-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Linux package proof of concept #1
base: main
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
name: Goreleaser | ||
on: | ||
pull_request: | ||
|
||
permissions: | ||
contents: read | ||
|
||
concurrency: | ||
group: ${{ github.head_ref || github.ref_name }} | ||
cancel-in-progress: true | ||
|
||
jobs: | ||
build: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Check out source code | ||
uses: actions/checkout@v4 | ||
with: | ||
ref: ${{ github.event.pull_request.head.sha }} | ||
|
||
- name: Set up Go | ||
uses: actions/setup-go@v5.0.0 | ||
Check warning Code scanning / Scorecard Pinned-Dependencies Medium
score is 5: GitHub-owned GitHubAction not pinned by hash
Click Remediation section below to solve this issue |
||
with: | ||
go-version: "1.21.5" | ||
|
||
- uses: actions/setup-node@v4 | ||
Check warning Code scanning / Scorecard Pinned-Dependencies Medium
score is 5: GitHub-owned GitHubAction not pinned by hash
Click Remediation section below to solve this issue |
||
with: | ||
node-version: "20" | ||
|
||
- name: Test GoReleaser | ||
uses: goreleaser/goreleaser-action@v5 | ||
Check warning Code scanning / Scorecard Pinned-Dependencies Medium
score is 5: third-party GitHubAction not pinned by hash
Click Remediation section below to solve this issue |
||
with: | ||
version: v1.22.1 | ||
args: release --skip=publish --snapshot | ||
distribution: goreleaser | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- name: Install Cinc (Inspec) | ||
run: | | ||
curl -L https://omnitruck.cinc.sh/install.sh | \ | ||
Check warning Code scanning / Scorecard Pinned-Dependencies Medium
score is 5: downloadThenRun not pinned by hash
Click Remediation section below to solve this issue |
||
sudo bash -s -- -P cinc-auditor -v 4 | ||
|
||
- name: Install Deb Package | ||
run: | | ||
sudo apt-get install -y -f ./dist/prometheus_linux_amd64.deb | ||
sudo systemctl start prometheus | ||
|
||
- name: Test Install | ||
run: sudo cinc-auditor exec package/test/install/test.rb | ||
|
||
- name: Uninstall Deb Package | ||
run: | | ||
sudo apt-get remove -y prometheus | ||
sudo apt-get purge -y prometheus | ||
|
||
- name: Test Uninstall | ||
run: sudo cinc-auditor exec package/test/uninstall/test.rb |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,187 @@ | ||
before: | ||
hooks: | ||
# See `make build` for list build prerequisites. | ||
- make assets | ||
- make npm_licenses | ||
- make assets-compress | ||
- make plugins | ||
|
||
builds: | ||
- id: prometheus | ||
binary: prometheus | ||
main: ./cmd/prometheus | ||
env: | ||
- CGO_ENABLED=0 | ||
mod_timestamp: "{{ .CommitTimestamp }}" | ||
goos: | ||
- linux | ||
goarch: | ||
- amd64 | ||
- arm64 | ||
flags: | ||
- -tags=netgo,builtinassets,stringlabels | ||
ldflags: | ||
- -s -w | ||
- -X github.com/prometheus/common/version.Version={{ .Version }} | ||
- -X github.com/prometheus/common/version.Revision="" | ||
- -X github.com/prometheus/common/version.Branch={{ .Branch }} | ||
- -X github.com/prometheus/common/version.BuildUser=observIQ | ||
- -X github.com/prometheus/common/version.BuildDate={{ .Date }} | ||
no_unique_dist_dir: false | ||
- id: promtool | ||
binary: promtool | ||
main: ./cmd/promtool | ||
env: | ||
- CGO_ENABLED=0 | ||
mod_timestamp: "{{ .CommitTimestamp }}" | ||
goos: | ||
- linux | ||
goarch: | ||
- amd64 | ||
- arm64 | ||
flags: | ||
- -tags=netgo,builtinassets,stringlabels | ||
ldflags: | ||
- -s -w | ||
- -X github.com/prometheus/common/version.Version={{ .Version }} | ||
- -X github.com/prometheus/common/version.Revision="" | ||
- -X github.com/prometheus/common/version.Branch={{ .Branch }} | ||
- -X github.com/prometheus/common/version.BuildUser=observIQ | ||
- -X github.com/prometheus/common/version.BuildDate={{ .Date }} | ||
no_unique_dist_dir: false | ||
|
||
nfpms: | ||
- id: prometheus | ||
file_name_template: "{{ .PackageName }}_{{ .Os }}_{{ .Arch }}" | ||
package_name: prometheus | ||
vendor: observIQ, Inc | ||
maintainer: observIQ <support@observiq.com> | ||
description: The Prometheus monitoring system and time series database. | ||
homepage: https://github.com/prometheus/prometheus | ||
license: Apache 2.0 | ||
builds: | ||
- prometheus | ||
- promtool | ||
formats: | ||
- rpm | ||
- deb | ||
bindir: /usr/bin | ||
contents: | ||
- dst: /var/lib/prometheus | ||
type: dir | ||
file_info: | ||
owner: prometheus | ||
group: prometheus | ||
mode: 0750 | ||
- dst: /var/lib/prometheus/console_libraries | ||
type: dir | ||
file_info: | ||
owner: prometheus | ||
group: prometheus | ||
mode: 0750 | ||
- dst: /var/lib/prometheus/consoles | ||
type: dir | ||
file_info: | ||
owner: prometheus | ||
group: prometheus | ||
mode: 0750 | ||
- dst: /var/lib/prometheus/tsdb | ||
type: dir | ||
file_info: | ||
owner: prometheus | ||
group: prometheus | ||
mode: 0750 | ||
- dst: /etc/prometheus | ||
type: dir | ||
file_info: | ||
owner: prometheus | ||
group: prometheus | ||
mode: 0750 | ||
- dst: /usr/share/doc/prometheus | ||
type: dir | ||
file_info: | ||
owner: root | ||
group: root | ||
mode: 0755 | ||
- src: package/service/prometheus.service | ||
dst: /usr/lib/systemd/system/prometheus.service | ||
type: "config" | ||
file_info: | ||
owner: root | ||
group: root | ||
mode: 0640 | ||
- src: package/config/prometheus.yml | ||
dst: /etc/prometheus/prometheus.yml | ||
type: "config" | ||
file_info: | ||
owner: prometheus | ||
group: prometheus | ||
mode: 0640 | ||
- src: package/config/web.yml | ||
dst: /etc/prometheus/web.yml | ||
type: "config" | ||
file_info: | ||
owner: prometheus | ||
group: prometheus | ||
mode: 0640 | ||
- src: package/config/rules.yml | ||
dst: /etc/prometheus/rules.yml | ||
type: "config" | ||
file_info: | ||
owner: prometheus | ||
group: prometheus | ||
mode: 0640 | ||
- src: console_libraries/* | ||
dst: /var/lib/prometheus/console_libraries/ | ||
type: "config" | ||
file_info: | ||
owner: prometheus | ||
group: prometheus | ||
mode: 0640 | ||
- src: consoles/* | ||
dst: /var/lib/prometheus/consoles/ | ||
type: "config" | ||
file_info: | ||
owner: prometheus | ||
group: prometheus | ||
mode: 0640 | ||
- src: NOTICE | ||
dst: /usr/share/doc/prometheus/NOTICE | ||
type: "config" | ||
file_info: | ||
owner: root | ||
group: root | ||
mode: 0644 | ||
- src: LICENSE | ||
dst: /usr/share/doc/prometheus/LICENSE | ||
type: "config" | ||
file_info: | ||
owner: root | ||
group: root | ||
mode: 0644 | ||
- src: npm_licenses.tar.bz2 | ||
dst: /usr/share/doc/prometheus/npm_licenses.tar.bz2 | ||
type: "config" | ||
file_info: | ||
owner: root | ||
group: root | ||
mode: 0644 | ||
scripts: | ||
preremove: package/scripts/preremove.sh | ||
postremove: package/scripts/postremove.sh | ||
preinstall: package/scripts/preinstall.sh | ||
postinstall: package/scripts/postinstall.sh | ||
|
||
archives: | ||
- format: tar.gz | ||
id: prometheus | ||
name_template: prometheus-{{ .Version }}.{{ .Os }}-{{ .Arch }} | ||
builds: | ||
- prometheus | ||
|
||
checksum: | ||
name_template: "{{ .ProjectName }}-v{{ .Version }}-SHA256SUMS" | ||
algorithm: sha256 | ||
|
||
release: | ||
draft: false |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
scrape_configs: [] | ||
rule_files: [/etc/prometheus/rules.yml] |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
groups: | ||
- name: configuration-rollups | ||
interval: 1m | ||
rules: | ||
- record: bindplane_agent_measurements:rollup:rate:1m | ||
expr: sum without (agent) (rate(bindplane_agent_measurements{}[1m] offset 10s)) |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
#!/bin/bash | ||
|
||
# Install handles systemd service management. This function | ||
# can be called more than once as it is idempotent. | ||
install() { | ||
systemctl daemon-reload | ||
} | ||
|
||
# Upgrade performs the same steps as install. | ||
upgrade() { | ||
install | ||
} | ||
|
||
action="$1" | ||
|
||
case "$action" in | ||
"0" | "install") | ||
install | ||
;; | ||
"1" | "upgrade") | ||
upgrade | ||
;; | ||
*) | ||
install | ||
;; | ||
esac |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
#!/bin/bash | ||
|
||
set -e | ||
|
||
# Remove deletes the prometheus systemd service file | ||
# and reloads systemd. If the file does not exist, return early. | ||
remove() { | ||
rm -f /usr/lib/systemd/system/prometheus.service || return | ||
systemctl daemon-reload | ||
} | ||
|
||
# Upgrade performs a no-op and is included here for future use. | ||
upgrade() { | ||
return | ||
} | ||
|
||
action="$1" | ||
|
||
case "$action" in | ||
"0" | "remove") | ||
remove | ||
;; | ||
"1" | "upgrade") | ||
upgrade | ||
;; | ||
*) | ||
remove | ||
;; | ||
esac |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
#!/bin/bash | ||
|
||
set -e | ||
|
||
# Install creates the prometheus user and group using the | ||
# name 'prometheus'. The prometheus user does not have a shell. | ||
# This function can be called more than once as it is idempotent. | ||
install() { | ||
username="prometheus" | ||
|
||
if getent group "$username" &>/dev/null; then | ||
echo "Group ${username} already exists." | ||
else | ||
groupadd "$username" | ||
fi | ||
|
||
if id "$username" &>/dev/null; then | ||
echo "User ${username} already exists" | ||
exit 0 | ||
else | ||
useradd --shell /sbin/nologin --system "$username" -g "$username" | ||
fi | ||
} | ||
|
||
# Upgrade should perform the same steps as install | ||
upgrade() { | ||
install | ||
} | ||
|
||
action="$1" | ||
|
||
case "$action" in | ||
"0" | "install") | ||
install | ||
;; | ||
"1" | "upgrade") | ||
upgrade | ||
;; | ||
*) | ||
install | ||
;; | ||
esac |
Check warning
Code scanning / Scorecard
Pinned-Dependencies Medium