From a6ab668d0fc7d618d7e760e47f944e6a7a4fb72b Mon Sep 17 00:00:00 2001 From: Prashant Srivastava <50466688+srprash@users.noreply.github.com> Date: Wed, 6 Mar 2024 15:33:41 -0800 Subject: [PATCH] Refined release workflow (#97) The workflow will be tested soon and modifications will be made if required from the test. By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice. --- .github/actions/artifacts_build/action.yml | 2 +- .github/workflows/release_build.yml | 99 +++++++++++++------ .../amazon/opentelemetry/distro/version.py | 2 +- 3 files changed, 71 insertions(+), 32 deletions(-) diff --git a/.github/actions/artifacts_build/action.yml b/.github/actions/artifacts_build/action.yml index af121d33f..0f820ca84 100644 --- a/.github/actions/artifacts_build/action.yml +++ b/.github/actions/artifacts_build/action.yml @@ -13,7 +13,7 @@ inputs: required: true description: "Image Registry" snapshot-ecr-role: - require: true + required: true description: "IAM Role used for pushing to snapshot ecr" push_image: required: true diff --git a/.github/workflows/release_build.yml b/.github/workflows/release_build.yml index fd8d35e1f..952e98caf 100644 --- a/.github/workflows/release_build.yml +++ b/.github/workflows/release_build.yml @@ -1,16 +1,19 @@ -#This Release Build workflow is not fully ready yet, will be tested as Beta release when it is ready. name: Release Build on: workflow_dispatch: inputs: version: - description: The version to tag the release with, e.g., 1.2.0, 1.2.1-alpha.1 + description: The version to tag the release with, e.g., 1.2.0 required: true env: AWS_DEFAULT_REGION: us-east-1 - ECR_REGISTRY: 637423224110.dkr.ecr.us-east-1.amazonaws.com - PRIVATE_ECR_REPOSITORY: eks/observability/adot-autoinstrumentation-python + AWS_PUBLIC_ECR_REGION: us-east-1 + AWS_PRIVATE_ECR_REGION: us-west-2 + RELEASE_PUBLIC_REPOSITORY: public.ecr.aws/aws-observability/adot-autoinstrumentation-python + RELEASE_PRIVATE_REPOSITORY: 020628701572.dkr.ecr.us-west-2.amazonaws.com/adot-autoinstrumentation-python + RELEASE_PRIVATE_REGISTRY: 020628701572.dkr.ecr.us-west-2.amazonaws.com + PACKAGE_NAME: aws-opentelemetry-distro permissions: id-token: write @@ -23,62 +26,98 @@ jobs: - name: Checkout Contrib Repo @ SHA - ${{ github.sha }} uses: actions/checkout@v4 + # NOTE: do not set push_image to true for this step. + # Some of the required params below are set to dummy values + # as they are only used in the artifacts_build action when push_image is true, + # and setting them to some legit value might cause confusion + # to readers. - name: Build Wheel and Image Files uses: ./.github/actions/artifacts_build with: aws-region: ${{ env.AWS_DEFAULT_REGION }} - image_uri_with_tag: ${{ env.ECR_REGISTRY }}/${{ env.PRIVATE_ECR_REPOSITORY }}:v${{ github.event.inputs.version }} - image_registry: ${{ env.ECR_REGISTRY }} - snapshot-ecr-role: ${{ secrets.AWS_ASSUME_ROLE_ARN }} + image_uri_with_tag: "adot-autoinstrumentation-python:test" + image_registry: "dummy-registry" + snapshot-ecr-role: "dummy-role" push_image: false load_image: false python_version: "3.10" package_name: aws-opentelemetry-distro os: ubuntu-latest - - name: Get PyPI secrets by name and ARN + # TODO: Add some sort of smoke/integration testing before we go + # release the artifacts. adot java for reference: + # https://github.com/aws-observability/aws-otel-java-instrumentation/tree/93870a550ac30988fbdd5d3bf1e8f9f1b37916f5/smoke-tests + + - name: Configure AWS credentials for PyPI secrets + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_ROLE_ARN_PYPI_RELEASE }} + aws-region: ${{ env.AWS_DEFAULT_REGION }} + + - name: Get PyPI secrets uses: aws-actions/aws-secretsmanager-get-secrets@v1 id: pypi_secrets with: secret-ids: | - PROD_PYPI_TOKEN,arn:aws:secretsmanager:us-east-1:637423224110:secret:prod/PyPI/apiToken-W2a9ny - TEST_PYPI_TOKEN,arn:aws:secretsmanager:us-east-1:637423224110:secret:test/PyPI/apiToken-z5iqc6 + PROD_PYPI_TOKEN,${{ secrets.PYPI_PROD_TOKEN_SECRET_ARN }} + TEST_PYPI_TOKEN,${{ secrets.PYPI_TEST_TOKEN_SECRET_ARN }} + parse-json-secrets: true - - name: Export distro version - id: distro_version - shell: bash - run: | - pkg_version=$(grep '__version__' ./aws-opentelemetry-distro/src/amazon/opentelemetry/distro/version.py | awk -F '"' '{print $2}') - echo "ADOT_PYTHON_VERSION=$pkg_version" >> $GITHUB_OUTPUT + - name: Configure AWS credentials for private ECR + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_ROLE_ARN_ECR_RELEASE }} + aws-region: ${{ env.AWS_PRIVATE_ECR_REGION }} + + - name: Log in to AWS private ECR + uses: docker/login-action@v3 + with: + registry: ${{ env.RELEASE_PRIVATE_REGISTRY }} + + - name: Configure AWS credentials for public ECR + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_ROLE_ARN_ECR_RELEASE }} + aws-region: ${{ env.AWS_PUBLIC_ECR_REGION }} + + - name: Log in to AWS public ECR + uses: docker/login-action@v3 + with: + registry: public.ecr.aws # The step below publishes to testpypi in order to catch any issues # with the package configuration that would cause a failure to upload to pypi. + - name: Install twine + run: pip install twine + - name: Publish to TestPyPI env: TWINE_USERNAME: '__token__' - TWINE_PASSWORD: ${{ steps.pypi_secrets.outputs.TEST_PYPI_TOKEN }} + TWINE_PASSWORD: ${{ env.TEST_PYPI_TOKEN_API_TOKEN }} run: | - pip install --upgrade twine - twine upload --repository testpypi --skip-existing --verbose dist/aws_opentelemetry_distro-${{ steps.distro_version.outputs.ADOT_PYTHON_VERSION }}-py3-none-any.whl + twine upload --repository testpypi --skip-existing --verbose dist/aws_opentelemetry_distro-${{ github.event.inputs.version }}-py3-none-any.whl - - name: Push release image + # The following step publish to ECR + - name: Build and push images uses: docker/build-push-action@v5 with: push: true context: . file: ./Dockerfile platforms: linux/amd64,linux/arm64 - tags: ${{ env.ECR_REGISTRY }}/${{ env.PRIVATE_ECR_REPOSITORY }}:v${{ github.event.inputs.version }} + tags: | + ${{ env.RELEASE_PRIVATE_REPOSITORY }}:v${{ github.event.inputs.version }} + ${{ env.RELEASE_PUBLIC_REPOSITORY }}:v${{ github.event.inputs.version }} -#TODO: Uncomment "Publish to PyPI" after test release_build workflow. -# - name: Publish to PyPI -# env: -# TWINE_USERNAME: '__token__' -# TWINE_PASSWORD: ${{ steps.pypi_secrets.outputs.PROD_PYPI_TOKEN }} -# run: | -# twine upload --skip-existing --verbose dist/aws_opentelemetry_distro-${{ steps.distro_version.outputs.ADOT_PYTHON_VERSION }}-py3-none-any.whl + # Publish to prod PyPI + - name: Publish to PyPI + env: + TWINE_USERNAME: '__token__' + TWINE_PASSWORD: ${{ env.PROD_PYPI_TOKEN_API_TOKEN }} + run: | + twine upload --skip-existing --verbose dist/aws_opentelemetry_distro-${{ github.event.inputs.version }}-py3-none-any.whl - - name: Create release + - name: Create GH release id: create_release env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token @@ -87,4 +126,4 @@ jobs: --title "Release v${{ github.event.inputs.version }}" \ --draft \ "v${{ github.event.inputs.version }}" \ - dist/aws_opentelemetry_distro-${{ steps.distro_version.outputs.ADOT_PYTHON_VERSION }}-py3-none-any.whl + dist/aws_opentelemetry_distro-${{ github.event.inputs.version }}-py3-none-any.whl diff --git a/aws-opentelemetry-distro/src/amazon/opentelemetry/distro/version.py b/aws-opentelemetry-distro/src/amazon/opentelemetry/distro/version.py index 375cf945b..5167753fc 100644 --- a/aws-opentelemetry-distro/src/amazon/opentelemetry/distro/version.py +++ b/aws-opentelemetry-distro/src/amazon/opentelemetry/distro/version.py @@ -1,4 +1,4 @@ # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 -__version__ = "0.0.1" +__version__ = "0.0.0.dev"