elastic · rubenruizdegauna · Dec 1, 2025 · Dec 1, 2025 · Dec 1, 2025 · Dec 1, 2025
@@ -15,10 +15,20 @@ env:
   TEAM_CHANNEL: "#agentless-alerts"
 
 steps:
-  - label: ":pipeline::grey_question::seedling: Trigger service tests for ${ENVIRONMENT}"
-    command: ".buildkite/scripts/steps/run-agentless-tests.sh"
+  - label: ":docker: Validate docker image is built for all architectures"
+    command: ".buildkite/scripts/steps/validate-agentless-docker-image.sh"
     agents:
-      image: "docker.elastic.co/ci-agent-images/quality-gate-seedling:0.0.4@sha256:b15aa65183fd9ac4b3ad2b01287ee8c47382a74450485b012bade5331fefeae9"
+      image: "docker.elastic.co/ci-agent-images/observability/oci-image-tools-agent:latest@sha256:a4ababd1347111759babc05c9ad5a680f4af48892784951358488b7e7fc94af9"
+    plugins:
+      - elastic/vault-docker-login#v0.6.1:
+          secret_path: 'kv/ci-shared/platform-ingest/elastic_docker_registry'
+
+#  - wait
+#
+#  - label: ":pipeline::grey_question::seedling: Trigger service tests for ${ENVIRONMENT}"
+#    command: ".buildkite/scripts/steps/run-agentless-tests.sh"
+#    agents:
+#      image: "docker.elastic.co/ci-agent-images/quality-gate-seedling:0.0.4@sha256:b15aa65183fd9ac4b3ad2b01287ee8c47382a74450485b012bade5331fefeae9"
 
 notify:
   - slack: "${TEAM_CHANNEL}"

@@ -0,0 +1,82 @@
+#!/usr/bin/env bash
+
+# ELASTICSEARCH CONFIDENTIAL
+# __________________
+#
+#  Copyright Elasticsearch B.V. All rights reserved.
+#
+# NOTICE:  All information contained herein is, and remains
+# the property of Elasticsearch B.V. and its suppliers, if any.
+# The intellectual and technical concepts contained herein
+# are proprietary to Elasticsearch B.V. and its suppliers and
+# may be covered by U.S. and Foreign Patents, patents in
+# process, and are protected by trade secret or copyright
+# law.  Dissemination of this information or reproduction of
+# this material is strictly forbidden unless prior written
+# permission is obtained from Elasticsearch B.V.
+
+set -euo pipefail
+
+PRIVATE_REPO="docker.elastic.co/observability-ci/ecp-elastic-agent-service"
+REQUIRED_ARCHITECTURES=("amd64" "arm64")
+
+_SELF=$(dirname "$0")
+source "${_SELF}/../common.sh"
+
+if [ -z "$SERVICE_VERSION" ]; then
+    echo "No SHA found for environment: $ENVIRONMENT"
+    exit 1
+fi
+
+DOCKER_TAG="git-${SERVICE_VERSION}"
+PRIVATE_IMAGE="${PRIVATE_REPO}:${DOCKER_TAG}"
+
+echo "Environment: ${ENVIRONMENT}"
+echo "Commit SHA: ${SERVICE_VERSION}"
+echo "Validating image: ${PRIVATE_IMAGE}"
+
+# Inspect the manifest to get architecture information
+echo "--- :mag: Inspecting image manifest"
+MANIFEST_OUTPUT=$(skopeo inspect docker://"${PRIVATE_IMAGE}" --raw 2>&1) || {
+    echo "Failed to inspect manifest for image: ${PRIVATE_IMAGE}"
+    echo "Error: ${MANIFEST_OUTPUT}"
+    exit 1
+}
+
+echo "Manifest retrieved successfully"
+
+# Extract architectures from the manifest
+FOUND_ARCHITECTURES=$(echo "$MANIFEST_OUTPUT" | jq -r '.manifests[]?.platform.architecture // empty' | sort -u)
+
+if [ -z "$FOUND_ARCHITECTURES" ]; then
+    echo "No architectures found in manifest. This might be a single-architecture image."
+    echo "Manifest content:"
+    echo "$MANIFEST_OUTPUT" | jq .
+    exit 1
+fi
+
+echo "Found architectures in image:"
+echo "$FOUND_ARCHITECTURES"
+
+# Validate that all required architectures are present
+echo "--- :white_check_mark: Validating required architectures"
+MISSING_ARCHITECTURES=()
+
+for arch in "${REQUIRED_ARCHITECTURES[@]}"; do
+    if echo "$FOUND_ARCHITECTURES" | grep -qw "$arch"; then
+        echo "✓ Architecture '$arch' is present"
+    else
+        echo "✗ Architecture '$arch' is MISSING"
+        MISSING_ARCHITECTURES+=("$arch")
+    fi
+done
+
+if [ ${#MISSING_ARCHITECTURES[@]} -gt 0 ]; then
+    echo ""
+    echo "ERROR: Image ${PRIVATE_IMAGE} is missing required architectures: ${MISSING_ARCHITECTURES[*]}"
+    exit 1
+fi
+
+echo ""
+echo "SUCCESS: Image ${PRIVATE_IMAGE} contains all required architectures (${REQUIRED_ARCHITECTURES[*]})"
+
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -11,6 +11,8 @@ changelog/fragments/
 
 # Sub-directories/files ownership. Remember that order matters; the last matching pattern takes the most precedence.
 /.buildkite @elastic/elastic-agent-control-plane @elastic/observablt-ci
+/.buildkite/pipeline.agentless-tests.yaml @elastic/ingest-managed-jobs
+/.buildkite/scripts/steps/validate-agentless-docker-image.sh @elastic/ingest-managed-jobs
 /.ci @elastic/elastic-agent-control-plane @elastic/observablt-ci
 /.ci/scripts/ecp-internal-release.sh @elastic/elastic-agent-control-plane
 /.ci/scripts/update-integration-testdata.sh @elastic/elastic-agent-control-plane