GH action for updating logstash version

[donoghuc]

This commit adds a GH action for bumping the logstash version. It uses the updatescli based on a suggestion for how the beats team is doing file updates. There is a workflow_dispatch trigger that accepts a new logstash version. Both the versions.yml and lock file are updated. If it is a branch where we are not vendoring a lockfile that file is skipped without failing the workflow step.

Implements https://github.com/elastic/ingest-dev/issues/5977

[github-actions]

🤖 GitHub comments

Expand to view the GitHub comments

Just comment with:

• run docs-build : Re-trigger the docs validation. (use unformatted text in the comment!)

[mergify]

This pull request does not have a backport label. Could you fix it @donoghuc? 🙏
To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

• backport-8./d is the label to automatically backport to the 8./d branch. /d is the digit.
• If no backport is necessary, please add the backport-skip label

[donoghuc]

Use of updatecli for dep bumps was based on this comment #17945 (comment)

[donoghuc]

To test locally:

install updatecli

brew install updatecli/updatecli/updatecli

generate config file:

# Create the same config the GitHub Action uses
cat > test-updatecli.yml << 'EOF'
name: Update versions.yml

sources:
  logstash_version:
    kind: shell
    spec:
      command: echo "9.3.0"

targets:
  update_logstash_version:
    name: Update logstash version in versions.yml
    kind: yaml
    spec:
      file: versions.yml
      key: $.logstash
    sourceid: logstash_version
  
  update_logstash_core_version:
    name: Update logstash-core version in versions.yml
    kind: yaml
    spec:
      file: versions.yml
      key: $.logstash-core
    sourceid: logstash_version

---
name: Update lock file

sources:
  logstash_version:
    kind: shell
    spec:
      command: echo "9.3.0"

conditions:
  check_lockfile_exists:
    name: Check if lockfile exists
    kind: shell
    disablesourceinput: true
    spec:
      command: test -f Gemfile.jruby-3.1.lock.release

targets:
  update_gemfile_lock_dependency:
    name: Update logstash-core dependency
    kind: file
    spec:
      file: Gemfile.jruby-3.1.lock.release
      matchpattern: 'logstash-core \(= [0-9]+\.[0-9]+\.[0-9]+'
      replacepattern: 'logstash-core (= 9.3.0'
    sourceid: logstash_version
  
  update_gemfile_lock_spec:
    name: Update logstash-core spec
    kind: file
    spec:
      file: Gemfile.jruby-3.1.lock.release
      matchpattern: 'logstash-core \([0-9]+\.[0-9]+\.[0-9]+-java\)'
      replacepattern: 'logstash-core (9.3.0-java)'
    sourceid: logstash_version
EOF

run

➜  logstash git:(bump-ls-version-action) ✗ updatecli apply --config test-updatecli.yml



+++++++++++
+ PREPARE +
+++++++++++

Loading Pipeline "test-updatecli.yml"

SCM repository retrieved: 0


++++++++++++++++++
+ AUTO DISCOVERY +
++++++++++++++++++



++++++++++++
+ PIPELINE +
++++++++++++



#######################
# UPDATE VERSIONS.YML #
#######################

source: source#logstash_version
-----------------------
The shell 🐚 command "/bin/sh /var/folders/cw/q_xjr4md1wj_w_c1xwfrnxdw0000gn/T/updatecli/bin/33b3af0384bd90f14aef112598cfabdf6d6e77168b475723abbaaf5f269b28f2.sh" ran successfully with the following output:
----
9.3.0
----
✔ shell command executed successfully

target: target#update_logstash_core_version
-----------------------------------
⚠ - change detected:
	* key "$.logstash-core" updated from "9.2.0" to "9.3.0", in file "versions.yml"

target: target#update_logstash_version
------------------------------
⚠ - change detected:
	* key "$.logstash" updated from "9.2.0" to "9.3.0", in file "versions.yml"


####################
# UPDATE LOCK FILE #
####################

source: source#logstash_version
-----------------------
The shell 🐚 command "/bin/sh /var/folders/cw/q_xjr4md1wj_w_c1xwfrnxdw0000gn/T/updatecli/bin/33b3af0384bd90f14aef112598cfabdf6d6e77168b475723abbaaf5f269b28f2.sh" ran successfully with the following output:
----
9.3.0
----
✔ shell command executed successfully

condition: condition#check_lockfile_exists
-------------------------------
The shell 🐚 command "/bin/sh /var/folders/cw/q_xjr4md1wj_w_c1xwfrnxdw0000gn/T/updatecli/bin/c4efa96ffd6665bfcc18724aff4523a9b7e976d0a59d6da437e1263a76b5f8c6.sh" exited on error (exit code 1) with the following output:
----
----

command stderr output was:
----
----
shell command failed. Expected exit code 0 but got 1
✗ shell condition of type "console/output" not passing

target: target#update_gemfile_lock_spec
-------------------------------

target: target#update_gemfile_lock_dependency
-------------------------------------


ACTIONS
========


=============================

SUMMARY:



- Update lock file:
	Source:
		✔ [logstash_version]
	Condition:
		✗ [check_lockfile_exists] Check if lockfile exists
	Target:
		- [update_gemfile_lock_dependency] Update logstash-core dependency
		- [update_gemfile_lock_spec] Update logstash-core spec


⚠ Update versions.yml:
	Source:
		✔ [logstash_version]
	Target:
		⚠ [update_logstash_core_version] Update logstash-core version in versions.yml
		⚠ [update_logstash_version] Update logstash version in versions.yml


Run Summary
===========
Pipeline(s) run:
  * Changed:	1
  * Failed:	0
  * Skipped:	1
  * Succeeded:	0
  * Total:	2

[donoghuc]

This was tested with #18050 and produced a PR with a version bump! Ready for review.

[v1v]

You don't need those values, that's when using a shared policy with updatecli, in this case, you only added the .ci/updatecli/bump-logstash-version.yml manifest.

Suggested change

	# begin updatecli-compose policy values
	user: 'github-actions[bot]'
	email: '41898282+github-actions[bot]@users.noreply.github.com'
	# end updatecli-compose policy values

[v1v]

duplicates .github/workflows/bump-version.yml?

[donoghuc]

same comment as #18035 (comment)

[v1v]

IIUC, this event will not work with forked PRs, since the GH token will never have any elevated access but read-only.

[donoghuc]

Yeah, the idea here was that this "stub" action is already checked in with a pull_request trigger. I was hoping that by doing that and targeting that workflow file from a branch that pushed to the elastic master copy of logstash would be enough to actually give a valid token for raising a PR. It may not actually be necessary though. Either way I will be removing the "stub" before this is actually ready for review.

[v1v]

If you want to use this updatecli manifest to target multiple branches, then use {{ requiredEnv "LOGSTASH_BRANCH" }} in tghe pipelineid, that's the name of the base branch when a PR is created

Suggested change

	pipelineid: "logstash/version-updates"
	pipelineid: "logstash/version-updates-{{ requiredEnv "LOGSTASH_BRANCH" }}"

[donoghuc]

For sure open to this change, but i'm not quite following where this is used in PR branching. In #18163 it seems like the branch is updatecli_8.18_logstash/version-updates. If somehow this was not auto-deleted on merged I could see there being a conflict (and thus probably not a PR raised).

[donoghuc]

Thanks @v1v for taking a look. I was working yesterday on figuring out how to implement the following using updatecli:

For unreleased branches (for example main or eventually a 9.x we wont vendor a lock file (and therefore dont need to update it). However, we will always want to update versions.yml. I want a workflow where a single PR is raised where versions.yml is always updated and the lock file is only updated if it exists.

So far i cant figure out how to express this in updatecli. Is that something you have an idea of how to do?

[v1v]

So far i cant figure out how to express this in updatecli. Is that something you have an idea of how to do?

I guess you can use the conditionals with sources and targets.

The example below will search for the given file.lock and update it, in addition, it modifies the versions.yml regardless.

sources:
  lock_file_exists:
    kind: shell
    spec:
      command: test -f file.lock

targets:
  update_lock_file:
    disablesourceinput: true
    dependson:
      - 'source#lock_file_exists'
    kind: file
    spec:
      file: "file.lock"
      content: "foo1"

  update_versions.yml:
    kind: file
    disablesourceinput: true
    spec:
      file: "versions.yml"
      content: "bar1"

If lock file does not exist

	Source:
		✗ [lock_file_exists] 
	Target:
		- [update_lock_file] 
		⚠ [update_versions.yml] 

Otherwise:

	Source:
		✔ [lock_file_exists] 
	Target:
		⚠ [update_lock_file] 
		⚠ [update_versions.yml] 

[mergify]

⚠️ The sha of the head commit of this PR conflicts with #18050. Mergify cannot evaluate rules on this PR. ⚠️

[donoghuc]

Thanks so much @v1v ! I think i've got this to a place where its working. Here is a run against a branch with a lockfile #18163 and here is one without #18162

Really appreciate your help on this, this tooling is great!

[v1v]

If you run this manifest targeting multiple branches, then the pipelineid should be unique. I'd recommend using LOGSTASH_BRANCH.

Suggested change

	pipelineid: "logstash/version-updates"
	pipelineid: "logstash/version-updates-{{ requiredEnv "LOGSTASH_BRANCH" }}"

[donoghuc]

Updated.

[v1v]

IIUC, .github/workflows/bump-java-version.yml and .github/workflows/bump-logstash.yml do the same, don't they?

[donoghuc]

See #18035 (comment)

I've reverted all the changes to that file. I'll deal with it separately.

[v1v]

nit: this is hardcoded in the updatecli manifest

Suggested change

commitusingapi: true

[donoghuc]

updated

[v1v]

nit: unused

Suggested change

enabled: true

[donoghuc]

updated

[v1v]

Do you think adding an example might be useful here?

Suggested change

	description: 'Logstash version'
	description: 'Logstash version (i.e: 1.2.3)'

[donoghuc]

yep, added one

[v1v]

Suggested change

	description: 'Logstash branch'
	description: 'Logstash branch (i.e: 8.19)'

[donoghuc]

yep, added one

[elastic-sonarqube]

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube

[elasticmachine]

💚 Build Succeeded

• Buildkite Build
• Commit: ea5ddcc

History

• 💚 Build #3509 succeeded 364c831
• 💚 Build #3498 succeeded fa1538e
• 💚 Build #3497 succeeded f6306aa
• 💛 Build #3491 was flaky fe19127
• 💚 Build #3484 succeeded 83568e4
• 💛 Build #3463 was flaky 5118e44