feat(elastic-agent-services): add another tag to docker image for agentless use

[olegsu]

What does this PR do?

This pr will add additional tag to docker image elastic-agent-service in form of elastic-agent-service:git-{SHORT_COMMIT}

Why is it important?

Elastic-Agent is used in Agentless in both ECH and ES3.
While in ECH we must a version that will match the ELK stack, in ES3 we dont have that restriction.
Two reasons why this is important for ES3:

1. Automatic release flow
2. Continuous feature release

I do not want to elaborate on the details in a public repo, please check the RFC and https://github.com/elastic/security-team/issues/9273 with full context

Checklist

• I have read and understood the pull request guidelines of this project.
• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in ./changelog/fragments using the changelog tool
• I have added an integration test or an E2E test

Disruptive User Impact

How to test this PR locally

Related issues

• https://github.com/elastic/security-team/issues/9273

Questions to ask yourself

• How are we going to support this in production?
• How are we going to measure its adoption?
• How are we going to debug this?
• What are the metrics I should take care of?
• ...

[mergify]

This pull request does not have a backport label. Could you fix it @olegsu? 🙏
To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

• backport-./d./d is the label that automatically backports to the 8./d branch. /d is the digit
• backport-active-all is the label that automatically backports to all active branches.
• backport-active-8 is the label that automatically backports to all active minor branches for the 8 major.
• backport-active-9 is the label that automatically backports to all active minor branches for the 9 major.

[michalpristas]

specify a tag for narrowing down specifics in case of failure

[michalpristas]

i think it looks ok.

[michalpristas]

ExtraVars contains raw values, expanded values are inside evalContext, use that one and replace also one for repository above

Suggested change

	moreTags := []string{}
	if commit, found := b.ExtraVars["commit"]; found && b.DockerVariant == Service {
	if len(commit) >= 12 {
	moreTags = append(moreTags, fmt.Sprintf("%s:%s", b.imageName, "git-"+commit[:12]))
	}
	}
	moreTags := []string{}
	if commitI, found := b.evalContext["commit"]; found && b.DockerVariant == Service {
	commit, ok := commitI.(string)
	if ok && len(commit) >= 12 {
	moreTags = append(moreTags, fmt.Sprintf("%s:git-%s", b.imageName, commit[:12]))
	}
	}

[pkoutsovasilis]

hey @olegsu 👋 thanks for opening this PR. I believe that already @michalpristas has left some comments that capture some issues with this PR (ty @michalpristas ). However, I kinda have another thinking that affects the approach of this PR. I am not a fan of implicit actions, and here the new tag you try to introduce happens ambiguously if commit is found in extra vars. However, IMO, adding an extra vars shouldn't affect the tags as the two are not profoundly coupled. That said, would it make sense to you as well to alternate this PR, promoting explicitness, e.g. introduce extraTags in package.yml and do utilise them from there? in this way if in the future we need to change/remove/add another tag this will be really straight-forward

[elasticmachine]

Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)

[olegsu]

hey @olegsu 👋 thanks for opening this PR. I believe that already @michalpristas has left some comments that capture some issues with this PR (ty @michalpristas ). However, I kinda have another thinking that affects the approach of this PR. I am not a fan of implicit actions, and here the new tag you try to introduce happens ambiguously if commit is found in extra vars. However, IMO, adding an extra vars shouldn't affect the tags as the two are not profoundly coupled. That said, would it make sense to you as well to alternate this PR, promoting explicitness, e.g. introduce extraTags in package.yml and do utilise them from there? in this way if in the future we need to change/remove/add another tag this will be really straight-forward

Thank you for the feedback!
It makes sense, let me update the pr

[blakerouse]

Please wait for approval from @pkoutsovasilis before merging, but this looks good to me with the latest updates.

[jlind23]

@blakerouse Thanks for the approval but I am a bit confused. Didn't we agreed on giving approval only once CI is green to avoid code changes to make CI happy after approval that would not dismiss your review?

[pkoutsovasilis]

Thanks for going through my comments @olegsu this LGTM. I had a look in the CI failures and they all seem to be related to already reported flaky tests and a new one which I have raised with eng prod team. That said, I invoked retries to get this PR merged 🙂

[elasticmachine]

⏳ Build in-progress, with failures

• Buildkite Build
• Commit: 6c9b1f3

Failed CI Steps

• Extended runtime leak tests
• Start ESS stack for integration tests

History

• 💔 Build #17509 failed a2c4397
• 💔 Build #17493 failed c4eee0c
• 💚 Build #17411 succeeded 50596e0
• 💔 Build #17406 failed d59815c
• 💔 Build #17398 failed e30071f

cc @olegsu

[elastic-sonarqube]

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarQube