release-step-3 #10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: release-step-3 | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| ref: | |
| description: 'Branch or tag ref to run the workflow on' | |
| required: true | |
| default: "main" | |
| version: | |
| description: 'The version to release (e.g. 1.2.3). This workflow will automatically perform the required version bumps' | |
| required: true | |
| dry_run: | |
| description: If set, run a dry-run release | |
| default: false | |
| type: boolean | |
| skip_maven_deploy: | |
| description: | | |
| If enabled, the deployment to maven central will be skipped. | |
| Select this if the deployment job for this release failed in a previous version but the release was actually published. | |
| Check manually on maven central beforehand! | |
| type: boolean | |
| required: true | |
| default: false | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: ${{ github.workflow }} | |
| env: | |
| RELEASE_VERSION: ${{ inputs.version }} | |
| RELEASE_VERSION_TAG: v${{ inputs.version }} | |
| jobs: | |
| validate-tag: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ inputs.ref }} | |
| fetch-depth: 0 | |
| - name: Warmup gradle wrapper | |
| uses: ./.github/workflows/gradle-goal | |
| with: | |
| command: "./gradlew -q currentVersion" | |
| - name: Validate release tag does not exist in repo | |
| uses: ./.github/workflows/validate-tag | |
| with: | |
| tag: ${{ env.RELEASE_VERSION_TAG }} | |
| - name: Validate tag match current gradle project version | |
| run: | | |
| if [ "$(./gradlew -q currentVersion)" != "${{ env.RELEASE_VERSION }}" ]; then | |
| echo "Tag should match version set in 'version.properties'" | |
| exit 1 | |
| fi | |
| - name: Validate version is a release version | |
| run: | | |
| if [[ "$(./gradlew -q currentVersion)" =~ "-SNAPSHOT" ]]; then | |
| echo "This is a snapshot version" | |
| exit 1 | |
| fi | |
| release: | |
| name: Release | |
| runs-on: ubuntu-latest | |
| if: ${{ ! inputs.skip_maven_deploy }} | |
| needs: | |
| - validate-tag | |
| permissions: | |
| attestations: write | |
| contents: write | |
| id-token: write | |
| env: | |
| TARBALL_FILE: artifacts.tar | |
| steps: | |
| - id: buildkite-run | |
| name: Run Release | |
| uses: elastic/oblt-actions/buildkite/run@v1 | |
| with: | |
| pipeline: "elastic-otel-java-release" | |
| token: ${{ secrets.BUILDKITE_TOKEN }} | |
| wait-for: true | |
| env-vars: | | |
| ref=${{ inputs.ref }} | |
| dry_run=${{ inputs.dry_run || 'false' }} | |
| TARBALL_FILE=${{ env.TARBALL_FILE }} | |
| - uses: elastic/oblt-actions/buildkite/download-artifact@v1 | |
| with: | |
| build-number: ${{ steps.buildkite-run.outputs.number }} | |
| path: ${{ env.TARBALL_FILE }} | |
| pipeline: ${{ steps.buildkite-run.outputs.pipeline }} | |
| token: ${{ secrets.BUILDKITE_TOKEN }} | |
| - name: untar the buildkite tarball | |
| run: tar xvf ${{ env.TARBALL_FILE }} | |
| - name: generate build provenance | |
| uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3 | |
| with: | |
| subject-path: "${{ github.workspace }}/**/*.jar" | |
| - if: ${{ success() && ! inputs.dry_run }} | |
| uses: elastic/oblt-actions/slack/send@v1 | |
| with: | |
| bot-token: ${{ secrets.SLACK_BOT_TOKEN }} | |
| channel-id: "#apm-agent-java" | |
| message: | | |
| :runner: [${{ github.repository }}] Release *${{ github.ref_name }}* has been triggered in Buildkite: (<${{ steps.buildkite-run.outputs.build }}|build>) | |
| - if: ${{ failure() && ! inputs.dry_run }} | |
| uses: elastic/oblt-actions/slack/send@v1 | |
| with: | |
| bot-token: ${{ secrets.SLACK_BOT_TOKEN }} | |
| channel-id: "#apm-agent-java" | |
| message: | | |
| :ghost: [${{ github.repository }}] Release *${{ github.ref_name }}* didn't get triggered in Buildkite. | |
| Build: (<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|here>) | |
| build-and-push-docker-images: | |
| name: "Build and push docker images" | |
| runs-on: ubuntu-latest | |
| needs: | |
| - await-maven-central-artifact | |
| - create-github-release | |
| env: | |
| DOCKER_IMAGE_NAME: docker.elastic.co/observability/elastic-otel-javaagent | |
| permissions: | |
| attestations: write | |
| contents: read | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ inputs.ref }} | |
| fetch-depth: 0 # Load entire history as it is required for the get latest tag | |
| - name: Get latest tag | |
| run: echo "LATEST_TAG=$(git tag --list --sort=version:refname "v*" | grep -v RC | sed s/^v// | tail -n 1)" >> "${GITHUB_ENV}" | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 | |
| - name: Log in to the Elastic Container registry | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
| with: | |
| registry: ${{ secrets.ELASTIC_DOCKER_REGISTRY }} | |
| username: ${{ secrets.ELASTIC_DOCKER_USERNAME }} | |
| password: ${{ secrets.ELASTIC_DOCKER_PASSWORD }} | |
| - name: Extract metadata (tags, labels) | |
| id: docker-meta | |
| uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 | |
| with: | |
| images: ${{ env.DOCKER_IMAGE_NAME }} | |
| tags: | | |
| type=raw,value=${{ env.RELEASE_VERSION }} | |
| type=raw,value=latest,enable=${{ contains(env.LATEST_TAG,env.RELEASE_VERSION) }} | |
| - name: Copy build jars | |
| run: | | |
| curl -L -s -o elastic-otel-agentextension.jar "https://oss.sonatype.org/service/local/artifact/maven/redirect?r=releases&g=co.elastic.otel&a=elastic-otel-agentextension&v=${{ env.RELEASE_VERSION }}" | |
| curl -L -s -o elastic-otel-javaagent.jar "https://oss.sonatype.org/service/local/artifact/maven/redirect?r=releases&g=co.elastic.otel&a=elastic-otel-javaagent&v=${{ env.RELEASE_VERSION }}" | |
| - name: Build and push image | |
| id: push | |
| uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 | |
| with: | |
| context: . | |
| file: "docker/Dockerfile" | |
| platforms: linux/amd64,linux/arm64 | |
| push: true | |
| tags: ${{ steps.docker-meta.outputs.tags }} | |
| labels: ${{ steps.docker-meta.outputs.labels }} | |
| build-args: | | |
| JAR_FILE=elastic-otel-javaagent.jar | |
| EXTENSION_JAR_FILE=elastic-otel-agentextension.jar | |
| - name: generate build provenance (containers) | |
| uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3 | |
| with: | |
| subject-name: "${{ env.DOCKER_IMAGE_NAME }}" | |
| subject-digest: ${{ steps.push.outputs.digest }} | |
| push-to-registry: true | |
| await-maven-central-artifact: | |
| runs-on: ubuntu-latest | |
| name: Wait for release to be available on maven-central | |
| if: inputs.dry_run == false | |
| needs: | |
| - validate-tag | |
| steps: | |
| - uses: elastic/oblt-actions/maven/await-artifact@v1 | |
| with: | |
| group-id: 'co.elastic.otel' | |
| artifact-id: 'elastic-otel-javaagent' | |
| version: ${{ inputs.version }} | |
| generate-release-notes: | |
| runs-on: ubuntu-latest | |
| name: Generate the changelog for this release | |
| outputs: | |
| notes: ${{ steps.print_release_notes.outputs.notes }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ inputs.ref }} | |
| - name: Setup Gradle | |
| uses: ./.github/workflows/gradle-goal | |
| with: | |
| command: "" | |
| - name: Print Release Notes | |
| id: print_release_notes | |
| run: | | |
| echo 'notes<<RELNOTESEOF' >> $GITHUB_OUTPUT | |
| cat CHANGELOG.next-release.md >> $GITHUB_OUTPUT | |
| printf '\nThis release is based on the following upstream versions:\n\n' >> $GITHUB_OUTPUT | |
| ./gradlew -q printUpstreamDependenciesMarkdown >> $GITHUB_OUTPUT | |
| echo 'RELNOTESEOF' >> $GITHUB_OUTPUT | |
| post-release: | |
| name: "Bump versions and create PR" | |
| needs: | |
| - await-maven-central-artifact | |
| - generate-release-notes | |
| uses: ./.github/workflows/pre-post-release.yml | |
| permissions: | |
| contents: write | |
| if: inputs.dry_run == false | |
| with: | |
| ref: ${{ inputs.ref }} | |
| version: ${{ inputs.version }} | |
| phase: 'post' | |
| pr_title: "[release] release-step-4 ${{ inputs.version }}" | |
| pr_body: "Step 4 of the release process for version ${{ inputs.version }}: review & merge" | |
| changelog: ${{needs.generate-release-notes.outputs.notes}} | |
| secrets: inherit | |
| create-github-release: | |
| name: "Create GitHub Release" | |
| needs: | |
| - post-release | |
| - generate-release-notes | |
| runs-on: ubuntu-latest | |
| if: ${{ ! inputs.dry_run }} | |
| permissions: | |
| contents: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ inputs.ref }} | |
| - name: Create GitHub Release | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| run: | | |
| gh release create ${{ env.RELEASE_VERSION_TAG }} \ | |
| --verify-tag \ | |
| --title="Release ${{ env.RELEASE_VERSION }}" \ | |
| --notes='${{needs.generate-release-notes.outputs.notes}}' |