Bump actions/attest-build-provenance from 2.0.1 to 2.1.0 in the githu… #275
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: release-main | |
on: | |
push: | |
branches: [ "main" ] | |
permissions: | |
attestations: write | |
contents: write | |
id-token: write | |
issues: write | |
packages: write | |
env: | |
NUGET_PACKAGES: ${{ github.workspace }}/.nuget/packages | |
jobs: | |
release: | |
runs-on: ubuntu-latest | |
env: | |
DOCKER_IMAGE_NAME: "docker.elastic.co/observability/apm-agent-dotnet" | |
PREFIX_APM_AGENT: "build/output/ElasticApmAgent_" | |
PREFIX_APM_PROFILER: "build/output/elastic_apm_profiler_" | |
SUFFIX_APM_AGENT: ".zip" | |
SUFFIX_APM_PROFILER: "-linux-x64.zip" | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Bootstrap Action Workspace | |
id: bootstrap | |
uses: ./.github/workflows/bootstrap | |
with: | |
rust: 'true' | |
- name: Package with canary suffix | |
run: ./build.sh pack | |
- name: generate build provenance | |
uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0 | |
with: | |
subject-path: "${{ github.workspace }}/build/output/_packages/*.nupkg" | |
# Github packages requires authentication, this is likely going away in the future so for now we publish to feedz.io | |
- name: publish canary packages to feedz.io | |
run: dotnet nuget push 'build/output/_packages/*.nupkg' -k ${{ secrets.FEEDZ_IO_API_KEY }} -s ${{ secrets.FEEDZ_IO_API_URL }} --skip-duplicate --no-symbols | |
- name: publish canary packages github package repository | |
run: dotnet nuget push 'build/output/_packages/*.nupkg' -k ${{secrets.GITHUB_TOKEN}} -s https://nuget.pkg.github.com/elastic/index.json --skip-duplicate --no-symbols | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 | |
- name: Log in to the Elastic Container registry | |
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
with: | |
registry: ${{ secrets.ELASTIC_DOCKER_REGISTRY }} | |
username: ${{ secrets.ELASTIC_DOCKER_USERNAME }} | |
password: ${{ secrets.ELASTIC_DOCKER_PASSWORD }} | |
- name: Extract metadata (tags, labels) | |
id: docker-meta | |
uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 | |
with: | |
images: ${{ env.DOCKER_IMAGE_NAME }} | |
flavor: | | |
latest=auto | |
tags: | | |
# "1.2.3" and "latest" Docker tags on push of git tag "v1.2.3" | |
type=raw,value=${{ steps.bootstrap.outputs.agent-version }} | |
# "edge" Docker tag on git push to default branch | |
type=edge | |
- name: Build and Push Profiler Docker Image | |
id: docker-push | |
continue-on-error: true # continue for now until we see it working in action | |
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 | |
with: | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
context: . | |
platforms: linux/amd64,linux/arm64 | |
push: true | |
tags: ${{ steps.docker-meta.outputs.tags }} | |
labels: ${{ steps.docker-meta.outputs.labels }} | |
build-args: | | |
AGENT_ZIP_FILE=${{ env.PREFIX_APM_PROFILER }}${{ steps.bootstrap.outputs.agent-version }}${{ env.SUFFIX_APM_PROFILER }} | |
- name: Attest image | |
uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0 | |
continue-on-error: true # continue for now until we see it working in action | |
with: | |
subject-name: ${{ env.DOCKER_IMAGE_NAME }} | |
subject-digest: ${{ steps.docker-push.outputs.digest }} | |
push-to-registry: true | |
- name: generate build provenance (APM Agent) | |
uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0 | |
with: | |
subject-path: "${{ github.workspace }}/${{ env.PREFIX_APM_AGENT }}${{ steps.bootstrap.outputs.agent-version }}${{ env.SUFFIX_APM_AGENT }}" | |
- name: generate build provenance (APM Profiler) | |
uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0 | |
with: | |
subject-path: "${{ github.workspace }}/${{ env.PREFIX_APM_PROFILER }}${{ steps.bootstrap.outputs.agent-version }}${{ env.SUFFIX_APM_PROFILER }}" | |
- if: ${{ failure() }} | |
uses: elastic/oblt-actions/slack/send@v1 | |
with: | |
bot-token: ${{ secrets.SLACK_BOT_TOKEN }} | |
channel-id: "#apm-agent-dotnet" | |
message: | | |
:large_yellow_circle: [${{ github.repository }}] Snapshot could not be published to feedz.io. | |
Build: (<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|here>) |