diff --git a/.buildkite/README.md b/.buildkite/README.md index 07203f9b..be772e8f 100644 --- a/.buildkite/README.md +++ b/.buildkite/README.md @@ -4,7 +4,7 @@ This README provides an overview of the Buildkite pipeline to automate the build ## Release pipeline -TODO: not implemented yet +The Buildkite pipeline is for building and publishing releases. ## Snapshot pipeline diff --git a/.buildkite/hooks/prepare-common.sh b/.buildkite/hooks/prepare-common.sh index 3344659b..a4d33de1 100755 --- a/.buildkite/hooks/prepare-common.sh +++ b/.buildkite/hooks/prepare-common.sh @@ -2,7 +2,7 @@ set -euo pipefail echo "--- Install JDK17 :java:" -# JDK version is defined in two different locations, here and .github/workflows/maven-goal/action.yml +# JDK version is defined in two different locations, here and .github/workflows/build.yml JAVA_URL=https://jvm-catalog.elastic.co/jdk JAVA_HOME=$(pwd)/.openjdk17 JAVA_PKG="$JAVA_URL/latest_openjdk_17_linux.tar.gz" diff --git a/.buildkite/release.yml b/.buildkite/release.yml new file mode 100644 index 00000000..98081c6e --- /dev/null +++ b/.buildkite/release.yml @@ -0,0 +1,16 @@ +agents: + provider: "gcp" + +steps: + - label: "Build and publish release" + key: "release" + commands: .ci/release.sh + artifact_paths: + - "release.txt" + - "agent/build/libs/elastic-otel-javaagent-*.jar" + - "build/dry-run-maven-repo.tgz" + +notify: + - slack: "#apm-agent-java" + if: 'build.state != "passed"' + diff --git a/.ci/release.sh b/.ci/release.sh new file mode 100755 index 00000000..1cae2369 --- /dev/null +++ b/.ci/release.sh @@ -0,0 +1,43 @@ +#!/usr/bin/env bash +## This script runs the release given the different environment variables +## dry_run +## +## It relies on the .buildkite/hooks/pre-command so the Vault and other tooling +## are prepared automatically by buildkite. +## + +set -eo pipefail + +# Make sure we delete this folder before leaving even in case of failure +clean_up () { + ARG=$? + echo "--- Deleting tmp workspace" + rm -rf $TMP_WORKSPACE + exit $ARG +} +trap clean_up EXIT + +echo "--- JDK installation info :coffee:" +echo $JAVA_HOME +echo $PATH +java -version + +publishArg='' +if [[ "$dry_run" == "true" ]] ; then + echo "--- Build and publish the release :package: (dry-run)" + publishArg='publishAllPublicationsToDryRunRepository' +else + echo "--- Build and publish the release :package:" + ### TODO: changeme + publishArg='assemble' +fi + +./gradlew \ + --console=plain \ + clean ${publishArg} \ + | tee release.txt + +if [[ "$dry_run" == "true" ]] ; then + echo "--- Archive the dry-run repository :package: (dry-run)" + tar czvf ./build/dry-run-maven-repo.tgz -C ./build/dry-run-maven-repo/ . | tee release.txt +fi diff --git a/.ci/snapshot.sh b/.ci/snapshot.sh index 62c2d45f..f23752c3 100755 --- a/.ci/snapshot.sh +++ b/.ci/snapshot.sh @@ -11,7 +11,6 @@ set -eo pipefail # Make sure we delete this folder before leaving even in case of failure clean_up () { ARG=$? - export VAULT_TOKEN=$PREVIOUS_VAULT_TOKEN echo "--- Deleting tmp workspace" rm -rf $TMP_WORKSPACE exit $ARG diff --git a/.github/workflows/README.md b/.github/workflows/README.md new file mode 100644 index 00000000..ebe013ba --- /dev/null +++ b/.github/workflows/README.md @@ -0,0 +1,39 @@ +## CI/CD + +There are three main stages that run on GitHub actions: + +* Build +* Unit Test +* Release + +### Scenarios + +* Tests should be triggered on branch, tag, and PR basis. +* Commits that are only affecting the docs files should not trigger any test or similar stages that are not required. +* Automated release in the CI gets triggered through a GitHub workflow. +* **This is not the case yet**, but if Github secrets are required, Pull Requests from forked repositories won't run any build accessing those secrets. If needed, create a feature branch (opened directly on the upstream project). + +### How do you interact with the CI? + +#### On a PR basis + +Once a PR has been opened, then there are two different ways you can trigger builds in the CI: + +1. Git commit based +2. UI-based, any Elasticians can force a build through the GitHub UI + +#### Branches + +Whenever a merge to the main or branches, the whole workflow will be compiled and tested on Linux and Windows. + +### Release process + +This process has been fully automated, and it gets triggered manually when the [release](https://github.com/elastic/elastic-otel-java/actions/workflows/release.yml) workflow is being run. It runs a Buildkite pipeline in charge of generating and publishing the artifacts; for further details, please go to [the Buildkite folder](../../.buildkite/README.md). + +The tag release follows the naming convention: `v...`, where ``, `` and ``. + +The release automation raises a Pull Request with the next version. + +### OpenTelemetry + +A GitHub workflow is responsible for populating the workflows regarding jobs and steps. Those details can be seen [here](https://ela.st/oblt-ci-cd-stats) (**NOTE**: only available for Elasticians). diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 00000000..c18d50e4 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,65 @@ +--- +name: release + +on: + workflow_dispatch: + inputs: + dry_run: + description: If set, run a dry-run release + default: false + type: boolean + +permissions: + contents: read + +jobs: + release: + name: Release + runs-on: ubuntu-latest + + steps: + - id: buildkite + name: Run Release + uses: elastic/apm-pipeline-library/.github/actions/buildkite@current + with: + vaultUrl: ${{ secrets.VAULT_ADDR }} + vaultRoleId: ${{ secrets.VAULT_ROLE_ID }} + vaultSecretId: ${{ secrets.VAULT_SECRET_ID }} + pipeline: elastic-otel-java-release + waitFor: true + printBuildLogs: false + buildEnvVars: | + dry_run=${{ inputs.dry_run || 'false' }} + + - if: ${{ success() && ! inputs.dry_run }} + uses: elastic/apm-pipeline-library/.github/actions/slack-message@current + with: + url: ${{ secrets.VAULT_ADDR }} + roleId: ${{ secrets.VAULT_ROLE_ID }} + secretId: ${{ secrets.VAULT_SECRET_ID }} + channel: "#apm-agent-java" + message: | + :runner: [${{ github.repository }}] Release *${{ github.ref_name }}* has been triggered in Buildkite: (<${{ steps.buildkite.outputs.build }}|build>) + + - if: ${{ failure() && ! inputs.dry_run }} + uses: elastic/apm-pipeline-library/.github/actions/slack-message@current + with: + url: ${{ secrets.VAULT_ADDR }} + roleId: ${{ secrets.VAULT_ROLE_ID }} + secretId: ${{ secrets.VAULT_SECRET_ID }} + channel: "#apm-agent-java" + message: | + :ghost: [${{ github.repository }}] Release *${{ github.ref_name }}* didn't get triggered in Buildkite. + Build: (<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|here>) + + post_release: + name: Post Release + needs: release + runs-on: ubuntu-latest + permissions: + contents: write + steps: + - uses: actions/checkout@v4 + + - if: ${{ ! inputs.dry_run }} + run: echo "TODO" \ No newline at end of file diff --git a/catalog-info.yaml b/catalog-info.yaml index 7fdff025..80aa0ee3 100644 --- a/catalog-info.yaml +++ b/catalog-info.yaml @@ -31,3 +31,37 @@ spec: access_level: BUILD_AND_READ everyone: access_level: READ_ONLY + +--- +# yaml-language-server: $schema=https://gist.githubusercontent.com/elasticmachine/988b80dae436cafea07d9a4a460a011d/raw/rre.schema.json +apiVersion: backstage.io/v1alpha1 +kind: Resource +metadata: + name: buildkite-pipeline-elastic-otel-java-release + description: Buildkite Release pipeline for elastic-otel-java + links: + - title: Pipeline + url: https://buildkite.com/elastic/elastic-otel-java-release +spec: + type: buildkite-pipeline + owner: group:apm-agent-java + system: buildkite + implementation: + apiVersion: buildkite.elastic.dev/v1 + kind: Pipeline + metadata: + name: elastic-otel-java-release + spec: + repository: elastic/elastic-otel-java + pipeline_file: ".buildkite/release.yml" + provider_settings: + trigger_mode: none + teams: + apm-agent-java: + access_level: MANAGE_BUILD_AND_READ + observablt-robots: + access_level: MANAGE_BUILD_AND_READ + observablt-robots-automation: + access_level: BUILD_AND_READ + everyone: + access_level: READ_ONLY