdig-mcp-server${{ matrix.goos == 'windows' && '.exe' || '' }} | |
| run: | | |
| CGO_ENABLED=0 GOOS=${{ matrix.goos }} GOARCH=${{ matrix.goarch }} \ | |
| go build -ldflags "-w -s -X main.Version=${VERSION}" -o "${BINARY}" ./cmd/server | |
| if [ "${{ matrix.ext }}" = "tar.gz" ]; then | |
| tar -czf "${ARCHIVE}.tar.gz" "${BINARY}" | |
| else | |
| zip "${ARCHIVE}.zip" "${BINARY}" | |
| fi | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@v5 | |
| with: | |
| name: binary-${{ matrix.goos }}-${{ matrix.goarch }} | |
| path: sysdig-mcp-server_${{ matrix.goos }}-${{ matrix.goarch }}.${{ matrix.ext }} | |
| if-no-files-found: error | |
| retention-days: 1 | |
| release: | |
| name: Create release at Github | |
| needs: [ get-newer-version, push_to_registry, build-binaries ] | |
| if: needs.get-newer-version.outputs.new-version != '' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write # Required for release creation | |
| steps: | |
| - uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 0 | |
| fetch-tags: true | |
| - name: Install Nix | |
| # Pinned to v21 commit SHA for supply-chain safety. | |
| # To update: git ls-remote https://github.com/DeterminateSystems/nix-installer-action.git <tag> | |
| uses: DeterminateSystems/nix-installer-action@c5a866b6ab867e88becbed4467b93592bce69f8a # v21 | |
| - name: Enable Nix cache | |
| # Pinned to v13 commit SHA for supply-chain safety. | |
| # To update: git ls-remote https://github.com/DeterminateSystems/magic-nix-cache-action.git <tag> | |
| uses: DeterminateSystems/magic-nix-cache-action@565684385bcd71bad329742eefe8d12f2e765b39 # v13 | |
| with: | |
| use-flakehub: false | |
| - name: Install git-chglog | |
| run: nix profile install nixpkgs#git-chglog | |
| - name: Tag with version ${{ needs.get-newer-version.outputs.new-version }} | |
| run: git tag ${{ needs.get-newer-version.outputs.new-version }} | |
| - name: Generate changelog | |
| run: git-chglog -c .github/git-chglog/config.yml -o RELEASE_CHANGELOG.md $(git describe --tags $(git rev-list --tags --max-count=1)) | |
| - name: Download binary artifacts | |
| uses: actions/download-artifact@v6 | |
| with: | |
| path: /tmp/binaries | |
| pattern: binary-* | |
| merge-multiple: true | |
| - name: Generate checksums | |
| working-directory: /tmp/binaries | |
| run: sha256sum * > checksums.txt | |
| - name: Create release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| name: ${{ needs.get-newer-version.outputs.new-version }} | |
| tag_name: ${{ needs.get-newer-version.outputs.new-version }} | |
| prerelease: false | |
| body_path: RELEASE_CHANGELOG.md | |
| files: /tmp/binaries/* |