diff --git a/.github/workflows/release-build.yml b/.github/workflows/release-build.yml index 9e6fa37e17..ef33e6663b 100644 --- a/.github/workflows/release-build.yml +++ b/.github/workflows/release-build.yml @@ -1,5 +1,6 @@ name: Release Build on: + push: workflow_dispatch: inputs: version: @@ -13,6 +14,7 @@ env: PUBLIC_REPOSITORY: public.ecr.aws/aws-observability/adot-autoinstrumentation-java PRIVATE_REPOSITORY: 020628701572.dkr.ecr.us-west-2.amazonaws.com/adot-autoinstrumentation-java PRIVATE_REGISTRY: 020628701572.dkr.ecr.us-west-2.amazonaws.com + ARTIFACT_NAME: aws-opentelemetry-agent.jar permissions: id-token: write @@ -29,122 +31,109 @@ jobs: distribution: 'temurin' - uses: gradle/wrapper-validation-action@v1 - - name: Publish patched dependencies to maven local - uses: ./.github/actions/patch-dependencies - with: - gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} - gpg_password: ${{ secrets.GPG_PASSPHRASE }} + # - name: Publish patched dependencies to maven local + # uses: ./.github/actions/patch-dependencies + # with: + # gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} + # gpg_password: ${{ secrets.GPG_PASSPHRASE }} - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }} - aws-region: ${{ env.AWS_PUBLIC_ECR_REGION }} + # - name: Configure AWS Credentials + # uses: aws-actions/configure-aws-credentials@v4 + # with: + # role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }} + # aws-region: ${{ env.AWS_PUBLIC_ECR_REGION }} - - name: Log in to AWS ECR - uses: docker/login-action@v3 - with: - registry: public.ecr.aws + # - name: Log in to AWS ECR + # uses: docker/login-action@v3 + # with: + # registry: public.ecr.aws - name: Build release with Gradle uses: gradle/gradle-build-action@v3 with: - arguments: build integrationTests -PlocalDocker=true -Prelease.version=${{ github.event.inputs.version }} --stacktrace - - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN_RELEASE }} - aws-region: ${{ env.AWS_PUBLIC_ECR_REGION }} - - - name: Log in to AWS ECR - uses: docker/login-action@v3 - with: - registry: public.ecr.aws - - - name: Configure AWS Credentials for Private ECR - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN_RELEASE }} - aws-region: ${{ env.AWS_PRIVATE_ECR_REGION }} - - - name: Log in to AWS private ECR - uses: docker/login-action@v3 - with: - registry: ${{ env.PRIVATE_REGISTRY }} - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - with: - driver-opts: image=moby/buildkit:v0.15.1 - - - name: Build image for testing - uses: docker/build-push-action@v5 - with: - push: false - build-args: "ADOT_JAVA_VERSION=${{ github.event.inputs.version }}" - context: . - platforms: linux/amd64 - tags: ${{ env.TEST_TAG }} - load: true - - - name: Test docker image - shell: bash - run: .github/scripts/test-adot-javaagent-image.sh "${{ env.TEST_TAG }}" "${{ github.event.inputs.version }}" - - - name: Build and push image - uses: docker/build-push-action@v5 - with: - push: true - build-args: "ADOT_JAVA_VERSION=${{ github.event.inputs.version }}" - context: . - platforms: linux/amd64,linux/arm64 - tags: | - ${{ env.PUBLIC_REPOSITORY }}:v${{ github.event.inputs.version }} - ${{ env.PRIVATE_REPOSITORY }}:v${{ github.event.inputs.version }} - - - name: Build and Publish release with Gradle - uses: gradle/gradle-build-action@v3 - with: - arguments: build final closeAndReleaseSonatypeStagingRepository -Prelease.version=${{ github.event.inputs.version }} --stacktrace - env: - PUBLISH_TOKEN_USERNAME: ${{ secrets.PUBLISH_TOKEN_USERNAME }} - PUBLISH_TOKEN_PASSWORD: ${{ secrets.PUBLISH_TOKEN_PASSWORD }} - GRGIT_USER: ${{ secrets.GITHUB_TOKEN }} - GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} - GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} + arguments: build integrationTests -PlocalDocker=true -Prelease.version=0.0.0 --stacktrace + + # - name: Configure AWS Credentials + # uses: aws-actions/configure-aws-credentials@v4 + # with: + # role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN_RELEASE }} + # aws-region: ${{ env.AWS_PUBLIC_ECR_REGION }} + + # - name: Log in to AWS ECR + # uses: docker/login-action@v3 + # with: + # registry: public.ecr.aws + + # - name: Configure AWS Credentials for Private ECR + # uses: aws-actions/configure-aws-credentials@v4 + # with: + # role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN_RELEASE }} + # aws-region: ${{ env.AWS_PRIVATE_ECR_REGION }} + + # - name: Log in to AWS private ECR + # uses: docker/login-action@v3 + # with: + # registry: ${{ env.PRIVATE_REGISTRY }} + + # - name: Set up QEMU + # uses: docker/setup-qemu-action@v3 + + # - name: Set up Docker Buildx + # uses: docker/setup-buildx-action@v3 + # with: + # driver-opts: image=moby/buildkit:v0.15.1 + + # - name: Build image for testing + # uses: docker/build-push-action@v5 + # with: + # push: false + # build-args: "ADOT_JAVA_VERSION=0.0.0" + # context: . + # platforms: linux/amd64 + # tags: ${{ env.TEST_TAG }} + # load: true + + # - name: Test docker image + # shell: bash + # run: .github/scripts/test-adot-javaagent-image.sh "${{ env.TEST_TAG }}" "0.0.0" + + # - name: Build and push image + # uses: docker/build-push-action@v5 + # with: + # push: true + # build-args: "ADOT_JAVA_VERSION=0.0.0" + # context: . + # platforms: linux/amd64,linux/arm64 + # tags: | + # ${{ env.PUBLIC_REPOSITORY }}:v0.0.0 + # ${{ env.PRIVATE_REPOSITORY }}:v0.0.0 + + # - name: Build and Publish release with Gradle + # uses: gradle/gradle-build-action@v3 + # with: + # arguments: build final closeAndReleaseSonatypeStagingRepository -Prelease.version=0.0.0 --stacktrace + # env: + # PUBLISH_TOKEN_USERNAME: ${{ secrets.PUBLISH_TOKEN_USERNAME }} + # PUBLISH_TOKEN_PASSWORD: ${{ secrets.PUBLISH_TOKEN_PASSWORD }} + # GRGIT_USER: ${{ secrets.GITHUB_TOKEN }} + # GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} + # GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} + + + - name: Get SHA256 checksum of release artifact + id: get_sha256 + run: | + cp "otelagent/build/libs/aws-opentelemetry-agent-0.0.0.jar" ${{ env.ARTIFACT_NAME }} + shasum -a 256 ${{ env.ARTIFACT_NAME }} > ${{ env.ARTIFACT_NAME }}.sha256 - name: Create release env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token run: | - cp "otelagent/build/libs/aws-opentelemetry-agent-${{ github.event.inputs.version }}.jar" aws-opentelemetry-agent.jar + gh release create --target "$GITHUB_REF_NAME" \ - --title "Release v${{ github.event.inputs.version }}" \ + --title "Release v0.0.0" \ --draft \ - "v${{ github.event.inputs.version }}" \ - aws-opentelemetry-agent.jar - - - name: Get SHA256 checksum of wheel file - id: get_sha256 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - checksum=$(shasum -a 256 aws-opentelemetry-agent.jar | awk '{ print $1 }') - echo "CHECKSUM=$checksum" >> $GITHUB_OUTPUT - - - name: Append checksum and update version - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - echo "${{ github.event.inputs.version }} ${{ steps.get_sha256.outputs.CHECKSUM }}" >> checksum.txt - echo "${{ github.event.inputs.version }}" > version.txt - - git config --local user.email "github-actions[bot]@users.noreply.github.com" - git config --local user.name "GitHub Action Release Workflow" - git add checksum.txt version.txt - git commit -m "Update latest version and append checksum" - git push + "v0.0.0" \ + ${{ env.ARTIFACT_NAME }} \ + ${{ env.ARTIFACT_NAME }}.sha256 diff --git a/README.md b/README.md index 0f515b791f..9c9719dcde 100644 --- a/README.md +++ b/README.md @@ -46,3 +46,8 @@ Please note that as per policy, we're providing support via GitHub on a best eff ## Security issue notifications If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue. + +## Checksum Verification +Artifacts released will include a `.sha256` file for checksum verification starting from v1.32.6 +To verify, run the command `shasum -a 256 -c .sha256` +It should return the output `: OK` if the validation is successful diff --git a/checksum.txt b/checksum.txt deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/version.txt b/version.txt deleted file mode 100644 index e69de29bb2..0000000000