Skip to content

Commit e7870fb

Browse files
srprashsrprash
authored
add lambda release workflow - main branch (#994)
Adding a manually triggered workflow to release the java lambda layers to multiple regions. Tested by running the workflow in my fork, and confirmed that the layer was successfully published in `us-east-1`. GH run: https://github.com/srprash/aws-otel-java-instrumentation/actions/runs/12738121465 By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
1 parent 08f2f80 commit e7870fb

File tree

1 file changed

+218
-0
lines changed

1 file changed

+218
-0
lines changed

.github/workflows/release-lambda.yml

Lines changed: 218 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,218 @@
1+
name: Release Java Lambda layer
2+
3+
on:
4+
workflow_dispatch:
5+
inputs:
6+
version:
7+
description: The version to tag the lambda release with, e.g., 1.2.0
8+
required: true
9+
aws_region:
10+
description: 'Deploy to aws regions'
11+
required: true
12+
default: 'us-east-1, us-east-2, us-west-1, us-west-2, ap-south-1, ap-northeast-3, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-northeast-1, ca-central-1, eu-central-1, eu-west-1, eu-west-2, eu-west-3, eu-north-1, sa-east-1, af-south-1, ap-east-1, ap-south-2, ap-southeast-3, ap-southeast-4, eu-central-2, eu-south-1, eu-south-2, il-central-1, me-central-1, me-south-1'
13+
14+
env:
15+
COMMERCIAL_REGIONS: us-east-1, us-east-2, us-west-1, us-west-2, ap-south-1, ap-northeast-3, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-northeast-1, ca-central-1, eu-central-1, eu-west-1, eu-west-2, eu-west-3, eu-north-1, sa-east-1
16+
LAYER_NAME: AWSOpenTelemetryDistroJava
17+
18+
permissions:
19+
id-token: write
20+
contents: write
21+
22+
jobs:
23+
build-layer:
24+
runs-on: ubuntu-latest
25+
outputs:
26+
aws_regions_json: ${{ steps.set-matrix.outputs.aws_regions_json }}
27+
steps:
28+
- name: Set up regions matrix
29+
id: set-matrix
30+
run: |
31+
IFS=',' read -ra REGIONS <<< "${{ github.event.inputs.aws_region }}"
32+
MATRIX="["
33+
for region in "${REGIONS[@]}"; do
34+
trimmed_region=$(echo "$region" | xargs)
35+
MATRIX+="\"$trimmed_region\","
36+
done
37+
MATRIX="${MATRIX%,}]"
38+
echo ${MATRIX}
39+
echo "aws_regions_json=${MATRIX}" >> $GITHUB_OUTPUT
40+
41+
- name: Checkout Repo @ SHA - ${{ github.sha }}
42+
uses: actions/checkout@v4
43+
44+
- uses: actions/setup-java@v4
45+
with:
46+
java-version: 17
47+
distribution: 'temurin'
48+
49+
- name: Build layers
50+
working-directory: lambda-layer
51+
run: |
52+
./build-layer.sh
53+
54+
- name: Upload layer
55+
uses: actions/upload-artifact@v3
56+
with:
57+
name: aws-opentelemetry-java-layer.zip
58+
path: lambda-layer/build/distributions/aws-opentelemetry-java-layer.zip
59+
60+
publish-prod:
61+
runs-on: ubuntu-latest
62+
needs: build-layer
63+
strategy:
64+
matrix:
65+
aws_region: ${{ fromJson(needs.build-layer.outputs.aws_regions_json) }}
66+
steps:
67+
- name: role arn
68+
env:
69+
COMMERCIAL_REGIONS: ${{ env.COMMERCIAL_REGIONS }}
70+
run: |
71+
COMMERCIAL_REGIONS_ARRAY=(${COMMERCIAL_REGIONS//,/ })
72+
FOUND=false
73+
for REGION in "${COMMERCIAL_REGIONS_ARRAY[@]}"; do
74+
if [[ "$REGION" == "${{ matrix.aws_region }}" ]]; then
75+
FOUND=true
76+
break
77+
fi
78+
done
79+
if [ "$FOUND" = true ]; then
80+
echo "Found ${{ matrix.aws_region }} in COMMERCIAL_REGIONS"
81+
SECRET_KEY="LAMBDA_LAYER_RELEASE"
82+
else
83+
echo "Not found ${{ matrix.aws_region }} in COMMERCIAL_REGIONS"
84+
SECRET_KEY="${{ matrix.aws_region }}_LAMBDA_LAYER_RELEASE"
85+
fi
86+
SECRET_KEY=${SECRET_KEY//-/_}
87+
echo "SECRET_KEY=${SECRET_KEY}" >> $GITHUB_ENV
88+
89+
- uses: aws-actions/[email protected]
90+
with:
91+
role-to-assume: ${{ secrets[env.SECRET_KEY] }}
92+
role-duration-seconds: 1200
93+
aws-region: ${{ matrix.aws_region }}
94+
95+
- name: Get s3 bucket name for release
96+
run: |
97+
echo BUCKET_NAME=java-lambda-layer-${{ github.run_id }}-${{ matrix.aws_region }} | tee --append $GITHUB_ENV
98+
99+
- name: download layer.zip
100+
uses: actions/download-artifact@v3
101+
with:
102+
name: aws-opentelemetry-java-layer.zip
103+
104+
- name: publish
105+
run: |
106+
aws s3 mb s3://${{ env.BUCKET_NAME }}
107+
aws s3 cp aws-opentelemetry-java-layer.zip s3://${{ env.BUCKET_NAME }}
108+
layerARN=$(
109+
aws lambda publish-layer-version \
110+
--layer-name ${{ env.LAYER_NAME }} \
111+
--content S3Bucket=${{ env.BUCKET_NAME }},S3Key=aws-opentelemetry-java-layer.zip \
112+
--compatible-runtimes java17 java21 \
113+
--compatible-architectures "arm64" "x86_64" \
114+
--license-info "Apache-2.0" \
115+
--description "AWS Distro of OpenTelemetry Lambda Layer for Java Runtime" \
116+
--query 'LayerVersionArn' \
117+
--output text
118+
)
119+
echo $layerARN
120+
echo "LAYER_ARN=${layerARN}" >> $GITHUB_ENV
121+
mkdir ${{ env.LAYER_NAME }}
122+
echo $layerARN > ${{ env.LAYER_NAME }}/${{ matrix.aws_region }}
123+
cat ${{ env.LAYER_NAME }}/${{ matrix.aws_region }}
124+
125+
- name: public layer
126+
run: |
127+
layerVersion=$(
128+
aws lambda list-layer-versions \
129+
--layer-name ${{ env.LAYER_NAME }} \
130+
--query 'max_by(LayerVersions, &Version).Version'
131+
)
132+
aws lambda add-layer-version-permission \
133+
--layer-name ${{ env.LAYER_NAME }} \
134+
--version-number $layerVersion \
135+
--principal "*" \
136+
--statement-id publish \
137+
--action lambda:GetLayerVersion
138+
139+
- name: upload layer arn artifact
140+
if: ${{ success() }}
141+
uses: actions/upload-artifact@v3
142+
with:
143+
name: ${{ env.LAYER_NAME }}
144+
path: ${{ env.LAYER_NAME }}/${{ matrix.aws_region }}
145+
146+
- name: clean s3
147+
if: always()
148+
run: |
149+
aws s3 rb --force s3://${{ env.BUCKET_NAME }}
150+
151+
generate-release-note:
152+
runs-on: ubuntu-latest
153+
needs: publish-prod
154+
steps:
155+
- name: Checkout Repo @ SHA - ${{ github.sha }}
156+
uses: actions/checkout@v4
157+
158+
- uses: hashicorp/setup-terraform@v2
159+
160+
- name: download layerARNs
161+
uses: actions/download-artifact@v3
162+
with:
163+
name: ${{ env.LAYER_NAME }}
164+
path: ${{ env.LAYER_NAME }}
165+
166+
- name: show layerARNs
167+
run: |
168+
for file in ${{ env.LAYER_NAME }}/*
169+
do
170+
echo $file
171+
cat $file
172+
done
173+
174+
- name: generate layer-note
175+
working-directory: ${{ env.LAYER_NAME }}
176+
run: |
177+
echo "| Region | Layer ARN |" >> ../layer-note
178+
echo "| ---- | ---- |" >> ../layer-note
179+
for file in *
180+
do
181+
read arn < $file
182+
echo "| " $file " | " $arn " |" >> ../layer-note
183+
done
184+
cd ..
185+
cat layer-note
186+
187+
- name: generate tf layer
188+
working-directory: ${{ env.LAYER_NAME }}
189+
run: |
190+
echo "locals {" >> ../layer.tf
191+
echo " sdk_layer_arns = {" >> ../layer.tf
192+
for file in *
193+
do
194+
read arn < $file
195+
echo " \""$file"\" = \""$arn"\"" >> ../layer.tf
196+
done
197+
cd ..
198+
echo " }" >> layer.tf
199+
echo "}" >> layer.tf
200+
terraform fmt layer.tf
201+
cat layer.tf
202+
203+
- name: upload layer tf file
204+
uses: actions/upload-artifact@v3
205+
with:
206+
name: layer.tf
207+
path: layer.tf
208+
209+
- name: Create GH release
210+
id: create_release
211+
env:
212+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
213+
run: |
214+
gh release create --target "$GITHUB_REF_NAME" \
215+
--title "Release lambda-v${{ github.event.inputs.version }}" \
216+
--draft \
217+
"lambda-v${{ github.event.inputs.version }}" \
218+
layer.tf

0 commit comments

Comments
 (0)