aws · dricross · Feb 5, 2025 · Feb 5, 2025 · Feb 5, 2025 · Feb 5, 2025
@@ -11,7 +11,7 @@ env:
 on:
   workflow_call:
     inputs:
-      github_sha:
+      build_id:
         required: true
         type: string
       test_repo_name:
@@ -92,26 +92,27 @@ jobs:
 
             terraform init
             if terraform apply --auto-approve \
-              -var="ssh_key_value=${{env.PRIVATE_KEY}}" \
-              -var="github_test_repo=${{ inputs.test_repo_url }}" \
-              -var="test_name=${{ matrix.arrays.os }}" \
-              -var="cwa_github_sha=${{inputs.github_sha}}" \
-              -var="install_agent=${{ matrix.arrays.installAgentCommand }}" \
-              -var="github_test_repo_branch=${{inputs.test_repo_branch}}" \
-              -var="ec2_instance_type=${{ matrix.arrays.instanceType }}" \
-              -var="user=${{ matrix.arrays.username }}" \
+              -var="agent_start=${{ matrix.arrays.agentStartCommand }}" \
               -var="ami=${{ matrix.arrays.ami }}" \
-              -var="ca_cert_path=${{ matrix.arrays.caCertPath }}" \
               -var="arc=${{ matrix.arrays.arc }}" \
               -var="binary_name=${{ matrix.arrays.binaryName }}" \
+              -var="ca_cert_path=${{ matrix.arrays.caCertPath }}" \
+              -var="cwa_github_sha=${{inputs.build_id}}" \
+              -var="ec2_instance_type=${{ matrix.arrays.instanceType }}" \
+              -var="excluded_tests='${{ matrix.arrays.excludedTests }}'" \
+              -var="github_test_repo=${{ inputs.test_repo_url }}" \
+              -var="github_test_repo_branch=${{inputs.test_repo_branch}}" \
+              -var="install_agent=${{ matrix.arrays.installAgentCommand }}" \
               -var="local_stack_host_name=${{ inputs.localstack_host }}" \
+              -var="plugin_tests='${{ github.event.inputs.plugins }}'" \
               -var="region=${{ inputs.region }}" \
               -var="s3_bucket=${{ inputs.s3_integration_bucket }}" \
-              -var="plugin_tests='${{ github.event.inputs.plugins }}'" \
-              -var="excluded_tests='${{ matrix.arrays.excludedTests }}'" \
               -var="ssh_key_name=${{env.KEY_NAME}}" \
+              -var="ssh_key_value=${{env.PRIVATE_KEY}}" \
               -var="test_dir=${{ matrix.arrays.test_dir }}" \
-              -var="agent_start=${{ matrix.arrays.agentStartCommand }}"; then terraform destroy -var="region=${{ inputs.region }}" -var="ami=${{ matrix.arrays.ami }}" -auto-approve
+              -var="test_name=${{ matrix.arrays.os }}" \
+              -var="user=${{ matrix.arrays.username }}"; then
+              terraform destroy -var="region=${{ inputs.region }}" -var="ami=${{ matrix.arrays.ami }}" -auto-approve
             else
               terraform destroy -var="region=${{ inputs.region }}" -var="ami=${{ matrix.arrays.ami }}" -auto-approve && exit 1
             fi
@@ -123,4 +124,5 @@ jobs:
           max_attempts: 2
           timeout_minutes: 8
           retry_wait_seconds: 5
-          command: cd ${{ inputs.test_dir }} && terraform destroy -var="region=${{ inputs.region }}" -var="ami=${{ matrix.arrays.ami }}" --auto-approve
+          command: |
+            cd ${{ inputs.test_dir }} && terraform destroy -var="region=${{ inputs.region }}" -var="ami=${{ matrix.arrays.ami }}" --auto-approve
@@ -26,7 +26,7 @@ on:
         description: 'The ID of the build-test-artifacts workflow run'
         type: number
         required: true
-      build_sha:
+      build_id:
         description: 'The SHA of the build-test-artifacts workflow run'
         type: string
         required: true
@@ -40,7 +40,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - run: |
-          if [[ ${{ inputs.build_sha }} == ${{ github.sha }} ]]; then
+          if [[ ${{ inputs.build_id }} == ${{ github.sha }} ]]; then
             echo "Build SHA matches test SHA"
           else
             echo "Build SHA does not match test SHA"
@@ -157,7 +157,7 @@ jobs:
       - name: Test cf
         run: |
           cd test/test/cloudformation
-          go test -timeout 1h -package_path=s3://${S3_INTEGRATION_BUCKET}/integration-test/binary/${{ github.sha }}/linux/amd64/amazon-cloudwatch-agent.rpm -iam_role=${CF_IAM_ROLE} -key_name=${CF_KEY_NAME} -metric_name=mem_used_percent
+          go test -timeout 1h -package_path=s3://${S3_INTEGRATION_BUCKET}/integration-test/binary/${{ inputs.build_id }}/linux/amd64/amazon-cloudwatch-agent.rpm -iam_role=${CF_IAM_ROLE} -key_name=${CF_KEY_NAME} -metric_name=mem_used_percent
 
   StartLocalStack:
     name: 'StartLocalStack'

@@ -0,0 +1,61 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: MIT
+
+name: Test Release Candidate
+env:
+  TERRAFORM_AWS_ASSUME_ROLE: ${{ vars.TERRAFORM_AWS_ASSUME_ROLE }}
+  TERRAFORM_AWS_ASSUME_ROLE_DURATION: 14400 # 4 hours
+  S3_INTEGRATION_BUCKET: ${{ vars.S3_INTEGRATION_BUCKET }}
+  S3_RELEASE_BUCKET: amazon-cloud-watch-agent
+  S3_RELEASE_REPO: cloudwatch-agent
+  CWA_GITHUB_TEST_REPO_BRANCH: "main"
+  TERRAFORM_AWS_ASSUME_ROLE_ITAR: ${{ vars.TERRAFORM_AWS_ASSUME_ROLE_ITAR }}
+  S3_INTEGRATION_BUCKET_ITAR: ${{ vars.S3_INTEGRATION_BUCKET_ITAR }}
+  TERRAFORM_AWS_ASSUME_ROLE_CN: ${{ vars.TERRAFORM_AWS_ASSUME_ROLE_CN }}
+  S3_INTEGRATION_BUCKET_CN: ${{ vars.S3_INTEGRATION_BUCKET_CN }}
+
+on:
+  workflow_dispatch:
+    inputs:
+      build_id:
+        description: 'The build ID (release candidate build number or GitHub commit SHA)'
+        type: string
+        required: true
+      test_repo_branch:
+        description: 'Override for the test repo branch (default is main)'
+        type: string
+
+jobs:
+  OutputEnvVariables:
+    name: 'OutputEnvVariables'
+    runs-on: ubuntu-latest
+    outputs:
+      CWA_GITHUB_TEST_REPO_BRANCH: ${{ steps.set-outputs.outputs.CWA_GITHUB_TEST_REPO_BRANCH }}
+    steps:
+      - name: SetOutputs
+        id: set-outputs
+        run: |
+          echo "CWA_GITHUB_TEST_REPO_BRANCH=${CWA_GITHUB_TEST_REPO_BRANCH:-${{ env.CWA_GITHUB_TEST_REPO_BRANCH }}}" >> "$GITHUB_OUTPUT"
+
+      - name: Echo test variables
+        run: |
+          echo "CWA_GITHUB_TEST_REPO_BRANCH: ${{ steps.set-outputs.outputs.CWA_GITHUB_TEST_REPO_BRANCH }}"
+
+  RepackageArtifacts:
+    name: 'RepackageArtifacts'
+    uses: ./.github/workflows/repackage-release-artifacts.yml
+    secrets: inherit
+    permissions:
+      id-token: write
+      contents: read
+    with:
+      build_id: ${{ inputs.build_id }}
+
+  StartIntegrationTests:
+    needs: [ RepackageArtifacts, OutputEnvVariables ]
+    runs-on: ubuntu-latest
+    steps:
+      # Avoid the limit of 5 nested workflows by executing the workflow in this manner
+      - run: gh workflow run test-artifacts.yml --ref ${{ github.ref_name }} --repo $GITHUB_REPOSITORY -f build_id=${{ inputs.build_id }} -f test_repo_branch=${{ needs.OutputEnvVariables.outputs.CWA_GITHUB_TEST_REPO_BRANCH }}
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -0,0 +1,171 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: MIT
+
+name: Repackage Release Artifacts
+env:
+  TERRAFORM_AWS_ASSUME_ROLE: ${{ vars.TERRAFORM_AWS_ASSUME_ROLE }}
+  TERRAFORM_AWS_ASSUME_ROLE_DURATION: 14400 # 4 hours
+  S3_INTEGRATION_BUCKET: ${{ vars.S3_INTEGRATION_BUCKET }}
+  S3_RELEASE_BUCKET: amazon-cloud-watch-agent
+  S3_RELEASE_REPO: cloudwatch-agent
+  TERRAFORM_AWS_ASSUME_ROLE_ITAR: ${{ vars.TERRAFORM_AWS_ASSUME_ROLE_ITAR }}
+  S3_INTEGRATION_BUCKET_ITAR: ${{ vars.S3_INTEGRATION_BUCKET_ITAR }}
+  TERRAFORM_AWS_ASSUME_ROLE_CN: ${{ vars.TERRAFORM_AWS_ASSUME_ROLE_CN }}
+  S3_INTEGRATION_BUCKET_CN: ${{ vars.S3_INTEGRATION_BUCKET_CN }}
+
+on:
+  workflow_call:
+    inputs:
+      build_id:
+        description: 'The build ID (release candidate build number or GitHub commit SHA)'
+        type: string
+        required: true
+
+jobs:
+  RepackageS3Artifcats:
+    name: 'RepackageS3Artifcats'
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ env.TERRAFORM_AWS_ASSUME_ROLE }}
+          aws-region: us-west-2
+          role-duration-seconds: ${{ env.TERRAFORM_AWS_ASSUME_ROLE_DURATION }}
+
+      - name: Download Artifacts
+        id: download-artifacts
+        run: |
+          mkdir -p windows/amd64/
+          aws s3 cp --no-progress s3://${{ env.S3_RELEASE_BUCKET }}/windows/amd64/${{ inputs.build_id }}/AmazonCloudWatchAgent.zip ./windows/amd64/
+
+          mkdir -p linux/amd64
+          aws s3 cp --no-progress s3://${{ env.S3_RELEASE_BUCKET }}/linux/amd64/${{ inputs.build_id }}/AmazonCloudWatchAgent.zip ./linux/amd64
+
+          mkdir -p linux/arm64
+          aws s3 cp --no-progress s3://${{ env.S3_RELEASE_BUCKET }}/linux/arm64/${{ inputs.build_id }}/AmazonCloudWatchAgent.zip ./linux/arm64
+
+          mkdir -p darwin/amd64
+          aws s3 cp --no-progress s3://${{ env.S3_RELEASE_BUCKET }}/darwin/amd64/${{ inputs.build_id }}/AmazonCloudWatchAgent.zip ./darwin/amd64
+
+          mkdir -p darwin/arm64
+          aws s3 cp --no-progress s3://${{ env.S3_RELEASE_BUCKET }}/darwin/arm64/${{ inputs.build_id }}/AmazonCloudWatchAgent.zip ./darwin/arm64
+
+      - name: Re-upload Artifacts
+        id: upload-artifacts
+        run: |
+          pushd windows/amd64/
+          unzip AmazonCloudWatchAgent.zip
+          aws s3 cp --no-progress ./amazon-cloudwatch-agent.msi s3://${{ env.S3_INTEGRATION_BUCKET }}/integration-test/packaging/${{ inputs.build_id }}/amazon-cloudwatch-agent.msi
+          popd
+
+          pushd linux/amd64
+          unzip AmazonCloudWatchAgent.zip
+          aws s3 cp --no-progress ./amazon-cloudwatch-agent.rpm s3://${{ env.S3_INTEGRATION_BUCKET }}/integration-test/binary/${{ inputs.build_id }}/linux/amd64/amazon-cloudwatch-agent.rpm
+          aws s3 cp --no-progress ./amazon-cloudwatch-agent.deb s3://${{ env.S3_INTEGRATION_BUCKET }}/integration-test/binary/${{ inputs.build_id }}/linux/amd64/amazon-cloudwatch-agent.deb
+          popd
+
+          pushd linux/arm64
+          unzip AmazonCloudWatchAgent.zip
+          aws s3 cp --no-progress ./amazon-cloudwatch-agent.rpm s3://${{ env.S3_INTEGRATION_BUCKET }}/integration-test/binary/${{ inputs.build_id }}/linux/arm64/amazon-cloudwatch-agent.rpm
+          aws s3 cp --no-progress ./amazon-cloudwatch-agent.deb s3://${{ env.S3_INTEGRATION_BUCKET }}/integration-test/binary/${{ inputs.build_id }}/linux/arm64/amazon-cloudwatch-agent.deb
+          popd
+
+          pushd darwin/amd64
+          unzip AmazonCloudWatchAgent.zip
+          aws s3 cp --no-progress ./amazon-cloudwatch-agent.pkg s3://${{ env.S3_INTEGRATION_BUCKET }}/integration-test/packaging/${{ inputs.build_id }}/arm64/amazon-cloudwatch-agent.pkg
+          popd
+
+          pushd darwin/arm64
+          unzip AmazonCloudWatchAgent.zip
+          aws s3 cp --no-progress ./amazon-cloudwatch-agent.pkg s3://${{ env.S3_INTEGRATION_BUCKET }}/integration-test/packaging/${{ inputs.build_id }}/arm64/amazon-cloudwatch-agent.pkg
+          popd
+
+      - name: Configure AWS Credentials (CN)
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ env.TERRAFORM_AWS_ASSUME_ROLE_CN }}
+          aws-region: cn-north-1
+          role-duration-seconds: ${{ env.TERRAFORM_AWS_ASSUME_ROLE_DURATION }}
+
+      - name: Re-upload Artifacts (CN)
+        id: upload-artifacts-cn
+        run: |
+          pushd linux/amd64
+          aws --region cn-north-1 s3 cp --no-progress ./amazon-cloudwatch-agent.rpm s3://${{ env.S3_INTEGRATION_BUCKET_CN }}/integration-test/binary/${{ inputs.build_id }}/linux/amd64/amazon-cloudwatch-agent.rpm
+          aws --region cn-north-1 s3 cp --no-progress ./amazon-cloudwatch-agent.deb s3://${{ env.S3_INTEGRATION_BUCKET_CN }}/integration-test/binary/${{ inputs.build_id }}/linux/amd64/amazon-cloudwatch-agent.deb
+          popd
+
+          pushd linux/arm64
+          aws --region cn-north-1 s3 cp --no-progress ./amazon-cloudwatch-agent.rpm s3://${{ env.S3_INTEGRATION_BUCKET_CN }}/integration-test/binary/${{ inputs.build_id }}/linux/arm64/amazon-cloudwatch-agent.rpm
+          aws --region cn-north-1 s3 cp --no-progress ./amazon-cloudwatch-agent.deb s3://${{ env.S3_INTEGRATION_BUCKET_CN }}/integration-test/binary/${{ inputs.build_id }}/linux/arm64/amazon-cloudwatch-agent.deb
+          popd
+
+      - name: Configure AWS Credentials (ITAR)
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ env.TERRAFORM_AWS_ASSUME_ROLE_ITAR }}
+          aws-region: us-gov-east-1
+          role-duration-seconds: ${{ env.TERRAFORM_AWS_ASSUME_ROLE_DURATION }}
+
+      - name: Re-upload Artifacts (ITAR)
+        id: upload-artifacts-itar
+        run: |
+          pushd linux/amd64
+          aws --region us-gov-east-1 s3 cp --no-progress ./amazon-cloudwatch-agent.rpm s3://${{ env.S3_INTEGRATION_BUCKET_ITAR }}/integration-test/binary/${{ inputs.build_id }}/linux/amd64/amazon-cloudwatch-agent.rpm
+          aws --region us-gov-east-1 s3 cp --no-progress ./amazon-cloudwatch-agent.deb s3://${{ env.S3_INTEGRATION_BUCKET_ITAR }}/integration-test/binary/${{ inputs.build_id }}/linux/amd64/amazon-cloudwatch-agent.deb
+          popd
+
+          pushd linux/arm64
+          aws --region us-gov-east-1 s3 cp --no-progress ./amazon-cloudwatch-agent.rpm s3://${{ env.S3_INTEGRATION_BUCKET_ITAR }}/integration-test/binary/${{ inputs.build_id }}/linux/arm64/amazon-cloudwatch-agent.rpm
+          aws --region us-gov-east-1 s3 cp --no-progress ./amazon-cloudwatch-agent.deb s3://${{ env.S3_INTEGRATION_BUCKET_ITAR }}/integration-test/binary/${{ inputs.build_id }}/linux/arm64/amazon-cloudwatch-agent.deb
+          popd
+
+  RepackageECRImage:
+    name: 'RepackageECRImage'
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ env.TERRAFORM_AWS_ASSUME_ROLE }}
+          aws-region: us-west-2
+          role-duration-seconds: ${{ env.TERRAFORM_AWS_ASSUME_ROLE_DURATION }}
+
+      - name: Login to Release Artifacts Amazon ECR
+        id: login-artifacts-ecr
+        uses: aws-actions/amazon-ecr-login@v2
+        with:
+          registries: ${{ secrets.RELEASE_ARTIFACTS_ACCOUNT_ID }}
+
+      - name: Pull Image
+        id: pull-image
+        env:
+          ARTIFACTS_REGISTRY: ${{ steps.login-artifacts-ecr.outputs.registry }}
+        run: |
+          docker pull ${{ env.ARTIFACTS_REGISTRY }}/cloudwatch-agent:${{ inputs.build_id }}
+
+      - name: Login to Integ Test Amazon ECR
+        id: login-integ-test-ecr
+        uses: aws-actions/amazon-ecr-login@v2
+
+      - name: Push Image
+        id: push-image
+        env:
+          ARTIFACTS_REGISTRY: ${{ steps.login-artifacts-ecr.outputs.registry }}
+          INTEG_TEST_REGISTRY: ${{ steps.login-integ-test-ecr.outputs.registry }}
+        run: |
+          docker tag ${{ env.ARTIFACTS_REGISTRY }}/cloudwatch-agent:${{ inputs.build_id }} ${{ env.INTEG_TEST_REGISTRY }}/cwagent-integration-test:${{ inputs.build_id }}
+          docker push ${{ env.INTEG_TEST_REGISTRY }}/cwagent-integration-test:${{ inputs.build_id }}
+
+
@@ -83,5 +83,5 @@ jobs:
           -var="ssh_key_name=${{env.KEY_NAME}}" &&
           LOCAL_STACK_HOST_NAME=$(terraform output -raw public_dns) &&
           echo $LOCAL_STACK_HOST_NAME &&
-          echo "::set-output name=local_stack_host_name::$LOCAL_STACK_HOST_NAME" &&
+          echo "local_stack_host_name=$LOCAL_STACK_HOST_NAME" >> "$GITHUB_OUTPUT" &&
           aws s3 cp terraform.tfstate s3://${{inputs.s3_integration_bucket}}/integration-test/local-stack-terraform-state/${{inputs.github_sha}}/terraform.tfstate
@@ -53,6 +53,9 @@ jobs:
       - name: Copy state
         run: aws s3 cp s3://${{inputs.s3_integration_bucket}}/integration-test/local-stack-terraform-state/${{inputs.github_sha}}/terraform.tfstate .
 
+      - name: Install Terraform
+        uses: hashicorp/setup-terraform@v3
+
       - name: Verify Terraform version
         run: terraform --version