Automate deployments to SAR #279
Comments
|
I think we can help with this. We have configured OIDC access to AWS accounts in GitHub actions (see https://github.com/elastic/observability-robots/blob/main/docs/teams/ci/keyless/README.md), so there is no need to use any secrets but configure the automation. If you can provide how you deploy to SAR currently and the steps you do now, then we can figure out the bits and pieces that are required. Thanks |
|
Hey @v1v, thanks! I'm sharing this with the team. |
|
@v1v that would be good news if you could help us on that. Would it be possible to have this automation for both "regular" SAR and GovCloud SAR ? We are struggling a lot to have the proper permissions for the latest. @zmoog @kaiyan-sheng would it make sense to move this issue to our current iteration to make sure that we could provide Victor the relevant information ? |
Yep, definitely. We already have the information Victor needs; I'll pick them all and share them here. |
|
@v1v, I have a public note zmoog/public-notes#15 that describes how to publish ESF on SAR as a private application (a good option for testing). The process for publishing ESF as a public application remains the same. We need to use the same .internal/aws/scripts/dist.sh script with different parameters. The parameters to change are (at least):
We may need to repeat the publishing with different settings for AWS GovCloud (US): @kaiyan-sheng probably knows more than me. I see we already have a GitHub workflow to upload the .zip file for the Terraform installation method at https://github.com/elastic/elastic-serverless-forwarder/blob/main/.github/workflows/upload-dependencies.yml. We can probably change the like https://github.com/elastic/elastic-serverless-forwarder/blob/196240566f7f59bad7bc952063cc80b563b5a3a2/.internal/aws/scripts/dist.sh#L73-79 since we are already building a .zip file in an S3 bucket for the Terraform installation method. The release workflow should publish the artifacts on Terraform and SAR channels, right? |
|
Thanks to @girodav for double-checking with me and integrating this info before posting ❤️ |
|
Hi folks, I'm now back from PTO and we just started a new iteration, aka sprint, so I plan to work on this in the upcoming days, I'll keep you posted. |
Hey @v1v, thank you for taking this task! Let us know if you need anything! |
|
I've just created #758 I need some help with a few things:
I'm unfamiliar with GovCloud SAR, so it will probably be postponed in a follow-up if we can even automate it.
How does it work at the moment? IIUC, Maybe it can be combined with the
Can you contribute to my above-mentioned PR with the required changes please? |
Status updateI enabled the OIDC targeting the Then I created a branch based on my PR but removing some bits and pieces that were not needed, and I finally ran: It worked fine after discovering the required permissions to publish the application with sam publish and Therefore, the only missing bits and pieces are the questions I asked above. Cheers |
Yeah, we discussed this during a team meeting and agreed it's better to focus on automating SAR first and then evaluate the gap later. |
|
Thanks @zmoog Do you happen to know who can help me with some of the questions I have (see #279 (comment))? If it helps, we can syncup in a zoom call Thanks |
Yeah, I can help with this. I'm sorry for the delay. I started working on this but got interrupted, so I'm resuming today!
Thanks! Let's see how far I can go. I won't hesitate to contact you for a call if it helps! |
I have a public note zmoog/public-notes#15 describing the publishing process of ESF on SAR as a private application. IIRC, the process is identical, and we need to use a specific AWS account and region for publishing it as a public application. Here's the command line format: .internal/aws/scripts/dist.sh \
sar-app-name \
version-in-sar
s3-bucket-for-sar \
account-id \
sar-region \
"author name"Here is the parameter info I remember or found in my notes. I'll update this table as I get more details.
|
Yep, I would extend the current workflow for releasing the Terraform artifacts with a job for SAR! |
@constanca-m, please correct me if I'm wrong. This workflow packages ESF as a release .zip file. It is designed to deploy ESF using the Terraform module at https://github.com/elastic/terraform-elastic-esf and is unrelated to SAR.
Oh, good point! We need to fix this then!
Sounds great. |
I need to check whether we can use the exact .zip file for SAR and Terraform or if they differ. |
|
Yes to your questions, I followed the script the last time I updated SAR like this: |
Status update#758 is ready for review. I kept what we discussed in #279 (comment); I mentioned in the PR that it might be done in a follow-up. I prefer to keep it simple for now and iterate in small PRs. |
|
Hi folks, Can I get some more eyes for #758? I don't know if it can be merged as is or if you have any concerns, but I need you to validate if the implementation is what you had in mind. In addition, if the arguments are the expected ones when using Thanks |
Status updatePR has been migrated so that you can proceed with your regular release -🤞 the automation should do the rest. As we said, I didn't enable any support for GovCloud. We don't have access, and in my opinion, that's something to be done, likely in a follow-up. If nothing else is needed, I'll close this task in our project board. Please ping me or Robots if you need any clarifications or help. Cheers |
|
Thanks @v1v, great work! We are going to use the release process today or tomorrow to release a bug fix. We can work on GovCloud in the next iteration. |
Create a Github Workflow that automatically release Elastic Serverless Forwarder to SAR, when a new version tag is pushed
Relevant doc: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#running-your-workflow-only-when-a-push-of-specific-tags-occurs
The text was updated successfully, but these errors were encountered: