Release Build #20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release Build | |
on: | |
workflow_dispatch: | |
inputs: | |
version: | |
description: The version to tag the release with, e.g., 1.2.0 | |
required: true | |
env: | |
AWS_DEFAULT_REGION: us-east-1 | |
AWS_PUBLIC_ECR_REGION: us-east-1 | |
AWS_PRIVATE_ECR_REGION: us-west-2 | |
RELEASE_PUBLIC_REPOSITORY: public.ecr.aws/aws-observability/adot-autoinstrumentation-python | |
RELEASE_PRIVATE_REPOSITORY: 020628701572.dkr.ecr.us-west-2.amazonaws.com/adot-autoinstrumentation-python | |
RELEASE_PRIVATE_REGISTRY: 020628701572.dkr.ecr.us-west-2.amazonaws.com | |
PACKAGE_NAME: aws-opentelemetry-distro | |
permissions: | |
id-token: write | |
contents: write | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Contrib Repo @ SHA - ${{ github.sha }} | |
uses: actions/checkout@v4 | |
# NOTE: do not set push_image to true for this step. | |
# Some of the required params below are set to dummy values | |
# as they are only used in the artifacts_build action when push_image is true, | |
# and setting them to some legit value might cause confusion | |
# to readers. | |
- name: Build Wheel and Image Files | |
uses: ./.github/actions/artifacts_build | |
with: | |
aws-region: ${{ env.AWS_DEFAULT_REGION }} | |
image_uri_with_tag: "adot-autoinstrumentation-python:test" | |
image_registry: "dummy-registry" | |
snapshot-ecr-role: "dummy-role" | |
push_image: false | |
load_image: false | |
python_version: "3.10" | |
package_name: aws-opentelemetry-distro | |
os: ubuntu-latest | |
# TODO: Add some sort of smoke/integration testing before we go | |
# release the artifacts. adot java for reference: | |
# https://github.com/aws-observability/aws-otel-java-instrumentation/tree/93870a550ac30988fbdd5d3bf1e8f9f1b37916f5/smoke-tests | |
- name: Configure AWS credentials for PyPI secrets | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ secrets.AWS_ROLE_ARN_PYPI_RELEASE }} | |
aws-region: ${{ env.AWS_DEFAULT_REGION }} | |
- name: Get PyPI secrets | |
uses: aws-actions/aws-secretsmanager-get-secrets@v1 | |
id: pypi_secrets | |
with: | |
secret-ids: | | |
PROD_PYPI_TOKEN,${{ secrets.PYPI_PROD_TOKEN_SECRET_ARN }} | |
TEST_PYPI_TOKEN,${{ secrets.PYPI_TEST_TOKEN_SECRET_ARN }} | |
parse-json-secrets: true | |
- name: Configure AWS credentials for private ECR | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ secrets.AWS_ROLE_ARN_ECR_RELEASE }} | |
aws-region: ${{ env.AWS_PRIVATE_ECR_REGION }} | |
- name: Log in to AWS private ECR | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ env.RELEASE_PRIVATE_REGISTRY }} | |
- name: Configure AWS credentials for public ECR | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ secrets.AWS_ROLE_ARN_ECR_RELEASE }} | |
aws-region: ${{ env.AWS_PUBLIC_ECR_REGION }} | |
- name: Log in to AWS public ECR | |
uses: docker/login-action@v3 | |
with: | |
registry: public.ecr.aws | |
# The step below publishes to testpypi in order to catch any issues | |
# with the package configuration that would cause a failure to upload to pypi. | |
- name: Install twine | |
run: pip install twine | |
- name: Publish to TestPyPI | |
env: | |
TWINE_USERNAME: '__token__' | |
TWINE_PASSWORD: ${{ env.TEST_PYPI_TOKEN_API_TOKEN }} | |
run: | | |
twine upload --repository testpypi --skip-existing --verbose dist/aws_opentelemetry_distro-${{ github.event.inputs.version }}-py3-none-any.whl | |
# The following step publish to ECR | |
- name: Build and push images | |
uses: docker/build-push-action@v5 | |
with: | |
push: true | |
context: . | |
file: ./Dockerfile | |
platforms: linux/amd64,linux/arm64 | |
tags: | | |
${{ env.RELEASE_PRIVATE_REPOSITORY }}:v${{ github.event.inputs.version }} | |
${{ env.RELEASE_PUBLIC_REPOSITORY }}:v${{ github.event.inputs.version }} | |
# Publish to prod PyPI | |
- name: Publish to PyPI | |
env: | |
TWINE_USERNAME: '__token__' | |
TWINE_PASSWORD: ${{ env.PROD_PYPI_TOKEN_API_TOKEN }} | |
run: | | |
twine upload --skip-existing --verbose dist/aws_opentelemetry_distro-${{ github.event.inputs.version }}-py3-none-any.whl | |
- name: Create GH release | |
id: create_release | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token | |
run: | | |
gh release create --target "$GITHUB_REF_NAME" \ | |
--title "Release v${{ github.event.inputs.version }}" \ | |
--draft \ | |
"v${{ github.event.inputs.version }}" \ | |
dist/aws_opentelemetry_distro-${{ github.event.inputs.version }}-py3-none-any.whl |