[CI] Support package discovery in nested directories - WIP by mrodm · Pull Request #18495 · elastic/integrations

mrodm · 2026-04-17T10:01:23Z

Summary

This PR centralises package discovery logic into a new citools.ListPackages function and uses it across packagenames and codeowners, replacing the previously duplicated filepath.WalkDir implementations. As a side effect, both checks now support packages organised in nested directory structures (e.g. packages/category/my_package), not just flat packages/my_package layouts.

Proposed commit

WHAT:

Allow packages to be placed in nested subdirectories under packages/
(e.g. packages/<category>/<name>) instead of being restricted to the flat
packages/<name> layout. Previously, codeowners
discovery logic would silently ignore any package not sitting directly under
packages/, meaning nested packages would bypass ownership validation entirely.

WHY:

As the number of integrations grows, being able to organise packages into
category subdirectories becomes necessary to keep the repository manageable.
The existing tooling hard-coded a single-level walk, blocking this. This change
makes nested directory layouts a supported and validated structure across all
CI tooling, so teams can start grouping packages without breaking checks.

Changes

`dev/citools`

Add ListPackages(dir string) ([]string, error) — walks a directory recursively, returns sorted paths of all valid packages found. A package is considered valid when its manifest.yml contains non-empty format_version, name, type (one of integration, input, content) and version fields.
Extend packageManifest struct with FormatVersion, Type and Version fields, and add an IsValid() method, mirroring the logic previously only present in dev/packagenames.
Expose readPackageManifest as ReadPackageManifest so it can be reused from other packages.

`dev/packagenames`

Remove manifest.go and its local packageManifest type; replace all usages with citools.ReadPackageManifest.
Replace the internal walkPackagePaths function with a call to citools.ListPackages.

`dev/codeowners`

Replace the inline filepath.WalkDir loop in validatePackages with a call to citools.ListPackages, removing the duplicate discovery logic.
Update testdata manifests with the required format_version, name, type and version fields.
Add a nested_packages testdata fixture with packages at two directory levels (top-level and under a category/ subdirectory, one with data streams).
Add five new TestValidatePackages cases covering: explicit per-package owners, missing owner for a nested package, category-level inherited ownership, valid per-stream ownership in a nested package, and missing stream owner in a nested package.

`magefile.go`

Add a ListPackages mage target that prints all package paths under the packages/ directory, one per line.

`.buildkite/scripts/common.sh`

Add should_test_package helper function that encapsulates the pushd/is_pr_affected/popdpattern along with fatal-error handling, replacing near-identical blocks that were duplicated intest_integrations_with_serverless.shandtrigger_integrations_in_parallel.sh`.

`.buildkite/scripts/build_packages.sh`

Replace the find-based flat directory loop with list_all_directories (backed by mage listPackages) so packages in nested subdirectories are discovered correctly.
Replace with_go with with_mage (which calls with_go internally) so mage is available when list_all_directories runs.

Backport pipeline

Remove PACKAGE_FOLDER_NAME as a required input parameter from pipeline.backport.yml and backport_branch.sh. The package path is now resolved automatically by a new get_package_path function that looks up the package whose manifest.yml name field matches the given PACKAGE_NAME, using mage listPackages to iterate all discovered packages.
Update docs/extend/developer-workflow-support-old-package.md to reflect the removed parameter.

Checklist

I have reviewed tips for building integrations and this pull request is aligned with them.
I have verified that all data streams collect metrics or logs.
I have added an entry to my package's changelog.yml file.
I have verified that Kibana version constraints are current according to guidelines.
I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

mage check passes locally with no errors
Verified that mage ListPackages correctly lists all packages,
including any nested under a subdirectory
Confirmed that the package build and publish pipeline handles packages
in nested directories correctly
- https://buildkite.com/elastic/integrations-publish/builds/5206 (current behavior)
- Pending with nested packages
Tested the package discovery and validation logic against the Serverless CI pipeline
- https://buildkite.com/elastic/integrations-serverless/builds/1835 (current behavior)
- Pending with nested packages
Remove test/debug changes applied to list_all_directories.
Remove test/debug changes applied to .buildkite/scripts/build_packages.sh
Update backport script to take into account packages in nested directories correctly

How to test this PR locally

Related issues

Closes Add support for an additional level of directories under packages/ #17403

This PR was drafted with the assistance of Claude (claude-sonnet-4-6).

- Add ListPackages function to dev/citools/packages.go that walks a directory and returns sorted paths of all valid packages found. - Extend packageManifest struct with FormatVersion, Type and Version fields, and add IsValid() method mirroring dev/packagenames logic. - Refactor dev/packagenames to delegate package discovery to citools.ListPackages, removing the now-redundant walkPackagePaths. Generated with Claude (claude-sonnet-4-6)

- Rename readPackageManifest to ReadPackageManifest so it can be used from other packages. - Remove dev/packagenames/manifest.go and its local packageManifest type, replacing all usages with citools.ReadPackageManifest. - Update all internal callers (kibana.go, logsdb.go, subscription.go, packages.go) to use the renamed function. Generated with Claude (claude-sonnet-4-6)

- Replace the inline WalkDir loop in validatePackages with a call to citools.ListPackages, removing duplicated package-discovery logic. - Update testdata manifests (devexp, package_1) with the required format_version, name, type and version fields so they are recognised as valid packages by citools.ListPackages/IsValid. Generated with Claude (claude-sonnet-4-6)

- Add nested_packages testdata with packages at two directory levels: one at the top level and two under a category/ subdirectory, one of which has data streams. - Add five new TestValidatePackages cases covering: all packages with explicit owners, a missing owner for a nested package, category-level ownership inherited by nested packages, valid per-stream ownership in a nested package, and missing stream owner in a nested package. Generated with Claude (claude-sonnet-4-6)

Add a ListPackages target that calls citools.ListPackages to print all package paths found under the packages directory, one per line. Generated with Claude (claude-sonnet-4-6)

macroscopeapp · 2026-04-17T10:07:02Z

 list_all_directories() {
-    find . -maxdepth 1 -mindepth 1 -type d | xargs -I {} basename {} | sort
+    mage listPackages | grep -E '^packages/(elastic_package_registry|nginx)$'
 }


🔴 Critical scripts/common.sh:831

list_all_directories() now hardcodes a grep filter that returns only two package names (elastic_package_registry and nginx). Since callers trigger_integrations_in_parallel.sh and test_integrations_with_serverless.sh iterate over this output to drive CI pipelines, all other packages are silently excluded from testing and publishing. If this restriction is intentional, consider documenting why only these two packages should run; otherwise, the filter should be removed to restore full package coverage.

list_all_directories() { - mage listPackages | grep -E '^packages/(elastic_package_registry|nginx)$' + mage listPackages }

🤖 Copy this AI Prompt to have your agent fix this:

In file .buildkite/scripts/common.sh around lines 831-833: `list_all_directories()` now hardcodes a grep filter that returns only two package names (`elastic_package_registry` and `nginx`). Since callers `trigger_integrations_in_parallel.sh` and `test_integrations_with_serverless.sh` iterate over this output to drive CI pipelines, all other packages are silently excluded from testing and publishing. If this restriction is intentional, consider documenting why only these two packages should run; otherwise, the filter should be removed to restore full package coverage.

This will be removed before merging the PR. This grep is there to test just a subset of packages instead of the ~400 packages.

- Add -d "${WORKSPACE}" to the mage call in list_all_directories so it always finds magefile.go regardless of the working directory when invoked. - Remove pushd packages / popd wrappers in trigger_integrations_in_parallel.sh and test_integrations_with_serverless.sh since list_all_directories now returns full paths (e.g. packages/nginx) relative to the repo root. - Fix process_package: the parameter rename from package to package_path was incomplete — pushd, teardown calls, and log lines still referenced the old ${package} variable (now unbound). Use ${package_path} for directory operations and ${package_name} (from package_name_manifest) for labels. - Update test_one_package.sh to derive parent_path and package_name from the received package_path instead of assuming a packages/ prefix. - Consistently rename local variables from package to package_name across check_package, build_zip_package, teardown_*_package, run_tests_package, and related helpers. Generated with Claude (claude-sonnet-4-6)

- Export manifestFileName as ManifestFileName in dev/citools/packages.go so it can be reused across packages. - Remove the duplicate manifestFileName constant from dev/packagenames and replace its usage with citools.ManifestFileName. - Replace the hardcoded "manifest.yml" string in dev/codeowners with citools.ManifestFileName. Generated with Claude (claude-sonnet-4-6)

Generated with Claude (claude-sonnet-4-6)

Extract the pushd/is_pr_affected/popd pattern with error handling into a reusable should_test_package function, to be used from test_integrations_with_serverless.sh and trigger_integrations_in_parallel.sh. Generated with the assistance of Claude Sonnet 4.6

elastic-vault-github-plugin-prod · 2026-04-17T14:04:05Z

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

Replace find-based flat directory loop with list_all_directories so that packages organised in subdirectories are discovered correctly. Also replace `cat manifest.yml | yq` with direct `yq manifest.yml` calls. Generated with the assistance of Claude Sonnet 4.6

macroscopeapp · 2026-04-17T14:34:41Z


-buildkite-agent pipeline upload "${PIPELINE_FILE}"
+cat "${PIPELINE_FILE}"
+# buildkite-agent pipeline upload "${PIPELINE_FILE}"


🔴 Critical scripts/build_packages.sh:159

The buildkite-agent pipeline upload command is replaced with cat, so the pipeline that signs and publishes packages is never uploaded to Buildkite. Built packages will remain in artifacts but never reach the package registry.

cat "${PIPELINE_FILE}" -# buildkite-agent pipeline upload "${PIPELINE_FILE}" +buildkite-agent pipeline upload "${PIPELINE_FILE}"

🤖 Copy this AI Prompt to have your agent fix this:

In file .buildkite/scripts/build_packages.sh around lines 159-161: The `buildkite-agent pipeline upload` command is replaced with `cat`, so the pipeline that signs and publishes packages is never uploaded to Buildkite. Built packages will remain in artifacts but never reach the package registry.

This is a change to allow debugging the script safely. This will be reverted before merging the PR.

macroscopeapp · 2026-04-17T14:54:14Z

 if skipPublishing ; then
    echo "packageStoragePublish: not the main branch or a backport branch, nothing will be published"
-    exit 0
+    # exit 0
 fi


🟡 Medium scripts/build_packages.sh:88

When skipPublishing returns true, the script prints "nothing will be published" but continues executing instead of exiting. This causes the script to proceed through expensive build steps (tool installation, package building, artifact copying, pipeline generation) on branches that should skip publishing entirely, wasting resources and potentially causing side effects.

if skipPublishing ; then echo "packageStoragePublish: not the main branch or a backport branch, nothing will be published" - # exit 0 + exit 0 fi

🤖 Copy this AI Prompt to have your agent fix this:

In file .buildkite/scripts/build_packages.sh around lines 88-91: When `skipPublishing` returns true, the script prints "nothing will be published" but continues executing instead of exiting. This causes the script to proceed through expensive build steps (tool installation, package building, artifact copying, pipeline generation) on branches that should skip publishing entirely, wasting resources and potentially causing side effects.

Changes related to debugging. It will be reverted before merging.

macroscopeapp · 2026-04-17T14:54:14Z

          SIGNING_STEP_KEY: "sign-service"
          ARTIFACTS_FOLDER: "packageArtifacts"
-          DRY_RUN: "${DRY_RUN}"
+          DRY_RUN: "true"


🟡 Medium scripts/build_packages.sh:150

DRY_RUN is hardcoded to "true" on line 150, so the trigger_publish_packages.sh step always runs in dry-run mode regardless of the DRY_RUN environment variable value. Packages will never actually be published when the pipeline intends to run for real. Consider reverting to "${DRY_RUN}" to respect the environment variable.

Suggested change

DRY_RUN: "true"

DRY_RUN: "${DRY_RUN}"

🤖 Copy this AI Prompt to have your agent fix this:

In file .buildkite/scripts/build_packages.sh around line 150: `DRY_RUN` is hardcoded to `"true"` on line 150, so the `trigger_publish_packages.sh` step always runs in dry-run mode regardless of the `DRY_RUN` environment variable value. Packages will never actually be published when the pipeline intends to run for real. Consider reverting to `"${DRY_RUN}"` to respect the environment variable.

Changes related to debugging. It will be reverted before merging.

Replace with_go with with_mage so that mage is available when list_all_directories is called. with_mage already calls with_go internally so Go setup is preserved. Generated with the assistance of Claude Sonnet 4.6

macroscopeapp · 2026-04-17T15:09:50Z


 if skipPublishing ; then
    echo "packageStoragePublish: not the main branch or a backport branch, nothing will be published"
-    exit 0
+    # exit 0
 fi



🟡 Medium scripts/build_packages.sh:87

When skipPublishing returns true, the script prints "nothing will be published" but continues executing instead of exiting. It proceeds to build packages, copy artifacts, and generate the signing/publishing pipeline YAML, wasting CI resources on non-main/non-backport branches. If the DRY_RUN or buildkite-agent pipeline upload guards are re-enabled later, packages could be signed and published from arbitrary feature branches.

@@ -88,5 +88,5 @@ if skipPublishing ; then echo "packageStoragePublish: not the main branch or a backport branch, nothing will be published" - # exit 0 + exit 0 fi add_bin_path

🤖 Copy this AI Prompt to have your agent fix this:

In file .buildkite/scripts/build_packages.sh around lines 87-92: When `skipPublishing` returns true, the script prints "nothing will be published" but continues executing instead of exiting. It proceeds to build packages, copy artifacts, and generate the signing/publishing pipeline YAML, wasting CI resources on non-main/non-backport branches. If the `DRY_RUN` or `buildkite-agent pipeline upload` guards are re-enabled later, packages could be signed and published from arbitrary feature branches.

Changes related to debugging. It will be reverted before merging.

Add a termination check for ownerDir == "/" to prevent an infinite loop when filepath.Dir reaches the filesystem root on non-Windows systems, where filepath.Dir("/") returns "/" instead of ".". Generated with the assistance of Claude Sonnet 4.6

macroscopeapp · 2026-04-17T15:51:01Z

 	return nil
 }

+func (codeowners *githubOwners) findOwnerForFile(path string) ([]string, bool) {


🟢 Low codeowners/codeowners.go:203

The loop in findOwnerForFile terminates when ownerDir becomes . or / before checking the map for a root-level owner entry (key /). Files in subdirectories never match a root CODEOWNERS entry because the final parent directory is never searched.

🤖 Copy this AI Prompt to have your agent fix this:

In file dev/codeowners/codeowners.go around line 203: The loop in `findOwnerForFile` terminates when `ownerDir` becomes `.` or `/` **before** checking the map for a root-level owner entry (key `/`). Files in subdirectories never match a root CODEOWNERS entry because the final parent directory is never searched. Evidence trail: dev/codeowners/codeowners.go lines 203-216 at REVIEWED_COMMIT: The function `findOwnerForFile` shows the loop structure where the break condition `if ownerDir == "." || ownerDir == "/"` is checked AFTER updating `ownerDir` but BEFORE the next iteration's map lookup. This means when `ownerDir` becomes `.` (for relative paths) or `/` (for absolute paths), the loop breaks without checking the map for the root-level owner entry.

macroscopeapp · 2026-04-17T16:18:34Z

+	if filepath.IsAbs(path) {
+		path = strings.TrimPrefix(path, string(filepath.Separator))
+	}


🟢 Low codeowners/codeowners.go:208

On Windows, findOwnerForFile with a path like C:\foo\bar produces incorrect lookup keys. filepath.IsAbs returns true, but strings.TrimPrefix with filepath.Separator (\) fails to trim C from C:\foo\bar, leaving the path unchanged. The subsequent loop then searches for keys like /C:/foo which will never match the expected codeowners entries (which use repository-relative paths). Consider using filepath.ToSlash on the full path and removing a leading / instead of relying on platform-specific separator behavior.

- if filepath.IsAbs(path) { - path = strings.TrimPrefix(path, string(filepath.Separator)) - } + path = filepath.ToSlash(path) + if strings.HasPrefix(path, "/") { + path = strings.TrimPrefix(path, "/") + }

🤖 Copy this AI Prompt to have your agent fix this:

In file dev/codeowners/codeowners.go around lines 208-210: On Windows, `findOwnerForFile` with a path like `C:\foo\bar` produces incorrect lookup keys. `filepath.IsAbs` returns true, but `strings.TrimPrefix` with `filepath.Separator` (`\`) fails to trim `C` from `C:\foo\bar`, leaving the path unchanged. The subsequent loop then searches for keys like `/C:/foo` which will never match the expected codeowners entries (which use repository-relative paths). Consider using `filepath.ToSlash` on the full path and removing a leading `/` instead of relying on platform-specific separator behavior. Evidence trail: dev/codeowners/codeowners.go lines 203-222 at REVIEWED_COMMIT: The `findOwnerForFile` function at line 208-210 uses `strings.TrimPrefix(path, string(filepath.Separator))` to handle absolute paths. On Windows, `filepath.Separator` is `\`, but Windows absolute paths like `C:\foo\bar` start with a drive letter, not a separator. Go's `strings.TrimPrefix` only trims if the string starts with the prefix, so nothing is trimmed. Line 213 then constructs lookup keys with `/C:/foo` format which won't match repository-relative codeowners entries.

elasticmachine · 2026-04-17T16:40:54Z

💚 Build Succeeded

Buildkite Build
Commit: b794a1b

History

💚 Build #41543 succeeded 5651580
💚 Build #41533 succeeded 293da9f
💚 Build #41518 succeeded 99bfc48
💚 Build #41502 succeeded e2454f2
💔 Build #41499 failed bb2e60f
💔 Build #41491 failed 741448f

cc @mrodm

jsoriano and others added 7 commits April 16, 2026 19:20

Adapt codeowners check

acdab09

[magefile] Add ListPackages mage target

a4af05b

Add a ListPackages target that calls citools.ListPackages to print all package paths found under the packages directory, one per line. Generated with Claude (claude-sonnet-4-6)

Test with a subset of packages

741448f

mrodm self-assigned this Apr 17, 2026