Merge branch 'main' into feature/integration-tests

.editorconfig

@@ -5,13 +5,13 @@ charset = utf-8
 indent_style = tab
 indent_size = 4
 # Spell checker configuration
-spelling_exclusion_path = ./build/exclusion.dic
+spelling_exclusion_path = "./build/exclusion.dic"
 
-[*.{fs,fsx,yml}]
+[*.{fs,fsx}]
 indent_style = space
 indent_size = 4
 
-[*.{md,markdown,json,js,csproj,fsproj,targets,targets,props}]
+[*.{md,markdown,json,js,yml,csproj,fsproj,targets,targets,props}]
 indent_style = space
 indent_size = 2
 

.github/workflows/bootstrap/action.yml

@@ -0,0 +1,49 @@
+---
+name: Bootstrap Checkout
+description: Ensures all actions bootstrap the same
+
+outputs:
+  agent-version:
+    description: "The current agent version number"
+    value: ${{ steps.dotnet.outputs.agent-version }}
+  major-version:
+    description: "The current major version number, semver"
+    value: ${{ steps.dotnet.outputs.major-version }}
+
+runs:
+  using: "composite"
+  steps:
+    # Ensure we fetch all tags
+    - shell: bash
+      run: |
+        git fetch --prune --unshallow --tags
+        git tag --list
+        
+    - uses: actions/cache@v3
+      with:
+        path: ~/.nuget/packages
+        key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.[cf]sproj*') }}
+        restore-keys: |
+          ${{ runner.os }}-nuget
+          
+    -   name: Setup dotnet
+        uses: actions/setup-dotnet@v3
+        with:
+          dotnet-version: |
+            6.0.x
+            8.0.x
+            6.0.x
+    - id: dotnet
+      shell: bash
+      run: |
+        dotnet --list-sdks
+        dotnet tool restore
+        AGENT_VERSION=$(dotnet minver -t=v -p=canary.0 -v=e)
+        echo "Version Number: ${AGENT_VERSION}"
+        echo "AGENT_VERSION=${AGENT_VERSION}" >> $GITHUB_ENV
+        echo "agent-version=${AGENT_VERSION}" >> $GITHUB_OUTPUT
+        echo "major-version=$(echo ${AGENT_VERSION} | cut -d"." -f1)" >> $GITHUB_OUTPUT
+  
+
+    # Setup git config
+    - uses: elastic/apm-pipeline-library/.github/actions/setup-git@current

.github/workflows/ci.yml

@@ -1,79 +1,50 @@
-name: Always be deploying
+name: Pull Request Validation
 
 on:
-    pull_request:
-        paths-ignore:
-            - 'README.md'
-            - '.editorconfig'
-    push:
-        paths-ignore:
-            - 'README.md'
-            - '.editorconfig'
-        branches:
-            - main
-        tags:
-            - "*.*.*"
+  push:
+    branches:
+      - main
+    paths-ignore:
+      - '*.md'
+      - '*.asciidoc'
+      - 'docs/**'
+  pull_request:
+    paths-ignore:
+      - '*.md'
+      - '*.asciidoc'
+      - 'docs/**'
 
-jobs:
-    test-windows:
-        runs-on: windows-latest
-        steps:
-            - uses: actions/checkout@v2
-              with:
-                  fetch-depth: 1
-            - run: |
-                  git fetch --prune --unshallow --tags
-                  echo exit code $?
-                  git tag --list
-            - uses: actions/setup-dotnet@v1
-              with:
-                  dotnet-version: |
-                      8.0.x
-                      6.0.x
-                  source-url: https://nuget.pkg.github.com/elastic/index.json
-              env:
-                  NUGET_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
-            - run: build.bat test
-              shell: cmd
-              name: Test
-
-    build:
-        runs-on: ubuntu-latest
-        steps:
-            - uses: actions/checkout@v2
-              with:
-                  fetch-depth: 1
-            - run: |
-                  git fetch --prune --unshallow --tags
-                  echo exit code $?
-                  git tag --list
-            - uses: actions/setup-dotnet@v1
-              with:
-                  # .NET 7 is sadly required for the licenses check tool
-                  # https://github.com/tomchavakis/nuget-license/issues/200
-                  dotnet-version: |
-                      6.0.x
-                      7.0.x
-                      8.0.x
-                  source-url: https://nuget.pkg.github.com/elastic/index.json
-              env:
-                  NUGET_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
 
-            - run: ./build.sh release
-              name: Release
+env:
+  NUGET_PACKAGES: ${{ github.workspace }}/.nuget/packages
+
+jobs:
+  test-windows:
+    runs-on: windows-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Bootstrap Action Workspace
+        id: bootstrap
+        uses: ./.github/workflows/bootstrap
 
-            - name: publish canary packages github package repository
-              if: github.event_name == 'push' && startswith(github.ref, 'refs/heads')
-              shell: bash
-                # this is a best effort to push to GHPR, we've observed it being unavailable intermittently
-              continue-on-error: true
-              run: dotnet nuget push '.artifacts/package/release/*.nupkg' -k ${{secrets.GITHUB_TOKEN}} --skip-duplicate --no-symbols
-            
-            # Github packages requires authentication, this is likely going away in the future so for now we publish to feedz.io
-            - run: dotnet nuget push '.artifacts/package/release/*.nupkg' -k ${{secrets.FEEDZ_IO_API_KEY}} -s https://f.feedz.io/elastic/all/nuget/index.json --skip-duplicate --no-symbols
-              name: publish canary packages to feedz.io
-              if: false && github.event_name == 'push' && startswith(github.ref, 'refs/heads')
+      - run: build.bat test
+        shell: cmd
+        name: Test
+
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Bootstrap Action Workspace
+        id: bootstrap
+        uses: ./.github/workflows/bootstrap
 
-            - run: dotnet nuget push '.artifacts/package/release/*.nupkg' -k ${{secrets.NUGET_ORG_API_KEY}} -s https://api.nuget.org/v3/index.json --skip-duplicate --no-symbols
-              name: release to nuget.org
-              if: false && github.event_name == 'push' && startswith(github.ref, 'refs/tags')
+      # We still run the full release build on pull-requests this ensures packages are validated ahead of time
+      - run: ./build.sh release
+        name: Release

.github/workflows/e2e.yml

@@ -0,0 +1,56 @@
+name: e2e
+
+on:
+  push:
+    branches:
+      - main
+    paths-ignore:
+      - '*.md'
+      - '*.asciidoc'
+      - 'docs/**'
+  pull_request:
+    paths-ignore:
+      - '*.md'
+      - '*.asciidoc'
+      - 'docs/**'
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
+
+env:
+  # keep_serverless-staging-oblt OR keep_serverless-qa-oblt
+  SERVERLESS_PROJECT: serverless-production-oblt
+
+jobs:
+  test:
+    if: |
+      github.event_name != 'pull_request' || 
+      (github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork == false)
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup Git
+        uses: elastic/apm-pipeline-library/.github/actions/setup-git@current
+
+      - uses: elastic/apm-pipeline-library/.github/actions/github-token@current
+        with:
+          url: ${{ secrets.VAULT_ADDR }}
+          roleId: ${{ secrets.VAULT_ROLE_ID }}
+          secretId: ${{ secrets.VAULT_SECRET_ID }}
+
+      - uses: elastic/apm-pipeline-library/.github/actions/oblt-cli-cluster-credentials@current
+        with:
+          github-token: ${{ env.GITHUB_TOKEN }}
+          cluster-name: ${{ env.SERVERLESS_PROJECT }}
+          vault-url: ${{ secrets.VAULT_ADDR }}
+          vault-role-id: ${{ secrets.VAULT_ROLE_ID }}
+          vault-secret-id: ${{ secrets.VAULT_SECRET_ID }}
+
+      # TODO: run the e2e targeting the required endpoint.
+      #       those values can be found in https://github.com/elastic/apm-pipeline-library/tree/main/.github/actions/oblt-cli-cluster-credentials#outputs
+      - run: curl -X GET "${ELASTICSEARCH_HOST}/_cat/indices?v" -u ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}

.github/workflows/license.yml

@@ -1,15 +1,15 @@
 name: License headers
 
-on: [pull_request]
+on: [ pull_request ]
 
 jobs:
   build:
 
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
 
-    - name: Check license headers
-      run: |
-        ./.github/check-license-headers.sh
+      - name: Check license headers
+        run: |
+          ./.github/check-license-headers.sh

.github/workflows/opentelemetry.yml

@@ -0,0 +1,23 @@
+---
+# Look up results at https://ela.st/oblt-ci-cd-stats
+# There will be one service per GitHub repository, including the org name, and one Transaction per Workflow.
+name: OpenTelemetry Export Trace
+
+on:
+  workflow_run:
+    workflows: [ "*" ]
+    types: [completed]
+
+permissions:
+  contents: read
+  actions: read
+
+jobs:
+  otel-export-trace:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: elastic/apm-pipeline-library/.github/actions/opentelemetry@current
+        with:
+          vaultUrl: ${{ secrets.VAULT_ADDR }}
+          vaultRoleId: ${{ secrets.VAULT_ROLE_ID }}
+          vaultSecretId: ${{ secrets.VAULT_SECRET_ID }}

.github/workflows/prerelease.yml

@@ -0,0 +1,37 @@
+name: release-main
+
+on:
+  push:
+    branches: [ "main" ]
+
+permissions:
+  contents: write
+  issues: write
+  packages: write
+
+env:
+  NUGET_PACKAGES: ${{ github.workspace }}/.nuget/packages
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Bootstrap Action Workspace
+        id: bootstrap
+        uses: ./.github/workflows/bootstrap
+
+      - run: ./build.sh release
+        name: Release
+
+      - name: publish canary packages github package repository
+        shell: bash
+        # this is a best effort to push to GHPR, we've observed it being unavailable intermittently
+        continue-on-error: true
+        run: dotnet nuget push '.artifacts/package/release/*.nupkg' -k ${{secrets.GITHUB_TOKEN}} --skip-duplicate --no-symbols
+
+      # Github packages requires authentication, this is likely going away in the future so for now we publish to feedz.io
+      - run: dotnet nuget push '.artifacts/package/release/*.nupkg' -k ${{secrets.FEEDZ_IO_API_KEY}} -s https://f.feedz.io/elastic/all/nuget/index.json --skip-duplicate --no-symbols
+        name: publish canary packages to feedz.io
+        if: false && github.event_name == 'push' && startswith(github.ref, 'refs/heads')
+