Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

release: automate regular SAR #758

Merged
merged 10 commits into from
Sep 11, 2024
Merged

release: automate regular SAR #758

Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
5968be8
release: automate regular SAR
v1v Aug 6, 2024
c5976f1
Update .github/workflows/release.yml
v1v Aug 27, 2024
a76f3ae
Merge branch 'main' into feature/support-sar-automation
v1v Aug 27, 2024
e5f8e6c
Update .github/workflows/release.yml
v1v Aug 27, 2024
e5f6169
Update .github/workflows/release.yml
v1v Aug 27, 2024
77d6a46
Update .github/workflows/release.yml
v1v Aug 27, 2024
70a2ca8
Apply suggestions from code review
v1v Aug 27, 2024
050ffac
Update .github/workflows/release.yml
v1v Aug 28, 2024
ad43b31
fix typo
v1v Sep 11, 2024
3d5bb84
Merge branch 'main' into feature/support-sar-automation
v1v Sep 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
49 changes: 48 additions & 1 deletion .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,10 @@ jobs:
runs-on: ubuntu-latest
timeout-minutes: 5

outputs:
version: ${{ steps.version.outputs.version }}
enabled: ${{ steps.version.outputs.enabled }}
tag: ${{ steps.version.outputs.tag }}
steps:

- uses: actions/checkout@v4
Expand All @@ -30,6 +34,7 @@ jobs:
echo "::notice::ESF version is $VERSION."

- name: Check if version increased
id: version
shell: bash
run: |
git fetch --tags
Expand Down Expand Up @@ -61,6 +66,10 @@ jobs:
echo "::notice::Current version is ${{ env.VERSION }}."
echo "::notice::The result for creating tag is $CREATE_TAG."

echo "version=${{ env.VERSION }}" >> "$GITHUB_OUTPUT"
echo "enabled=${CREATE_TAG}"" >> "$GITHUB_OUTPUT"
echo "tag=lambda-v${{ env.VERSION }}" >> "$GITHUB_OUTPUT"

- name: Create tag
if: env.CREATE_TAG == 'true' # run only in case CREATE_TAG is true
uses: actions/github-script@v7
Expand All @@ -69,6 +78,44 @@ jobs:
github.rest.git.createRef({
owner: context.repo.owner,
repo: context.repo.repo,
ref: 'refs/tags/lambda-v' + "${{ env.VERSION }}",
ref: 'refs/tags/' + "${{ steps.version.outputs.tag }}",
sha: context.sha
})

regular-sar:
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Run this job only if there is a new tag and in a separate job so we can see if things work as expected.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree with this.

We also only upload dependencies to the bucket when this workflow succeeds:

elastic-serverless-forwarder/.github/workflows/upload-dependencies.yml

Lines 11 to 15 in 70a2ca8

on:
workflow_run:
workflows: [release]
types:
- completed

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IIUC, there is a corner case in

elastic-serverless-forwarder/.github/workflows/upload-dependencies.yml

Line 32 in 70a2ca8

- uses: actions/checkout@v4
and it could use a wrong version if 2 or more commits happened in a row in share/version.py while upload-dependencies.yml has not been executed yet.

We can do a follow-up and see if that's a genuine reason

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree with you. There is also another problem: if a commit happens and the tag is not updated (so no version upgrade). I don't see why a commit would not cause a version upgrade, but we do not check that.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch!

if: ${{ needs.release.outputs.enabled == 'true' }}
runs-on: ubuntu-latest
needs: release
permissions:
v1v marked this conversation as resolved.
Show resolved Hide resolved
# The OIDC permissions can be found at https://github.com/elastic/oblt-infra/tree/main/conf/resources/repos/elastic-serverless-forwarder
id-token: write
contents: read
env:
BUCKET_NAME : "elastic-serverless-forwarder"
AWS_REGION : "eu-central-1"
# elastic-observability-prod
AWS_ACCOUNT_ID: "267093732750"
steps:
- uses: actions/checkout@v4
with:
ref: ${{ needs.release.outputs.tag }}
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

avoid surprises and use the tag that has been created earlier


- uses: elastic/oblt-actions/aws/auth@v1
with:
aws-account-id: "${{ env.AWS_ACCOUNT_ID }}"
aws-region: "${{ env.AWS_REGION }}"

- uses: aws-actions/setup-sam@2360ef6d90015369947b45b496193ab9976a9b04 # v2
with:
use-installer: true
token: ${{ secrets.GITHUB_TOKEN }}

- name: Build and package
run: |
.internal/aws/scripts/dist.sh \
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It runs the same command in #279 (comment)

elastic-serverless-forwarder \
${{ needs.release.outputs.version }} \
${{ env.BUCKET_NAME }} \
${{ env.AWS_ACCOUNT_ID }} \
${{ env.AWS_REGION }} \
"Elastic"
kaiyan-sheng marked this conversation as resolved.
Show resolved Hide resolved
Loading