From a7cb51c2612a3ce57cad738f22b924d5f985e8d7 Mon Sep 17 00:00:00 2001 From: Brian Seeders Date: Fri, 11 Aug 2023 11:41:31 -0400 Subject: [PATCH] Add automation for building/uploading/updating lucene snapshots daily (#98039) --- .buildkite/hooks/pre-command | 15 +++ .../lucene-snapshot/build-snapshot.yml | 20 +++ .../pipelines/lucene-snapshot/run-tests.yml | 60 +++++++++ .../lucene-snapshot/update-branch.yml | 7 ++ .../lucene-snapshot/get-credentials.sh | 16 +++ .../remove-verification-metadata.py | 13 ++ .../scripts/lucene-snapshot/update-branch.sh | 18 +++ .../lucene-snapshot/update-es-snapshot.sh | 46 +++++++ .../lucene-snapshot/upload-snapshot.sh | 41 ++++++ catalog-info.yaml | 117 ++++++++++++++++++ 10 files changed, 353 insertions(+) create mode 100644 .buildkite/pipelines/lucene-snapshot/build-snapshot.yml create mode 100644 .buildkite/pipelines/lucene-snapshot/run-tests.yml create mode 100644 .buildkite/pipelines/lucene-snapshot/update-branch.yml create mode 100755 .buildkite/scripts/lucene-snapshot/get-credentials.sh create mode 100644 .buildkite/scripts/lucene-snapshot/remove-verification-metadata.py create mode 100755 .buildkite/scripts/lucene-snapshot/update-branch.sh create mode 100755 .buildkite/scripts/lucene-snapshot/update-es-snapshot.sh create mode 100755 .buildkite/scripts/lucene-snapshot/upload-snapshot.sh diff --git a/.buildkite/hooks/pre-command b/.buildkite/hooks/pre-command index e40abefbe7632..3a8f3e09e847e 100644 --- a/.buildkite/hooks/pre-command +++ b/.buildkite/hooks/pre-command @@ -43,3 +43,18 @@ export GRADLE_BUILD_CACHE_USERNAME GRADLE_BUILD_CACHE_PASSWORD=$(vault read -field=password secret/ci/elastic-elasticsearch/migrated/gradle-build-cache) export GRADLE_BUILD_CACHE_PASSWORD + +BUILDKITE_API_TOKEN=$(vault read -field=token secret/ci/elastic-elasticsearch/buildkite-api-token) +export BUILDKITE_API_TOKEN + +if [[ "${USE_LUCENE_SNAPSHOT_CREDS:-}" == "true" ]]; then + data=$(.buildkite/scripts/lucene-snapshot/get-credentials.sh) + + AWS_ACCESS_KEY_ID=$(echo "$data" | jq -r .data.access_key) + export AWS_ACCESS_KEY_ID + + AWS_SECRET_ACCESS_KEY=$(echo "$data" | jq -r .data.secret_key) + export AWS_SECRET_ACCESS_KEY + + unset data +fi diff --git a/.buildkite/pipelines/lucene-snapshot/build-snapshot.yml b/.buildkite/pipelines/lucene-snapshot/build-snapshot.yml new file mode 100644 index 0000000000000..033b9ae75b237 --- /dev/null +++ b/.buildkite/pipelines/lucene-snapshot/build-snapshot.yml @@ -0,0 +1,20 @@ +steps: + - trigger: apache-lucene-build-snapshot + label: Trigger pipeline to build lucene snapshot + key: lucene-build + if: build.env("LUCENE_BUILD_ID") == null || build.env("LUCENE_BUILD_ID") == "" + - wait + - label: Upload and update lucene snapshot + command: .buildkite/scripts/lucene-snapshot/upload-snapshot.sh + timeout_in_minutes: 15 + env: + USE_LUCENE_SNAPSHOT_CREDS: "true" + UPDATE_ES_LUCENE_SNAPSHOT: "true" + agents: + provider: gcp + image: family/elasticsearch-ubuntu-2004 + machineType: custom-32-98304 + buildDirectory: /dev/shm/bk + - wait + - trigger: "elasticsearch-lucene-snapshot-tests" + async: true diff --git a/.buildkite/pipelines/lucene-snapshot/run-tests.yml b/.buildkite/pipelines/lucene-snapshot/run-tests.yml new file mode 100644 index 0000000000000..15d78f8495ca8 --- /dev/null +++ b/.buildkite/pipelines/lucene-snapshot/run-tests.yml @@ -0,0 +1,60 @@ +steps: + - label: sanity-check + command: .ci/scripts/run-gradle.sh -Dbwc.checkout.align=true -Dorg.elasticsearch.build.cache.push=true -Dignore.tests.seed -Dscan.capture-task-input-files precommit + timeout_in_minutes: 300 + agents: + provider: gcp + image: family/elasticsearch-ubuntu-2004 + machineType: custom-32-98304 + buildDirectory: /dev/shm/bk + - wait: null + - label: part1 + command: .ci/scripts/run-gradle.sh -Dbwc.checkout.align=true -Dorg.elasticsearch.build.cache.push=true -Dignore.tests.seed -Dscan.capture-task-input-files checkPart1 + timeout_in_minutes: 300 + agents: + provider: gcp + image: family/elasticsearch-ubuntu-2004 + machineType: custom-32-98304 + buildDirectory: /dev/shm/bk + - label: part2 + command: .ci/scripts/run-gradle.sh -Dbwc.checkout.align=true -Dorg.elasticsearch.build.cache.push=true -Dignore.tests.seed -Dscan.capture-task-input-files checkPart2 + timeout_in_minutes: 300 + agents: + provider: gcp + image: family/elasticsearch-ubuntu-2004 + machineType: custom-32-98304 + buildDirectory: /dev/shm/bk + - label: part3 + command: .ci/scripts/run-gradle.sh -Dbwc.checkout.align=true -Dorg.elasticsearch.build.cache.push=true -Dignore.tests.seed -Dscan.capture-task-input-files checkPart3 + timeout_in_minutes: 300 + agents: + provider: gcp + image: family/elasticsearch-ubuntu-2004 + machineType: custom-32-98304 + buildDirectory: /dev/shm/bk + - group: bwc-snapshots + steps: + - label: "{{matrix.BWC_VERSION}} / bwc-snapshots" + command: .ci/scripts/run-gradle.sh -Dbwc.checkout.align=true -Dorg.elasticsearch.build.cache.push=true -Dignore.tests.seed -Dscan.capture-task-input-files v$$BWC_VERSION#bwcTest + timeout_in_minutes: 300 + matrix: + setup: + BWC_VERSION: + - 7.17.13 + - 8.9.1 + - 8.10.0 + agents: + provider: gcp + image: family/elasticsearch-ubuntu-2004 + machineType: custom-32-98304 + buildDirectory: /dev/shm/bk + env: + BWC_VERSION: "{{matrix.BWC_VERSION}}" + - label: rest-compat + command: .ci/scripts/run-gradle.sh -Dbwc.checkout.align=true -Dorg.elasticsearch.build.cache.push=true -Dignore.tests.seed -Dscan.capture-task-input-files checkRestCompat + timeout_in_minutes: 300 + agents: + provider: gcp + image: family/elasticsearch-ubuntu-2004 + machineType: custom-32-98304 + buildDirectory: /dev/shm/bk diff --git a/.buildkite/pipelines/lucene-snapshot/update-branch.yml b/.buildkite/pipelines/lucene-snapshot/update-branch.yml new file mode 100644 index 0000000000000..bd9e3420a2714 --- /dev/null +++ b/.buildkite/pipelines/lucene-snapshot/update-branch.yml @@ -0,0 +1,7 @@ +steps: + - label: Update lucene-snapshot branch + command: .buildkite/scripts/lucene-snapshot/update-branch.sh + timeout_in_minutes: 15 + - wait + - trigger: "elasticsearch-lucene-snapshot-tests" + async: true diff --git a/.buildkite/scripts/lucene-snapshot/get-credentials.sh b/.buildkite/scripts/lucene-snapshot/get-credentials.sh new file mode 100755 index 0000000000000..042c664384a7f --- /dev/null +++ b/.buildkite/scripts/lucene-snapshot/get-credentials.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +set -euo pipefail + +# WARNING: this script will echo the credentials to the console. It is meant to be called from another script and captured in a variable. +# It should really only be used inside .buildkite/hooks/pre-command + +VAULT_ROLE_ID=$(vault read -field=role-id secret/ci/elastic-elasticsearch/legacy-vault-credentials) +VAULT_SECRET_ID=$(vault read -field=secret-id secret/ci/elastic-elasticsearch/legacy-vault-credentials) +VAULT_ADDR=https://secrets.elastic.co:8200 + +unset VAULT_TOKEN +VAULT_TOKEN=$(vault write -field=token auth/approle/login role_id=$VAULT_ROLE_ID secret_id=$VAULT_SECRET_ID) +export VAULT_TOKEN + +vault read -format=json aws-elastic/creds/lucene-snapshots diff --git a/.buildkite/scripts/lucene-snapshot/remove-verification-metadata.py b/.buildkite/scripts/lucene-snapshot/remove-verification-metadata.py new file mode 100644 index 0000000000000..082e734b4b790 --- /dev/null +++ b/.buildkite/scripts/lucene-snapshot/remove-verification-metadata.py @@ -0,0 +1,13 @@ +import re + +regex = re.compile( + r'` string in version.properties and maintain the same indentation +sed -E "s/^(lucene *= *[^ ]* *).*\$/\1$LUCENE_SNAPSHOT_VERSION/" build-tools-internal/version.properties > new-version.properties +mv new-version.properties build-tools-internal/version.properties + +# Remove stale verification metadata, because generating them just appends new ones +python3 .buildkite/scripts/lucene-snapshot/remove-verification-metadata.py +./gradlew --write-verification-metadata sha256 + +# 9.8.0-snapshot-1f25c68 -> 9.8.0 +VERSION=$(echo "$LUCENE_SNAPSHOT_VERSION" | cut -f 1 -d '-') +VERSION_SNAKE=$(echo "$VERSION" | sed -E 's/\./_/g') + +sed -E "s/^(:lucene_version: *).*\$/\1$VERSION/" docs/Versions.asciidoc > docs/Versions.asciidoc.new +sed -E "s/^(:lucene_version_path: *).*\$/\1$VERSION_SNAKE/" docs/Versions.asciidoc.new > docs/Versions.asciidoc +rm -f docs/Versions.asciidoc.new + +if git diff-index --quiet HEAD --; then + echo 'No changes to commit.' +else + git config --global user.name elasticsearchmachine + git config --global user.email 'infra-root+elasticsearchmachine@elastic.co' + + git add build-tools-internal/version.properties + git add gradle/verification-metadata.xml + git add docs/Versions.asciidoc + + git commit -m "[Automated] Update Lucene snapshot to $LUCENE_SNAPSHOT_VERSION" + git push origin "$BUILDKITE_BRANCH" +fi diff --git a/.buildkite/scripts/lucene-snapshot/upload-snapshot.sh b/.buildkite/scripts/lucene-snapshot/upload-snapshot.sh new file mode 100755 index 0000000000000..2f276db50739c --- /dev/null +++ b/.buildkite/scripts/lucene-snapshot/upload-snapshot.sh @@ -0,0 +1,41 @@ +#!/bin/bash + +set -euo pipefail + +LUCENE_BUILD_ID=${LUCENE_BUILD_ID:-} + +if [[ -z "$LUCENE_BUILD_ID" ]]; then + build_json=$(curl -sH "Authorization: Bearer $BUILDKITE_API_TOKEN" "https://api.buildkite.com/v2/organizations/elastic/pipelines/$BUILDKITE_PIPELINE_SLUG/builds/$BUILDKITE_BUILD_NUMBER") + LUCENE_BUILD_ID=$(jq -r '.jobs[] | select(.step_key == "lucene-build").triggered_build.id' <<< "$build_json") +fi + +export LUCENE_BUILD_ID + +LUCENE_SHA=$(buildkite-agent meta-data get --build "$LUCENE_BUILD_ID" lucene-snapshot-sha) +export LUCENE_SHA + +LUCENE_SNAPSHOT_VERSION=$(buildkite-agent meta-data get --build "$LUCENE_BUILD_ID" lucene-snapshot-version) +export LUCENE_SNAPSHOT_VERSION + +echo --- Downloading lucene snapshot + +mkdir lucene-snapshot +cd lucene-snapshot +buildkite-agent artifact download --build "$LUCENE_BUILD_ID" lucene-snapshot.tar.gz . +tar -xvf lucene-snapshot.tar.gz +cd - + +echo --- Upload lucene snapshot to S3 + +if ! which aws; then + curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" + unzip awscliv2.zip + sudo ./aws/install + rm -rf awscliv2.zip aws +fi + +aws s3 sync lucene-snapshot/ "s3://download.elasticsearch.org/lucenesnapshots/$LUCENE_SHA/" --acl public-read + +if [[ "${UPDATE_ES_LUCENE_SNAPSHOT:-}" ]]; then + .buildkite/scripts/lucene-snapshot/update-es-snapshot.sh +fi diff --git a/catalog-info.yaml b/catalog-info.yaml index 4014453373a8a..4d1b3bf81b133 100644 --- a/catalog-info.yaml +++ b/catalog-info.yaml @@ -137,3 +137,120 @@ spec: branch: main cronline: "0 0,8,16 * * * America/New_York" message: "Triggers pipelines 3x daily" +--- +# yaml-language-server: $schema=https://gist.githubusercontent.com/elasticmachine/988b80dae436cafea07d9a4a460a011d/raw/e57ee3bed7a6f73077a3f55a38e76e40ec87a7cf/rre.schema.json +apiVersion: backstage.io/v1alpha1 +kind: Resource +metadata: + name: buildkite-pipeline-elasticsearch-lucene-snapshot-build + description: Builds a new lucene snapshot, uploads, updates the lucene_snapshot branch in ES, runs tests + links: + - title: Pipeline + url: https://buildkite.com/elastic/elasticsearch-lucene-snapshot-build +spec: + type: buildkite-pipeline + system: buildkite + owner: group:elasticsearch-team + implementation: + apiVersion: buildkite.elastic.dev/v1 + kind: Pipeline + metadata: + description: ":elasticsearch: Builds a new lucene snapshot and tests it" + name: elasticsearch / lucene-snapshot / build-and-update + spec: + repository: elastic/elasticsearch + pipeline_file: .buildkite/pipelines/lucene-snapshot/build-snapshot.yml + branch_configuration: lucene_snapshot + teams: + elasticsearch-team: {} + ml-core: {} + everyone: + access_level: BUILD_AND_READ + provider_settings: + build_branches: false + build_pull_requests: false + publish_commit_status: false + trigger_mode: none + schedules: + Periodically on lucene_snapshot: + branch: lucene_snapshot + cronline: "0 2 * * America/New_York" + message: "Builds a new lucene snapshot 1x per day" +--- +# yaml-language-server: $schema=https://gist.githubusercontent.com/elasticmachine/988b80dae436cafea07d9a4a460a011d/raw/e57ee3bed7a6f73077a3f55a38e76e40ec87a7cf/rre.schema.json +apiVersion: backstage.io/v1alpha1 +kind: Resource +metadata: + name: buildkite-pipeline-elasticsearch-lucene-snapshot-update-branch + description: Merge main into the lucene_snapshot branch, and run tests + links: + - title: Pipeline + url: https://buildkite.com/elastic/elasticsearch-lucene-snapshot-update-branch +spec: + type: buildkite-pipeline + system: buildkite + owner: group:elasticsearch-team + implementation: + apiVersion: buildkite.elastic.dev/v1 + kind: Pipeline + metadata: + description: ":elasticsearch: Merges main into lucene_snapshot branch and runs tests" + name: elasticsearch / lucene-snapshot / update-branch + spec: + repository: elastic/elasticsearch + pipeline_file: .buildkite/pipelines/lucene-snapshot/update-branch.yml + branch_configuration: lucene_snapshot + teams: + elasticsearch-team: {} + ml-core: {} + everyone: + access_level: BUILD_AND_READ + provider_settings: + build_branches: false + build_pull_requests: false + publish_commit_status: false + trigger_mode: none + schedules: + Periodically on lucene_snapshot: + branch: lucene_snapshot + cronline: "0 6 * * America/New_York" + message: "Merges main into lucene_snapshot branch 1x per day" +--- +# yaml-language-server: $schema=https://gist.githubusercontent.com/elasticmachine/988b80dae436cafea07d9a4a460a011d/raw/e57ee3bed7a6f73077a3f55a38e76e40ec87a7cf/rre.schema.json +apiVersion: backstage.io/v1alpha1 +kind: Resource +metadata: + name: buildkite-pipeline-elasticsearch-lucene-snapshot-tests + description: Runs tests against lucene_snapshot branch + links: + - title: Pipeline + url: https://buildkite.com/elastic/elasticsearch-lucene-snapshot-tests +spec: + type: buildkite-pipeline + system: buildkite + owner: group:elasticsearch-team + implementation: + apiVersion: buildkite.elastic.dev/v1 + kind: Pipeline + metadata: + description: ":elasticsearch: Runs tests against lucene_snapshot branch" + name: elasticsearch / lucene-snapshot / tests + spec: + repository: elastic/elasticsearch + pipeline_file: .buildkite/pipelines/lucene-snapshot/run-tests.yml + branch_configuration: lucene_snapshot + teams: + elasticsearch-team: {} + ml-core: {} + everyone: + access_level: BUILD_AND_READ + provider_settings: + build_branches: false + build_pull_requests: false + publish_commit_status: false + trigger_mode: none + schedules: + Periodically on lucene_snapshot: + branch: lucene_snapshot + cronline: "0 9,12,15,18 * * America/New_York" + message: "Runs tests against lucene_snapshot branch several times per day"