refactor: simplify PostgreSQL connection initialization in postgres_c… #66

Workflow file for this run

.github/workflows/v10-deployment-pipeline.yml at c7774b4

	name: V10 - Build & Deploy Pipeline

	on:
	push:
	branches: [ 'v10', 'release/v10**' ]
	tags: [ 'v10**' ]
	pull_request:
	branches: [ 'v10' ]

	jobs:
	setup_deployment:
	name: Setup Deployment
	runs-on: ubuntu-24.04
	outputs:
	tag: ${{ steps.set-env.outputs.tag }}
	steps:
	- name: Determine Build Environment
	id: set-env
	run: \|
	if ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/heads/release/v10') }}; then
	echo "DEV environment"
	echo "tag=v10-dev" >> $GITHUB_OUTPUT
	elif ${{ github.event_name == 'push' && github.ref == 'refs/heads/v10' }}; then
	echo "RC environment"
	echo "tag=v10-rc" >> $GITHUB_OUTPUT
	elif ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v10.') }}; then
	echo "RELEASE environment"
	echo "tag=v10" >> $GITHUB_OUTPUT
	fi

	validations:
	name: Validate permissions
	runs-on: ubuntu-24.04
	needs: setup_deployment
	if: ${{ needs.setup_deployment.outputs.tag != '' }}
	steps:
	- name: Check permissions
	run: \|
	echo "Validating user permissions..."

	RESPONSE=$(curl -s -H "Authorization: Bearer ${{ secrets.API_SECRET }}" \
	-H "Accept: application/vnd.github.json" \
	"https://api.github.com/orgs/utmstack/teams/integration-developers/memberships/${{ github.actor }}")

	if echo "$RESPONSE" \| grep -q '"state": "active"'; then
	echo "✅ User ${{ github.actor }} is a member of the integration-developers team."
	else
	RESPONSE=$(curl -s -H "Authorization: Bearer ${{ secrets.API_SECRET }}" \
	-H "Accept: application/vnd.github.json" \
	"https://api.github.com/orgs/utmstack/teams/core-developers/memberships/${{ github.actor }}")

	if echo "$RESPONSE" \| grep -q '"state": "active"'; then
	echo "✅ User ${{ github.actor }} is a member of the core-developers team."
	else
	echo "⛔ ERROR: User ${{ github.actor }} is not a member of the core-developers or integration-developers team."
	echo $RESPONSE
	exit 1
	fi
	fi

	build_agent:
	name: Build and Sign Agent
	needs: [validations,setup_deployment]
	if: ${{ needs.setup_deployment.outputs.tag != '' }}
	runs-on: utmstack-signer
	steps:
	- name: Check out code into the right branch
	uses: actions/checkout@v4

	- name: Build Linux Agent
	env:
	GOOS: linux
	GOARCH: amd64
	run: \|
	cd ${{ github.workspace }}/agent
	go build -o utmstack_agent_service -v -ldflags "-X 'github.com/utmstack/UTMStack/agent/config.REPLACE_KEY=${{ secrets.AGENT_SECRET_PREFIX }}'" .

	- name: Build Windows Agent (amd64)
	env:
	GOOS: windows
	GOARCH: amd64
	run: \|
	cd ${{ github.workspace }}/agent
	go build -o utmstack_agent_service.exe -v -ldflags "-X 'github.com/utmstack/UTMStack/agent/config.REPLACE_KEY=${{ secrets.AGENT_SECRET_PREFIX }}'" .

	- name: Build Windows Agent (arm64)
	env:
	GOOS: windows
	GOARCH: arm64
	run: \|
	cd ${{ github.workspace }}/agent
	go build -o utmstack_agent_service_arm64.exe -v -ldflags "-X 'github.com/utmstack/UTMStack/agent/config.REPLACE_KEY=${{ secrets.AGENT_SECRET_PREFIX }}'" .

	- name: Sign Windows Agents
	run: \|
	cd ${{ github.workspace }}/agent
	signtool sign /fd SHA256 /tr http://timestamp.digicert.com /td SHA256 /f "${{ vars.SIGN_CERT }}" /csp "eToken Base Cryptographic Provider" /k "[{{${{ secrets.SIGN_KEY }}}}]=${{ secrets.SIGN_CONTAINER }}" "utmstack_agent_service.exe"
	signtool sign /fd SHA256 /tr http://timestamp.digicert.com /td SHA256 /f "${{ vars.SIGN_CERT }}" /csp "eToken Base Cryptographic Provider" /k "[{{${{ secrets.SIGN_KEY }}}}]=${{ secrets.SIGN_CONTAINER }}" "utmstack_agent_service_arm64.exe"

	- name: Upload signed binaries as artifacts
	uses: actions/upload-artifact@v4
	with:
	name: signed-agents
	path: \|
	${{ github.workspace }}/agent/utmstack_agent_service
	${{ github.workspace }}/agent/utmstack_agent_service.exe
	${{ github.workspace }}/agent/utmstack_agent_service_arm64.exe
	retention-days: 1

	build_agent_manager:
	name: Build Agent-Manager Image
	needs: [build_agent,validations,setup_deployment]
	if: ${{ needs.setup_deployment.outputs.tag != '' }}
	runs-on: ubuntu-22.04
	steps:
	- name: Check out code into the right branch
	uses: actions/checkout@v4

	- name: Download signed binaries from artifacts
	uses: actions/download-artifact@v4
	with:
	name: signed-agents
	path: ${{ github.workspace }}/agent

	- name: Prepare dependencies for Agent Manager Image
	run: \|
	cd ${{ github.workspace }}/agent-manager
	GOOS=linux GOARCH=amd64 go build -o agent-manager -v .

	mkdir -p ./dependencies/collector
	curl -sSL "https://storage.googleapis.com/utmstack-updates/dependencies/collector/linux-as400-collector.zip" -o ./dependencies/collector/linux-as400-collector.zip
	curl -sSL "https://storage.googleapis.com/utmstack-updates/dependencies/collector/windows-as400-collector.zip" -o ./dependencies/collector/windows-as400-collector.zip

	mkdir -p ./dependencies/agent/
	curl -sSL "https://storage.googleapis.com/utmstack-updates/dependencies/agent/utmstack_agent_dependencies_linux.zip" -o ./dependencies/agent/utmstack_agent_dependencies_linux.zip
	curl -sSL "https://storage.googleapis.com/utmstack-updates/dependencies/agent/utmstack_agent_dependencies_windows.zip" -o ./dependencies/agent/utmstack_agent_dependencies_windows.zip
	curl -sSL "https://storage.googleapis.com/utmstack-updates/dependencies/agent/utmstack_agent_dependencies_windows_arm64.zip" -o ./dependencies/agent/utmstack_agent_dependencies_windows_arm64.zip

	cp "${{ github.workspace }}/agent/utmstack_agent_service" ./dependencies/agent/
	cp "${{ github.workspace }}/agent/utmstack_agent_service.exe" ./dependencies/agent/
	cp "${{ github.workspace }}/agent/utmstack_agent_service_arm64.exe" ./dependencies/agent/
	cp "${{ github.workspace }}/agent/version.json" ./dependencies/agent/

	- name: Login to GitHub Container Registry
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: utmstack
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Build and Push the Agent Manager Image
	uses: docker/build-push-action@v6
	with:
	context: ./agent-manager
	push: true
	tags: ghcr.io/utmstack/utmstack/agent-manager:${{ needs.setup_deployment.outputs.tag }}

	build_aws:
	name: Build AWS Microservice
	needs: [validations,setup_deployment]
	if: ${{ needs.setup_deployment.outputs.tag != '' }}
	uses: ./.github/workflows/reusable-golang.yml
	with:
	image_name: aws
	tag: ${{ needs.setup_deployment.outputs.tag }}

	build_backend:
	name: Build Backend Microservice
	needs: [validations,setup_deployment]
	if: ${{ needs.setup_deployment.outputs.tag != '' }}
	uses: ./.github/workflows/reusable-java.yml
	with:
	image_name: backend
	tag: ${{ needs.setup_deployment.outputs.tag }}
	java_version: '11'
	use_version_file: true
	maven_profile: 'prod'
	maven_goals: 'clean package'

	build_correlation:
	name: Build Correlation Microservice
	needs: [validations,setup_deployment]
	if: ${{ needs.setup_deployment.outputs.tag != '' }}
	uses: ./.github/workflows/reusable-golang.yml
	with:
	image_name: correlation
	tag: ${{ needs.setup_deployment.outputs.tag }}

	build_frontend:
	name: Build Frontend Microservice
	needs: [validations,setup_deployment]
	if: ${{ needs.setup_deployment.outputs.tag != '' }}
	uses: ./.github/workflows/reusable-node.yml
	with:
	image_name: frontend
	tag: ${{ needs.setup_deployment.outputs.tag }}

	build_bitdefender:
	name: Build Bitdefender Microservice
	needs: [validations,setup_deployment]
	if: ${{ needs.setup_deployment.outputs.tag != '' }}
	uses: ./.github/workflows/reusable-golang.yml
	with:
	image_name: bitdefender
	tag: ${{ needs.setup_deployment.outputs.tag }}

	build_mutate:
	name: Build Mutate Microservice
	needs: [validations,setup_deployment]
	if: ${{ needs.setup_deployment.outputs.tag != '' }}
	uses: ./.github/workflows/reusable-basic.yml
	with:
	image_name: mutate
	tag: ${{ needs.setup_deployment.outputs.tag }}

	build_office365:
	name: Build Office365 Microservice
	needs: [validations,setup_deployment]
	if: ${{ needs.setup_deployment.outputs.tag != '' }}
	uses: ./.github/workflows/reusable-golang.yml
	with:
	image_name: office365
	tag: ${{ needs.setup_deployment.outputs.tag }}

	build_log_auth_proxy:
	name: Build Log-Auth-Proxy Microservice
	needs: [validations,setup_deployment]
	if: ${{ needs.setup_deployment.outputs.tag != '' }}
	uses: ./.github/workflows/reusable-golang.yml
	with:
	image_name: log-auth-proxy
	tag: ${{ needs.setup_deployment.outputs.tag }}

	build_soc_ai:
	name: Build Soc-AI Microservice
	needs: [validations,setup_deployment]
	if: ${{ needs.setup_deployment.outputs.tag != '' }}
	uses: ./.github/workflows/reusable-golang.yml
	with:
	image_name: soc-ai
	tag: ${{ needs.setup_deployment.outputs.tag }}

	build_sophos:
	name: Build Sophos Microservice
	needs: [validations,setup_deployment]
	if: ${{ needs.setup_deployment.outputs.tag != '' }}
	uses: ./.github/workflows/reusable-golang.yml
	with:
	image_name: sophos
	tag: ${{ needs.setup_deployment.outputs.tag }}

	build_threadwinds_ingestion:
	name: Build Threadwinds-Ingestion Microservice
	needs: [validations,setup_deployment]
	if: ${{ needs.setup_deployment.outputs.tag != '' }}
	uses: ./.github/workflows/reusable-golang.yml
	with:
	image_name: threadwinds-ingestion
	tag: ${{ needs.setup_deployment.outputs.tag }}

	build_user_auditor:
	name: Build User-Auditor Microservice
	needs: [validations,setup_deployment]
	if: ${{ needs.setup_deployment.outputs.tag != '' }}
	uses: ./.github/workflows/reusable-java.yml
	with:
	image_name: user-auditor
	tag: ${{ needs.setup_deployment.outputs.tag }}
	java_version: '11'
	use_version_file: false
	maven_goals: 'clean install -U'

	build_web_pdf:
	name: Build Web-PDF Microservice
	needs: [validations,setup_deployment]
	if: ${{ needs.setup_deployment.outputs.tag != '' }}
	uses: ./.github/workflows/reusable-java.yml
	with:
	image_name: web-pdf
	tag: ${{ needs.setup_deployment.outputs.tag }}
	java_version: '11'
	use_version_file: false
	maven_goals: 'clean install -U'

	all_builds_complete:
	name: All Builds Complete
	needs: [
	setup_deployment,
	build_agent_manager,
	build_aws, build_backend, build_correlation, build_frontend,
	build_bitdefender, build_mutate, build_office365,
	build_log_auth_proxy, build_soc_ai, build_sophos,
	build_threadwinds_ingestion,
	build_user_auditor, build_web_pdf
	]
	if: ${{ needs.setup_deployment.outputs.tag != '' }}
	runs-on: ubuntu-24.04
	steps:
	- run: echo "✅ All builds completed successfully"

	deploy_dev:
	name: Deploy to v10-dev environment
	needs: [all_builds_complete, setup_deployment]
	if: ${{ needs.setup_deployment.outputs.tag == 'v10-dev' }}
	runs-on: utmstack-v10-dev
	steps:
	- name: Check out code into the right branch
	uses: actions/checkout@v4

	- name: Set up Go 1.x
	uses: actions/setup-go@v5
	with:
	go-version: ^1.20
	id: go

	- name: Build
	working-directory: ./installer
	env:
	GOOS: linux
	GOARCH: amd64
	run: \|
	go build -o installer -v .
	mv installer /home/utmstack/installer
	chmod +x /home/utmstack/installer

	- name: Run
	working-directory: /home/utmstack
	run: \|
	sudo ./installer

	deploy_rc:
	name: Deploy to v10-rc environment
	needs: [all_builds_complete, setup_deployment]
	if: ${{ needs.setup_deployment.outputs.tag == 'v10-rc' }}
	runs-on: utmstack-v10-rc
	steps:
	- name: Check out code into the right branch
	uses: actions/checkout@v4

	- name: Set up Go 1.x
	uses: actions/setup-go@v5
	with:
	go-version: ^1.20
	id: go

	- name: Build
	working-directory: ./installer
	env:
	GOOS: linux
	GOARCH: amd64
	run: \|
	go build -o installer -v .
	mv installer /home/utmstack/installer
	chmod +x /home/utmstack/installer

	- name: Run
	working-directory: /home/utmstack
	run: \|
	sudo ./installer

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

refactor: simplify PostgreSQL connection initialization in postgres_c… #66

Workflow file

refactor: simplify PostgreSQL connection initialization in postgres_c… #66

Uh oh!

Workflow file for this run