Skip to content

[9.0] (backport #9048) ci: build agent from snapshot DRA #9281

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
pkoutsovasilis merged 9 commits into from
Aug 8, 2025
Merged

[9.0] (backport #9048) ci: build agent from snapshot DRA #9281

pkoutsovasilis merged 9 commits into from
Aug 8, 2025

Conversation

@mergify
Copy link
Contributor

@mergify mergify bot commented Aug 7, 2025

What does this PR do?

This PR reworks the .package-version file format and integrates it into our CI and mage workflows to enable deterministic, snapshot-based builds of Elastic Agent based on published DRA (Downloadable Release Artifacts).

Key changes:

  • .package-version is now a structured JSON file containing version metadata (version, build_id, stack_build_id, manifest_url, etc.).
  • CI scripts and mage targets now conditionally derive the agent version and build metadata from .package-version when USE_PACKAGE_VERSION=true is set.
  • The mage target UpdatePackageVersion replaces previous logic with a structured update mechanism for .package-version.
  • CI integration steps now consistently use the snapshot version and manifest provided in .package-version.

Why is it important?

We previously had a fundamental dependency issue in the release flow: to produce a new Elastic Agent DRA, we needed to bump the agent version — but our CI integration tests required that same DRA to already exist in order to pass. This created a timing problem and made the release workflow fragile.

With this PR:

  • The CI system and mage targets now honour .package-version when USE_PACKAGE_VERSION=true is set, allowing packaging and testing to rely on a known-good, previously published DRA.
  • This ensures that builds and tests only proceed against DRAs that have been published by the unified release process, making test results and releases more predictable and reliable.
  • PRs such as #9163, which update .package-version, now become the authoritative source of truth for the Elastic Agent version used in the repo and must be handled with utmost care.
  • Note: Even if a component publishes its own DRA, Elastic Agent will only package it once the unified release has run and the respective PR to update the .package-version has been merged.

This enables a reproducible and version-pinned CI system while allowing us to automate snapshot bumps in a controlled and testable way.

An experimental version bump under commit a57ee10 verified this flow successfully. The CI run is available here.

Checklist

  • I have read and understood the pull request guidelines of this project.
  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in ./changelog/fragments using the changelog tool
  • I have added an integration test or an E2E test

Disruptive User Impact

None expected. Existing workflows are unaffected unless USE_PACKAGE_VERSION=true is explicitly set. In that case, .package-version is required and must be up to date.

How to test this PR locally

specify USE_PACKAGE_VERION=true and call any mage target e.g.

USE_PACKAGE_VERSION="true" EXTERNAL="true" PLATFORMS="linux/arm64" PACKAGES="docker" DOCKER_VARIANTS="basic" mage package

Related issues

  • N/A
This is an automatic backport of pull request #9048 done by [Mergify](https://mergify.com).

@mergify mergify bot requested review from a team as code owners August 7, 2025 08:45
@mergify mergify bot added backport conflicts There is a conflict in the backported pull request labels Aug 7, 2025
@mergify mergify bot requested review from blakerouse and michalpristas and removed request for a team August 7, 2025 08:45
@mergify
Copy link
Contributor Author

mergify bot commented Aug 7, 2025

Cherry-pick of a155660 has failed:

On branch mergify/bp/9.0/pr-9048
Your branch is up to date with 'origin/9.0'.

You are currently cherry-picking commit a155660c4.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Changes to be committed:
	modified:   .buildkite/scripts/buildkite-integration-tests.ps1
	modified:   .buildkite/scripts/buildkite-integration-tests.sh
	modified:   .buildkite/scripts/buildkite-k8s-integration-tests.sh
	modified:   .buildkite/scripts/steps/ess.sh
	modified:   .buildkite/scripts/steps/ess_start.sh
	new file:   .buildkite/scripts/steps/integration-cloud-image-push.sh
	modified:   .buildkite/scripts/steps/integration-package.sh
	modified:   .buildkite/scripts/steps/integration_tests.sh
	modified:   .buildkite/scripts/steps/integration_tests_tf.ps1
	modified:   .buildkite/scripts/steps/integration_tests_tf.sh
	modified:   .github/workflows/bump-agent-versions.sh
	new file:   dev-tools/mage/packageversion.go
	modified:   dev-tools/mage/settings.go
	modified:   magefile.go
	modified:   test_infra/ess/deployment.tf
	modified:   testing/integration/ess/upgrade_broken_package_test.go

Unmerged paths:
  (use "git add <file>..." to mark resolution)
	both modified:   .buildkite/integration.pipeline.yml
	both modified:   .buildkite/scripts/steps/ess.ps1
	both modified:   .package-version
	both modified:   dev-tools/mage/manifest/manifest.go

To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally

@mergify mergify bot mentioned this pull request Aug 7, 2025
Merged
8 tasks
@elasticmachine
Copy link
Contributor

elasticmachine commented Aug 7, 2025

Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)

@pkoutsovasilis
Copy link
Contributor

pkoutsovasilis commented Aug 7, 2025

first I wanna see how this PR behaves on main and if everything checks out, I am gonna deal with the backports

@pkoutsovasilis
Copy link
Contributor

pkoutsovasilis commented Aug 7, 2025

ok CI run on main is green and the automation PR looks correct #9283 proceeding with addressing the conflicts

@pkoutsovasilis pkoutsovasilis removed the conflicts There is a conflict in the backported pull request label Aug 7, 2025
@pkoutsovasilis
Copy link
Contributor

pkoutsovasilis commented Aug 7, 2025

This branch is lacking the changes introduced by #7790 which apparently are needed for packaging to work. @pchila I am gonna try to cherry-pick the changes here. cc @ebeahan for awareness

@pkoutsovasilis pkoutsovasilis force-pushed the mergify/bp/9.0/pr-9048 branch from 0fc66a5 to 6818837 Compare August 7, 2025 12:51
pchila and others added 6 commits August 7, 2025 22:19
@pchila @pkoutsovasilis
Make components in packages configurable (#7602)
8c97293 
* Redefine ExpectedBinaries as YAML config

* Move ExpectedBinaries closer to package spec file

* Fix error formatting in downloadDRAArtifacts

* add packageName template to ExpectedPackages

* use a relaxed dependencies version for IAR releases

* Remove FIPS hack introduced in PR #7486

* Allow for a looser match on relaxing dependencies versions

* Add debug logging when packaging with EXTERNAL=true

* move package tests to dedicated package
@pchila @pkoutsovasilis
Fips packaging (#7690)
1f6076f 
* Add component list to specs

* extract component dependencies from the packages to be built

* Refactor component extraction from package specs

* Fix package tests error handling

* Inject dependencies and remove references to ExpectedBinaries

* Remove ExpectedBinaries global

* Add rootdir to components

* Extract actual version matched on the package file and use it to render RootDir

* Package elastic-agent FIPS specs when FIPS=true is specified

* refactor ResolveManifestPackage

* Move FIPS compile settings in packages.yml

* Add more FIPS components

* Properly handle dependenciesVersion when calling mage package

* Refactor ChecksumsWithoutManifest to use list of dependencies instead of globbing files

* Rework useDRAAgentBinaryForPackage for repackaging agent

Define elastic-agent-core components (both FIPS and non-FIPS variants)
and define package name and root dir templates.
Implement some filtering on component list to extract the correct
component definition according to the FIPSBuild flag.
Refactor code that downloads pre-compiled elastic-agent binaries and
places them in the golangCrossBuild directory to make use of the new
component definition.

* Write spec FIPS flag into manifest.yaml when packaging

* Add FIPS elastic agent basic and cloud docker images

* Build FIPS docker images in CI packaging

* Fix FIPS .tar.gz package tests

* Restructure package tests

* Extend FIPS check to all binaries in components directory

* Create FIPS elastic-agent-core artifacts in elastic-agent-binary-dra pipeline

* Cleanup ChecksumsWithManifest and improve godoc

* Improve godoc for BinarySpec
@pchila @pkoutsovasilis
Correctly inject dependency list when packaging using DROP_PATH (#7795)
b1905a7
@pchila @pkoutsovasilis
Restore qualifier=core for elastic-agent-core packaging specs (#7805)
269b897 
Restore qualifier for elastic-agent-core packaging specs to avoid
changing the rootDir name of the archives.
The qualifier had been removed in PR #7690 trying to use the spec name:
this worked to get the desired file name but changed the root Dir name
which uses '{{.BeatName}}{{if .Qualifier}}-{{.Qualifier}}{{end}}' in the
template definition instead of '{{.Name}}' which would render the spec
name.
@pchila @pkoutsovasilis
Modify fips core spec qualifier and name (#7818)
be256c1
@pkoutsovasilis
ci: build agent from snapshot DRA (#9048)
761baa7 
* feat: rework .package-version and mage integration:UpdatePackageVersion to make CI build always from snapshot DRA

* feat: incorporate USE_PACKAGE_VERSION in mage

* experiment: bump version.go

* Revert "experiment: bump version.go"

This reverts commit a57ee10.

* chore: bump .package-version

* feat: allow AGENT_VERSION to be overridden by env var

* fix: use named args for all args in integration_tests_tf.ps1

* feat: panic on err of initPackageVersion

* fix: don't panic when .package-version file doesn't exist, log it instead

* feat: rework fabrication of CI_ELASTIC_AGENT_DOCKER_IMAGE

* feat: use os.WriteFile in writePackageVersion

* chore: bump to latest snapshot DRA

* fix: always DownloadManifest if PackagingFromManifest is set in mage package

* fix: check err of filepath.Abs(dropPath)
@pkoutsovasilis pkoutsovasilis force-pushed the mergify/bp/9.0/pr-9048 branch 2 times, most recently from 6ff5311 to b1d731f Compare August 7, 2025 21:23
@pkoutsovasilis pkoutsovasilis force-pushed the mergify/bp/9.0/pr-9048 branch from 2133791 to e98e93f Compare August 7, 2025 22:29
@elastic-sonarqube
Copy link

elastic-sonarqube bot commented Aug 7, 2025

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarQube

@elasticmachine
Copy link
Contributor

elasticmachine commented Aug 8, 2025

💚 Build Succeeded

History

cc @pkoutsovasilis

@pkoutsovasilis
Copy link
Contributor

pkoutsovasilis commented Aug 8, 2025

did a dry-run of elastic-agent-package to test that all my backporting didn't break anything here

So @pchila would you mind skimming through this one, since I needed to backport all you packaging changes?

@pkoutsovasilis pkoutsovasilis requested a review from pchila August 8, 2025 08:14
pchila
pchila approved these changes Aug 8, 2025
View reviewed changes
Copy link
Member

@pchila pchila left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor nitpick on FIPS settings struct, not blocking and can be fixed in a follow-up PR.
Package DRA build looks good.
Thank you for the backport!

@pkoutsovasilis pkoutsovasilis merged commit b29094d into 9.0 Aug 8, 2025
19 checks passed
@pkoutsovasilis pkoutsovasilis deleted the mergify/bp/9.0/pr-9048 branch August 8, 2025 09:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pchila pchila pchila approved these changes

@michalpristas michalpristas Awaiting requested review from michalpristas michalpristas is a code owner automatically assigned from elastic/elastic-agent-control-plane

@blakerouse blakerouse Awaiting requested review from blakerouse blakerouse is a code owner automatically assigned from elastic/elastic-agent-control-plane

+1 more reviewer

@pkoutsovasilis pkoutsovasilis pkoutsovasilis approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@pkoutsovasilis pkoutsovasilis

Labels

backport skip-changelog Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team Testing:run:TestUpgradeIntegrationsServer

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@elasticmachine @pkoutsovasilis @pchila