Skip to content

Moved ignore platform requirements from build script to composer file… #70

Moved ignore platform requirements from build script to composer file…

Moved ignore platform requirements from build script to composer file… #70

Workflow file for this run

---
name: release
on:
push:
tags: [ "v[0-9]+*" ]
branches:
- main
env:
BUILD_PACKAGES: build/packages
permissions:
contents: read
jobs:
release-started:
name: Send release started notification
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags')
steps:
- uses: elastic/oblt-actions/slack/send@v1
with:
bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
channel-id: "#apm-agent-php"
message: |
:runner: [${{ github.repository }}] Release *${{ github.ref_name }}* has been triggered : (<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|here> for further details)
build:
uses: ./.github/workflows/build.yml
with:
build_arch: 'all'
sign:
runs-on: ubuntu-latest
needs:
- build
env:
BUCKET_NAME: "elastic-otel-php"
permissions:
attestations: write
id-token: write
contents: write
steps:
- uses: actions/checkout@v4
- name: Download package artifacts
uses: actions/download-artifact@v4
with:
pattern: packages-*
path: ${{ env.BUILD_PACKAGES }}
- name: Moving packages out of folders
run: |
pushd ${{ env.BUILD_PACKAGES }}
find . -mindepth 2 -type f -exec mv -t . {} +
find . -mindepth 1 -maxdepth 1 -type d -exec rm -r {} +
popd
ls -R ${{ env.BUILD_PACKAGES }}
- name: generate build provenance
uses: actions/attest-build-provenance@ef244123eb79f2f7a7e75d99086184180e6d0018 # v1.4.4
with:
subject-path: "${{ github.workspace }}/${{ env.BUILD_PACKAGES }}/*"
## NOTE: The name of the zip should match the name of the folder to be zipped.
- name: Prepare packages to be signed
run: zip -r packages.zip packages/
working-directory: build
- uses: elastic/oblt-actions/google/[email protected]
with:
project-number: '911195782929'
- id: 'upload-file'
uses: 'google-github-actions/upload-cloud-storage@v2'
with:
path: "${{ env.BUILD_PACKAGES }}.zip"
destination: "${{ env.BUCKET_NAME }}/${{ github.run_id }}"
- id: buildkite-run
uses: elastic/oblt-actions/buildkite/[email protected]
with:
token: ${{ secrets.BUILDKITE_TOKEN }}
pipeline: observability-robots-php-release
wait-for: true
env-vars: |
BUNDLE_URL=https://storage.googleapis.com/${{ env.BUCKET_NAME }}/${{ steps.upload-file.outputs.uploaded }}
- uses: elastic/oblt-actions/buildkite/[email protected]
with:
build-number: ${{ steps.buildkite-run.outputs.number }}
path: signed-artifacts.zip
pipeline: ${{ steps.buildkite-run.outputs.pipeline }}
token: ${{ secrets.BUILDKITE_TOKEN }}
# this artifact name is used also in some other places,
# such as ./.github/workflows/test-packages.yml.
# Therefore v4 cannot be used at the moment.
- uses: actions/upload-artifact@v4
with:
name: signed-artifacts
path: signed-artifacts.zip
# generate-test-packages-matrix:
# if: startsWith(github.ref, 'refs/tags')
# uses: ./.github/workflows/generate-matrix.yml
# test-packages:
# if: startsWith(github.ref, 'refs/tags')
# needs:
# - sign
# - generate-test-packages-matrix
# permissions:
# contents: read
# packages: read
# uses: ./.github/workflows/test-packages.yml
# with:
# include: ${{ needs.generate-test-packages-matrix.outputs.include }}
# max-parallel: 40
# package-name: 'signed-artifacts'
#TODO verify if tag match version from properties files
release:
needs:
- build
- sign
runs-on: ubuntu-latest
permissions:
contents: write
env:
GITHUB_TOKEN: ${{ github.token }}
TAG_NAME: ${{ github.ref_name }}
steps:
- name: Validate Github token
run: |
if [ -z "${GITHUB_TOKEN}" ]; then
echo "Please set GITHUB_TOKEN in the environment to perform a release"
exit 1
fi
- uses: actions/checkout@v4
- uses: actions/download-artifact@v4
with:
name: signed-artifacts
path: ${{ env.BUILD_PACKAGES }}
- name: Unzip signed packages
run: unzip ${PACKAGE_FILE} && rm ${PACKAGE_FILE}
working-directory: ${{ env.BUILD_PACKAGES }}
env:
PACKAGE_FILE: "signed-artifacts.zip"
- name: Create draft release
if: startsWith(github.ref, 'refs/tags')
run: |
RNOTES=$(./tools/build/get_release_note.sh --release-tag ${TAG_NAME})
gh release create "${TAG_NAME}" --draft --title "${TAG_NAME}" --repo elastic/elastic-otel-php \
--notes "${RNOTES}" \
build/packages/*.*
- name: Verify sha512 sums
if: startsWith(github.ref, 'refs/tags')
run: |
mkdir -p packages_downloaded_from_github
pushd packages_downloaded_from_github
for attempt in $(seq 1 3); do
gh release download "${TAG_NAME}" && break || (echo "Download draft release assets attempt ${attempt}/3 failed. Waiting 60s." && sleep 60)
done
ls -l .
echo "Verifying that downloaded artifacts pass the downloaded checksums..."
sha512sum --check ./*.sha512
popd
sort "${BUILD_PACKAGES}/"*.sha512 > original_artifacts.sha512
sort "packages_downloaded_from_github/"*.sha512 > downloaded_artifacts.sha512
cat original_artifacts.sha512
cat downloaded_artifacts.sha512
echo "Verifying that original and downloaded artifacts have the same checksums..."
diff original_artifacts.sha512 downloaded_artifacts.sha512 || exit 1
- name: Publish release
if: startsWith(github.ref, 'refs/tags')
run: gh release edit "${TAG_NAME}" --draft=false
notify:
if: always()
needs:
- build
# - build-packages
# - generate-test-packages-matrix
- release
- sign
# - test-packages
runs-on: ubuntu-latest
steps:
- id: check
uses: elastic/oblt-actions/check-dependent-jobs@v1
with:
jobs: ${{ toJSON(needs) }}
- if: startsWith(github.ref, 'refs/tags')
uses: elastic/oblt-actions/slack/notify-result@v1
with:
bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
channel-id: "#apm-agent-php"
status: ${{ steps.check.outputs.status }}
message: "[${{ github.repository }}] Release (<${{ github.server_url }}/${{ github.repository }}/releases/tag/${{ github.ref_name }}|${{ github.ref_name }}>)"