github-action: use actions/attest-build-provenance #2662
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: main | |
on: | |
workflow_dispatch: | |
inputs: | |
# enabled by default, required for merge through default GH check | |
test_ci: | |
description: 'Enable Unit tests' | |
default: true | |
required: false | |
type: boolean | |
# disabled by default, but required for merge, there are two GH checks: | |
# - Non-Application Server integration tests | |
# - Application Server integration tests | |
# opt-in with 'ci:agent-integration' | |
agent_integration_tests_ci: | |
description: 'Enable Agent Integration tests' | |
default: false | |
required: false | |
type: boolean | |
# disabled by default, not required for merge | |
# used by the daily job .github/workflows/daily.yml | |
# opt-in with 'ci:jdk-compatibility' tag on PR | |
jdk_compatibility_ci: | |
description: 'Enable JDK compatibility tests' | |
default: false | |
required: false | |
type: boolean | |
# disabled by default, not required for merge | |
# used by the daily job .github/workflows/daily.yml | |
# opt-in with 'ci:windows' tag on PR | |
windows_ci: | |
description: 'Enable Windows build & tests' | |
default: false | |
required: false | |
type: boolean | |
push: | |
branches: | |
- main | |
paths-ignore: | |
- "**/*.asciidoc" | |
- "**/*.md" | |
pull_request: | |
types: | |
- opened | |
- synchronize | |
- reopened | |
- labeled | |
- ready_for_review | |
paths-ignore: | |
- "**/*.asciidoc" | |
- "**/*.md" | |
# limit the access of the generated GITHUB_TOKEN | |
permissions: | |
contents: read | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} | |
jobs: | |
build: | |
name: Build | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/workflows/maven-goal | |
with: | |
command: ./mvnw install -DskipTests=true -Dmaven.javadoc.skip=true | |
- uses: ./.github/workflows/stash | |
with: | |
name: build | |
path: ${{ github.workspace }} | |
- name: Upload agent binaries as artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: elastic-apm-agent | |
path: | | |
./elastic-apm-agent/target/elastic-apm-agent-*.jar | |
!./**/*-sources.jar | |
- name: Upload agent java 8 binaries as artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: elastic-apm-agent-java8 | |
path: | | |
./elastic-apm-agent-java8/target/elastic-apm-agent-java8-*.jar | |
!./**/*-sources.jar | |
- name: Upload agent attach CLI artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: apm-agent-attach-cli | |
path: | | |
./apm-agent-attach-cli/target/apm-agent-attach-cli-*.jar | |
!./**/*-sources.jar | |
!./**/*-tests.jar | |
- name: Upload agent attach artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: apm-agent-attach | |
path: | | |
./apm-agent-attach/target/apm-agent-attach-*.jar | |
!./**/*-sources.jar | |
- name: Upload agent API artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: apm-agent-api | |
path: | | |
./apm-agent-api/target/apm-agent-api-*.jar | |
!./**/*-sources.jar | |
- name: Upload agent plugin SDK artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: apm-agent-plugin-sdk | |
path: | | |
./apm-agent-plugin-sdk/target/apm-agent-plugin-sdk-*.jar | |
!./**/*-sources.jar | |
- name: Upload benchmark binaries as artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: apm-agent-benchmarks | |
path: | | |
./apm-agent-benchmarks/target/benchmarks*.jar | |
!./**/*-sources.jar | |
license: | |
name: License | |
runs-on: ubuntu-latest | |
needs: build | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/workflows/unstash | |
with: | |
name: build | |
path: ${{ github.workspace }} | |
- name: install artifacts | |
uses: ./.github/workflows/maven-goal | |
with: | |
# Need to install packages in m2 local repository | |
command: ./mvnw install -DskipTests=true -Dmaven.javadoc.skip=true | |
- name: mvn license | |
run: ./mvnw org.codehaus.mojo:license-maven-plugin:aggregate-third-party-report -Dlicense.excludedGroups=^co\\.elastic\\. | |
unit-tests: | |
name: Unit Tests | |
# Inputs aren't defined on some events | |
# When undefined, we need to emulate the default value | |
if: inputs.test_ci == true || inputs.test_ci == null | |
runs-on: ubuntu-latest | |
needs: build | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/workflows/unstash | |
with: | |
name: build | |
path: ${{ github.workspace }} | |
- uses: ./.github/workflows/maven-goal | |
with: | |
command: ./mvnw test -DargLine="-Delastic.apm.overwrite.config.docs=false" | |
- name: Store test results | |
if: success() || failure() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: test-results-JUnit | |
path: | | |
**/junit-*.xml | |
**/TEST-*.xml | |
non-app-server-integration-tests: | |
name: Non-Application Server integration tests | |
if: | | |
contains(github.event.pull_request.labels.*.name, 'ci:agent-integration') | |
|| github.event.pull_request.draft == false | |
|| inputs.agent_integration_tests_ci == true | |
runs-on: ubuntu-latest | |
needs: build | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/workflows/unstash | |
with: | |
name: build | |
path: ${{ github.workspace }} | |
# As long as there are some space issues with the CI runners. | |
- name: Free Disk Space | |
continue-on-error: true | |
uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be | |
with: | |
android: true | |
dotnet: true | |
haskell: true | |
large-packages: true | |
docker-images: true | |
swap-storage: true | |
tool-cache: false | |
- uses: ./.github/workflows/maven-goal | |
with: | |
command: ./mvnw -q -P ci-non-application-server-integration-tests verify | |
- name: Store test results | |
if: success() || failure() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: test-results-non-app-server-integration | |
path: | | |
**/junit-*.xml | |
**/TEST-*.xml | |
app-server-integration-tests: | |
name: Application Server integration tests | |
if: | | |
contains(github.event.pull_request.labels.*.name, 'ci:agent-integration') | |
|| github.event.pull_request.draft == false | |
|| inputs.agent_integration_tests_ci == true | |
# Pinned to ubuntu 20.04 until https://github.com/elastic/apm-agent-java/issues/3035 is solved. | |
runs-on: ubuntu-20.04 | |
needs: build | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/workflows/unstash | |
with: | |
name: build | |
path: ${{ github.workspace }} | |
# As long as there are some space issues with the CI runners. | |
- name: Free Disk Space | |
continue-on-error: true | |
uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be | |
with: | |
android: true | |
dotnet: true | |
haskell: true | |
large-packages: true | |
docker-images: true | |
swap-storage: true | |
tool-cache: false | |
- uses: ./.github/workflows/maven-goal | |
with: | |
command: ./mvnw -q -P ci-application-server-integration-tests verify | |
- name: Store test results | |
if: success() || failure() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: test-results-app-server-integration | |
path: | | |
**/junit-*.xml | |
**/TEST-*.xml | |
javadoc: | |
name: Javadoc | |
runs-on: ubuntu-latest | |
needs: build | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/workflows/unstash | |
with: | |
name: build | |
path: ${{ github.workspace }} | |
- uses: ./.github/workflows/maven-goal | |
with: | |
command: ./mvnw compile javadoc:javadoc | |
unit-tests-windows: | |
name: Build & Test Windows | |
# Inputs aren't defined on some events | |
# When undefined, we need to emulate the default value | |
if: | | |
(inputs.test_ci == true || inputs.test_ci == null) | |
&& (contains(github.event.pull_request.labels.*.name, 'ci:windows') | |
|| inputs.windows_ci == true) | |
runs-on: windows-latest | |
steps: | |
- name: Support longpaths | |
run: git config --system core.longpaths true | |
- uses: actions/checkout@v4 | |
- uses: ./.github/workflows/maven-goal | |
with: | |
command: ./mvnw install -DskipTests=true -Dmaven.javadoc.skip=true | |
- name: Run tests | |
run: ./mvnw test | |
- name: Store test results | |
if: success() || failure() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: test-results-windows | |
path: | | |
**/junit-*.xml | |
**/TEST-*.xml | |
jdk-compatibility-tests: | |
name: JDK Compatibility Tests | |
if: | | |
contains(github.event.pull_request.labels.*.name, 'ci:jdk-compatibility') | |
|| inputs.jdk_compatibility_ci == true | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false #Even if the tests fail on one JDK we want to know if it also fails on others | |
matrix: | |
include: | |
- version: 11 | |
distribution: 'temurin' | |
- version: 17 | |
distribution: 'temurin' | |
- version: 21 | |
distribution: 'temurin' | |
- version: 22 | |
distribution: 'temurin' | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/workflows/maven-goal-jdk | |
with: | |
test-java-version: ${{ matrix.version }} | |
test-java-distribution: ${{ matrix.distribution }} | |
command: ./mvnw install -DskipTests=true -Dmaven.javadoc.skip=true | |
- name: Run tests for ${{ matrix.version }}:${{ matrix.distribution }} | |
run: ./mvnw test -Delastic.jdkCompatibilityTest=true -Dtest_java_binary=${{ env.TEST_JAVA_BINARY }} | |
- name: Store test results | |
if: success() || failure() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: test-results-jdk-compatibility-${{ matrix.version }}-${{ matrix.distribution }} | |
path: | | |
**/junit-*.xml | |
**/TEST-*.xml | |
jboss: | |
name: JBoss integration tests | |
runs-on: ubuntu-latest | |
needs: build | |
# If no PR event or if a PR event that's caused by a non-fork and non dependabot actor | |
if: github.event_name != 'pull_request' || ( github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork == false && github.actor != 'dependabot[bot]' ) | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: elastic/apm-pipeline-library/.github/actions/docker-login@current | |
with: | |
registry: docker.elastic.co | |
secret: secret/observability-team/ci/docker-registry/prod | |
url: ${{ secrets.VAULT_ADDR }} | |
roleId: ${{ secrets.VAULT_ROLE_ID }} | |
secretId: ${{ secrets.VAULT_SECRET_ID }} | |
- uses: ./.github/workflows/unstash | |
with: | |
name: build | |
path: ${{ github.workspace }} | |
- name: Pull JBoss docker images | |
run: .ci/scripts/jboss-pull.sh | |
- uses: ./.github/workflows/maven-goal | |
with: | |
command: ./mvnw -q -P ci-jboss-integration-tests verify | |
- name: Store test results | |
if: success() || failure() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: test-results-jboss-integration | |
path: | | |
**/junit-*.xml | |
**/TEST-*.xml |