elastic · devcorpio · Jul 24, 2023 · Jul 13, 2023 · Jul 24, 2023 · Jul 24, 2023
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -38,8 +38,6 @@ jobs:
         with:
           node-version-file: '.nvmrc'
       - run: '.ci/scripts/lint.sh'
-      - run: 'npm run ci:release-dry-run'
-        id: release-dry-run
       - run: 'npm run ci:bundlesize'
         id: bundlesize
 # TODO: This fails on forked PRs

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -2,16 +2,26 @@ name: release
 
 on:
   workflow_dispatch:
+    inputs:
+      dry-run:
+        type: boolean
+        description: 'Run release process in dry-run mode'
+        default: true
 
 permissions:
   contents: read
 
 jobs:
-  release-npm:
+  release:
     runs-on: ubuntu-latest
     permissions:
-      # Needed to wrtie the release changelog
+      # Needed to write the release changelog
       contents: write
+    services:
+      verdaccio:
+        image: verdaccio/verdaccio:5
+        ports:
+          - 4873:4873
     steps:
       - uses: actions/checkout@v3
         with:
@@ -25,7 +35,8 @@ jobs:
         run: npm ci
 
       - name: Read NPM vault secrets
-        uses: hashicorp/[email protected]
+        if: inputs.dry-run != null && !inputs.dry-run
+        uses: hashicorp/[email protected]
         with:
           method: approle
           url: ${{ secrets.VAULT_ADDR }}
@@ -34,44 +45,46 @@ jobs:
           secrets: |
             totp/code/npmjs-elasticmachine code | TOTP_CODE
 
-      - uses: elastic/apm-pipeline-library/.github/actions/setup-npmrc@current
+      - name: Configure npm registry
+        uses: elastic/apm-pipeline-library/.github/actions/setup-npmrc@current
+        if: inputs.dry-run != null && !inputs.dry-run
         with:
           vault-url: ${{ secrets.VAULT_ADDR }}
           vault-role-id: ${{ secrets.VAULT_ROLE_ID }}
           vault-secret-id: ${{ secrets.VAULT_SECRET_ID }}
           secret: secret/jenkins-ci/npmjs/elasticmachine
           secret-key: token
 
+      - name: Configure git user
+        uses: elastic/apm-pipeline-library/.github/actions/setup-git@current
+
       - name: Publish the release
+        env:
+          DRY_RUN: ${{ inputs.dry-run }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: npm run ci:release
 
-  release-cdn:
-    runs-on: ubuntu-latest
-    env:
-      BUCKET_NAME: 'apm-rum-357700bc'
-    steps:
-      - uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-
-      - uses: actions/setup-node@v3
-        with:
-          node-version-file: '.nvmrc'
-
-      - name: Install dependencies
-        run: npm ci
-
-      - name: Build dist
-        run: npm run build
-
-      - uses: hashicorp/[email protected]
+      - name: Setup credentials
+        env:
+          DRY_RUN: ${{ inputs.dry-run }}
+        run: |
+          if [ "${DRY_RUN}" == "false" ]; then
+            echo 'ELASTIC_CDN_BUCKET_NAME=apm-rum-357700bc' >> ${GITHUB_ENV}
+            echo 'ELASTIC_CDN_CREDENTIALS=secret/gce/elastic-cdn/service-account/apm-rum-admin' >> ${GITHUB_ENV}
+          else
+            echo 'ELASTIC_CDN_BUCKET_NAME=oblt-apm-agent-rum-js-ci' >> ${GITHUB_ENV}
+            echo 'ELASTIC_CDN_CREDENTIALS=secret/observability-team/ci/service-account/apm-agent-rum-js' >> ${GITHUB_ENV}
+          fi
+
+      - name: Read GCE vault secrets
+        uses: hashicorp/[email protected]
         with:
+          method: approle
           url: ${{ secrets.VAULT_ADDR }}
           roleId: ${{ secrets.VAULT_ROLE_ID }}
           secretId: ${{ secrets.VAULT_SECRET_ID }}
-          method: approle
           secrets: |
-            secret/gce/elastic-cdn/service-account/apm-rum-admin value | GOOGLE_CREDENTIALS ;
+            ${{ env.ELASTIC_CDN_CREDENTIALS }} value | GOOGLE_CREDENTIALS ;
 
       - name: 'Authenticate to Google Cloud'
         uses: 'google-github-actions/auth@v1'
@@ -88,7 +101,7 @@ jobs:
         with:
           parent: false
           path: 'packages/rum/dist/bundles/'
-          destination: '${{ env.BUCKET_NAME }}/${{ fromJSON(steps.prepare-release.outputs.versions).version }}'
+          destination: '${{ env.ELASTIC_CDN_BUCKET_NAME }}/${{ fromJSON(steps.prepare-release.outputs.versions).version }}'
           glob: '*.js'
           process_gcloudignore: false
 
@@ -97,7 +110,7 @@ jobs:
         with:
           parent: false
           path: 'packages/rum/dist/bundles/'
-          destination: '${{ env.BUCKET_NAME }}/${{ fromJSON(steps.prepare-release.outputs.versions).major_version }}'
+          destination: '${{ env.ELASTIC_CDN_BUCKET_NAME }}/${{ fromJSON(steps.prepare-release.outputs.versions).major_version }}'
           glob: '*.js'
           process_gcloudignore: false
 
@@ -106,14 +119,13 @@ jobs:
         with:
           parent: false
           path: 'index.html'
-          destination: '${{ env.BUCKET_NAME }}'
+          destination: '${{ env.ELASTIC_CDN_BUCKET_NAME }}'
           process_gcloudignore: false
 
   status:
     if: always()
     needs:
-      - release-npm
-      - release-cdn
+      - release
     runs-on: ubuntu-latest
     steps:
       - id: check

diff --git a/.gitignore b/.gitignore
@@ -22,3 +22,4 @@ coverage
 # ignore lerna-debug and npm-debug logs
 *debug.log
 packages/**/*.tgz
+.npmrc
diff --git a/lerna.json b/lerna.json
@@ -10,7 +10,7 @@
       "conventionalCommits": true,
       "message": "chore(release): publish",
       "changelogPreset": "conventionalcommits",
-      "gitRemote": "upstream",
+      "gitRemote": "origin",
       "loglevel": "verbose"
     },
     "run": {