Skip to content

release-step-3

release-step-3 #10

---
# Releases the agent
# Renaming this file will break the AWS authentication.
# Contact the observablt-robots team if you need to rename this file.
name: 'release-step-3'
on:
workflow_dispatch:
inputs:
ref:
description: 'Branch or tag ref to run the workflow on'
required: true
default: "main"
version:
description: 'The version to release (e.g. 1.2.3). This workflow will automatically perform the required post-release version bumps'
required: true
skip_preparation:
description: |
If enabled, the version bump, release notes update and tag creation will be skipped.
Select this option if those tasks have already been done in a previous run.
type: boolean
required: true
default: false
skip_maven_deploy:
description: |
If enabled, the deployment to maven central will be skipped.
Select this if the deployment job for this release failed in a previous version but the release was actually published.
Check manually on maven central beforehand!
type: boolean
required: true
default: false
dry_run:
description: If set, run a dry-run release
default: false
type: boolean
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}
env:
RELEASE_VERSION: ${{ inputs.version }}
RELEASE_VERSION_TAG: v${{ inputs.version }}
jobs:
validate-tag:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ inputs.ref }}
fetch-depth: 0
- name: Validate tag does not exist on current commit
uses: ./.github/workflows/validate-tag
with:
tag: ${{ env.RELEASE_VERSION_TAG }}
- name: Validate tag match current maven project version
run: |
if [ "$(./mvnw -q help:evaluate -Dexpression=project.version -DforceStdout)" != "${{ env.RELEASE_VERSION }}" ]; then
echo "Tag should match pom.xml project.version"
exit 1
fi
- name: Validate version is a release version
run: |
if [[ "$(./mvnw -q help:evaluate -Dexpression=project.version -DforceStdout)" =~ "-SNAPSHOT" ]]; then
echo "This is a snapshot version"
exit 1
fi
maven-central-deploy:
name: "Deploy to Maven Central (Buildkite)"
if: ${{ ! inputs.skip_maven_deploy && ( inputs.skip_preparation || success() ) }}
runs-on: ubuntu-latest
needs:
- validate-tag
permissions:
attestations: write
contents: write
id-token: write
env:
TARBALL_FILE: artifacts.tar
steps:
- id: buildkite-run
continue-on-error: true
uses: elastic/oblt-actions/buildkite/run@v1
with:
pipeline: "apm-agent-java-release"
token: ${{ secrets.BUILDKITE_TOKEN }}
wait-for: true
env-vars: |
dry_run=${{ inputs.dry_run || 'false' }}
TARBALL_FILE=${{ env.TARBALL_FILE }}
- uses: elastic/oblt-actions/buildkite/download-artifact@v1
with:
build-number: ${{ steps.buildkite-run.outputs.number }}
path: "${{ env.TARBALL_FILE }}"
pipeline: ${{ steps.buildkite-run.outputs.pipeline }}
token: ${{ secrets.BUILDKITE_TOKEN }}
- name: untar the buildkite tarball
run: tar xvf ${{ env.TARBALL_FILE }}
- name: generate build provenance
uses: actions/attest-build-provenance@5e9cb68e95676991667494a6a4e59b8a2f13e1d0 # v1.3.3
with:
subject-path: "${{ github.workspace }}/**/target/*.jar"
await-maven-central-artifact:
name: "Wait for artifacts to be available on maven central"
runs-on: ubuntu-latest
needs:
- validate-tag
steps:
- uses: elastic/apm-pipeline-library/.github/actions/await-maven-artifact@current
with:
groupid: 'co.elastic.apm'
artifactid: 'elastic-apm-agent'
version: ${{ env.RELEASE_VERSION }}
build-and-push-docker-images:
name: "Build and push docker images"
runs-on: ubuntu-latest
needs:
- await-maven-central-artifact
- create-github-release
env:
SONATYPE_FALLBACK: 1
steps:
- uses: actions/checkout@v4
with:
ref: ${{ inputs.ref }}
fetch-depth: 0 # Load entire history as it is required for the push-script
- name: Log in to the Elastic Container registry
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
with:
registry: ${{ secrets.ELASTIC_DOCKER_REGISTRY }}
username: ${{ secrets.ELASTIC_DOCKER_USERNAME }}
password: ${{ secrets.ELASTIC_DOCKER_PASSWORD }}
- name: "Build docker image"
shell: bash
run: ./scripts/docker-release/build_docker.sh "${{ env.RELEASE_VERSION }}"
- name: "Push docker image"
if: ${{ ! inputs.dry_run }}
shell: bash
run: ./scripts/docker-release/push_docker.sh "${{ env.RELEASE_VERSION }}"
publish-aws-lambda:
name: "Publish AWS Lambda"
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
needs:
- await-maven-central-artifact
outputs:
arn_content: ${{ steps.arn_output.outputs.arn_content }}
steps:
- uses: actions/checkout@v4
with:
ref: ${{ inputs.ref }}
- name: Build Lambda-layer zip using agent from maven-central
uses: ./.github/workflows/maven-goal
with:
command: ./mvnw dependency:purge-local-repository package -pl apm-agent-lambda-layer
- uses: elastic/oblt-actions/aws/[email protected]
with:
aws-account-id: '267093732750'
- name: Publish
if: ${{ ! inputs.dry_run }}
run: |
# Convert v1.2.3 to ver-1-2-3
VERSION=${RELEASE_VERSION_TAG/v/ver-}
VERSION=${VERSION//./-}
ELASTIC_LAYER_NAME="elastic-apm-java-${VERSION}" .ci/publish-aws.sh
- uses: actions/upload-artifact@v4
if: ${{ ! inputs.dry_run }}
with:
name: arn-file
path: .ci/.arn-file.md
- name: Add ARN file to output
if: ${{ ! inputs.dry_run }}
id: arn_output
run: |
echo 'arn_content<<ARN_CONTENT_EOF' >> $GITHUB_OUTPUT
cat .ci/.arn-file.md >> $GITHUB_OUTPUT
echo 'ARN_CONTENT_EOF' >> $GITHUB_OUTPUT
post-release:
name: "Bump versions and create PR"
needs:
- await-maven-central-artifact
uses: ./.github/workflows/pre-post-release.yml
permissions:
contents: write
if: inputs.dry_run == false
with:
ref: ${{ inputs.ref }}
version: ${{ inputs.version }}
phase: 'post'
pr_title: "[release] release-step-5 ${{ inputs.version }}"
pr_body: "Step 5 of the release process for version ${{ inputs.version }}: review & merge"
secrets: inherit
update-major-branch:
name: "Update Major Branch"
runs-on: ubuntu-latest
needs:
- post-release
permissions:
contents: write
env:
GITHUB_TOKEN: ${{ secrets.RELEASE_GITHUB_TOKEN }}
steps:
- uses: actions/checkout@v4
with:
ref: ${{ inputs.ref }}
token: ${{ env.GITHUB_TOKEN }}
- uses: elastic/oblt-actions/git/setup@v1
- name: Update major branch
if: ${{ ! inputs.dry_run }}
run: .ci/release/update-major-branch.sh ${{ env.RELEASE_VERSION }}
create-github-release:
name: "Create GitHub Release"
needs:
- publish-aws-lambda
- update-major-branch
runs-on: ubuntu-latest
if: ${{ ! inputs.dry_run }}
permissions:
contents: write
steps:
- uses: actions/checkout@v4
with:
ref: ${{ inputs.ref }}
- name: Await release-notes published
shell: bash
timeout-minutes: 120
run: |
until .ci/release/wait_release_notes_published.sh ${{ env.RELEASE_VERSION }}
do
echo "Release notes not published yet. Sleeping 30 seconds, retrying afterwards"
sleep 30s
done
- name: Compute major.x branch
id: get_dotx_branch
run: echo "dotx_branch=$(echo '${{ env.RELEASE_VERSION }}' | sed -E 's/\..+/.x/')" >> $GITHUB_OUTPUT
- name: Create GitHub Release
env:
GH_TOKEN: ${{ github.token }}
run: |
gh release create ${{ env.RELEASE_VERSION_TAG }} \
--title="Release ${{ env.RELEASE_VERSION }}" \
--notes="[Release Notes for ${{ env.RELEASE_VERSION }}](https://www.elastic.co/guide/en/apm/agent/java/current/release-notes-${{ steps.get_dotx_branch.outputs.dotx_branch }}.html#release-notes-${{ env.RELEASE_VERSION }})
${{ needs.publish-aws-lambda.outputs.arn_content }}"
notify:
if: ${{ always() && ! inputs.dry_run }}
needs:
- maven-central-deploy
- await-maven-central-artifact
- update-major-branch
- build-and-push-docker-images
- publish-aws-lambda
- post-release
- create-github-release
runs-on: ubuntu-latest
steps:
- id: check
uses: elastic/apm-pipeline-library/.github/actions/check-dependent-jobs@current
with:
needs: ${{ toJSON(needs) }}
- uses: elastic/oblt-actions/slack/notify-result@v1
with:
bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
channel-id: "#apm-agent-java"
status: ${{ steps.check.outputs.status }}