Skip to content

ci: reproducible builds using pinned VM images #8211

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Jun 5, 2025
Merged

ci: reproducible builds using pinned VM images #8211

merged 6 commits into from
Jun 5, 2025

Conversation

@v1v
Copy link
Member

@v1v v1v commented May 22, 2025
edited
Loading

What does this PR do?

Pin the VM images and automate the autobump.

The autobump will run weekly on Sundays and will raise a PR with the required changes.

Why is it important?

This will help with a stable CI.

Follow-ups

  • Simplify the backport strategy and use specific PRs creation per supported branch
  • Enable auto-merge

Checklist

  • I have read and understood the pull request guidelines of this project.
  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in ./changelog/fragments using the changelog tool
  • I have added an integration test or an E2E test

Disruptive User Impact

How to test this PR locally

$ GITHUB_TOKEN=$(gh auth token) \
  GITHUB_ACTOR=v1v \
  updatecli diff --config .ci/updatecli/updatecli-bump-vm-images.yml --values .ci/updatecli/values.d/scm.yml

produced

--- .buildkite/pipeline.yml
+++ .buildkite/pipeline.yml
@@ -6,12 +6,12 @@
 
   # The following images are defined here and their values will be updated by updatecli
   # Please do not change them manually.
-  IMAGE_UBUNTU_2204_X86_64: "platform-ingest-elastic-agent-ubuntu-2204-1744855248"
-  IMAGE_UBUNTU_2204_ARM_64: "platform-ingest-elastic-agent-ubuntu-2204-aarch64-1744855248"
-  IMAGE_WIN_2016: "platform-ingest-elastic-agent-windows-2016-1744855248"
-  IMAGE_WIN_2022: "platform-ingest-elastic-agent-windows-2022-1744855248"
-  IMAGE_WIN_10: "platform-ingest-elastic-agent-windows-10-1744855248"
-  IMAGE_WIN_11: "platform-ingest-elastic-agent-windows-11-1744855248"
+  IMAGE_UBUNTU_2204_X86_64: "platform-ingest-elastic-agent-ubuntu-2204-1754885210"
+  IMAGE_UBUNTU_2204_ARM_64: "platform-ingest-elastic-agent-ubuntu-2204-aarch64-1754885210"
+  IMAGE_WIN_2016: "platform-ingest-elastic-agent-windows-2016-1754885210"
+  IMAGE_WIN_2022: "platform-ingest-elastic-agent-windows-2022-1754885210"
+  IMAGE_WIN_10: "platform-ingest-elastic-agent-windows-10-1754885210"
+  IMAGE_WIN_11: "platform-ingest-elastic-agent-windows-11-1754885210"
 
 steps:
   - label: "check-ci"

⚠ - 1 file(s) updated with "$1: \"platform-ingest-elastic-agent-$2-1754885210\"":
	* .buildkite/pipeline.yml
DEBUG: Checking if local changes have been done that should be published
DEBUG: no changes detected between branches "test/updatecli-pin-vm-images" and "updatecli_test_updatecli-pin-vm-images_346f1fe4c0832026a247e5c8dfbbeb3bb5c71332f97a57986cfe4c6771f5182a"

target: target#update-buildkite-bk.integration.pipeline
-----------------------------------------------

**Dry Run enabled**

DEBUG: checkout git branch "updatecli_test_updatecli-pin-vm-images_346f1fe4c0832026a247e5c8dfbbeb3bb5c71332f97a57986cfe4c6771f5182a", based on "test/updatecli-pin-vm-images"
DEBUG: Relative path detected: changing from ".buildkite/bk.integration.pipeline.yml" to absolute path from SCM: "/var/folders/t7/ghqdh8cx2g12pwb_w0ncmw900000gn/T/updatecli/github/v1v/elastic-agent/.buildkite/bk.integration.pipeline.yml"
DEBUG: Match found for pattern "(IMAGE_.+): \"platform-ingest-elastic-agent-(.+)-(.+)\"" in file ".buildkite/bk.integration.pipeline.yml"
".buildkite/bk.integration.pipeline.yml" updated with [dry run] content "$1: \"platform-ingest-elastic-agent-$2-1754885210\""

--- .buildkite/bk.integration.pipeline.yml
+++ .buildkite/bk.integration.pipeline.yml
@@ -7,12 +7,12 @@
 
   # The following images are defined here and their values will be updated by updatecli
   # Please do not change them manually.
-  IMAGE_UBUNTU_2404_X86_64: "platform-ingest-elastic-agent-ubuntu-2404-1744855248"
-  IMAGE_UBUNTU_2404_ARM_64: "platform-ingest-elastic-agent-ubuntu-2404-aarch64-1744855248"
-  IMAGE_RHEL_8: "platform-ingest-elastic-agent-rhel-8-1744855248"
-  IMAGE_DEBIAN_12: "platform-ingest-elastic-agent-debian-12-1744855248"
-  IMAGE_WIN_2022: "platform-ingest-elastic-agent-windows-2022-1744855248"
-  IMAGE_WIN_2025: "platform-ingest-elastic-agent-windows-2025-1744855248"
+  IMAGE_UBUNTU_2404_X86_64: "platform-ingest-elastic-agent-ubuntu-2404-1754885210"
+  IMAGE_UBUNTU_2404_ARM_64: "platform-ingest-elastic-agent-ubuntu-2404-aarch64-1754885210"
+  IMAGE_RHEL_8: "platform-ingest-elastic-agent-rhel-8-1754885210"
+  IMAGE_DEBIAN_12: "platform-ingest-elastic-agent-debian-12-1754885210"
+  IMAGE_WIN_2022: "platform-ingest-elastic-agent-windows-2022-1754885210"
+  IMAGE_WIN_2025: "platform-ingest-elastic-agent-windows-2025-1754885210"

While with apply

$ GITHUB_TOKEN=$(gh auth token) \
  GITHUB_ACTOR=v1v \
  updatecli apply --config .ci/updatecli/updatecli-bump-vm-images.yml --values .ci/updatecli/values.d/scm.yml

Pull Request available at:

	https://github.com/v1v/elastic-agent/pull/6

DEBUG: Merging existing pull-request body with new report
Existing GitHub pull request found: https://github.com/v1v/elastic-agent/pull/6

=============================

SUMMARY:



⚠ Bump vm-images to latest version:
	Source:
		✔ [latestVersion] Get latest available build
	Condition:
		✔ [latestVersion-check] Check if defined latest version differs
	Target:
		⚠ [update-buildkite-bk.integration.pipeline] Update .buildkite/bk.integration.pipeline.yml
		⚠ [update-buildkite-pipeline] Update .buildkite/pipeline.yml


Run Summary
===========
Pipeline(s) run:
  * Changed:	1
  * Failed:	0
  * Skipped:	0
  * Succeeded:	0
  * Total:	1

One action to follow up:

v1v#6

Related issues

Questions to ask yourself

  • How are we going to support this in production?
  • How are we going to measure its adoption?
  • How are we going to debug this?
  • What are the metrics I should take care of?
  • ...

@v1v v1v self-assigned this May 22, 2025
@v1v v1v added backport-active-all Automated backport with mergify to all the active branches backport-skip skip-changelog and removed backport-skip labels May 22, 2025
v1v added 3 commits May 27, 2025 14:37
@v1v
Merge branch 'main' into feature/support-updatecli-for-pin-vm-images
25dc0d2 
* main:
  chore: Update to elastic/beats@c51fee3a852e (elastic#8246)
  chore: Update to elastic/beats@82f47f73acbd (elastic#8239)
  Fix minor typo in beats update job (elastic#8233)
  fix(diagnostics): handle log rotation races (elastic#8215)
  Fix some minor issues with the beats version update job (elastic#8224)
  [main][Automation] Update elastic/beats to 9382cc20546b (elastic#8222)
  Automatically update beats module versions (elastic#8174)
  chore: deps(ironbank): Bump ubi version to 9.6 (elastic#8218)
@v1v
fix
bd5a8c5
@v1v
use the latest version
48a7866
@v1v v1v marked this pull request as ready for review May 27, 2025 12:49
@v1v v1v requested review from a team as code owners May 27, 2025 12:49
@v1v v1v requested a review from pkoutsovasilis May 27, 2025 12:49
v1v
v1v commented May 27, 2025
View reviewed changes
.ci/updatecli/updatecli-bump-vm-images.yml
Comment on lines +35 to +36
file: https://storage.googleapis.com/artifacts-api/vm-images/elastic-agent/latest.json
key: .date
Copy link
Member Author

@v1v v1v May 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I plan to automate this in our VM generator, but for now the folder structure follows the below pattern:

  • <repo>/latest.json

Follow-up:

  • Create a changelog file under https://storage.googleapis.com/artifacts-api/vm-images/changelog/elastic-agent/<version>.md
  • Leverage the PR description with the content of the changelog.md file

@elasticmachine
Copy link
Collaborator

elasticmachine commented May 27, 2025
edited
Loading

💔 Build Failed

Failed CI Steps

History

cc @v1v

dliappis
dliappis previously approved these changes May 28, 2025
View reviewed changes
Copy link
Contributor

@dliappis dliappis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is basically LGTM, but there was an additional promotion of elastic-agent images that happened yesterday1 to include an important PR2 when a new Go version is absent from the vm images, so I've left some changes to reflect the latest version of the images used as of now.

To get a list of the GCP images I used a simple script:

 for vmimg in family/platform-ingest-elastic-agent-ubuntu-2204 family/platform-ingest-elastic-agent-ubuntu-2404 family/platform-ingest-elastic-agent-rhel-8 family/platform-ingest-elastic-agent-debian-12 family/platform-ingest-elastic-agent-windows-2016 family/platform-ingest-elastic-agent-windows-2022 family/platform-ingest-elastic-agent-windows-2025 family/platform-ingest-elastic-agent-windows-10 family/platform-ingest-elastic-agent-windows-11; do
latestimg=$(gcloud compute images describe-from-family $vmimg --project=elastic-images-prod --format='value(selfLink)'); echo ${latestimg##*/}
done

Footnotes

  1. elastic internal link: https://buildkite.com/elastic/vm-images-platform-ingest/builds/757

  2. elastic internal link: https://github.com/elastic/ci-agent-images/pull/1428

@v1v @dliappis
use latest images
102bd84 
Co-authored-by: Dimitrios Liappis <[email protected]>
@elastic-sonarqube
Copy link

elastic-sonarqube bot commented May 28, 2025

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube

pazone
pazone approved these changes May 28, 2025
View reviewed changes
Copy link
Contributor

@pazone pazone left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks clear to me. I assume follow-ups for bump-vm-images.yml

@dliappis dliappis self-requested a review May 28, 2025 11:50
dliappis
dliappis approved these changes May 28, 2025
View reviewed changes
Copy link
Contributor

@dliappis dliappis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@v1v
Copy link
Member Author

v1v commented May 28, 2025
edited
Loading

Looks clear to me. I assume follow-ups for bump-vm-images.yml

What do you mean?

I plan to enable daily runs instead of weekly, but that's a follow-up that just has been discussed with Dimitrios offline. and I'll remove the commented line for the slack message

@pkoutsovasilis
Copy link
Contributor

pkoutsovasilis commented May 29, 2025
edited
Loading

@v1v @dliappis @pazone which team should own reviewing the automated PRs that bump the VM images?

@pazone pazone mentioned this pull request Jun 3, 2025
Merged
4 tasks
@v1v
Copy link
Member Author

v1v commented Jun 5, 2025

@v1v @dliappis @pazone which team should own reviewing the automated PRs that bump the VM images?

We discussed offline and come up with the below agreement:

  1. Enable auto-merge (in a follow-up)
  2. Use PRs per branch instead of the Mergify backport labels (in a follow-up) to help with the burden of merge conflicts. Updatecli supports that feature :)
  3. We, @observablt-ci and @observablt-ci-contractors, will do a light triage if the PRs failed and notify Control Plane team with the findings so they can proceed if it's non-infra related.

pkoutsovasilis
pkoutsovasilis approved these changes Jun 5, 2025
View reviewed changes
Copy link
Contributor

@pkoutsovasilis pkoutsovasilis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this CI quality improvement, LGTM 🙂

@v1v v1v mentioned this pull request Jun 5, 2025
Merged
8 tasks
@v1v v1v merged commit 9259f35 into elastic:main Jun 5, 2025
12 checks passed
@github-actions
Copy link
Contributor

github-actions bot commented Jun 5, 2025

@Mergifyio backport 8.17 8.18 8.19 9.0

@mergify
Copy link
Contributor

mergify bot commented Jun 5, 2025
edited
Loading

backport 8.17 8.18 8.19 9.0

✅ Backports have been created

mergify bot pushed a commit that referenced this pull request Jun 5, 2025
@v1v @mergify
ci: reproducible builds using pinned VM images (#8211)
dea1b67 
(cherry picked from commit 9259f35)
@mergify mergify bot mentioned this pull request Jun 5, 2025
Merged
8 tasks
mergify bot pushed a commit that referenced this pull request Jun 5, 2025
@v1v @mergify
ci: reproducible builds using pinned VM images (#8211)
b0a8f4d 
(cherry picked from commit 9259f35)
@mergify mergify bot mentioned this pull request Jun 5, 2025
Merged
8 tasks
mergify bot pushed a commit that referenced this pull request Jun 5, 2025
@v1v @mergify
ci: reproducible builds using pinned VM images (#8211)
4bc309d 
(cherry picked from commit 9259f35)
@mergify mergify bot mentioned this pull request Jun 5, 2025
Merged
8 tasks
mergify bot pushed a commit that referenced this pull request Jun 5, 2025
@v1v @mergify
ci: reproducible builds using pinned VM images (#8211)
9051644 
(cherry picked from commit 9259f35)
@mergify mergify bot mentioned this pull request Jun 5, 2025
Merged
8 tasks
@v1v v1v mentioned this pull request Jun 5, 2025
Merged
8 tasks
v1v pushed a commit that referenced this pull request Jun 5, 2025
@mergify
ci: reproducible builds using pinned VM images (#8211) (#8355)
58b47b5
v1v pushed a commit that referenced this pull request Jun 5, 2025
@mergify
ci: reproducible builds using pinned VM images (#8211) (#8357)
ae7615c
v1v pushed a commit that referenced this pull request Jun 5, 2025
@mergify
ci: reproducible builds using pinned VM images (#8211) (#8356)
edfdf78
v1v added a commit to v1v/elastic-agent that referenced this pull request Jun 5, 2025
@v1v
Merge branch 'main' into feature/serverless-its-oblt-cli
8910d57 
* main:
  bk: use elastic/vault-secrets and test-collector plugins together (elastic#8311)
  ci: reproducible builds using pinned VM images (elastic#8211)
v1v pushed a commit that referenced this pull request Jun 6, 2025
@mergify
ci: reproducible builds using pinned VM images (#8211) (#8354)
01124a9
This was referenced Jun 15, 2025
Merged
Merged
Merged
Merged
@v1v v1v mentioned this pull request Jun 16, 2025
Merged
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dliappis dliappis dliappis approved these changes

+2 more reviewers

@pazone pazone pazone approved these changes

@pkoutsovasilis pkoutsovasilis pkoutsovasilis approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@v1v v1v

Labels

backport-active-all Automated backport with mergify to all the active branches skip-changelog

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@v1v @elasticmachine @pkoutsovasilis @dliappis @pazone