Release Lambda layer #7
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release Lambda layer | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| aws_region: | |
| description: 'Deploy to aws regions' | |
| required: true | |
| default: 'us-east-1, us-east-2, us-west-1, us-west-2, ap-south-1, ap-northeast-3, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-northeast-1, ca-central-1, eu-central-1, eu-west-1, eu-west-2, eu-west-3, eu-north-1, sa-east-1, af-south-1, ap-east-1, ap-south-2, ap-southeast-3, ap-southeast-4, eu-central-2, eu-south-1, eu-south-2, il-central-1, me-central-1, me-south-1' | |
| env: | |
| AWS_REGIONS: ${{ github.event.inputs.aws_region }} | |
| COMMERCIAL_REGIONS: us-east-1, us-east-2, us-west-1, us-west-2, ap-south-1, ap-northeast-3, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-northeast-1, ca-central-1, eu-central-1, eu-west-1, eu-west-2, eu-west-3, eu-north-1, sa-east-1 | |
| LAYER_NAME: AWSOpenTelemetryDistroJs | |
| permissions: | |
| id-token: write | |
| contents: write | |
| jobs: | |
| build-layer: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| aws_regions_json: ${{ steps.set-matrix.outputs.aws_regions_json }} | |
| steps: | |
| - name: Set up regions matrix | |
| id: set-matrix | |
| run: | | |
| IFS=',' read -ra REGIONS <<< "${{ env.AWS_REGIONS }}" | |
| MATRIX="[" | |
| for region in "${REGIONS[@]}"; do | |
| trimmed_region=$(echo "$region" | xargs) | |
| MATRIX+="\"$trimmed_region\"," | |
| done | |
| MATRIX="${MATRIX%,}]" | |
| echo ${MATRIX} | |
| echo "aws_regions_json=${MATRIX}" >> $GITHUB_OUTPUT | |
| - name: Checkout Repo @ SHA - ${{ github.sha }} | |
| uses: actions/checkout@v4 | |
| - name: Setup Node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| - name: NPM Clean Install | |
| # https://docs.npmjs.com/cli/v10/commands/npm-ci | |
| run: npm ci | |
| - name: Compile all NPM projects | |
| run: npm run compile | |
| - name: Build Lambda Layer | |
| run: npm run build-lambda | |
| - name: upload layer | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: layer.zip | |
| path: lambda-layer/packages/layer/build/layer.zip | |
| publish-prod: | |
| runs-on: ubuntu-latest | |
| needs: build-layer | |
| strategy: | |
| matrix: | |
| aws_region: ${{ fromJson(needs.build-layer.outputs.aws_regions_json) }} | |
| steps: | |
| - name: role arn | |
| env: | |
| COMMERCIAL_REGIONS: ${{ env.COMMERCIAL_REGIONS }} | |
| run: | | |
| COMMERCIAL_REGIONS_ARRAY=(${COMMERCIAL_REGIONS//,/ }) | |
| FOUND=false | |
| for REGION in "${COMMERCIAL_REGIONS_ARRAY[@]}"; do | |
| if [[ "$REGION" == "${{ matrix.aws_region }}" ]]; then | |
| FOUND=true | |
| break | |
| fi | |
| done | |
| if [ "$FOUND" = true ]; then | |
| echo "Found ${{ matrix.aws_region }} in COMMERCIAL_REGIONS" | |
| SECRET_KEY="LAMBDA_LAYER_RELEASE" | |
| else | |
| echo "Not found ${{ matrix.aws_region }} in COMMERCIAL_REGIONS" | |
| SECRET_KEY="${{ matrix.aws_region }}_LAMBDA_LAYER_RELEASE" | |
| fi | |
| SECRET_KEY=${SECRET_KEY//-/_} | |
| echo "SECRET_KEY=${SECRET_KEY}" >> $GITHUB_ENV | |
| - uses: aws-actions/[email protected] | |
| with: | |
| role-to-assume: ${{ secrets[env.SECRET_KEY] }} | |
| role-duration-seconds: 1200 | |
| aws-region: ${{ matrix.aws_region }} | |
| - name: Get s3 bucket name for release | |
| run: | | |
| echo BUCKET_NAME=nodejs-lambda-layer-${{ github.run_id }}-${{ matrix.aws_region }} | tee --append $GITHUB_ENV | |
| - name: download layer.zip | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: layer.zip | |
| - name: publish | |
| run: | | |
| aws s3 mb s3://${{ env.BUCKET_NAME }} | |
| aws s3 cp layer.zip s3://${{ env.BUCKET_NAME }} | |
| layerARN=$( | |
| aws lambda publish-layer-version \ | |
| --layer-name ${{ env.LAYER_NAME }} \ | |
| --content S3Bucket=${{ env.BUCKET_NAME }},S3Key=layer.zip \ | |
| --compatible-runtimes nodejs18.x nodejs20.x nodejs22.x \ | |
| --compatible-architectures "arm64" "x86_64" \ | |
| --license-info "Apache-2.0" \ | |
| --description "AWS Distro of OpenTelemetry Lambda Layer for NodeJs Runtime" \ | |
| --query 'LayerVersionArn' \ | |
| --output text | |
| ) | |
| echo $layerARN | |
| echo "LAYER_ARN=${layerARN}" >> $GITHUB_ENV | |
| mkdir ${{ env.LAYER_NAME }} | |
| echo $layerARN > ${{ env.LAYER_NAME }}/${{ matrix.aws_region }} | |
| cat ${{ env.LAYER_NAME }}/${{ matrix.aws_region }} | |
| - name: public layer | |
| run: | | |
| layerVersion=$( | |
| aws lambda list-layer-versions \ | |
| --layer-name ${{ env.LAYER_NAME }} \ | |
| --query 'max_by(LayerVersions, &Version).Version' | |
| ) | |
| aws lambda add-layer-version-permission \ | |
| --layer-name ${{ env.LAYER_NAME }} \ | |
| --version-number $layerVersion \ | |
| --principal "*" \ | |
| --statement-id publish \ | |
| --action lambda:GetLayerVersion | |
| - name: upload layer arn artifact | |
| if: ${{ success() }} | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: ${{ env.LAYER_NAME }} | |
| path: ${{ env.LAYER_NAME }}/${{ matrix.aws_region }} | |
| - name: clean s3 | |
| if: always() | |
| run: | | |
| aws s3 rb --force s3://${{ env.BUCKET_NAME }} | |
| generate-release-note: | |
| runs-on: ubuntu-latest | |
| needs: publish-prod | |
| steps: | |
| - name: Checkout Repo @ SHA - ${{ github.sha }} | |
| uses: actions/checkout@v4 | |
| - uses: hashicorp/setup-terraform@v2 | |
| - name: download layerARNs | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: ${{ env.LAYER_NAME }} | |
| path: ${{ env.LAYER_NAME }} | |
| - name: show layerARNs | |
| run: | | |
| for file in ${{ env.LAYER_NAME }}/* | |
| do | |
| echo $file | |
| cat $file | |
| done | |
| - name: generate layer-note | |
| working-directory: ${{ env.LAYER_NAME }} | |
| run: | | |
| echo "| Region | Layer ARN |" >> ../layer-note | |
| echo "| ---- | ---- |" >> ../layer-note | |
| for file in * | |
| do | |
| read arn < $file | |
| echo "| " $file " | " $arn " |" >> ../layer-note | |
| done | |
| cd .. | |
| cat layer-note | |
| - name: generate tf layer | |
| working-directory: ${{ env.LAYER_NAME }} | |
| run: | | |
| echo "locals {" >> ../layer.tf | |
| echo " sdk_layer_arns = {" >> ../layer.tf | |
| for file in * | |
| do | |
| read arn < $file | |
| echo " \""$file"\" = \""$arn"\"" >> ../layer.tf | |
| done | |
| cd .. | |
| echo " }" >> layer.tf | |
| echo "}" >> layer.tf | |
| terraform fmt layer.tf | |
| cat layer.tf | |
| - name: upload layer tf file | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: layer.tf | |
| path: layer.tf | |
| create-release: | |
| runs-on: ubuntu-latest | |
| needs: generate-release-note | |
| steps: | |
| - name: Checkout Repo @ SHA - ${{ github.sha }} | |
| uses: actions/checkout@v4 | |
| - name: Get latest commit SHA | |
| run: | | |
| echo "COMMIT_SHA=${GITHUB_SHA}" >> $GITHUB_ENV | |
| SHORT_SHA=$(echo $GITHUB_SHA | cut -c1-7) | |
| echo "SHORT_SHA=${SHORT_SHA}" >> $GITHUB_ENV | |
| - name: Create Release | |
| id: create_release | |
| uses: actions/create-release@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| release_name: "Release AWSOpenTelemetryDistroPython Lambda Layer" | |
| body_path: lambda-layer/terraform/lambda/layer.tf | |
| draft: true | |
| prerelease: false |