Add S3 upload support for changelogs

.github/workflows/changelog-upload.yml

@@ -0,0 +1,31 @@
+name: Changelog upload
+
+on:
+  workflow_call:
+    inputs:
+      config:
+        description: 'Path to changelog.yml configuration file'
+        type: string
+        default: 'docs/changelog.yml'
+      pr-number:
+        description: 'Pull request number (required for concurrency deduplication)'
+        type: string
+        required: true
+
+permissions: {}
+
+concurrency:
+  group: changelog-upload-${{ inputs.pr-number }}
+  cancel-in-progress: true
+
+jobs:
+  upload:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+      - name: Upload changelog
+        uses: elastic/docs-actions/changelog/upload@v1
+        with:
+          config: ${{ inputs.config }}

changelog/README.md

@@ -178,3 +178,57 @@ If a human edits the changelog file directly (i.e., the last commit to the chang
 ## Output
 
 Each PR produces a file at `docs/changelog/{filename}.yaml` on the PR branch (where the filename is determined by the `docs-builder changelog add` command). These files are consumed by `docs-builder` during documentation builds to produce a rendered changelog page.
+
+## Uploading to S3
+
+When a PR is merged, the committed changelog file can be uploaded to the `elastic-docs-v3-changelog-bundles` S3 bucket under `{product}/changelogs/{filename}.yaml`, preserving the original filename as determined by the repository's `filename` strategy in `changelog.yml`. This makes it available for release bundling workflows.
+
+### 1. Add the upload workflow
+
+**`.github/workflows/changelog-upload.yml`**
+
+```yaml
+name: changelog-upload
+
+on:
+  pull_request:
+    types:
+      - closed
+
+permissions:
+  contents: read
+  id-token: write
+
+jobs:
+  upload:
+    if: github.event.pull_request.merged == true
+    uses: elastic/docs-actions/.github/workflows/changelog-upload.yml@v1
+    with:
+      pr-number: ${{ github.event.pull_request.number }}
+```
+
+If your changelog configuration is not at `docs/changelog.yml`, pass the path explicitly:
+
+```yaml
+jobs:
+  upload:
+    if: github.event.pull_request.merged == true
+    uses: elastic/docs-actions/.github/workflows/changelog-upload.yml@v1
+    with:
+      pr-number: ${{ github.event.pull_request.number }}
+      config: path/to/changelog.yml
+```
+
+### 2. Enable OIDC access
+
+The upload workflow authenticates to AWS via GitHub Actions OIDC. Your repository must be listed in the `elastic-docs-v3-changelog-bundles` infrastructure to have an IAM role provisioned. Contact the docs-engineering team to add your repository.
+
+### How it works
+
+When a PR is merged, the upload workflow:
+
+1. Checks out the merge commit
+2. Sets up `docs-builder` and authenticates with AWS via OIDC
+3. Runs `docs-builder changelog upload`, which reads your `changelog.yml`, discovers changelog YAML files in the configured directory, and incrementally uploads them to `{product}/changelogs/{filename}.yaml` in the bucket — only files whose content has changed are transferred
+
+If the changelog directory has no files (for example, because changelog generation was skipped), the command exits silently without error.

changelog/upload/README.md

@@ -0,0 +1,24 @@
+<!-- Generated by https://github.com/reakaleek/gh-action-readme -->
+# <!--name-->Changelog upload<!--/name-->
+<!--description-->
+Uploads changelog entries for a merged PR to the elastic-docs-v3-changelog-bundles S3 bucket using docs-builder's incremental upload. Only files whose content has changed are transferred.
+<!--/description-->
+
+## Inputs
+<!--inputs-->
+| Name             | Description                               | Required | Default               |
+|------------------|-------------------------------------------|----------|-----------------------|
+| `config`         | Path to changelog.yml configuration file  | `false`  | `docs/changelog.yml`  |
+| `github-token`   | GitHub token (used by docs-builder setup) | `false`  | `${{ github.token }}` |
+| `aws-account-id` | The AWS account ID                        | `false`  | `197730964718`        |
+<!--/inputs-->
+
+## Outputs
+<!--outputs-->
+| Name | Description |
+|------|-------------|
+<!--/outputs-->
+
+## Usage
+<!--usage action="your/action" version="v1"-->
+<!--/usage-->

changelog/upload/action.yml

@@ -0,0 +1,56 @@
+name: Changelog upload
+description: >
+  Uploads changelog entries for a merged PR to the elastic-docs-v3-changelog-bundles
+  S3 bucket using docs-builder's incremental upload. Only files whose content has
+  changed are transferred.
+
+inputs:
+  config:
+    description: 'Path to changelog.yml configuration file'
+    default: 'docs/changelog.yml'
+  github-token:
+    description: 'GitHub token (used by docs-builder setup)'
+    default: '${{ github.token }}'
+  aws-account-id:
+    description: 'The AWS account ID'
+    default: '197730964718'
+
+runs:
+  using: composite
+  steps:
+    - name: Verify event context
+      shell: bash
+      env:
+        MERGE_SHA: ${{ github.event.pull_request.merge_commit_sha }}
+      run: |
+        if [ -z "$MERGE_SHA" ]; then
+          echo "::error::merge_commit_sha is empty — must be triggered from a merged pull_request event"
+          exit 1
+        fi
+
+    - name: Checkout
+      uses: actions/checkout@v6
+      with:
+        ref: ${{ github.event.pull_request.merge_commit_sha }}
+        persist-credentials: false
+
+    - name: Setup docs-builder
+      uses: elastic/docs-actions/docs-builder/setup@v1
+      with:
+        version: edge
+        github-token: ${{ inputs.github-token }}
+
+    - name: Authenticate with AWS
+      uses: elastic/docs-actions/aws/auth@v1
+      with:
+        aws_account_id: ${{ inputs.aws-account-id }}
+        aws_role_name_prefix: elastic-docs-v3-changelog-
+
+    - name: Upload changelogs
+      shell: bash
+      env:
+        CONFIG: ${{ inputs.config }}
+      run: |
+        docs-builder changelog upload changelog s3 \
+          --s3-bucket-name elastic-docs-v3-changelog-bundles \
+          --config "$CONFIG"