updatecli: automate EDOT SDK k8s auto-instrumentation images to their latest version

.ci/updatecli/README.md

@@ -0,0 +1,79 @@
+# Overview
+
+This is how we manage adhoc dependency updates using `updatecli`.
+
+## EDOT SDK Dependencies Update Automation
+
+This directory contains updatecli configuration to automatically update EDOT SDK docker image versions in the elastic-agent repository.
+
+### Overview
+
+The automation tracks latest releases from the following repositories and updates corresponding docker image references in elastic-agent:
+
+- **elastic/elastic-otel-dotnet** → `docker.elastic.co/observability/elastic-otel-dotnet`
+- **elastic/elastic-otel-java** → `docker.elastic.co/observability/elastic-otel-javaagent`
+- **elastic/elastic-otel-node** → `docker.elastic.co/observability/elastic-otel-node`
+- **elastic/elastic-otel-python** → `docker.elastic.co/observability/elastic-otel-python`
+- **open-telemetry/opentelemetry-go-instrumentation** → `ghcr.io/open-telemetry/opentelemetry-go-instrumentation/autoinstrumentation-go`
+
+### Files Updated
+
+The automation updates these files in the elastic-agent repository:
+- `deploy/helm/edot-collector/kube-stack/managed_otlp/values.yaml`
+- `deploy/helm/edot-collector/kube-stack/values.yaml`
+
+Specifically, it updates the `instrumentation` section with the latest versions:
+
+```yaml
+instrumentation:
+  java:
+    image: docker.elastic.co/observability/elastic-otel-javaagent:X.Y.Z
+  nodejs:
+    image: docker.elastic.co/observability/elastic-otel-node:X.Y.Z
+  dotnet:
+    image: docker.elastic.co/observability/elastic-otel-dotnet:X.Y.Z
+  python:
+    image: docker.elastic.co/observability/elastic-otel-python:X.Y.Z
+  go:
+    image: ghcr.io/open-telemetry/opentelemetry-go-instrumentation/autoinstrumentation-go:vX.Y.Z
+```
+
+### Configuration Files
+
+- **`bump-edot-images.yml`**: Main updatecli configuration that defines sources and targets
+- **`values.d/scm.yml`**: Contains SCM configuration values for GitHub authentication
+
+### GitHub Workflow
+
+The automation runs via GitHub workflow `.github/workflows/bump-edot-images.yml` which:
+- Runs Monday to Friday at 3 PM UTC
+- Can be triggered manually via workflow_dispatch
+- Uses the OBS_AUTOMATION_APP credentials for creating PRs
+- Creates pull requests with `dependencies`, `skip-changelog`, and backport labels.
+
+### Example Output
+
+When new versions are detected, the automation will create a pull request similar to [elastic-agent#7327](https://github.com/elastic/elastic-agent/pull/7327) that was manually created previously.
+
+### Version Handling
+
+The configuration handles different version formatting:
+- Some repositories use `v` prefix in their tags (like `v1.2.0`)
+- The automation strips the `v` prefix where needed to match the expected docker tag format
+- Go instrumentation keeps the `v` prefix as that's the expected format
+
+### Manual Testing
+
+To test the configuration locally:
+
+```bash
+export GITHUB_TOKEN=$(gh auth token)
+export GITHUB_ACTOR=v1v
+updatecli diff \
+    --config .ci/updatecli/bump-edot-images.yml \
+    --values .ci/updatecli/values.d/scm.yml
+# Apply changes (requires write access to elastic-agent repo)
+updatecli apply \
+    --config .ci/updatecli/bump-edot-images.yml \
+    --values .ci/updatecli/values.d/scm.yml
+```

.ci/updatecli/updatecli-bump-edot.yml

@@ -0,0 +1,157 @@
+---
+name: Bump EDOT SDKs to latest versions
+
+scms:
+  elastic-agent:
+    kind: github
+    spec:
+      user: '{{ requiredEnv "GITHUB_ACTOR" }}'
+      username: '{{ requiredEnv "GITHUB_ACTOR" }}'
+      owner: '{{ .scm.owner }}'
+      repository: '{{ .scm.repository }}'
+      token: '{{ requiredEnv "GITHUB_TOKEN" }}'
+      commitusingapi: true
+      branch: '{{ .scm.branch }}'
+      force: false
+
+actions:
+  elastic-agent:
+    kind: github/pullrequest
+    scmid: elastic-agent
+    spec:
+      automerge: false
+      labels:
+        - backport-active-8
+        - backport-active-9
+        - dependencies
+        - skip-changelog
+        - Team:Elastic-Agent-Control-Plane
+      title: '[otel/kube-stack] Update EDOT SDK k8s auto-instrumentation images to their latest versions'
+      description: |
+        Update the versions of the EDOT language SDK images being used with the OTel Operator.
+
+sources:
+  elastic-otel-dotnet:
+    name: "Get latest Elastic OTEL .NET release"
+    kind: githubrelease
+    spec:
+      owner: "elastic"
+      repository: "elastic-otel-dotnet"
+      token: '{{ requiredEnv "GITHUB_TOKEN" }}'
+      username: '{{ requiredEnv "GITHUB_ACTOR" }}'
+      versionfilter:
+        kind: semver
+
+  elastic-otel-java:
+    name: "Get latest Elastic OTEL Java release"
+    kind: githubrelease
+    spec:
+      owner: "elastic"
+      repository: "elastic-otel-java"
+      token: '{{ requiredEnv "GITHUB_TOKEN" }}'
+      username: '{{ requiredEnv "GITHUB_ACTOR" }}'
+      versionfilter:
+        kind: semver
+
+  elastic-otel-node:
+    name: "Get latest Elastic OTEL Node.js release"
+    kind: githubrelease
+    spec:
+      owner: "elastic"
+      repository: "elastic-otel-node"
+      token: '{{ requiredEnv "GITHUB_TOKEN" }}'
+      username: '{{ requiredEnv "GITHUB_ACTOR" }}'
+      versionfilter:
+        kind: semver
+
+  elastic-otel-python:
+    name: "Get latest Elastic OTEL Python release"
+    kind: githubrelease
+    spec:
+      owner: "elastic"
+      repository: "elastic-otel-python"
+      token: '{{ requiredEnv "GITHUB_TOKEN" }}'
+      username: '{{ requiredEnv "GITHUB_ACTOR" }}'
+      versionfilter:
+        kind: semver
+
+  otel-go-instrumentation:
+    name: "Get latest OpenTelemetry Go Instrumentation release"
+    kind: githubrelease
+    spec:
+      owner: "open-telemetry"
+      repository: "opentelemetry-go-instrumentation"
+      token: '{{ requiredEnv "GITHUB_TOKEN" }}'
+      username: '{{ requiredEnv "GITHUB_ACTOR" }}'
+      versionfilter:
+        kind: semver
+
+targets:
+  update-dotnet-managed-otlp:
+    name: "Update Elastic OTEL .NET image in values.yaml"
+    kind: yaml
+    scmid: elastic-agent
+    sourceid: elastic-otel-dotnet
+    spec:
+      files:
+        - "deploy/helm/edot-collector/kube-stack/managed_otlp/values.yaml"
+        - "deploy/helm/edot-collector/kube-stack/values.yaml"
+      key: "$.instrumentation.dotnet.image"
+    transformers:
+      - addprefix: "docker.elastic.co/observability/elastic-otel-dotnet:"
+
+  # Update Java image in managed_otlp/values.yaml
+  update-java-managed-otlp:
+    name: "Update Elastic OTEL Java image in values.yaml"
+    kind: yaml
+    scmid: elastic-agent
+    sourceid: elastic-otel-java
+    spec:
+      files:
+        - "deploy/helm/edot-collector/kube-stack/managed_otlp/values.yaml"
+        - "deploy/helm/edot-collector/kube-stack/values.yaml"
+      key: "$.instrumentation.java.image"
+    transformers:
+      - trimprefix: "v"
+      - addprefix: "docker.elastic.co/observability/elastic-otel-javaagent:"
+
+  update-nodejs-managed-otlp:
+    name: "Update Elastic OTEL Node.js image in values.yaml"
+    kind: yaml
+    scmid: elastic-agent
+    sourceid: elastic-otel-node
+    spec:
+      files:
+        - "deploy/helm/edot-collector/kube-stack/managed_otlp/values.yaml"
+        - "deploy/helm/edot-collector/kube-stack/values.yaml"
+      key: "$.instrumentation.nodejs.image"
+    transformers:
+      - trimprefix: "v"
+      - addprefix: "docker.elastic.co/observability/elastic-otel-node:"
+
+  update-python-managed-otlp:
+    name: "Update Elastic OTEL Python image in managed_otlp/values.yaml"
+    kind: yaml
+    scmid: elastic-agent
+    sourceid: elastic-otel-python
+    spec:
+      files:
+        - "deploy/helm/edot-collector/kube-stack/managed_otlp/values.yaml"
+        - "deploy/helm/edot-collector/kube-stack/values.yaml"
+      key: "$.instrumentation.python.image"
+    transformers:
+      - trimprefix: "v"
+      - addprefix: "docker.elastic.co/observability/elastic-otel-python:"
+
+  update-go-main:
+    name: "Update OpenTelemetry Go Instrumentation image in values.yaml"
+    kind: yaml
+    scmid: elastic-agent
+    sourceid: otel-go-instrumentation
+    spec:
+      files:
+        - "deploy/helm/edot-collector/kube-stack/managed_otlp/values.yaml"
+        - "deploy/helm/edot-collector/kube-stack/values.yaml"
+      key: "$.instrumentation.go.image"
+    transformers:
+      - addprefix: "ghcr.io/open-telemetry/opentelemetry-go-instrumentation/autoinstrumentation-go:"

.github/workflows/bump-edot-images.yml

@@ -0,0 +1,36 @@
+---
+name: bump-edot-images
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 20 * * 1-6"
+
+permissions:
+  contents: read
+
+env:
+  JOB_URL: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+
+jobs:
+  bump:
+    permissions:
+      contents: write
+      pull-requests: write
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+
+      - uses: elastic/oblt-actions/updatecli/run@v1
+        with:
+          command: apply --config .ci/updatecli/updatecli-bump-edot.yml --values .ci/updatecli/values.d/scm.yml
+          version-file: .updatecli-version
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - if: ${{ failure()  }}
+        uses: elastic/oblt-actions/slack/send@v1
+        with:
+          bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
+          channel-id: "#ingest-notifications"
+          message: ":traffic_cone: updatecli failed for `${{ github.repository }}@${{ github.ref_name }}`, `@agent-team` please look what's going on <${{ env.JOB_URL }}|here>"

deploy/helm/edot-collector/kube-stack/managed_otlp/values.yaml

@@ -50,19 +50,22 @@ collectors:
       processors:
         # [Resource Detection Processor](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/processor/resourcedetectionprocessor)
         resourcedetection/eks:
-          detectors: [env, eks] # Detects resources from environment variables and EKS (Elastic Kubernetes Service).
+          # Detects resources from environment variables and EKS (Elastic Kubernetes Service).
+          detectors: [env, eks]
           timeout: 15s
           override: true
           eks:
             resource_attributes:
               k8s.cluster.name:
                 enabled: true
         resourcedetection/gcp:
-          detectors: [env, gcp] # Detects resources from environment variables and GCP (Google Cloud Platform).
+          # Detects resources from environment variables and GCP (Google Cloud Platform).
+          detectors: [env, gcp]
           timeout: 2s
           override: true
         resourcedetection/aks:
-          detectors: [env, aks] # Detects resources from environment variables and AKS (Azure Kubernetes Service).
+          # Detects resources from environment variables and AKS (Azure Kubernetes Service).
+          detectors: [env, aks]
           timeout: 2s
           override: true
           aks:
@@ -219,19 +222,22 @@ collectors:
           timeout: 1s
         # [Resource Detection Processor](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/processor/resourcedetectionprocessor)
         resourcedetection/eks:
-          detectors: [env, eks] # Detects resources from environment variables and EKS (Elastic Kubernetes Service).
+          # Detects resources from environment variables and EKS (Elastic Kubernetes Service).
+          detectors: [env, eks]
           timeout: 15s
           override: true
           eks:
             resource_attributes:
               k8s.cluster.name:
                 enabled: true
         resourcedetection/gcp:
-          detectors: [env, gcp] # Detects resources from environment variables and GCP (Google Cloud Platform).
+          # Detects resources from environment variables and GCP (Google Cloud Platform).
+          detectors: [env, gcp]
           timeout: 2s
           override: true
         resourcedetection/aks:
-          detectors: [env, aks] # Detects resources from environment variables and AKS (Azure Kubernetes Service).
+          # Detects resources from environment variables and AKS (Azure Kubernetes Service).
+          detectors: [env, aks]
           timeout: 2s
           override: true
           aks:
@@ -244,7 +250,8 @@ collectors:
               from_attribute: k8s.node.name
               action: upsert
         resourcedetection/system:
-          detectors: ["system", "ec2"] # Detects resources from the system and EC2 instances.
+          # Detects resources from the system and EC2 instances.
+          detectors: ["system", "ec2"]
           system:
             hostname_sources: ["os"]
             resource_attributes: