New Relic Gate

About

New Relic and GitHub have made it easy to set up rigorous control mechanisms that ensure only high-quality thoroughly tested code reaches production.

With the New Relic Gate App for GitHub Actions Deployment Protection Rules, New Relic users can leverage anomaly detection to automatically intercept and validate deployment requests. This lets you prevent issues earlier in the release cycle to reduce alarming on higher level environments and build better software.

Prerequisites

• Sign into you New Relic account.
• If you don't have an account, sign up for free. Your account includes 100 GB/month of free data ingest, one free full-access user, unlimited free basic users, and hundreds of pre-built integrations.

Setup

1. Define deployment gate criteria.
2. Create a policy in New Relic, which will serve as the desired deployment gate.
3. Copy the Policy ID from New Relic.
4. Connect New Relic policies and issues to GitHub.
5. Create an API key in New Relic with access to query Policies & Issues.
6. Test your API key by running the following CURL command:

export NR_ACCOUNT_ID=### replace with your New Relic account id
export NR_POLICY_ID=### replace with your policy id from step 3
curl -i https://api.newrelic.com/graphql \
-H "Content-Type:application/json" \
-H "X-Api-Key:*****" \ #replace with your API key
-d \
'{
      "query": "{actor {account(id: '$NR_ACCOUNT_ID') {aiIssues { issues(filter: {states: ACTIVATED, policyIds: '$NR_POLICY_ID'}) { issues { policyName state activatedAt issueId title }}}}}}"
}'

You should see a response similar to this if your request is successful -- note there should be a data response and HTTP status code of 200:

HTTP/1.1 200 OK
Proxied-By: Service Gateway
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: frame-ancestors *.newrelic.com
Cache-Control: max-age=0, private, must-revalidate
Content-Length: 68
Content-Type: application/json; charset=utf-8
Date: date
Served-By: nerd-graph
Server: Cowboy

{"data":{"actor":{"account":{"aiIssues":{"issues":{"issues":[]}}}}}}%

7. Configure your repository's environment to use the gate by going to Settings > Environments > Selecting the Environment Name > Checking the box for the New Relic Gate.
8. Update your repository's environment by specifying the following environment variables:

• NEW_RELIC_ACCOUNT_ID -- the account ID to check.
• NEW_RELIC_DEPLOYMENT_GATE_POLICY_ID -- the policy ID to check.
• NEW_RELIC_REGION_CODE -- either US or EU.

9. Trigger a deployment on the repository
10. The first run of the gate will fail and prompt you to insert your New Relic API Key. This will create a failure response as your keys have not yet been configured. Insert the API key you test above in step 6 into this CURL response to setup your keys.
11. Run the CURL command provided in the response and insert your API key.
12. The next deployment should query the policy appropriately.

Support

If you need support for this Deployment Protection Rule, please contact githubgatessupport@newrelic.com