chore(deps): update docker.elastic.co/wolfi/chainguard-base:latest do… #171
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: release | |
on: | |
push: | |
tags: | |
- "v*.*.*" | |
branches: | |
- main | |
permissions: | |
contents: read | |
jobs: | |
test: | |
uses: ./.github/workflows/test-release.yml | |
with: | |
full-matrix: true | |
enabled: ${{ startsWith(github.ref, 'refs/tags') }} | |
packages: | |
permissions: | |
attestations: write | |
id-token: write | |
contents: write | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/packages | |
- name: generate build provenance | |
uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3 | |
with: | |
subject-path: "${{ github.workspace }}/dist/*" | |
publish-pypi: | |
needs: | |
- test | |
- packages | |
runs-on: ubuntu-latest | |
environment: release | |
permissions: | |
id-token: write # IMPORTANT: this permission is mandatory for trusted publishing | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/download-artifact@v4 | |
with: | |
name: packages | |
path: dist | |
- name: Upload pypi.org | |
if: startsWith(github.ref, 'refs/tags') | |
uses: pypa/gh-action-pypi-publish@0ab0b79471669eb3a4d647e625009c62f9f3b241 | |
with: | |
repository-url: https://upload.pypi.org/legacy/ | |
- name: Upload test.pypi.org | |
if: ${{ ! startsWith(github.ref, 'refs/tags') }} | |
uses: pypa/gh-action-pypi-publish@0ab0b79471669eb3a4d647e625009c62f9f3b241 | |
with: | |
repository-url: https://test.pypi.org/legacy/ | |
build-distribution: | |
permissions: | |
attestations: write | |
id-token: write | |
contents: write | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/build-distribution | |
- name: generate build provenance | |
uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3 | |
with: | |
subject-path: "${{ github.workspace }}/build/dist/elastic-apm-python-lambda-layer.zip" | |
publish-lambda-layers: | |
permissions: | |
contents: read | |
id-token: write | |
needs: | |
- build-distribution | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/download-artifact@v4 | |
with: | |
name: build-distribution | |
path: ./build | |
- uses: elastic/oblt-actions/aws/auth@v1 | |
with: | |
aws-account-id: "267093732750" | |
- name: Publish lambda layers to AWS | |
if: startsWith(github.ref, 'refs/tags') | |
run: | | |
# Convert v1.2.3 to ver-1-2-3 | |
VERSION=${GITHUB_REF_NAME/v/ver-} | |
VERSION=${VERSION//./-} | |
ELASTIC_LAYER_NAME="elastic-apm-python-${VERSION}" .ci/publish-aws.sh | |
- uses: actions/upload-artifact@v4 | |
if: startsWith(github.ref, 'refs/tags') | |
with: | |
name: arn-file | |
path: ".arn-file.md" | |
if-no-files-found: error | |
publish-docker: | |
needs: | |
- build-distribution | |
runs-on: ubuntu-latest | |
permissions: | |
attestations: write | |
id-token: write | |
contents: write | |
strategy: | |
fail-fast: false | |
matrix: | |
dockerfile: [ 'Dockerfile', 'Dockerfile.wolfi' ] | |
env: | |
DOCKER_IMAGE_NAME: docker.elastic.co/observability/apm-agent-python | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 | |
- name: Log in to the Elastic Container registry | |
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
with: | |
registry: ${{ secrets.ELASTIC_DOCKER_REGISTRY }} | |
username: ${{ secrets.ELASTIC_DOCKER_USERNAME }} | |
password: ${{ secrets.ELASTIC_DOCKER_PASSWORD }} | |
- uses: actions/download-artifact@v4 | |
with: | |
name: build-distribution | |
path: ./build | |
- name: Extract metadata (tags, labels) | |
id: docker-meta | |
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 | |
with: | |
images: ${{ env.DOCKER_IMAGE_NAME }} | |
tags: | | |
type=raw,value=latest,prefix=test-,enable={{is_default_branch}} | |
type=semver,pattern={{version}} | |
flavor: | | |
suffix=${{ contains(matrix.dockerfile, 'wolfi') && '-wolfi' || '' }} | |
- name: Build and push image | |
id: docker-push | |
uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 | |
with: | |
context: . | |
platforms: linux/amd64,linux/arm64 | |
push: true | |
file: ${{ matrix.dockerfile }} | |
tags: ${{ steps.docker-meta.outputs.tags }} | |
labels: ${{ steps.docker-meta.outputs.labels }} | |
build-args: | | |
AGENT_DIR=./build/dist/package/python | |
- name: generate build provenance (containers) | |
uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3 | |
with: | |
subject-name: "${{ env.DOCKER_IMAGE_NAME }}" | |
subject-digest: ${{ steps.docker-push.outputs.digest }} | |
push-to-registry: true | |
github-draft: | |
permissions: | |
contents: write | |
needs: | |
- publish-lambda-layers | |
if: startsWith(github.ref, 'refs/tags') | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/download-artifact@v4 | |
with: | |
name: arn-file | |
- name: Create GitHub Draft Release | |
run: >- | |
gh release create "${GITHUB_REF_NAME}" | |
--title="${GITHUB_REF_NAME}" | |
--generate-notes | |
--notes-file=".arn-file.md" | |
--draft | |
env: | |
GH_TOKEN: ${{ github.token }} | |
notify: | |
runs-on: ubuntu-latest | |
if: always() | |
needs: | |
- publish-lambda-layers | |
- publish-pypi | |
- publish-docker | |
- github-draft | |
steps: | |
- id: check | |
uses: elastic/apm-pipeline-library/.github/actions/check-dependent-jobs@current | |
with: | |
needs: ${{ toJSON(needs) }} | |
- if: startsWith(github.ref, 'refs/tags') | |
uses: elastic/oblt-actions/slack/notify-result@v1 | |
with: | |
bot-token: ${{ secrets.SLACK_BOT_TOKEN }} | |
channel-id: "#apm-agent-python" | |
status: ${{ steps.check.outputs.status }} |