Skip to content

Bump actions/attest-build-provenance from 2.0.1 to 2.1.0 in the githu… #275

Bump actions/attest-build-provenance from 2.0.1 to 2.1.0 in the githu…

Bump actions/attest-build-provenance from 2.0.1 to 2.1.0 in the githu… #275

Workflow file for this run

name: release-main
on:
push:
branches: [ "main" ]
permissions:
attestations: write
contents: write
id-token: write
issues: write
packages: write
env:
NUGET_PACKAGES: ${{ github.workspace }}/.nuget/packages
jobs:
release:
runs-on: ubuntu-latest
env:
DOCKER_IMAGE_NAME: "docker.elastic.co/observability/apm-agent-dotnet"
PREFIX_APM_AGENT: "build/output/ElasticApmAgent_"
PREFIX_APM_PROFILER: "build/output/elastic_apm_profiler_"
SUFFIX_APM_AGENT: ".zip"
SUFFIX_APM_PROFILER: "-linux-x64.zip"
steps:
- uses: actions/checkout@v4
- name: Bootstrap Action Workspace
id: bootstrap
uses: ./.github/workflows/bootstrap
with:
rust: 'true'
- name: Package with canary suffix
run: ./build.sh pack
- name: generate build provenance
uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0
with:
subject-path: "${{ github.workspace }}/build/output/_packages/*.nupkg"
# Github packages requires authentication, this is likely going away in the future so for now we publish to feedz.io
- name: publish canary packages to feedz.io
run: dotnet nuget push 'build/output/_packages/*.nupkg' -k ${{ secrets.FEEDZ_IO_API_KEY }} -s ${{ secrets.FEEDZ_IO_API_URL }} --skip-duplicate --no-symbols
- name: publish canary packages github package repository
run: dotnet nuget push 'build/output/_packages/*.nupkg' -k ${{secrets.GITHUB_TOKEN}} -s https://nuget.pkg.github.com/elastic/index.json --skip-duplicate --no-symbols
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
- name: Log in to the Elastic Container registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ${{ secrets.ELASTIC_DOCKER_REGISTRY }}
username: ${{ secrets.ELASTIC_DOCKER_USERNAME }}
password: ${{ secrets.ELASTIC_DOCKER_PASSWORD }}
- name: Extract metadata (tags, labels)
id: docker-meta
uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1
with:
images: ${{ env.DOCKER_IMAGE_NAME }}
flavor: |
latest=auto
tags: |
# "1.2.3" and "latest" Docker tags on push of git tag "v1.2.3"
type=raw,value=${{ steps.bootstrap.outputs.agent-version }}
# "edge" Docker tag on git push to default branch
type=edge
- name: Build and Push Profiler Docker Image
id: docker-push
continue-on-error: true # continue for now until we see it working in action
uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
with:
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.docker-meta.outputs.tags }}
labels: ${{ steps.docker-meta.outputs.labels }}
build-args: |
AGENT_ZIP_FILE=${{ env.PREFIX_APM_PROFILER }}${{ steps.bootstrap.outputs.agent-version }}${{ env.SUFFIX_APM_PROFILER }}
- name: Attest image
uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0
continue-on-error: true # continue for now until we see it working in action
with:
subject-name: ${{ env.DOCKER_IMAGE_NAME }}
subject-digest: ${{ steps.docker-push.outputs.digest }}
push-to-registry: true
- name: generate build provenance (APM Agent)
uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0
with:
subject-path: "${{ github.workspace }}/${{ env.PREFIX_APM_AGENT }}${{ steps.bootstrap.outputs.agent-version }}${{ env.SUFFIX_APM_AGENT }}"
- name: generate build provenance (APM Profiler)
uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0
with:
subject-path: "${{ github.workspace }}/${{ env.PREFIX_APM_PROFILER }}${{ steps.bootstrap.outputs.agent-version }}${{ env.SUFFIX_APM_PROFILER }}"
- if: ${{ failure() }}
uses: elastic/oblt-actions/slack/send@v1
with:
bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
channel-id: "#apm-agent-dotnet"
message: |
:large_yellow_circle: [${{ github.repository }}] Snapshot could not be published to feedz.io.
Build: (<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|here>)