Improved release workflow to work with download/upload actions v4 (#1… #86
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: release | |
| permissions: | |
| contents: read | |
| on: | |
| workflow_dispatch: ~ | |
| push: | |
| tags: [ "v[0-9]+*" ] | |
| branches: | |
| - main | |
| env: | |
| BUILD_PACKAGES: build/packages | |
| jobs: | |
| release-started: | |
| runs-on: ubuntu-latest | |
| if: startsWith(github.ref, 'refs/tags') | |
| steps: | |
| - uses: elastic/oblt-actions/slack/send@v1 | |
| with: | |
| bot-token: ${{ secrets.SLACK_BOT_TOKEN }} | |
| channel-id: "#apm-agent-php" | |
| message: | | |
| :runner: [${{ github.repository }}] Release *${{ github.ref_name }}* has been triggered : (<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|here> for further details) | |
| build: | |
| uses: ./.github/workflows/build.yml | |
| with: | |
| build_arch: all | |
| build-packages: | |
| permissions: | |
| contents: read | |
| packages: read | |
| needs: | |
| - build | |
| uses: ./.github/workflows/build-packages.yml | |
| sign: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build-packages | |
| env: | |
| BUCKET_NAME: "apm-agent-php" | |
| permissions: | |
| attestations: write | |
| id-token: write | |
| contents: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Download package artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| pattern: packages-* | |
| path: ${{ env.BUILD_PACKAGES }} | |
| - name: Moving packages out of folders | |
| run: | | |
| pushd ${{ env.BUILD_PACKAGES }} | |
| find . -mindepth 2 -type f -exec mv -t . {} + | |
| find . -mindepth 1 -maxdepth 1 -type d -exec rm -r {} + | |
| popd | |
| ls -R ${{ env.BUILD_PACKAGES }} | |
| - name: generate build provenance | |
| uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0 | |
| with: | |
| subject-path: "${{ github.workspace }}/${{ env.BUILD_PACKAGES }}/*" | |
| ## NOTE: The name of the zip should match the name of the folder to be zipped. | |
| - name: Prepare packages to be signed | |
| run: zip -r packages.zip packages/ | |
| working-directory: build | |
| - uses: elastic/oblt-actions/google/auth@v1 | |
| with: | |
| project-number: '911195782929' | |
| - id: 'upload-file' | |
| uses: 'google-github-actions/upload-cloud-storage@v2' | |
| with: | |
| path: "${{ env.BUILD_PACKAGES }}.zip" | |
| destination: "${{ env.BUCKET_NAME }}/${{ github.run_id }}" | |
| - id: buildkite-run | |
| uses: elastic/oblt-actions/buildkite/run@v1 | |
| with: | |
| token: ${{ secrets.BUILDKITE_TOKEN }} | |
| pipeline: observability-robots-php-release | |
| wait-for: true | |
| env-vars: | | |
| BUNDLE_URL=https://storage.googleapis.com/${{ env.BUCKET_NAME }}/${{ steps.upload-file.outputs.uploaded }} | |
| - uses: elastic/oblt-actions/buildkite/download-artifact@v1 | |
| with: | |
| build-number: ${{ steps.buildkite-run.outputs.number }} | |
| path: signed-artifacts.zip | |
| pipeline: ${{ steps.buildkite-run.outputs.pipeline }} | |
| token: ${{ secrets.BUILDKITE_TOKEN }} | |
| # this artifact name is used also in some other places, | |
| # such as ./.github/workflows/test-packages.yml. | |
| # Therefore v4 cannot be used at the moment. | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: signed-artifacts | |
| path: signed-artifacts.zip | |
| generate-test-packages-matrix: | |
| if: startsWith(github.ref, 'refs/tags') | |
| uses: ./.github/workflows/generate-matrix.yml | |
| test-packages: | |
| if: startsWith(github.ref, 'refs/tags') | |
| needs: | |
| - sign | |
| - generate-test-packages-matrix | |
| permissions: | |
| contents: read | |
| packages: read | |
| uses: ./.github/workflows/test-packages.yml | |
| with: | |
| include: ${{ needs.generate-test-packages-matrix.outputs.include }} | |
| max-parallel: 40 | |
| package-name: 'signed-artifacts' | |
| release: | |
| needs: | |
| - test-packages | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| env: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| TAG_NAME: ${{ github.ref_name }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: signed-artifacts | |
| path: ${{ env.BUILD_PACKAGES }} | |
| - name: Unzip signed packages | |
| run: unzip ${PACKAGE_FILE} && rm ${PACKAGE_FILE} | |
| working-directory: ${{ env.BUILD_PACKAGES }} | |
| env: | |
| PACKAGE_FILE: "signed-artifacts.zip" | |
| - name: Create draft release | |
| if: startsWith(github.ref, 'refs/tags') | |
| run: make -f .ci/Makefile draft-release | |
| - name: Verify draft release | |
| if: startsWith(github.ref, 'refs/tags') | |
| run: ORIGINAL_PACKAGES_LOCATION=${{ env.BUILD_PACKAGES }} make -f .ci/Makefile download-verify | |
| - name: Publish release | |
| if: startsWith(github.ref, 'refs/tags') | |
| run: make -f .ci/Makefile github-release-ready | |
| notify: | |
| if: always() | |
| needs: | |
| - build | |
| - build-packages | |
| - generate-test-packages-matrix | |
| - release | |
| - sign | |
| - test-packages | |
| runs-on: ubuntu-latest | |
| steps: | |
| - id: check | |
| uses: elastic/oblt-actions/check-dependent-jobs@v1 | |
| with: | |
| jobs: ${{ toJSON(needs) }} | |
| - if: startsWith(github.ref, 'refs/tags') | |
| uses: elastic/oblt-actions/slack/notify-result@v1 | |
| with: | |
| bot-token: ${{ secrets.SLACK_BOT_TOKEN }} | |
| channel-id: "#apm-agent-php" | |
| status: ${{ steps.check.outputs.status }} | |
| message: "[${{ github.repository }}] Release (<${{ github.server_url }}/${{ github.repository }}/releases/tag/${{ github.ref_name }}|${{ github.ref_name }}>)" |