Merge branch 'master' into buildkite-pipeline

elastic · Nov 22, 2023 · 9ca8392 · 9ca8392
2 parents fdb9497 + 475ba5f
commit 9ca8392
Show file tree

Hide file tree

Showing 13 changed files with 66 additions and 13 deletions.
diff --git a/.buildkite/hooks/pre-command b/.buildkite/hooks/pre-command
@@ -9,7 +9,13 @@ VAULT_PATH=secret/ci/elastic-terraform-provider-ec/terraform-provider-secrets
 
 # Secrets must be redacted
 # https://buildkite.com/docs/pipelines/managing-log-output#redacted-environment-variables
-
-if [[ "$BUILDKITE_PIPELINE_SLUG" == "terraform-provider-ec" ]]; then
+if [[ "$BUILDKITE_PIPELINE_SLUG" == "terraform-provider-ec-acceptance" ]]; then
   export TERRAFORM_PROVIDER_API_KEY_SECRET=$(scripts/retry.sh 5 vault kv get -field apikey ${VAULT_PATH})
 fi
+
+if [[ "$BUILDKITE_PIPELINE_SLUG" == "terraform-provider-ec-release" ]]; then
+  export GPG_PRIVATE_SECRET=$(scripts/retry.sh 5 vault kv get -field gpg_private ${VAULT_PATH})
+  export GPG_PASSPHRASE_SECRET=$(scripts/retry.sh 5 vault kv get -field gpg_passphrase ${VAULT_PATH})
+  export GPG_FINGERPRINT_SECRET=$(scripts/retry.sh 5 vault kv get -field gpg_fingerprint ${VAULT_PATH})
+  export GITHUB_TOKEN=$(scripts/retry.sh 5 vault kv get -field gh_personal_access_token ${VAULT_PATH})
+fi
diff --git a/.buildkite/release.sh b/.buildkite/release.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+set -euo pipefail
+
+echo "--- Importing GPG key"
+echo -n "$GPG_PRIVATE_SECRET" | base64 --decode | gpg --import --batch --yes --passphrase "$GPG_PASSPHRASE_SECRET"
+
+echo "--- Caching GPG passphrase"
+echo "$GPG_PASSPHRASE_SECRET" | gpg --armor --detach-sign --passphrase-fd 0 --pinentry-mode loopback
+
+echo "--- Release the binaries"
+make release
diff --git a/.buildkite/release.yml b/.buildkite/release.yml
@@ -0,0 +1,7 @@
+steps:
+  - label: ":rocket: Release"
+    command: .buildkite/release.sh
+    agents:
+      image: "docker.io/library/golang:1.21"
+      cpu: "8"
+      memory: "4G"
diff --git a/.ci/pipelines/release.Jenkinsfile b/.ci/pipelines/release.Jenkinsfile
@@ -29,7 +29,7 @@ node('docker && gobld/machineType:n1-highcpu-8') {
             stage("Cache GPG key and release the binaries") {
                 script {
                     env.GITHUB_TOKEN = readFile(".ci/.github_token").trim()
-                    env.GPG_FINGERPRINT = readFile(".ci/.gpg_fingerprint").trim()
+                    env.GPG_FINGERPRINT_SECRET = readFile(".ci/.gpg_fingerprint").trim()
                 }
                 sh 'make -C .ci cache-gpg-passphrase; make release'
             }

diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -21,10 +21,10 @@ builds:
     - linux
     - darwin
   goarch:
-    - amd64
     - '386'
     - arm
     - arm64
+    - amd64
   ignore:
     - goos: darwin
       goarch: '386'
@@ -42,7 +42,7 @@ signs:
       # need to pass the batch flag to indicate its not interactive.
       - "--batch"
       - "--local-user"
-      - "{{ .Env.GPG_FINGERPRINT }}" # set this environment variable for your signing key
+      - "{{ .Env.GPG_FINGERPRINT_SECRET }}" # set this environment variable for your signing key
       - "--output"
       - "${signature}"
       - "--detach-sign"

diff --git a/build/Makefile.release b/build/Makefile.release
@@ -27,12 +27,12 @@ snapshot: $(GOBIN)/goreleaser
 ## Releases a new version of the terraform provider with a matching tag.
 release: $(GOBIN)/goreleaser
 	@ $(MAKE) gen VERSION=$(subst -dev,,$(VERSION))
-	@ $(GOBIN)/goreleaser --clean --skip-validate
+	@ $(GOBIN)/goreleaser --clean --skip-validate --parallelism=4
 
 ## Builds a new version of the terraform provider with a matching tag without publishing it.
 release-no-publish: $(GOBIN)/goreleaser
 	@ $(MAKE) gen VERSION=$(subst -dev,,$(VERSION))
-	@ $(GOBIN)/goreleaser --clean --skip-validate --skip-publish
+	@ $(GOBIN)/goreleaser --clean --skip-validate --skip-publish --parallelism=4
 
 .PHONY: changelog
 changelog: $(GOBIN)/changelog-build

diff --git a/catalog-info.yaml b/catalog-info.yaml
@@ -21,6 +21,35 @@ spec:
     spec:
       repository: elastic/terraform-provider-ec
       pipeline_file: ".buildkite/pipeline.yml"
+
+# yaml-language-server: $schema=https://gist.githubusercontent.com/elasticmachine/988b80dae436cafea07d9a4a460a011d/raw/rre.schema.json
+apiVersion: backstage.io/v1alpha1
+kind: Resource
+metadata:
+  name: buildkite-pipeline-terraform-provider-ec-release
+  description: Buildkite Pipeline for releasing the terraform-provider-ec
+  links:
+    - title: Pipeline
+      url: https://buildkite.com/elastic/terraform-provider-ec-release
+
+spec:
+  type: buildkite-pipeline
+  owner: group:control-plane-stateful
+  system: buildkite
+  implementation:
+    apiVersion: buildkite.elastic.dev/v1
+    kind: Pipeline
+    metadata:
+      name: terraform-provider-ec-release
+    spec:
+      repository: elastic/terraform-provider-ec
+      pipeline_file: ".buildkite/release.yml"
+      provider_settings:
+        build_branches: false
+        build_pull_request_forks: false
+        build_tags: true
+        filter_condition: 'build.tag =~ /^v[0-9.]+$/'
+        filter_enabled: true
       teams:
         control-plane-stateful:
           access_level: MANAGE_BUILD_AND_READ

diff --git a/developer_docs/RELEASE.md b/developer_docs/RELEASE.md
@@ -51,7 +51,7 @@ When releasing patch versions, the changelog will be branched out in the minor b
 
 ## Executing the release
 
-After all the prerequisites have been ticked off, the only thing remaining is to run `make tag`. The Jenkins CI will attempt to release a new version. Make sure the published version is listed in the [Terraform registry](https://registry.terraform.io/providers/elastic/ec/latest/docs), you can follow the progress on the [Jenkins dashboard](https://devops-ci.elastic.co/job/elastic+terraform-provider-ec+release/).
+After all the prerequisites have been ticked off, the only thing remaining is to run `make tag`. The Buildkite Release job will attempt to release a new version. Make sure the published version is listed in the [Terraform registry](https://registry.terraform.io/providers/elastic/ec/latest/docs), you can follow the progress on the [Buildkite job](https://buildkite.com/elastic/terraform-provider-ec-release).
 
 ## Post release tasks
 

diff --git a/ec/ecresource/deploymentresource/deployment/v2/deployment_read.go b/ec/ecresource/deploymentresource/deployment/v2/deployment_read.go
@@ -21,12 +21,12 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"slices"
 	"strings"
 
 	"github.com/blang/semver"
 	"github.com/elastic/cloud-sdk-go/pkg/models"
 	"github.com/elastic/cloud-sdk-go/pkg/util/ec"
-	"golang.org/x/exp/slices"
 
 	apmv2 "github.com/elastic/terraform-provider-ec/ec/ecresource/deploymentresource/apm/v2"
 	elasticsearchv2 "github.com/elastic/terraform-provider-ec/ec/ecresource/deploymentresource/elasticsearch/v2"

diff --git a/ec/ecresource/deploymentresource/elasticsearch/v2/elasticsearch_payload.go b/ec/ecresource/deploymentresource/elasticsearch/v2/elasticsearch_payload.go
@@ -19,14 +19,14 @@ package v2
 
 import (
 	"context"
+	"slices"
 	"strings"
 
 	"github.com/elastic/cloud-sdk-go/pkg/models"
 	"github.com/elastic/cloud-sdk-go/pkg/util/ec"
 	"github.com/hashicorp/terraform-plugin-framework/diag"
 	"github.com/hashicorp/terraform-plugin-framework/tfsdk"
 	"github.com/hashicorp/terraform-plugin-framework/types"
-	"golang.org/x/exp/slices"
 )
 
 type ElasticsearchTF struct {

diff --git a/ec/ecresource/trafficfilterresource/schema.go b/ec/ecresource/trafficfilterresource/schema.go
@@ -19,6 +19,7 @@ package trafficfilterresource
 
 import (
 	"context"
+	"slices"
 
 	"github.com/hashicorp/terraform-plugin-framework-validators/setvalidator"
 	"github.com/hashicorp/terraform-plugin-framework/attr"
@@ -30,7 +31,6 @@ import (
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier"
 	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
 	"github.com/hashicorp/terraform-plugin-framework/types"
-	"golang.org/x/exp/slices"
 
 	"github.com/elastic/cloud-sdk-go/pkg/api"
 

diff --git a/ec/internal/validators/urlvalidator.go b/ec/internal/validators/urlvalidator.go
@@ -21,10 +21,10 @@ import (
 	"context"
 	"fmt"
 	"net/url"
+	"slices"
 	"strings"
 
 	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
-	"golang.org/x/exp/slices"
 )
 
 type isURLWithSchemeValidator struct {

diff --git a/go.mod b/go.mod
@@ -15,7 +15,6 @@ require (
 	github.com/hashicorp/terraform-plugin-testing v1.5.1
 	github.com/mitchellh/mapstructure v1.5.0
 	github.com/stretchr/testify v1.8.4
-	golang.org/x/exp v0.0.0-20230905200255-921286631fa9
 )
 
 require (
@@ -78,6 +77,7 @@ require (
 	go.opentelemetry.io/otel v1.14.0 // indirect
 	go.opentelemetry.io/otel/trace v1.14.0 // indirect
 	golang.org/x/crypto v0.13.0 // indirect
+	golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect
 	golang.org/x/mod v0.12.0 // indirect
 	golang.org/x/net v0.13.0 // indirect
 	golang.org/x/sys v0.12.0 // indirect