Skip to content

Bump golang.org/x/net from 0.10.0 to 0.17.0 in /examples/gin/app (#296) #656

Bump golang.org/x/net from 0.10.0 to 0.17.0 in /examples/gin/app (#296)

Bump golang.org/x/net from 0.10.0 to 0.17.0 in /examples/gin/app (#296) #656

Workflow file for this run

name: Pipeline
on:
push:
branches:
- main
pull_request:
branches:
- main
release:
types:
- released
env:
CARGO_TERM_COLOR: always
PIPELINE_USER_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
PIPELINE_USER_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
PIPELINE_CN_USER_ACCESS_KEY_ID: ${{ secrets.AWS_CN_ACCESS_KEY_ID }}
PIPELINE_CN_USER_SECRET_ACCESS_KEY: ${{ secrets.AWS_CN_SECRET_ACCESS_KEY }}
SAM_TEMPLATE_X86_64: template-x86_64.yaml
SAM_TEMPLATE_ARM64: template-arm64.yaml
BETA_STACK_NAME: lambda-adapter-beta
BETA_PIPELINE_EXECUTION_ROLE: arn:aws:iam::477159140107:role/aws-sam-cli-managed-beta-pip-PipelineExecutionRole-13NXRWTRTHDCJ
BETA_CLOUDFORMATION_EXECUTION_ROLE: arn:aws:iam::477159140107:role/aws-sam-cli-managed-beta-CloudFormationExecutionR-132I77VBFOWQ2
BETA_ARTIFACTS_BUCKET: aws-sam-cli-managed-beta-pipeline-artifactsbucket-889nlo0z1nt0
BETA_IMAGE_REPOSITORY: 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com/aws-sam-cli-managed-beta-pipeline-resources-imagerepository-0hbn3hxi9pcm
BETA_REGION: ap-northeast-1
PROD_ECR_PIPELINE_EXECUTION_ROLE: arn:aws:iam::373534280245:role/aws-sam-cli-managed-prod-ecr-PipelineExecutionRole-12FE9QIHNFYOI
PROD_ECR_CLOUDFORMATION_EXECUTION_ROLE: arn:aws:iam::373534280245:role/aws-sam-cli-managed-prod-CloudFormationExecutionR-RDUT9EAJJ1ZN
PROD_ARTIFACTS_BUCKET: aws-sam-cli-managed-prod-ecr-pipe-artifactsbucket-1mjporc66dkgn
PROD_IMAGE_REPOSITORY: 373534280245.dkr.ecr.us-east-1.amazonaws.com/aws-sam-cli-managed-prod-ecr-pipeline-resources-imagerepository-fhpoty0tapro
PROD_ECR_REGION: us-east-1
jobs:
test:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v3
- uses: dtolnay/rust-toolchain@master
with:
toolchain: stable
components: clippy, rustfmt
- uses: taiki-e/install-action@nextest
- name: linting
run: |
cargo fmt -- --check
cargo clippy -- -Dwarnings
- name: run unit and integration tests
run: cargo nextest run --profile ci
build:
needs: [test]
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: "3.8"
- uses: aws-actions/setup-sam@v2
- name: Build x86_64 Layer
run: sam build --template ${SAM_TEMPLATE_X86_64} -b build-x86_64
- name: Tar files
run: tar -cvf build-x86_64.tar build-x86_64
- uses: actions/upload-artifact@v3
with:
name: aws-sam-build-x86_64
path: build-x86_64.tar
- name: Build arm64 Layer
run: sam build --template ${SAM_TEMPLATE_ARM64} -b build-arm64
- name: Tar files
run: tar -cvf build-arm64.tar build-arm64
- uses: actions/upload-artifact@v3
with:
name: aws-sam-build-arm64
path: build-arm64.tar
package-beta:
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }}
needs: [ build ]
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: "3.8"
- uses: aws-actions/setup-sam@v2
- name: Assume the beta pipeline user role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-access-key-id: ${{ env.PIPELINE_USER_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.PIPELINE_USER_SECRET_ACCESS_KEY }}
aws-region: ${{ env.BETA_REGION }}
role-to-assume: ${{ env.BETA_PIPELINE_EXECUTION_ROLE }}
role-session-name: beta-packaging
role-duration-seconds: 3600
role-skip-session-tagging: true
- uses: actions/download-artifact@v3
with:
name: aws-sam-build-x86_64
- name: extract build_x86_64
run: |
tar -xvf build-x86_64.tar
- name: Upload x86_64 layer to beta artifact buckets
run: |
sam package \
--template build-x86_64/template.yaml \
--s3-bucket ${BETA_ARTIFACTS_BUCKET} \
--image-repository ${BETA_IMAGE_REPOSITORY} \
--region ${BETA_REGION} \
--output-template-file packaged-beta-x86_64.yaml
- uses: actions/upload-artifact@v3
with:
name: packaged-beta-x86_64.yaml
path: packaged-beta-x86_64.yaml
- uses: actions/download-artifact@v3
with:
name: aws-sam-build-arm64
- name: extract build_arm64
run: |
tar -xvf build-arm64.tar
- name: Upload arm64 layer to beta artifact buckets
run: |
sam package \
--template build-arm64/template.yaml \
--s3-bucket ${BETA_ARTIFACTS_BUCKET} \
--image-repository ${BETA_IMAGE_REPOSITORY} \
--region ${BETA_REGION} \
--output-template-file packaged-beta-arm64.yaml
- uses: actions/upload-artifact@v3
with:
name: packaged-beta-arm64.yaml
path: packaged-beta-arm64.yaml
- name: Create and push the x86_64 docker image to beta ecr repo
run: |
tar -c -C build-x86_64/LambdaAdapterLayerX86/extensions . | docker import - 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com/awsguru/aws-lambda-adapter:latest-x86_64
aws ecr get-login-password --region ap-northeast-1 | docker login --username AWS --password-stdin 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com
docker push 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com/awsguru/aws-lambda-adapter:latest-x86_64
- name: Create and push the arm64 docker image to beta ecr repo
run: |
tar -c -C build-arm64/LambdaAdapterLayerArm64/extensions . | docker import - 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com/awsguru/aws-lambda-adapter:latest-aarch64
aws ecr get-login-password --region ap-northeast-1 | docker login --username AWS --password-stdin 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com
docker push 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com/awsguru/aws-lambda-adapter:latest-aarch64
- name: create and push the multi-arch manifest to beta ecr repo
run: |
docker manifest create 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com/awsguru/aws-lambda-adapter:latest \
477159140107.dkr.ecr.ap-northeast-1.amazonaws.com/awsguru/aws-lambda-adapter:latest-x86_64 \
477159140107.dkr.ecr.ap-northeast-1.amazonaws.com/awsguru/aws-lambda-adapter:latest-aarch64
docker manifest annotate --arch arm64 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com/awsguru/aws-lambda-adapter:latest \
477159140107.dkr.ecr.ap-northeast-1.amazonaws.com/awsguru/aws-lambda-adapter:latest-aarch64
docker manifest push 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com/awsguru/aws-lambda-adapter:latest
deploy-beta:
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }}
needs: [package-beta]
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: "3.8"
- uses: aws-actions/setup-sam@v2
- name: Assume the beta pipeline user role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-access-key-id: ${{ env.PIPELINE_USER_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.PIPELINE_USER_SECRET_ACCESS_KEY }}
aws-region: ${{ env.BETA_REGION }}
role-to-assume: ${{ env.BETA_PIPELINE_EXECUTION_ROLE }}
role-session-name: beta-deployment
role-duration-seconds: 3600
role-skip-session-tagging: true
- uses: actions/download-artifact@v3
with:
name: packaged-beta-x86_64.yaml
- name: Deploy x86_64 layer to beta account
run: |
sam deploy --stack-name ${BETA_STACK_NAME}-x86 \
--template packaged-beta-x86_64.yaml \
--capabilities CAPABILITY_IAM \
--region ${BETA_REGION} \
--s3-bucket ${BETA_ARTIFACTS_BUCKET} \
--image-repository ${BETA_IMAGE_REPOSITORY} \
--no-fail-on-empty-changeset \
--role-arn ${BETA_CLOUDFORMATION_EXECUTION_ROLE}
- uses: actions/download-artifact@v3
with:
name: packaged-beta-arm64.yaml
- name: Deploy arm64 layer to beta account
run: |
sam deploy --stack-name ${BETA_STACK_NAME}-arm64 \
--template packaged-beta-arm64.yaml \
--capabilities CAPABILITY_IAM \
--region ${BETA_REGION} \
--s3-bucket ${BETA_ARTIFACTS_BUCKET} \
--image-repository ${BETA_IMAGE_REPOSITORY} \
--no-fail-on-empty-changeset \
--role-arn ${BETA_CLOUDFORMATION_EXECUTION_ROLE}
e2e-test:
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }}
needs: [deploy-beta]
runs-on: ubuntu-20.04
steps:
- uses: dtolnay/rust-toolchain@master
with:
toolchain: stable
components: clippy, rustfmt
- uses: taiki-e/install-action@nextest
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: "3.8"
- uses: aws-actions/setup-sam@v2
- name: Assume the beta pipeline user role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-access-key-id: ${{ env.PIPELINE_USER_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.PIPELINE_USER_SECRET_ACCESS_KEY }}
aws-region: ${{ env.BETA_REGION }}
role-to-assume: ${{ env.BETA_PIPELINE_EXECUTION_ROLE }}
role-session-name: beta-deployment
role-duration-seconds: 3600
role-skip-session-tagging: true
- name: deploy the oci x86 integration test stacks for the beta environment
working-directory: ./tests/e2e_tests/fixtures/go-httpbin
run: |
aws ecr get-login-password --region ap-northeast-1 | docker login --username AWS --password-stdin 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com
sam build
sam deploy --stack-name ${BETA_STACK_NAME}-oci-x86 \
--capabilities CAPABILITY_IAM \
--region ${BETA_REGION} \
--s3-bucket ${BETA_ARTIFACTS_BUCKET} \
--image-repository ${BETA_IMAGE_REPOSITORY} \
--no-fail-on-empty-changeset \
--role-arn ${BETA_CLOUDFORMATION_EXECUTION_ROLE}
- name: deploy the zip x86 integration test stacks for the beta environment
working-directory: ./tests/e2e_tests/fixtures/go-httpbin-zip
run: |
sam build
sam deploy --stack-name ${BETA_STACK_NAME}-zip-x86 \
--capabilities CAPABILITY_IAM \
--region ${BETA_REGION} \
--s3-bucket ${BETA_ARTIFACTS_BUCKET} \
--image-repository ${BETA_IMAGE_REPOSITORY} \
--no-fail-on-empty-changeset \
--role-arn ${BETA_CLOUDFORMATION_EXECUTION_ROLE}
- uses: dkershner6/aws-ssm-getparameters-action@v1
with:
parameterPairs: "/lambda-web-adapter/e2e/httpbin/oci/rest-api-endpoint = HTTPBIN_OCI_REST_ENDPOINT,
/lambda-web-adapter/e2e/httpbin/oci/http-api-endpoint = HTTPBIN_OCI_HTTP_ENDPOINT,
/lambda-web-adapter/e2e/httpbin/oci/alb-endpoint = HTTPBIN_OCI_ALB_ENDPOINT,
/lambda-web-adapter/e2e/httpbin/oci/function-url = HTTPBIN_OCI_FURL_ENDPOINT,
/lambda-web-adapter/e2e/httpbin/zip/rest-api-endpoint = HTTPBIN_ZIP_REST_ENDPOINT,
/lambda-web-adapter/e2e/httpbin/zip/http-api-endpoint = HTTPBIN_ZIP_HTTP_ENDPOINT,
/lambda-web-adapter/e2e/httpbin/zip/alb-endpoint = HTTPBIN_ZIP_ALB_ENDPOINT,
/lambda-web-adapter/e2e/httpbin/zip/function-url = HTTPBIN_ZIP_FURL_ENDPOINT"
- name: run e2e tests
run: |
API_ENDPOINT=${HTTPBIN_OCI_REST_ENDPOINT} API_AUTH_TYPE="open" cargo nextest run --run-ignored ignored-only --profile ci
API_ENDPOINT=${HTTPBIN_OCI_HTTP_ENDPOINT} API_AUTH_TYPE="open" cargo nextest run --run-ignored ignored-only --profile ci
API_ENDPOINT=${HTTPBIN_OCI_ALB_ENDPOINT} API_AUTH_TYPE="open" cargo nextest run --run-ignored ignored-only --profile ci
API_ENDPOINT=${HTTPBIN_OCI_FURL_ENDPOINT} API_AUTH_TYPE="iam" cargo nextest run --run-ignored ignored-only --profile ci
API_ENDPOINT=${HTTPBIN_ZIP_REST_ENDPOINT} API_AUTH_TYPE="open" cargo nextest run --run-ignored ignored-only --profile ci
API_ENDPOINT=${HTTPBIN_ZIP_HTTP_ENDPOINT} API_AUTH_TYPE="open" cargo nextest run --run-ignored ignored-only --profile ci
API_ENDPOINT=${HTTPBIN_ZIP_ALB_ENDPOINT} API_AUTH_TYPE="open" cargo nextest run --run-ignored ignored-only --profile ci
API_ENDPOINT=${HTTPBIN_ZIP_FURL_ENDPOINT} API_AUTH_TYPE="iam" cargo nextest run --run-ignored ignored-only --profile ci
- name: remove the oci x86 integration test stacks
working-directory: ./tests/e2e_tests/fixtures/go-httpbin
run: |
sam delete --no-prompts --region ${BETA_REGION} --stack-name ${BETA_STACK_NAME}-oci-x86
- name: remove the zip x86 integration test stacks
working-directory: ./tests/e2e_tests/fixtures/go-httpbin-zip
run: |
sam delete --no-prompts --region ${BETA_REGION} --stack-name ${BETA_STACK_NAME}-zip-x86
load-gamma-matrix:
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }}
needs: [ e2e-test ]
runs-on: ubuntu-20.04
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- uses: actions/checkout@v3
- id: set-matrix
run: echo "matrix={\"include\":$(jq -r tostring .github/workflows/gamma.json)}" >> $GITHUB_OUTPUT
load-prod-matrix:
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }}
needs: [ e2e-test ]
runs-on: ubuntu-20.04
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- uses: actions/checkout@v3
- id: set-matrix
run: echo "matrix={\"include\":$(jq -r tostring .github/workflows/prod.json)}" >> $GITHUB_OUTPUT
load-china-prod-matrix:
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }}
needs: [ e2e-test ]
runs-on: ubuntu-20.04
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- uses: actions/checkout@v3
- id: set-matrix
run: echo "matrix={\"include\":$(jq -r tostring .github/workflows/cn-prod.json)}" >> $GITHUB_OUTPUT
load-china-gamma-matrix:
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }}
needs: [ e2e-test ]
runs-on: ubuntu-20.04
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- uses: actions/checkout@v3
- id: set-matrix
run: echo "matrix={\"include\":$(jq -r tostring .github/workflows/cn-gamma.json)}" >> $GITHUB_OUTPUT
package-gamma:
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }}
needs: [ build, load-gamma-matrix ]
runs-on: ubuntu-20.04
strategy:
matrix: ${{fromJSON(needs.load-gamma-matrix.outputs.matrix)}}
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: "3.8"
- uses: aws-actions/setup-sam@v2
- name: Assume the gamma pipeline user role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-access-key-id: ${{ env.PIPELINE_USER_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.PIPELINE_USER_SECRET_ACCESS_KEY }}
aws-region: ${{ matrix.region }}
role-to-assume: ${{ matrix.pipeline_execution_role }}
role-session-name: gamma-packaging
role-duration-seconds: 3600
role-skip-session-tagging: true
- uses: actions/download-artifact@v3
with:
name: aws-sam-build-x86_64
- name: extract build_x86_64
run: |
tar -xvf build-x86_64.tar
- name: Upload x86_64 layer to gamma artifact buckets
run: |
sam package \
--template build-x86_64/template.yaml \
--s3-bucket ${{ matrix.artifacts_bucket }} \
--image-repository ${{ matrix.image_repository }} \
--region ${{ matrix.region }} \
--output-template-file packaged-gamma-x86_64-${{ matrix.region }}.yaml
- uses: actions/upload-artifact@v3
with:
name: packaged-gamma-x86_64-${{ matrix.region }}.yaml
path: packaged-gamma-x86_64-${{ matrix.region }}.yaml
- uses: actions/download-artifact@v3
with:
name: aws-sam-build-arm64
- name: extract build_arm64
run: |
tar -xvf build-arm64.tar
- name: Upload arm64 layer to gamma artifact buckets
run: |
sam package \
--template build-arm64/template.yaml \
--s3-bucket ${{ matrix.artifacts_bucket }} \
--image-repository ${{ matrix.image_repository }} \
--region ${{ matrix.region }} \
--output-template-file packaged-gamma-arm64-${{ matrix.region }}.yaml
- uses: actions/upload-artifact@v3
with:
name: packaged-gamma-arm64-${{ matrix.region }}.yaml
path: packaged-gamma-arm64-${{ matrix.region }}.yaml
package-prod:
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }}
needs: [ build, load-prod-matrix ]
runs-on: ubuntu-20.04
strategy:
matrix: ${{fromJSON(needs.load-prod-matrix.outputs.matrix)}}
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: "3.8"
- uses: aws-actions/setup-sam@v2
- name: Assume the prod pipeline user role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-access-key-id: ${{ env.PIPELINE_USER_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.PIPELINE_USER_SECRET_ACCESS_KEY }}
aws-region: ${{ matrix.region }}
role-to-assume: ${{ matrix.pipeline_execution_role }}
role-session-name: prod-packaging
role-duration-seconds: 3600
role-skip-session-tagging: true
- uses: actions/download-artifact@v3
with:
name: aws-sam-build-x86_64
- name: extract build_x86_64
run: |
tar -xvf build-x86_64.tar
- name: Upload x86_64 layer to prod artifact buckets
run: |
sam package \
--template build-x86_64/template.yaml \
--s3-bucket ${{ matrix.artifacts_bucket }} \
--image-repository ${{ matrix.image_repository }} \
--region ${{ matrix.region }} \
--output-template-file packaged-prod-x86_64-${{ matrix.region }}.yaml
- uses: actions/upload-artifact@v3
with:
name: packaged-prod-x86_64-${{ matrix.region }}.yaml
path: packaged-prod-x86_64-${{ matrix.region }}.yaml
- uses: actions/download-artifact@v3
with:
name: aws-sam-build-arm64
- name: extract build_arm64
run: |
tar -xvf build-arm64.tar
- name: Upload arm64 layer to prod artifact buckets
run: |
sam package \
--template build-arm64/template.yaml \
--s3-bucket ${{ matrix.artifacts_bucket }} \
--image-repository ${{ matrix.image_repository }} \
--region ${{ matrix.region }} \
--output-template-file packaged-prod-arm64-${{ matrix.region }}.yaml
- uses: actions/upload-artifact@v3
with:
name: packaged-prod-arm64-${{ matrix.region }}.yaml
path: packaged-prod-arm64-${{ matrix.region }}.yaml
package-china-gamma:
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }}
needs: [ build, load-china-gamma-matrix ]
runs-on: ubuntu-20.04
strategy:
matrix: ${{fromJSON(needs.load-china-gamma-matrix.outputs.matrix)}}
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: "3.8"
- uses: aws-actions/setup-sam@v2
- name: Assume the china pipeline user role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-access-key-id: ${{ env.PIPELINE_CN_USER_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.PIPELINE_CN_USER_SECRET_ACCESS_KEY }}
aws-region: ${{ matrix.region }}
role-to-assume: ${{ matrix.pipeline_execution_role }}
role-session-name: china-gamma-packaging
role-duration-seconds: 3600
role-skip-session-tagging: true
- uses: actions/download-artifact@v3
with:
name: aws-sam-build-x86_64
- name: extract build_x86_64
run: |
tar -xvf build-x86_64.tar
- name: Upload x86_64 layer to gamma artifact buckets
run: |
sam package \
--template build-x86_64/template.yaml \
--s3-bucket ${{ matrix.artifacts_bucket }} \
--image-repository ${{ matrix.image_repository }} \
--region ${{ matrix.region }} \
--output-template-file packaged-china-gamma-x86_64-${{ matrix.region }}.yaml
- uses: actions/upload-artifact@v3
with:
name: packaged-china-gamma-x86_64-${{ matrix.region }}.yaml
path: packaged-china-gamma-x86_64-${{ matrix.region }}.yaml
- uses: actions/download-artifact@v3
with:
name: aws-sam-build-arm64
- name: extract build_arm64
run: |
tar -xvf build-arm64.tar
- name: Upload arm64 layer to gamma artifact buckets
run: |
sam package \
--template build-arm64/template.yaml \
--s3-bucket ${{ matrix.artifacts_bucket }} \
--image-repository ${{ matrix.image_repository }} \
--region ${{ matrix.region }} \
--output-template-file packaged-china-gamma-arm64-${{ matrix.region }}.yaml
- uses: actions/upload-artifact@v3
with:
name: packaged-china-gamma-arm64-${{ matrix.region }}.yaml
path: packaged-china-gamma-arm64-${{ matrix.region }}.yaml
package-china-prod:
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }}
needs: [ build, load-china-prod-matrix ]
runs-on: ubuntu-20.04
strategy:
matrix: ${{fromJSON(needs.load-china-prod-matrix.outputs.matrix)}}
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: "3.8"
- uses: aws-actions/setup-sam@v2
- name: Assume the china pipeline user role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-access-key-id: ${{ env.PIPELINE_CN_USER_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.PIPELINE_CN_USER_SECRET_ACCESS_KEY }}
aws-region: ${{ matrix.region }}
role-to-assume: ${{ matrix.pipeline_execution_role }}
role-session-name: china-prod-packaging
role-duration-seconds: 3600
role-skip-session-tagging: true
- uses: actions/download-artifact@v3
with:
name: aws-sam-build-x86_64
- name: extract build_x86_64
run: |
tar -xvf build-x86_64.tar
- name: Upload x86_64 layer to prod artifact buckets
run: |
sam package \
--template build-x86_64/template.yaml \
--s3-bucket ${{ matrix.artifacts_bucket }} \
--image-repository ${{ matrix.image_repository }} \
--region ${{ matrix.region }} \
--output-template-file packaged-china-prod-x86_64-${{ matrix.region }}.yaml
- uses: actions/upload-artifact@v3
with:
name: packaged-china-prod-x86_64-${{ matrix.region }}.yaml
path: packaged-china-prod-x86_64-${{ matrix.region }}.yaml
- uses: actions/download-artifact@v3
with:
name: aws-sam-build-arm64
- name: extract build_arm64
run: |
tar -xvf build-arm64.tar
- name: Upload arm64 layer to prod artifact buckets
run: |
sam package \
--template build-arm64/template.yaml \
--s3-bucket ${{ matrix.artifacts_bucket }} \
--image-repository ${{ matrix.image_repository }} \
--region ${{ matrix.region }} \
--output-template-file packaged-china-prod-arm64-${{ matrix.region }}.yaml
- uses: actions/upload-artifact@v3
with:
name: packaged-china-prod-arm64-${{ matrix.region }}.yaml
path: packaged-china-prod-arm64-${{ matrix.region }}.yaml
load-gamma-matrix2:
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }}
needs: [ e2e-test, package-gamma ]
runs-on: ubuntu-20.04
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- uses: actions/checkout@v3
- id: set-matrix
run: echo "matrix={\"include\":$(jq -r tostring .github/workflows/gamma.json)}" >> $GITHUB_OUTPUT
deploy-gamma:
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }}
needs: [load-gamma-matrix2]
runs-on: ubuntu-20.04
strategy:
matrix: ${{fromJSON(needs.load-gamma-matrix2.outputs.matrix)}}
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: "3.8"
- uses: aws-actions/setup-sam@v2
- name: Assume the gamma pipeline user role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-access-key-id: ${{ env.PIPELINE_USER_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.PIPELINE_USER_SECRET_ACCESS_KEY }}
aws-region: ${{ matrix.region }}
role-to-assume: ${{ matrix.pipeline_execution_role }}
role-session-name: gamma-deployment
role-duration-seconds: 3600
role-skip-session-tagging: true
- uses: actions/download-artifact@v3
with:
name: packaged-gamma-x86_64-${{ matrix.region }}.yaml
- name: Deploy x86_64 Layer to all regions in gamma account
run: |
sam deploy --stack-name lambda-adapter-gamma-x86-${{ matrix.region }} \
--template packaged-gamma-x86_64-${{ matrix.region }}.yaml \
--capabilities CAPABILITY_IAM \
--region ${{ matrix.region }} \
--s3-bucket ${{ matrix.artifacts_bucket }} \
--image-repository ${{ matrix.image_repository }} \
--no-fail-on-empty-changeset \
--role-arn ${{ matrix.cloudformation_execution_role }}
- uses: actions/download-artifact@v3
with:
name: packaged-gamma-arm64-${{ matrix.region }}.yaml
- name: Deploy arm64 Layer to supported regions in gamma account
if: ${{ matrix.arm64_supported }}
run: |
sam deploy --stack-name lambda-adapter-gamma-arm64-${{ matrix.region }} \
--template packaged-gamma-arm64-${{ matrix.region }}.yaml \
--capabilities CAPABILITY_IAM \
--region ${{ matrix.region }} \
--s3-bucket ${{ matrix.artifacts_bucket }} \
--image-repository ${{ matrix.image_repository }} \
--no-fail-on-empty-changeset \
--role-arn ${{ matrix.cloudformation_execution_role }}
load-prod-matrix2:
if: ${{ github.event_name == 'release' }}
needs: [ deploy-gamma, package-prod ]
runs-on: ubuntu-20.04
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- uses: actions/checkout@v3
- id: set-matrix
run: echo "matrix={\"include\":$(jq -r tostring .github/workflows/prod.json)}" >> $GITHUB_OUTPUT
deploy-prod:
if: ${{ github.event_name == 'release' }}
needs: [load-prod-matrix2]
runs-on: ubuntu-20.04
environment: prod
strategy:
matrix: ${{fromJSON(needs.load-prod-matrix2.outputs.matrix)}}
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: "3.8"
- uses: aws-actions/setup-sam@v2
- name: Assume the prod pipeline user role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-access-key-id: ${{ env.PIPELINE_USER_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.PIPELINE_USER_SECRET_ACCESS_KEY }}
aws-region: ${{ matrix.region }}
role-to-assume: ${{ matrix.pipeline_execution_role }}
role-session-name: prod-deployment
role-duration-seconds: 3600
role-skip-session-tagging: true
- uses: actions/download-artifact@v3
with:
name: packaged-prod-x86_64-${{ matrix.region }}.yaml
- name: Deploy x86_64 Layer to all regions in prod account
run: |
sam deploy --stack-name lambda-adapter-prod-x86-${{ matrix.region }} \
--template packaged-prod-x86_64-${{ matrix.region }}.yaml \
--capabilities CAPABILITY_IAM \
--region ${{ matrix.region }} \
--s3-bucket ${{ matrix.artifacts_bucket }} \
--image-repository ${{ matrix.image_repository }} \
--no-fail-on-empty-changeset \
--role-arn ${{ matrix.cloudformation_execution_role }}
- uses: actions/download-artifact@v3
with:
name: packaged-prod-arm64-${{ matrix.region }}.yaml
- name: Deploy arm64 Layer to supported regions in prod account
if: ${{ matrix.arm64_supported }}
run: |
sam deploy --stack-name lambda-adapter-prod-arm64-${{ matrix.region }} \
--template packaged-prod-arm64-${{ matrix.region }}.yaml \
--capabilities CAPABILITY_IAM \
--region ${{ matrix.region }} \
--s3-bucket ${{ matrix.artifacts_bucket }} \
--image-repository ${{ matrix.image_repository }} \
--no-fail-on-empty-changeset \
--role-arn ${{ matrix.cloudformation_execution_role }}
load-china-gamma-matrix2:
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }}
needs: [ e2e-test, package-china-gamma]
runs-on: ubuntu-20.04
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- uses: actions/checkout@v3
- id: set-matrix
run: echo "matrix={\"include\":$(jq -r tostring .github/workflows/cn-gamma.json)}" >> $GITHUB_OUTPUT
deploy-china-gamma:
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }}
needs: [load-china-gamma-matrix2]
runs-on: ubuntu-20.04
environment: prod
strategy:
matrix: ${{fromJSON(needs.load-china-gamma-matrix2.outputs.matrix)}}
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: "3.8"
- uses: aws-actions/setup-sam@v2
- name: Assume the china pipeline user role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-access-key-id: ${{ env.PIPELINE_CN_USER_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.PIPELINE_CN_USER_SECRET_ACCESS_KEY }}
aws-region: ${{ matrix.region }}
role-to-assume: ${{ matrix.pipeline_execution_role }}
role-session-name: china-deployment
role-duration-seconds: 3600
role-skip-session-tagging: true
- uses: actions/download-artifact@v3
with:
name: packaged-china-gamma-x86_64-${{ matrix.region }}.yaml
- name: Deploy x86_64 Layer to all regions in china
run: |
sam deploy --stack-name lambda-adapter-gamma-x86-${{ matrix.region }} \
--template packaged-china-gamma-x86_64-${{ matrix.region }}.yaml \
--capabilities CAPABILITY_IAM \
--region ${{ matrix.region }} \
--s3-bucket ${{ matrix.artifacts_bucket }} \
--image-repository ${{ matrix.image_repository }} \
--no-fail-on-empty-changeset \
--role-arn ${{ matrix.cloudformation_execution_role }}
- uses: actions/download-artifact@v3
with:
name: packaged-china-gamma-arm64-${{ matrix.region }}.yaml
- name: Deploy arm64 Layer to supported china regions
if: ${{ matrix.arm64_supported }}
run: |
sam deploy --stack-name lambda-adapter-gamma-arm64-${{ matrix.region }} \
--template packaged-china-gamma-arm64-${{ matrix.region }}.yaml \
--capabilities CAPABILITY_IAM \
--region ${{ matrix.region }} \
--s3-bucket ${{ matrix.artifacts_bucket }} \
--image-repository ${{ matrix.image_repository }} \
--no-fail-on-empty-changeset \
--role-arn ${{ matrix.cloudformation_execution_role }}
load-china-prod-matrix2:
if: ${{ github.event_name == 'release' }}
needs: [ deploy-china-gamma, package-china-prod]
runs-on: ubuntu-20.04
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- uses: actions/checkout@v3
- id: set-matrix
run: echo "matrix={\"include\":$(jq -r tostring .github/workflows/cn-prod.json)}" >> $GITHUB_OUTPUT
deploy-china-prod:
if: ${{ github.event_name == 'release' }}
needs: [load-china-prod-matrix2]
runs-on: ubuntu-20.04
environment: prod
strategy:
matrix: ${{fromJSON(needs.load-china-prod-matrix2.outputs.matrix)}}
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: "3.8"
- uses: aws-actions/setup-sam@v2
- name: Assume the china pipeline user role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-access-key-id: ${{ env.PIPELINE_CN_USER_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.PIPELINE_CN_USER_SECRET_ACCESS_KEY }}
aws-region: ${{ matrix.region }}
role-to-assume: ${{ matrix.pipeline_execution_role }}
role-session-name: china-deployment
role-duration-seconds: 3600
role-skip-session-tagging: true
- uses: actions/download-artifact@v3
with:
name: packaged-china-prod-x86_64-${{ matrix.region }}.yaml
- name: Deploy x86_64 Layer to all regions in china
run: |
sam deploy --stack-name lambda-adapter-prod-x86-${{ matrix.region }} \
--template packaged-china-prod-x86_64-${{ matrix.region }}.yaml \
--capabilities CAPABILITY_IAM \
--region ${{ matrix.region }} \
--s3-bucket ${{ matrix.artifacts_bucket }} \
--image-repository ${{ matrix.image_repository }} \
--no-fail-on-empty-changeset \
--role-arn ${{ matrix.cloudformation_execution_role }}
- uses: actions/download-artifact@v3
with:
name: packaged-china-prod-arm64-${{ matrix.region }}.yaml
- name: Deploy arm64 Layer to supported china regions
if: ${{ matrix.arm64_supported }}
run: |
sam deploy --stack-name lambda-adapter-prod-arm64-${{ matrix.region }} \
--template packaged-china-prod-arm64-${{ matrix.region }}.yaml \
--capabilities CAPABILITY_IAM \
--region ${{ matrix.region }} \
--s3-bucket ${{ matrix.artifacts_bucket }} \
--image-repository ${{ matrix.image_repository }} \
--no-fail-on-empty-changeset \
--role-arn ${{ matrix.cloudformation_execution_role }}
publish-to-public-ecr:
if: ${{ github.event_name == 'release' }}
needs: [deploy-prod]
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v3
- name: Assume the prod pipeline user role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-access-key-id: ${{ env.PIPELINE_USER_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.PIPELINE_USER_SECRET_ACCESS_KEY }}
aws-region: ${{ env.PROD_ECR_REGION }}
role-to-assume: ${{ env.PROD_ECR_PIPELINE_EXECUTION_ROLE }}
role-session-name: prod-deployment
role-duration-seconds: 3600
role-skip-session-tagging: true
- name: login ECR Public Registry
run: |
aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws
- name: build OCI images for x86_64 and aarch64
run: |
make build
- name: publish OCI images to ECR public repository
run: |
make publish