-
Notifications
You must be signed in to change notification settings - Fork 0
287 lines (240 loc) · 9.73 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
name: Release
on:
workflow_dispatch:
inputs:
run_maven_release:
type: boolean
default: false
required: false
description: Choose whether to do maven release
run_github_release:
type: boolean
default: false
required: false
description: Choose whether to do Github release
run_s3_upload:
type: boolean
default: false
required: false
description: Choose whether to do S3 upload
run_lambda_publish:
type: boolean
default: false
required: false
description: Choose whether to do lambda publish
permissions:
packages: write
contents: write
id-token: write
env:
GITHUB_USERNAME: ${{ github.actor }}
PROD_BUCKET: ${{ secrets.PROD_BUCKET }}
jobs:
maven_release:
if: inputs.run_maven_release
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v3
- name: Publish
run: ./gradlew publish
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# The secrets are for publishing the build artifacts to the Maven Central.
SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
SONATYPE_TOKEN: ${{ secrets.SONATYPE_TOKEN }}
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
GPG_PRIVATE_KEY_PASSPHRASE: ${{ secrets.GPG_PRIVATE_KEY_PASSPHRASE }}
github_release:
if: inputs.run_github_release
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
- name: Build agent
run: ./gradlew clean build -x test
- name: Release and upload artifacts
run: |
VERSION=$(unzip -p agent/build/libs/solarwinds-apm-agent.jar META-INF/MANIFEST.MF | grep Implementation-Version | awk '{ print $2 }')
VERSION=$(echo $VERSION | sed 's/[^a-z0-9.-]//g') # remove illegal characters
echo "Current version is $VERSION"
response=$(curl -fs -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${GITHUB_TOKEN}"\
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/$GITHUB_REPOSITORY/releases \
-d '{"tag_name":"v'"$VERSION"'", "name":"v'"$VERSION"'", "body":"New release: v'"$VERSION"'", "draft":false, "prerelease":false}')
release_id=$(echo "$response" | jq -r '.id')
echo "version: $VERSION" > version.txt
SHA256=$(sha256sum agent/build/libs/solarwinds-apm-agent.jar | awk '{print $1}')
echo "sha256: $SHA256" > checksum.txt
# Function to upload a file to GitHub release
upload_file_to_release() {
local release_id="$1"
local file_path="$2"
# Extract filename from file path
file_name=$(basename "$file_path")
# Upload file to GitHub release
curl -fs \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer $GITHUB_TOKEN" \
-H "Content-Type: application/octet-stream" \
--data-binary @"$file_path" \
"https://uploads.github.com/repos/$GITHUB_REPOSITORY/releases/$release_id/assets?name=$file_name"
}
# Upload file to GitHub release
upload_file_to_release "$release_id" "version.txt"
upload_file_to_release "$release_id" "checksum.txt"
upload_file_to_release "$release_id" "agent/build/libs/solarwinds-apm-agent.jar"
upload_file_to_release "$release_id" "custom/shared/src/main/resources/solarwinds-apm-config.json"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
s3-prod-upload: # this job uploads the jar and default config json to prod s3
if: inputs.run_s3_upload
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
- name: Build
run: ./gradlew clean build -x test
- name: Aws setup
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_S3_ROLE_ARN_SSP_PROD }}
aws-region: "us-east-1"
- name: Set agent version env
run: |
echo "AGENT_VERSION=$(cd agent/build/libs && unzip -p solarwinds-apm-agent.jar META-INF/MANIFEST.MF | grep Implementation-Version | awk '{ print $2 }' | sed 's/[^a-z0-9.-]//g')" >> $GITHUB_ENV
- name: Check version doesn't exist
run: |
# make sure this version hasn't been pushed to prod yet
if curl -f -s "https://agent-binaries.cloud.solarwinds.com/apm/java/$AGENT_VERSION/solarwinds-apm-config.json" > /dev/null; then
echo "This version has been deployed to production already!"
exit 1
fi
- name: Copy to S3
run: |
aws s3 cp agent/build/libs/solarwinds-apm-agent.jar \
s3://$PROD_BUCKET/apm/java/$AGENT_VERSION/solarwinds-apm-agent.jar \
--acl public-read
aws s3 cp custom/shared/src/main/resources/solarwinds-apm-config.json \
s3://$PROD_BUCKET/apm/java/$AGENT_VERSION/solarwinds-apm-config.json \
--acl public-read
- name: Copy to S3(latest)
run: |
aws s3 cp s3://$PROD_BUCKET/apm/java/$AGENT_VERSION/solarwinds-apm-agent.jar \
s3://$PROD_BUCKET/apm/java/latest/solarwinds-apm-agent.jar \
--acl public-read
aws s3 cp s3://$PROD_BUCKET/apm/java/$AGENT_VERSION/solarwinds-apm-config.json \
s3://$PROD_BUCKET/apm/java/latest/solarwinds-apm-config.json \
--acl public-read
touch VERSION
echo "version: $AGENT_VERSION" >> VERSION
SHA256=$(sha256sum agent/build/libs/solarwinds-apm-agent.jar)
echo "sha256: $SHA256" >> VERSION
aws s3 cp VERSION \
s3://$PROD_BUCKET/apm/java/latest/VERSION \
--acl public-read
lambda-publish:
if: inputs.run_lambda_publish
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
- name: Aws setup
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_LAMBDA_ROLE_PROD }}
aws-region: "us-east-1"
- name: Build agent
run: ./gradlew clean build -x test
- name: Create zip
run: ./gradlew :agent-lambda:lambda-layer
- name: Set agent version env
run: |
echo "AGENT_VERSION=v$(cd agent/build/libs && unzip -p solarwinds-apm-agent.jar META-INF/MANIFEST.MF | grep Implementation-Version | awk '{ print $2 }' | sed 's/[^a-z0-9.-]//g')" >> $GITHUB_ENV
- name: Create lambda layer
run: |
regions=(
"ap-northeast-1"
"ap-northeast-2"
"ap-south-1"
"ap-southeast-1"
"ap-southeast-2"
"ca-central-1"
"eu-central-1"
"eu-north-1"
"eu-west-1"
"eu-west-2"
"eu-west-3"
"sa-east-1"
"us-east-1"
"us-east-2"
"us-west-1"
"us-west-2")
VERSION=$(echo "$AGENT_VERSION" | sed 's/[.]/_/g')
LAYER_NAME="solarwinds-apm-java-$VERSION"
touch arns.txt
layer_size=$(stat --printf=%s agent-lambda/build/lambda-layer/layer.zip)
set +e
for region in "${regions[@]}"; do
status=0
aws lambda publish-layer-version \
--layer-name $LAYER_NAME \
--compatible-runtimes "java21" "java17" "java11" "java8.al2" \
--compatible-architectures "x86_64" "arm64" \
--description "Solarwinds' apm java lambda instrumentation layer, version: $AGENT_VERSION" \
--region "$region" \
--zip-file fileb://agent-lambda/build/lambda-layer/layer.zip \
--output json > output.json
status=$?
if [ "$status" != 0 ]; then
echo "FAILED: publish $region"
continue
fi
pub_versionarn=$(jq -r '.LayerVersionArn' output.json)
pub_arn=$(jq -r '.LayerArn' output.json)
pub_version=$(jq -r '.Version' output.json)
pub_size=$(jq -r '.Content.CodeSize' output.json)
echo '-- verifying published layer --'
if [ "$pub_size" != "$layer_size" ]; then
echo "FAILED: Region = $region, versonArn = $pub_versionarn published size = $pub_size, expected size = $layer_size"
continue
fi
aws lambda add-layer-version-permission \
--region "$region" \
--layer-name "$pub_arn" \
--version-number "$pub_version" \
--principal '*' \
--action lambda:GetLayerVersion \
--statement-id global-GetLayerVersion
status=$?
if [ "$status" != 0 ]; then
echo "FAILED: add permission region = $region, versionArn = $pub_versionarn"
continue
fi
echo "$pub_versionarn" >> arns.txt
done
- uses: actions/upload-artifact@v4
with:
path: arns.txt
name: arns