elasticmachine
commented
2 years ago Pinging @elastic/fleet (Team:Fleet)
Closed kpollich closed 1 year ago
elasticmachine
commented
2 years ago Pinging @elastic/fleet (Team:Fleet)
elasticmachine
commented
2 years ago Pinging @elastic/apm-ui (Team:apm)
spalger
commented
2 years ago There are buildkite APIs to access artifacts from specific builds, so if we knew the buildkite build id for the apm-server job that built the artifact then accessing the artifacts would be trivial. Knowing the build id is the hard part. You might want to use a simple gcs artifact/manifest that records the most recent build ID for a specific branch or something, allowing a very simple record of the correct build id to use.
buildkite-agent artifact download "apm-server-build.tar.gz" . --build "$APM_SERVER_BUILD_ID"Alternatively, if you want to just upload the artifacts to a gcs bucket and then just download the most recent version of the artifact from a well-known object name, like:
gsutil cp gs://elastic-apm-server-ci-builds/${branch}/latest.tar.gz apm-server-build.tar.gzWe can help setup the GCS buckets you'd like to use
axw
commented
2 years ago @kpollich I think that all sounds sensible. We'll need to sign the packages we store in build artifacts, which I think is something that @mtojek is looking into anyway.
@spalger we are using Jenkins, so unfortunately we can't use buildkite build artifacts.
For unified release builds, I would expect that Kibana would bundle the apm package from the the specific APM Server build for that unified release, rather than the latest branch build. Would it make sense to have Kibana build after APM Server in unified release, and fetch the artifacts that way? This is how binary artifacts are bundled in elastic-agent.
jbudz
commented
2 years ago @mgreau can you help triage this? We can re-add support for synchronous artifacts, or implement an async check, just want to make sure we're not overlapping projects.
@kpollich what timeline are we targeting here?
kpollich
commented
2 years ago @kpollich what timeline are we targeting here?
I think sometime in 8.5 would be ideal, but @axw or someone else on the APM side might be able to better answers this. Should this be considered a blocker for package storage v2 shipping?
axw
commented
2 years ago Should this be considered a blocker for package storage v2 shipping?
Yes, I think so. So 8.5 would be the target.
kpollich
commented
2 years ago I spoke with @joshdover a bit offline, and I think we can avoid any involvement with CI or operations here by doing the following.
usesStackAlignedExperimentalReleases flag in fleet_packages.jsonusesStackAlignedExperimentalReleases is set for a bundled package, Kibana will fetch the latest compatible prerelease version from EPR when bundling, regardless of the version value specified in fleet_package.jsonSo, if APM opts in to this behavior, we'd have the following process:
?experimental=true query stringapm-8.5.0-dev1 version of APM, for exampleapm-8.5.0-dev1 version using the returned archive + signature file from EPRapm-8.5.0-dev1 package8.5.0 so it's displayed as such in the UI, etcI think this avoids the risk of shipping a prerelease versions in production (assuming the last prerelease == the production release) while affording us the ability to use prerelease versions of APM during the BC period.
@axw - Does this satisfy the APM team's needs here without needing to involve more moving parts involving the operations folks, CI pipelines, etc?
axw
commented
2 years ago @kpollich I think it's reasonable. I'd say it's not perfect, as it's depending on something outside of the unified release process, which could break this assumption
assuming the last prerelease == the production release
... but I think this is better than what we have today, and addresses our immediate needs. I'd say we should go with this, and if we need to we could come back to the more complicated CI pipeline orchestration.
jsoriano
commented
2 years ago Fetch against EPR with
?experimental=truequery string
Take into account that experimental flag is deprecated, prerelease=true should be used instead (more context in https://github.com/elastic/package-spec/issues/225).
kpollich
commented
2 years ago Hi folks, I've updated the description + title here based on https://github.com/elastic/kibana/issues/137759#issuecomment-1204191846, and this should no longer involve the operations team so I've removed their label here. Thanks to the operations folks that responded above to provide some clarity, but we should be able to move forward with a more isolated implementation in Fleet's package bundling process.
cauemarcondes
commented
2 years ago Just to clarify, based on what's been discussed there's no action for the APM UI team, am I right?
kpollich
commented
2 years ago Just to clarify, based on what's been discussed there's no action for the APM UI team, am I right?
This is correct based on the implementation we've discussed in this issue. The Fleet team would be driving the implementation of the prerelease version rewriting, support for an opt-in flag in fleet_packages.json, etc.
@axw I've spent some time thinking about bundled packages and speaking with @ruflin about this in more details, and I'd be very interested to hear more about APM's specific pain points with the current processes around bundling packages + how they relate to package storage v2. Upon reviewing the email chain that prompted this issue, I came across this list of requirements you drafted:
- In Cloud, have the package installed by default and auto-upgraded on stack upgrade.
- On-prem, have the package installed on demand, and then auto-upgraded on stack upgrade.
- Align the APM package version with the stack. The package, APM Server code, and Kibana code are tightly coupled.
- Integrate with the unified release process, and use the same package promotion process. This will enable us to make fixes to the package after any BC if it's a release blocker
Of these, numbers 1 and 2 are already fully supported and working as intended with regards to Fleet and APM. I hope I'm not missing something there, but I think we're aligned there and meeting the APM team's needs via cloud's preconfiguration configs and our support for "auto-update" packages + "auto-upgrade" package policies.
Numbers 3 and 4 are a bit more confusing to me, and I hope you can provide a little more clarity so I can understand the motivations here, and whether our path forward laid out in this issue is the right one.
- Align the APM package version with the stack. The package, APM Server code, and Kibana code are tightly coupled.
- Integrate with the unified release process, and use the same package promotion process. This will enable us to make fixes to the package after any BC if it's a release blocker
I'm assuming this means that when we're shipping Kibana 8.4.0, we're also shipping APM server 8.4.0 and the APM integration 8.4.0 - essentially treating all of these individual services as stack components.
My main question here is whether this is a functional or aesthetic need. For example, would it be possible to push an emergency release to the APM integration and publish it to EPR as 8.4.0-patch1 or similar? Does this emergency release process have an analog in APM server, or is APM server always released as part of the unified release cycle?
Overall, I'm concerned about baking too much logic into the package bundling process in Kibana. I am wondering if it's worth revisiting https://github.com/elastic/kibana/issues/124342 and considering storing bundled packages directly in Kibana's source code.
Storing bundled packages directly in Kibana and updating via Git replaces the manual pre-release checklist of bundled package updates with a more automation-friendly process. e.g. elastic/integrations repo CI can push bundled package updates to Kibana via GitHub PR. Similarly, the elastic/apm-server can push to EPR (via elastic-package upload) and Kibana (via its own CI + GitHub PR).
A process like this removes the "build step" to resolve + download bundled packages every time a Kibana distributable is built, and makes it simpler to manage bundled packages via Git and GitHub instead of custom logic and tooling.
Of course there are many bits of nuance and further thinking to do to support this, so I don't want to forego breaking down any immediate blockers the APM team is dealing with. Is the prerelease version rewriting logic captured here necessary to unblock the APM team in the coming releases where package storage v2 will be live?
I know this is a conversation that has happened a few times now, but I'm curious if there are any new thoughts here. Does this issue run counter to a potentially more elegant solution involving Kibana's source code directly containing bundled packages?
axw
commented
2 years ago Of these, numbers 1 and 2 are already fully supported and working as intended with regards to Fleet and APM. I hope I'm not missing something there, but I think we're aligned there and meeting the APM team's needs via cloud's preconfiguration configs and our support for "auto-update" packages + "auto-upgrade" package policies.
That's correct, I just included them for completeness.
Numbers 3 and 4 are a bit more confusing to me, and I hope you can provide a little more clarity so I can understand the motivations here, and whether our path forward laid out in this issue is the right one.
- Align the APM package version with the stack. The package, APM Server code, and Kibana code are tightly coupled.
- Integrate with the unified release process, and use the same package promotion process. This will enable us to make fixes to the package after any BC if it's a release blocker
I'm assuming this means that when we're shipping Kibana 8.4.0, we're also shipping APM server 8.4.0 and the APM integration 8.4.0 - essentially treating all of these individual services as stack components.
That's correct.
My main question here is whether this is a functional or aesthetic need. For example, would it be possible to push an emergency release to the APM integration and publish it to EPR as 8.4.0-patch1 or similar? Does this emergency release process have an analog in APM server, or is APM server always released as part of the unified release cycle?
APM Server is always released as part of the unified release.
It would be possible to publish a patch to the integration package out of band, but we don't want to introduce version skew. There would be more variables, decreasing supportability. It also means the APM UI code cannot assume anything about the version that is installed, increasing its complexity (see https://github.com/elastic/kibana/issues/124342#issuecomment-1054615645).
We have not yet needed to push an emergency fix for the integration package. Not to say that it can't or won't happen, but it's the wrong thing to optimise for. Issues with assets installed by the integration package are much more easily worked around compared to bugs in APM Server code.
Overall, I'm concerned about baking too much logic into the package bundling process in Kibana. I am wondering if it's worth revisiting #124342 and considering storing bundled packages directly in Kibana's source code.
Is it that the change to rewrite the version sigificant? Or is the concern about the implications of bundling at build time, and making the build non-reproducible? I assume the latter.
I don't want to move the source of the APM integration package to Kibana in the foresseable future, as working across repos like that will introduce toil for APM Server developers and reduce our velocity. I'd be happy to consider syncing the source for bundling though.
Storing bundled packages directly in Kibana and updating via Git replaces the manual pre-release checklist of bundled package updates with a more automation-friendly process. e.g. elastic/integrations repo CI can push bundled package updates to Kibana via GitHub PR. Similarly, the elastic/apm-server can push to EPR (via elastic-package upload) and Kibana (via its own CI + GitHub PR).
A process like this removes the "build step" to resolve + download bundled packages every time a Kibana distributable is built, and makes it simpler to manage bundled packages via Git and GitHub instead of custom logic and tooling.
I would be fine with having apm-server's CI push the package to elastic/kibana. Can we avoid having to go through PRs & additional code reviews? Integration package changes are reviewed in APM Server PRs, so I expect that should be sufficient. This does seem like a better option to me, since it enables reproducible builds.
Of course there are many bits of nuance and further thinking to do to support this, so I don't want to forego breaking down any immediate blockers the APM team is dealing with. Is the prerelease version rewriting logic captured here necessary to unblock the APM team in the coming releases where package storage v2 will be live?
I know this is a conversation that has happened a few times now, but I'm curious if there are any new thoughts here. Does this issue run counter to a potentially more elegant solution involving Kibana's source code directly containing bundled packages?
It's not strictly necessary to do the version rewriting. If we push a timstamped package to package-storage v2 (because immutability) and a non-timestamped version to kibana (because stack version alignment), then I believe we'll be unblocked. Now it's just a question of what we can get done in time to switch over to storage v2. We need to ensure the bundling is done right before then, as otherwise we'll run into problems given that we cannot overwrite versions in storage v2.
jbudz
commented
2 years ago Storing bundled packages directly in Kibana and updating via Git replaces the manual pre-release checklist of bundled package updates with a more automation-friendly process
I'd rather we poll the unified release API for the latest release during development/builds than store an archive in the Kibana repo. At ~25mb per archive the repo size will end up quite large. We can have APM CI trigger Kibana CI when a new build is published. We will have to make sure the released version is the exact same as the bundled version.
I would be fine with having apm-server's CI push the package to elastic/kibana. Can we avoid having to go through PRs & additional code reviews?
Maybe - I'm not sure how integrated APM server is. Elasticsearch changes break Kibana tests relatively frequently, so we don't allow automatic updates. We do package beats in our Cloud image without verification, but that's really just running a separate process with no integration.
axw
commented
2 years ago I'd rather we poll the unified release API for the latest release during development/builds than store an archive in the Kibana repo.
Another option, which is a kind of combination of all of the above: we could have APM Server's CI send a PR to Kibana which will update it to a specific pre-release/snapshot package version after it is published to package storage. That way we would have reproducible builds. We would still want to rewrite the version to match Kibana's.
Something like this:
When Kibana is built off that commit, it wouldn't pull the latest package, but it would pull that specific package version from storage. It would rewrite the version of the package to match its own version (8.5.0-preview-123456 => 8.5.0).
Maybe - I'm not sure how integrated APM server is. Elasticsearch changes break Kibana tests relatively frequently, so we don't allow automatic updates. We do package beats in our Cloud image without verification, but that's really just running a separate process with no integration.
@jbudz if we could create a PR which doesn't need review, but waits for tests to pass and then auto-merges - would that be OK?
jbudz
commented
2 years ago @jbudz if we could create a PR which doesn't need review, but waits for tests to pass and then auto-merges - would that be OK?
Yep that should be fine - I don't think we have a merge without approval button, but we've automated approvals in some cases e.g. https://github.com/elastic/kibana/pull/138866
kpollich
commented
2 years ago I'd rather we poll the unified release API for the latest release during development/builds than store an archive in the Kibana repo. At ~25mb per archive the repo size will end up quite large. We can have APM CI trigger Kibana CI when a new build is published. We will have to make sure the released version is the exact same as the bundled version.
What about storing the non-archived packages and generating .zip archives as part of the build? We might need to introduce a dependency on https://github.com/elastic/elastic-package to perform the package build, but it might save on space here. This would also allow package maintainers to actively develop within the Kibana repo if they chose to do so, rather than syncing via CI from another location.
Another option, which is a kind of combination of all of the above: we could have APM Server's CI send a PR to Kibana which will update it to a specific pre-release/snapshot package version after it is published to package storage. That way we would have reproducible builds. We would still want to rewrite the version to match Kibana's.
This would definitely solve the issue with manually updating bundled package versions, but we'd still be doing the on-the-fly version rewriting specific to APM's (and maybe Endpoint's?) needs. What if, as part of the "bundled package contract", any package whose source is stored in elastic/kibana would have its version forcibly set to align with Kibana's? e.g. all bundled packages would ship with Kibana with a version like 8.4.0 or 8.4.0-SNAPSHOT in the case of a build candidate. Then, it'd be up to the integration maintainers to ensure a same-versioned package exists on the registry to avoid version divergence.
mtojek
commented
2 years ago Hi @axw and @kpollich,
I'm back from PTO and trying to keep up with this thread.
Another option, which is a kind of combination of all of the above: we could have APM Server's CI send a PR to Kibana which will update it to a specific pre-release/snapshot package version after it is published to package storage. That way we would have reproducible builds. We would still want to rewrite the version to match Kibana's.
The Infra layer of the Package Storage v2 contains a set of jobs that can be triggered on different events. We could add a new job responsible for syncing bundled packages (or just the apm package?) with the Kibana repository. It can be started by the indexing job or on daily basis (schedule-daily job).
It isn't anything new for the infra, as we have also a different job to refresh kubernetes templates. The job opens PRs against the agent (or beats?) repository.
Let me know what do you think.
ruflin
commented
2 years ago It can be started by the indexing job or on daily basis (schedule-daily job).
Nit: I prefer we optimise for "continuously" instead of daily, just to get into the habit.
mtojek
commented
2 years ago Nit: I prefer we optimise for "continuously" instead of daily, just to get into the habit.
Yes, if we want to explore the option with the sync job. Let's wait for @kpollich to chime in.
kpollich
commented
2 years ago The Infra layer of the Package Storage v2 contains a set of jobs that can be triggered on different events. We could add a new job responsible for syncing bundled packages (or just the apm package?) with the Kibana repository. It can be started by the indexing job or on daily basis (schedule-daily job).
It would be great to continuously update the APM package stored in Kibana's source via CI like this. The k8's template job is a pretty direct comparison, I think.
To clarify, I've created two diagrams to capture the before/after workflows around bundled packages.
So, the new process would essentially allow the APM team to publish any version of the APM package and a PR would automatically be filed against Kibana updating the package in main. Kibana would then be responsible for building the package as an additional build step, including a forcibly-aligned version number based on the generated Kibana distributable.
Let me know if I've captured your thinking here, @mtojek.
mtojek
commented
2 years ago These are really fancy graphs :) Please share what you've used to prepare them @kpollich.
Let me rephrase it into components we own.
Questions:
manifest.yml and in changelog.yml. Should the sync-bundled-packages job replace/alter the package version? It's different depending on the package. For example: apm-8.5.0-preview-1660193585 vs. 8.5.0-dev.0.I'm concerned about increasing complexity around the solution, but hopefully, we're closer than further. cc @jlind23
kpollich
commented
2 years ago https://excalidraw.com/ is the tool in question đ
Are package sources stored in Kibana today? Most likely I missed the source reference.
Package sources aren't stored in Kibana today, only a reference to a package. Kibana fetches the built package archives from EPR at build time for a configurable list of bundled packages.
Not sure why there is a both-directions arrow between Kibana and "PR updating package". Can we focus on one direction as MVP?
Yes this is just a typo - PR's only go one direction it turns out đľ
The package version is hardcoded in manifest.yml and in changelog.yml. Should the sync-bundled-packages job replace/alter the package version? It's different depending on the package. For example: apm-8.5.0-preview-1660193585 vs. 8.5.0-dev.0.
I think this is one of the big asks from @axw here: to forcibly align APM's version to the stack. See his responses above regarding this version alignment need: https://github.com/elastic/kibana/issues/137759#issuecomment-1216091021. The plan would be to overwrite the version in manifest.yml when building the package, yes.
Which packages should be bundled? APM, Endpoint, Synthetics, anything else?
The packages we bundle today are captured here https://github.com/elastic/kibana/blob/main/fleet_packages.json
We don't need to sign bundled packages right? These will ultimately be considered to be "safe".
Yes I think we'd want these packages to skip the signing/verification process. Since their source code ships directly with Kibana it seems unnecessary to verify them in the same way we verify packages downloaded from EPR. This will probably allow us to skip over some corner cases related to verification.
mtojek
commented
2 years ago I'm not sure if I just circle back the discussion, but I will try this:
If we stick with package references and fleet_packages.json file, but have the logic to select latest/indexed revisions from the Package Storage v2. The job can be responsible for updating the fleet_packages.json file, based on its knowledge of EPR search indices.
During the build time, Kibana would pull referenced .zip files, unpack them, and alter package versions if needed (configurable for apm, not sure about others).
Long story short, we would need:
fleet_packages.json.axw
commented
2 years ago I think what @mtojek wrote above sounds like a good approach. We would still need to verify the integrity of the package with this approach, since there's a download involved - but this would be done at bundling time rather than run-/installation time.
Perhaps we could extend fleet_packages.json with:
mtojek
commented
2 years ago Sounds like a plan. I will start preparing the sync job in the package-storage-infra.
kpollich
commented
2 years ago I'll take a pass at adding this new functionality to fleet_packages.json today.
kpollich
commented
2 years ago I put together a first pass at the "align package version to Kibana's" behavior here: https://github.com/elastic/kibana/pull/139567. @axw I think this satisfies the initial asks from this issue (prior to our discussions about higher level rethinking of how we work on bundled packages), but please let me know if there's anything else we can do in the immediate term to unblock APM in 8.5.
dannycroft
commented
2 years ago @kpollich I'm removing the Team:apm label from this as it seems that APM UI isn't needed here. Please re-add if I'm mistaken.
axw
commented
2 years ago I put together a first pass at the "align package version to Kibana's" behavior here: https://github.com/elastic/kibana/pull/139567. @axw I think this satisfies the initial asks from this issue (prior to our discussions about higher level rethinking of how we work on bundled packages), but please let me know if there's anything else we can do in the immediate term to unblock APM in 8.5.
@kpollich thanks, looks good overall!
We can always rework it later, but I think it would be better to have forceAlignStackVersion only rewrite the version, and not influence the version of the package pulled from EPR. For the latter, can we specify "version": "latest" in fleet_packages.json?
That would take us in the direction of https://github.com/elastic/kibana/issues/137759#issuecomment-1227480237, where we would set a specific version in fleet_packages.json to pull from EPR for reproducibility.
mtojek
commented
2 years ago For the latter, can we specify "version": "latest" in fleet_packages.json?
I understand that "version": "latest" would download the latest available package? This could possibly replace the sync-bundled-packages job and let us get rid of automated PRs, but not sure if it's transparent and reproducible enough (which package has been pulled out eventually).
That would take us in the direction of https://github.com/elastic/kibana/issues/137759#issuecomment-1227480237, where we would set a specific version in fleet_packages.json to pull from EPR for reproducibility.
đ
Let me know what you think as it impacts the work I've planned to do (implement the sync job).
BTW Could we remove that comment block in fleet_packages.json and put it aside :)? It doesn't look like a valid JSON...
axw
commented
2 years ago I understand that "version": "latest" would download the latest available package? This could possibly replace the sync-bundled-packages job and let us get rid of automated PRs, but not sure if it's transparent and reproducible enough (which package has been pulled out eventually).
@mtojek I only meant as an interim step, until the sync-bundled-packages work is done. I still think it would be a good idea to pin kibana to specific integration package versions.
kpollich
commented
2 years ago BTW Could we remove that comment block in fleet_packages.json and put it aside :)? It doesn't look like a valid JSON...
We can make the file .jsonc to be explicit (will also make GitHub not complain), but we parse it with https://json5.org/ like we do most other Kibana config files (tsconfig.*.json for example), in order to support comments. We don't have any other .jsonc files in the repo though that I'm aware of, and it seems to be an established convention in Kibana to use .json even if we're parsing with JSON5.
We can always rework it later, but I think it would be better to have forceAlignStackVersion only rewrite the version, and not influence the version of the package pulled from EPR.
This makes sense, and I'd rather have every package in .fleet_packages.json define a version anyway.
For the latter, can we specify "version": "latest" in fleet_packages.json?
If the sync packages CI task work isn't too far out, then I don't see a need to have support for latest in fleet_packages.json. It sounds like APM isn't going to use latest, and I don't know that any of the other packages will need to do so. Seems safer to just wait for the CI job and continue supporting only pinned versions in the interim.
mtojek
commented
2 years ago This makes sense, and I'd rather have every package in .fleet_packages.json define a version anyway.
đ
If the sync packages CI task work isn't too far out, then I don't see a need to have support for latest in fleet_packages.json. It sounds like APM isn't going to use latest, and I don't know that any of the other packages will need to do so. Seems safer to just wait for the CI job and continue supporting only pinned versions in the interim.
I'm working on this here. I'm if we should expand the file structure:
[
{
"name": "apm",
"version": "8.4.0-preview-1234567",
"source": {
"repository_name": "package-storage-v2",
"download_url": "https://package-storage.elastic.co/artifacts/packages/apm-8.4.0-preview-1234567.zip",
"signature_url": "https://package-storage.elastic.co/artifacts/packages/apm-8.4.0-preview-1234567.zip.sig"
},
...
},This way we could get rid of the logic pointing to epr-snapshot from Kibana and start using signed artifacts (a concern raised by @axw).
kpollich
commented
2 years ago We can always rework it later, but I think it would be better to have forceAlignStackVersion only rewrite the version, and not influence the version of the package pulled from EPR.
Updated https://github.com/elastic/kibana/pull/139567 with this behavior in mind. We require a version in .fleet-packages.json and Kibana will only fetch that version. The rewriting of the archive path/version logic remains in tact.
mtojek
commented
2 years ago The sync-bundled-packages job is waiting for reviews too (internal link above).
mtojek
commented
1 year ago @kpollich I'm polishing the implementation of the sync-bundled-packages-job, but it looks like every necessary piece is in place now. Do you think that we can resolve this issue?
kpollich
commented
1 year ago Yep that sounds good to me. I think we can close this out.
Replaces https://github.com/elastic/kibana/issues/136834
In the process of adapting various Elastic Agent packages to the new Package Storage v2 architecture, we've identified some needs specifically for the APM package to continue allowing the maintainers of the APM integration to work within their current processes:
8.4.0-dev1) to be presented as8.4.0to preserve APM's versioning needsTo meet these goals, we're proposing the following implementation:
usesStackAlignedExperimentalReleasesflag infleet_packages.jsonusesStackAlignedExperimentalReleasesis set for a bundled package, Kibana will fetch the latest compatible prerelease version from EPR when bundling, regardless of theversionvalue specified infleet_package.jsonSo, if APM opts in to this behavior, we'd have the following process:
?experimental=truequery stringapm-8.5.0-dev1version of APM, for exampleapm-8.5.0-dev1version using the returned archive + signature file from EPRapm-8.5.0-dev1package8.5.0so it's displayed as such in the UI, etcShow original description
> To accomplish this, we're proposing an implementation as follows > > 1. Use the existing bundling build step to pull the package versions and signatures listed in fleet_packages.json from the snapshot registry > 2. Add a new build step that overwrites some packages from the first step with packages from another directory (configured by CI). > * We'd use this to overwrite the APM package from snapshot with one built from the https://github.com/elastic/apm-server build artifacts. This step would be a no-op in local builds not built on CI with access to apm-server's build artifacts. > 4. Continue to do verification at install time for bundled packages > > @axw @Mpdreamz @joshdover - Please let me know if I've captured the needs here accurately, and if the proposed implementation from Josh's email looks sufficient. > > @elastic/kibana-operations - What is the feasibility of being able to access artifacts built by CI in the `apm-server` repo during Kibana's CI builds? If we want to access these artifacts what would be the best way to do it? Could we have Kibana CI depend on a build task run in `apm-server`, and then be able to access the build artifacts it generates? This will be a process that may need to be made generic to support similar implementations for cases like endpoint.