Skip to content

ci: support arn automation within release pipeline #2453

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 18 commits into from
Mar 22, 2022
Merged

ci: support arn automation within release pipeline #2453

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
0317992
ci: support AWS ARN automation on release tag basis
v1v Feb 7, 2022
cac2dca
ci: use the release pipeline instead
v1v Feb 7, 2022
69020a9
ident fix
v1v Feb 7, 2022
1417ea0
ci: copy artifacts from the release job
v1v Feb 7, 2022
31e2608
remove unrequired entry in the changelog
v1v Feb 7, 2022
66cf47c
ci: ignore generated folder
v1v Feb 7, 2022
b38220d
use the right vault configuration
v1v Feb 7, 2022
5ba1d7c
ci: customise what build to be used
v1v Feb 10, 2022
b4c6891
ci: upload assets won't be happening in the first iteration
v1v Feb 10, 2022
bb9e4f8
ci: archive ARN table for debugging purposes
v1v Feb 10, 2022
a978a84
chore: disable other stages for testing the release for aws lambdas
v1v Feb 10, 2022
39c392b
aws-publish: use release-version
v1v Feb 10, 2022
c364651
Update .ci/Makefile
v1v Feb 11, 2022
4c75ab0
ci: copy files between builds don't work
v1v Feb 11, 2022
5b63a64
make: fix dist target
v1v Feb 11, 2022
179fa1f
make: use the right folder
v1v Feb 11, 2022
8e238cf
Update .ci/create-arn-table.sh
v1v Feb 14, 2022
5f2c980
Apply suggestions from code review
v1v Mar 22, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
88 changes: 88 additions & 0 deletions .ci/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
SHELL = /bin/bash -eo pipefail

AWS_FOLDER = .aws
AWS_LAMBDA_ZIP_LOCATION = elastic-apm-agent/target

export AWS_FOLDER

dist:
@cp ../$(AWS_LAMBDA_ZIP_LOCATION)/elastic-apm-java-aws-lambda-layer-*.zip ../$(AWS_LAMBDA_ZIP_LOCATION)/$(ELASTIC_LAYER_NAME).zip

# List all the AWS regions
get-all-aws-regions:
@aws \
ec2 \
describe-regions \
--region us-east-1 \
--output json \
--no-cli-pager \
| jq -r '.Regions[].RegionName' > .regions

# Publish the given LAYER in all the AWS regions
publish-in-all-aws-regions: validate-layer-name get-all-aws-regions dist
@mkdir -p $(AWS_FOLDER)
@while read AWS_DEFAULT_REGION; do \
echo "publish '$(ELASTIC_LAYER_NAME)' in $${AWS_DEFAULT_REGION}"; \
AWS_DEFAULT_REGION="$${AWS_DEFAULT_REGION}" ELASTIC_LAYER_NAME=$(ELASTIC_LAYER_NAME) $(MAKE) publish > $(AWS_FOLDER)/$${AWS_DEFAULT_REGION}; \
AWS_DEFAULT_REGION="$${AWS_DEFAULT_REGION}" ELASTIC_LAYER_NAME=$(ELASTIC_LAYER_NAME) $(MAKE) grant-public-layer-access; \
done <.regions

# Publish the given LAYER in the given AWS region
publish: validate-layer-name validate-aws-default-region
@aws lambda \
--output json \
publish-layer-version \
--layer-name "$(ELASTIC_LAYER_NAME)" \
--description "AWS Lambda Extension Layer for the Elastic APM Java Agent" \
--compatible-runtimes java8.al2 java11 \
--license "Apache-2.0" \
--zip-file "fileb://../$(AWS_LAMBDA_ZIP_LOCATION)/$(ELASTIC_LAYER_NAME).zip"

# Grant public access to the given LAYER in the given AWS region
grant-public-layer-access: validate-layer-name validate-aws-default-region
@echo "[debug] $(ELASTIC_LAYER_NAME) with version: $$($(MAKE) -s --no-print-directory get-version)"
@aws lambda \
--output json \
add-layer-version-permission \
--layer-name "$(ELASTIC_LAYER_NAME)" \
--action lambda:GetLayerVersion \
--principal '*' \
--statement-id "$(ELASTIC_LAYER_NAME)" \
--version-number $$($(MAKE) -s --no-print-directory get-version) > $(AWS_FOLDER)/.$(AWS_DEFAULT_REGION)-public

# Generate the file with the ARN entries
create-arn-file: validate-suffix-arn-file
@./create-arn-table.sh

upload-lambda-asset: validate-release-version validate-layer-name
@gh release list
@gh \
release \
upload $(RELEASE_VERSION) \
./$(AWS_LAMBDA_ZIP_LOCATION)/$(ELASTIC_LAYER_NAME).zip

# Get the ARN Version for the AWS_REGIONS
# NOTE: jq -r .Version "$(AWS_FOLDER)/$(AWS_DEFAULT_REGION)" fails in the CI
# with 'parse error: Invalid numeric literal at line 1, column 5'
get-version: validate-aws-default-region
@grep '"Version"' "$(AWS_FOLDER)/$(AWS_DEFAULT_REGION)" | cut -d":" -f2 | sed 's/ //g' | cut -d"," -f1

validate-release-version:
ifndef RELEASE_VERSION
$(error RELEASE_VERSION is undefined)
endif

validate-suffix-arn-file:
ifndef SUFFIX_ARN_FILE
$(error SUFFIX_ARN_FILE is undefined)
endif

validate-layer-name:
ifndef ELASTIC_LAYER_NAME
$(error ELASTIC_LAYER_NAME is undefined)
endif

validate-aws-default-region:
ifndef AWS_DEFAULT_REGION
$(error AWS_DEFAULT_REGION is undefined)
endif
26 changes: 26 additions & 0 deletions .ci/create-arn-table.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
#!/usr/bin/env bash
set -o pipefail

#
# Create the AWS ARN table given the below environment variables:
#
# - AWS_FOLDER - that's the location of the publish-layer-version output for each region
# - SUFFIX_ARN_FILE - that's the output file.
#

ARN_FILE=${SUFFIX_ARN_FILE}

{
echo "### ARNs of the APM Java Agent's AWS Lambda Layer"
echo ''
echo '|Region|ARN|'
echo '|------|---|'
} > "${ARN_FILE}"

for f in $(ls "${AWS_FOLDER}"); do
LAYER_VERSION_ARN=$(grep '"LayerVersionArn"' "$AWS_FOLDER/${f}" | cut -d":" -f2- | sed 's/ //g' | sed 's/"//g' | cut -d"," -f1)
echo "INFO: create-arn-table ARN(${LAYER_VERSION_ARN}):region(${f}))"
echo "|${f}|${LAYER_VERSION_ARN}|" >> "${ARN_FILE}"
done

echo '' >> "${ARN_FILE}"
Copy link
Contributor

@cachedout cachedout Mar 15, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A trap here so this cleanup always runs, perhaps?

52 changes: 51 additions & 1 deletion .ci/release/Jenkinsfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,9 @@ pipeline {
SLACK_CHANNEL = '#apm-agent-java'
NOTIFY_TO = 'build-apm+apm-agent-java@elastic.co'
BRANCH_SPECIFIER = "${params.branch_specifier}"
SUFFIX_ARN_FILE = 'arn-file.md'
//RELEASE_AWS_LAMBDA_VERSION = '-ver-1-29-0'
//RELEASE_VERSION = '1.29.0'
}
options {
timeout(time: 3, unit: 'HOURS')
Expand All @@ -27,6 +30,7 @@ pipeline {
parameters {
string(name: 'branch_specifier', defaultValue: 'stable', description: "What branch to release from?")
booleanParam(name: 'check_branch_ci_status', defaultValue: true, description: "Check for failing tests in the given branch (if no stable branch)?")
booleanParam(name: 'publish_aws_lambda', defaultValue: true, description: "Whether to upload the AWS lambda")
}
stages {
stage('Initializing'){
Expand Down Expand Up @@ -131,6 +135,7 @@ pipeline {
env.RELEASE_TAG = "v" + user_release_version
env.RELEASE_VERSION = user_release_version
env.BRANCH_DOT_X = user_release_version.substring(0, user_release_version.indexOf('.'))+'.x'
env.RELEASE_AWS_LAMBDA_VERSION = '-ver-' + user_release_version.replaceAll('\\.', '-')
}
}
}
Expand Down Expand Up @@ -164,10 +169,43 @@ pipeline {
}
}
}
stage('Publish AWS Lambda') {
when {
//expression { params.publish_aws_lambda }
expression { return false }
}
environment {
SOURCE_AWS_FILE = "elastic-apm-java-aws-lambda-layer-${RELEASE_VERSION}.zip"
}
steps {
setEnvVar('ELASTIC_LAYER_NAME', "elastic-apm-java${env.RELEASE_AWS_LAMBDA_VERSION}")
withAWSEnv(secret: 'secret/observability-team/ci/service-account/apm-aws-lambda', role_id: 'apm-vault-role-id', secret_id: 'apm-vault-secret-id',
forceInstallation: true, version: '2.4.10') {
dir("${BASE_DIR}"){
dir ('elastic-apm-agent/target') {
// TODO: copy file from a google bucket
sh(label: 'fetch AWS lambda file', script: "wget https://github.com/elastic/apm-agent-java/releases/download/v${RELEASE_VERSION}/${SOURCE_AWS_FILE} -O ${SOURCE_AWS_FILE}")
}
Comment on lines +185 to +188
Copy link
Member Author

@v1v v1v Feb 11, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be changed!

Copy link
Contributor

@eyalkoren eyalkoren Feb 13, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We agreed to manually provide the build number, but this can also work, no objection 🙂

Copy link
Member Author

@v1v v1v Feb 14, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We agreed to manually provide the build number

It does not work, unfortunately, the internal controller does not allow to copy artifacts between different jobs.

I think we are now forced to merge the release pipeline with the post-release one. I'll poke you in the internal issue that contains further detials

Copy link
Member Author

@v1v v1v Feb 14, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#2453 (comment)

sh(label: 'make publish-in-all-aws-regions', script: 'make -C .ci publish-in-all-aws-regions')
sh(label: 'make create-arn-file', script: 'make -C .ci create-arn-file')
Copy link
Member Author

@v1v v1v Feb 10, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Archive the file to see the look%feel

}
}
}
post {
always {
archiveArtifacts(allowEmptyArchive: true, artifacts: "${BASE_DIR}/.ci/${SUFFIX_ARN_FILE}")
}
}
}
stage('Create GitHub release draft') {
when {
expression { return false }
}
steps {
dir("${BASE_DIR}"){
script {
def arnFile = ".ci/${SUFFIX_ARN_FILE}"
setEnvVar('ARN_CONTENT', fileExists(arnFile) ? readFile(arnFile) : '')
// Construct the URL with anchor for the release notes
// Ex: https://www.elastic.co/guide/en/apm/agent/java/current/release-notes-1.x.html#release-notes-1.13.0
def finalUrl = "https://www.elastic.co/guide/en/apm/agent/java/current/release-notes-${BRANCH_DOT_X}.html#release-notes-${RELEASE_VERSION}"
Expand All @@ -176,14 +214,17 @@ pipeline {
draft: true,
tagName: "${RELEASE_TAG}",
releaseName: "Release ${RELEASE_VERSION}",
body: "[Release Notes for ${RELEASE_VERSION}](${finalUrl})")
body: "[Release Notes for ${RELEASE_VERSION}](${finalUrl}) \n ${ARN_CONTENT}")
env.RELEASE_ID = ret['id']
env.RELEASE_NOTES_URL = finalUrl
}
}
}
}
stage('Wait for artifact to be available in Maven Central') {
when {
expression { return false }
}
steps {
dir("${BASE_DIR}"){
script {
Expand All @@ -199,6 +240,9 @@ pipeline {
}
}
stage('Update Cloudfoundry') {
when {
expression { return false }
}
steps {
dir("${BASE_DIR}"){
sh(script: ".ci/release/update_cloudfoundry.sh ${RELEASE_VERSION}")
Expand All @@ -207,6 +251,9 @@ pipeline {
}
}
stage('Publish release on GitHub') {
when {
expression { return false }
}
steps {
dir("${BASE_DIR}"){
waitUntil(initialRecurrencePeriod: 60000) {
Expand All @@ -222,6 +269,9 @@ pipeline {
}
}
stage('Build and push Docker images') {
when {
expression { return false }
}
steps {
dir("${BASE_DIR}"){
// fetch agent artifact from remote repository
Expand Down
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,3 +13,4 @@ docs/html/
**/__pycache__/
.m2/
fetch.log
.ci/.aws