Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

test aws/auth #491

Closed
wants to merge 8 commits into from
Closed

test aws/auth #491

Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
feadbf8
test
reakaleek Jun 20, 2024
604d455
test
reakaleek Jun 20, 2024
868bb5d
test
reakaleek Jun 20, 2024
87f1030
test
reakaleek Jun 20, 2024
11df27c
test
reakaleek Jun 24, 2024
273fe24
Merge branch 'main' into test/google-auth
reakaleek Jun 24, 2024
7f2c390
fix
reakaleek Jun 24, 2024
14d9586
Merge branch 'test/google-auth' of github.com:elastic/apm-aws-lambda …
reakaleek Jun 24, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
113 changes: 26 additions & 87 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,11 @@
name: release

on:
workflow_dispatch:
push:
tags:
- v*.*.*
pull_request: ~
# workflow_dispatch:
# push:
# tags:
# - v*.*.*

env:
DOCKER_BUILDKIT: 1
Expand All @@ -17,91 +18,29 @@ permissions:
pull-requests: read

jobs:
build:
test:
runs-on: ubuntu-latest
env:
# TODO: use keyless
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
steps:
- uses: actions/checkout@v4
- uses: elastic/oblt-actions/aws/[email protected]
with:
aws-account-id: "267093732750"
- run: aws ec2 describe-regions
oidc_debug_test:
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
name: A test of the oidc debugger
steps:
- name: Checkout actions-oidc-debugger
uses: actions/checkout@v3
with:
fetch-depth: 0

- name: Validate GitHub release is not available yet
run: |
if gh release view "${{ github.ref_name }} > /dev/null ; then
echo "The GitHub release ${{ github.ref_name }} already exists"
exit 1
fi
env:
GH_TOKEN: ${{ github.token }}

- name: Log in to the Elastic Container registry
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
with:
registry: ${{ secrets.ELASTIC_DOCKER_REGISTRY }}
username: ${{ secrets.ELASTIC_DOCKER_USERNAME }}
password: ${{ secrets.ELASTIC_DOCKER_PASSWORD }}

- name: Bootstrap Action Workspace
uses: ./.github/actions/bootstrap
with:
goreleaser: 'true'

- name: Release
run: make release

# Store artifacts to help with troubleshooting
- uses: actions/upload-artifact@v4
if: always()
with:
name: release
path: "dist/*.*"
retention-days: 5

- name: generate build provenance (binaries)
uses: actions/attest-build-provenance@bdd51370e0416ac948727f861e03c2f05d32d78e # v1.3.2
with:
subject-path: "${{ github.workspace }}/dist/*.*"

# See https://github.com/github-early-access/generate-build-provenance/issues/162
- name: container image digest
id: image
run: .ci/get-docker-provenance.sh

- name: generate build provenance (containers x86_64)
uses: actions/attest-build-provenance@bdd51370e0416ac948727f861e03c2f05d32d78e # v1.3.2
with:
subject-name: ${{ steps.image.outputs.name_1 }}
subject-digest: ${{ steps.image.outputs.digest_1 }}

- name: generate build provenance (containers arm64)
uses: actions/attest-build-provenance@bdd51370e0416ac948727f861e03c2f05d32d78e # v1.3.2
with:
subject-name: ${{ steps.image.outputs.name_2 }}
subject-digest: ${{ steps.image.outputs.digest_2 }}

- name: GitHub Release
run: make release-notes
env:
GH_TOKEN: ${{ github.token }}
VERSION: ${{ github.ref_name }}

- if: ${{ success() }}
uses: elastic/oblt-actions/slack/[email protected]
with:
bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
channel-id: "#apm-aws-lambda"
message: |
:large_green_circle: [${{ github.repository }}] Release *${{ github.ref_name }}* published."
Build: (<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|here>)

- if: ${{ failure() }}
uses: elastic/oblt-actions/slack/[email protected]
repository: github/actions-oidc-debugger
ref: main
token: ${{ github.token }}
path: ./.github/actions/actions-oidc-debugger
- name: Debug OIDC Claims
uses: ./.github/actions/actions-oidc-debugger
with:
bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
channel-id: "#apm-aws-lambda"
message: |
:large_yellow_circle: [${{ github.repository }}] Release *${{ github.ref_name }}* could not be published."
Build: (<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|here>)
audience: '${{ github.server_url }}/${{ github.repository_owner }}'
Loading