.github/workflows/release.yml

name: release

on:
  workflow_dispatch:
  push:
    tags:
      - v*.*.*

env:
  DOCKER_BUILDKIT: 1
  DOCKER_REGISTRY: docker.elastic.co
  DOCKER_IMAGE_NAME: observability/apm-lambda-extension

permissions:
  contents: write
  id-token: write
  pull-requests: read

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - uses: elastic/oblt-actions/aws/auth@v1
        with:
          aws-account-id: "267093732750"

      - name: Validate GitHub release is not available yet
        run: |
          if gh release view "${{ github.ref_name }}" > /dev/null ; then
            echo "The GitHub release ${{ github.ref_name  }} already exists"
            exit 1
          fi
        env:
          GH_TOKEN: ${{ github.token }}

      - name: Log in to the Elastic Container registry
        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
        with:
          registry: ${{ secrets.ELASTIC_DOCKER_REGISTRY }}
          username: ${{ secrets.ELASTIC_DOCKER_USERNAME }}
          password: ${{ secrets.ELASTIC_DOCKER_PASSWORD }}

      - name: Bootstrap Action Workspace
        uses: ./.github/actions/bootstrap
        with:
          goreleaser: 'true'

      - name: Release
        run: make release

      # Store artifacts to help with troubleshooting
      - uses: actions/upload-artifact@v4
        if: always()
        with:
          name: release
          path: "dist/*.*"
          retention-days: 5

      - name: generate build provenance (binaries)
        uses: actions/attest-build-provenance@520d128f165991a6c774bcb264f323e3d70747f4  # v2.2.0
        with:
          subject-path: "${{ github.workspace }}/dist/*.*"

      # See https://github.com/github-early-access/generate-build-provenance/issues/162
      - name: container image digest
        id: image
        run: .ci/get-docker-provenance.sh

      - name: generate build provenance (containers x86_64)
        uses: actions/attest-build-provenance@520d128f165991a6c774bcb264f323e3d70747f4  # v2.2.0
        with:
          subject-name: ${{ steps.image.outputs.name_1 }}
          subject-digest: ${{ steps.image.outputs.digest_1 }}

      - name: generate build provenance (containers arm64)
        uses: actions/attest-build-provenance@520d128f165991a6c774bcb264f323e3d70747f4  # v2.2.0
        with:
          subject-name: ${{ steps.image.outputs.name_2 }}
          subject-digest: ${{ steps.image.outputs.digest_2 }}

      - name: GitHub Release
        run: make release-notes
        env:
          GH_TOKEN: ${{ github.token }}
          VERSION: ${{ github.ref_name }}

      - if: ${{ success() }}
        uses: elastic/oblt-actions/slack/send@v1
        with:
          bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
          channel-id: "#apm-aws-lambda"
          message: |
            :large_green_circle: [${{ github.repository }}] Release *${{ github.ref_name }}* published."
            Build: (<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|here>)

      - if: ${{ failure() }}
        uses: elastic/oblt-actions/slack/send@v1
        with:
          bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
          channel-id: "#apm-aws-lambda"
          message: |
            :large_yellow_circle: [${{ github.repository }}] Release *${{ github.ref_name }}* could not be published."
            Build: (<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|here>)