Deploy Sandbox #208
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Sandbox | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| mfaCode: | |
| type: string | |
| description: MFA Code | |
| required: true | |
| region: | |
| type: choice | |
| description: 'Which region? (use us-east-1 for RC)' | |
| options: | |
| - sa-east-1 | |
| - us-east-1 | |
| - all | |
| architecture: | |
| description: 'Architecture' | |
| required: true | |
| default: 'amd64' | |
| type: choice | |
| options: | |
| - amd64 | |
| - arm64 | |
| buildTags: | |
| type: choice | |
| description: Build tags | |
| default: 'serverless otlp' | |
| options: | |
| - 'serverless otlp' | |
| - 'serverless' | |
| agentBranch: | |
| type: string | |
| description: Datadog agent branch name (default main) | |
| default: "main" | |
| layerSuffix: | |
| type: string | |
| description: Suffix to be appended to the layer name (default empty) | |
| default: "" | |
| jobs: | |
| prepare-artifact: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| AWS_REGIONS: ${{ steps.list_region.outputs.AWS_REGIONS }} | |
| AWS_ACCESS_KEY_ID: ${{ steps.auth.outputs.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ steps.auth.outputs.AWS_SECRET_ACCESS_KEY }} | |
| AWS_SESSION_TOKEN: ${{ steps.auth.outputs.AWS_SESSION_TOKEN }} | |
| steps: | |
| - name: mask numbers | |
| run: | | |
| echo ::add-mask::"0" | |
| echo ::add-mask::"1" | |
| echo ::add-mask::"2" | |
| echo ::add-mask::"3" | |
| echo ::add-mask::"4" | |
| echo ::add-mask::"5" | |
| echo ::add-mask::"6" | |
| echo ::add-mask::"7" | |
| echo ::add-mask::"8" | |
| echo ::add-mask::"9" | |
| echo ::add-mask::"|" | |
| - uses: actions/checkout@v3 | |
| - id: auth | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.GH_ACTION_PUBLISHER_AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.GH_ACTION_PUBLISHER_AWS_SECRET_ACCESS_KEY }} | |
| run: | | |
| ./build-tools/bin/build_tools \ | |
| auth \ | |
| --mfa-arn ${{ secrets.GH_ACTION_PUBLISHER_MFA_DEVICE_ARN }} \ | |
| --mfa-code ${{ inputs.mfaCode }} \ | |
| --key ${{ secrets.GH_ACTION_PUBLISHER_AEM_KEY }} | |
| - uses: actions/checkout@v3 | |
| with: | |
| repository: DataDog/datadog-agent | |
| ref: refs/heads/${{ inputs.agentBranch }} | |
| path: datadog-agent | |
| - name: Set up QEMU | |
| uses: docker/[email protected] | |
| - run: | | |
| ./build-tools/bin/build_tools \ | |
| build \ | |
| --version 1 \ | |
| --agent-version 1 \ | |
| --architecture "${{ inputs.architecture }}" \ | |
| --context-path "${GITHUB_WORKSPACE}" \ | |
| --destination-path "${GITHUB_WORKSPACE}/tmp" \ | |
| --docker-path "scripts_v2/Dockerfile.build" \ | |
| --build-tags "${{ inputs.buildTags }}" \ | |
| --artifact-name "datadog_extension.zip" | |
| - name: Sign the layer | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ steps.auth.outputs.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ steps.auth.outputs.AWS_SECRET_ACCESS_KEY }} | |
| AWS_SESSION_TOKEN: ${{ steps.auth.outputs.AWS_SESSION_TOKEN }} | |
| run: | | |
| ./build-tools/bin/build_tools \ | |
| sign \ | |
| --layer-path ./tmp/datadog_extension.zip \ | |
| --destination-path ./tmp/datadog_extension_signed.zip \ | |
| --key ${{ secrets.GH_ACTION_PUBLISHER_AEM_KEY }} | |
| - uses: actions/[email protected] | |
| with: | |
| name: datadog-extension | |
| path: ./tmp/datadog_extension_signed.zip | |
| retention-days: 5 | |
| - id: list_region | |
| if: ${{ github.event.inputs.region == 'all' }} | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ steps.auth.outputs.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ steps.auth.outputs.AWS_SECRET_ACCESS_KEY }} | |
| AWS_SESSION_TOKEN: ${{ steps.auth.outputs.AWS_SESSION_TOKEN }} | |
| name: Build list of regions | |
| run: | | |
| ./build-tools/bin/build_tools \ | |
| list_region \ | |
| --key ${{ secrets.GH_ACTION_PUBLISHER_AEM_KEY }} | |
| - id: deploy | |
| if: ${{ github.event.inputs.region != 'all' }} | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ steps.auth.outputs.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ steps.auth.outputs.AWS_SECRET_ACCESS_KEY }} | |
| AWS_SESSION_TOKEN: ${{ steps.auth.outputs.AWS_SESSION_TOKEN }} | |
| run: | | |
| ./build-tools/bin/build_tools \ | |
| deploy \ | |
| --layer-path ./tmp/datadog_extension_signed.zip \ | |
| --architecture "${{ inputs.architecture }}" \ | |
| --layer-name "Datadog-Extension" \ | |
| --layer-suffix "${{ inputs.layerSuffix }}" \ | |
| --region ${{ github.event.inputs.region }} \ | |
| --key ${{ secrets.GH_ACTION_PUBLISHER_AEM_KEY }} | |
| deploy-artifact: | |
| if: ${{ github.event.inputs.region == 'all' }} | |
| needs: | |
| - prepare-artifact | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| aws_region: ${{ fromJson(needs.prepare-artifact.outputs.AWS_REGIONS) }} | |
| steps: | |
| - name: mask numbers | |
| run: | | |
| echo ::add-mask::"0" | |
| echo ::add-mask::"1" | |
| echo ::add-mask::"2" | |
| echo ::add-mask::"3" | |
| echo ::add-mask::"4" | |
| echo ::add-mask::"5" | |
| echo ::add-mask::"6" | |
| echo ::add-mask::"7" | |
| echo ::add-mask::"8" | |
| echo ::add-mask::"9" | |
| echo ::add-mask::"|" | |
| - uses: actions/checkout@v3 | |
| - uses: actions/download-artifact@v3 | |
| with: | |
| name: datadog-extension | |
| path: ./tmp | |
| - id: deploy | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ needs.prepare-artifact.outputs.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ needs.prepare-artifact.outputs.AWS_SECRET_ACCESS_KEY }} | |
| AWS_SESSION_TOKEN: ${{ needs.prepare-artifact.outputs.AWS_SESSION_TOKEN }} | |
| run: | | |
| ./build-tools/bin/build_tools \ | |
| deploy \ | |
| --layer-path ./tmp/datadog_extension_signed.zip \ | |
| --architecture "${{ inputs.architecture }}" \ | |
| --layer-name "Datadog-Extension" \ | |
| --layer-suffix "${{ inputs.layerSuffix }}" \ | |
| --region ${{ matrix.aws_region }} \ | |
| --key ${{ secrets.GH_ACTION_PUBLISHER_AEM_KEY }} |