Merge remote-tracking branch 'upstream/7.17' into feature/add-prefix

* upstream/7.17: (115 commits) chore: Update to elastic/beats@6f5446e5b8f8 (elastic#14998) Mark most client.geo.* as dynamic in TestRUMXForwardedFor approvals (backport elastic#14997) (elastic#15017) 7.17: bump dependencies (elastic#14841) chore: Update to elastic/beats@00c078c67c2c (elastic#14822) 7.17.27: update docs (elastic#14801) chore: Update to elastic/beats@3f83d0d05528 (elastic#14800) buildkite(dra): retry if package failed (elastic#14783) (elastic#14787) release: add changelog entry for 7.17.26 (elastic#14766) [updatecli] Update to elastic/beats@5b41c60f8a02 (elastic#14640) 7.17: bump otelgrpc contrib to 0.46.0 (elastic#14610) chore: Update docker-compose.yml (elastic#14527) chore: Update docker-compose.yml (elastic#14506) github-actions: fixes gh command not found (elastic#14484) (elastic#14518) chore: Update docker-compose.yml (elastic#14491) chore: Update docker-compose.yml (elastic#14477) chore: Update docker-compose.yml (elastic#14456) [updatecli] Bump elastic stack version to 7.17.26-d6e8760b (elastic#14428) chore: Update docker-compose.yml (elastic#14417) build: bump version to 7.17.26 (elastic#14416) changelog: add release notes for 7.17.25 (elastic#14414) ...
v1v · Dec 30, 2024 · 2821fbb · 2821fbb
2 parents 25e7b2d + 2fc09c8
commit 2821fbb
Show file tree

Hide file tree

Showing 40 changed files with 3,529 additions and 2,255 deletions.
diff --git a/.buildkite/package.yml b/.buildkite/package.yml
@@ -28,6 +28,9 @@ steps:
         artifact_paths:
           - "build/distributions/**/*"
           - "build/dependencies*.csv"
+        retry:
+          automatic:
+            - limit: 1
 
       - label: "Package Ubuntu-20 aarch64"
         key: "package-arm"
@@ -43,6 +46,9 @@ steps:
             - "staging"
         artifact_paths:
           - "build/distributions/**/*"
+        retry:
+          automatic:
+            - limit: 1
 
   - label: "DRA"
     key: "dra"

diff --git a/.ci/bump-elastic-stack-snapshot.yml → ...updatecli/bump-elastic-stack-snapshot.yml b/.ci/bump-elastic-stack-snapshot.yml → ...updatecli/bump-elastic-stack-snapshot.yml
@@ -18,8 +18,9 @@ scms:
     kind: github
     spec:
       user: '{{ requiredEnv "GITHUB_ACTOR" }}'
-      owner: elastic
-      repository: apm-server
+      username: '{{ requiredEnv "GITHUB_ACTOR" }}'
+      owner: '{{ .scm.owner }}'
+      repository: '{{ .scm.repository }}'
       token: '{{ requiredEnv "GITHUB_TOKEN" }}'
       branch: '{{ requiredEnv "BRANCH" }}'
       commitusingapi: true

diff --git a/.ci/bump-golang.yml → .ci/updatecli/bump-golang.yml b/.ci/bump-golang.yml → .ci/updatecli/bump-golang.yml
@@ -1,6 +1,6 @@
 ---
 name: Bump golang-version to latest version
-pipelineid: 'updatecli-bump-golang-{{ requiredEnv "GITHUB_BRANCH" }}'
+pipelineid: 'feature/updatecli-bump-golang-{{ requiredEnv "GITHUB_BRANCH" }}'
 
 actions:
   default:
@@ -24,8 +24,9 @@ scms:
     kind: github
     spec:
       user: '{{ requiredEnv "GITHUB_ACTOR" }}'
-      owner: elastic
-      repository: apm-server
+      username: '{{ requiredEnv "GITHUB_ACTOR" }}'
+      owner: '{{ .scm.owner }}'
+      repository: '{{ .scm.repository }}'
       token: '{{ requiredEnv "GITHUB_TOKEN" }}'
       branch: '{{ requiredEnv "GITHUB_BRANCH" }}'
       commitusingapi: true
@@ -42,20 +43,20 @@ sources:
       command: cat .go-version
 
   latestGoVersion:
-    name: Get Latest Go Release
+    name: Get Latest Golang-crossbuild Release
     kind: githubrelease
     dependson:
       - minor
     transformers:
-      - trimprefix: go
+      - trimprefix: v
     spec:
-      owner: golang
-      repository: go
+      owner: elastic
+      repository: golang-crossbuild
       token: '{{ requiredEnv "GITHUB_TOKEN" }}'
       username: '{{ requiredEnv "GITHUB_ACTOR" }}'
       versionfilter:
         kind: regex
-        pattern: go1\.{{ source "minor" }}\.\d*$
+        pattern: v1\.{{ source "minor" }}\.\d*$
 
   gomod:
     dependson:

diff --git a/.ci/update-beats.yml → .ci/updatecli/update-beats.yml b/.ci/update-beats.yml → .ci/updatecli/update-beats.yml
@@ -7,8 +7,9 @@ scms:
     kind: github
     spec:
       user: '{{ requiredEnv "GITHUB_ACTOR" }}'
-      owner: elastic
-      repository: apm-server
+      username: '{{ requiredEnv "GITHUB_ACTOR" }}'
+      owner: '{{ .scm.owner }}'
+      repository: '{{ .scm.repository }}'
       token: '{{ requiredEnv "GITHUB_TOKEN" }}'
       branch: '{{ requiredEnv "BRANCH_NAME" }}'
       commitusingapi: true

diff --git a/.ci/updatecli/values.d/ironbank.yml b/.ci/updatecli/values.d/ironbank.yml
@@ -0,0 +1,2 @@
+config:
+  - path: packaging/ironbank
diff --git a/.ci/updatecli/values.d/scm.yml b/.ci/updatecli/values.d/scm.yml
@@ -0,0 +1,14 @@
+scm:
+  enabled: true
+  owner: elastic
+  repository: apm-server
+  branch: main
+  # begin updatecli-compose policy values
+  user: obltmachine
+  email: [email protected]
+  commitusingapi: true
+  # end updatecli-compose policy values
+
+# This will be moved to the scm section in the future and use
+# commitusingapi instead.
+signedcommit: true
diff --git a/.ci/updatecli/values.d/updatecli-compose.yml b/.ci/updatecli/values.d/updatecli-compose.yml
@@ -0,0 +1,3 @@
+spec:
+  files:
+    - "updatecli-compose.yaml"
diff --git a/.github/workflows/bump-elastic-stack.yml b/.github/workflows/bump-elastic-stack.yml
@@ -17,7 +17,7 @@ jobs:
       matrix: ${{ steps.generator.outputs.matrix }}
     steps:
       - id: generator
-        uses: elastic/apm-pipeline-library/.github/actions/elastic-stack-snapshot-branches@current
+        uses: elastic/oblt-actions/elastic/active-branches@v1
 
   bump-elastic-stack:
     runs-on: ubuntu-latest
@@ -30,15 +30,27 @@ jobs:
         with:
           ref: ${{ matrix.branch }}
 
-      - uses: elastic/oblt-actions/updatecli/[email protected]
+      - name: Get token
+        id: get_token
+        uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
         with:
-          command: --experimental apply --config .ci/bump-elastic-stack-snapshot.yml
+          app_id: ${{ secrets.OBS_AUTOMATION_APP_ID }}
+          private_key: ${{ secrets.OBS_AUTOMATION_APP_PEM }}
+          permissions: >-
+            {
+              "contents": "write",
+              "pull_requests": "write"
+            }
+
+      - uses: elastic/oblt-actions/updatecli/run@v1
+        with:
+          command: --experimental apply --config .ci/updatecli/bump-elastic-stack-snapshot.yml --values .ci/updatecli/values.d/scm.yml
         env:
           BRANCH: ${{ matrix.branch }}
-          GITHUB_TOKEN: ${{ secrets.UPDATECLI_GH_TOKEN }}
+          GITHUB_TOKEN: ${{ steps.get_token.outputs.token }}
 
       - if: ${{ failure()  }}
-        uses: elastic/oblt-actions/slack/send@v1.2.0
+        uses: elastic/oblt-actions/slack/send@v1
         with:
           channel-id: '#apm-server'
           message: ":traffic_cone: updatecli failed for `${{ github.repository }}@${{ github.ref_name }}`, @robots-ci please look what's going on <https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}|here>"

diff --git a/.github/workflows/bump-golang.yml b/.github/workflows/bump-golang.yml
@@ -19,7 +19,7 @@ jobs:
     steps:
       - id: generate
         name: Generate matrix
-        uses: elastic/apm-pipeline-library/.github/actions/elastic-stack-snapshot-branches@current
+        uses: elastic/oblt-actions/elastic/active-branches@v1
         with:
           exclude-branches: '7.17,main'
       - uses: actions/github-script@v7
@@ -41,11 +41,23 @@ jobs:
 
       - uses: actions/checkout@v4
 
-      - uses: elastic/oblt-actions/updatecli/[email protected]
+      - name: Get token
+        id: get_token
+        uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
         with:
-          command: --experimental apply --config .ci/bump-golang.yml
+          app_id: ${{ secrets.OBS_AUTOMATION_APP_ID }}
+          private_key: ${{ secrets.OBS_AUTOMATION_APP_PEM }}
+          permissions: >-
+            {
+              "contents": "write",
+              "pull_requests": "write"
+            }
+
+      - uses: elastic/oblt-actions/updatecli/run@v1
+        with:
+          command: --experimental apply --config .ci/updatecli/bump-golang.yml --values .ci/updatecli/values.d/scm.yml
         env:
-          GITHUB_TOKEN: ${{ secrets.UPDATECLI_GH_TOKEN }}
+          GITHUB_TOKEN: ${{ steps.get_token.outputs.token }}
           GITHUB_BRANCH: 'main'
           GITHUB_LABELS: ${{ needs.labels.outputs.backports }}
 
@@ -58,11 +70,11 @@ jobs:
         with:
           ref: '7.17'
 
-      - uses: elastic/oblt-actions/updatecli/run@v1.9.1
+      - uses: elastic/oblt-actions/updatecli/run@v1
         with:
-          command: --experimental apply --config .ci/bump-golang.yml
+          command: --experimental apply --config .ci/updatecli/bump-golang.yml --values .ci/updatecli/values.d/scm.yml
         env:
-          GITHUB_TOKEN: ${{ secrets.UPDATECLI_GH_TOKEN }}
+          GITHUB_TOKEN: ${{ steps.get_token.outputs.token }}
           GITHUB_BRANCH: '7.17'
           GITHUB_LABELS: 'backport-skip'
 
@@ -72,11 +84,11 @@ jobs:
     if: always()
     steps:
       - id: check
-        uses: elastic/apm-pipeline-library/.github/actions/check-dependent-jobs@current
+        uses: elastic/oblt-actions/check-dependent-jobs@v1
         with:
-          needs: ${{ toJSON(needs) }}
+          jobs: ${{ toJSON(needs) }}
       - if: ${{ steps.check.outputs.isSuccess == 'false' }}
-        uses: elastic/oblt-actions/slack/send@v1.9.1
+        uses: elastic/oblt-actions/slack/send@v1
         with:
           bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
           channel-id: "#apm-server"

diff --git a/.github/workflows/run-minor-release.yml b/.github/workflows/run-minor-release.yml
@@ -13,8 +13,9 @@ permissions:
   contents: read
 
 env:
-  SLACK_CHANNEL: "#apm-server-test-release"
-
+  JOB_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
+  SLACK_CHANNEL: "#apm-server"
+
 jobs:
   run-minor:
     runs-on: ubuntu-latest

diff --git a/.github/workflows/run-patch-release.yml b/.github/workflows/run-patch-release.yml
@@ -19,7 +19,6 @@ permissions:
 env:
   JOB_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
   SLACK_CHANNEL: "#apm-server"
-  GH_TOKEN: ${{ secrets.APM_SERVER_RELEASE_TOKEN }}
 
 jobs:
   prepare:
@@ -54,13 +53,25 @@ jobs:
           # Use the makefile in the given release branch.
           ref: ${{ env.RELEASE_BRANCH }}
 
+      - name: Get token
+        id: get_token
+        uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
+        with:
+          app_id: ${{ secrets.OBS_AUTOMATION_APP_ID }}
+          private_key: ${{ secrets.OBS_AUTOMATION_APP_PEM }}
+          permissions: >-
+            {
+              "contents": "write",
+              "pull_requests": "write"
+            }
+
       # Required to use a service account, otherwise PRs created by
       # GitHub bot won't trigger any CI builds.
       # See https://github.com/peter-evans/create-pull-request/issues/48#issuecomment-537478081
       - name: Configure git user
         uses: elastic/oblt-actions/git/setup@v1
         with:
-          github-token: ${{ env.GH_TOKEN }}
+          github-token: ${{ steps.get_token.outputs.token }}
 
       - name: Import GPG key
         uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4  # v6.1.0
@@ -71,6 +82,8 @@ jobs:
           git_commit_gpgsign: true
 
       - run: make patch-release
+        env:
+          GH_TOKEN: ${{ steps.get_token.outputs.token }}
 
       - if: success()
         uses: elastic/oblt-actions/slack/send@v1

diff --git a/.github/workflows/smoke-tests-ess.yml b/.github/workflows/smoke-tests-ess.yml
@@ -7,7 +7,12 @@ on:
       branch:
         required: true
         type: string
-
+  workflow_dispatch:
+    inputs:
+      branch:
+        description: 'The branch to checkout'
+        required: true
+        type: string
 
 # limit the access of the generated GITHUB_TOKEN
 permissions:

diff --git a/.github/workflows/smoke-tests-os.yml b/.github/workflows/smoke-tests-os.yml
@@ -7,6 +7,12 @@ on:
       branch:
         required: true
         type: string
+  workflow_dispatch:
+    inputs:
+      branch:
+        description: 'The branch to checkout'
+        required: true
+        type: string
 
 # limit the access of the generated GITHUB_TOKEN
 permissions:

diff --git a/.github/workflows/smoke-tests-schedule.yml b/.github/workflows/smoke-tests-schedule.yml
@@ -20,7 +20,7 @@ jobs:
       - uses: actions/checkout@v4
       - id: generate
         name: Generate matrix
-        uses: elastic/apm-pipeline-library/.github/actions/elastic-stack-snapshot-branches@current
+        uses: elastic/oblt-actions/elastic/active-branches@v1
         with:
           exclude-branches: '7.17'
 
@@ -57,10 +57,10 @@ jobs:
       - smoke-tests-ess
     steps:
       - id: check
-        uses: elastic/apm-pipeline-library/.github/actions/check-dependent-jobs@current
+        uses: elastic/oblt-actions/check-dependent-jobs@v1
         with:
-          needs: ${{ toJSON(needs) }}
-      - uses: elastic/oblt-actions/slack/notify-result@v1.8.0
+          jobs: ${{ toJSON(needs) }}
+      - uses: elastic/oblt-actions/slack/notify-result@v1.9.1
         with:
           bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
           channel-id: "#apm-server"

diff --git a/.github/workflows/update-beats.yml b/.github/workflows/update-beats.yml
@@ -17,7 +17,7 @@ jobs:
       matrix: ${{ steps.generator.outputs.matrix }}
     steps:
       - id: generator
-        uses: elastic/apm-pipeline-library/.github/actions/elastic-stack-snapshot-branches@current
+        uses: elastic/oblt-actions/elastic/active-branches@v1
   bump:
     needs:
       - filter
@@ -30,19 +30,31 @@ jobs:
         with:
           ref: ${{ matrix.branch }}
 
+      - name: Get token
+        id: get_token
+        uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
+        with:
+          app_id: ${{ secrets.OBS_AUTOMATION_APP_ID }}
+          private_key: ${{ secrets.OBS_AUTOMATION_APP_PEM }}
+          permissions: >-
+            {
+              "contents": "write",
+              "pull_requests": "write"
+            }
+
       - uses: actions/setup-go@v5
         with:
           go-version-file: go.mod
 
-      - uses: elastic/oblt-actions/updatecli/run@v1.2.0
+      - uses: elastic/oblt-actions/updatecli/run@v1
         with:
-          command: --experimental apply --config .ci/update-beats.yml
+          command: --experimental apply --config .ci/updatecli/update-beats.yml --values .ci/updatecli/values.d/scm.yml
         env:
           BRANCH_NAME: ${{ matrix.branch }}
-          GITHUB_TOKEN: ${{ secrets.UPDATECLI_GH_TOKEN }}
+          GITHUB_TOKEN: ${{ steps.get_token.outputs.token }}
 
       - if: ${{ failure()  }}
-        uses: elastic/oblt-actions/slack/send@v1.2.0
+        uses: elastic/oblt-actions/slack/send@v1
         with:
           channel-id: '#apm-server'
           message: ":traffic_cone: updatecli failed for `${{ github.repository }}@${{ github.ref_name }}`, @robots-ci please look what's going on <https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}|here>"