Skip to content

Update cyphar/filepath-securejoin and sirupsen/logrus versions (#2392) #87

Update cyphar/filepath-securejoin and sirupsen/logrus versions (#2392)

Update cyphar/filepath-securejoin and sirupsen/logrus versions (#2392) #87

Workflow file for this run

# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.
name: C/D
on:
workflow_dispatch:
inputs:
version:
description: 'the version number to release'
required: true
sha:
description: 'the github sha to release'
required: true
push:
tags:
- "v[0-9]+.[0-9]+.[0-9]+"
env:
IMAGE_NAME: aws-otel-collector
IMAGE_NAMESPACE: amazon
PACKAGING_ROOT: build/packages
ECR_REPO_INTEGRATION_TEST: aws-otel-test/adot-collector-integration-test
ECR_REPO: aws-observability/aws-otel-collector
PACKAGE_CACHE_KEY: "cached_tested_packages_${{ github.run_id }}"
SSM_RELEASE_S3_BUCKET: "aws-otel-collector-ssm"
SSM_RELEASE_PACKAGE_NAME: "AWSDistroOTel-Collector"
RELEASE_S3_BUCKET: "aws-otel-collector"
permissions:
id-token: write
contents: write
jobs:
release-checking:
runs-on: ubuntu-latest
outputs:
version: ${{ steps.set-input-vars.outputs.version }}
testing_version: ${{ steps.checking_sha_version.outputs.testing_version }}
latest-or-newer: ${{ steps.version.outputs.latest-or-newer }}
sha: ${{ steps.set-input-vars.outputs.sha }}
steps:
- uses: actions/checkout@v3
- name: Set Input Variables
id: set-input-vars
run: |
if ${{ github.event_name == 'workflow_dispatch' }}; then
echo "version=${{ github.event.inputs.version }}" >> $GITHUB_OUTPUT
echo "sha=${{ github.event.inputs.sha }}" >> $GITHUB_OUTPUT
else
echo "version=${{ github.ref_name }}" >> $GITHUB_OUTPUT
echo "sha=${{ github.sha }}" >> $GITHUB_OUTPUT
fi
- name: Configure AWS Credentials
uses: aws-actions/[email protected]
with:
role-to-assume: ${{ secrets.COLLECTOR_ASSUMABLE_ROLE_ARN }}
aws-region: us-west-2
- name: Login Dockerhub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_RELEASE_USERNAME }}
password: ${{ secrets.DOCKERHUB_RELEASE_TOKEN }}
- name: Download candidate
run: aws s3 cp "s3://aws-otel-collector-release-candidate/${{ steps.set-input-vars.outputs.sha }}.tar.gz" candidate.tar.gz
- name: Uncompress the candidate package
run: tar zxvf candidate.tar.gz
- name: Check commit SHA and version
id: checking_sha_version
run: |
version_in_release=`cat $PACKAGING_ROOT/VERSION`
version_in_release_candidate=`cat $PACKAGING_ROOT/TESTING_VERSION`
sha_in_candidate=`cat $PACKAGING_ROOT/GITHUB_SHA`
if [ $version_in_release != ${{ steps.set-input-vars.outputs.version }} ]; then
echo "::error::Wrong version is detected: $version_in_release != ${{ steps.set-input-vars.outputs.version }}"
exit 1
fi
if [ $sha_in_candidate != ${{ steps.set-input-vars.outputs.sha }} ]; then
echo "::error::Wrong SHA is detected: $sha_in_candidate != ${{ steps.set-input-vars.outputs.sha }}"
exit 1
fi
echo "testing_version=$version_in_release_candidate" >> $GITHUB_OUTPUT
- name: Compare version with Dockerhub latest
id: version
run: |
TAG="${{ steps.set-input-vars.outputs.version }}"
TARGET_VERSION=$TAG bash tools/workflow/docker-version-compare.sh
- name: Cache packages
uses: actions/cache@v3
with:
key: ${{ env.PACKAGE_CACHE_KEY }}
path: ${{ env.PACKAGING_ROOT }}
release-to-s3:
runs-on: ubuntu-latest
needs: [release-checking]
steps:
- uses: actions/checkout@v3
- name: Cache if success
id: release-to-s3
uses: actions/cache@v3
with:
key: release-to-s3-${{ github.run_id }}
path: VERSION
- name: Restore cached packages
uses: actions/cache@v3
if: steps.release-to-s3.outputs.cache-hit != 'true'
with:
key: ${{ env.PACKAGE_CACHE_KEY }}
path: ${{ env.PACKAGING_ROOT }}
- name: Configure AWS Credentials
if: steps.release-to-s3.outputs.cache-hit != 'true'
uses: aws-actions/[email protected]
with:
role-to-assume: ${{ secrets.COLLECTOR_PROD_RELEASE_ROLE_ARN }}
aws-region: us-west-2
- name: Release to S3
if: steps.release-to-s3.outputs.cache-hit != 'true'
run: s3_bucket_name=${{ env.RELEASE_S3_BUCKET }} upload_to_latest=0 bash tools/release/image-binary-release/s3-release.sh
- name: Release binaries to s3 with latest version
if: ${{ needs.release-checking.outputs.latest-or-newer == 'true' && steps.release-to-s3.outputs.cache-hit != 'true' }}
run: s3_bucket_name=${{ env.RELEASE_S3_BUCKET }} upload_to_latest=1 bash tools/release/image-binary-release/s3-release.sh
release-version-image:
runs-on: ubuntu-latest
needs: [release-checking]
steps:
- uses: actions/checkout@v3
- name: Cache if success
id: release-version-image
uses: actions/cache@v3
with:
key: release-version-image-${{ github.run_id }}
path: VERSION
- name: Configure AWS Credentials
if: steps.release-version-image.outputs.cache-hit != 'true'
uses: aws-actions/[email protected]
with:
role-to-assume: ${{ secrets.COLLECTOR_PROD_RELEASE_ROLE_ARN }}
aws-region: us-east-1
- name: Login to Public Release ECR
if: steps.release-version-image.outputs.cache-hit != 'true'
id: login-ecr
uses: docker/login-action@v2
with:
registry: public.ecr.aws
env:
AWS_REGION: us-east-1
- name: Login Dockerhub
if: steps.release-version-image.outputs.cache-hit != 'true'
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_RELEASE_USERNAME }}
password: ${{ secrets.DOCKERHUB_RELEASE_TOKEN }}
- name: Pull image from integration test ECR and Upload to public release ECR and Dockerhub
if: steps.release-version-image.outputs.cache-hit != 'true'
uses: akhilerm/[email protected]
with:
src: public.ecr.aws/${{ env.ECR_REPO_INTEGRATION_TEST }}:${{ needs.release-checking.outputs.testing_version }}
dst: |
public.ecr.aws/${{ env.ECR_REPO }}:${{ needs.release-checking.outputs.version }}
${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}:${{ needs.release-checking.outputs.version }}
- name: Pull image from release ECR, tag as latest and push to public release ECR and DockerHub
if: ${{ needs.release-checking.outputs.latest-or-newer == 'true' && steps.release-version-image.outputs.cache-hit != 'true'}}
uses: akhilerm/[email protected]
with:
src: public.ecr.aws/${{ env.ECR_REPO }}:${{ needs.release-checking.outputs.version }}
dst: |
public.ecr.aws/${{ env.ECR_REPO }}:latest
${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}:latest
release-ssm:
runs-on: ubuntu-latest
needs: [release-version-image,release-to-s3, release-checking]
steps:
- name: Cache if success
id: release-ssm
uses: actions/cache@v3
with:
key: release-ssm-${{ github.run_id }}
path: VERSION
- name: Trigger SSM package build and public
if: steps.release-ssm.outputs.cache-hit != 'true'
uses: benc-uk/workflow-dispatch@v1
with:
workflow: release SSM package
token: ${{ secrets.REPO_WRITE_ACCESS_TOKEN }}
inputs: '{ "version": "${{ needs.release-checking.outputs.version }}", "sha": "${{ needs.release-checking.outputs.sha }}", "public": "true", "pkgname": "${{ env.SSM_RELEASE_PACKAGE_NAME }}", "latest": "${{ needs.release-checking.outputs.latest-or-newer }}" }'
release-to-github:
runs-on: ubuntu-latest
needs: [ release-ssm, release-to-s3, release-version-image, release-checking]
steps:
- name: Checkout
uses: actions/checkout@v3
with:
ref: ${{ needs.release-checking.outputs.sha }}
- name: Generate release-note
run: sh tools/release/generate-release-note.sh
- name: Create release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
run: |
gh release create --target ${{ needs.release-checking.outputs.sha }} \
--title ${{ needs.release-checking.outputs.version }} \
--notes-file release-note \
--verify-tag \
--draft \
--prerelease \
${{ needs.release-checking.outputs.version }}