Remove me-south-1 from release build default regions #3417
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PR Build | |
| on: | |
| pull_request: | |
| types: | |
| - opened | |
| - reopened | |
| - synchronize | |
| - labeled | |
| - unlabeled | |
| branches: | |
| - main | |
| - "release/v*" | |
| env: | |
| TEST_TAG: public.ecr.aws/aws-observability/adot-autoinstrumentation-java:test-v2 | |
| USER: ${{ github.event.pull_request.user.login }} | |
| LABELS: ${{ toJSON(github.event.pull_request.labels.*.name) }} | |
| jobs: | |
| static-code-checks: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| fetch-depth: 0 | |
| # This action wrapper by raven-actions provides cross-platform support and caching | |
| # Catches the same issues as GitHub's web editor: syntax errors, type mismatches, | |
| # undefined inputs/secrets, circular dependencies, and more | |
| # Note: actionlint cannot validate composite actions - see https://github.com/rhysd/actionlint/issues/350 | |
| - name: Validate GitHub Actions workflows | |
| if: always() | |
| uses: raven-actions/actionlint@e01d1ea33dd6a5ed517d95b4c0c357560ac6f518 # v2.1.1 | |
| with: | |
| files: .github/workflows/*.yml | |
| # Temporarily ignore specific shellcheck codes while we systematically fix them | |
| # SC2009: Consider using pgrep instead of grepping ps output | |
| # SC2027: The surrounding quotes actually unquote this | |
| # SC2046: Quote this to prevent word splitting | |
| # SC2086: Double quote to prevent globbing and word splitting | |
| # SC2129: Consider using { cmd1; cmd2; } >> file instead of individual redirects | |
| # SC2162: read without -r will mangle backslashes | |
| # SC2193: The arguments to this comparison can never be equal | |
| # SC2206: Quote to prevent word splitting/globbing, or split robustly with mapfile or read -a | |
| flags: | | |
| -ignore SC2009 | |
| -ignore SC2027 | |
| -ignore SC2046 | |
| -ignore SC2086 | |
| -ignore SC2129 | |
| -ignore SC2162 | |
| -ignore SC2193 | |
| -ignore SC2206 | |
| - name: Check CHANGELOG | |
| if: always() | |
| run: | | |
| # Check if PR is from workflows bot or dependabot | |
| if [[ "${{ env.USER }}" == "aws-application-signals-bot" ]]; then | |
| echo "Skipping check: PR from aws-application-signals-bot" | |
| exit 0 | |
| fi | |
| if [[ "${{ env.USER }}" == "dependabot[bot]" ]]; then | |
| echo "Skipping check: PR from dependabot" | |
| exit 0 | |
| fi | |
| # Check for skip changelog label | |
| if echo '${{ env.LABELS }}' | jq -r '.[]' | grep -q "skip changelog"; then | |
| echo "Skipping check: skip changelog label found" | |
| exit 0 | |
| fi | |
| # Fetch base branch and check for CHANGELOG modifications | |
| git fetch origin ${{ github.base_ref }} | |
| if git diff --name-only origin/${{ github.base_ref }}..HEAD | grep -q "CHANGELOG.md"; then | |
| echo "CHANGELOG.md entry found - check passed" | |
| exit 0 | |
| fi | |
| echo "It looks like you didn't add an entry to CHANGELOG.md. If this change affects the SDK behavior, please update CHANGELOG.md and link this PR in your entry. If this PR does not need a CHANGELOG entry, you can add the 'Skip Changelog' label to this PR." | |
| exit 1 | |
| - name: Check for versioned GitHub actions | |
| if: always() | |
| run: | | |
| # Get changed GitHub workflow/action files | |
| CHANGED_FILES=$(git diff --name-only origin/${{ github.base_ref }}..HEAD | grep -E "^\.github/(workflows|actions)/.*\.ya?ml$" || true) | |
| if [ -n "$CHANGED_FILES" ]; then | |
| # Check for any versioned actions, excluding comments and this validation script | |
| VIOLATIONS=$(grep -Hn "uses:.*@v" $CHANGED_FILES | grep -v "grep.*uses:.*@v" | grep -v "#.*@v" || true) | |
| if [ -n "$VIOLATIONS" ]; then | |
| echo "Found versioned GitHub actions. Use commit SHAs instead:" | |
| echo "$VIOLATIONS" | |
| exit 1 | |
| fi | |
| fi | |
| echo "No versioned actions found in changed files" | |
| - name: Check for github.event in run steps | |
| if: always() | |
| run: | | |
| # Get changed GitHub workflow/action files | |
| CHANGED_FILES=$(git diff --name-only origin/${{ github.base_ref }}..HEAD | grep -E "^\.github/(workflows|actions)/.*\.ya?ml$" || true) | |
| if [ -n "$CHANGED_FILES" ]; then | |
| VIOLATIONS="" | |
| for file in $CHANGED_FILES; do | |
| # Extract all 'run' step values excluding this validation step | |
| RUN_STEPS=$(yq eval '.. | select(has("run") and has("name") and .name != "Check for github.event in run steps") | .run' "$file" 2>/dev/null || echo "") | |
| if echo "$RUN_STEPS" | grep -q "github\.event\."; then | |
| VIOLATIONS="$VIOLATIONS$file: Contains github.event.* in run step\n" | |
| fi | |
| done | |
| if [ -n "$VIOLATIONS" ]; then | |
| echo -e "Found github.event.* usage in run steps. This can lead to script injection vulnerabilities:" | |
| echo -e "$VIOLATIONS" | |
| exit 1 | |
| fi | |
| fi | |
| echo "No github.event.inputs usage found in run steps" | |
| testpatch: | |
| name: Test patches applied to dependencies | |
| runs-on: aws-otel-java-instrumentation_ubuntu-latest_32-core | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 | |
| with: | |
| java-version-file: .java-version | |
| distribution: temurin | |
| # vaadin 14 tests fail with node 18 | |
| - name: Set up Node | |
| uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0 | |
| with: | |
| node-version: 16 | |
| # vaadin tests use pnpm | |
| - name: Cache pnpm modules | |
| uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 | |
| with: | |
| path: ~/.pnpm-store | |
| key: ${{ runner.os }}-test-cache-pnpm-modules | |
| - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3 | |
| - uses: ./.github/actions/patch-dependencies | |
| with: | |
| run_tests: "true" | |
| build: | |
| name: Build on ${{ matrix.os }} | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| os: | |
| - macos-latest | |
| - ubuntu-latest | |
| - windows-latest | |
| exclude: | |
| # Skip windows on patch workflow because it is not possible to build opentelemetry-java on windows | |
| # when the cache is in a different drive than the source code | |
| # Windows is not working for patch workflows, therefore we disable it here | |
| # https://github.com/square/wire/issues/2188 | |
| # https://github.com/open-telemetry/opentelemetry-java/issues/4560 | |
| - os: ${{ startsWith(github.event.pull_request.base.ref, 'release/v') && 'windows-latest' || '' }} | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 | |
| - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 | |
| with: | |
| java-version-file: .java-version | |
| distribution: temurin | |
| - uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3 | |
| # Cleanup directories before proceeding with setup | |
| - name: Clean up old installations | |
| if: ${{ matrix.os != 'windows-latest' }} | |
| run: | | |
| sudo rm -rf /usr/local/lib/android | |
| sudo rm -rf /usr/share/dotnet | |
| # cache local patch outputs | |
| - name: Cache local Maven repository | |
| uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 #v4.2.4 | |
| with: | |
| path: | | |
| ~/.m2/repository/io/opentelemetry/ | |
| key: ${{ runner.os }}-maven-local-${{ hashFiles('.github/patches/opentelemetry-java*.patch') }} | |
| - name: Publish patched dependencies to maven local | |
| uses: ./.github/actions/patch-dependencies | |
| if: ${{ matrix.os != 'windows-latest' }} # Skip patch on windows as it is not possible to build opentelemetry-java on windows | |
| - name: Build with Gradle with Integration tests | |
| uses: gradle/actions/setup-gradle@d9c87d481d55275bb5441eef3fe0e46805f9ef70 | |
| if: ${{ matrix.os == 'ubuntu-latest' }} | |
| with: | |
| arguments: build integrationTests --stacktrace -PenableCoverage=true -PlocalDocker=true | |
| - name: Build and Test UDP exporter | |
| run: | | |
| ./gradlew build -p exporters/aws-distro-opentelemetry-xray-udp-span-exporter | |
| - name: Set up Java version for tests | |
| uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 | |
| with: | |
| java-version: 23 | |
| distribution: temurin | |
| - name: Pull base image of Contract Tests Sample Apps | |
| if: ${{ matrix.os == 'ubuntu-latest' }} | |
| run: docker pull public.ecr.aws/docker/library/amazoncorretto:23-alpine | |
| - name: Run contract tests | |
| uses: gradle/actions/setup-gradle@d9c87d481d55275bb5441eef3fe0e46805f9ef70 #v3.5.0 | |
| if: ${{ matrix.os == 'ubuntu-latest' }} | |
| with: | |
| arguments: contractTests -PlocalDocker=true -i | |
| - name: Set up Java version for image build | |
| uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 | |
| with: | |
| java-version-file: .java-version | |
| distribution: temurin | |
| - name: Get current version | |
| if: ${{ matrix.os == 'ubuntu-latest' }} | |
| shell: bash | |
| run: | | |
| echo "ADOT_JAVA_VERSION=$(./gradlew printVersion -q )" >> $GITHUB_ENV | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 #3.6.0 | |
| if: ${{ matrix.os == 'ubuntu-latest' }} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 #v3.11.1 | |
| with: | |
| driver-opts: image=moby/buildkit:v0.15.1 | |
| if: ${{ matrix.os == 'ubuntu-latest' }} | |
| - name: Build image for testing | |
| uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 #v6.18.0 | |
| if: ${{ matrix.os == 'ubuntu-latest' }} | |
| with: | |
| push: false | |
| build-args: "ADOT_JAVA_VERSION=${{ env.ADOT_JAVA_VERSION }}" | |
| context: . | |
| platforms: linux/amd64 | |
| tags: ${{ env.TEST_TAG }} | |
| load: true | |
| - name: Perform image scan | |
| uses: ./.github/actions/image_scan | |
| if: ${{ matrix.os == 'ubuntu-latest' }} | |
| with: | |
| image-ref: ${{ env.TEST_TAG }} | |
| severity: 'CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN' | |
| logout: 'true' | |
| trivyignore-file: .github/trivy/pr-build.trivyignore.yaml | |
| - name: Test docker image | |
| if: ${{ matrix.os == 'ubuntu-latest' }} | |
| shell: bash | |
| run: .github/scripts/test-adot-javaagent-image.sh "${{ env.TEST_TAG }}" "${{ env.ADOT_JAVA_VERSION }}" | |
| - name: Build with Gradle | |
| uses: gradle/actions/setup-gradle@d9c87d481d55275bb5441eef3fe0e46805f9ef70 #v3.5.0 | |
| if: ${{ matrix.os != 'ubuntu-latest' && (hashFiles('.github/patches/opentelemetry-java*.patch') == '' || matrix.os != 'windows-latest' ) }} # build on windows as well unless a patch exists | |
| with: | |
| arguments: build --stacktrace -PenableCoverage=true | |
| - uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 #v5.5.1 | |
| build-lambda: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Repo @ SHA - ${{ github.sha }} | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 | |
| - name: Setup Java | |
| uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0 | |
| with: | |
| java-version-file: .java-version | |
| distribution: temurin | |
| - name: Build layer | |
| working-directory: lambda-layer | |
| run: ./build-layer.sh | |
| all-pr-checks-pass: | |
| runs-on: ubuntu-latest | |
| needs: [static-code-checks, testpatch, build, build-lambda] | |
| if: always() | |
| steps: | |
| - name: Checkout to get workflow file | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #5.0.0 | |
| - name: Check all jobs succeeded and none missing | |
| run: | | |
| # Check if all needed jobs succeeded | |
| results='${{ toJSON(needs) }}' | |
| if echo "$results" | jq -r '.[] | .result' | grep -v success; then | |
| echo "Some jobs failed" | |
| exit 1 | |
| fi | |
| # Extract all job names from workflow (excluding this gate job) | |
| all_jobs=$(yq eval '.jobs | keys | .[]' .github/workflows/pr-build.yml | grep -v "all-pr-checks-pass" | sort) | |
| # Extract job names from needs array | |
| needed_jobs='${{ toJSON(needs) }}' | |
| needs_list=$(echo "$needed_jobs" | jq -r 'keys[]' | sort) | |
| # Check if any jobs are missing from needs | |
| missing_jobs=$(comm -23 <(echo "$all_jobs") <(echo "$needs_list")) | |
| if [ -n "$missing_jobs" ]; then | |
| echo "ERROR: Jobs missing from needs array in all-pr-checks-pass:" | |
| echo "$missing_jobs" | |
| echo "Please add these jobs to the needs array of all-pr-checks-pass" | |
| exit 1 | |
| fi | |
| echo "All checks passed and no jobs missing from gate!" |