Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Beats DRA pipeline #39126

Merged
merged 36 commits into from
Apr 24, 2024
Merged
Show file tree
Hide file tree
Changes from 34 commits
Commits
Show all changes
36 commits
Select commit Hold shift + click to select a range
e2eccd1
Packaging pipieline resource
pazone Apr 19, 2024
cbaba3e
Revetred agentbeat pipeline deletion
pazone Apr 22, 2024
7dc47b3
Cleanup
pazone Apr 22, 2024
ed599da
Test auditbeat packaging pipeline
pazone Apr 22, 2024
881fd97
Fix steps keys
pazone Apr 22, 2024
75b4db9
Fix steps keys
pazone Apr 22, 2024
720e129
Fix env vars
pazone Apr 22, 2024
75e445b
Fix env vars
pazone Apr 22, 2024
5790718
Fix env vars
pazone Apr 22, 2024
fefe674
Unified artifacts dir
pazone Apr 23, 2024
3e312b6
Implemented DRA steps
pazone Apr 23, 2024
20b724b
Test filebeat
pazone Apr 23, 2024
1065e14
Test matrix
pazone Apr 23, 2024
f35efd3
Aligned artifacts directories
pazone Apr 23, 2024
af251f7
Aligned artifacts directories
pazone Apr 23, 2024
660decd
Aligned artifacts directories
pazone Apr 23, 2024
cd8a604
Aligned artifacts directories
pazone Apr 23, 2024
7fd5c7a
Debug
pazone Apr 23, 2024
0d1da08
Debug
pazone Apr 23, 2024
5671e37
Package all beats
pazone Apr 23, 2024
e583f3f
Test DRA snapshot
pazone Apr 23, 2024
1377e5b
Test DRA snapshot
pazone Apr 23, 2024
0be23b8
Rename artifacts
pazone Apr 23, 2024
a48c62d
fix dashboards artifacts
pazone Apr 23, 2024
5c036c1
Cleanup
pazone Apr 24, 2024
28ba430
Merge branch 'main' into ci_packaging_pipieline
pazone Apr 24, 2024
29d2028
cleanup
pazone Apr 24, 2024
b6860b7
Merged
pazone Apr 24, 2024
be94e62
No need to install msi tools
pazone Apr 24, 2024
dd3ecb5
Apply suggestions from code review
pazone Apr 24, 2024
3e47581
Extraced platforms variables
pazone Apr 24, 2024
e850d1d
Cleanup
pazone Apr 24, 2024
21793d9
Added RUN_SNAPSHOT condition
pazone Apr 24, 2024
cc37121
Cleanup
pazone Apr 24, 2024
15a04ca
Boolean dry-run
pazone Apr 24, 2024
d13c0c5
Boolean dry-run
pazone Apr 24, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 23 additions & 0 deletions .buildkite/packaging.pipeline.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
### Beats Packaging pipeline
[Buildkite packaging pipeline](https://buildkite.com/elastic/beats-packaging-pipeline) is used to build and publish the packages for the Beats. The pipeline is triggered by a commit to the `main` or release branches.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The sections in triggers said about PRs but that's not reflected here.

The pipeline definition is located in the `.buildkite/packaging.pipeline.yml`

### Triggers
Staging packaging DRA is triggered for release branches only.
Snapshot is triggered for `main` and release branches.

### Pipeline steps

#### Beats dashboard
Generates `build/distributions/dependencies.csv` and `tar.gz` and adds them to the `beats-dashboards` artifact. This is required by the release-manager configuration.

#### Packaging snapshot/staging

- Builds the Beats packages for all supported platforms and architectures (`mage package, mage ironbank`)
- Copies artifacts `build/distributions/<beat>/` directory and adds it as an artifact, where `<beat>` is the corresponding beat name.
- x-pack artifacts are also copied to `build/distributions/<beat>/` directory, where `<beat>` is the name of the beat. For example, `auditbeat`, not `x-pack/auditbeat`. It's required for the DRA publish step by [release-manager configuration](https://github.com/elastic/infra/blob/master/cd/release/release-manager/project-configs/master/beats.gradle).

#### DRA publish
Downloads the artifacts from the `packaging snapshot/staging` step and publishes them to the Elastic DRA registry.


231 changes: 231 additions & 0 deletions .buildkite/packaging.pipeline.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,231 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/buildkite/pipeline-schema/main/schema.json
# TODO: Pre-cache beats-dev/golang-crossbuild container image

env:
ASDF_MAGE_VERSION: 1.15.0
AWS_ARM_INSTANCE_TYPE: "m6g.xlarge"
AWS_IMAGE_UBUNTU_ARM_64: "platform-ingest-beats-ubuntu-2204-aarch64"
GCP_DEFAULT_MACHINE_TYPE: "c2d-highcpu-8"
IMAGE_UBUNTU_X86_64: "family/platform-ingest-beats-ubuntu-2204"

PLATFORMS_AMD: "+all linux/amd64 linux/arm64 windows/amd64 darwin/amd64 darwin/arm64"
PLATFORMS_ARM: "linux/arm64"

steps:
- group: Beats dashboards
key: dashboards
steps:
- label: Snapshot dashboards
if: "build.branch =~ /\\d+\\.\\d+/ || build.branch == 'main' || build.env('RUN_SNAPSHOT')==true"
key: dashboards-snapshot
# TODO: container with go and make
agents:
provider: gcp
image: "${IMAGE_UBUNTU_X86_64}"
machineType: "${GCP_HI_PERF_MACHINE_TYPE}"
commands:
- make build/distributions/dependencies.csv
- make beats-dashboards
env:
SNAPSHOT: true
artifact_paths:
- build/distributions/**/*

- label: Staging dashboards
if: "build.branch =~ /\\d+\\.\\d+/"
key: dashboards-staging
# TODO: container with go and make
agents:
provider: gcp
image: "${IMAGE_UBUNTU_X86_64}"
machineType: "${GCP_HI_PERF_MACHINE_TYPE}"
commands:
- make build/distributions/dependencies.csv
- make beats-dashboards
artifact_paths:
- build/distributions/**/*

- group: Packaging snapshot
if: "build.branch =~ /\\d+\\.\\d+/ || build.branch == 'main' || build.env('RUN_SNAPSHOT')==true"
key: packaging-snapshot
steps:
# x86
- label: ":ubuntu: {{matrix}}/Packaging Linux Snapshot"
env:
PLATFORMS: "${PLATFORMS_AMD}"
SNAPSHOT: true
command: ".buildkite/scripts/packaging/package-dra.sh {{matrix}}"
agents:
provider: gcp
image: "${IMAGE_UBUNTU_X86_64}"
machineType: "${GCP_HI_PERF_MACHINE_TYPE}"
artifact_paths:
- build/distributions/**/*
matrix:
pazone marked this conversation as resolved.
Show resolved Hide resolved
- auditbeat
- filebeat
- heartbeat
- metricbeat
- packetbeat
- winlogbeat
- x-pack/auditbeat
- x-pack/dockerlogbeat
- x-pack/filebeat
- x-pack/functionbeat
- x-pack/heartbeat
- x-pack/metricbeat
- x-pack/osquerybeat
- x-pack/packetbeat
- x-pack/winlogbeat

## ARM
- label: ":linux: {{matrix}}/Packaging Linux arm64 Snapshot"
env:
PLATFORMS: "${PLATFORMS_ARM}"
PACKAGES: "docker"
SNAPSHOT: true
command: ".buildkite/scripts/packaging/package-dra.sh {{matrix}}"
agents:
provider: "aws"
imagePrefix: "${AWS_IMAGE_UBUNTU_ARM_64}"
instanceType: "${AWS_ARM_INSTANCE_TYPE}"
artifact_paths:
- build/distributions/**/*
matrix:
- auditbeat
- filebeat
- heartbeat
- metricbeat
- packetbeat
- x-pack/auditbeat
- x-pack/dockerlogbeat
- x-pack/filebeat
- x-pack/heartbeat
- x-pack/metricbeat
- x-pack/packetbeat

## Agentbeat needs more CPUs because it builds many other beats
- label: ":ubuntu: {{matrix}}/Packaging Linux Snapshot"
env:
PLATFORMS: "${PLATFORMS_AMD}"
SNAPSHOT: true
command: ".buildkite/scripts/packaging/package-dra.sh {{matrix}}"
agents:
provider: gcp
image: "${IMAGE_UBUNTU_X86_64}"
machineType: "c2-standard-16"
artifact_paths:
- build/distributions/**/*
matrix:
- x-pack/agentbeat

- group: Packaging staging

key: packaging-staging
## Only for release
if: "build.branch =~ /\\d+\\.\\d+/"
steps:
# x86
- label: ":ubuntu: {{matrix}}/Packaging Linux Staging"
env:
PLATFORMS: "${PLATFORMS_AMD}"
SNAPSHOT: false
command: ".buildkite/scripts/packaging/package-dra.sh {{matrix}}"
agents:
provider: gcp
image: "${IMAGE_UBUNTU_X86_64}"
machineType: "${GCP_HI_PERF_MACHINE_TYPE}"
artifact_paths:
- build/distributions/**/*
matrix:
- auditbeat
- filebeat
- heartbeat
- metricbeat
- packetbeat
- winlogbeat
- x-pack/auditbeat
- x-pack/dockerlogbeat
- x-pack/filebeat
- x-pack/functionbeat
- x-pack/heartbeat
- x-pack/metricbeat
- x-pack/osquerybeat
- x-pack/packetbeat
- x-pack/winlogbeat

## ARM
- label: ":linux: {{matrix}}/Packaging Linux arm64 Staging"
env:
PLATFORMS: "${PLATFORMS_ARM}"
PACKAGES: "docker"
SNAPSHOT: false
command: ".buildkite/scripts/packaging/package-dra.sh {{matrix}}"
agents:
provider: "aws"
imagePrefix: "${AWS_IMAGE_UBUNTU_ARM_64}"
instanceType: "${AWS_ARM_INSTANCE_TYPE}"
artifact_paths:
- build/distributions/**
matrix:
- auditbeat
- filebeat
- heartbeat
- metricbeat
- packetbeat
- x-pack/auditbeat
- x-pack/dockerlogbeat
- x-pack/filebeat
- x-pack/heartbeat
- x-pack/metricbeat
- x-pack/packetbeat

## Agentbeat needs more CPUs because it builds many other beats
- label: ":ubuntu: {{matrix}}/Packaging Linux Snapshot"
env:
PLATFORMS: "${PLATFORMS_AMD}"
SNAPSHOT: true
command: ".buildkite/scripts/packaging/package-dra.sh {{matrix}}"
agents:
provider: gcp
image: "${IMAGE_UBUNTU_X86_64}"
machineType: "c2-standard-16"
artifact_paths:
- build/distributions/**/*
matrix:
- x-pack/agentbeat

- group: DRA publish
key: dra
steps:
- label: DRA Snapshot
## Only for release branches and main
if: "build.branch =~ /\\d+\\.\\d+/ || build.branch == 'main' || build.env('RUN_SNAPSHOT')==true"
key: dra-snapshot
env:
pazone marked this conversation as resolved.
Show resolved Hide resolved
DRA_WORKFLOW: snapshot
depends_on:
- packaging-snapshot
- dashboards-snapshot
command: |
buildkite-agent artifact download "build/**/*" .
.buildkite/scripts/packaging/prepare-release-manager.sh
.buildkite/scripts/dra.sh
pazone marked this conversation as resolved.
Show resolved Hide resolved
agents:
provider: "gcp"

- label: DRA Staging
## Only for release branches
if: "build.branch =~ /\\d+\\.\\d+/"
key: dra-staging
env:
DRA_WORKFLOW: staging
depends_on:
- packaging-staging
- dashboards-staging
command: |
buildkite-agent artifact download "build/**" .
.buildkite/scripts/packaging/prepare-release-manager.sh
.buildkite/scripts/dra.sh
agents:
provider: "gcp"
16 changes: 0 additions & 16 deletions .buildkite/pull-requests.json
Original file line number Diff line number Diff line change
Expand Up @@ -31,22 +31,6 @@
"skip_target_branches": [ ],
"skip_ci_on_only_changed": ["^x-pack/elastic-agent/README.md", "^x-pack/elastic-agent/docs/.*", "^x-pack/elastic-agent/devtools/.*" ],
"always_require_ci_on_changed": ["^x-pack/elastic-agent/.*", ".buildkite/x-pack/elastic-agent/.*", "^go.mod", "^pytest.ini", "^dev-tools/.*", "^libbeat/.*", "^testing/.*"]
},
{
"enabled": true,
"pipelineSlug": "beats-winlogbeat",
pazone marked this conversation as resolved.
Show resolved Hide resolved
"allow_org_users": true,
"allowed_repo_permissions": ["admin", "write"],
"allowed_list": [ ],
"set_commit_status": true,
"build_on_commit": true,
"build_on_comment": true,
"trigger_comment_regex": "^/test winlogbeat$",
"always_trigger_comment_regex": "^/test winlogbeat$",
"skip_ci_labels": [ ],
"skip_target_branches": [ ],
"skip_ci_on_only_changed": [ ],
"always_require_ci_on_changed": ["^winlogbeat/.*", ".buildkite/winlogbeat/.*", "^go.mod", "^pytest.ini", "^dev-tools/.*", "^libbeat/.*", "^testing/.*"]
}
]
}
46 changes: 46 additions & 0 deletions .buildkite/scripts/dra.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
#!/usr/bin/env bash
set -euo pipefail

## TODO: Set to empty string when Jenkins is disabled
DRY_RUN="--dry-run"
Copy link
Contributor

@dliappis dliappis Apr 24, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I recommend we change it to

if [[ "$DRY_RUN" == "false" ]]; then echo "--- Running in publish mode"; DRY_RUN=""; else echo "--- Running in dry-run mode"; DRY_RUN="--dry-run"; fi

to facilitate easy testing.

IMPORTANT because DRY_RUN maybe unset, we should also move set -euo pipefail from line 2 right after the suggested conditional.

BRANCH="${BUILDKITE_BRANCH}"

if [[ "${BUILDKITE_PULL_REQUEST:="false"}" != "false" ]]; then
BRANCH=main
DRY_RUN="--dry-run"
echo "+++ Running in PR and setting branch main and --dry-run"
fi

BEAT_VERSION=$(make get-version)

CI_DRA_ROLE_PATH="kv/ci-shared/release/dra-role"

function release_manager_login {
DRA_CREDS_SECRET=$(retry -t 5 -- vault kv get -field=data -format=json ${CI_DRA_ROLE_PATH})
VAULT_ADDR_SECRET=$(echo ${DRA_CREDS_SECRET} | jq -r '.vault_addr')
VAULT_ROLE_ID_SECRET=$(echo ${DRA_CREDS_SECRET} | jq -r '.role_id')
VAULT_SECRET=$(echo ${DRA_CREDS_SECRET} | jq -r '.secret_id')
export VAULT_ADDR_SECRET VAULT_ROLE_ID_SECRET VAULT_SECRET
}

release_manager_login

echo "+++ Changing permissions for the BK API commands"
sudo chown -R :1000 build/distributions/

echo "+++ :hammer_and_pick: Publishing $BRANCH $DRA_WORKFLOW DRA artifacts..."
docker run --rm \
--name release-manager \
-e VAULT_ADDR="${VAULT_ADDR_SECRET}" \
-e VAULT_ROLE_ID="${VAULT_ROLE_ID_SECRET}" \
-e VAULT_SECRET_ID="${VAULT_SECRET}" \
--mount type=bind,readonly=false,src="${PWD}",target=/artifacts \
docker.elastic.co/infra/release-manager:latest \
cli collect \
--project "beats" \
--branch "${BRANCH}" \
--commit "${BUILDKITE_COMMIT}" \
--workflow "${DRA_WORKFLOW}" \
--version "${BEAT_VERSION}" \
--artifact-set "main" \
${DRY_RUN}
21 changes: 21 additions & 0 deletions .buildkite/scripts/packaging/package-dra.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
#!/usr/bin/env bash
pazone marked this conversation as resolved.
Show resolved Hide resolved
set -ueo pipefail
BEAT_DIR=${1:-""}

if [ -z "$BEAT_DIR" ]; then
echo "Error: Beat directory must be specified."
exit 1
fi

echo "~~~Packaging : $BEAT_DIR"

WORKSPACE=$(pwd)
BEAT_NAME_SLUG=$(echo "$BEAT_DIR" | sed 's/x-pack\///g')

cd $BEAT_DIR
mage package
mage ironbank

mkdir -p $WORKSPACE/build/distributions/$BEAT_NAME_SLUG
cp build/distributions/* $WORKSPACE/build/distributions/$BEAT_NAME_SLUG/
cd $WORKSPACE
41 changes: 41 additions & 0 deletions .buildkite/scripts/packaging/prepare-release-manager.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
#!/usr/bin/env bash
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As far as I see this file is a copy of .ci/scripts/prepare-release-manager.sh but .ci/scripts/prepare-release-manager.sh has not been deleted...

#
# This script is executed by the DRA stage.
# It prepares the required files to be consumed by the release-manager
# It can be published as snapshot or staging, for such you use
# the paramater $0 "snapshot" or $0 "staging"
#
set -ueo pipefail

readonly TYPE=${1:-snapshot}

# rename dependencies.csv to the name expected by release-manager.
VERSION=$(make get-version)
FINAL_VERSION=$VERSION-SNAPSHOT
if [ "$TYPE" != "snapshot" ] ; then
FINAL_VERSION=$VERSION
fi
echo "Rename dependencies to $FINAL_VERSION"
mv build/distributions/dependencies.csv \
build/distributions/dependencies-"$FINAL_VERSION".csv

# rename docker files to support the unified release format.
# TODO: this could be supported by the package system itself
# or the unified release process the one to do the transformation
# See https://github.com/elastic/beats/pull/30895
find build/distributions -name '*linux-arm64.docker.tar.gz*' -print0 |
while IFS= read -r -d '' file
do
echo "Rename file $file"
mv "$file" "${file/linux-arm64.docker.tar.gz/docker-image-linux-arm64.tar.gz}"
done

find build/distributions -name '*linux-amd64.docker.tar.gz*' -print0 |
while IFS= read -r -d '' file
do
echo "Rename file $file"
mv "$file" "${file/linux-amd64.docker.tar.gz/docker-image-linux-amd64.tar.gz}"
done

echo 'List all the files'
find build/distributions -type f -ls || true
Loading