fix 3.x release workflow; release 3.52.1 (#4304)

This updates the 3.x release.yml workflow with changes (mostly to auth) that have been made to the release workflow on main. - **github-actions: use github secrets (#4129)** - **github: use docker github secrets (#4047)** - **ci(github-secrets): slack and aws lambda publish (#4081)** - **bump some versions to match those used in 'release.yml' on main** - **Use keyless authentication in release (#4109)** - **bump action to same version used on main branch** - **bump to 3.52.1 to try release workflow again** It also drops the labeler.yml workflow from the 3.x branch. It is failing (auth changes) and isn't needed on the 3.x branch.
elastic · Nov 5, 2024 · 2634595 · 2634595
1 parent c5d43a1
commit 2634595
Show file tree

Hide file tree

Showing 5 changed files with 21 additions and 90 deletions.
diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -13,38 +13,30 @@ jobs:
   release:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@v4
         with:
-          node-version: 'v16.15.1'
+          node-version: 'v16.20.2'
 
-      - uses: elastic/apm-pipeline-library/.github/actions/docker-login@current
+      - name: Log in to the Elastic Container registry
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
         with:
-          registry: docker.elastic.co
-          secret: secret/observability-team/ci/docker-registry/prod
-          url: ${{ secrets.VAULT_ADDR }}
-          roleId: ${{ secrets.VAULT_ROLE_ID }}
-          secretId: ${{ secrets.VAULT_SECRET_ID }}
+          registry: ${{ secrets.ELASTIC_DOCKER_REGISTRY }}
+          username: ${{ secrets.ELASTIC_DOCKER_USERNAME }}
+          password: ${{ secrets.ELASTIC_DOCKER_PASSWORD }}
 
       - run: make -C .ci env
 
       - run: make -C .ci dist
 
       - run: make -C .ci push-docker
 
-      - name: Read AWS vault secrets
-        uses: hashicorp/[email protected]
+      - uses: elastic/oblt-actions/aws/[email protected]
         with:
-          url: ${{ secrets.VAULT_ADDR }}
-          method: approle
-          roleId: ${{ secrets.VAULT_ROLE_ID }}
-          secretId: ${{ secrets.VAULT_SECRET_ID }}
-          secrets: |
-            secret/observability-team/ci/service-account/apm-aws-lambda access_key_id | AWS_ACCESS_KEY_ID ;
-            secret/observability-team/ci/service-account/apm-aws-lambda secret_access_key | AWS_SECRET_ACCESS_KEY
+          aws-account-id: "267093732750"
 
       - name: Publish AWS lambda
         run: make -C .ci publish-in-all-aws-regions create-arn-file
@@ -55,27 +47,14 @@ jobs:
         env:
           GH_TOKEN: ${{ github.token }}
 
-      - name: Read NPM vault secrets
-        uses: hashicorp/[email protected]
-        with:
-          url: ${{ secrets.VAULT_ADDR }}
-          method: approle
-          roleId: ${{ secrets.VAULT_ROLE_ID }}
-          secretId: ${{ secrets.VAULT_SECRET_ID }}
-          secrets: |
-            secret/jenkins-ci/npmjs/elasticmachine token | NPMJS_TOKEN ;
-            totp/code/npmjs-elasticmachine code | TOTP_CODE
-
       - name: npm publish
         run: |-
-          echo "//registry.npmjs.org/:_authToken=${{ env.NPMJS_TOKEN }}" > .npmrc
-          npm publish --tag="latest-3" --otp=${{ env.TOTP_CODE }}
+          echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" > .npmrc
+          npm publish --provenance
 
       - if: always()
-        uses: elastic/apm-pipeline-library/.github/actions/notify-build-status@current
+        uses: elastic/oblt-actions/slack/notify-result@v1
         with:
-          vaultUrl: ${{ secrets.VAULT_ADDR }}
-          vaultRoleId: ${{ secrets.VAULT_ROLE_ID }}
-          vaultSecretId: ${{ secrets.VAULT_SECRET_ID }}
-          slackChannel: "#apm-agent-node"
+          bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
+          channel-id: "#apm-agent-node"
           message: '[${{ github.repository }}] Release *${{ github.ref_name }}*'
diff --git a/CHANGELOG.asciidoc b/CHANGELOG.asciidoc
@@ -37,14 +37,14 @@ for the latest (4.x) releases. The 3.x branch will be maintained until
 2024-03-07 (6 months after the 4.0.0 release).
 
 
-[[release-notes-3.52.0]]
-==== 3.52.0 - 2024/11/04
+[[release-notes-3.52.1]]
+==== 3.52.1 - 2024/11/05
 
 [float]
 ===== Chores
 
 * Improve trace-level logging to better support debugging central config
-  and transaction sampling issues.
+  and transaction sampling issues. ({issues}4291[#4291])
 
 
 [[release-notes-3.51.0]]

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "elastic-apm-node",
-  "version": "3.52.0",
+  "version": "3.52.1",
   "description": "The official Elastic APM agent for Node.js",
   "main": "index.js",
   "types": "index.d.ts",