Skip to content

buildkite: use bot user (#3653) #426

buildkite: use bot user (#3653)

buildkite: use bot user (#3653) #426

Workflow file for this run

---
name: snapshot
on:
push:
branches:
- "main"
workflow_dispatch:
inputs:
dry_run:
description: If set, run a dry-run snapshot
default: false
type: boolean
permissions:
contents: read
jobs:
validate:
runs-on: ubuntu-latest
outputs:
is-snapshot: ${{ steps.validate-step.outputs.is-snapshot }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Validate version is a snapshot version
id: validate-step
run: |
output=false
if [[ "$(./mvnw -q help:evaluate -Dexpression=project.version -DforceStdout)" =~ "-SNAPSHOT" ]]; then
echo "This is a snapshot version"
output=true
fi
echo "is-snapshot=${output}" >> "$GITHUB_OUTPUT"
deploy:
name: Deploy
runs-on: ubuntu-latest
needs:
- validate
permissions:
attestations: write
contents: write
id-token: write
env:
TARBALL_FILE: artifacts.tar
if: ${{ contains(needs.validate.outputs.is-snapshot, 'true') }}
steps:
- id: buildkite
name: Run Deploy
uses: elastic/apm-pipeline-library/.github/actions/buildkite@current
with:
vaultUrl: ${{ secrets.VAULT_ADDR }}
vaultRoleId: ${{ secrets.VAULT_ROLE_ID }}
vaultSecretId: ${{ secrets.VAULT_SECRET_ID }}
pipeline: apm-agent-java-snapshot
pipelineBranch: ${{ github.ref_name }}
artifactName: snapshots
artifactPath: ${{ env.TARBALL_FILE }}
waitFor: true
printBuildLogs: false
buildEnvVars: |
dry_run=${{ inputs.dry_run || 'false' }}
TARBALL_FILE=${{ env.TARBALL_FILE }}
- uses: actions/download-artifact@v3
with:
name: snapshots
- name: untar the buildkite tarball
run: tar xvf ${{ env.TARBALL_FILE }}
- name: generate build provenance
uses: actions/attest-build-provenance@173725a1209d09b31f9d30a3890cf2757ebbff0d # v1.1.2
with:
subject-path: "${{ github.workspace }}/**/target/*.jar"
build-docker-images:
name: "Build docker images"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: elastic/apm-pipeline-library/.github/actions/docker-login@current
with:
registry: docker.elastic.co
secret: secret/apm-team/ci/docker-registry/prod
url: ${{ secrets.VAULT_ADDR }}
roleId: ${{ secrets.VAULT_ROLE_ID }}
secretId: ${{ secrets.VAULT_SECRET_ID }}
- name: prepare context for testing docker build
run: |
mkdir -p elastic-apm-agent/target
curl -L -s -o elastic-apm-agent/target/elastic-apm-agent-1.49.0.jar \
"https://oss.sonatype.org/service/local/artifact/maven/redirect?r=releases&g=co.elastic.apm&a=elastic-apm-agent&v=1.49.0"
- name: "Build docker image"
run: ./scripts/docker-release/build_docker.sh "test"
notify:
needs:
- build-docker-images
- deploy
- validate
runs-on: ubuntu-latest
steps:
- id: check
uses: elastic/apm-pipeline-library/.github/actions/check-dependent-jobs@current
with:
needs: ${{ toJSON(needs) }}
- if: ${{ failure() && ! inputs.dry_run }}
uses: elastic/apm-pipeline-library/.github/actions/slack-message@current
with:
url: ${{ secrets.VAULT_ADDR }}
roleId: ${{ secrets.VAULT_ROLE_ID }}
secretId: ${{ secrets.VAULT_SECRET_ID }}
channel: "#apm-agent-java"
message: |
:ghost: [${{ github.repository }}] Snapshot *${{ github.ref_name }}* didn't get triggered in Buildkite.
Build: (<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|here>)