release 4.7.0 (#4083) #126

Summary
Jobs
- release
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/release.yml at a475892

	name: release

	on:
	push:
	tags:
	- v..*
	branches:
	- main

	permissions:
	attestations: write
	contents: write
	id-token: write
	pull-requests: read

	jobs:
	release:
	runs-on: ubuntu-latest
	env:
	DOCKER_IMAGE_NAME: docker.elastic.co/observability/apm-agent-nodejs
	# TODO: use keyless
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- uses: actions/setup-node@v4
	with:
	node-version: 'v16.20.2'

	# Setup a Docker "buildx" builder container, used by "build-push-action"
	# below for multi-platform image builds. Notes on multi-platform images:
	# https://github.com/elastic/apm-agent-nodejs/issues/4038#issuecomment-2130406402
	- uses: docker/setup-buildx-action@v3

	- name: Log in to the Elastic Container registry
	uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
	with:
	registry: ${{ secrets.ELASTIC_DOCKER_REGISTRY }}
	username: ${{ secrets.ELASTIC_DOCKER_USERNAME }}
	password: ${{ secrets.ELASTIC_DOCKER_PASSWORD }}

	- run: make -C .ci env

	- run: make -C .ci dist

	- name: Attest Lambda layer zip
	uses: actions/attest-build-provenance@49df96e17e918a15956db358890b08e61c704919 # v1.2.0
	with:
	subject-path: "${{ github.workspace }}/build/aws/elastic-apm-node-lambda-layer-*.zip"

	- name: Extract metadata (tags, labels)
	id: docker-meta
	uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
	with:
	images: ${{ env.DOCKER_IMAGE_NAME }}
	flavor: \|
	latest=auto
	tags: \|
	# "1.2.3" and "latest" Docker tags on push of git tag "v1.2.3"
	type=semver,pattern={{version}}
	# "edge" Docker tag on git push to default branch
	type=edge

	- name: Build and Push Docker Image
	id: docker-push
	uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
	with:
	context: .
	platforms: linux/amd64,linux/arm64
	file: 'Dockerfile'
	push: true
	tags: ${{ steps.docker-meta.outputs.tags }}
	labels: ${{ steps.docker-meta.outputs.labels }}
	build-args: \|
	AGENT_DIR=/build/dist/nodejs

	- name: Attest Docker image
	uses: actions/attest-build-provenance@49df96e17e918a15956db358890b08e61c704919 # v1.2.0
	with:
	subject-name: "${{ env.DOCKER_IMAGE_NAME }}"
	subject-digest: ${{ steps.docker-push.outputs.digest }}
	push-to-registry: true

	- name: Extract metadata (tags, labels) (wolfi)
	id: docker-meta-wolfi
	uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
	with:
	images: ${{ env.DOCKER_IMAGE_NAME }}
	flavor: \|
	latest=auto
	suffix=-wolfi
	tags: \|
	# "1.2.3" and "latest" Docker tags on push of git tag "v1.2.3"
	type=semver,pattern={{version}}
	# "edge" Docker tag on git push to default branch
	type=edge

	- name: Build and Push Docker Image (wolfi)
	id: docker-push-wolfi
	uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
	with:
	context: .
	platforms: linux/amd64,linux/arm64
	file: 'Dockerfile.wolfi'
	push: true
	tags: ${{ steps.docker-meta-wolfi.outputs.tags }}
	labels: ${{ steps.docker-meta-wolfi.outputs.labels }}
	build-args: \|
	AGENT_DIR=/build/dist/nodejs

	- name: Attest Docker image (wolfi)
	uses: actions/attest-build-provenance@49df96e17e918a15956db358890b08e61c704919 # v1.2.0
	with:
	subject-name: "${{ env.DOCKER_IMAGE_NAME }}"
	subject-digest: ${{ steps.docker-push-wolfi.outputs.digest }}
	push-to-registry: true

	- name: Publish AWS lambda (only for tag release)
	if: startsWith(github.ref, 'refs/tags')
	run: make -C .ci publish-in-all-aws-regions create-arn-file
	env:
	GH_TOKEN: ${{ github.token }}

	- name: create github release (only for tag release)
	run: make -C .ci github-release
	if: startsWith(github.ref, 'refs/tags')
	env:
	GH_TOKEN: ${{ github.token }}

	- name: Read NPM vault secrets
	uses: hashicorp/[email protected]
	with:
	url: ${{ secrets.VAULT_ADDR }}
	method: approle
	roleId: ${{ secrets.VAULT_ROLE_ID }}
	secretId: ${{ secrets.VAULT_SECRET_ID }}
	secrets: \|
	secret/jenkins-ci/npmjs/elasticmachine token \| NPMJS_TOKEN ;
	totp/code/npmjs-elasticmachine code \| TOTP_CODE

	- name: npm publish (only for tag release)
	if: startsWith(github.ref, 'refs/tags')
	run: \|-
	echo "//registry.npmjs.org/:_authToken=${{ env.NPMJS_TOKEN }}" > .npmrc
	npm publish --otp=${{ env.TOTP_CODE }} --provenance

	- if: ${{ always() && startsWith(github.ref, 'refs/tags') }}
	uses: elastic/oblt-actions/slack/notify-result@v1
	with:
	bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
	channel-id: "#apm-agent-node"
	message: '[${{ github.repository }}] Release ${{ github.ref_name }}'

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

release 4.7.0 (#4083) #126

Workflow file

release 4.7.0 (#4083) #126

Jobs

Run details

Workflow file for this run