Skip to content

Commit

Permalink
Test
Browse files Browse the repository at this point in the history
  • Loading branch information
harrryr committed Oct 18, 2024
1 parent a825c19 commit a566303
Show file tree
Hide file tree
Showing 2 changed files with 107 additions and 60 deletions.
21 changes: 21 additions & 0 deletions .github/trust-policy/signed-image.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
{
"version":"1.0",
"trustPolicies":[
{
"name":"aws-signer-tp",
"registryScopes":[
"*"
],
"signatureVerification":{
"level":"strict"
},
"trustStores":[
"signingAuthority:aws-signer-ts"
],
"trustedIdentities":[
"arn:aws:signer:us-east-1:612966150583:/signing-profiles/AWSDistroOpenTelemetrySigningProfileBF578949_a75m7igIPnaz"
]
}
]
}

146 changes: 86 additions & 60 deletions .github/workflows/release-build.yml
Original file line number Diff line number Diff line change
@@ -1,16 +1,12 @@
name: Release Build
on:
workflow_dispatch:
inputs:
version:
description: The version to tag the release with, e.g., 1.2.0, 1.2.1-alpha.1
required: true
push:

env:
AWS_PUBLIC_ECR_REGION: us-east-1
AWS_PRIVATE_ECR_REGION: us-west-2
TEST_TAG: public.ecr.aws/aws-observability/adot-autoinstrumentation-java:test
PUBLIC_REPOSITORY: public.ecr.aws/aws-observability/adot-autoinstrumentation-java
PUBLIC_REPOSITORY: public.ecr.aws/e2l5l6g6/framework-test
PRIVATE_REPOSITORY: 020628701572.dkr.ecr.us-west-2.amazonaws.com/adot-autoinstrumentation-java
PRIVATE_REGISTRY: 020628701572.dkr.ecr.us-west-2.amazonaws.com

Expand All @@ -29,27 +25,27 @@ jobs:
distribution: 'temurin'
- uses: gradle/wrapper-validation-action@v1

- name: Publish patched dependencies to maven local
uses: ./.github/actions/patch-dependencies
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
gpg_password: ${{ secrets.GPG_PASSPHRASE }}
# - name: Publish patched dependencies to maven local
# uses: ./.github/actions/patch-dependencies
# with:
# gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
# gpg_password: ${{ secrets.GPG_PASSPHRASE }}

- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }}
role-to-assume: arn:aws:iam::612966150583:role/aws-obs-java-image-release
aws-region: ${{ env.AWS_PUBLIC_ECR_REGION }}

- name: Log in to AWS ECR
uses: docker/login-action@v3
with:
registry: public.ecr.aws

- name: Build release with Gradle
uses: gradle/gradle-build-action@v3
with:
arguments: build integrationTests -PlocalDocker=true -Prelease.version=${{ github.event.inputs.version }} --stacktrace
# - name: Build release with Gradle
# uses: gradle/gradle-build-action@v3
# with:
# arguments: build integrationTests -PlocalDocker=true -Prelease.version=1.0.0 --stacktrace

- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
Expand Down Expand Up @@ -81,49 +77,79 @@ jobs:
with:
driver-opts: image=moby/buildkit:v0.15.1

- name: Build image for testing
uses: docker/build-push-action@v5
with:
push: false
build-args: "ADOT_JAVA_VERSION=${{ github.event.inputs.version }}"
context: .
platforms: linux/amd64
tags: ${{ env.TEST_TAG }}
load: true

- name: Test docker image
shell: bash
run: .github/scripts/test-adot-javaagent-image.sh "${{ env.TEST_TAG }}" "${{ github.event.inputs.version }}"

- name: Build and push image
uses: docker/build-push-action@v5
with:
push: true
build-args: "ADOT_JAVA_VERSION=${{ github.event.inputs.version }}"
context: .
platforms: linux/amd64,linux/arm64
tags: |
${{ env.PUBLIC_REPOSITORY }}:v${{ github.event.inputs.version }}
${{ env.PRIVATE_REPOSITORY }}:v${{ github.event.inputs.version }}
- name: Build and Publish release with Gradle
uses: gradle/gradle-build-action@v3
# - name: Build image for testing
# uses: docker/build-push-action@v5
# with:
# push: false
# build-args: "ADOT_JAVA_VERSION=${{ github.event.inputs.version }}"
# context: .
# platforms: linux/amd64
# tags: ${{ env.TEST_TAG }}
# load: true

# - name: Test docker image
# shell: bash
# run: .github/scripts/test-adot-javaagent-image.sh "${{ env.TEST_TAG }}" "${{ github.event.inputs.version }}"

# - name: Build and push image
# uses: docker/build-push-action@v5
# with:
# push: true
# build-args: "ADOT_JAVA_VERSION=${{ github.event.inputs.version }}"
# context: .
# platforms: linux/amd64,linux/arm64
# tags: |
# ${{ env.PUBLIC_REPOSITORY }}:v${{ github.event.inputs.version }}

# - name: Setup Notation CLI
# uses: notaryproject/notation-action/setup@v1

# - name: Sign released image
# uses: notaryproject/notation-action/sign@v1
# with:
# plugin_name: aws-signer-notation-plugin
# plugin_url: https://github.com/aws/aws-signer-notation-plugin/archive/refs/tags/v1.0.350.tar.gz
# plugin_checksum: 6a1e0e0b2c3716899fd4c0ac37e60b287b1a36731f4874305c5c953291613acf
# key_id: arn:aws:signer:us-east-1:612966150583:/signing-profiles/045231FF5_Jc8eznT2BNJ6
# target_artifact_reference: public.ecr.aws/e2l5l6g6/framework-test:latest

- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
arguments: build final closeAndReleaseSonatypeStagingRepository -Prelease.version=${{ github.event.inputs.version }} --stacktrace
env:
PUBLISH_TOKEN_USERNAME: ${{ secrets.PUBLISH_TOKEN_USERNAME }}
PUBLISH_TOKEN_PASSWORD: ${{ secrets.PUBLISH_TOKEN_PASSWORD }}
GRGIT_USER: ${{ secrets.GITHUB_TOKEN }}
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}

- name: Create release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN_RELEASE }}
aws-region: ${{ env.AWS_PUBLIC_ECR_REGION }}

- name: Setup Notation
run: |
curl -L -o aws-signer-notation-cli_amd64.deb https://d2hvyiie56hcat.cloudfront.net/linux/amd64/installer/deb/latest/aws-signer-notation-cli_amd64.deb
sudo apt install ./aws-signer-notation-cli_amd64.deb
- name: Sign released image
run: notation sign public.ecr.aws/e2l5l6g6/framework-test:latest --plugin "com.amazonaws.signer.notation.plugin" --id "arn:aws:signer:us-east-1:612966150583:/signing-profiles/AWSDistroOpenTelemetrySigningProfileBF578949_a75m7igIPnaz"

- name: Verify signed image
run: |
cp "otelagent/build/libs/aws-opentelemetry-agent-${{ github.event.inputs.version }}.jar" aws-opentelemetry-agent.jar
gh release create --target "$GITHUB_REF_NAME" \
--title "Release v${{ github.event.inputs.version }}" \
--draft \
"v${{ github.event.inputs.version }}" \
aws-opentelemetry-agent.jar
notation policy import ./.github/trust-policy/signed-image.json
notation verify public.ecr.aws/e2l5l6g6/framework-test:latest
# - name: Build and Publish release with Gradle
# uses: gradle/gradle-build-action@v3
# with:
# arguments: build final closeAndReleaseSonatypeStagingRepository -Prelease.version=${{ github.event.inputs.version }} --stacktrace
# env:
# PUBLISH_TOKEN_USERNAME: ${{ secrets.PUBLISH_TOKEN_USERNAME }}
# PUBLISH_TOKEN_PASSWORD: ${{ secrets.PUBLISH_TOKEN_PASSWORD }}
# GRGIT_USER: ${{ secrets.GITHUB_TOKEN }}
# GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
# GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}

# - name: Create release
# env:
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
# run: |
# cp "otelagent/build/libs/aws-opentelemetry-agent-${{ github.event.inputs.version }}.jar" aws-opentelemetry-agent.jar
# gh release create --target "$GITHUB_REF_NAME" \
# --title "Release v${{ github.event.inputs.version }}" \
# --draft \
# "v${{ github.event.inputs.version }}" \
# aws-opentelemetry-agent.jar

0 comments on commit a566303

Please sign in to comment.