Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add checksum for latest artifact to metadata file #116

Merged
merged 9 commits into from
Dec 20, 2024
Merged
Show file tree
Hide file tree
Changes from 7 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 8 additions & 22 deletions .github/workflows/release-build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ env:
RELEASE_PRIVATE_REPOSITORY: 020628701572.dkr.ecr.us-west-2.amazonaws.com/adot-autoinstrumentation-node
RELEASE_PRIVATE_REGISTRY: 020628701572.dkr.ecr.us-west-2.amazonaws.com
PACKAGE_NAME: aws-distro-opentelemetry-node-autoinstrumentation
ARTIFACT_NAME: aws-aws-distro-opentelemetry-node-autoinstrumentation-${{ github.event.inputs.version }}.tgz

permissions:
id-token: write
Expand Down Expand Up @@ -86,6 +87,11 @@ jobs:
tags: |
${{ env.RELEASE_PRIVATE_REPOSITORY }}:v${{ github.event.inputs.version }}

- name: Get SHA256 checksum of release artifact
id: get_sha256
run: |
shasum -a 256 aws-distro-opentelemetry-node-autoinstrumentation/${{ env.ARTIFACT_NAME }} | sed "s|aws-distro-opentelemetry-node-autoinstrumentation/||" > ${{ env.ARTIFACT_NAME }}.sha256

# Publish to GitHub releases
- name: Create GH release
id: create_release
Expand All @@ -96,34 +102,14 @@ jobs:
--title "Release v${{ github.event.inputs.version }}" \
--draft \
"v${{ github.event.inputs.version }}" \
aws-distro-opentelemetry-node-autoinstrumentation/aws-aws-distro-opentelemetry-node-autoinstrumentation-${{ github.event.inputs.version }}.tgz
aws-distro-opentelemetry-node-autoinstrumentation/${{ env.ARTIFACT_NAME }} \
${{ env.ARTIFACT_NAME }}.sha256

# Publish to npm
- name: Publish to npm
env:
NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
NPM_CONFIG_PROVENANCE: true
run: npx lerna publish from-package --no-push --no-private --no-git-tag-version --no-verify-access --yes

- name: Get SHA256 checksum of wheel file
id: get_sha256
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
checksum=$(shasum -a 256 aws-distro-opentelemetry-node-autoinstrumentation/aws-aws-distro-opentelemetry-node-autoinstrumentation-${{ github.event.inputs.version }}.tgz | awk '{ print $1 }')
echo "CHECKSUM=$checksum" >> $GITHUB_OUTPUT

- name: Append checksum and update version
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
echo "aws-aws-distro-opentelemetry-node-autoinstrumentation-${{ github.event.inputs.version }}.tgz ${{ steps.get_sha256.outputs.CHECKSUM }}" >> checksum.txt
echo "${{ github.event.inputs.version }}" > version.txt

git config --local user.email "github-actions[bot]@users.noreply.github.com"
git config --local user.name "GitHub Action Release Workflow"
git add checksum.txt version.txt
git commit -m "Update latest version and append checksum"
git push


6 changes: 6 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -44,3 +44,9 @@ This project ensures compatibility with the following supported NodeJS versions:
### Note on Amazon CloudWatch Application Signals

[Amazon CloudWatch Application Signals](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Application-Monitoring-Sections.html) components are designed to seamlessly work with all library instrumentations offered by [OpenTelemetry NodeJS auto-instrumentation](https://github.com/open-telemetry/opentelemetry-js-contrib/blob/main/metapackages/auto-instrumentations-node/README.md). While upstream OpenTelemetry NodeJS instrumentations are in beta, Application Signals components are stable, production ready and have also been tested for popular libraries/frameworks such as `ExpressJS, AWS SDK for JavaScript V3, and others`. We will prioritize backward compatibility for Application Signals components, striving to ensure that they remain functional even in the face of potential breaking changes introduced by OpenTelemetry upstream libraries. Please [raise an issue](https://github.com/aws-observability/aws-otel-js-instrumentation/blob/main/CONTRIBUTING.md#reporting-bugsfeature-requests) if you notice Application Signals doesn't work for a particular OpenTelemetry supported library.

## Checksum Verification

Artifacts released will include a `.sha256` file for checksum verification starting from v0.4.0
To verify, run the command `shasum -a 256 -c <artifact_name>.sha256`
It should return the output `<artifact_name>: OK` if the validation is successful
Empty file removed checksum.txt
Empty file.
Empty file removed version.txt
Empty file.
Loading