aws-observability · vasireddy99 · Feb 27, 2024 · Dec 16, 2023 · Dec 16, 2023 · Dec 19, 2023
@@ -0,0 +1,67 @@
+name: Build and Push Java-Agent Image after CPUtility Test
+description: |
+  cpUtility Testing
+  This action assumes that Repo was checked out and Java was set correctly
+
+inputs:
+  aws-region:
+    required: true
+    description: "AWS Region"
+  image_uri_with_tag:
+    required: true
+    description: "Image URI with Tag"
+  image_registry:
+    required: true
+    description: "Image Registry"
+  adot-java-version:
+    required: true
+    description: "ADOT Java Version"
+  snapshot-ecr-role:
+    require: true
+    description: "IAM Role used for pushing to snapshot ecr"
+
+
+runs:
+  using: "composite"
+  steps:
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Configure AWS Credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        role-to-assume: ${{ inputs.snapshot-ecr-role }}
+        aws-region: ${{ inputs.aws-region }}
+
+    - name: Login to private staging ecr
+      uses: docker/login-action@v3
+      with:
+        registry: ${{ inputs.image_registry }}
+      env:
+        AWS_REGION: ${{ inputs.aws-region }}
+
+    - name: Build image for testing
+      uses: docker/build-push-action@v5
+      with:
+        push: false
+        build-args: "ADOT_JAVA_VERSION=${{ inputs.adot-java-version }}"
+        context: .
+        platforms: linux/amd64
+        tags: ${{ inputs.image_uri_with_tag }}
+        load: true
+
+    - name: Test docker image
+      shell: bash
+      run: .github/scripts/test-adot-javaagent-image.sh "${{ inputs.image_uri_with_tag }}" "${{ inputs.adot-java-version }}"
+
+    - name: Build and push image
+      uses: docker/build-push-action@v5
+      with:
+        push: true
+        build-args: "ADOT_JAVA_VERSION=${{ inputs.adot-java-version }}"
+        context: .
+        platforms: linux/amd64,linux/arm64
+        tags: ${{ inputs.image_uri_with_tag }}
@@ -13,33 +13,52 @@ inputs:
     default: "false"
     required: false
     description: "If the workflow should run tests of the dependencies. Anything different than false will evaluate to true"
-  branch:
-    required: true
-    description: "The branch where this patches are being applied e.g.: release/v1.21.x"
   gpg_private_key:
     description: "The gpg key used to sign the artifacts"
-    required: true
+    required: false
   gpg_password:
     description: "The gpg key password"
-    required: true
+    required: false
 runs:
   using: "composite"
   steps:
+    - name: set environment variables
+      env:
+        INPUT_KEY: ${{ inputs.gpg_private_key }}
+        INPUT_PASSWORD: ${{ inputs.gpg_password }}
+      shell: bash
+      run: |
+        EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
+        if [[ ! -z "$INPUT_KEY" ]]; then
+          {
+            echo "GPG_PRIVATE_KEY<<$EOF"
+            echo "$INPUT_KEY"
+            echo "$EOF"
+          } >> "$GITHUB_ENV"
+        fi
+        if [[ ! -z "$INPUT_PASSWORD" ]]; then
+          {
+            echo "GPG_PASSWORD<<$EOF"
+            echo "$INPUT_PASSWORD"
+            echo "$EOF"
+          } >> "$GITHUB_ENV"
+        fi
+
     - name: check patches
       run: |
-        if [[ -f .github/patches/${{ inputs.branch }}/opentelemetry-java.patch ]]; then
+        if [[ -f .github/patches/opentelemetry-java.patch ]]; then
           echo 'patch_otel_java=true' >> $GITHUB_ENV
         fi
-        if [[ -f .github/patches/${{ inputs.branch }}/opentelemetry-java-instrumentation.patch ]]; then
+        if [[ -f .github/patches/opentelemetry-java-instrumentation.patch ]]; then
             echo 'patch_otel_java_instrumentation=true' >> $GITHUB_ENV
         fi
-        if [[ -f .github/patches/${{ inputs.branch }}/opentelemetry-java-contrib.patch ]]; then
+        if [[ -f .github/patches/opentelemetry-java-contrib.patch ]]; then
             echo 'patch_otel_java_contrib=true' >> $GITHUB_ENV
         fi
       shell: bash
 
     - name: Clone and patch repositories
-      run: .github/scripts/patch.sh "${{ inputs.branch }}"
+      run: .github/scripts/patch.sh
       if: ${{ env.patch_otel_java == 'true' ||
               env.patch_otel_java_instrumentation == 'true' ||
               env.patch_otel_java_contrib == 'true' }}
@@ -51,19 +70,13 @@ runs:
       with:
         arguments: build publishToMavenLocal
         build-root-directory: opentelemetry-java
-      env:
-        GPG_PRIVATE_KEY: ${{ inputs.gpg_private_key }}
-        GPG_PASSWORD: ${{ inputs.gpg_password }}
 
     - name: Build opentelemetry-java
       uses: gradle/gradle-build-action@v2
       if: ${{ env.patch_otel_java == 'true' && inputs.run_tests == 'false' }}
       with:
         arguments: publishToMavenLocal
         build-root-directory: opentelemetry-java
-      env:
-        GPG_PRIVATE_KEY: ${{ inputs.gpg_private_key }}
-        GPG_PASSWORD: ${{ inputs.gpg_password }}
 
     - name: cleanup opentelemetry-java
       run: rm -rf opentelemetry-java
@@ -76,19 +89,13 @@ runs:
       with:
         arguments: build publishToMavenLocal
         build-root-directory: opentelemetry-java-contrib
-      env:
-        GPG_PRIVATE_KEY: ${{ inputs.gpg_private_key }}
-        GPG_PASSWORD: ${{ inputs.gpg_password }}
 
     - name: Build opentelemetry-java-contrib
       uses: gradle/gradle-build-action@v2
       if: ${{ env.patch_otel_java_contrib == 'true' && inputs.run_tests == 'false' }}
       with:
         arguments: publishToMavenLocal
         build-root-directory: opentelemetry-java-contrib
-      env:
-        GPG_PRIVATE_KEY: ${{ inputs.gpg_private_key }}
-        GPG_PASSWORD: ${{ inputs.gpg_password }}
 
     - name: cleanup opentelemetry-java-contrib
       run: rm -rf opentelemetry-java-contrib
@@ -101,19 +108,13 @@ runs:
       with:
         arguments: check -x spotlessCheck publishToMavenLocal
         build-root-directory: opentelemetry-java-instrumentation
-      env:
-        GPG_PRIVATE_KEY: ${{ inputs.gpg_private_key }}
-        GPG_PASSWORD: ${{ inputs.gpg_password }}
 
     - name: Build opentelemetry java instrumentation
       uses: gradle/gradle-build-action@v2
       if: ${{ env.patch_otel_java_instrumentation == 'true' && inputs.run_tests == 'false' }}
       with:
         arguments: publishToMavenLocal
         build-root-directory: opentelemetry-java-instrumentation
-      env:
-        GPG_PRIVATE_KEY: ${{ inputs.gpg_private_key }}
-        GPG_PASSWORD: ${{ inputs.gpg_password }}
 
     - name: cleanup opentelmetry-java-instrumentation
       run: rm -rf opentelemetry-java-instrumentation

@@ -2,29 +2,26 @@
 # Enable debug mode, fail on any command that fail in this script and fail on unset variables
 set -x -e -u
 
-# This parameter will help find the patches to be applied
-BRANCH=$1
-
-# .github/patches/$BRANCH/versions.sh should define all the versions of the dependencies that we are going to patch
+# .github/patches/versions.sh should define all the versions of the dependencies that we are going to patch
 # This is used so that we can properly clone the upstream repositories.
 # This file should define the following variables:
 # OTEL_JAVA_VERSION. Tag of the opentelemetry-java repository to use. E.g.: JAVA_OTEL_JAVA_VERSION=v1.21.0
 # OTEL_JAVA_INSTRUMENTATION_VERSION. Tag of the opentelemetry-java-instrumentation repository to use, e.g.: OTEL_JAVA_INSTRUMENTATION_VERSION=v1.21.0
 # OTEL_JAVA_CONTRIB_VERSION. Tag of the opentelemetry-java-contrib repository. E.g.: OTEL_JAVA_CONTRIB_VERSION=v1.21.0
 # This script will fail if a variable that is supposed to exist is referenced.
 
-if [[ ! -f .github/patches/${BRANCH}/versions ]]; then
+if [[ ! -f .github/patches/versions ]]; then
   echo "No versions file found. Skipping patching"
   exit 0
 fi
 
-source .github/patches/${BRANCH}/versions
+source .github/patches/versions
 
 git config --global user.email "adot-patch-workflow@github.com"
 git config --global user.name "ADOT Patch workflow"
 
 
-OTEL_JAVA_PATCH=".github/patches/${BRANCH}/opentelemetry-java.patch"
+OTEL_JAVA_PATCH=".github/patches/opentelemetry-java.patch"
 if [[ -f "$OTEL_JAVA_PATCH" ]]; then
   git clone https://github.com/open-telemetry/opentelemetry-java.git
   cd opentelemetry-java
@@ -37,7 +34,7 @@ else
 fi
 
 
-OTEL_JAVA_CONTRIB_PATCH=".github/patches/${BRANCH}/opentelemetry-java-contrib.patch"
+OTEL_JAVA_CONTRIB_PATCH=".github/patches/opentelemetry-java-contrib.patch"
 if [[ -f "$OTEL_JAVA_CONTRIB_PATCH" ]]; then
   git clone https://github.com/open-telemetry/opentelemetry-java-contrib.git
   cd opentelemetry-java-contrib
@@ -50,7 +47,7 @@ else
 fi
 
 
-OTEL_JAVA_INSTRUMENTATION_PATCH=".github/patches/${BRANCH}/opentelemetry-java-instrumentation.patch"
+OTEL_JAVA_INSTRUMENTATION_PATCH=".github/patches/opentelemetry-java-instrumentation.patch"
 if [[ -f "$OTEL_JAVA_INSTRUMENTATION_PATCH" ]]; then
   git clone https://github.com/open-telemetry/opentelemetry-java-instrumentation.git
   cd opentelemetry-java-instrumentation

@@ -17,10 +17,12 @@ permissions:
   contents: read
 
 env:
-  AWS_DEFAULT_REGION: ${{ inputs.aws-region }} # Used by terraform and AWS CLI commands
+  # The precense of this env var is required for use by terraform and AWS CLI commands
+  # It is not redundant
+  AWS_DEFAULT_REGION: ${{ inputs.aws-region }} 
   TEST_ACCOUNT: ${{ secrets.APP_SIGNALS_E2E_TEST_ACC }}
-  SAMPLE_APP_FRONTEND_SERVICE_JAR: "s3://aws-appsignals-sample-app/main-service.jar"
-  SAMPLE_APP_REMOTE_SERVICE_JAR: "s3://aws-appsignals-sample-app/remote-service.jar"
+  SAMPLE_APP_FRONTEND_SERVICE_JAR: ${{ secrets.APP_SIGNALS_E2E_FE_SA_JAR }}
+  SAMPLE_APP_REMOTE_SERVICE_JAR: ${{ secrets.APP_SIGNALS_E2E_RE_SA_JAR }}
   APP_SIGNALS_ADOT_JAR: "https://github.com/aws-observability/aws-otel-java-instrumentation/releases/latest/download/aws-opentelemetry-agent.jar"
   METRIC_NAMESPACE: AppSignals
   LOG_GROUP_NAME: /aws/appsignals/generic
@@ -33,14 +35,18 @@ jobs:
         with:
           fetch-depth: 0
 
+      - uses: actions/setup-java@v4
+        with:
+          java-version: 17
+          distribution: temurin
+
       - name: Set CW Agent RPM environment variable
         run: |
           if [ ${{ env.AWS_DEFAULT_REGION }} == "us-east-1" ]; then
-            echo APP_SIGNALS_CW_AGENT_RPM="https://amazoncloudwatch-agent-us-east-1.s3.amazonaws.com/amazon_linux/amd64/1.300031.0b313/amazon-cloudwatch-agent.rpm" >> $GITHUB_ENV
+            echo GET_CW_AGENT_RPM_COMMAND="wget -O cw-agent.rpm https://amazoncloudwatch-agent-us-east-1.s3.amazonaws.com/amazon_linux/amd64/1.300031.0b313/amazon-cloudwatch-agent.rpm" >> $GITHUB_ENV
           else
-            echo APP_SIGNALS_CW_AGENT_RPM="https://amazoncloudwatch-agent-${{ env.AWS_DEFAULT_REGION }}.s3.${{ env.AWS_DEFAULT_REGION }}.amazonaws.com/amazon_linux/amd64/1.300031.0b313/amazon-cloudwatch-agent.rpm" >> $GITHUB_ENV
+            echo GET_CW_AGENT_RPM_COMMAND="wget -O cw-agent.rpm https://amazoncloudwatch-agent-${{ env.AWS_DEFAULT_REGION }}.s3.${{ env.AWS_DEFAULT_REGION }}.amazonaws.com/amazon_linux/amd64/1.300031.0b313/amazon-cloudwatch-agent.rpm" >> $GITHUB_ENV
           fi
-
 
       - name: Generate testing id
         run: echo TESTING_ID="${{ github.run_id }}-${{ github.run_number }}" >> $GITHUB_ENV
@@ -51,6 +57,24 @@ jobs:
           role-to-assume: ${{ secrets.E2E_TEST_ROLE_ARN }}
           aws-region: ${{ env.AWS_DEFAULT_REGION }}
 
+      - uses: actions/download-artifact@v3
+        if: inputs.caller-workflow-name == 'main-build'
+        with:
+          name: aws-opentelemetry-agent.jar
+
+      - name: Upload main-build adot.jar to s3
+        if: inputs.caller-workflow-name == 'main-build'
+        run: aws s3 cp ./aws-opentelemetry-agent-*-SNAPSHOT.jar s3://main-build-adot-staging-jar/aws-opentelemetry-agent.jar
+
+      - name: Set Get ADOT.jar command environment variable
+        working-directory: testing/terraform/ec2
+        run: |
+          if [ ${{ inputs.caller-workflow-name }} == "main-build" ]; then
+            echo GET_ADOT_JAR_COMMAND="aws s3 cp s3://main-build-adot-staging-jar/aws-opentelemetry-agent.jar ./adot.jar" >> $GITHUB_ENV
+          else
+            echo GET_ADOT_JAR_COMMAND="wget -O adot.jar https://github.com/aws-observability/aws-otel-java-instrumentation/releases/latest/download/aws-opentelemetry-agent.jar" >> $GITHUB_ENV
+          fi
+
       - name: Set up terraform
         uses: hashicorp/setup-terraform@v3
         with:
@@ -76,8 +100,8 @@ jobs:
               -var="test_id=${{ env.TESTING_ID }}" \
               -var="sample_app_jar=${{ env.SAMPLE_APP_FRONTEND_SERVICE_JAR }}" \
               -var="sample_remote_app_jar=${{ env.SAMPLE_APP_REMOTE_SERVICE_JAR }}" \
-              -var="cw_agent_rpm=${{ env.APP_SIGNALS_CW_AGENT_RPM }}" \
-              -var="adot_jar=${{ env.APP_SIGNALS_ADOT_JAR }}" \
+              -var="get_cw_agent_rpm_command=${{ env.GET_CW_AGENT_RPM_COMMAND }}" \
+              -var="get_adot_jar_command=${{ env.GET_ADOT_JAR_COMMAND }}" \
             || deployment_failed=$?
 
             if [ $deployment_failed -eq 1 ]; then
@@ -123,6 +147,22 @@ jobs:
             fi
           done
 
+      # cache local patch outputs
+      - name: Cache local Maven repository
+        id: cache-local-maven-repo
+        uses: actions/cache@v3
+        with:
+          path: |
+            ~/.m2/repository/io/opentelemetry/
+          key: ${{ runner.os }}-maven-local-${{ hashFiles('.github/patches/opentelemetry-java*.patch') }}
+
+      - name: Publish patched dependencies to maven local
+        uses: ./.github/actions/patch-dependencies
+        if: steps.cache-local-maven-repo.outputs.cache-hit != 'true'
+        with:
+          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
+          gpg_password: ${{ secrets.GPG_PASSPHRASE }}
+
       - name: Get the ec2 instance ami id
         run: |
           echo "EC2_INSTANCE_AMI=$(terraform output ec2_instance_ami)" >> $GITHUB_ENV
@@ -211,9 +251,7 @@ jobs:
             --region ${{ env.AWS_DEFAULT_REGION }}
           fi
 
-
       # Clean up Procedures
-
       - name: Terraform destroy
         if: always()
         continue-on-error: true