Merge branch 'main' into feat/chainguard-image

elastic · Jun 6, 2024 · e4cec7e · e4cec7e
2 parents b99dfcb + 8a6e296
commit e4cec7e
Show file tree

Hide file tree

Showing 30 changed files with 382 additions and 379 deletions.
diff --git a/.buildkite/scripts/dra.sh b/.buildkite/scripts/dra.sh
@@ -82,7 +82,19 @@ dra() {
       --commit $BUILDKITE_COMMIT \
       --workflow $workflow \
       --artifact-set main \
-      --version $VERSION
+      --version $VERSION | tee rm-output.txt
+
+  # Create Buildkite annotation similarly done in Beats:
+  # https://github.com/elastic/beats/blob/90f9e8f6e48e76a83331f64f6c8c633ae6b31661/.buildkite/scripts/dra.sh#L74-L81
+  if [[ "$command" == "collect" ]]; then
+    # extract the summary URL from a release manager output line like:
+    # Report summary-18.22.0.html can be found at https://artifacts-staging.elastic.co/apm-server/18.22.0-ABCDEFGH/summary-18.22.0.html
+    SUMMARY_URL=$(grep -E '^Report summary-.* can be found at ' rm-output.txt | grep -oP 'https://\S+' | awk '{print $1}')
+    rm rm-output.txt
+
+    # and make it easily clickable as a Builkite annotation
+    printf "**${workflow} summary link:** [${SUMMARY_URL}](${SUMMARY_URL})\n" | buildkite-agent annotate --style=success --append
+  fi
 }
 
 dra "snapshot" "$dra_command"

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -11,8 +11,6 @@ updates:
       otel:
         patterns:
         - "go.opentelemetry.io/*"
-      jaeger:
-        patterns:
         - "github.com/jaegertracing/jaeger"
         - "github.com/open-telemetry/opentelemetry-collector-contrib/pkg/translator/jaeger"
       spf13:
@@ -29,6 +27,19 @@ updates:
     directory: "tools/"
     schedule:
       interval: "weekly"
+    groups:
+      dependencies:
+        patterns:
+          - "*"
+  # go systemtest
+  - package-ecosystem: "gomod"
+    directory: "systemtest/"
+    schedule:
+      interval: "weekly"
+    groups:
+      dependencies:
+        patterns:
+          - "*"
 
   # GitHub actions
   - package-ecosystem: "github-actions"

diff --git a/.github/workflows/benchmarks.yml b/.github/workflows/benchmarks.yml
@@ -93,13 +93,13 @@ jobs:
             ${{ env.KIBANA_CREDENTIALS_PATH }} kibana_url | KIBANA_ENDPOINT ;
             ${{ env.KIBANA_CREDENTIALS_PATH }} kibana_dashboard_url | KIBANA_DASHBOARD_URL ;
 
-      - uses: elastic/apm-pipeline-library/.github/actions/docker-login@main
+      - name: Log in to the Elastic Container registry
+        uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
         with:
-          registry: docker.elastic.co
-          secret: secret/observability-team/ci/docker-registry/prod
-          url: ${{ secrets.VAULT_ADDR }}
-          roleId: ${{ secrets.VAULT_ROLE_ID }}
-          secretId: ${{ secrets.VAULT_SECRET_ID }}
+          registry: ${{ secrets.ELASTIC_DOCKER_REGISTRY }}
+          username: ${{ secrets.ELASTIC_DOCKER_USERNAME }}
+          password: ${{ secrets.ELASTIC_DOCKER_PASSWORD }}
+
       - uses: hashicorp/setup-terraform@v3
         with:
           terraform_version: 1.3.7
@@ -166,23 +166,20 @@ jobs:
 
       # Notify failure to Slack only on schedule (nightly run)
       - if: failure() && github.event_name == 'schedule'
-        uses: elastic/apm-pipeline-library/.github/actions/notify-build-status@current
+        uses: elastic/oblt-actions/slack/notify-[email protected]
         with:
+          bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
+          channel-id: "#apm-server"
           message: |
             Nightly APM Server benchmarks failed! SDH Duty assignee, please have a look and follow this <https://github.com/elastic/observability-dev/blob/main/docs/apm/apm-server/runbooks/benchmarks.md|Runbook>!
-          vaultUrl: ${{ secrets.VAULT_ADDR }}
-          vaultRoleId: ${{ secrets.VAULT_ROLE_ID }}
-          vaultSecretId: ${{ secrets.VAULT_SECRET_ID }}
-          slackChannel: '#apm-server'
 
       # Notify result to Slack only on schedule (nightly run)
       - if: github.event_name == 'schedule'
-        uses: elastic/apm-pipeline-library/.github/actions/slack-message@current
+        uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0
+        env:
+          SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
         with:
-          url: ${{ secrets.VAULT_ADDR }}
-          roleId: ${{ secrets.VAULT_ROLE_ID }}
-          secretId: ${{ secrets.VAULT_SECRET_ID }}
-          channel: '#apm-server'
+          channel-id: "#apm-server"
           payload: |
             {
                 "blocks": [

diff --git a/.github/workflows/bump-elastic-stack.yml b/.github/workflows/bump-elastic-stack.yml
@@ -30,15 +30,15 @@ jobs:
         with:
           ref: ${{ matrix.branch }}
 
-      - uses: elastic/oblt-actions/updatecli/run@v1.2.0
+      - uses: elastic/oblt-actions/updatecli/run@v1.8.1
         with:
           command: --experimental apply --config .ci/bump-elastic-stack-snapshot.yml
         env:
           BRANCH: ${{ matrix.branch }}
           GITHUB_TOKEN: ${{ secrets.UPDATECLI_GH_TOKEN }}
 
       - if: ${{ failure()  }}
-        uses: elastic/oblt-actions/slack/send@v1.2.0
+        uses: elastic/oblt-actions/slack/send@v1.8.1
         with:
           channel-id: '#apm-server'
           message: ":traffic_cone: updatecli failed for `${{ github.repository }}@${{ github.ref_name }}`, @robots-ci please look what's going on <https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}|here>"

diff --git a/.github/workflows/bump-golang.yml b/.github/workflows/bump-golang.yml
@@ -16,14 +16,14 @@ jobs:
 
       - uses: actions/checkout@v4
 
-      - uses: elastic/oblt-actions/updatecli/run@v1.2.0
+      - uses: elastic/oblt-actions/updatecli/run@v1.8.1
         with:
           command: --experimental apply --config .ci/bump-golang.yml
         env:
           GITHUB_TOKEN: ${{ secrets.UPDATECLI_GH_TOKEN }}
 
       - if: ${{ failure() }}
-        uses: elastic/oblt-actions/slack/send@v1.2.0
+        uses: elastic/oblt-actions/slack/send@v1.8.1
         with:
           bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
           channel-id: "#apm-server"

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -92,7 +92,8 @@ jobs:
 
   test-package-and-push:
     runs-on: ubuntu-latest
-    if: github.event_name != 'pull_request' || (github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork == false)
+    # If no PR event or if a PR event that's caused by a non-fork and non dependabot actor
+    if: github.event_name != 'pull_request' || ( github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork == false && github.actor != 'dependabot[bot]' )
     env:
       GENERATE_CHAINGUARD_IMAGES: true
     steps:
@@ -101,13 +102,12 @@ jobs:
         with:
           go-version-file: go.mod
           cache: false
-      - uses: elastic/apm-pipeline-library/.github/actions/docker-login@current
+      - name: Log in to the Elastic Container registry
+        uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
         with:
-          registry: docker.elastic.co
-          secret: secret/observability-team/ci/docker-registry/prod
-          url: ${{ secrets.VAULT_ADDR }}
-          roleId: ${{ secrets.VAULT_ROLE_ID }}
-          secretId: ${{ secrets.VAULT_SECRET_ID }}
+          registry: ${{ secrets.ELASTIC_DOCKER_REGISTRY }}
+          username: ${{ secrets.ELASTIC_DOCKER_USERNAME }}
+          password: ${{ secrets.ELASTIC_DOCKER_PASSWORD }}
       - run: make package-snapshot
         env:
           GH_TOKEN: ${{ github.token }}

diff --git a/.github/workflows/microbenchmark.yml b/.github/workflows/microbenchmark.yml
@@ -22,7 +22,7 @@ jobs:
     timeout-minutes: 5
     steps:
       - name: Run buildkite pipeline
-        uses: elastic/oblt-actions/buildkite/run@v1.4.0
+        uses: elastic/oblt-actions/buildkite/run@v1.8.1
         with:
           token: ${{ secrets.BUILDKITE_TOKEN }}
           pipeline: apm-agent-microbenchmark

diff --git a/.github/workflows/prepare-release/action.yml b/.github/workflows/prepare-release/action.yml
@@ -3,21 +3,15 @@ name: prepare-release
 description: Common tasks for preparing minor and patch releases
 
 inputs:
+  slack-bot-token:
+    description: 'The slack bot token'
+    required: true
   type:
     description: 'Release type (minor or patch)'
     required: true
   version:
     description: 'The version'
     required: true
-  vault-url:
-    description: 'Vault URL'
-    required: true
-  vault-role-id:
-    description: 'Vault role ID'
-    required: true
-  vault-secret-id:
-    description: 'Vault secret ID'
-    required: true
 
 outputs:
   release-branch:
@@ -28,19 +22,17 @@ outputs:
     value: ${{ steps.generate.outputs.release-version }}
   slack-thread:
     description: "Slack thread id"
-    value: ${{ steps.slack-thread.outputs.threadTimestamp }}
+    value: ${{ steps.slack-thread.outputs.thread-timestamp }}
 
 runs:
   using: "composite"
   steps:
     - name: Send slack message when started
       id: slack-thread
-      uses: elastic/apm-pipeline-library/.github/actions/slack-message@current
+      uses: elastic/oblt-actions/slack/[email protected]
       with:
-        url: ${{ inputs.vault-url }}
-        roleId: ${{ inputs.vault-role-id }}
-        secretId: ${{ inputs.vault-secret-id }}
-        channel: ${{ env.SLACK_CHANNEL }}
+        bot-token: ${{ inputs.slack-bot-token }}
+        channel-id: ${{ env.SLACK_CHANNEL }}
         message: ":wave: This is the thread for the ${{ inputs.type }} release `${{ github.repository }}@${{ env.VERSION }}`. (<${{ env.JOB_URL }}|workflow run>)"
       env:
         VERSION: ${{ inputs.version }}
@@ -93,17 +85,15 @@ runs:
       env:
         TAG: 'refs/tags/v${{ steps.generate.outputs.release-version }}'
 
-    - uses: elastic/apm-pipeline-library/.github/actions/slack-message@current
-      if: failure()
+    - if: failure()
+      uses: elastic/oblt-actions/slack/[email protected]
       with:
-        url: ${{ inputs.vault-url }}
-        roleId: ${{ inputs.vault-role-id }}
-        secretId: ${{ inputs.vault-secret-id }}
-        channel: ${{ env.SLACK_CHANNEL }}
-        threadTimestamp: ${{ steps.slack-thread.outputs.threadTimestamp || '' }}
+        bot-token: ${{ inputs.slack-bot-token }}
+        channel-id: ${{ env.SLACK_CHANNEL }}
         message: |-
           :fire: Something went wrong with the ${{ inputs.type }} release preparation. It failed with the below error message:
           `${{ env.FAILURE_MESSAGE }}`.
           See <${{ env.JOB_URL }}|logs>.
+        thread-timestamp: ${{ steps.slack-thread.outputs.thread-timestamp || '' }}
       env:
         JOB_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
diff --git a/.github/workflows/run-minor-release.yml b/.github/workflows/run-minor-release.yml
@@ -33,9 +33,7 @@ jobs:
       - id: prepare
         uses: ./.github/workflows/prepare-release
         with:
-          vault-url: ${{ secrets.VAULT_ADDR }}
-          vault-role-id: ${{ secrets.VAULT_ROLE_ID }}
-          vault-secret-id: ${{ secrets.VAULT_SECRET_ID }}
+          slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
           version: ${{ inputs.version }}
           type: 'minor'
 
@@ -49,16 +47,14 @@ jobs:
       contents: write
     steps:
 
-      - uses: elastic/apm-pipeline-library/.github/actions/slack-message@current
+      - uses: elastic/oblt-actions/slack/[email protected]
         with:
-          url: ${{ secrets.VAULT_ADDR }}
-          roleId: ${{ secrets.VAULT_ROLE_ID }}
-          secretId: ${{ secrets.VAULT_SECRET_ID }}
-          channel: ${{ env.SLACK_CHANNEL }}
-          threadTimestamp: ${{ needs.prepare.outputs.slack-thread || '' }}
+          bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
+          channel-id: ${{ env.SLACK_CHANNEL }}
           message: |-
             Feature freeze for `${{ github.repository }}@${{ env.RELEASE_VERSION }}` just started.
             The `${{ github.repository }}@${{ env.RELEASE_BRANCH }}` branch will be created Today.
+          thread-timestamp: ${{ needs.prepare.outputs.slack-thread || '' }}
 
       - uses: actions/checkout@v4
         with:
@@ -83,25 +79,21 @@ jobs:
 
       - run: make minor-release
 
-      - uses: elastic/apm-pipeline-library/.github/actions/slack-message@current
-        if: success()
+      - if: success()
+        uses: elastic/oblt-actions/slack/[email protected]
         with:
-          url: ${{ secrets.VAULT_ADDR }}
-          roleId: ${{ secrets.VAULT_ROLE_ID }}
-          secretId: ${{ secrets.VAULT_SECRET_ID }}
-          channel: ${{ env.SLACK_CHANNEL }}
-          threadTimestamp: ${{ needs.prepare.outputs.slack-thread || '' }}
+          bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
+          channel-id: ${{ env.SLACK_CHANNEL }}
           message: |-
             `${{ github.repository }}@${{ env.RELEASE_BRANCH }}` is now available.
             The docs and other references are updated. You can start using it.
+          thread-timestamp: ${{ needs.prepare.outputs.slack-thread || '' }}
 
-      - uses: elastic/apm-pipeline-library/.github/actions/slack-message@current
-        if: failure()
+      - if: failure()
+        uses: elastic/oblt-actions/slack/[email protected]
         with:
-          url: ${{ secrets.VAULT_ADDR }}
-          roleId: ${{ secrets.VAULT_ROLE_ID }}
-          secretId: ${{ secrets.VAULT_SECRET_ID }}
-          channel: ${{ env.SLACK_CHANNEL }}
-          threadTimestamp: ${{ needs.prepare.outputs.slack-thread || '' }}
+          bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
+          channel-id: ${{ env.SLACK_CHANNEL }}
           message: |-
             :fire: Something went wrong with the release. See <${{ env.JOB_URL }}|logs>.
+          thread-timestamp: ${{ needs.prepare.outputs.slack-thread || '' }}
diff --git a/.github/workflows/run-patch-release.yml b/.github/workflows/run-patch-release.yml
@@ -34,9 +34,7 @@ jobs:
       - id: prepare
         uses: ./.github/workflows/prepare-release
         with:
-          vault-url: ${{ secrets.VAULT_ADDR }}
-          vault-role-id: ${{ secrets.VAULT_ROLE_ID }}
-          vault-secret-id: ${{ secrets.VAULT_SECRET_ID }}
+          slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
           version: ${{ inputs.version }}
           type: 'patch'
 
@@ -74,25 +72,21 @@ jobs:
 
       - run: make patch-release
 
-      - uses: elastic/apm-pipeline-library/.github/actions/slack-message@current
-        if: success()
+      - if: success()
+        uses: elastic/oblt-actions/slack/[email protected]
         with:
-          url: ${{ secrets.VAULT_ADDR }}
-          roleId: ${{ secrets.VAULT_ROLE_ID }}
-          secretId: ${{ secrets.VAULT_SECRET_ID }}
-          channel: ${{ env.SLACK_CHANNEL }}
-          threadTimestamp: ${{ needs.prepare.outputs.slack-thread || '' }}
+          bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
+          channel-id: ${{ env.SLACK_CHANNEL }}
           message: |-
             Feature freeze for `${{ github.repository }}@${{ env.RELEASE_VERSION }}` is Today.
             All the relevant PRs and issues have been created.
+          thread-timestamp: ${{ needs.prepare.outputs.slack-thread || '' }}
 
-      - uses: elastic/apm-pipeline-library/.github/actions/slack-message@current
-        if: failure()
+      - if: failure()
+        uses: elastic/oblt-actions/slack/[email protected]
         with:
-          url: ${{ secrets.VAULT_ADDR }}
-          roleId: ${{ secrets.VAULT_ROLE_ID }}
-          secretId: ${{ secrets.VAULT_SECRET_ID }}
-          channel: ${{ env.SLACK_CHANNEL }}
-          threadTimestamp: ${{ needs.prepare.outputs.slack-thread || '' }}
+          bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
+          channel-id: ${{ env.SLACK_CHANNEL }}
           message: |-
             :fire: Something went wrong with the patch release. See <${{ env.JOB_URL }}|logs>.
+          thread-timestamp: ${{ needs.prepare.outputs.slack-thread || '' }}
diff --git a/.github/workflows/smoke-tests-schedule.yml b/.github/workflows/smoke-tests-schedule.yml
@@ -54,10 +54,8 @@ jobs:
         uses: elastic/apm-pipeline-library/.github/actions/check-dependent-jobs@current
         with:
           needs: ${{ toJSON(needs) }}
-      - uses: elastic/apm-pipeline-library/.github/actions/notify-build-status@current
+      - uses: elastic/oblt-actions/slack/notify-[email protected]
         with:
+          bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
+          channel-id: "#apm-server"
           status: ${{ steps.check.outputs.status }}
-          vaultUrl: ${{ secrets.VAULT_ADDR }}
-          vaultRoleId: ${{ secrets.VAULT_ROLE_ID }}
-          vaultSecretId: ${{ secrets.VAULT_SECRET_ID }}
-          slackChannel: "#apm-server"
diff --git a/.github/workflows/update-beats.yml b/.github/workflows/update-beats.yml
@@ -33,15 +33,15 @@ jobs:
         with:
           go-version-file: go.mod
 
-      - uses: elastic/oblt-actions/updatecli/run@v1.2.0
+      - uses: elastic/oblt-actions/updatecli/run@v1.8.1
         with:
           command: --experimental apply --config .ci/update-beats.yml
         env:
           BRANCH_NAME: ${{ matrix.branch }}
           GITHUB_TOKEN: ${{ secrets.UPDATECLI_GH_TOKEN }}
 
       - if: ${{ failure()  }}
-        uses: elastic/oblt-actions/slack/send@v1.2.0
+        uses: elastic/oblt-actions/slack/send@v1.8.1
         with:
           channel-id: '#apm-server'
           message: ":traffic_cone: updatecli failed for `${{ github.repository }}@${{ github.ref_name }}`, @robots-ci please look what's going on <https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}|here>"