Merge branch 'main' into feature/provenance

elastic · Jun 6, 2024 · 4e8b01a · 4e8b01a
2 parents e105c8b + 09ce76b
commit 4e8b01a
Show file tree

Hide file tree

Showing 17 changed files with 362 additions and 350 deletions.
diff --git a/.ci/snapshoty.yml b/.ci/snapshoty.yml
diff --git a/.github/workflows/README.md b/.github/workflows/README.md
@@ -7,10 +7,6 @@ There are 4 main stages that run on GitHub actions:
 * Test
 * Release
 
-There are some other stages that run for every push on the main branches:
-
-* [Snapshoty](./snapshoty.yml)
-
 ### Scenarios
 
 * Tests should be triggered on branch, tag and PR basis.
@@ -39,7 +35,7 @@ The tag release follows the naming convention: `v.<major>.<minor>.<patch>`, wher
 
 ### OpenTelemetry
 
-There is a GitHub workflow in charge to populate what the workflow run in terms of jobs and steps. Those details can be seen in [here](https://ela.st/oblt-ci-cd-stats) (**NOTE**: only available for Elasticians).
+Every workflow and its logs are exported to OpenTelemetry traces/logs/metrics. Those details can be seen [here](https://ela.st/oblt-ci-cd-stats) (**NOTE**: only available for Elasticians).
 
 ## Bump automation
 

diff --git a/.github/workflows/bootstrap/action.yml b/.github/workflows/bootstrap/action.yml
@@ -11,13 +11,18 @@ inputs:
     description: 'Install azure functions tool chain ("true" or "false")'
     required: false
     default: "false"
+  tc-cloud:
+    description: 'Bootstrap TestContainers Cloud (TOKEN or "false")'
+    required: false
+    default: "false"
 outputs:
   agent-version:
     description: "The current agent version number"
     value: ${{ steps.dotnet.outputs.agent-version }}
   major-version:
     description: "The current major version number, semver"
     value: ${{ steps.dotnet.outputs.major-version }}
+
 
 runs:
   using: "composite"
@@ -27,7 +32,7 @@ runs:
       run: |
         git fetch --prune --unshallow --tags
         git tag --list
-        
+
     - uses: actions/cache@v4
       with:
         path: ~/.nuget/packages
@@ -56,10 +61,11 @@ runs:
 
     # Setup git config
     - uses: elastic/apm-pipeline-library/.github/actions/setup-git@current
-
+        
     # install common dependencies
     - name: Install common dependencies
       uses: ./.github/workflows/install-dependencies
       with:
         rust: '${{ inputs.rust }}'
         azure: '${{ inputs.azure }}'
+        tc-cloud: '${{ inputs.tc-cloud }}'
diff --git a/.github/workflows/install-dependencies/action.yml b/.github/workflows/install-dependencies/action.yml
@@ -8,9 +8,13 @@ inputs:
     required: false
     default: "false"
   azure:
-      description: 'Install azure functions tool chain ("true" or "false")'
-      required: false
-      default: "false"
+    description: 'Install azure functions tool chain ("true" or "false")'
+    required: false
+    default: "false"
+  tc-cloud:
+    description: 'Bootstrap TestContainers Cloud (TOKEN or "false")'
+    required: false
+    default: "false"
 
 runs:
   using: "composite"
@@ -55,3 +59,20 @@ runs:
       shell: cmd
       run: choco install azure-functions-core-tools -y --no-progress -r --version 4.0.4829
 
+    # TEST CONTAINERS CLOUD
+    # If no PR event or if a PR event that's caused by a non-fork and non dependabot actor
+    - name: Setup TestContainers Cloud Client
+      if: |
+        inputs.tc-cloud != 'false'
+        && (github.event_name != 'pull_request' 
+        || (github.event_name == 'pull_request' 
+            && github.event.pull_request.head.repo.fork == false 
+            && github.actor != 'dependabot[bot]'
+           )
+        )
+      uses: atomicjar/testcontainers-cloud-setup-action@c335bdbb570ec7c48f72c7d450c077f0a002293e # v1.3.0
+      with:
+        token: ${{ inputs.tc-cloud }}
+
+
+
diff --git a/.github/workflows/release-main.yml b/.github/workflows/release-main.yml
@@ -28,37 +28,19 @@ jobs:
 
     - name: Package with canary suffix
       run: ./build.sh pack
-
-    - name: Prepare feedz.io
-      uses: hashicorp/[email protected]
-      with:
-        url: ${{ secrets.VAULT_ADDR }}
-        method: approle
-        roleId: ${{ secrets.VAULT_ROLE_ID }}
-        secretId: ${{ secrets.VAULT_SECRET_ID }}
-        secrets: |
-          secret/apm-team/ci/elastic-observability-feedz.io apiKey | REPO_API_KEY ;
-          secret/apm-team/ci/elastic-observability-feedz.io url | REPO_API_URL
-
-    - name: generate build provenance
-      uses: github-early-access/generate-build-provenance@main
-      with:
-        subject-path: "${{ github.workspace }}/build/output/_packages/*.nupkg"
-
+
     # Github packages requires authentication, this is likely going away in the future so for now we publish to feedz.io
     - name: publish canary packages to feedz.io
-      run: dotnet nuget push 'build/output/_packages/*.nupkg' -k ${REPO_API_KEY} -s ${REPO_API_URL} --skip-duplicate --no-symbols
+      run: dotnet nuget push 'build/output/_packages/*.nupkg' -k ${{ secrets.FEEDZ_IO_API_KEY }} -s ${{ secrets.FEEDZ_IO_API_URL }} --skip-duplicate --no-symbols
 
     - name: publish canary packages github package repository
       run: dotnet nuget push 'build/output/_packages/*.nupkg' -k ${{secrets.GITHUB_TOKEN}} -s https://nuget.pkg.github.com/elastic/index.json --skip-duplicate --no-symbols
 
     - if: ${{ failure() }}
-      uses: elastic/apm-pipeline-library/.github/actions/slack-message@current
+      uses: elastic/oblt-actions/slack/[email protected]
       with:
-        url: ${{ secrets.VAULT_ADDR }}
-        roleId: ${{ secrets.VAULT_ROLE_ID }}
-        secretId: ${{ secrets.VAULT_SECRET_ID }}
-        channel: "#apm-agent-dotnet"
+        bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
+        channel-id: "#apm-agent-dotnet"
         message: |
           :large_yellow_circle: [${{ github.repository }}] Snapshot could not be published to feedz.io.
           Build: (<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|here>)
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -38,27 +38,15 @@ jobs:
     - name: Package
       run: ./build.sh pack
 
-    - name: Prepare Nuget
-      uses: hashicorp/[email protected]
-      with:
-        url: ${{ secrets.VAULT_ADDR }}
-        method: approle
-        roleId: ${{ secrets.VAULT_ROLE_ID }}
-        secretId: ${{ secrets.VAULT_SECRET_ID }}
-        secrets: |
-          secret/apm-team/ci/elastic-observability-nuget apiKey | REPO_API_KEY ;
-          secret/apm-team/ci/elastic-observability-nuget url | REPO_API_URL
-
     - name: Release to Nuget
-      run: .ci/linux/deploy.sh ${REPO_API_KEY} ${REPO_API_URL}
+      run: .ci/linux/deploy.sh ${{ secrets.NUGET_API_KEY }} ${{ secrets.NUGET_API_URL }}
 
-    - uses: elastic/apm-pipeline-library/.github/actions/docker-login@current
+    - name: Log in to the Elastic Container registry
+      uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
       with:
-        registry: docker.elastic.co
-        secret: secret/observability-team/ci/docker-registry/prod
-        url: ${{ secrets.VAULT_ADDR }}
-        roleId: ${{ secrets.VAULT_ROLE_ID }}
-        secretId: ${{ secrets.VAULT_SECRET_ID }}
+        registry: ${{ secrets.ELASTIC_DOCKER_REGISTRY }}
+        username: ${{ secrets.ELASTIC_DOCKER_USERNAME }}
+        password: ${{ secrets.ELASTIC_DOCKER_PASSWORD }}
 
     - name: Build and Push Profiler Docker Image
       id: docker-push
@@ -99,24 +87,20 @@ jobs:
         gh release upload ${{ github.ref_name }} "${{ env.PREFIX_APM_AGENT }}${{ steps.bootstrap.outputs.agent-version }}${{ env.SUFFIX_APM_AGENT }}" "${{ env.PREFIX_APM_PROFILER }}${{ steps.bootstrap.outputs.agent-version }}${{ env.SUFFIX_APM_PROFILER }}"
 
     - if: ${{ success() }}
-      uses: elastic/apm-pipeline-library/.github/actions/slack-message@current
+      uses: elastic/oblt-actions/slack/[email protected]
       with:
-        url: ${{ secrets.VAULT_ADDR }}
-        roleId: ${{ secrets.VAULT_ROLE_ID }}
-        secretId: ${{ secrets.VAULT_SECRET_ID }}
-        channel: ${{ env.SLACK_CHANNEL }}
+        bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
+        channel-id: ${{ env.SLACK_CHANNEL }}
         message: |
           :large_green_circle: [${{ github.repository }}] Release *${{ github.ref_name }}* published.
           Build: (<${{ env.JOB_URL }}|here>)
           Release URL: (<https://github.com/elastic/apm-agent-dotnet/releases/tag/${{ github.ref_name }}|${{ github.ref_name }}>)
 
     - if: ${{ failure() }}
-      uses: elastic/apm-pipeline-library/.github/actions/slack-message@current
+      uses: elastic/oblt-actions/slack/[email protected]
       with:
-        url: ${{ secrets.VAULT_ADDR }}
-        roleId: ${{ secrets.VAULT_ROLE_ID }}
-        secretId: ${{ secrets.VAULT_SECRET_ID }}
-        channel: ${{ env.SLACK_CHANNEL }}
+        bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
+        channel-id: ${{ env.SLACK_CHANNEL }}
         message: |
           :large_yellow_circle: [${{ github.repository }}] Release *${{ github.ref_name }}* could not be published.
           Build: (<${{ env.JOB_URL }}|here>)

diff --git a/.github/workflows/snapshoty.yml b/.github/workflows/snapshoty.yml