Skip to content

Merge branch 'fix/release-to-use-signed-artifacts' into test/release-… #16

Merge branch 'fix/release-to-use-signed-artifacts' into test/release-…

Merge branch 'fix/release-to-use-signed-artifacts' into test/release-… #16

Workflow file for this run

---
name: release
permissions:
contents: read
on:
push:
env:
BUILD_PACKAGES: build/packages
jobs:
release-started:
runs-on: ubuntu-latest
steps:
- uses: elastic/apm-pipeline-library/.github/actions/slack-message@current
with:
url: ${{ secrets.VAULT_ADDR }}
roleId: ${{ secrets.VAULT_ROLE_ID }}
secretId: ${{ secrets.VAULT_SECRET_ID }}
channel: "#on-week-oblt-productivity"
message: |
:runner: [${{ github.repository }}] Release *${{ github.ref_name }}* has been triggered : (<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|here> for further details)
build:
uses: ./.github/workflows/build.yml
build-packages:
needs:
- build
uses: ./.github/workflows/build-packages.yml
sign:
runs-on: ubuntu-latest
needs:
- build-packages
env:
BUCKET_NAME: "apm-agent-php"
steps:
- uses: actions/checkout@v3
- uses: actions/download-artifact@v3
with:
name: package
path: ${{ env.BUILD_PACKAGES }}
## NOTE: The name of the zip should match the name of the folder to be zipped.
- name: Prepare packages to be signed
run: zip -r packages.zip packages/
working-directory: build
- name: 'Get service account'
uses: hashicorp/[email protected]
with:
url: ${{ secrets.VAULT_ADDR }}
roleId: ${{ secrets.VAULT_ROLE_ID }}
secretId: ${{ secrets.VAULT_SECRET_ID }}
method: approle
secrets: |
secret/observability-team/ci/apm-agent-php-bucket service-account | SERVICE_ACCOUNT ;
- name: 'Authenticate to Google Cloud'
uses: 'google-github-actions/auth@v1'
with:
credentials_json: '${{ env.SERVICE_ACCOUNT }}'
- id: 'upload-file'
uses: 'google-github-actions/upload-cloud-storage@v1'
with:
path: "${{ env.BUILD_PACKAGES }}.zip"
destination: "${{ env.BUCKET_NAME }}/${{ github.run_id }}"
predefinedAcl: "publicRead"
- id: buildkite
name: Run buildkite pipeline
uses: elastic/apm-pipeline-library/.github/actions/buildkite@current
with:
vaultUrl: ${{ secrets.VAULT_ADDR }}
vaultRoleId: ${{ secrets.VAULT_ROLE_ID }}
vaultSecretId: ${{ secrets.VAULT_SECRET_ID }}
pipeline: observability-robots-php-release
triggerMessage: "${{ github.repository }}@${{ github.ref_name }} - sign artifacts"
waitFor: true
printBuildLogs: true
artifactName: signed-artifacts
artifactPath: "signed-artifacts.zip"
buildEnvVars: |
BUNDLE_URL=https://storage.googleapis.com/${{ env.BUCKET_NAME }}/${{ steps.upload-file.outputs.uploaded }}
generate-test-packages-matrix:
uses: ./.github/workflows/generate-matrix.yml
test-packages:
needs:
- sign
- generate-test-packages-matrix
uses: ./.github/workflows/test-packages.yml
with:
include: ${{ needs.generate-test-packages-matrix.outputs.include }}
max-parallel: 40
package-name: 'signed-artifacts'
release:
needs:
- test-packages
runs-on: ubuntu-latest
permissions:
contents: write
env:
GITHUB_TOKEN: ${{ github.token }}
TAG_NAME: ${{ github.ref_name }}
steps:
- uses: actions/checkout@v3
- uses: actions/download-artifact@v3
with:
name: signed-artifacts
path: ${{ env.BUILD_PACKAGES }}
- name: Unzip signed packages
run: unzip ${PACKAGE_FILE} && rm ${PACKAGE_FILE}
working-directory: ${{ env.BUILD_PACKAGES }}
env:
PACKAGE_FILE: "signed-artifacts.zip"
- name: Create draft release
run: echo "make -f .ci/Makefile draft-release"
- name: Verify draft release
run: echo "ORIGINAL_PACKAGES_LOCATION=${{ env.BUILD_PACKAGES }} make -f .ci/Makefile download-verify"
- name: Publish release
run: echo "make -f .ci/Makefile github-release-ready"
notify:
if: always()
needs:
- build
- build-packages
- generate-test-packages-matrix
- release
- sign
- test-packages
runs-on: ubuntu-latest
steps:
- id: check
uses: elastic/apm-pipeline-library/.github/actions/check-dependent-jobs@current
with:
needs: ${{ toJSON(needs) }}
- uses: elastic/apm-pipeline-library/.github/actions/notify-build-status@current
with:
status: ${{ steps.check.outputs.status }}
vaultUrl: ${{ secrets.VAULT_ADDR }}
vaultRoleId: ${{ secrets.VAULT_ROLE_ID }}
vaultSecretId: ${{ secrets.VAULT_SECRET_ID }}
slackChannel: "#on-week-oblt-productivity"
message: "[${{ github.repository }}] Release (<${{ github.server_url }}/${{ github.repository }}/releases/tag/${{ github.ref_name }}|${{ github.ref_name }}>)"