diff --git a/.github/workflows/release_build.yml b/.github/workflows/release_build.yml index fd8d35e1f..90202f53a 100644 --- a/.github/workflows/release_build.yml +++ b/.github/workflows/release_build.yml @@ -1,4 +1,3 @@ -#This Release Build workflow is not fully ready yet, will be tested as Beta release when it is ready. name: Release Build on: workflow_dispatch: @@ -9,8 +8,12 @@ on: env: AWS_DEFAULT_REGION: us-east-1 - ECR_REGISTRY: 637423224110.dkr.ecr.us-east-1.amazonaws.com - PRIVATE_ECR_REPOSITORY: eks/observability/adot-autoinstrumentation-python + AWS_PUBLIC_ECR_REGION: us-east-1 + AWS_PRIVATE_ECR_REGION: us-west-2 + RELEASE_PUBLIC_REPOSITORY: public.ecr.aws/aws-observability/adot-autoinstrumentation-python + RELEASE_PRIVATE_REPOSITORY: 020628701572.dkr.ecr.us-west-2.amazonaws.com/adot-autoinstrumentation-python + RELEASE_PRIVATE_REGISTRY: 020628701572.dkr.ecr.us-west-2.amazonaws.com + PACKAGE_NAME: aws-opentelemetry-distro permissions: id-token: write @@ -23,60 +26,98 @@ jobs: - name: Checkout Contrib Repo @ SHA - ${{ github.sha }} uses: actions/checkout@v4 - - name: Build Wheel and Image Files - uses: ./.github/actions/artifacts_build + - name: Set up + uses: ./.github/actions/set_up with: - aws-region: ${{ env.AWS_DEFAULT_REGION }} - image_uri_with_tag: ${{ env.ECR_REGISTRY }}/${{ env.PRIVATE_ECR_REPOSITORY }}:v${{ github.event.inputs.version }} - image_registry: ${{ env.ECR_REGISTRY }} - snapshot-ecr-role: ${{ secrets.AWS_ASSUME_ROLE_ARN }} - push_image: false - load_image: false python_version: "3.10" - package_name: aws-opentelemetry-distro + package_name: ${{ env.PACKAGE_NAME }} os: ubuntu-latest + run_unit_tests: true + + # TODO: Add some sort of smoke/integration testing before we go + # release the artifacts. adot java for reference: + # https://github.com/aws-observability/aws-otel-java-instrumentation/tree/93870a550ac30988fbdd5d3bf1e8f9f1b37916f5/smoke-tests + + - name: Install Dependencies and Build Wheel + id: wheel_build + shell: bash + run: | + pip install --upgrade pip setuptools wheel packaging build twine + rm -rf ./dist/* + cd ./aws-opentelemetry-distro + python -m build --outdir ../dist - - name: Get PyPI secrets by name and ARN + - name: Configure AWS credentials for PyPI publish + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_ROLE_ARN_PYPI_RELEASE }} + aws-region: ${{ env.AWS_DEFAULT_REGION }} + + - name: Get PyPI secrets uses: aws-actions/aws-secretsmanager-get-secrets@v1 id: pypi_secrets with: secret-ids: | - PROD_PYPI_TOKEN,arn:aws:secretsmanager:us-east-1:637423224110:secret:prod/PyPI/apiToken-W2a9ny - TEST_PYPI_TOKEN,arn:aws:secretsmanager:us-east-1:637423224110:secret:test/PyPI/apiToken-z5iqc6 - - - name: Export distro version - id: distro_version - shell: bash - run: | - pkg_version=$(grep '__version__' ./aws-opentelemetry-distro/src/amazon/opentelemetry/distro/version.py | awk -F '"' '{print $2}') - echo "ADOT_PYTHON_VERSION=$pkg_version" >> $GITHUB_OUTPUT + PROD_PYPI_TOKEN,${{ secrets.PYPI_PROD_TOKEN_SECRET_ARN }} + TEST_PYPI_TOKEN,${{ secrets.PYPI_TEST_TOKEN_SECRET_ARN }} + parse-json-secrets: true # The step below publishes to testpypi in order to catch any issues # with the package configuration that would cause a failure to upload to pypi. - name: Publish to TestPyPI env: TWINE_USERNAME: '__token__' - TWINE_PASSWORD: ${{ steps.pypi_secrets.outputs.TEST_PYPI_TOKEN }} + TWINE_PASSWORD: ${{ env.TEST_PYPI_TOKEN_API_TOKEN }} + run: | + twine upload --repository testpypi --skip-existing --verbose dist/aws_opentelemetry_distro-${{ github.event.inputs.version }}-py3-none-any.whl + + - name: Publish to PyPI + env: + TWINE_USERNAME: '__token__' + TWINE_PASSWORD: ${{ env.PROD_PYPI_TOKEN_API_TOKEN }} run: | - pip install --upgrade twine - twine upload --repository testpypi --skip-existing --verbose dist/aws_opentelemetry_distro-${{ steps.distro_version.outputs.ADOT_PYTHON_VERSION }}-py3-none-any.whl + twine upload --skip-existing --verbose dist/aws_opentelemetry_distro-${{ github.event.inputs.version }}-py3-none-any.whl + + # The following steps publish to ECR + + - name: Configure AWS credentials for private ECR + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_ROLE_ARN_ECR_RELEASE }} + aws-region: ${{ env.AWS_PRIVATE_ECR_REGION }} + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 - - name: Push release image + - name: Log in to AWS private ECR + uses: docker/login-action@v3 + with: + registry: ${{ env.RELEASE_PRIVATE_REGISTRY }} + + - name: Configure AWS credentials for public ECR + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_ROLE_ARN_ECR_RELEASE }} + aws-region: ${{ env.AWS_PUBLIC_ECR_REGION }} + + - name: Log in to AWS private ECR + uses: docker/login-action@v3 + with: + registry: ${{ env.RELEASE_PRIVATE_REGISTRY }} + + - name: Build and push images uses: docker/build-push-action@v5 with: push: true context: . file: ./Dockerfile platforms: linux/amd64,linux/arm64 - tags: ${{ env.ECR_REGISTRY }}/${{ env.PRIVATE_ECR_REPOSITORY }}:v${{ github.event.inputs.version }} - -#TODO: Uncomment "Publish to PyPI" after test release_build workflow. -# - name: Publish to PyPI -# env: -# TWINE_USERNAME: '__token__' -# TWINE_PASSWORD: ${{ steps.pypi_secrets.outputs.PROD_PYPI_TOKEN }} -# run: | -# twine upload --skip-existing --verbose dist/aws_opentelemetry_distro-${{ steps.distro_version.outputs.ADOT_PYTHON_VERSION }}-py3-none-any.whl + tags: | + ${{ env.RELEASE_PRIVATE_REPOSITORY }}:v${{ github.event.inputs.version }} + ${{ env.RELEASE_PUBLIC_REPOSITORY }}:v${{ github.event.inputs.version }} - name: Create release id: create_release @@ -87,4 +128,4 @@ jobs: --title "Release v${{ github.event.inputs.version }}" \ --draft \ "v${{ github.event.inputs.version }}" \ - dist/aws_opentelemetry_distro-${{ steps.distro_version.outputs.ADOT_PYTHON_VERSION }}-py3-none-any.whl + dist/aws_opentelemetry_distro-${{ github.event.inputs.version }}-py3-none-any.whl