Merge branch 'main' into 249382_Fix-monospace-fonts-applied-outside-Lens

Author: elasticmachine

.buildkite/ftr_platform_stateful_configs.yml

@@ -479,9 +479,7 @@ enabled:
   - x-pack/platform/test/api_integration/apis/watcher/config.ts
   - x-pack/platform/test/api_integration_basic/apis/aiops/config.ts
   - x-pack/platform/test/api_integration_basic/apis/security/config.ts
-  - x-pack/platform/test/automatic_import_api_integration/apis/config_basic.ts
-  - x-pack/platform/test/automatic_import_api_integration/apis/config_graphs.ts
-  - x-pack/platform/test/automatic_import_v2_api_integration/configs/config.stateful.ts
+  - x-pack/platform/test/automatic_import_api_integration/configs/config.stateful.ts
   - x-pack/platform/test/encrypted_saved_objects_api_integration/config.ts
   - x-pack/platform/test/fleet_multi_cluster/config.ts
   - x-pack/platform/test/monitoring_api_integration/config.ts

.buildkite/pipelines/artifacts.yml

@@ -157,4 +157,5 @@ steps:
       imageProject: elastic-images-prod
       provider: gcp
       machineType: n2-standard-2
+      diskSizeGb: 180
     timeout_in_minutes: 30

.buildkite/pipelines/pull_request/security_solution/automatic_import.yml

@@ -5,7 +5,7 @@ plugins:
     - alerting
     - alerting_v2
     - apm
-    - automatic_import_v2
+    - automatic_import
     - banners
     - cloud_security_posture
     - console

.buildkite/scout_ci_config.yml

@@ -92,11 +92,7 @@ if is_pr; then
   if is_pr_with_label "ci:security-genai-run-evals-local-prompts"; then
     export IS_SECURITY_AI_PROMPT_TEST=true
   fi
-
-  # These can be removed once we're not supporting Jenkins and Buildkite at the same time
-  # These are primarily used by github checks reporter and can be configured via /github_checks_api.json
-  export ghprbGhRepository="elastic/kibana"
-  export ghprbActualCommit="$BUILDKITE_COMMIT"
+  
   export BUILD_URL="$BUILDKITE_BUILD_URL"
 
   set_git_merge_base

.buildkite/scripts/common/env.sh

@@ -89,9 +89,6 @@ EOF
 
 # Set up misc keys
 {
-  KIBANA_CI_REPORTER_KEY=$(vault_get kibanamachine-reporter value)
-  export KIBANA_CI_REPORTER_KEY
-
   EC_API_KEY="$(vault_get kibana-ci-cloud-deploy pr_deploy_api_key)"
   export EC_API_KEY
 
@@ -101,24 +98,6 @@ EOF
   PROJECT_API_DOMAIN="$(vault_get kibana-ci-project-deploy pr_deploy_domain)"
   export PROJECT_API_DOMAIN
 
-  SYNTHETICS_SERVICE_USERNAME="$(vault_get kibana-ci-synthetics-credentials username)"
-  export SYNTHETICS_SERVICE_USERNAME
-
-  SYNTHETICS_SERVICE_PASSWORD="$(vault_get kibana-ci-synthetics-credentials password)"
-  export SYNTHETICS_SERVICE_PASSWORD
-
-  SYNTHETICS_SERVICE_MANIFEST="$(vault_get kibana-ci-synthetics-credentials manifest)"
-  export SYNTHETICS_SERVICE_MANIFEST
-
-  SYNTHETICS_REMOTE_KIBANA_USERNAME="$(vault_get kibana-ci-synthetics-remote-credentials username)"
-  export SYNTHETICS_REMOTE_KIBANA_USERNAME
-
-  SYNTHETICS_REMOTE_KIBANA_PASSWORD="$(vault_get kibana-ci-synthetics-remote-credentials password)"
-  export SYNTHETICS_REMOTE_KIBANA_PASSWORD
-
-  SYNTHETICS_REMOTE_KIBANA_URL=${SYNTHETICS_REMOTE_KIBANA_URL-"$(vault_get kibana-ci-synthetics-remote-credentials url)"}
-  export SYNTHETICS_REMOTE_KIBANA_URL
-
   DEPLOY_TAGGER_SLACK_WEBHOOK_URL=${DEPLOY_TAGGER_SLACK_WEBHOOK_URL:-"$(vault_get kibana-serverless-release-tools DEPLOY_TAGGER_SLACK_WEBHOOK_URL)"}
   export DEPLOY_TAGGER_SLACK_WEBHOOK_URL
 

.buildkite/scripts/common/setup_job_env.sh

@@ -71,12 +71,7 @@ const SKIPPABLE_PR_MATCHERS = prConfig.skip_ci_on_only_changed!.map((r) => new R
 
     // Register steps from base.yml that should still be canceled on gate failure.
     // base.yml itself is not loaded with cancelOnGateFailure because it contains the gate steps.
-    for (const stepKey of [
-      'pick_test_group_run_order',
-      'build_scout_tests',
-      'check_oas_snapshot',
-      'build_api_docs',
-    ]) {
+    for (const stepKey of ['pick_test_group_run_order', 'build_scout_tests', 'build_api_docs']) {
       execFileSync('buildkite-agent', [
         'meta-data',
         'set',
@@ -354,7 +349,6 @@ const SKIPPABLE_PR_MATCHERS = prConfig.skip_ci_on_only_changed!.map((r) => new R
         /^x-pack\/solutions\/security\/test\/security_solution_cypress/,
         /^\.buildkite\/pipelines\/pull_request\/security_solution\/ai_assistant\.yml/,
         /^\.buildkite\/pipelines\/pull_request\/security_solution\/ai4dsoc\.yml/,
-        /^\.buildkite\/pipelines\/pull_request\/security_solution\/automatic_import\.yml/,
         /^\.buildkite\/pipelines\/pull_request\/security_solution\/detection_engine\.yml/,
         /^\.buildkite\/pipelines\/pull_request\/security_solution\/entity_analytics\.yml/,
         /^\.buildkite\/pipelines\/pull_request\/security_solution\/rule_management\.yml/,
@@ -371,12 +365,6 @@ const SKIPPABLE_PR_MATCHERS = prConfig.skip_ci_on_only_changed!.map((r) => new R
       pipeline.push(
         getPipeline('.buildkite/pipelines/pull_request/security_solution/ai4dsoc.yml', cancelable)
       );
-      pipeline.push(
-        getPipeline(
-          '.buildkite/pipelines/pull_request/security_solution/automatic_import.yml',
-          cancelable
-        )
-      );
       pipeline.push(
         getPipeline(
           '.buildkite/pipelines/pull_request/security_solution/detection_engine.yml',

.buildkite/scripts/pipelines/pull_request/pipeline.ts

@@ -16,11 +16,17 @@ if [[ -n "${GITHUB_PR_MERGE_BASE:-}" ]]; then
   MERGE_BASE_ARGS=(--mergeBase "$GITHUB_PR_MERGE_BASE")
 fi
 
+REPORT_DIR="packages/kbn-api-contracts/target/reports"
+STACK_REPORT="$REPORT_DIR/stack-impact.json"
+SERVERLESS_REPORT="$REPORT_DIR/serverless-impact.json"
+rm -f "$STACK_REPORT" "$SERVERLESS_REPORT"
+
 echo "Checking stack API contracts..."
 node scripts/check_api_contracts.js \
   --distribution stack \
   --specPath oas_docs/output/kibana.yaml \
   --baseBranch "$BASE_BRANCH" \
+  --reportPath "$STACK_REPORT" \
   "${MERGE_BASE_ARGS[@]+"${MERGE_BASE_ARGS[@]}"}" &
 STACK_PID=$!
 
@@ -29,6 +35,7 @@ node scripts/check_api_contracts.js \
   --distribution serverless \
   --specPath oas_docs/output/kibana.serverless.yaml \
   --baseBranch "$BASE_BRANCH" \
+  --reportPath "$SERVERLESS_REPORT" \
   "${MERGE_BASE_ARGS[@]+"${MERGE_BASE_ARGS[@]}"}" &
 SERVERLESS_PID=$!
 
@@ -38,5 +45,10 @@ wait $STACK_PID || STACK_EXIT=$?
 wait $SERVERLESS_PID || SERVERLESS_EXIT=$?
 
 if [ $STACK_EXIT -ne 0 ] || [ $SERVERLESS_EXIT -ne 0 ]; then
+  echo --- Notify API owners
+  if [[ "${BUILDKITE_PULL_REQUEST:-false}" != "false" ]]; then
+    ts-node .buildkite/scripts/steps/checks/notify_api_contract_owners.ts \
+      "$STACK_REPORT" "$SERVERLESS_REPORT" || echo "Warning: failed to post PR notification"
+  fi
   exit 1
 fi

.buildkite/scripts/steps/checks/api_contracts.sh

@@ -0,0 +1,89 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the "Elastic License
+ * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
+ * Public License v 1"; you may not use this file except in compliance with, at
+ * your election, the "Elastic License 2.0", the "GNU Affero General Public
+ * License v3.0 only", or the "Server Side Public License, v 1".
+ */
+
+jest.mock('#pipeline-utils', () => ({
+  upsertComment: jest.fn(),
+}));
+
+import { buildCommentBody, type ImpactEntry } from './notify_api_contract_owners';
+
+const entry = (overrides: Partial<ImpactEntry> = {}): ImpactEntry => ({
+  path: '/api/spaces/space',
+  method: 'GET',
+  reason: 'Endpoint removed',
+  terraformResource: 'elasticstack_kibana_space',
+  owners: ['@elastic/kibana-security'],
+  ...overrides,
+});
+
+describe('buildCommentBody', () => {
+  it('renders a markdown table with one entry', () => {
+    const body = buildCommentBody([entry()]);
+
+    expect(body).toContain('## API Contract Breaking Changes');
+    expect(body).toContain('| `/api/spaces/space` `GET`');
+    expect(body).toContain('elasticstack_kibana_space');
+    expect(body).toContain('@elastic/kibana-security');
+  });
+
+  it('deduplicates owners in the cc line', () => {
+    const entries = [
+      entry({ owners: ['@elastic/kibana-security'] }),
+      entry({ path: '/api/spaces/space/{id}', owners: ['@elastic/kibana-security'] }),
+    ];
+    const body = buildCommentBody(entries);
+
+    const ccLine = body.split('\n').find((l) => l.startsWith('cc '))!;
+    const mentions = ccLine.replace('cc ', '').trim().split(' ');
+    expect(mentions).toEqual(['@elastic/kibana-security']);
+  });
+
+  it('aggregates multiple distinct owners', () => {
+    const entries = [
+      entry({ owners: ['@elastic/kibana-security'] }),
+      entry({
+        path: '/api/fleet/agent_policies',
+        method: 'POST',
+        terraformResource: 'elasticstack_fleet_agent_policy',
+        owners: ['@elastic/fleet'],
+      }),
+    ];
+    const body = buildCommentBody(entries);
+
+    expect(body).toContain('@elastic/kibana-security');
+    expect(body).toContain('@elastic/fleet');
+  });
+
+  it('shows _unknown_ when no owners exist', () => {
+    const body = buildCommentBody([entry({ owners: [] })]);
+
+    expect(body).toContain('cc _unknown_');
+  });
+
+  it('escapes pipe characters in the reason field', () => {
+    const body = buildCommentBody([entry({ reason: 'field|was|removed' })]);
+
+    expect(body).toContain('field\\|was\\|removed');
+    expect(body).not.toContain('field|was|removed');
+  });
+
+  it('escapes newlines in the reason field', () => {
+    const body = buildCommentBody([entry({ reason: 'line1\nline2' })]);
+
+    expect(body).toContain('line1 line2');
+    expect(body).not.toContain('line1\nline2');
+  });
+
+  it('omits method badge when method is undefined', () => {
+    const body = buildCommentBody([entry({ method: undefined })]);
+
+    expect(body).toContain('| `/api/spaces/space` |');
+    expect(body).not.toMatch(/`GET`|`POST`|`PUT`|`DELETE`/);
+  });
+});

.buildkite/scripts/steps/checks/notify_api_contract_owners.test.ts

@@ -0,0 +1,109 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the "Elastic License
+ * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
+ * Public License v 1"; you may not use this file except in compliance with, at
+ * your election, the "Elastic License 2.0", the "GNU Affero General Public
+ * License v3.0 only", or the "Server Side Public License, v 1".
+ */
+
+import { readFileSync, existsSync } from 'fs';
+import { upsertComment } from '#pipeline-utils';
+
+export interface ImpactEntry {
+  path: string;
+  method?: string;
+  reason: string;
+  terraformResource: string;
+  owners: string[];
+}
+
+interface ImpactReport {
+  impactedChanges: ImpactEntry[];
+}
+
+const COMMENT_CONTEXT = 'api-contracts-tf-breaking';
+
+const ALLOWLIST_PATH = 'packages/kbn-api-contracts/allowlist.json';
+const README_PATH = 'packages/kbn-api-contracts/README.md';
+
+export const buildCommentBody = (entries: ImpactEntry[]): string => {
+  const allOwners = [...new Set(entries.flatMap((e) => e.owners || []))];
+  const ownerMentions = allOwners.length > 0 ? allOwners.join(' ') : '_unknown_';
+
+  const escapeCell = (text: string): string => text.replace(/\|/g, '\\|').replace(/\n/g, ' ');
+
+  const rows = entries
+    .map((e) => {
+      const method = e.method ? ` \`${e.method.toUpperCase()}\`` : '';
+      return `| \`${e.path}\`${method} | ${escapeCell(e.terraformResource)} | ${escapeCell(
+        e.reason
+      )} | ${(e.owners || []).join(', ')} |`;
+    })
+    .join('\n');
+
+  return `## API Contract Breaking Changes — Terraform Provider Impact
+
+cc ${ownerMentions}
+
+The following breaking change(s) affect APIs consumed by the [Elastic Terraform Provider](https://github.com/elastic/terraform-provider-elasticstack).
+
+| Endpoint | Terraform Resource | Reason | Owners |
+|----------|--------------------|--------|--------|
+${rows}
+
+### What to do
+
+1. **Fix the breaking change** if it was unintentional.
+2. **If intentional**, add an approved entry to [\`${ALLOWLIST_PATH}\`](https://github.com/elastic/kibana/blob/main/${ALLOWLIST_PATH}) and coordinate with \`@elastic/terraform-provider\`.
+
+See the [\`@kbn/api-contracts\` README](https://github.com/elastic/kibana/blob/main/${README_PATH}) for details on the allowlist schema and workflow.`;
+};
+
+async function main() {
+  const reportPaths = process.argv.slice(2);
+
+  const allEntries: ImpactEntry[] = [];
+  for (const reportPath of reportPaths) {
+    if (!existsSync(reportPath)) {
+      continue;
+    }
+    try {
+      const report: ImpactReport = JSON.parse(readFileSync(reportPath, 'utf-8'));
+      if (!Array.isArray(report.impactedChanges)) {
+        console.error(`Report at ${reportPath} has no impactedChanges array, skipping`);
+        continue;
+      }
+      allEntries.push(...report.impactedChanges);
+    } catch {
+      console.error(`Failed to parse report at ${reportPath}, skipping`);
+    }
+  }
+
+  if (allEntries.length === 0) {
+    console.log('No TF-impacting breaking changes to report');
+    return;
+  }
+
+  const deduped = Array.from(
+    new Map(allEntries.map((e) => [`${e.path}::${e.method ?? ''}`, e])).values()
+  );
+
+  const body = buildCommentBody(deduped);
+  console.log('Posting PR comment notifying API owners...');
+
+  await upsertComment({
+    commentBody: body,
+    commentContext: COMMENT_CONTEXT,
+    clearPrevious: true,
+  });
+
+  console.log('PR comment posted successfully');
+}
+
+if (require.main === module) {
+  main().catch((error) => {
+    console.error('Failed to post API contract notification:', error);
+    process.exit(1);
+  });
+}