elastic · constanca-m · Sep 25, 2024 · Sep 24, 2024 · Sep 24, 2024 · Sep 24, 2024
diff --git a/.github/workflows/release.yml → .github/workflows/create-tag.yml b/.github/workflows/release.yml → .github/workflows/create-tag.yml
@@ -1,6 +1,6 @@
 ---
-## Workflow to create a new git tag if version.py variable version gets updated
-name: release
+# Workflow to create a new git tag if version.py variable version gets updated
+name: create-tag
 
 permissions:
   contents: write # write permission is required to create a GitHub release
@@ -14,14 +14,10 @@ on:
 
 jobs:
 
-  release:
+  create-tag:
     runs-on: ubuntu-latest
     timeout-minutes: 5
 
-    outputs:
-      version: ${{ steps.version.outputs.version }}
-      enabled: ${{ steps.version.outputs.enabled }}
-      tag: ${{ steps.version.outputs.tag }}
     steps:
 
       - uses: actions/checkout@v4
@@ -66,10 +62,6 @@ jobs:
           echo "::notice::Current version is ${{ env.VERSION }}."
           echo "::notice::The result for creating tag is $CREATE_TAG."
 
-          echo "version=${{ env.VERSION }}" >> "$GITHUB_OUTPUT"
-          echo "enabled=${CREATE_TAG}"      >> "$GITHUB_OUTPUT"
-          echo "tag=lambda-v${{ env.VERSION }}" >> "$GITHUB_OUTPUT"
-
       - name: Create tag
         if: env.CREATE_TAG == 'true' # run only in case CREATE_TAG is true
         uses: actions/github-script@v7
@@ -78,44 +70,6 @@ jobs:
             github.rest.git.createRef({
               owner: context.repo.owner,
               repo: context.repo.repo,
-              ref: 'refs/tags/' + "${{ steps.version.outputs.tag }}",
+              ref: 'refs/tags/lambda-v' + "${{ env.VERSION }}",
               sha: context.sha
             })
-
-  regular-sar:
-    if: ${{ needs.release.outputs.enabled == 'true' }}
-    runs-on: ubuntu-latest
-    needs: release
-    permissions:
-      # The OIDC permissions can be found at https://github.com/elastic/oblt-infra/tree/main/conf/resources/repos/elastic-serverless-forwarder
-      id-token: write
-      contents: read
-    env:
-      BUCKET_NAME : "elastic-serverless-forwarder"
-      AWS_REGION : "eu-central-1"
-      # elastic-observability-prod
-      AWS_ACCOUNT_ID: "267093732750"
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          ref: ${{ needs.release.outputs.tag }}
-
-      - uses: elastic/oblt-actions/aws/auth@v1
-        with:
-          aws-account-id: "${{ env.AWS_ACCOUNT_ID }}"
-          aws-region: "${{ env.AWS_REGION }}"
-
-      - uses: aws-actions/setup-sam@2360ef6d90015369947b45b496193ab9976a9b04 # v2
-        with:
-          use-installer: true
-          token: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Build and package
-        run: |
-          .internal/aws/scripts/dist.sh \
-            elastic-serverless-forwarder \
-            ${{ needs.release.outputs.version }} \
-            ${{ env.BUCKET_NAME }} \
-            ${{ env.AWS_ACCOUNT_ID }} \
-            ${{ env.AWS_REGION }} \
-            "Elastic"
diff --git a/.github/workflows/releases-production.yml b/.github/workflows/releases-production.yml
@@ -0,0 +1,123 @@
+---
+# IMPORTANT:
+# If you change the name of this file, you will have to update
+# https://github.com/elastic/oblt-infra/blob/main/conf/resources/repos/elastic-serverless-forwarder/01-aws-oidc-github.tf
+# to include the current one!
+
+# Workflow to push zip with dependencies to S3 bucket every time the ESF version is updated
+# (we need this for ESF terraform), and to publish the new SAR version
+name: releases-production
-name: releases-production
+# If you change the name, please adjust the changes in https://github.com/elastic/oblt-infra/tree/main/conf/resources/repos/elastic-serverless-forwarder
+name: releases-production
-name: releases-production
+# If you change the name, please adjust the changes in https://github.com/elastic/oblt-infra/tree/main/conf/resources/repos/elastic-serverless-forwarder
+name: releases-production
+
+on:
+  workflow_run:
+    workflows: [create-tag]
+    types:
+      - completed
+
+permissions:
+  id-token: write   # This is required for requesting the JWT
+  contents: read    # This is required for actions/checkout
+
+env:
+  AWS_REGION: "eu-central-1"
+  AWS_ACCOUNT_ID: "267093732750" # account 'elastic-observability-prod'
+
+jobs:
+
+  get-esf-version:
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+
+    outputs:
+      version: ${{ steps.get-version.outputs.version }}
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Get version number
+        id: get-version
+        shell: bash
+        run: |
+          version=$(grep -oE '[0-9]+\.[0-9]+\.[0-9]+(\-[a-zA-Z]+[0-9]+)?' share/version.py)
+          echo "version=${version}" >> $GITHUB_OUTPUT
+          echo "::notice::ESF version is ${version}."
+
+
+  build-and-upload-dependencies:
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    needs: get-esf-version
+
+    env:
+      BUCKET_NAME: "esf-dependencies"
+
+    steps:
+      # See https://docs.aws.amazon.com/lambda/latest/dg/python-package.html#python-package-create-dependencies
+
+      - uses: actions/checkout@v4
+        with:
+          ref: 'lambda-v${{ needs.get-esf-version.outputs.version }}'
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.9'
+          cache: 'pip'          # caching pip dependencies
+
+      - name: Install requirements in a directory and zip it.
+        shell: bash
+        run: |
+          pip3 install -r requirements.txt -t ./dependencies
+          cd dependencies && zip -r ../lambda-v${{ needs.get-esf-version.outputs.version }}.zip .
+
+      - name: Place handlers in the zip file.
+        shell: bash
+        run: |
+          zip -r ./lambda-v${{ needs.get-esf-version.outputs.version }}.zip main_aws.py
+          zip -r ./lambda-v${{ needs.get-esf-version.outputs.version }}.zip handlers
+          zip -r ./lambda-v${{ needs.get-esf-version.outputs.version }}.zip share
+          zip -r ./lambda-v${{ needs.get-esf-version.outputs.version }}.zip storage
+          zip -r ./lambda-v${{ needs.get-esf-version.outputs.version }}.zip shippers
+
+      - name: Configure AWS credentials
+        uses: elastic/oblt-actions/aws/auth@v1
+        with:
+          aws-account-id: "${{ env.AWS_ACCOUNT_ID }}"
+          aws-region: "${{ env.AWS_REGION }}"
+
+      - name: Copy file to s3
+        run: |
+          aws s3 cp ./lambda-v${{ needs.get-esf-version.outputs.version }}.zip s3://${{ env.BUCKET_NAME }}/
+
+
+  release-sar:
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    needs: get-esf-version
+
+    env:
+      BUCKET_NAME: "elastic-serverless-forwarder"
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: 'lambda-v${{ needs.get-esf-version.outputs.version }}'
+
+      - uses: elastic/oblt-actions/aws/auth@v1
+        with:
+          aws-account-id: "${{ env.AWS_ACCOUNT_ID }}"
+          aws-region: "${{ env.AWS_REGION }}"
+
+      - uses: aws-actions/setup-sam@2360ef6d90015369947b45b496193ab9976a9b04 # v2
+        with:
+          use-installer: true
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and package
+        run: |
+          .internal/aws/scripts/dist.sh \
+            elastic-serverless-forwarder \
+            ${{ needs.get-esf-version.outputs.version }} \
+            ${{ env.BUCKET_NAME }} \
+            ${{ env.AWS_ACCOUNT_ID }} \
+            ${{ env.AWS_REGION }} \
+            "Elastic"
diff --git a/.github/workflows/upload-dependencies.yml b/.github/workflows/upload-dependencies.yml