From bd35cb17aa0f0a0fb527bd856f4535fd466844e9 Mon Sep 17 00:00:00 2001
From: Lucas <luckslovez@gmail.com>
Date: Tue, 5 Mar 2024 12:28:20 +0100
Subject: [PATCH] windows_publish + auto release(#114)

- Windows publishing
  - Use server side encryption when putting objects to s3
- Release promotion
  - Use simple script to determine whether a pre_release needs to promote to release
---
 .github/workflows/merge_to_main.yml      | 36 ++++++++++++------------
 .github/workflows/pull_request.yml       |  5 ++++
 ansible/upload-win-packages/playbook.yml |  2 +-
 3 files changed, 24 insertions(+), 19 deletions(-)

diff --git a/.github/workflows/merge_to_main.yml b/.github/workflows/merge_to_main.yml
index e2b9d0e1..54b5fd77 100644
--- a/.github/workflows/merge_to_main.yml
+++ b/.github/workflows/merge_to_main.yml
@@ -55,6 +55,8 @@ jobs:
 
   run_e2e_tests_production:
     needs: [ get_release_tag, publish_linux_to_prod ]
+    if: |
+      always() && !failure() && !cancelled()
     name: Run E2E tests for all supported packages installing NRIA from production
     uses: ./.github/workflows/run_e2e_tests.yml
     with:
@@ -64,13 +66,13 @@ jobs:
       test_report_filename: test-report-production.xml
     secrets: inherit
 
-#  publish_windows:
-#    name: Publish windows packages to logging's production bucket
-#    needs: get_release_tag
-#    uses: ./.github/workflows/run_task.yml
-#    with:
-#      container_make_target: "ansible/upload-win-packages PR_TAG=${{ needs.get_release_tag.outputs.tag }}"
-#    secrets: inherit
+  publish_windows:
+    name: Publish windows packages to logging's production bucket
+    needs: get_release_tag
+    uses: ./.github/workflows/run_task.yml
+    with:
+      container_make_target: "ansible/upload-win-packages/run PR_TAG=${{ needs.get_release_tag.outputs.tag }}"
+    secrets: inherit
 
   promote_prerelease_to_release:
     name: If there are packages in the pre_release, promote it to release
@@ -83,17 +85,15 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Check if pre_release has artifacts, if so, upgrade to release
-        uses: actions/github-script@v6
-        with:
-          script: |
-            PR_NUMBER=${{ needs.get_release_tag.outputs.pr_number }}
-            TAG=${{ needs.get_release_tag.outputs.tag }}
-            PKG_COUNT=$(gh release view $TAG --repo newrelic/fluent-bit-package --json assets --jq '.assets[].name' | grep -E '^(fb-windows-|fluent-bit-)' | wc -l)
-            if [[ $PKG_COUNT -gt 0 ]]
-            then
-              echo "Promoting pre_release to release"
-              gh release edit $TAG --draft=false --prerelease=false --title "Release $PR_NUMBER"
-            fi
+        run: |
+          PR_NUMBER=${{ needs.get_release_tag.outputs.pr_number }}
+          TAG=${{ needs.get_release_tag.outputs.tag }}
+          PKG_COUNT=$(gh release view $TAG --repo newrelic/fluent-bit-package --json assets --jq '.assets[].name' | grep -E '^(fb-windows|fluent-bit)' | wc -l)
+          if [[ $PKG_COUNT -gt 0 ]]
+          then
+            echo "Promoting pre_release to release"
+            gh release edit $TAG --draft=false --prerelease=false --title "Release $PR_NUMBER"
+          fi
 
   notify:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml
index 044901fa..885bcf19 100644
--- a/.github/workflows/pull_request.yml
+++ b/.github/workflows/pull_request.yml
@@ -79,6 +79,7 @@ jobs:
   download_official_packages:
     needs: [setup_environment]
     runs-on: ubuntu-latest
+    if: ${{ needs.setup_environment.outputs.linux_and_windows_matrix != '[]' }}
     strategy:
       fail-fast: true
       matrix:
@@ -142,6 +143,7 @@ jobs:
 
   spin_up_suse:
     needs: setup_environment
+    if: ${{ needs.setup_environment.outputs.sles_matrix != '[]' }}
     uses: ./.github/workflows/run_task.yml
     with:
       container_make_target: "terraform/ec2-suse-builders/provision PRE_RELEASE_NAME=${{ needs.setup_environment.outputs.pre_release_name }}"
@@ -164,6 +166,7 @@ jobs:
   sign_suse_packages:
     needs: [setup_environment, build_suse_packages]
     runs-on: ubuntu-latest
+    if: ${{ needs.setup_environment.outputs.sles_matrix != '[]' }}
     strategy:
       fail-fast: true
       matrix:
@@ -228,6 +231,8 @@ jobs:
 
   run_e2e_tests_staging:
     needs: [ setup_environment, run_e2e_tests_prerelease, publish_linux_to_staging ]
+    if: |
+      always() && !failure() && !cancelled()
     name: Run E2E tests for all supported packages installing NRIA+FB from staging
     uses: ./.github/workflows/run_e2e_tests.yml
     with:
diff --git a/ansible/upload-win-packages/playbook.yml b/ansible/upload-win-packages/playbook.yml
index 7b3af41a..65f077e6 100644
--- a/ansible/upload-win-packages/playbook.yml
+++ b/ansible/upload-win-packages/playbook.yml
@@ -16,5 +16,5 @@
       loop: "{{ windows_artifacts }}"
 
     - name: Upload windows artifacts
-      ansible.builtin.command: "aws s3 cp {{ item }} s3://{{ windows_bucket }}/"
+      ansible.builtin.command: "aws s3 cp {{ item }} s3://{{ windows_bucket }}/ --sse AES256"
       loop: "{{ windows_artifacts }}"