ci: support release in dry-run mode (#142)

.buildkite/README.md

@@ -4,7 +4,7 @@ This README provides an overview of the Buildkite pipeline to automate the build
 
 ## Release pipeline
 
-TODO: not implemented yet
+The Buildkite pipeline is for building and publishing releases.
 
 ## Snapshot pipeline
 

.buildkite/hooks/prepare-common.sh

@@ -2,7 +2,7 @@
 set -euo pipefail
 
 echo "--- Install JDK17 :java:"
-# JDK version is defined in two different locations, here and .github/workflows/maven-goal/action.yml
+# JDK version is defined in two different locations, here and .github/workflows/build.yml
 JAVA_URL=https://jvm-catalog.elastic.co/jdk
 JAVA_HOME=$(pwd)/.openjdk17
 JAVA_PKG="$JAVA_URL/latest_openjdk_17_linux.tar.gz"

.buildkite/release.yml

@@ -0,0 +1,16 @@
+agents:
+  provider: "gcp"
+
+steps:
+  - label: "Build and publish release"
+    key: "release"
+    commands: .ci/release.sh
+    artifact_paths:
+      - "release.txt"
+      - "agent/build/libs/elastic-otel-javaagent-*.jar"
+      - "build/dry-run-maven-repo.tgz"
+
+notify:
+  - slack: "#apm-agent-java"
+    if: 'build.state != "passed"'
+

.ci/release.sh

@@ -0,0 +1,43 @@
+#!/usr/bin/env bash
+##  This script runs the release given the different environment variables
+##    dry_run
+##
+##  It relies on the .buildkite/hooks/pre-command so the Vault and other tooling
+##  are prepared automatically by buildkite.
+##
+
+set -eo pipefail
+
+# Make sure we delete this folder before leaving even in case of failure
+clean_up () {
+  ARG=$?
+  echo "--- Deleting tmp workspace"
+  rm -rf $TMP_WORKSPACE
+  exit $ARG
+}
+trap clean_up EXIT
+
+echo "--- JDK installation info :coffee:"
+echo $JAVA_HOME
+echo $PATH
+java -version
+
+publishArg=''
+if [[ "$dry_run" == "true" ]] ; then
+    echo "--- Build and publish the release :package: (dry-run)"
+    publishArg='publishAllPublicationsToDryRunRepository'
+else
+    echo "--- Build and publish the release :package:"
+    ### TODO: changeme
+    publishArg='assemble'
+fi
+
+./gradlew \
+    --console=plain \
+    clean ${publishArg} \
+    | tee release.txt
+
+if [[ "$dry_run" == "true" ]] ; then
+    echo "--- Archive the dry-run repository :package: (dry-run)"
+    tar czvf ./build/dry-run-maven-repo.tgz -C ./build/dry-run-maven-repo/ . | tee release.txt
+fi

.ci/snapshot.sh

@@ -11,7 +11,6 @@ set -eo pipefail
 # Make sure we delete this folder before leaving even in case of failure
 clean_up () {
   ARG=$?
-  export VAULT_TOKEN=$PREVIOUS_VAULT_TOKEN
   echo "--- Deleting tmp workspace"
   rm -rf $TMP_WORKSPACE
   exit $ARG

.github/workflows/README.md

@@ -0,0 +1,39 @@
+## CI/CD
+
+There are three main stages that run on GitHub actions:
+
+* Build
+* Unit Test
+* Release
+
+### Scenarios
+
+* Tests should be triggered on branch, tag, and PR basis.
+* Commits that are only affecting the docs files should not trigger any test or similar stages that are not required.
+* Automated release in the CI gets triggered through a GitHub workflow.
+* **This is not the case yet**, but if Github secrets are required, Pull Requests from forked repositories won't run any build accessing those secrets. If needed, create a feature branch (opened directly on the upstream project).
+
+### How do you interact with the CI?
+
+#### On a PR basis
+
+Once a PR has been opened, then there are two different ways you can trigger builds in the CI:
+
+1. Git commit based
+2. UI-based, any Elasticians can force a build through the GitHub UI
+
+#### Branches
+
+Whenever a merge to the main or branches, the whole workflow will be compiled and tested on Linux and Windows.
+
+### Release process
+
+This process has been fully automated, and it gets triggered manually when the [release](https://github.com/elastic/elastic-otel-java/actions/workflows/release.yml) workflow is being run. It runs a Buildkite pipeline in charge of generating and publishing the artifacts; for further details, please go to [the Buildkite folder](../../.buildkite/README.md). 
+
+The tag release follows the naming convention: `v.<major>.<minor>.<patch>`, where `<major>`, `<minor>` and `<patch>`.
+
+The release automation raises a Pull Request with the next version.
+
+### OpenTelemetry
+
+A GitHub workflow is responsible for populating the workflows regarding jobs and steps. Those details can be seen [here](https://ela.st/oblt-ci-cd-stats) (**NOTE**: only available for Elasticians).

.github/workflows/release.yml

@@ -0,0 +1,65 @@
+---
+name: release
+
+on:
+  workflow_dispatch:
+    inputs:
+      dry_run:
+        description: If set, run a dry-run release
+        default: false
+        type: boolean
+
+permissions:
+  contents: read
+
+jobs:
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+
+    steps:
+      - id: buildkite
+        name: Run Release
+        uses: elastic/apm-pipeline-library/.github/actions/buildkite@current
+        with:
+          vaultUrl: ${{ secrets.VAULT_ADDR }}
+          vaultRoleId: ${{ secrets.VAULT_ROLE_ID }}
+          vaultSecretId: ${{ secrets.VAULT_SECRET_ID }}
+          pipeline: elastic-otel-java-release
+          waitFor: true
+          printBuildLogs: false
+          buildEnvVars: |
+            dry_run=${{ inputs.dry_run || 'false' }}
+
+      - if: ${{ success() && ! inputs.dry_run }}
+        uses: elastic/apm-pipeline-library/.github/actions/slack-message@current
+        with:
+          url: ${{ secrets.VAULT_ADDR }}
+          roleId: ${{ secrets.VAULT_ROLE_ID }}
+          secretId: ${{ secrets.VAULT_SECRET_ID }}
+          channel: "#apm-agent-java"
+          message: |
+            :runner: [${{ github.repository }}] Release *${{ github.ref_name }}* has been triggered in Buildkite: (<${{ steps.buildkite.outputs.build }}|build>)
+
+      - if: ${{ failure() && ! inputs.dry_run }}
+        uses: elastic/apm-pipeline-library/.github/actions/slack-message@current
+        with:
+          url: ${{ secrets.VAULT_ADDR }}
+          roleId: ${{ secrets.VAULT_ROLE_ID }}
+          secretId: ${{ secrets.VAULT_SECRET_ID }}
+          channel: "#apm-agent-java"
+          message: |
+            :ghost: [${{ github.repository }}] Release *${{ github.ref_name }}* didn't get triggered in Buildkite.
+            Build: (<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|here>)
+
+  post_release:
+    name: Post Release
+    needs: release
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - if: ${{ ! inputs.dry_run }}
+        run: echo "TODO"

catalog-info.yaml

@@ -31,3 +31,37 @@ spec:
           access_level: BUILD_AND_READ
         everyone:
           access_level: READ_ONLY
+
+---
+# yaml-language-server: $schema=https://gist.githubusercontent.com/elasticmachine/988b80dae436cafea07d9a4a460a011d/raw/rre.schema.json
+apiVersion: backstage.io/v1alpha1
+kind: Resource
+metadata:
+  name: buildkite-pipeline-elastic-otel-java-release
+  description: Buildkite Release pipeline for elastic-otel-java
+  links:
+    - title: Pipeline
+      url: https://buildkite.com/elastic/elastic-otel-java-release
+spec:
+  type: buildkite-pipeline
+  owner: group:apm-agent-java
+  system: buildkite
+  implementation:
+    apiVersion: buildkite.elastic.dev/v1
+    kind: Pipeline
+    metadata:
+      name: elastic-otel-java-release
+    spec:
+      repository: elastic/elastic-otel-java
+      pipeline_file: ".buildkite/release.yml"
+      provider_settings:
+        trigger_mode: none
+      teams:
+        apm-agent-java:
+          access_level: MANAGE_BUILD_AND_READ
+        observablt-robots:
+          access_level: MANAGE_BUILD_AND_READ
+        observablt-robots-automation:
+          access_level: BUILD_AND_READ
+        everyone:
+          access_level: READ_ONLY