Skip to content

Commit

Permalink
support provenance
Browse files Browse the repository at this point in the history
  • Loading branch information
v1v committed Apr 23, 2024
1 parent 8896198 commit c979654
Show file tree
Hide file tree
Showing 6 changed files with 57 additions and 2 deletions.
7 changes: 6 additions & 1 deletion .buildkite/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,16 @@ agents:
provider: "gcp"
image: "family/ecs-logging-java-ubuntu-2204"

env:
TARBALL_FILE: ${TARBALL_FILE:-dist.tar}

steps:
- label: "Run the release"
key: "release"
commands: .ci/release.sh
artifact_paths: "release.txt"
artifact_paths:
- "release.txt"
- "${TARBALL_FILE}"

notify:
- slack: "#apm-agent-java"
Expand Down
4 changes: 4 additions & 0 deletions .buildkite/snapshot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,17 @@ agents:
provider: "gcp"
image: "family/ecs-logging-java-ubuntu-2204"

env:
TARBALL_FILE: ${TARBALL_FILE:-dist.tar}

steps:
- label: "Run the snapshot"
key: "release"
commands: .ci/snapshot.sh
artifact_paths:
- "snapshot.txt"
- "**/target/*"
- "${TARBALL_FILE}"

notify:
- slack: "#apm-agent-java"
Expand Down
3 changes: 3 additions & 0 deletions .ci/release.sh
Original file line number Diff line number Diff line change
Expand Up @@ -38,3 +38,6 @@ fi

echo "--- Release the binaries to Maven Central :maven: [./mvnw ${GOAL})] ${DRY_RUN_MSG}"
./mvnw -V -s .ci/settings.xml -Pgpg clean $GOAL -DskipTests --batch-mode | tee release.txt

echo "--- Archive the target folder with jar files"
find . -type d -name target -exec find {} -name '*.jar' -print0 \; | xargs -0 tar -cvf "${TARBALL_FILE:-dist.tar}"
3 changes: 3 additions & 0 deletions .ci/snapshot.sh
Original file line number Diff line number Diff line change
Expand Up @@ -35,3 +35,6 @@ fi

echo "--- Deploy the snapshot :package: [./mvnw ${GOAL})] ${DRY_RUN_MSG}"
./mvnw -V -s .ci/settings.xml -Pgpg clean ${GOAL} -DskipTests --batch-mode | tee snapshot.txt

echo "--- Archive the target folder with jar files"
find . -type d -name target -exec find {} -name '*.jar' -print0 \; | xargs -0 tar -cvf "${TARBALL_FILE:-dist.tar}"
20 changes: 20 additions & 0 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,11 @@ jobs:
if: ${{ ! inputs.skip_maven_deploy }}
needs:
- validate-tag
permissions:
contents: write
id-token: write
env:
TARBALL_FILE: dist.tar
steps:
- id: buildkite
name: Run Release
Expand All @@ -75,11 +80,26 @@ jobs:
vaultRoleId: ${{ secrets.VAULT_ROLE_ID }}
vaultSecretId: ${{ secrets.VAULT_SECRET_ID }}
pipeline: ecs-logging-java-release
artifactName: releases
artifactPath: ${{ env.TARBALL_FILE }}
waitFor: true
printBuildLogs: false
buildEnvVars: |
ref=${{ inputs.ref }}
dry_run=${{ inputs.dry_run || 'false' }}
TARBALL_FILE=${{ env.TARBALL_FILE }}
- uses: actions/download-artifact@v3
with:
name: releases

- name: untar the buildkite tarball
run: tar xvf ${{ env.TARBALL_FILE }}

- name: generate build provenance
uses: github-early-access/generate-build-provenance@main
with:
subject-path: "${{ github.workspace }}/**/target/*.jar"

- if: ${{ success() }}
uses: elastic/apm-pipeline-library/.github/actions/slack-message@current
Expand Down
22 changes: 21 additions & 1 deletion .github/workflows/snapshot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,11 @@ jobs:
runs-on: ubuntu-latest
needs: validate
if: ${{ contains(needs.validate.outputs.is-snapshot, 'true') }}
permissions:
contents: write
id-token: write
env:
TARBALL_FILE: dist.tar
steps:
- id: buildkite
name: Run Deploy
Expand All @@ -46,10 +51,25 @@ jobs:
vaultRoleId: ${{ secrets.VAULT_ROLE_ID }}
vaultSecretId: ${{ secrets.VAULT_SECRET_ID }}
pipeline: ecs-logging-java-snapshot
waitFor: false
artifactName: snapshots
artifactPath: ${{ env.TARBALL_FILE }}
waitFor: true
printBuildLogs: false
buildEnvVars: |
dry_run=${{ inputs.dry_run || 'false' }}
TARBALL_FILE=${{ env.TARBALL_FILE }}
- uses: actions/download-artifact@v3
with:
name: snapshots

- name: untar the buildkite tarball
run: tar xvf ${{ env.TARBALL_FILE }}

- name: generate build provenance
uses: github-early-access/generate-build-provenance@main
with:
subject-path: "${{ github.workspace }}/**/target/*.jar"

- if: ${{ failure() }}
uses: elastic/apm-pipeline-library/.github/actions/slack-message@current
Expand Down

0 comments on commit c979654

Please sign in to comment.