-
Notifications
You must be signed in to change notification settings - Fork 17
140 lines (122 loc) · 4.94 KB
/
release_build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
name: Release Build
on:
workflow_dispatch:
inputs:
version:
description: The version to tag the release with, e.g., 1.2.0
required: true
env:
AWS_DEFAULT_REGION: us-east-1
AWS_PUBLIC_ECR_REGION: us-east-1
AWS_PRIVATE_ECR_REGION: us-west-2
RELEASE_PUBLIC_REPOSITORY: public.ecr.aws/aws-observability/adot-autoinstrumentation-python
RELEASE_PRIVATE_REPOSITORY: 020628701572.dkr.ecr.us-west-2.amazonaws.com/adot-autoinstrumentation-python
RELEASE_PRIVATE_REGISTRY: 020628701572.dkr.ecr.us-west-2.amazonaws.com
PACKAGE_NAME: aws-opentelemetry-distro
ARTIFACT_NAME: aws_opentelemetry_distro-${{ github.event.inputs.version }}-py3-none-any.whl
permissions:
id-token: write
contents: write
jobs:
build:
environment: Release
runs-on: ubuntu-latest
steps:
- name: Checkout Repo @ SHA - ${{ github.sha }}
uses: actions/checkout@v4
- name: Build Wheel and Image Files
uses: ./.github/actions/artifacts_build
with:
image_uri_with_tag: "adot-autoinstrumentation-python:test"
push_image: false
load_image: true
python_version: "3.10"
package_name: aws-opentelemetry-distro
os: ubuntu-latest
# TODO: Add some sort of smoke/integration testing before we go
# release the artifacts. adot java for reference:
# https://github.com/aws-observability/aws-otel-java-instrumentation/tree/93870a550ac30988fbdd5d3bf1e8f9f1b37916f5/smoke-tests
- name: Configure AWS credentials for PyPI secrets
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_ROLE_ARN_SECRETS_MANAGER }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: Get PyPI secrets
uses: aws-actions/aws-secretsmanager-get-secrets@v1
id: pypi_secrets
with:
secret-ids: |
PROD_PYPI_TOKEN,${{ secrets.PYPI_PROD_TOKEN_SECRET_ARN }}
TEST_PYPI_TOKEN,${{ secrets.PYPI_TEST_TOKEN_SECRET_ARN }}
parse-json-secrets: true
- name: Configure AWS credentials for private ECR
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_ROLE_ARN_ECR_RELEASE }}
aws-region: ${{ env.AWS_PRIVATE_ECR_REGION }}
- name: Log in to AWS private ECR
uses: docker/login-action@v3
with:
registry: ${{ env.RELEASE_PRIVATE_REGISTRY }}
- name: Configure AWS credentials for public ECR
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_ROLE_ARN_ECR_RELEASE }}
aws-region: ${{ env.AWS_PUBLIC_ECR_REGION }}
- name: Log in to AWS public ECR
uses: docker/login-action@v3
with:
registry: public.ecr.aws
# The step below publishes to testpypi in order to catch any issues
# with the package configuration that would cause a failure to upload to pypi.
- name: Install twine
run: pip install twine
- name: Publish to TestPyPI
env:
TWINE_USERNAME: '__token__'
TWINE_PASSWORD: ${{ env.TEST_PYPI_TOKEN_API_TOKEN }}
run: |
twine upload --repository testpypi --skip-existing --verbose dist/${{ env.ARTIFACT_NAME }}
# Publish to prod PyPI
- name: Publish to PyPI
env:
TWINE_USERNAME: '__token__'
TWINE_PASSWORD: ${{ env.PROD_PYPI_TOKEN_API_TOKEN }}
run: |
twine upload --skip-existing --verbose dist/${{ env.ARTIFACT_NAME }}
# Publish to public ECR
- name: Build and push public ECR image
uses: docker/build-push-action@v5
with:
push: true
context: .
file: ./Dockerfile
platforms: linux/amd64,linux/arm64
tags: |
${{ env.RELEASE_PUBLIC_REPOSITORY }}:v${{ github.event.inputs.version }}
# Publish to private ECR
- name: Build and push private ECR image
uses: docker/build-push-action@v5
with:
push: true
context: .
file: ./Dockerfile
platforms: linux/amd64,linux/arm64
tags: |
${{ env.RELEASE_PRIVATE_REPOSITORY }}:v${{ github.event.inputs.version }}
- name: Get SHA256 checksum of wheel file
id: get_sha256
run: |
shasum -a 256 dist/${{ env.ARTIFACT_NAME }} | sed "s|dist/||" > ${{ env.ARTIFACT_NAME }}.sha256
# Publish to GitHub releases
- name: Create GH release
id: create_release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
run: |
gh release create --target "$GITHUB_REF_NAME" \
--title "Release v${{ github.event.inputs.version }}" \
--draft \
"v${{ github.event.inputs.version }}" \
dist/${{ env.ARTIFACT_NAME }} \
${{ env.ARTIFACT_NAME }}.sha256