release-step-3 #10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
# Releases the agent | |
# Renaming this file will break the AWS authentication. | |
# Contact the observablt-robots team if you need to rename this file. | |
name: 'release-step-3' | |
on: | |
workflow_dispatch: | |
inputs: | |
ref: | |
description: 'Branch or tag ref to run the workflow on' | |
required: true | |
default: "main" | |
version: | |
description: 'The version to release (e.g. 1.2.3). This workflow will automatically perform the required post-release version bumps' | |
required: true | |
skip_preparation: | |
description: | | |
If enabled, the version bump, release notes update and tag creation will be skipped. | |
Select this option if those tasks have already been done in a previous run. | |
type: boolean | |
required: true | |
default: false | |
skip_maven_deploy: | |
description: | | |
If enabled, the deployment to maven central will be skipped. | |
Select this if the deployment job for this release failed in a previous version but the release was actually published. | |
Check manually on maven central beforehand! | |
type: boolean | |
required: true | |
default: false | |
dry_run: | |
description: If set, run a dry-run release | |
default: false | |
type: boolean | |
permissions: | |
contents: read | |
concurrency: | |
group: ${{ github.workflow }} | |
env: | |
RELEASE_VERSION: ${{ inputs.version }} | |
RELEASE_VERSION_TAG: v${{ inputs.version }} | |
jobs: | |
validate-tag: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ inputs.ref }} | |
fetch-depth: 0 | |
- name: Validate tag does not exist on current commit | |
uses: ./.github/workflows/validate-tag | |
with: | |
tag: ${{ env.RELEASE_VERSION_TAG }} | |
- name: Validate tag match current maven project version | |
run: | | |
if [ "$(./mvnw -q help:evaluate -Dexpression=project.version -DforceStdout)" != "${{ env.RELEASE_VERSION }}" ]; then | |
echo "Tag should match pom.xml project.version" | |
exit 1 | |
fi | |
- name: Validate version is a release version | |
run: | | |
if [[ "$(./mvnw -q help:evaluate -Dexpression=project.version -DforceStdout)" =~ "-SNAPSHOT" ]]; then | |
echo "This is a snapshot version" | |
exit 1 | |
fi | |
maven-central-deploy: | |
name: "Deploy to Maven Central (Buildkite)" | |
if: ${{ ! inputs.skip_maven_deploy && ( inputs.skip_preparation || success() ) }} | |
runs-on: ubuntu-latest | |
needs: | |
- validate-tag | |
permissions: | |
attestations: write | |
contents: write | |
id-token: write | |
env: | |
TARBALL_FILE: artifacts.tar | |
steps: | |
- id: buildkite-run | |
continue-on-error: true | |
uses: elastic/oblt-actions/buildkite/run@v1 | |
with: | |
pipeline: "apm-agent-java-release" | |
token: ${{ secrets.BUILDKITE_TOKEN }} | |
wait-for: true | |
env-vars: | | |
dry_run=${{ inputs.dry_run || 'false' }} | |
TARBALL_FILE=${{ env.TARBALL_FILE }} | |
- uses: elastic/oblt-actions/buildkite/download-artifact@v1 | |
with: | |
build-number: ${{ steps.buildkite-run.outputs.number }} | |
path: "${{ env.TARBALL_FILE }}" | |
pipeline: ${{ steps.buildkite-run.outputs.pipeline }} | |
token: ${{ secrets.BUILDKITE_TOKEN }} | |
- name: untar the buildkite tarball | |
run: tar xvf ${{ env.TARBALL_FILE }} | |
- name: generate build provenance | |
uses: actions/attest-build-provenance@5e9cb68e95676991667494a6a4e59b8a2f13e1d0 # v1.3.3 | |
with: | |
subject-path: "${{ github.workspace }}/**/target/*.jar" | |
await-maven-central-artifact: | |
name: "Wait for artifacts to be available on maven central" | |
runs-on: ubuntu-latest | |
needs: | |
- validate-tag | |
steps: | |
- uses: elastic/apm-pipeline-library/.github/actions/await-maven-artifact@current | |
with: | |
groupid: 'co.elastic.apm' | |
artifactid: 'elastic-apm-agent' | |
version: ${{ env.RELEASE_VERSION }} | |
build-and-push-docker-images: | |
name: "Build and push docker images" | |
runs-on: ubuntu-latest | |
needs: | |
- await-maven-central-artifact | |
- create-github-release | |
env: | |
SONATYPE_FALLBACK: 1 | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: ${{ inputs.ref }} | |
fetch-depth: 0 # Load entire history as it is required for the push-script | |
- name: Log in to the Elastic Container registry | |
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 | |
with: | |
registry: ${{ secrets.ELASTIC_DOCKER_REGISTRY }} | |
username: ${{ secrets.ELASTIC_DOCKER_USERNAME }} | |
password: ${{ secrets.ELASTIC_DOCKER_PASSWORD }} | |
- name: "Build docker image" | |
shell: bash | |
run: ./scripts/docker-release/build_docker.sh "${{ env.RELEASE_VERSION }}" | |
- name: "Push docker image" | |
if: ${{ ! inputs.dry_run }} | |
shell: bash | |
run: ./scripts/docker-release/push_docker.sh "${{ env.RELEASE_VERSION }}" | |
publish-aws-lambda: | |
name: "Publish AWS Lambda" | |
permissions: | |
contents: read | |
id-token: write | |
runs-on: ubuntu-latest | |
needs: | |
- await-maven-central-artifact | |
outputs: | |
arn_content: ${{ steps.arn_output.outputs.arn_content }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: ${{ inputs.ref }} | |
- name: Build Lambda-layer zip using agent from maven-central | |
uses: ./.github/workflows/maven-goal | |
with: | |
command: ./mvnw dependency:purge-local-repository package -pl apm-agent-lambda-layer | |
- uses: elastic/oblt-actions/aws/[email protected] | |
with: | |
aws-account-id: '267093732750' | |
- name: Publish | |
if: ${{ ! inputs.dry_run }} | |
run: | | |
# Convert v1.2.3 to ver-1-2-3 | |
VERSION=${RELEASE_VERSION_TAG/v/ver-} | |
VERSION=${VERSION//./-} | |
ELASTIC_LAYER_NAME="elastic-apm-java-${VERSION}" .ci/publish-aws.sh | |
- uses: actions/upload-artifact@v4 | |
if: ${{ ! inputs.dry_run }} | |
with: | |
name: arn-file | |
path: .ci/.arn-file.md | |
- name: Add ARN file to output | |
if: ${{ ! inputs.dry_run }} | |
id: arn_output | |
run: | | |
echo 'arn_content<<ARN_CONTENT_EOF' >> $GITHUB_OUTPUT | |
cat .ci/.arn-file.md >> $GITHUB_OUTPUT | |
echo 'ARN_CONTENT_EOF' >> $GITHUB_OUTPUT | |
post-release: | |
name: "Bump versions and create PR" | |
needs: | |
- await-maven-central-artifact | |
uses: ./.github/workflows/pre-post-release.yml | |
permissions: | |
contents: write | |
if: inputs.dry_run == false | |
with: | |
ref: ${{ inputs.ref }} | |
version: ${{ inputs.version }} | |
phase: 'post' | |
pr_title: "[release] release-step-5 ${{ inputs.version }}" | |
pr_body: "Step 5 of the release process for version ${{ inputs.version }}: review & merge" | |
secrets: inherit | |
update-major-branch: | |
name: "Update Major Branch" | |
runs-on: ubuntu-latest | |
needs: | |
- post-release | |
permissions: | |
contents: write | |
env: | |
GITHUB_TOKEN: ${{ secrets.RELEASE_GITHUB_TOKEN }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: ${{ inputs.ref }} | |
token: ${{ env.GITHUB_TOKEN }} | |
- uses: elastic/oblt-actions/git/setup@v1 | |
- name: Update major branch | |
if: ${{ ! inputs.dry_run }} | |
run: .ci/release/update-major-branch.sh ${{ env.RELEASE_VERSION }} | |
create-github-release: | |
name: "Create GitHub Release" | |
needs: | |
- publish-aws-lambda | |
- update-major-branch | |
runs-on: ubuntu-latest | |
if: ${{ ! inputs.dry_run }} | |
permissions: | |
contents: write | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: ${{ inputs.ref }} | |
- name: Await release-notes published | |
shell: bash | |
timeout-minutes: 120 | |
run: | | |
until .ci/release/wait_release_notes_published.sh ${{ env.RELEASE_VERSION }} | |
do | |
echo "Release notes not published yet. Sleeping 30 seconds, retrying afterwards" | |
sleep 30s | |
done | |
- name: Compute major.x branch | |
id: get_dotx_branch | |
run: echo "dotx_branch=$(echo '${{ env.RELEASE_VERSION }}' | sed -E 's/\..+/.x/')" >> $GITHUB_OUTPUT | |
- name: Create GitHub Release | |
env: | |
GH_TOKEN: ${{ github.token }} | |
run: | | |
gh release create ${{ env.RELEASE_VERSION_TAG }} \ | |
--title="Release ${{ env.RELEASE_VERSION }}" \ | |
--notes="[Release Notes for ${{ env.RELEASE_VERSION }}](https://www.elastic.co/guide/en/apm/agent/java/current/release-notes-${{ steps.get_dotx_branch.outputs.dotx_branch }}.html#release-notes-${{ env.RELEASE_VERSION }}) | |
${{ needs.publish-aws-lambda.outputs.arn_content }}" | |
notify: | |
if: ${{ always() && ! inputs.dry_run }} | |
needs: | |
- maven-central-deploy | |
- await-maven-central-artifact | |
- update-major-branch | |
- build-and-push-docker-images | |
- publish-aws-lambda | |
- post-release | |
- create-github-release | |
runs-on: ubuntu-latest | |
steps: | |
- id: check | |
uses: elastic/apm-pipeline-library/.github/actions/check-dependent-jobs@current | |
with: | |
needs: ${{ toJSON(needs) }} | |
- uses: elastic/oblt-actions/slack/notify-result@v1 | |
with: | |
bot-token: ${{ secrets.SLACK_BOT_TOKEN }} | |
channel-id: "#apm-agent-java" | |
status: ${{ steps.check.outputs.status }} |