Skip to content

Refined release workflow #97

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Mar 6, 2024
Merged

Refined release workflow #97

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
f09e03d
polishing the release workflow
srprash Mar 5, 2024
5797393
Merge branch 'main' into release-wf
srprash Mar 5, 2024
09b9510
address review comments
srprash Mar 6, 2024
f7118d8
run wf on push. change version to 0.0.0
srprash Mar 6, 2024
5e1c4c4
added step to install twine
srprash Mar 6, 2024
9f9f7e9
revert test changes. address PR comments.
srprash Mar 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/actions/artifacts_build/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ inputs:
required: true
description: "Image Registry"
snapshot-ecr-role:
require: true
required: true
description: "IAM Role used for pushing to snapshot ecr"
push_image:
required: true
Expand Down
99 changes: 69 additions & 30 deletions .github/workflows/release_build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,16 +1,19 @@
#This Release Build workflow is not fully ready yet, will be tested as Beta release when it is ready.
name: Release Build
on:
workflow_dispatch:
inputs:
version:
description: The version to tag the release with, e.g., 1.2.0, 1.2.1-alpha.1
description: The version to tag the release with, e.g., 1.2.0
required: true

env:
AWS_DEFAULT_REGION: us-east-1
ECR_REGISTRY: 637423224110.dkr.ecr.us-east-1.amazonaws.com
PRIVATE_ECR_REPOSITORY: eks/observability/adot-autoinstrumentation-python
AWS_PUBLIC_ECR_REGION: us-east-1
AWS_PRIVATE_ECR_REGION: us-west-2
RELEASE_PUBLIC_REPOSITORY: public.ecr.aws/aws-observability/adot-autoinstrumentation-python
RELEASE_PRIVATE_REPOSITORY: 020628701572.dkr.ecr.us-west-2.amazonaws.com/adot-autoinstrumentation-python
RELEASE_PRIVATE_REGISTRY: 020628701572.dkr.ecr.us-west-2.amazonaws.com
PACKAGE_NAME: aws-opentelemetry-distro

permissions:
id-token: write
Expand All @@ -23,62 +26,98 @@ jobs:
- name: Checkout Contrib Repo @ SHA - ${{ github.sha }}
uses: actions/checkout@v4

# NOTE: do not set push_image to true for this step.
# Some of the required params below are set to dummy values
# as they are only used in the artifacts_build action when push_image is true,
# and setting them to some legit value might cause confusion
# to readers.
- name: Build Wheel and Image Files
uses: ./.github/actions/artifacts_build
with:
aws-region: ${{ env.AWS_DEFAULT_REGION }}
image_uri_with_tag: ${{ env.ECR_REGISTRY }}/${{ env.PRIVATE_ECR_REPOSITORY }}:v${{ github.event.inputs.version }}
image_registry: ${{ env.ECR_REGISTRY }}
snapshot-ecr-role: ${{ secrets.AWS_ASSUME_ROLE_ARN }}
image_uri_with_tag: "adot-autoinstrumentation-python:test"
image_registry: "dummy-registry"
snapshot-ecr-role: "dummy-role"
push_image: false
load_image: false
python_version: "3.10"
package_name: aws-opentelemetry-distro
os: ubuntu-latest

- name: Get PyPI secrets by name and ARN
# TODO: Add some sort of smoke/integration testing before we go
# release the artifacts. adot java for reference:
# https://github.com/aws-observability/aws-otel-java-instrumentation/tree/93870a550ac30988fbdd5d3bf1e8f9f1b37916f5/smoke-tests

- name: Configure AWS credentials for PyPI secrets
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_ROLE_ARN_PYPI_RELEASE }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}

- name: Get PyPI secrets
uses: aws-actions/aws-secretsmanager-get-secrets@v1
id: pypi_secrets
with:
secret-ids: |
PROD_PYPI_TOKEN,arn:aws:secretsmanager:us-east-1:637423224110:secret:prod/PyPI/apiToken-W2a9ny
TEST_PYPI_TOKEN,arn:aws:secretsmanager:us-east-1:637423224110:secret:test/PyPI/apiToken-z5iqc6
PROD_PYPI_TOKEN,${{ secrets.PYPI_PROD_TOKEN_SECRET_ARN }}
TEST_PYPI_TOKEN,${{ secrets.PYPI_TEST_TOKEN_SECRET_ARN }}
parse-json-secrets: true

- name: Export distro version
id: distro_version
shell: bash
run: |
pkg_version=$(grep '__version__' ./aws-opentelemetry-distro/src/amazon/opentelemetry/distro/version.py | awk -F '"' '{print $2}')
echo "ADOT_PYTHON_VERSION=$pkg_version" >> $GITHUB_OUTPUT
- name: Configure AWS credentials for private ECR
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_ROLE_ARN_ECR_RELEASE }}
aws-region: ${{ env.AWS_PRIVATE_ECR_REGION }}

- name: Log in to AWS private ECR
uses: docker/login-action@v3
with:
registry: ${{ env.RELEASE_PRIVATE_REGISTRY }}

- name: Configure AWS credentials for public ECR
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_ROLE_ARN_ECR_RELEASE }}
aws-region: ${{ env.AWS_PUBLIC_ECR_REGION }}

- name: Log in to AWS public ECR
uses: docker/login-action@v3
with:
registry: public.ecr.aws

# The step below publishes to testpypi in order to catch any issues
# with the package configuration that would cause a failure to upload to pypi.
- name: Install twine
run: pip install twine

- name: Publish to TestPyPI
env:
TWINE_USERNAME: '__token__'
TWINE_PASSWORD: ${{ steps.pypi_secrets.outputs.TEST_PYPI_TOKEN }}
TWINE_PASSWORD: ${{ env.TEST_PYPI_TOKEN_API_TOKEN }}
run: |
pip install --upgrade twine
twine upload --repository testpypi --skip-existing --verbose dist/aws_opentelemetry_distro-${{ steps.distro_version.outputs.ADOT_PYTHON_VERSION }}-py3-none-any.whl
twine upload --repository testpypi --skip-existing --verbose dist/aws_opentelemetry_distro-${{ github.event.inputs.version }}-py3-none-any.whl

- name: Push release image
# The following step publish to ECR
- name: Build and push images
uses: docker/build-push-action@v5
with:
push: true
context: .
file: ./Dockerfile
platforms: linux/amd64,linux/arm64
tags: ${{ env.ECR_REGISTRY }}/${{ env.PRIVATE_ECR_REPOSITORY }}:v${{ github.event.inputs.version }}
tags: |
${{ env.RELEASE_PRIVATE_REPOSITORY }}:v${{ github.event.inputs.version }}
${{ env.RELEASE_PUBLIC_REPOSITORY }}:v${{ github.event.inputs.version }}

#TODO: Uncomment "Publish to PyPI" after test release_build workflow.
# - name: Publish to PyPI
# env:
# TWINE_USERNAME: '__token__'
# TWINE_PASSWORD: ${{ steps.pypi_secrets.outputs.PROD_PYPI_TOKEN }}
# run: |
# twine upload --skip-existing --verbose dist/aws_opentelemetry_distro-${{ steps.distro_version.outputs.ADOT_PYTHON_VERSION }}-py3-none-any.whl
# Publish to prod PyPI
- name: Publish to PyPI
env:
TWINE_USERNAME: '__token__'
TWINE_PASSWORD: ${{ env.PROD_PYPI_TOKEN_API_TOKEN }}
run: |
twine upload --skip-existing --verbose dist/aws_opentelemetry_distro-${{ github.event.inputs.version }}-py3-none-any.whl

- name: Create release
- name: Create GH release
id: create_release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
Expand All @@ -87,4 +126,4 @@ jobs:
--title "Release v${{ github.event.inputs.version }}" \
--draft \
"v${{ github.event.inputs.version }}" \
dist/aws_opentelemetry_distro-${{ steps.distro_version.outputs.ADOT_PYTHON_VERSION }}-py3-none-any.whl
dist/aws_opentelemetry_distro-${{ github.event.inputs.version }}-py3-none-any.whl
2 changes: 1 addition & 1 deletion aws-opentelemetry-distro/src/amazon/opentelemetry/distro/version.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0

__version__ = "0.0.1"
__version__ = "0.0.0.dev"