From 3ab8d1f12601560eb776a1d59ab433e342c5d5d6 Mon Sep 17 00:00:00 2001 From: Panos Koutsovasilis Date: Mon, 30 Jun 2025 16:18:22 +0300 Subject: [PATCH 1/3] ci: pin elastic-agent version (#8736) * ci: pin elastic-agent version * ci: override BEAT_VERSION * ci: fix mage cloud:load and cloud:push (cherry picked from commit 5c5b174ae00db01d07dd0f7bc246d917aa912246) # Conflicts: # .buildkite/bk.integration-fips.pipeline.yml # .buildkite/bk.integration.pipeline.yml # .buildkite/scripts/buildkite-integration-tests.sh # magefile.go --- .buildkite/bk.integration-fips.pipeline.yml | 163 ++++++++++++++++++ .buildkite/bk.integration.pipeline.yml | 12 ++ .buildkite/integration.pipeline.yml | 3 + .../scripts/buildkite-integration-tests.ps1 | 8 +- .../scripts/buildkite-integration-tests.sh | 9 + .buildkite/scripts/common.sh | 7 +- magefile.go | 97 +++++++++-- .../upgrade_broken_package_test.go | 1 + 8 files changed, 279 insertions(+), 21 deletions(-) create mode 100644 .buildkite/bk.integration-fips.pipeline.yml diff --git a/.buildkite/bk.integration-fips.pipeline.yml b/.buildkite/bk.integration-fips.pipeline.yml new file mode 100644 index 00000000000..e79a895e215 --- /dev/null +++ b/.buildkite/bk.integration-fips.pipeline.yml @@ -0,0 +1,163 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/buildkite/pipeline-schema/main/schema.json + +env: + ASDF_MAGE_VERSION: 1.14.0 + MS_GOTOOLCHAIN_TELEMETRY_ENABLED: "0" + + IMAGE_UBUNTU_2404_X86_64: "platform-ingest-elastic-agent-ubuntu-2404-1750467641" + IMAGE_UBUNTU_X86_64_FIPS: "platform-ingest-elastic-agent-ubuntu-2204-fips-1750467641" + IMAGE_UBUNTU_ARM64_FIPS: "platform-ingest-elastic-agent-ubuntu-2204-fips-aarch64-1750467641" + # Remove AGENT_PACKAGE_VERSION and AGENT_VERSION pinning once 9.2.0 DRA and stack are released + AGENT_VERSION: "9.1.0-SNAPSHOT" + +steps: + - label: Build and push custom elastic-agent image + depends_on: + - 'packaging-containers-x86-64-fips' # Reuse artifacts produced in .buildkite/integration.pipeline.yml + key: integration-fips-cloud-image + env: + FIPS: "true" + CUSTOM_IMAGE_TAG: "git-${BUILDKITE_COMMIT:0:12}" + CI_ELASTIC_AGENT_DOCKER_IMAGE: "docker.elastic.co/beats-ci/elastic-agent-cloud-fips" + TF_VAR_integration_server_docker_image: "docker.elastic.co/beats-ci/elastic-agent-cloud-fips:git-${BUILDKITE_COMMIT:0:12}" + command: | + buildkite-agent artifact download build/distributions/elastic-agent-cloud-fips-*-linux-amd64.docker.tar.gz . --step 'packaging-containers-x86-64-fips' + mage cloud:load + mage cloud:push + agents: + provider: "gcp" + machineType: "n1-standard-8" + image: "${IMAGE_UBUNTU_2404_X86_64}" + plugins: + - elastic/vault-docker-login#v0.5.2: + secret_path: 'kv/ci-shared/platform-ingest/elastic_docker_registry' + + - label: Start ESS stack for FIPS integration tests + key: integration-fips-ess + depends_on: + - integration-fips-cloud-image + env: + ASDF_TERRAFORM_VERSION: 1.9.2 + TF_VAR_integration_server_docker_image: "docker.elastic.co/beats-ci/elastic-agent-cloud-fips:git-${BUILDKITE_COMMIT:0:12}" + command: | + source .buildkite/scripts/steps/ess_start.sh + artifact_paths: + - test_infra/ess/*.tfstate + - test_infra/ess/*.lock.hcl + agents: + image: "docker.elastic.co/ci-agent-images/platform-ingest/buildkite-agent-beats-ci-with-hooks:0.5" + useCustomGlobalHooks: true + + - group: "fips:Stateful:Ubuntu" + key: integration-tests-ubuntu-fips + depends_on: + - integration-fips-ess + steps: + - label: "fips:x86_64:sudo-{{matrix.sudo}}:{{matrix.groups}}" + depends_on: + - packaging-ubuntu-x86-64-fips # Reuse artifacts produced in .buildkite/integration.pipeline.yml + env: + FIPS: "true" + TF_VAR_integration_server_docker_image: "docker.elastic.co/beats-ci/elastic-agent-cloud-fips:git-${BUILDKITE_COMMIT:0:12}" + TEST_PACKAGE: "github.com/elastic/elastic-agent/testing/integration/ess" + command: | + buildkite-agent artifact download build/distributions/** . --step 'packaging-ubuntu-x86-64-fips' + .buildkite/scripts/steps/integration_tests_tf.sh {{matrix.groups}} {{matrix.sudo}} + artifact_paths: + - build/** + - build/diagnostics/** + retry: + automatic: + limit: 1 + agents: + provider: "aws" + image: "${IMAGE_UBUNTU_X86_64_FIPS}" + instanceType: "m5.2xlarge" + matrix: + setup: + sudo: + - "false" + - "true" + groups: + - fleet # currently there is only a single test in the fleet group, add more tests once they have been defined + + - label: "fips:arm64:sudo-{{matrix.sudo}}:{{matrix.groups}}" + depends_on: + - packaging-ubuntu-arm64-fips + env: + FIPS: "true" + TF_VAR_integration_server_docker_image: "docker.elastic.co/beats-ci/elastic-agent-cloud-fips:git-${BUILDKITE_COMMIT:0:12}" + TEST_PACKAGE: "github.com/elastic/elastic-agent/testing/integration/ess" + command: | + buildkite-agent artifact download build/distributions/** . --step 'packaging-ubuntu-arm64-fips' + .buildkite/scripts/steps/integration_tests_tf.sh {{matrix.groups}} {{matrix.sudo}} + artifact_paths: + - build/** + - build/diagnostics/** + retry: + automatic: + limit: 1 + agents: + provider: "aws" + image: "${IMAGE_UBUNTU_ARM64_FIPS}" + instanceType: "m6g.2xlarge" + matrix: + setup: + sudo: + - "false" + - "true" + groups: + - fleet + + - label: "fips:upgrade-ech-deployment" + if: build.env("BUILDKITE_PULL_REQUEST") != "false" && build.env("GITHUB_PR_LABELS") =~ /.*(Testing:run:TestUpgradeIntegrationsServer).*/ + env: + FIPS: "true" + TEST_PACKAGE: "github.com/elastic/elastic-agent/testing/integration/ess" + command: | + export EC_API_KEY=$(retry -t 5 -- vault kv get -field=apiKey kv/ci-shared/platform-ingest/platform-ingest-ec-prod) + .buildkite/scripts/buildkite-integration-tests.sh ech-deployment false + artifact_paths: + - build/** + - build/diagnostics/** + retry: + automatic: + limit: 1 + agents: + provider: "aws" + image: "${IMAGE_UBUNTU_X86_64_FIPS}" + instanceType: "m5.2xlarge" + + - label: ESS FIPS stack cleanup + depends_on: + - integration-tests-ubuntu-fips + allow_dependency_failure: true + command: | + buildkite-agent artifact download "test_infra/ess/**" . --step "integration-fips-ess" + ls -lah test_infra/ess + .buildkite/scripts/steps/ess_down.sh + agents: + image: "docker.elastic.co/ci-agent-images/platform-ingest/buildkite-agent-beats-ci-with-hooks:0.5" + useCustomGlobalHooks: true + + - label: Aggregate test reports + depends_on: + - integration-tests-ubuntu-fips + allow_dependency_failure: true + command: | + buildkite-agent artifact download "build/*.xml" . + agents: + image: "docker.elastic.co/ci-agent-images/platform-ingest/buildkite-agent-beats-ci-with-hooks:0.5" + useCustomGlobalHooks: true + soft_fail: + - exit_status: "*" + plugins: + - elastic/vault-secrets#v0.1.0: + path: "kv/ci-shared/platform-ingest/buildkite_analytics_token" + field: "token" + env_var: "BUILDKITE_ANALYTICS_TOKEN" + - test-collector#v1.11.0: + files: "build/*.xml" + format: "junit" + branches: "main" + debug: true diff --git a/.buildkite/bk.integration.pipeline.yml b/.buildkite/bk.integration.pipeline.yml index 223165e19c1..62bd6a1abd5 100644 --- a/.buildkite/bk.integration.pipeline.yml +++ b/.buildkite/bk.integration.pipeline.yml @@ -6,12 +6,24 @@ env: # The following images are defined here and their values will be updated by updatecli # Please do not change them manually. +<<<<<<< HEAD IMAGE_UBUNTU_2404_X86_64: "platform-ingest-elastic-agent-ubuntu-2404-1749258065" IMAGE_UBUNTU_2404_ARM_64: "platform-ingest-elastic-agent-ubuntu-2404-aarch64-1749258065" IMAGE_RHEL_8: "platform-ingest-elastic-agent-rhel-8-1749258065" IMAGE_DEBIAN_12: "platform-ingest-elastic-agent-debian-12-1749258065" IMAGE_WIN_2022: "platform-ingest-elastic-agent-windows-2022-1749258065" IMAGE_WIN_2025: "platform-ingest-elastic-agent-windows-2025-1749258065" +======= + IMAGE_UBUNTU_2404_X86_64: "platform-ingest-elastic-agent-ubuntu-2404-1750467641" + IMAGE_UBUNTU_2404_ARM_64: "platform-ingest-elastic-agent-ubuntu-2404-aarch64-1750467641" + IMAGE_RHEL_8: "platform-ingest-elastic-agent-rhel-8-1750467641" + IMAGE_DEBIAN_12: "platform-ingest-elastic-agent-debian-12-1750467641" + IMAGE_WIN_2022: "platform-ingest-elastic-agent-windows-2022-1750467641" + IMAGE_WIN_2025: "platform-ingest-elastic-agent-windows-2025-1750467641" + # Remove AGENT_PACKAGE_VERSION and AGENT_VERSION pinning once 9.2.0 DRA and stack are released + AGENT_VERSION: "9.1.0-SNAPSHOT" + +>>>>>>> 5c5b174ae (ci: pin elastic-agent version (#8736)) # This section is used to define the plugins that will be used in the pipeline. # See https://buildkite.com/docs/pipelines/integrations/plugins/using#using-yaml-anchors-with-plugins diff --git a/.buildkite/integration.pipeline.yml b/.buildkite/integration.pipeline.yml index 1516599dd8c..482ece5d5c8 100644 --- a/.buildkite/integration.pipeline.yml +++ b/.buildkite/integration.pipeline.yml @@ -2,6 +2,9 @@ env: VAULT_PATH: "kv/ci-shared/observability-ingest/cloud/gcp" + # Remove AGENT_PACKAGE_VERSION and AGENT_VERSION pinning once 9.2.0 DRA and stack are released + AGENT_PACKAGE_VERSION: "9.1.0" + BEAT_VERSION: "9.1.0" steps: - group: "Integration tests: packaging" diff --git a/.buildkite/scripts/buildkite-integration-tests.ps1 b/.buildkite/scripts/buildkite-integration-tests.ps1 index d96c1439ad6..86b7d39c41a 100644 --- a/.buildkite/scripts/buildkite-integration-tests.ps1 +++ b/.buildkite/scripts/buildkite-integration-tests.ps1 @@ -25,9 +25,11 @@ go install gotest.tools/gotestsum gotestsum --version $env:TEST_BINARY_NAME = "elastic-agent" -# Parsing version.go. Will be simplified here: https://github.com/elastic/ingest-dev/issues/4925 -$AGENT_VERSION = (Get-Content version/version.go | Select-String -Pattern 'const defaultBeatVersion =' | ForEach-Object { $_ -replace '.*?"(.*?)".*', '$1' }) -$env:AGENT_VERSION = $AGENT_VERSION + "-SNAPSHOT" +if (-not $env:AGENT_VERSION) { + # Parsing version.go. Will be simplified here: https://github.com/elastic/ingest-dev/issues/4925 + $AGENT_VERSION = (Get-Content version/version.go | Select-String -Pattern 'const defaultBeatVersion =' | ForEach-Object { $_ -replace '.*?"(.*?)".*', '$1' }) + $env:AGENT_VERSION = $AGENT_VERSION + "-SNAPSHOT" +} Write-Output "~~~ Agent version: $env:AGENT_VERSION" $env:SNAPSHOT = $true diff --git a/.buildkite/scripts/buildkite-integration-tests.sh b/.buildkite/scripts/buildkite-integration-tests.sh index 885763f1b26..c27bbf2e608 100755 --- a/.buildkite/scripts/buildkite-integration-tests.sh +++ b/.buildkite/scripts/buildkite-integration-tests.sh @@ -32,9 +32,18 @@ echo "~~~ Running integration tests as $USER" make install-gotestsum +<<<<<<< HEAD # Parsing version.go. Will be simplified here: https://github.com/elastic/ingest-dev/issues/4925 AGENT_VERSION=$(grep "const defaultBeatVersion =" version/version.go | cut -d\" -f2) AGENT_VERSION="${AGENT_VERSION}-SNAPSHOT" +======= +if [[ -z "${AGENT_VERSION:-}" ]]; then + # Parsing version.go. Will be simplified here: https://github.com/elastic/ingest-dev/issues/4925 + AGENT_VERSION=$(grep "const defaultBeatVersion =" version/version.go | cut -d\" -f2) + AGENT_VERSION="${AGENT_VERSION}-SNAPSHOT" +fi + +>>>>>>> 5c5b174ae (ci: pin elastic-agent version (#8736)) export AGENT_VERSION echo "~~~ Agent version: ${AGENT_VERSION}" diff --git a/.buildkite/scripts/common.sh b/.buildkite/scripts/common.sh index 97b3a3a4904..3074a839009 100755 --- a/.buildkite/scripts/common.sh +++ b/.buildkite/scripts/common.sh @@ -9,8 +9,11 @@ fi if [[ -z "${SETUP_GVM_VERSION-""}" ]]; then SETUP_GVM_VERSION="v0.5.2" # https://github.com/andrewkroh/gvm/issues/44#issuecomment-1013231151 fi -BEAT_VERSION=$(grep -oE '[0-9]+\.[0-9]+\.[0-9]+(\-[a-zA-Z]+[0-9]+)?' "${WORKSPACE}/version/version.go") -export BEAT_VERSION + +if [[ -z "${BEAT_VERSION-""}" ]]; then + BEAT_VERSION=$(grep -oE '[0-9]+\.[0-9]+\.[0-9]+(\-[a-zA-Z]+[0-9]+)?' "${WORKSPACE}/version/version.go") + export BEAT_VERSION +fi getOSOptions() { case $(uname | tr '[:upper:]' '[:lower:]') in diff --git a/magefile.go b/magefile.go index 1cbbe387096..e4076bc8265 100644 --- a/magefile.go +++ b/magefile.go @@ -818,50 +818,115 @@ func (Cloud) Image(ctx context.Context) { Package(ctx) } +<<<<<<< HEAD +======= +// Load loads an artifact as a docker image. +// Looks in build/distributions for an elastic-agent-cloud*.docker.tar.gz artifact and imports it as docker.elastic.co/beats-ci/elastic-agent-cloud:$VERSION +// DOCKER_IMPORT_SOURCE - override source for import +func (Cloud) Load() error { + agentVersion, err := mage.AgentPackageVersion() + if err != nil { + return fmt.Errorf("failed to get agent package version: %w", err) + } + + // Need to get the FIPS env var flag to see if we are using the normal source cloud image name, or the FIPS variant + fips := os.Getenv(fipsEnv) + defer os.Setenv(fipsEnv, fips) + fipsVal, err := strconv.ParseBool(fips) + if err != nil { + fipsVal = false + } + if err := os.Setenv(fipsEnv, strconv.FormatBool(fipsVal)); err != nil { + return fmt.Errorf("failed to set fips env var: %w", err) + } + devtools.FIPSBuild = fipsVal + + source := "build/distributions/elastic-agent-cloud-" + agentVersion + "-SNAPSHOT-linux-" + runtime.GOARCH + ".docker.tar.gz" + if fipsVal { + source = "build/distributions/elastic-agent-cloud-fips-" + agentVersion + "-SNAPSHOT-linux-" + runtime.GOARCH + ".docker.tar.gz" + } + if envSource, ok := os.LookupEnv("DOCKER_IMPORT_SOURCE"); ok && envSource != "" { + source = envSource + } + + return sh.RunV("docker", "image", "load", "-i", source) +} + +>>>>>>> 5c5b174ae (ci: pin elastic-agent version (#8736)) // Push builds a cloud image tags it correctly and pushes to remote image repo. // Previous login to elastic registry is required! func (Cloud) Push() error { - snapshot := os.Getenv(snapshotEnv) - defer os.Setenv(snapshotEnv, snapshot) + agentVersion, err := mage.AgentPackageVersion() + if err != nil { + return fmt.Errorf("failed to get agent package version: %w", err) + } - os.Setenv(snapshotEnv, "true") +<<<<<<< HEAD + sourceCloudImageName := fmt.Sprintf("docker.elastic.co/beats-ci/elastic-agent-cloud:%s", version) +======= + // Need to get the FIPS env var flag to see if we are using the normal source cloud image name, or the FIPS variant + fips := os.Getenv(fipsEnv) + defer os.Setenv(fipsEnv, fips) + fipsVal, err := strconv.ParseBool(fips) + if err != nil { + fipsVal = false + } + if err := os.Setenv(fipsEnv, strconv.FormatBool(fipsVal)); err != nil { + return fmt.Errorf("failed to set fips env var: %w", err) + } + devtools.FIPSBuild = fipsVal - version := getVersion() - var tag string + sourceCloudImageName := fmt.Sprintf("docker.elastic.co/beats-ci/elastic-agent-cloud:%s-SNAPSHOT", agentVersion) + if fipsVal { + sourceCloudImageName = fmt.Sprintf("docker.elastic.co/beats-ci/elastic-agent-cloud-fips:%s-SNAPSHOT", agentVersion) + } + var targetTag string if envTag, isPresent := os.LookupEnv("CUSTOM_IMAGE_TAG"); isPresent && len(envTag) > 0 { - tag = envTag + targetTag = envTag } else { - commit := dockerCommitHash() - time := time.Now().Unix() - - tag = fmt.Sprintf("%s-%s-%d", version, commit, time) + targetTag = fmt.Sprintf("%s-%s-%d", agentVersion, dockerCommitHash(), time.Now().Unix()) } - - sourceCloudImageName := fmt.Sprintf("docker.elastic.co/beats-ci/elastic-agent-cloud:%s", version) +>>>>>>> 5c5b174ae (ci: pin elastic-agent version (#8736)) var targetCloudImageName string if customImage, isPresent := os.LookupEnv("CI_ELASTIC_AGENT_DOCKER_IMAGE"); isPresent && len(customImage) > 0 { - targetCloudImageName = fmt.Sprintf("%s:%s", customImage, tag) + targetCloudImageName = fmt.Sprintf("%s:%s", customImage, targetTag) } else { - targetCloudImageName = fmt.Sprintf(cloudImageTmpl, tag) + targetCloudImageName = fmt.Sprintf(cloudImageTmpl, targetTag) } fmt.Printf(">> Setting a docker image tag to %s\n", targetCloudImageName) err := sh.RunV("docker", "tag", sourceCloudImageName, targetCloudImageName) if err != nil { - return fmt.Errorf("Failed setting a docker image tag: %w", err) + return fmt.Errorf("failed setting a docker image tag: %w", err) } fmt.Println(">> Docker image tag updated successfully") fmt.Println(">> Pushing a docker image to remote registry") err = sh.RunV("docker", "image", "push", targetCloudImageName) if err != nil { - return fmt.Errorf("Failed pushing docker image: %w", err) + return fmt.Errorf("failed pushing docker image: %w", err) } fmt.Printf(">> Docker image pushed to remote registry successfully: %s\n", targetCloudImageName) return nil } +<<<<<<< HEAD +======= +// Create a new devmachine that will be auto-deleted in 6 hours. +// Example: MACHINE_IMAGE="family/platform-ingest-elastic-agent-ubuntu-2204" ZONE="us-central1-a" mage devmachine:create "pavel-dev-machine" +// ZONE defaults to 'us-central1-a', MACHINE_IMAGE defaults to 'family/platform-ingest-elastic-agent-ubuntu-2204' +func (Devmachine) Create(instanceName string) error { + if instanceName == "" { + return errors.New( + `instanceName is required. + Example: + mage devmachine:create "pavel-dev-machine" `) + } + return devmachine.Run(instanceName) +} + +>>>>>>> 5c5b174ae (ci: pin elastic-agent version (#8736)) func Clean() { mg.Deps(devtools.Clean, Build.Clean) } diff --git a/testing/integration/upgrade_broken_package_test.go b/testing/integration/upgrade_broken_package_test.go index 5ece19ddbd8..ac50b180bbd 100644 --- a/testing/integration/upgrade_broken_package_test.go +++ b/testing/integration/upgrade_broken_package_test.go @@ -31,6 +31,7 @@ func TestUpgradeBrokenPackageVersion(t *testing.T) { Local: false, // requires Agent installation Sudo: true, // requires Agent installation }) + t.Skip("Skip this test until elastic agent version pinning is removed from Integration test runs on CI") ctx, cancel := testcontext.WithDeadline(t, context.Background(), time.Now().Add(10*time.Minute)) defer cancel() From 647b7d431ee5c3e8bcd848dbb072b3cafb826e45 Mon Sep 17 00:00:00 2001 From: Panos Koutsovasilis Date: Mon, 30 Jun 2025 20:43:13 +0300 Subject: [PATCH 2/3] fix: resolve conflicts --- .buildkite/bk.integration-fips.pipeline.yml | 163 ------------------ .buildkite/bk.integration.pipeline.yml | 14 +- .buildkite/integration.pipeline.yml | 6 +- .../scripts/buildkite-integration-tests.sh | 6 - .package-version | 2 +- magefile.go | 75 +------- 6 files changed, 9 insertions(+), 257 deletions(-) delete mode 100644 .buildkite/bk.integration-fips.pipeline.yml diff --git a/.buildkite/bk.integration-fips.pipeline.yml b/.buildkite/bk.integration-fips.pipeline.yml deleted file mode 100644 index e79a895e215..00000000000 --- a/.buildkite/bk.integration-fips.pipeline.yml +++ /dev/null @@ -1,163 +0,0 @@ -# yaml-language-server: $schema=https://raw.githubusercontent.com/buildkite/pipeline-schema/main/schema.json - -env: - ASDF_MAGE_VERSION: 1.14.0 - MS_GOTOOLCHAIN_TELEMETRY_ENABLED: "0" - - IMAGE_UBUNTU_2404_X86_64: "platform-ingest-elastic-agent-ubuntu-2404-1750467641" - IMAGE_UBUNTU_X86_64_FIPS: "platform-ingest-elastic-agent-ubuntu-2204-fips-1750467641" - IMAGE_UBUNTU_ARM64_FIPS: "platform-ingest-elastic-agent-ubuntu-2204-fips-aarch64-1750467641" - # Remove AGENT_PACKAGE_VERSION and AGENT_VERSION pinning once 9.2.0 DRA and stack are released - AGENT_VERSION: "9.1.0-SNAPSHOT" - -steps: - - label: Build and push custom elastic-agent image - depends_on: - - 'packaging-containers-x86-64-fips' # Reuse artifacts produced in .buildkite/integration.pipeline.yml - key: integration-fips-cloud-image - env: - FIPS: "true" - CUSTOM_IMAGE_TAG: "git-${BUILDKITE_COMMIT:0:12}" - CI_ELASTIC_AGENT_DOCKER_IMAGE: "docker.elastic.co/beats-ci/elastic-agent-cloud-fips" - TF_VAR_integration_server_docker_image: "docker.elastic.co/beats-ci/elastic-agent-cloud-fips:git-${BUILDKITE_COMMIT:0:12}" - command: | - buildkite-agent artifact download build/distributions/elastic-agent-cloud-fips-*-linux-amd64.docker.tar.gz . --step 'packaging-containers-x86-64-fips' - mage cloud:load - mage cloud:push - agents: - provider: "gcp" - machineType: "n1-standard-8" - image: "${IMAGE_UBUNTU_2404_X86_64}" - plugins: - - elastic/vault-docker-login#v0.5.2: - secret_path: 'kv/ci-shared/platform-ingest/elastic_docker_registry' - - - label: Start ESS stack for FIPS integration tests - key: integration-fips-ess - depends_on: - - integration-fips-cloud-image - env: - ASDF_TERRAFORM_VERSION: 1.9.2 - TF_VAR_integration_server_docker_image: "docker.elastic.co/beats-ci/elastic-agent-cloud-fips:git-${BUILDKITE_COMMIT:0:12}" - command: | - source .buildkite/scripts/steps/ess_start.sh - artifact_paths: - - test_infra/ess/*.tfstate - - test_infra/ess/*.lock.hcl - agents: - image: "docker.elastic.co/ci-agent-images/platform-ingest/buildkite-agent-beats-ci-with-hooks:0.5" - useCustomGlobalHooks: true - - - group: "fips:Stateful:Ubuntu" - key: integration-tests-ubuntu-fips - depends_on: - - integration-fips-ess - steps: - - label: "fips:x86_64:sudo-{{matrix.sudo}}:{{matrix.groups}}" - depends_on: - - packaging-ubuntu-x86-64-fips # Reuse artifacts produced in .buildkite/integration.pipeline.yml - env: - FIPS: "true" - TF_VAR_integration_server_docker_image: "docker.elastic.co/beats-ci/elastic-agent-cloud-fips:git-${BUILDKITE_COMMIT:0:12}" - TEST_PACKAGE: "github.com/elastic/elastic-agent/testing/integration/ess" - command: | - buildkite-agent artifact download build/distributions/** . --step 'packaging-ubuntu-x86-64-fips' - .buildkite/scripts/steps/integration_tests_tf.sh {{matrix.groups}} {{matrix.sudo}} - artifact_paths: - - build/** - - build/diagnostics/** - retry: - automatic: - limit: 1 - agents: - provider: "aws" - image: "${IMAGE_UBUNTU_X86_64_FIPS}" - instanceType: "m5.2xlarge" - matrix: - setup: - sudo: - - "false" - - "true" - groups: - - fleet # currently there is only a single test in the fleet group, add more tests once they have been defined - - - label: "fips:arm64:sudo-{{matrix.sudo}}:{{matrix.groups}}" - depends_on: - - packaging-ubuntu-arm64-fips - env: - FIPS: "true" - TF_VAR_integration_server_docker_image: "docker.elastic.co/beats-ci/elastic-agent-cloud-fips:git-${BUILDKITE_COMMIT:0:12}" - TEST_PACKAGE: "github.com/elastic/elastic-agent/testing/integration/ess" - command: | - buildkite-agent artifact download build/distributions/** . --step 'packaging-ubuntu-arm64-fips' - .buildkite/scripts/steps/integration_tests_tf.sh {{matrix.groups}} {{matrix.sudo}} - artifact_paths: - - build/** - - build/diagnostics/** - retry: - automatic: - limit: 1 - agents: - provider: "aws" - image: "${IMAGE_UBUNTU_ARM64_FIPS}" - instanceType: "m6g.2xlarge" - matrix: - setup: - sudo: - - "false" - - "true" - groups: - - fleet - - - label: "fips:upgrade-ech-deployment" - if: build.env("BUILDKITE_PULL_REQUEST") != "false" && build.env("GITHUB_PR_LABELS") =~ /.*(Testing:run:TestUpgradeIntegrationsServer).*/ - env: - FIPS: "true" - TEST_PACKAGE: "github.com/elastic/elastic-agent/testing/integration/ess" - command: | - export EC_API_KEY=$(retry -t 5 -- vault kv get -field=apiKey kv/ci-shared/platform-ingest/platform-ingest-ec-prod) - .buildkite/scripts/buildkite-integration-tests.sh ech-deployment false - artifact_paths: - - build/** - - build/diagnostics/** - retry: - automatic: - limit: 1 - agents: - provider: "aws" - image: "${IMAGE_UBUNTU_X86_64_FIPS}" - instanceType: "m5.2xlarge" - - - label: ESS FIPS stack cleanup - depends_on: - - integration-tests-ubuntu-fips - allow_dependency_failure: true - command: | - buildkite-agent artifact download "test_infra/ess/**" . --step "integration-fips-ess" - ls -lah test_infra/ess - .buildkite/scripts/steps/ess_down.sh - agents: - image: "docker.elastic.co/ci-agent-images/platform-ingest/buildkite-agent-beats-ci-with-hooks:0.5" - useCustomGlobalHooks: true - - - label: Aggregate test reports - depends_on: - - integration-tests-ubuntu-fips - allow_dependency_failure: true - command: | - buildkite-agent artifact download "build/*.xml" . - agents: - image: "docker.elastic.co/ci-agent-images/platform-ingest/buildkite-agent-beats-ci-with-hooks:0.5" - useCustomGlobalHooks: true - soft_fail: - - exit_status: "*" - plugins: - - elastic/vault-secrets#v0.1.0: - path: "kv/ci-shared/platform-ingest/buildkite_analytics_token" - field: "token" - env_var: "BUILDKITE_ANALYTICS_TOKEN" - - test-collector#v1.11.0: - files: "build/*.xml" - format: "junit" - branches: "main" - debug: true diff --git a/.buildkite/bk.integration.pipeline.yml b/.buildkite/bk.integration.pipeline.yml index 62bd6a1abd5..88c7c4c4906 100644 --- a/.buildkite/bk.integration.pipeline.yml +++ b/.buildkite/bk.integration.pipeline.yml @@ -6,24 +6,14 @@ env: # The following images are defined here and their values will be updated by updatecli # Please do not change them manually. -<<<<<<< HEAD - IMAGE_UBUNTU_2404_X86_64: "platform-ingest-elastic-agent-ubuntu-2404-1749258065" - IMAGE_UBUNTU_2404_ARM_64: "platform-ingest-elastic-agent-ubuntu-2404-aarch64-1749258065" - IMAGE_RHEL_8: "platform-ingest-elastic-agent-rhel-8-1749258065" - IMAGE_DEBIAN_12: "platform-ingest-elastic-agent-debian-12-1749258065" - IMAGE_WIN_2022: "platform-ingest-elastic-agent-windows-2022-1749258065" - IMAGE_WIN_2025: "platform-ingest-elastic-agent-windows-2025-1749258065" -======= IMAGE_UBUNTU_2404_X86_64: "platform-ingest-elastic-agent-ubuntu-2404-1750467641" IMAGE_UBUNTU_2404_ARM_64: "platform-ingest-elastic-agent-ubuntu-2404-aarch64-1750467641" IMAGE_RHEL_8: "platform-ingest-elastic-agent-rhel-8-1750467641" IMAGE_DEBIAN_12: "platform-ingest-elastic-agent-debian-12-1750467641" IMAGE_WIN_2022: "platform-ingest-elastic-agent-windows-2022-1750467641" IMAGE_WIN_2025: "platform-ingest-elastic-agent-windows-2025-1750467641" - # Remove AGENT_PACKAGE_VERSION and AGENT_VERSION pinning once 9.2.0 DRA and stack are released - AGENT_VERSION: "9.1.0-SNAPSHOT" - ->>>>>>> 5c5b174ae (ci: pin elastic-agent version (#8736)) + # Remove AGENT_VERSION pinning once 8.17.8 DRA and stack are released + AGENT_VERSION: "8.17.7-SNAPSHOT" # This section is used to define the plugins that will be used in the pipeline. # See https://buildkite.com/docs/pipelines/integrations/plugins/using#using-yaml-anchors-with-plugins diff --git a/.buildkite/integration.pipeline.yml b/.buildkite/integration.pipeline.yml index 482ece5d5c8..0694dee38ab 100644 --- a/.buildkite/integration.pipeline.yml +++ b/.buildkite/integration.pipeline.yml @@ -2,9 +2,9 @@ env: VAULT_PATH: "kv/ci-shared/observability-ingest/cloud/gcp" - # Remove AGENT_PACKAGE_VERSION and AGENT_VERSION pinning once 9.2.0 DRA and stack are released - AGENT_PACKAGE_VERSION: "9.1.0" - BEAT_VERSION: "9.1.0" + # Remove AGENT_PACKAGE_VERSION and AGENT_VERSION pinning once 8.17.8 DRA and stack are released + AGENT_PACKAGE_VERSION: "8.17.7" + BEAT_VERSION: "8.17.7" steps: - group: "Integration tests: packaging" diff --git a/.buildkite/scripts/buildkite-integration-tests.sh b/.buildkite/scripts/buildkite-integration-tests.sh index c27bbf2e608..b8e56603e2c 100755 --- a/.buildkite/scripts/buildkite-integration-tests.sh +++ b/.buildkite/scripts/buildkite-integration-tests.sh @@ -32,18 +32,12 @@ echo "~~~ Running integration tests as $USER" make install-gotestsum -<<<<<<< HEAD -# Parsing version.go. Will be simplified here: https://github.com/elastic/ingest-dev/issues/4925 -AGENT_VERSION=$(grep "const defaultBeatVersion =" version/version.go | cut -d\" -f2) -AGENT_VERSION="${AGENT_VERSION}-SNAPSHOT" -======= if [[ -z "${AGENT_VERSION:-}" ]]; then # Parsing version.go. Will be simplified here: https://github.com/elastic/ingest-dev/issues/4925 AGENT_VERSION=$(grep "const defaultBeatVersion =" version/version.go | cut -d\" -f2) AGENT_VERSION="${AGENT_VERSION}-SNAPSHOT" fi ->>>>>>> 5c5b174ae (ci: pin elastic-agent version (#8736)) export AGENT_VERSION echo "~~~ Agent version: ${AGENT_VERSION}" diff --git a/.package-version b/.package-version index 80b24cbd41f..b3fe9990cf5 100644 --- a/.package-version +++ b/.package-version @@ -1 +1 @@ -8.17.8 \ No newline at end of file +8.17.7 \ No newline at end of file diff --git a/magefile.go b/magefile.go index e4076bc8265..368535c66ea 100644 --- a/magefile.go +++ b/magefile.go @@ -818,41 +818,6 @@ func (Cloud) Image(ctx context.Context) { Package(ctx) } -<<<<<<< HEAD -======= -// Load loads an artifact as a docker image. -// Looks in build/distributions for an elastic-agent-cloud*.docker.tar.gz artifact and imports it as docker.elastic.co/beats-ci/elastic-agent-cloud:$VERSION -// DOCKER_IMPORT_SOURCE - override source for import -func (Cloud) Load() error { - agentVersion, err := mage.AgentPackageVersion() - if err != nil { - return fmt.Errorf("failed to get agent package version: %w", err) - } - - // Need to get the FIPS env var flag to see if we are using the normal source cloud image name, or the FIPS variant - fips := os.Getenv(fipsEnv) - defer os.Setenv(fipsEnv, fips) - fipsVal, err := strconv.ParseBool(fips) - if err != nil { - fipsVal = false - } - if err := os.Setenv(fipsEnv, strconv.FormatBool(fipsVal)); err != nil { - return fmt.Errorf("failed to set fips env var: %w", err) - } - devtools.FIPSBuild = fipsVal - - source := "build/distributions/elastic-agent-cloud-" + agentVersion + "-SNAPSHOT-linux-" + runtime.GOARCH + ".docker.tar.gz" - if fipsVal { - source = "build/distributions/elastic-agent-cloud-fips-" + agentVersion + "-SNAPSHOT-linux-" + runtime.GOARCH + ".docker.tar.gz" - } - if envSource, ok := os.LookupEnv("DOCKER_IMPORT_SOURCE"); ok && envSource != "" { - source = envSource - } - - return sh.RunV("docker", "image", "load", "-i", source) -} - ->>>>>>> 5c5b174ae (ci: pin elastic-agent version (#8736)) // Push builds a cloud image tags it correctly and pushes to remote image repo. // Previous login to elastic registry is required! func (Cloud) Push() error { @@ -861,32 +826,14 @@ func (Cloud) Push() error { return fmt.Errorf("failed to get agent package version: %w", err) } -<<<<<<< HEAD - sourceCloudImageName := fmt.Sprintf("docker.elastic.co/beats-ci/elastic-agent-cloud:%s", version) -======= - // Need to get the FIPS env var flag to see if we are using the normal source cloud image name, or the FIPS variant - fips := os.Getenv(fipsEnv) - defer os.Setenv(fipsEnv, fips) - fipsVal, err := strconv.ParseBool(fips) - if err != nil { - fipsVal = false - } - if err := os.Setenv(fipsEnv, strconv.FormatBool(fipsVal)); err != nil { - return fmt.Errorf("failed to set fips env var: %w", err) - } - devtools.FIPSBuild = fipsVal - - sourceCloudImageName := fmt.Sprintf("docker.elastic.co/beats-ci/elastic-agent-cloud:%s-SNAPSHOT", agentVersion) - if fipsVal { - sourceCloudImageName = fmt.Sprintf("docker.elastic.co/beats-ci/elastic-agent-cloud-fips:%s-SNAPSHOT", agentVersion) - } var targetTag string if envTag, isPresent := os.LookupEnv("CUSTOM_IMAGE_TAG"); isPresent && len(envTag) > 0 { targetTag = envTag } else { targetTag = fmt.Sprintf("%s-%s-%d", agentVersion, dockerCommitHash(), time.Now().Unix()) } ->>>>>>> 5c5b174ae (ci: pin elastic-agent version (#8736)) + + sourceCloudImageName := fmt.Sprintf("docker.elastic.co/beats-ci/elastic-agent-cloud:%s-SNAPSHOT", agentVersion) var targetCloudImageName string if customImage, isPresent := os.LookupEnv("CI_ELASTIC_AGENT_DOCKER_IMAGE"); isPresent && len(customImage) > 0 { targetCloudImageName = fmt.Sprintf("%s:%s", customImage, targetTag) @@ -895,7 +842,7 @@ func (Cloud) Push() error { } fmt.Printf(">> Setting a docker image tag to %s\n", targetCloudImageName) - err := sh.RunV("docker", "tag", sourceCloudImageName, targetCloudImageName) + err = sh.RunV("docker", "tag", sourceCloudImageName, targetCloudImageName) if err != nil { return fmt.Errorf("failed setting a docker image tag: %w", err) } @@ -911,22 +858,6 @@ func (Cloud) Push() error { return nil } -<<<<<<< HEAD -======= -// Create a new devmachine that will be auto-deleted in 6 hours. -// Example: MACHINE_IMAGE="family/platform-ingest-elastic-agent-ubuntu-2204" ZONE="us-central1-a" mage devmachine:create "pavel-dev-machine" -// ZONE defaults to 'us-central1-a', MACHINE_IMAGE defaults to 'family/platform-ingest-elastic-agent-ubuntu-2204' -func (Devmachine) Create(instanceName string) error { - if instanceName == "" { - return errors.New( - `instanceName is required. - Example: - mage devmachine:create "pavel-dev-machine" `) - } - return devmachine.Run(instanceName) -} - ->>>>>>> 5c5b174ae (ci: pin elastic-agent version (#8736)) func Clean() { mg.Deps(devtools.Clean, Build.Clean) } From feced0cd9c01b1cca6b10af2efc542b8b6c5e68b Mon Sep 17 00:00:00 2001 From: Panos Koutsovasilis Date: Mon, 30 Jun 2025 22:14:49 +0300 Subject: [PATCH 3/3] fix: pin at 8.17.8 --- .buildkite/bk.integration.pipeline.yml | 2 +- .buildkite/integration.pipeline.yml | 4 ++-- .package-version | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.buildkite/bk.integration.pipeline.yml b/.buildkite/bk.integration.pipeline.yml index 88c7c4c4906..42331abefef 100644 --- a/.buildkite/bk.integration.pipeline.yml +++ b/.buildkite/bk.integration.pipeline.yml @@ -13,7 +13,7 @@ env: IMAGE_WIN_2022: "platform-ingest-elastic-agent-windows-2022-1750467641" IMAGE_WIN_2025: "platform-ingest-elastic-agent-windows-2025-1750467641" # Remove AGENT_VERSION pinning once 8.17.8 DRA and stack are released - AGENT_VERSION: "8.17.7-SNAPSHOT" + AGENT_VERSION: "8.17.8-SNAPSHOT" # This section is used to define the plugins that will be used in the pipeline. # See https://buildkite.com/docs/pipelines/integrations/plugins/using#using-yaml-anchors-with-plugins diff --git a/.buildkite/integration.pipeline.yml b/.buildkite/integration.pipeline.yml index 0694dee38ab..c9cb7f422f8 100644 --- a/.buildkite/integration.pipeline.yml +++ b/.buildkite/integration.pipeline.yml @@ -3,8 +3,8 @@ env: VAULT_PATH: "kv/ci-shared/observability-ingest/cloud/gcp" # Remove AGENT_PACKAGE_VERSION and AGENT_VERSION pinning once 8.17.8 DRA and stack are released - AGENT_PACKAGE_VERSION: "8.17.7" - BEAT_VERSION: "8.17.7" + AGENT_PACKAGE_VERSION: "8.17.8" + BEAT_VERSION: "8.17.8" steps: - group: "Integration tests: packaging" diff --git a/.package-version b/.package-version index b3fe9990cf5..80b24cbd41f 100644 --- a/.package-version +++ b/.package-version @@ -1 +1 @@ -8.17.7 \ No newline at end of file +8.17.8 \ No newline at end of file