Skip to content

github-actions: enable provenance for the jar files #3594

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 12 commits into from
Apr 25, 2024
Merged

github-actions: enable provenance for the jar files #3594

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
e0075b9
github-action: provenance
v1v Apr 22, 2024
331489f
support a different branch
v1v Apr 22, 2024
4e756e6
Revert "support a different branch"
v1v Apr 22, 2024
ba639d7
ci: faster artifact sharing between the two CIs
v1v Apr 22, 2024
55e29ba
enable provenance
v1v Apr 22, 2024
5bb18bf
Revert "Revert "support a different branch""
v1v Apr 23, 2024
6a4d619
support tarball
v1v Apr 23, 2024
2507472
support releases with provenance
v1v Apr 23, 2024
971bad1
remove test changes
v1v Apr 23, 2024
1c84766
Merge remote-tracking branch 'upstream/main' into feature/support-pro…
v1v Apr 24, 2024
08e5715
fix shebang
v1v Apr 24, 2024
ce87909
use script
v1v Apr 24, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .buildkite/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,17 @@ agents:
provider: "gcp"
image: "family/apm-agent-java-ubuntu-2204"

env:
TARBALL_FILE: ${TARBALL_FILE:-artifacts.tar}

steps:
- label: "Run the release"
key: "release"
commands: .ci/release.sh
artifact_paths:
- "release.txt"
- "**/target/*"
- "${TARBALL_FILE}"

notify:
- slack: "#apm-agent-java"
Expand Down
4 changes: 4 additions & 0 deletions .buildkite/snapshot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,17 @@ agents:
provider: "gcp"
image: "family/apm-agent-java-ubuntu-2204"

env:
TARBALL_FILE: ${TARBALL_FILE:-artifacts.tar}

steps:
- label: "Run the snapshot"
key: "release"
commands: .ci/snapshot.sh
artifact_paths:
- "snapshot.txt"
- "**/target/*"
- "${TARBALL_FILE}"

notify:
- slack: "#apm-agent-java"
Expand Down
6 changes: 6 additions & 0 deletions .ci/release.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,3 +32,9 @@ fi

echo "--- Deploy the release :package: [./mvnw $GOAL)] $DRY_RUN_MSG"
./mvnw -V -s .ci/settings.xml -Pgpg clean $GOAL -DskipTests --batch-mode | tee release.txt

echo "--- Archive the target folder with jar files"
echo 'gather artifacts'
.ci/published-artifacts-list.sh | tee artifacts.list
echo 'create tarbal'
tar -cvf "${TARBALL_FILE:-artifacts.tar}" -T artifacts.list
2 changes: 1 addition & 1 deletion .ci/scripts/published-artifacts-list.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
#!/bin/env bash
#!/usr/bin/env bash

targets="$(find . -type d -name 'target'|grep -v apm-agent-plugins|grep -v integration-tests|sort)"

Expand Down
6 changes: 6 additions & 0 deletions .ci/snapshot.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,3 +34,9 @@ fi

echo "--- Deploy the snapshot :package: [./mvnw $GOAL)] $DRY_RUN_MSG"
./mvnw -V -s .ci/settings.xml -Pgpg clean $GOAL -DskipTests --batch-mode | tee snapshot.txt

echo "--- Archive the target folder with jar files"
echo 'gather artifacts'
.ci/published-artifacts-list.sh | tee artifacts.list
echo 'create tarbal'
tar -cvf "${TARBALL_FILE:-artifacts.tar}" -T artifacts.list
20 changes: 20 additions & 0 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,11 @@ jobs:
runs-on: ubuntu-latest
needs:
- validate-tag
permissions:
contents: write
id-token: write
env:
TARBALL_FILE: artifacts.tar
steps:
- id: buildkite
continue-on-error: true
Expand All @@ -86,8 +91,23 @@ jobs:
pipeline: apm-agent-java-release
waitFor: true
printBuildLogs: false
artifactName: releases
artifactPath: ${{ env.TARBALL_FILE }}
buildEnvVars: |
dry_run=${{ inputs.dry_run || 'false' }}
TARBALL_FILE=${{ env.TARBALL_FILE }}

- uses: actions/download-artifact@v3
with:
name: releases

- name: untar the buildkite tarball
run: tar xvf ${{ env.TARBALL_FILE }}

- name: generate build provenance
uses: github-early-access/generate-build-provenance@main
with:
subject-path: "${{ github.workspace }}/**/target/*.jar"

await-maven-central-artifact:
name: "Wait for artifacts to be available on maven central"
Expand Down
23 changes: 22 additions & 1 deletion .github/workflows/snapshot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,11 @@ jobs:
runs-on: ubuntu-latest
needs:
- validate
permissions:
contents: write
id-token: write
env:
TARBALL_FILE: artifacts.tar
if: ${{ contains(needs.validate.outputs.is-snapshot, 'true') }}
steps:
- id: buildkite
Expand All @@ -48,10 +53,26 @@ jobs:
vaultRoleId: ${{ secrets.VAULT_ROLE_ID }}
vaultSecretId: ${{ secrets.VAULT_SECRET_ID }}
pipeline: apm-agent-java-snapshot
waitFor: false
pipelineBranch: ${{ github.ref_name }}
artifactName: snapshots
artifactPath: ${{ env.TARBALL_FILE }}
waitFor: true
printBuildLogs: false
buildEnvVars: |
dry_run=${{ inputs.dry_run || 'false' }}
TARBALL_FILE=${{ env.TARBALL_FILE }}

- uses: actions/download-artifact@v3
with:
name: snapshots

- name: untar the buildkite tarball
run: tar xvf ${{ env.TARBALL_FILE }}

- name: generate build provenance
uses: github-early-access/generate-build-provenance@main
with:
subject-path: "${{ github.workspace }}/**/target/*.jar"

- if: ${{ failure() }}
uses: elastic/apm-pipeline-library/.github/actions/slack-message@current
Expand Down
Loading