diff --git a/.github/workflows/release.yml b/.github/workflows/create-tag.yml similarity index 55% rename from .github/workflows/release.yml rename to .github/workflows/create-tag.yml index 80d8a957..0ac0b288 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/create-tag.yml @@ -1,6 +1,6 @@ --- -## Workflow to create a new git tag if version.py variable version gets updated -name: release +# Workflow to create a new git tag if version.py variable version gets updated +name: create-tag permissions: contents: write # write permission is required to create a GitHub release @@ -14,14 +14,10 @@ on: jobs: - release: + create-tag: runs-on: ubuntu-latest timeout-minutes: 5 - outputs: - version: ${{ steps.version.outputs.version }} - enabled: ${{ steps.version.outputs.enabled }} - tag: ${{ steps.version.outputs.tag }} steps: - uses: actions/checkout@v4 @@ -66,10 +62,6 @@ jobs: echo "::notice::Current version is ${{ env.VERSION }}." echo "::notice::The result for creating tag is $CREATE_TAG." - echo "version=${{ env.VERSION }}" >> "$GITHUB_OUTPUT" - echo "enabled=${CREATE_TAG}" >> "$GITHUB_OUTPUT" - echo "tag=lambda-v${{ env.VERSION }}" >> "$GITHUB_OUTPUT" - - name: Create tag if: env.CREATE_TAG == 'true' # run only in case CREATE_TAG is true uses: actions/github-script@v7 @@ -78,44 +70,6 @@ jobs: github.rest.git.createRef({ owner: context.repo.owner, repo: context.repo.repo, - ref: 'refs/tags/' + "${{ steps.version.outputs.tag }}", + ref: 'refs/tags/lambda-v' + "${{ env.VERSION }}", sha: context.sha }) - - regular-sar: - if: ${{ needs.release.outputs.enabled == 'true' }} - runs-on: ubuntu-latest - needs: release - permissions: - # The OIDC permissions can be found at https://github.com/elastic/oblt-infra/tree/main/conf/resources/repos/elastic-serverless-forwarder - id-token: write - contents: read - env: - BUCKET_NAME : "elastic-serverless-forwarder" - AWS_REGION : "eu-central-1" - # elastic-observability-prod - AWS_ACCOUNT_ID: "267093732750" - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ needs.release.outputs.tag }} - - - uses: elastic/oblt-actions/aws/auth@v1 - with: - aws-account-id: "${{ env.AWS_ACCOUNT_ID }}" - aws-region: "${{ env.AWS_REGION }}" - - - uses: aws-actions/setup-sam@2360ef6d90015369947b45b496193ab9976a9b04 # v2 - with: - use-installer: true - token: ${{ secrets.GITHUB_TOKEN }} - - - name: Build and package - run: | - .internal/aws/scripts/dist.sh \ - elastic-serverless-forwarder \ - ${{ needs.release.outputs.version }} \ - ${{ env.BUCKET_NAME }} \ - ${{ env.AWS_ACCOUNT_ID }} \ - ${{ env.AWS_REGION }} \ - "Elastic" diff --git a/.github/workflows/releases-production.yml b/.github/workflows/releases-production.yml new file mode 100644 index 00000000..a3d871b7 --- /dev/null +++ b/.github/workflows/releases-production.yml @@ -0,0 +1,115 @@ +--- +# Workflow to push zip with dependencies to S3 bucket every time the ESF version is updated +# (we need this for ESF terraform), and to publish the new SAR version +name: releases-production + +on: + workflow_run: + workflows: [create-tag] + types: + - completed + +permissions: + id-token: write # This is required for requesting the JWT + contents: read # This is required for actions/checkout + +jobs: + + get-esf-version: + runs-on: ubuntu-latest + timeout-minutes: 5 + + outputs: + version: ${{ steps.get-version.outputs.version }} + + steps: + - uses: actions/checkout@v4 + + - name: Get version number + id: get-version + shell: bash + run: | + version=$(grep -oE '[0-9]+\.[0-9]+\.[0-9]+(\-[a-zA-Z]+[0-9]+)?' share/version.py) + echo "version=${version}" >> $GITHUB_OUTPUT + echo "::notice::ESF version is ${version}." + + + build-and-upload-dependencies: + runs-on: ubuntu-latest + timeout-minutes: 30 + needs: get-esf-version + + env: + BUCKET_NAME: "esf-dependencies" + AWS_REGION: "eu-central-1" + ROLE: "arn:aws:iam::267093732750:role/esf-dependencies-role" + + steps: + # See https://docs.aws.amazon.com/lambda/latest/dg/python-package.html#python-package-create-dependencies + + - uses: actions/checkout@v4 + + - uses: actions/setup-python@v5 + with: + python-version: '3.9' + cache: 'pip' # caching pip dependencies + + - name: Install requirements in a directory and zip it. + shell: bash + run: | + pip3 install -r requirements.txt -t ./dependencies + cd dependencies && zip -r ../lambda-v${{ needs.get-esf-version.outputs.version }}.zip . + + - name: Place handlers in the zip file. + shell: bash + run: | + zip -r ./lambda-v${{ needs.get-esf-version.outputs.version }}.zip main_aws.py + zip -r ./lambda-v${{ needs.get-esf-version.outputs.version }}.zip handlers + zip -r ./lambda-v${{ needs.get-esf-version.outputs.version }}.zip share + zip -r ./lambda-v${{ needs.get-esf-version.outputs.version }}.zip storage + zip -r ./lambda-v${{ needs.get-esf-version.outputs.version }}.zip shippers + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ env.ROLE }} + aws-region: ${{ env.AWS_REGION }} + + - name: Copy file to s3 + run: | + aws s3 cp ./lambda-v${{ needs.get-esf-version.outputs.version }}.zip s3://${{ env.BUCKET_NAME }}/ + + + + release-sar: + runs-on: ubuntu-latest + timeout-minutes: 30 + needs: get-esf-version + + env: + BUCKET_NAME: "elastic-serverless-forwarder" + AWS_REGION: "eu-central-1" + AWS_ACCOUNT_ID: "267093732750" # elastic-observability-prod + + steps: + - uses: actions/checkout@v4 + + - uses: elastic/oblt-actions/aws/auth@v1 + with: + aws-account-id: "${{ env.AWS_ACCOUNT_ID }}" + aws-region: "${{ env.AWS_REGION }}" + + - uses: aws-actions/setup-sam@2360ef6d90015369947b45b496193ab9976a9b04 # v2 + with: + use-installer: true + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and package + run: | + .internal/aws/scripts/dist.sh \ + elastic-serverless-forwarder \ + ${{ needs.get-esf-version.outputs.version }} \ + ${{ env.BUCKET_NAME }} \ + ${{ env.AWS_ACCOUNT_ID }} \ + ${{ env.AWS_REGION }} \ + "Elastic" diff --git a/.github/workflows/upload-dependencies.yml b/.github/workflows/upload-dependencies.yml deleted file mode 100644 index 5374bf8d..00000000 --- a/.github/workflows/upload-dependencies.yml +++ /dev/null @@ -1,70 +0,0 @@ ---- -## Workflow to push zip with dependencies to S3 bucket every time the ESF version is updated -name: upload-dependencies - -env: - BUCKET_NAME : "esf-dependencies" - AWS_REGION : "eu-central-1" - ROLE: "arn:aws:iam::267093732750:role/esf-dependencies-role" - - -on: - workflow_run: - workflows: [release] - types: - - completed - - -permissions: - id-token: write # This is required for requesting the JWT - contents: read # This is required for actions/checkout - - -jobs: - - build-and-upload-dependencies: - runs-on: ubuntu-latest - timeout-minutes: 30 - - steps: - # See https://docs.aws.amazon.com/lambda/latest/dg/python-package.html#python-package-create-dependencies - - - uses: actions/checkout@v4 - - - name: Get version number - shell: bash - run: | - VERSION=$(grep -oE '[0-9]+\.[0-9]+\.[0-9]+(\-[a-zA-Z]+[0-9]+)?' share/version.py) - echo "VERSION=${VERSION}" >> $GITHUB_ENV - echo "::notice::ESF version is $VERSION." - - - uses: actions/setup-python@v5 - with: - python-version: '3.9' - cache: 'pip' # caching pip dependencies - - - name: Install requirements in a directory and zip it. - shell: bash - run: | - pip3 install -r requirements.txt -t ./dependencies - cd dependencies && zip -r ../lambda-v${{ env.VERSION }}.zip . - - - name: Place handlers in the zip file. - shell: bash - run: | - zip -r ./lambda-v${{ env.VERSION }}.zip main_aws.py - zip -r ./lambda-v${{ env.VERSION }}.zip handlers - zip -r ./lambda-v${{ env.VERSION }}.zip share - zip -r ./lambda-v${{ env.VERSION }}.zip storage - zip -r ./lambda-v${{ env.VERSION }}.zip shippers - - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: ${{ env.ROLE }} - aws-region: ${{ env.AWS_REGION }} - - - name: Copy file to s3 - run: | - aws s3 cp ./lambda-v${{ env.VERSION }}.zip s3://${{ env.BUCKET_NAME }}/ -