datadog-agent/.github/workflows/buildimages-update.yml at main · DataDog/datadog-agent · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
name: Update buildimages

on:
  workflow_dispatch:
    inputs:
      images_id:
        description: 'Images ID'
        required: true
        type: string
      go_version:
        description: 'Go version'
        required: true
        type: string
      branch:
        description: 'Git branch to use'
        required: true
        type: string
      test_version:
        description: 'Whether the images are test images'
        required: true
        type: boolean
      include_otel_modules:
        description: 'Whether to also bump the Go version in modules used by OpenTelemetry'
        required: true
        type: boolean
      update_windows_images:
        description: 'Whether to update the Windows images. They are always updated if the Go version was changed'
        required: true
        type: boolean
        default: true

jobs:
  open-go-update-pr:
    runs-on: ubuntu-latest
    permissions:
      id-token: write # This is required for getting the required OIDC token from GitHub

    steps:
      - name: Checkout branch
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          # credentials are needed to create the PR at the end of the workflow
          persist-credentials: true

      - name: Fetch branch
        env:
          TARGET_BRANCH: ${{ inputs.branch }}
        # this step needs the github repository to be already cloned locally
        id: branch_fetch
        run: |
          if git fetch origin "refs/heads/$TARGET_BRANCH"; then
            echo "RESULT=true" >> $GITHUB_OUTPUT
          else
            echo "RESULT=false" >> $GITHUB_OUTPUT
          fi

      - name: Checkout branch
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        if: ${{ steps.branch_fetch.outputs.RESULT == 'true' }}
        with:
          ref: ${{ inputs.branch }}
          persist-credentials: false

      - name: Bazel cache
        uses: ./.github/actions/bazel-cache

      - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
        with:
          # use the go version from the input, not from the .go-version file
          # in case it's a Go update PR
          go-version: ${{ inputs.go_version }}

      - name: Install dda
        uses: ./.github/actions/install-dda
        with:
          features: legacy-tasks

      - name: Get current Go version
        id: current_go_version
        run: |
          echo "GO_VERSION=$(dda inv -- go-version)" >> $GITHUB_OUTPUT

      - name: Get current buildimage tag
        id: current_buildimage_tag
        run: |
            echo "BUILDIMAGE_TAG=$(dda inv -- buildimages.get-tag)" >> $GITHUB_OUTPUT

      - name: Install tools
        # Updating the Go version requires having gopatch installed
        id: install_tools
        run: |
          dda inv -- -e install-tools

      - name: Update buildimages IDs and Go version
        id: update_build_images
        env:
          TEST_VERSION_FLAG: ${{ inputs.test_version && '--test' || '--no-test' }}
          # INCLUDE_OTEL_MODULES must be used without quotes to be ignored when empty
          INCLUDE_OTEL_MODULES: ${{ inputs.include_otel_modules && '--include-otel-modules' || '' }}
          # INPUT_TEST_VERSION must be used without quotes to be ignored when empty
          INPUT_TEST_VERSION: ${{ inputs.test_version && '--test' || '' }}
          CURRENT_GO_VERSION: ${{ steps.current_go_version.outputs.GO_VERSION }}
          INPUT_GO_VERSION: ${{ inputs.go_version }}
          CURRENT_BUILDIMAGE_TAG: ${{ steps.current_buildimage_tag.outputs.BUILDIMAGE_TAG }}
          IMAGES_ID: ${{ inputs.images_id }}
          TMP_PR_BODY_PATH: /tmp/pr_body
          WINDOWS_FLAG: ${{ inputs.update_windows_images && '--windows' || '' }}
        run: |
          if [ "$CURRENT_GO_VERSION" = "$INPUT_GO_VERSION" ]; then
            dda inv -- -e buildimages.update --tag "$IMAGES_ID" "$TEST_VERSION_FLAG" $WINDOWS_FLAG
            echo "MESSAGE=Update buildimages ID to $IMAGES_ID" >> $GITHUB_OUTPUT
          else
            dda inv -- -e update-go --image-tag "$IMAGES_ID" "$TEST_VERSION_FLAG" $INCLUDE_OTEL_MODULES -v "$INPUT_GO_VERSION"
            echo "MESSAGE=Update Go version to $INPUT_GO_VERSION" >> $GITHUB_OUTPUT
          fi
          # Generate the PR description
          dda inv -- -e buildimages.generate-pr-body \
          "$CURRENT_BUILDIMAGE_TAG" \
          "$IMAGES_ID" \
          "$CURRENT_GO_VERSION" \
          "$INPUT_GO_VERSION" \
          $INPUT_TEST_VERSION > $TMP_PR_BODY_PATH
          echo "BODY<<EOF"$'\n'"$(cat $TMP_PR_BODY_PATH)"$'\n'EOF >> $GITHUB_OUTPUT

      - uses: DataDog/dd-octo-sts-action@96a25462dbcb10ebf0bfd6e2ccc917d2ab235b9a # v1.0.4
        id: octo-sts
        with:
          scope: DataDog/datadog-agent
          policy: self.buildimages-update.create-pr

      - uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0
        name: Create pull request
        with:
          token: ${{ steps.octo-sts.outputs.token }}
          commit-message: ${{ steps.update_build_images.outputs.MESSAGE }}
          branch: ${{ inputs.branch }}
          sign-commits: true
          title: "[automated] ${{ steps.update_build_images.outputs.MESSAGE }}"
          body: ${{ steps.update_build_images.outputs.BODY }}
          draft: true
          labels: go-update,team/agent-runtimes