updatecli: use updatecli policies (#13934)

(cherry picked from commit 3351902)

# Conflicts:
#	.github/workflows/bump-elastic-stack.yml
#	.github/workflows/bump-golang.yml
#	.github/workflows/update-beats.yml

.ci/bump-elastic-stack-snapshot.yml → .ci/updatecli/bump-elastic-stack-snapshot.yml

@@ -18,8 +18,9 @@ scms:
     kind: github
     spec:
       user: '{{ requiredEnv "GITHUB_ACTOR" }}'
-      owner: elastic
-      repository: apm-server
+      username: '{{ requiredEnv "GITHUB_ACTOR" }}'
+      owner: '{{ .scm.owner }}'
+      repository: '{{ .scm.repository }}'
       token: '{{ requiredEnv "GITHUB_TOKEN" }}'
       branch: '{{ requiredEnv "BRANCH" }}'
       commitusingapi: true

.ci/bump-golang.yml → .ci/updatecli/bump-golang.yml

@@ -24,8 +24,9 @@ scms:
     kind: github
     spec:
       user: '{{ requiredEnv "GITHUB_ACTOR" }}'
-      owner: elastic
-      repository: apm-server
+      username: '{{ requiredEnv "GITHUB_ACTOR" }}'
+      owner: '{{ .scm.owner }}'
+      repository: '{{ .scm.repository }}'
       token: '{{ requiredEnv "GITHUB_TOKEN" }}'
       branch: '{{ requiredEnv "GITHUB_BRANCH" }}'
       commitusingapi: true

.ci/update-beats.yml → .ci/updatecli/update-beats.yml

@@ -7,8 +7,9 @@ scms:
     kind: github
     spec:
       user: '{{ requiredEnv "GITHUB_ACTOR" }}'
-      owner: elastic
-      repository: apm-server
+      username: '{{ requiredEnv "GITHUB_ACTOR" }}'
+      owner: '{{ .scm.owner }}'
+      repository: '{{ .scm.repository }}'
       token: '{{ requiredEnv "GITHUB_TOKEN" }}'
       branch: '{{ requiredEnv "BRANCH_NAME" }}'
       commitusingapi: true

.ci/updatecli/values.d/ironbank.yml

@@ -0,0 +1,2 @@
+config:
+  - path: packaging/ironbank

.ci/updatecli/values.d/scm.yml

@@ -0,0 +1,14 @@
+scm:
+  enabled: true
+  owner: elastic
+  repository: apm-server
+  branch: main
+  # begin updatecli-compose policy values
+  user: obltmachine
+  email: [email protected]
+  commitusingapi: true
+  # end updatecli-compose policy values
+
+# This will be moved to the scm section in the future and use
+# commitusingapi instead.
+signedcommit: true

.ci/updatecli/values.d/updatecli-compose.yml

@@ -0,0 +1,3 @@
+spec:
+  files:
+    - "updatecli-compose.yaml"

.github/workflows/bump-elastic-stack.yml

@@ -30,15 +30,23 @@ jobs:
         with:
           ref: ${{ matrix.branch }}
 
+<<<<<<< HEAD
       - uses: elastic/oblt-actions/updatecli/[email protected]
+=======
+      - uses: elastic/oblt-actions/updatecli/run@v1
+>>>>>>> 3351902f8 (updatecli: use updatecli policies (#13934))
         with:
-          command: --experimental apply --config .ci/bump-elastic-stack-snapshot.yml
+          command: --experimental apply --config .ci/updatecli/bump-elastic-stack-snapshot.yml --values .ci/updatecli/values.d/scm.yml
         env:
           BRANCH: ${{ matrix.branch }}
           GITHUB_TOKEN: ${{ secrets.UPDATECLI_GH_TOKEN }}
 
       - if: ${{ failure()  }}
+<<<<<<< HEAD
         uses: elastic/oblt-actions/slack/[email protected]
+=======
+        uses: elastic/oblt-actions/slack/send@v1
+>>>>>>> 3351902f8 (updatecli: use updatecli policies (#13934))
         with:
           channel-id: '#apm-server'
           message: ":traffic_cone: updatecli failed for `${{ github.repository }}@${{ github.ref_name }}`, @robots-ci please look what's going on <https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}|here>"

.github/workflows/bump-golang.yml

@@ -41,9 +41,13 @@ jobs:
 
       - uses: actions/checkout@v4
 
+<<<<<<< HEAD
       - uses: elastic/oblt-actions/updatecli/[email protected]
+=======
+      - uses: elastic/oblt-actions/updatecli/run@v1
+>>>>>>> 3351902f8 (updatecli: use updatecli policies (#13934))
         with:
-          command: --experimental apply --config .ci/bump-golang.yml
+          command: --experimental apply --config .ci/updatecli/bump-golang.yml --values .ci/updatecli/values.d/scm.yml
         env:
           GITHUB_TOKEN: ${{ secrets.UPDATECLI_GH_TOKEN }}
           GITHUB_BRANCH: 'main'
@@ -58,9 +62,9 @@ jobs:
         with:
           ref: '7.17'
 
-      - uses: elastic/oblt-actions/updatecli/run@v1.9.1
+      - uses: elastic/oblt-actions/updatecli/run@v1
         with:
-          command: --experimental apply --config .ci/bump-golang.yml
+          command: --experimental apply --config .ci/updatecli/bump-golang.yml --values .ci/updatecli/values.d/scm.yml
         env:
           GITHUB_TOKEN: ${{ secrets.UPDATECLI_GH_TOKEN }}
           GITHUB_BRANCH: '7.17'
@@ -76,7 +80,7 @@ jobs:
         with:
           needs: ${{ toJSON(needs) }}
       - if: ${{ steps.check.outputs.isSuccess == 'false' }}
-        uses: elastic/oblt-actions/slack/send@v1.9.1
+        uses: elastic/oblt-actions/slack/send@v1
         with:
           bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
           channel-id: "#apm-server"

.github/workflows/update-beats.yml

@@ -34,15 +34,23 @@ jobs:
         with:
           go-version-file: go.mod
 
+<<<<<<< HEAD
       - uses: elastic/oblt-actions/updatecli/[email protected]
+=======
+      - uses: elastic/oblt-actions/updatecli/run@v1
+>>>>>>> 3351902f8 (updatecli: use updatecli policies (#13934))
         with:
-          command: --experimental apply --config .ci/update-beats.yml
+          command: --experimental apply --config .ci/updatecli/update-beats.yml --values .ci/updatecli/values.d/scm.yml
         env:
           BRANCH_NAME: ${{ matrix.branch }}
           GITHUB_TOKEN: ${{ secrets.UPDATECLI_GH_TOKEN }}
 
       - if: ${{ failure()  }}
+<<<<<<< HEAD
         uses: elastic/oblt-actions/slack/[email protected]
+=======
+        uses: elastic/oblt-actions/slack/send@v1
+>>>>>>> 3351902f8 (updatecli: use updatecli policies (#13934))
         with:
           channel-id: '#apm-server'
           message: ":traffic_cone: updatecli failed for `${{ github.repository }}@${{ github.ref_name }}`, @robots-ci please look what's going on <https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}|here>"

.github/workflows/update-compose.yml

@@ -0,0 +1,44 @@
+---
+name: update-compose
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 6 * * *'
+
+permissions:
+  contents: read
+
+jobs:
+  compose:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: read
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - uses: elastic/oblt-actions/updatecli/run@v1
+        with:
+          command: --experimental compose diff
+        env:
+          GITHUB_TOKEN: ${{ secrets.UPDATECLI_GH_TOKEN }}
+
+      - uses: elastic/oblt-actions/updatecli/run@v1
+        with:
+          command: --experimental compose apply
+        env:
+          GITHUB_TOKEN: ${{ secrets.UPDATECLI_GH_TOKEN }}
+
+      - if: ${{ failure()  }}
+        uses: elastic/oblt-actions/slack/send@v1
+        with:
+          channel-id: '#apm-server'
+          message: ":traffic_cone: updatecli failed for `${{ github.repository }}@${{ github.ref_name }}`, @robots-ci please look what's going on <https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}|here>"
+          bot-token: ${{ secrets.SLACK_BOT_TOKEN }}

updatecli-compose.yaml

@@ -0,0 +1,14 @@
+# Config file for `updatecli compose ...`.
+# https://www.updatecli.io/docs/core/compose/
+policies:
+  - name: Handle ironbank bumps
+    policy: ghcr.io/elastic/oblt-updatecli-policies/ironbank/templates:0.0.2@sha256:327ee971e3a974edc943f7f628145a47b202972f48e45c2054fddcd29f96a50a
+    values:
+      - .ci/updatecli/values.d/scm.yml
+      - .ci/updatecli/values.d/ironbank.yml
+
+  - name: Update Updatecli policies
+    policy: ghcr.io/updatecli/policies/autodiscovery/updatecli:0.4.0@sha256:254367f5b1454fd6032b88b314450cd3b6d5e8d5b6c953eb242a6464105eb869
+    values:
+      - .ci/updatecli/values.d/scm.yml
+      - .ci/updatecli/values.d/updatecli-compose.yml