.github/workflows/CD.yml

# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.

name: C/D

on:     
  workflow_dispatch:
    inputs:
      version:
        description: 'the version number to release'
        required: true
      sha:
        description: 'the github sha to release'
        required: true   
  push:
    tags:
      - "v[0-9]+.[0-9]+.[0-9]+"
    
env:
  IMAGE_NAME: aws-otel-collector
  IMAGE_NAMESPACE: amazon
  PACKAGING_ROOT: build/packages
  ECR_REPO_INTEGRATION_TEST: aws-otel-test/adot-collector-integration-test
  ECR_REPO: aws-observability/aws-otel-collector
  PACKAGE_CACHE_KEY: "cached_tested_packages_${{ github.run_id }}"
  SSM_RELEASE_S3_BUCKET: "aws-otel-collector-ssm"
  SSM_RELEASE_PACKAGE_NAME: "AWSDistroOTel-Collector"
  RELEASE_S3_BUCKET: "aws-otel-collector"

permissions:
  id-token: write
  contents: write

jobs:
  release-checking: 
    runs-on: ubuntu-latest
    outputs:
      version: ${{ steps.set-input-vars.outputs.version }}
      testing_version: ${{ steps.checking_sha_version.outputs.testing_version }}
      latest-or-newer: ${{ steps.version.outputs.latest-or-newer }}
      sha: ${{ steps.set-input-vars.outputs.sha }}
    steps: 
      - uses: actions/checkout@v4
      - name: Set Input Variables
        id: set-input-vars
        run: |
          if ${{ github.event_name == 'workflow_dispatch' }}; then
            echo "version=${{ github.event.inputs.version }}" >> $GITHUB_OUTPUT
            echo "sha=${{ github.event.inputs.sha }}" >> $GITHUB_OUTPUT
          else
            echo "version=${{ github.ref_name }}" >> $GITHUB_OUTPUT
            echo "sha=${{ github.sha }}" >> $GITHUB_OUTPUT
          fi
      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          role-to-assume: ${{ secrets.COLLECTOR_ASSUMABLE_ROLE_ARN }}
          aws-region: us-west-2

      - name: Login Dockerhub
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_RELEASE_USERNAME }}
          password: ${{ secrets.DOCKERHUB_RELEASE_TOKEN }}

      - name: Download candidate
        run: aws s3 cp "s3://aws-otel-collector-release-candidate/${{ steps.set-input-vars.outputs.sha }}.tar.gz" candidate.tar.gz

      - name: Uncompress the candidate package
        run: tar zxvf candidate.tar.gz

      - name: Check commit SHA and version
        id: checking_sha_version
        run: |
          version_in_release=`cat $PACKAGING_ROOT/VERSION`
          version_in_release_candidate=`cat $PACKAGING_ROOT/TESTING_VERSION`
          sha_in_candidate=`cat $PACKAGING_ROOT/GITHUB_SHA`

          if [ $version_in_release != ${{ steps.set-input-vars.outputs.version }} ]; then
            echo "::error::Wrong version is detected: $version_in_release != ${{ steps.set-input-vars.outputs.version }}"
            exit 1
          fi
          if [ $sha_in_candidate != ${{ steps.set-input-vars.outputs.sha }} ]; then
            echo "::error::Wrong SHA is detected: $sha_in_candidate != ${{ steps.set-input-vars.outputs.sha }}"
            exit 1
          fi

          echo "testing_version=$version_in_release_candidate" >> $GITHUB_OUTPUT
          
      - name: Compare version with Dockerhub latest
        id: version
        run: |
          TAG="${{ steps.set-input-vars.outputs.version }}" 
          TARGET_VERSION=$TAG bash tools/workflow/docker-version-compare.sh

      - name: Cache packages
        uses: actions/cache@v3
        with:
          key: ${{ env.PACKAGE_CACHE_KEY }}
          path: ${{ env.PACKAGING_ROOT }}

  release-to-s3:
    runs-on: ubuntu-latest
    needs: [release-checking]
    steps:
      - uses: actions/checkout@v4

      - name: Cache if success
        id: release-to-s3
        uses: actions/cache@v3
        with:
          key: release-to-s3-${{ github.run_id }}
          path: VERSION

      - name: Restore cached packages
        uses: actions/cache@v3
        if: steps.release-to-s3.outputs.cache-hit != 'true'
        with:
          key: ${{ env.PACKAGE_CACHE_KEY }}
          path: ${{ env.PACKAGING_ROOT }}

      - name: Configure AWS Credentials
        if: steps.release-to-s3.outputs.cache-hit != 'true'
        uses: aws-actions/configure-aws-credentials@v4
        with:
          role-to-assume: ${{ secrets.COLLECTOR_PROD_RELEASE_ROLE_ARN }}
          aws-region: us-west-2

      - name: Release to S3
        if: steps.release-to-s3.outputs.cache-hit != 'true'
        run: s3_bucket_name=${{ env.RELEASE_S3_BUCKET }} upload_to_latest=0 bash tools/release/image-binary-release/s3-release.sh

      - name: Release binaries to s3 with latest version
        if: ${{ needs.release-checking.outputs.latest-or-newer == 'true' && steps.release-to-s3.outputs.cache-hit != 'true' }}
        run: s3_bucket_name=${{ env.RELEASE_S3_BUCKET }} upload_to_latest=1 bash tools/release/image-binary-release/s3-release.sh
          
  release-version-image:
    runs-on: ubuntu-latest
    needs: [release-checking]
    steps:
      - uses: actions/checkout@v4

      - name: Cache if success
        id: release-version-image
        uses: actions/cache@v3
        with:
          key: release-version-image-${{ github.run_id }}
          path: VERSION

      - name: Configure AWS Credentials
        if: steps.release-version-image.outputs.cache-hit != 'true'
        uses: aws-actions/configure-aws-credentials@v4
        with:
          role-to-assume: ${{ secrets.COLLECTOR_PROD_RELEASE_ROLE_ARN }}
          aws-region: us-east-1

      - name: Login to Public Release ECR
        if: steps.release-version-image.outputs.cache-hit != 'true'
        id: login-ecr
        uses: docker/login-action@v3
        with:
          registry: public.ecr.aws
        env:
          AWS_REGION: us-east-1

      - name: Login Dockerhub
        if: steps.release-version-image.outputs.cache-hit != 'true'
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_RELEASE_USERNAME }}
          password: ${{ secrets.DOCKERHUB_RELEASE_TOKEN }}

      - name: Pull image from integration test ECR and Upload to public release ECR and Dockerhub
        if: steps.release-version-image.outputs.cache-hit != 'true'
        uses: akhilerm/tag-push-action@v2.1.0
        with:
          src: public.ecr.aws/${{ env.ECR_REPO_INTEGRATION_TEST }}:${{ needs.release-checking.outputs.testing_version }}
          dst: |
            public.ecr.aws/${{ env.ECR_REPO }}:${{ needs.release-checking.outputs.version }}
            ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}:${{ needs.release-checking.outputs.version }}

      - name: Pull image from release ECR, tag as latest and push to public release ECR and DockerHub
        if: ${{ needs.release-checking.outputs.latest-or-newer == 'true' && steps.release-version-image.outputs.cache-hit != 'true'}}
        uses: akhilerm/tag-push-action@v2.1.0
        with:
          src: public.ecr.aws/${{ env.ECR_REPO }}:${{ needs.release-checking.outputs.version }}
          dst: |
            public.ecr.aws/${{ env.ECR_REPO }}:latest
            ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}:latest

  release-ssm:
    runs-on: ubuntu-latest
    needs:  [release-version-image,release-to-s3, release-checking]
    steps:
      - name: Cache if success
        id: release-ssm
        uses: actions/cache@v3
        with:
          key: release-ssm-${{ github.run_id }}
          path: VERSION

      - name: Trigger SSM package build and public
        if: steps.release-ssm.outputs.cache-hit != 'true'
        uses: benc-uk/workflow-dispatch@v1
        with:
          workflow: release SSM package
          token: ${{ secrets.REPO_WRITE_ACCESS_TOKEN }}
          inputs: '{ "version": "${{ needs.release-checking.outputs.version }}", "sha": "${{ needs.release-checking.outputs.sha }}", "public": "true", "pkgname": "${{ env.SSM_RELEASE_PACKAGE_NAME }}", "latest": "${{ needs.release-checking.outputs.latest-or-newer }}" }'

  release-to-github:
    runs-on: ubuntu-latest
    needs: [ release-ssm, release-to-s3, release-version-image, release-checking]
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          ref: ${{ needs.release-checking.outputs.sha }}

      - name: Generate release-note
        run: sh tools/release/generate-release-note.sh

      - name: Create release
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
        run: |
          gh release create --target ${{ needs.release-checking.outputs.sha }} \
             --title ${{ needs.release-checking.outputs.version }} \
             --notes-file release-note \
             --verify-tag \
             --draft \
             --prerelease \
             ${{ needs.release-checking.outputs.version }}