.github/workflows/ci-nightly.yaml

name: 🔄 CI | Nightly Tests

on:
  workflow_dispatch:
    inputs:
      branch:
        description: "Branch to run the workflow on, e.g. main"
        type: string
        required: true
  schedule:
    # Scheduled to run in the morning (PT) on every day-of-week from Monday through Friday.
    - cron: '0 15 * * 1-5'

env:
  REGISTRY: '${{ secrets.OTELCOMM_AWS_TEST_ACC_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com'

jobs:
  build:
    name: Build & Validate
    strategy:
      matrix:
        distribution:
          - nrdot-collector-host
          - nrdot-collector-k8s
    uses: ./.github/workflows/ci-base.yaml
    with:
      nightly: true
      distribution: ${{ matrix.distribution }}
      test_cluster_name: 'ci-e2etest-nightly-${{ matrix.distribution }}'
    secrets:
      docker_hub_username: ${{ secrets.OTELCOMM_DOCKER_HUB_USERNAME }}
      docker_hub_password: ${{ secrets.OTELCOMM_DOCKER_HUB_PASSWORD }}
      gpg_private_key: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }}
      gpg_passphrase: ${{ secrets.OHAI_GPG_PASSPHRASE }}
      registry: '${{ secrets.OTELCOMM_AWS_TEST_ACC_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com'
      nr_backend_url: ${{ secrets.NR_STAGING_BACKEND_URL }}
      nr_ingest_key: ${{ secrets.OTELCOMM_NR_INGEST_KEY }}
      nr_account_id: ${{ secrets.OTELCOMM_NR_TEST_ACCOUNT_ID }}
      nr_api_base_url: ${{ secrets.NR_STAGING_API_BASE_URL }}
      nr_api_key: ${{ secrets.OTELCOMM_NR_API_KEY }}

  publish:
    name: Build & Publish Nightly
    runs-on: ubuntu-latest
    needs: build
    strategy:
      matrix:
        distribution:
          - nrdot-collector-host
          - nrdot-collector-k8s
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0 # required for tag metadata

      - name: Setup Go
        uses: actions/setup-go@v5
        with:
          go-version: '1.23'
          check-latest: true

      - name: Tidy go.mod files
        run: go mod tidy

      - name: Verify build
        run: make ci DISTRIBUTIONS=${{ matrix.distribution }}

      - name: Login to Docker
        uses: docker/login-action@v3
        if: ${{ env.ACT }}
        with:
          registry: docker.io
          username: ${{ secrets.OTELCOMM_DOCKER_HUB_USERNAME }}
          password: ${{ secrets.OTELCOMM_DOCKER_HUB_PASSWORD }}

      - uses: docker/setup-qemu-action@v2

      - uses: docker/setup-buildx-action@v2

      - name: Import GPG key
        id: import_gpg
        uses: crazy-max/ghaction-import-gpg@v6
        with:
          gpg_private_key: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }}
          passphrase: ${{ secrets.OHAI_GPG_PASSPHRASE }}

      - name: Write GPG to path in memory for signing rpm/deb
        id: write_gpg_to_path
        run: |
          GPG_KEY_PATH="$(mktemp /dev/shm/gpg.XXXXXX)"
          echo "$GPG_PRIVATE_KEY" | base64 -d >> "$GPG_KEY_PATH"
          echo "gpg_key_path=$GPG_KEY_PATH" >> $GITHUB_OUTPUT
        env:
          GPG_PRIVATE_KEY: ${{ secrets.OHAI_GPG_PRIVATE_KEY_BASE64 }}

      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-access-key-id: ${{ secrets.OTELCOMM_AWS_TEST_ACC_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.OTELCOMM_AWS_TEST_ACC_SECRET_ACCESS_KEY }}
          aws-region: us-east-1
          role-to-assume: arn:aws:iam::${{ secrets.OTELCOMM_AWS_TEST_ACC_ACCOUNT_ID }}:role/resource-provisioner
          role-skip-session-tagging: true

      - name: Login to ECR
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY}}/${{ matrix.distribution }}

      - name: Build and publish ${{ matrix.distribution }} nightly binaries & packages with GoReleaser
        id: goreleaser_publish
        if: ${{ !env.ACT }}
        uses: goreleaser/goreleaser-action@v6
        env:
          NFPM_PASSPHRASE: ${{ secrets.OHAI_GPG_PASSPHRASE }}
          GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
          GPG_KEY_PATH: ${{ steps.write_gpg_to_path.outputs.gpg_key_path }}
          REGISTRY: ${{ env.REGISTRY }}
        with:
          distribution: goreleaser
          version: '~> v2'
          args: --skip=announce,validate --clean --timeout 2h --config .goreleaser-nightly.yaml
          workdir: distributions/${{ matrix.distribution }}
      - name: Extract Docker Manifest SHA
        id: extract_docker_manifest_sha
        run: |
          echo "docker_manifest_sha=$(echo '${{ steps.goreleaser_publish.outputs.artifacts }}' |
            yq -r '.[] | select(.type == "Docker Manifest") | .extra.Digest')" >> $GITHUB_OUTPUT
    outputs:
      docker_manifest_sha: ${{ steps.extract_docker_manifest_sha.outputs.docker_manifest_sha }}

  deploy-nightly:
    name: Deploy Nightly
    uses: ./.github/workflows/terraform.yaml
    if: ${{ !github.event.act }}
    needs: publish
    strategy:
      matrix:
        distribution:
          - nrdot-collector-host
          - nrdot-collector-k8s
    concurrency:
      # concurrency limit of 1 b/c failed tf job cancelling each other causes tf state and locks to corrupt
      group: deploy-nightly-terraform
    with:
      branch: ${{ github.ref }}
      tf_work_subdir: nightly
      workspace: 'nightly-${{ matrix.distribution }}'
      execute_plan: true
      execute_apply: true
      distro: ${{ matrix.distribution }}
      nightly_docker_manifest_sha: ${{ needs.publish.outputs.docker_manifest_sha }}
    secrets:
      aws_access_key_id: ${{ secrets.OTELCOMM_AWS_TEST_ACC_ACCESS_KEY_ID }}
      aws_secret_access_key: ${{secrets.OTELCOMM_AWS_TEST_ACC_SECRET_ACCESS_KEY}}
      aws_account_id: ${{ secrets.OTELCOMM_AWS_TEST_ACC_ACCOUNT_ID }}
      nr_backend_url: ${{secrets.NR_STAGING_BACKEND_URL}}
      nr_ingest_key: ${{ secrets.OTELCOMM_NR_INGEST_KEY }}

  test-nightly:
    name: Test Nightly
    runs-on: ubuntu-latest
    needs: deploy-nightly
    strategy:
      matrix:
        distribution:
          - nrdot-collector-host
          - nrdot-collector-k8s
    steps:
      - name: Run nightly tests for ${{ matrix.distribution }}
        run: |
          NR_API_KEY=${{ secrets.OTELCOMM_NR_API_KEY }} \
          NR_ACCOUNT_ID=${{ secrets.OTELCOMM_NR_TEST_ACCOUNT_ID }} \
          NR_API_BASE_URL=${{ secrets.NR_STAGING_API_BASE_URL }} \
          DISTRO=${{ matrix.distribution }} \
          make -f ./test/e2e/Makefile ci_test-nightly