forked from aws-observability/aws-otel-java-instrumentation
-
Notifications
You must be signed in to change notification settings - Fork 0
151 lines (128 loc) · 5.85 KB
/
release-build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
name: Release Build
on:
push:
env:
AWS_PUBLIC_ECR_REGION: us-east-1
AWS_PRIVATE_ECR_REGION: us-west-2
TEST_TAG: public.ecr.aws/aws-observability/adot-autoinstrumentation-java:test
PUBLIC_REPOSITORY: public.ecr.aws/e2l5l6g6/framework-test
PRIVATE_REPOSITORY: 020628701572.dkr.ecr.us-west-2.amazonaws.com/adot-autoinstrumentation-java
PRIVATE_REGISTRY: 020628701572.dkr.ecr.us-west-2.amazonaws.com
permissions:
id-token: write
contents: write
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-java@v4
with:
java-version: 17
distribution: 'temurin'
- uses: gradle/wrapper-validation-action@v1
# - name: Publish patched dependencies to maven local
# uses: ./.github/actions/patch-dependencies
# with:
# gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
# gpg_password: ${{ secrets.GPG_PASSPHRASE }}
# - name: Configure AWS Credentials
# uses: aws-actions/configure-aws-credentials@v4
# with:
# role-to-assume: arn:aws:iam::612966150583:role/githubProviderRole
# aws-region: ${{ env.AWS_PUBLIC_ECR_REGION }}
# - name: Log in to AWS ECR
# uses: docker/login-action@v3
# with:
# registry: public.ecr.aws
# - name: Build release with Gradle
# uses: gradle/gradle-build-action@v3
# with:
# arguments: build integrationTests -PlocalDocker=true -Prelease.version=1.0.0 --stacktrace
# - name: Configure AWS Credentials
# uses: aws-actions/configure-aws-credentials@v4
# with:
# role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN_RELEASE }}
# aws-region: ${{ env.AWS_PUBLIC_ECR_REGION }}
# - name: Log in to AWS ECR
# uses: docker/login-action@v3
# with:
# registry: public.ecr.aws
# - name: Configure AWS Credentials for Private ECR
# uses: aws-actions/configure-aws-credentials@v4
# with:
# role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN_RELEASE }}
# aws-region: ${{ env.AWS_PRIVATE_ECR_REGION }}
# - name: Log in to AWS private ECR
# uses: docker/login-action@v3
# with:
# registry: ${{ env.PRIVATE_REGISTRY }}
# - name: Set up QEMU
# uses: docker/setup-qemu-action@v3
# - name: Set up Docker Buildx
# uses: docker/setup-buildx-action@v3
# with:
# driver-opts: image=moby/buildkit:v0.15.1
# - name: Build image for testing
# uses: docker/build-push-action@v5
# with:
# push: false
# build-args: "ADOT_JAVA_VERSION=${{ github.event.inputs.version }}"
# context: .
# platforms: linux/amd64
# tags: ${{ env.TEST_TAG }}
# load: true
# - name: Test docker image
# shell: bash
# run: .github/scripts/test-adot-javaagent-image.sh "${{ env.TEST_TAG }}" "${{ github.event.inputs.version }}"
# - name: Build and push image
# uses: docker/build-push-action@v5
# with:
# push: true
# build-args: "ADOT_JAVA_VERSION=${{ github.event.inputs.version }}"
# context: .
# platforms: linux/amd64,linux/arm64
# tags: |
# ${{ env.PUBLIC_REPOSITORY }}:v${{ github.event.inputs.version }}
# - name: Setup Notation CLI
# uses: notaryproject/notation-action/setup@v1
# - name: Sign released image
# uses: notaryproject/notation-action/sign@v1
# with:
# plugin_name: aws-signer-notation-plugin
# plugin_url: https://github.com/aws/aws-signer-notation-plugin/archive/refs/tags/v1.0.350.tar.gz
# plugin_checksum: 6a1e0e0b2c3716899fd4c0ac37e60b287b1a36731f4874305c5c953291613acf
# key_id: arn:aws:signer:us-east-1:612966150583:/signing-profiles/045231FF5_Jc8eznT2BNJ6
# target_artifact_reference: public.ecr.aws/e2l5l6g6/framework-test:latest
- name: Setup Notation
run: |
curl -L -o aws-signer-notation-cli_amd64.deb https://d2hvyiie56hcat.cloudfront.net/linux/amd64/installer/deb/latest/aws-signer-notation-cli_amd64.deb
sudo apt install ./aws-signer-notation-cli_amd64.deb
- name: Sign released image
run: |
notation sign public.ecr.aws/e2l5l6g6/framework-test:latest —plugin "com.amazonaws.signer.notation.plugin" —id "arn:aws:signer:us-east-1:612966150583:/signing-profiles/045231FF5_Jc8eznT2BNJ6"
- name: Verify signed image
uses: notaryproject/notation-action/verify@v1
with:
target_artifact_reference: public.ecr.aws/e2l5l6g6/framework-test:latest
trust_policy: ../trust-policy/signed-image.json
# - name: Build and Publish release with Gradle
# uses: gradle/gradle-build-action@v3
# with:
# arguments: build final closeAndReleaseSonatypeStagingRepository -Prelease.version=${{ github.event.inputs.version }} --stacktrace
# env:
# PUBLISH_TOKEN_USERNAME: ${{ secrets.PUBLISH_TOKEN_USERNAME }}
# PUBLISH_TOKEN_PASSWORD: ${{ secrets.PUBLISH_TOKEN_PASSWORD }}
# GRGIT_USER: ${{ secrets.GITHUB_TOKEN }}
# GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
# GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
# - name: Create release
# env:
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
# run: |
# cp "otelagent/build/libs/aws-opentelemetry-agent-${{ github.event.inputs.version }}.jar" aws-opentelemetry-agent.jar
# gh release create --target "$GITHUB_REF_NAME" \
# --title "Release v${{ github.event.inputs.version }}" \
# --draft \
# "v${{ github.event.inputs.version }}" \
# aws-opentelemetry-agent.jar