Bump google-github-actions/get-secretmanager-secrets from 2.2.1 to 2.… #77
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: release | |
on: | |
release: | |
types: [published] | |
push: | |
branches: | |
- main | |
permissions: | |
contents: read | |
env: | |
NUGET_PACKAGES: ${{ github.workspace }}/.nuget/packages | |
JOB_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} | |
SLACK_CHANNEL: "#apm-agent-dotnet" | |
RELEASE_PACKAGES: ".artifacts/package/release/*.nupkg" | |
RELEASE_DISTRO: ".artifacts/elastic-distribution/*" | |
jobs: | |
release: | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
id-token: write | |
outputs: | |
agent-version: ${{ steps.bootstrap.outputs.agent-version }} | |
major-version: ${{ steps.bootstrap.outputs.major-version }} | |
env: | |
DOCKER_IMAGE_NAME: "docker.elastic.co/observability/elastic-otel-dotnet" | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Bootstrap Action Workspace | |
id: bootstrap | |
uses: ./.github/workflows/bootstrap | |
- run: ./build.sh release | |
name: Release | |
- name: List distributions | |
run: ls -al ${{ env.RELEASE_DISTRO }} | |
- name: Generate build provenance (Distribution) | |
uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3 | |
with: | |
subject-path: "${{ github.workspace }}/${{ env.RELEASE_DISTRO }}" | |
- name: Generate build provenance (Packages) | |
uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3 | |
with: | |
subject-path: "${{ github.workspace }}/${{ env.RELEASE_PACKAGES }}" | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 | |
- name: Log in to the Elastic Container registry | |
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
with: | |
registry: ${{ secrets.ELASTIC_DOCKER_REGISTRY }} | |
username: ${{ secrets.ELASTIC_DOCKER_USERNAME }} | |
password: ${{ secrets.ELASTIC_DOCKER_PASSWORD }} | |
- name: Extract metadata (tags, labels) | |
id: docker-meta | |
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 | |
with: | |
images: ${{ env.DOCKER_IMAGE_NAME }} | |
flavor: | | |
latest=auto | |
tags: | | |
# "1.2.3" and "latest" Docker tags on push of git tag "v1.2.3" | |
type=semver,pattern={{version}},value=${{ steps.bootstrap.outputs.agent-version }} | |
# "edge" Docker tag on git push to default branch | |
type=edge | |
labels: | | |
org.opencontainers.image.title=elastic-otel-dotnet | |
org.opencontainers.image.description=Elastic Distribution of OpenTelemetry .NET | |
org.opencontainers.image.vendor=Elastic | |
- name: Build and Push Profiler Docker Image | |
id: docker-push | |
continue-on-error: true # continue for now until we see it working in action | |
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 | |
with: | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
context: . | |
platforms: linux/amd64,linux/arm64 | |
push: true | |
tags: ${{ steps.docker-meta.outputs.tags }} | |
labels: ${{ steps.docker-meta.outputs.labels }} | |
- name: Attest image | |
uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3 | |
continue-on-error: true # continue for now until we see it working in action | |
with: | |
subject-name: ${{ env.DOCKER_IMAGE_NAME }} | |
subject-digest: ${{ steps.docker-push.outputs.digest }} | |
push-to-registry: true | |
- name: Attach Distribution to release | |
if: ${{ github.event_name == 'release' }} | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: gh release upload ${{ github.ref_name }} ${{ env.RELEASE_DISTRO }} | |
- name: Release to Nuget (only for release events) | |
if: ${{ github.event_name == 'release' }} | |
run: dotnet nuget push '${{ env.RELEASE_PACKAGES }}' -k ${{ secrets.NUGET_API_KEY }} -s https://api.nuget.org/v3/index.json --skip-duplicate --no-symbols | |
- if: ${{ success() && github.event_name == 'release' }} | |
uses: elastic/oblt-actions/slack/[email protected] | |
with: | |
bot-token: ${{ secrets.SLACK_BOT_TOKEN }} | |
channel-id: ${{ env.SLACK_CHANNEL }} | |
message: | | |
:large_green_circle: [${{ github.repository }}] Release *${{ github.ref_name }}* published. | |
Build: (<${{ env.JOB_URL }}|here>) | |
Release URL: (<https://github.com/${{ github.repository }}/releases/tag/${{ github.ref_name }}|${{ github.ref_name }}>) | |
- if: ${{ failure() && github.event_name == 'release' }} | |
uses: elastic/oblt-actions/slack/[email protected] | |
with: | |
bot-token: ${{ secrets.SLACK_BOT_TOKEN }} | |
channel-id: ${{ env.SLACK_CHANNEL }} | |
message: | | |
:large_yellow_circle: [${{ github.repository }}] Release *${{ github.ref_name }}* could not be published. | |
Build: (<${{ env.JOB_URL }}|here>) | |
post-release: | |
needs: ['release'] | |
runs-on: ubuntu-latest | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
GIT_TAG: v${{ needs.release.outputs.agent-version }} | |
NEW_BRANCH: update/${{ needs.release.outputs.agent-version }} | |
TARGET_BRANCH: ${{ needs.release.outputs.major-version }}.x | |
permissions: | |
contents: write | |
issues: write | |
pull-requests: write | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Setup git config | |
uses: elastic/oblt-actions/git/setup@v1 | |
- name: Create GitHub Pull Request if minor release (only for release events) | |
if: ${{ github.event_name == 'release' }} | |
run: | | |
echo "as long as there is a major.x branch" | |
existed_in_local=$(git ls-remote --heads origin ${TARGET_BRANCH}) | |
if [ -z "${existed_in_local}" ]; then | |
echo -e "::warning::Target branch '${TARGET_BRANCH}' does not exist." | |
exit 0 | |
fi | |
git checkout $TARGET_BRANCH | |
git checkout -b ${NEW_BRANCH} | |
git format-patch -k --stdout ${TARGET_BRANCH}...origin/main -- docs | git am -3 -k | |
git push origin ${NEW_BRANCH} | |
gh pr create \ | |
--title "post-release: ${GIT_TAG}" \ | |
--body "Generated automatically with ${JOB_URL}" \ | |
--head "elastic:${NEW_BRANCH}" \ | |
--base "$TARGET_BRANCH" \ | |
--repo "${{ github.repository }}" | |
- name: Create branch if major release (only for release events) | |
if: ${{ github.event_name == 'release' }} | |
run: | | |
echo "as long as there is no a major.x branch" | |
existed_in_local=$(git ls-remote --heads origin ${TARGET_BRANCH}) | |
if [ -n "${existed_in_local}" ]; then | |
echo -e "::warning::Target branch '${TARGET_BRANCH}' does exist." | |
exit 0 | |
fi | |
git branch -D $TARGET_BRANCH | |
git push origin $TARGET_BRANCH |