polishing the release workflow

aws-observability · Mar 5, 2024 · f09e03d · f09e03d
1 parent bdd81df
commit f09e03d
Showing 1 changed file with 77 additions and 36 deletions.
diff --git a/.github/workflows/release_build.yml b/.github/workflows/release_build.yml
@@ -1,4 +1,3 @@
-#This Release Build workflow is not fully ready yet, will be tested as Beta release when it is ready.
 name: Release Build
 on:
   workflow_dispatch:
@@ -9,8 +8,12 @@ on:
 
 env:
   AWS_DEFAULT_REGION: us-east-1
-  ECR_REGISTRY: 637423224110.dkr.ecr.us-east-1.amazonaws.com
-  PRIVATE_ECR_REPOSITORY: eks/observability/adot-autoinstrumentation-python
+  AWS_PUBLIC_ECR_REGION: us-east-1
+  AWS_PRIVATE_ECR_REGION: us-west-2
+  RELEASE_PUBLIC_REPOSITORY: public.ecr.aws/aws-observability/adot-autoinstrumentation-python
+  RELEASE_PRIVATE_REPOSITORY: 020628701572.dkr.ecr.us-west-2.amazonaws.com/adot-autoinstrumentation-python
+  RELEASE_PRIVATE_REGISTRY: 020628701572.dkr.ecr.us-west-2.amazonaws.com
+  PACKAGE_NAME: aws-opentelemetry-distro
 
 permissions:
   id-token: write
@@ -23,60 +26,98 @@ jobs:
       - name: Checkout Contrib Repo @ SHA - ${{ github.sha }}
         uses: actions/checkout@v4
 
-      - name: Build Wheel and Image Files
-        uses: ./.github/actions/artifacts_build
+      - name: Set up
+        uses: ./.github/actions/set_up
         with:
-          aws-region: ${{ env.AWS_DEFAULT_REGION }}
-          image_uri_with_tag: ${{ env.ECR_REGISTRY }}/${{ env.PRIVATE_ECR_REPOSITORY }}:v${{ github.event.inputs.version }}
-          image_registry: ${{ env.ECR_REGISTRY }}
-          snapshot-ecr-role: ${{ secrets.AWS_ASSUME_ROLE_ARN }}
-          push_image: false
-          load_image: false
           python_version: "3.10"
-          package_name: aws-opentelemetry-distro
+          package_name: ${{ env.PACKAGE_NAME }}
           os: ubuntu-latest
+          run_unit_tests: true
+
+      # TODO: Add some sort of smoke/integration testing before we go
+      # release the artifacts. adot java for reference:
+      # https://github.com/aws-observability/aws-otel-java-instrumentation/tree/93870a550ac30988fbdd5d3bf1e8f9f1b37916f5/smoke-tests
+
+      - name: Install Dependencies and Build Wheel
+        id: wheel_build
+        shell: bash
+        run: |
+          pip install --upgrade pip setuptools wheel packaging build twine
+          rm -rf ./dist/*
+          cd ./aws-opentelemetry-distro
+          python -m build --outdir ../dist
 
-      - name: Get PyPI secrets by name and ARN
+      - name: Configure AWS credentials for PyPI publish
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.AWS_ROLE_ARN_PYPI_RELEASE }}
+          aws-region: ${{ env.AWS_DEFAULT_REGION }}
+
+      - name: Get PyPI secrets
         uses: aws-actions/aws-secretsmanager-get-secrets@v1
         id: pypi_secrets
         with:
           secret-ids: |
-            PROD_PYPI_TOKEN,arn:aws:secretsmanager:us-east-1:637423224110:secret:prod/PyPI/apiToken-W2a9ny
-            TEST_PYPI_TOKEN,arn:aws:secretsmanager:us-east-1:637423224110:secret:test/PyPI/apiToken-z5iqc6
-
-      - name: Export distro version
-        id: distro_version
-        shell: bash
-        run: |
-          pkg_version=$(grep '__version__' ./aws-opentelemetry-distro/src/amazon/opentelemetry/distro/version.py | awk -F '"' '{print $2}')
-          echo "ADOT_PYTHON_VERSION=$pkg_version" >> $GITHUB_OUTPUT
+            PROD_PYPI_TOKEN,${{ secrets.PYPI_PROD_TOKEN_SECRET_ARN }}
+            TEST_PYPI_TOKEN,${{ secrets.PYPI_TEST_TOKEN_SECRET_ARN }}
+          parse-json-secrets: true
 
       # The step below publishes to testpypi in order to catch any issues
       # with the package configuration that would cause a failure to upload to pypi.
       - name: Publish to TestPyPI
         env:
           TWINE_USERNAME: '__token__'
-          TWINE_PASSWORD: ${{ steps.pypi_secrets.outputs.TEST_PYPI_TOKEN }}
+          TWINE_PASSWORD: ${{ env.TEST_PYPI_TOKEN_API_TOKEN }}
+        run: |
+          twine upload --repository testpypi --skip-existing --verbose dist/aws_opentelemetry_distro-${{ github.event.inputs.version }}-py3-none-any.whl
+
+      - name: Publish to PyPI
+        env:
+          TWINE_USERNAME: '__token__'
+          TWINE_PASSWORD: ${{ env.PROD_PYPI_TOKEN_API_TOKEN }}
         run: |
-          pip install --upgrade twine
-          twine upload --repository testpypi --skip-existing --verbose dist/aws_opentelemetry_distro-${{ steps.distro_version.outputs.ADOT_PYTHON_VERSION }}-py3-none-any.whl
+          twine upload --skip-existing --verbose dist/aws_opentelemetry_distro-${{ github.event.inputs.version }}-py3-none-any.whl
+
+      # The following steps publish to ECR
+
+      - name: Configure AWS credentials for private ECR
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.AWS_ROLE_ARN_ECR_RELEASE }}
+          aws-region: ${{ env.AWS_PRIVATE_ECR_REGION }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
 
-      - name: Push release image
+      - name: Log in to AWS private ECR
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.RELEASE_PRIVATE_REGISTRY }}
+
+      - name: Configure AWS credentials for public ECR
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.AWS_ROLE_ARN_ECR_RELEASE }}
+          aws-region: ${{ env.AWS_PUBLIC_ECR_REGION }}
+
+      - name: Log in to AWS private ECR
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.RELEASE_PRIVATE_REGISTRY }}
+
+      - name: Build and push images
         uses: docker/build-push-action@v5
         with:
           push: true
           context: .
           file: ./Dockerfile
           platforms: linux/amd64,linux/arm64
-          tags: ${{ env.ECR_REGISTRY }}/${{ env.PRIVATE_ECR_REPOSITORY }}:v${{ github.event.inputs.version }}
-
-#TODO: Uncomment "Publish to PyPI" after test release_build workflow.
-#      - name: Publish to PyPI
-#        env:
-#          TWINE_USERNAME: '__token__'
-#          TWINE_PASSWORD: ${{ steps.pypi_secrets.outputs.PROD_PYPI_TOKEN }}
-#        run: |
-#          twine upload --skip-existing --verbose dist/aws_opentelemetry_distro-${{ steps.distro_version.outputs.ADOT_PYTHON_VERSION }}-py3-none-any.whl
+          tags: |
+            ${{ env.RELEASE_PRIVATE_REPOSITORY }}:v${{ github.event.inputs.version }}
+            ${{ env.RELEASE_PUBLIC_REPOSITORY }}:v${{ github.event.inputs.version }}
 
       - name: Create release
         id: create_release
@@ -87,4 +128,4 @@ jobs:
              --title "Release v${{ github.event.inputs.version }}" \
              --draft \
              "v${{ github.event.inputs.version }}" \
-             dist/aws_opentelemetry_distro-${{ steps.distro_version.outputs.ADOT_PYTHON_VERSION }}-py3-none-any.whl
+             dist/aws_opentelemetry_distro-${{ github.event.inputs.version }}-py3-none-any.whl