Switch ARM64 build from qemu to native runner (#108) (#111) #55
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: release | |
| permissions: | |
| contents: read | |
| on: | |
| push: | |
| tags: [ "v[0-9]+*" ] | |
| branches: | |
| - main | |
| env: | |
| BUILD_PACKAGES: build/packages | |
| jobs: | |
| release-started: | |
| name: Send release started notification | |
| runs-on: ubuntu-latest | |
| if: startsWith(github.ref, 'refs/tags') | |
| steps: | |
| - uses: elastic/oblt-actions/slack/send@v1 | |
| with: | |
| bot-token: ${{ secrets.SLACK_BOT_TOKEN }} | |
| channel-id: "#apm-agent-php" | |
| message: | | |
| :runner: [${{ github.repository }}] Release *${{ github.ref_name }}* has been triggered : (<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|here> for further details) | |
| build: | |
| uses: ./.github/workflows/build.yml | |
| with: | |
| build_arch: 'all' | |
| sign: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| env: | |
| BUCKET_NAME: "elastic-otel-php" | |
| permissions: | |
| attestations: write | |
| id-token: write | |
| contents: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Download package artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| pattern: packages-* | |
| path: ${{ env.BUILD_PACKAGES }} | |
| - name: Moving packages out of folders | |
| run: | | |
| pushd ${{ env.BUILD_PACKAGES }} | |
| find . -mindepth 2 -type f -exec mv -t . {} + | |
| find . -mindepth 1 -maxdepth 1 -type d -exec rm -r {} + | |
| popd | |
| ls -R ${{ env.BUILD_PACKAGES }} | |
| - name: generate build provenance | |
| uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3 | |
| with: | |
| subject-path: "${{ github.workspace }}/${{ env.BUILD_PACKAGES }}/*" | |
| ## NOTE: The name of the zip should match the name of the folder to be zipped. | |
| - name: Prepare packages to be signed | |
| run: zip -r packages.zip packages/ | |
| working-directory: build | |
| - uses: elastic/oblt-actions/google/[email protected] | |
| with: | |
| project-number: '911195782929' | |
| - id: 'upload-file' | |
| uses: 'google-github-actions/upload-cloud-storage@v2' | |
| with: | |
| path: "${{ env.BUILD_PACKAGES }}.zip" | |
| destination: "${{ env.BUCKET_NAME }}/${{ github.run_id }}" | |
| - id: buildkite-run | |
| uses: elastic/oblt-actions/buildkite/[email protected] | |
| with: | |
| token: ${{ secrets.BUILDKITE_TOKEN }} | |
| pipeline: observability-robots-php-release | |
| wait-for: true | |
| env-vars: | | |
| BUNDLE_URL=https://storage.googleapis.com/${{ env.BUCKET_NAME }}/${{ steps.upload-file.outputs.uploaded }} | |
| - uses: elastic/oblt-actions/buildkite/[email protected] | |
| with: | |
| build-number: ${{ steps.buildkite-run.outputs.number }} | |
| path: signed-artifacts.zip | |
| pipeline: ${{ steps.buildkite-run.outputs.pipeline }} | |
| token: ${{ secrets.BUILDKITE_TOKEN }} | |
| # this artifact name is used also in some other places, | |
| # such as ./.github/workflows/test-packages.yml. | |
| # Therefore v4 cannot be used at the moment. | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: signed-artifacts | |
| path: signed-artifacts.zip | |
| # generate-test-packages-matrix: | |
| # if: startsWith(github.ref, 'refs/tags') | |
| # uses: ./.github/workflows/generate-matrix.yml | |
| # test-packages: | |
| # if: startsWith(github.ref, 'refs/tags') | |
| # needs: | |
| # - sign | |
| # - generate-test-packages-matrix | |
| # permissions: | |
| # contents: read | |
| # packages: read | |
| # uses: ./.github/workflows/test-packages.yml | |
| # with: | |
| # include: ${{ needs.generate-test-packages-matrix.outputs.include }} | |
| # max-parallel: 40 | |
| # package-name: 'signed-artifacts' | |
| #TODO verify if tag match version from properties files | |
| release: | |
| needs: | |
| - build | |
| - sign | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| env: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| TAG_NAME: ${{ github.ref_name }} | |
| steps: | |
| - name: Validate Github token | |
| run: | | |
| if [ -z "${GITHUB_TOKEN}" ]; then | |
| echo "Please set GITHUB_TOKEN in the environment to perform a release" | |
| exit 1 | |
| fi | |
| - uses: actions/checkout@v4 | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: signed-artifacts | |
| path: ${{ env.BUILD_PACKAGES }} | |
| - name: Unzip signed packages | |
| run: unzip ${PACKAGE_FILE} && rm ${PACKAGE_FILE} | |
| working-directory: ${{ env.BUILD_PACKAGES }} | |
| env: | |
| PACKAGE_FILE: "signed-artifacts.zip" | |
| - name: Create draft release | |
| if: startsWith(github.ref, 'refs/tags') | |
| run: | | |
| gh release create "${TAG_NAME}" --draft --title "${TAG_NAME}" --repo elastic/elastic-otel-php \ | |
| --notes "For more information, please see the [changelog](https://www.elastic.co/guide/en/apm/agent/php/current/release-notes.html)." \ | |
| build/packages/*.* | |
| - name: Verify sha512 sums | |
| if: startsWith(github.ref, 'refs/tags') | |
| run: | | |
| mkdir -p packages_downloaded_from_github | |
| pushd packages_downloaded_from_github | |
| for attempt in $(seq 1 3); do | |
| gh release download "${TAG_NAME}" && break || (echo "Download draft release assets attempt ${attempt}/3 failed. Waiting 60s." && sleep 60) | |
| done | |
| ls -l . | |
| echo "Verifying that downloaded artifacts pass the downloaded checksums..." | |
| sha512sum --check ./*.sha512 | |
| popd | |
| sort "${BUILD_PACKAGES}/"*.sha512 > original_artifacts.sha512 | |
| sort "packages_downloaded_from_github/"*.sha512 > downloaded_artifacts.sha512 | |
| cat original_artifacts.sha512 | |
| cat downloaded_artifacts.sha512 | |
| echo "Verifying that original and downloaded artifacts have the same checksums..." | |
| diff original_artifacts.sha512 downloaded_artifacts.sha512 || exit 1 | |
| - name: Publish release | |
| if: startsWith(github.ref, 'refs/tags') | |
| run: gh release edit "${TAG_NAME}" --draft=false | |
| notify: | |
| if: always() | |
| needs: | |
| - build | |
| # - build-packages | |
| # - generate-test-packages-matrix | |
| - release | |
| - sign | |
| # - test-packages | |
| runs-on: ubuntu-latest | |
| steps: | |
| - id: check | |
| uses: elastic/apm-pipeline-library/.github/actions/check-dependent-jobs@current | |
| with: | |
| needs: ${{ toJSON(needs) }} | |
| - if: startsWith(github.ref, 'refs/tags') | |
| uses: elastic/oblt-actions/slack/notify-result@v1 | |
| with: | |
| bot-token: ${{ secrets.SLACK_BOT_TOKEN }} | |
| channel-id: "#apm-agent-php" | |
| status: ${{ steps.check.outputs.status }} | |
| message: "[${{ github.repository }}] Release (<${{ github.server_url }}/${{ github.repository }}/releases/tag/${{ github.ref_name }}|${{ github.ref_name }}>)" |