Skip to content

Merge SDK and Lambda Releases #1163

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 20 commits into
base: main
Choose a base branch
from
Open

Merge SDK and Lambda Releases #1163

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
7d0bf85
modify lambda workflow to update SDK draft release
ezhang6811 Aug 19, 2025
5ddc95f
remove previous logic uploading most recent lambda layer to new relea…
ezhang6811 Aug 19, 2025
126fe08
create release notes skeleton for SDK release
ezhang6811 Aug 19, 2025
a197685
Merge remote-tracking branch 'origin/main' into zhaez/merge-releases
ezhang6811 Aug 25, 2025
f15db8b
migrate Lambda release workflow to SDK release
ezhang6811 Aug 25, 2025
6445cff
remove release environment from downstream job
ezhang6811 Aug 25, 2025
a1e4abb
Merge branch 'main' into zhaez/merge-releases
ezhang6811 Sep 5, 2025
6763f4f
Merge branch 'main' into zhaez/merge-releases
ezhang6811 Sep 8, 2025
d51c05f
Merge branch 'main' into zhaez/merge-releases
ezhang6811 Sep 8, 2025
d6c4098
Fix regions and add clarity in Lambda Layer release workflow
jj22ee Sep 8, 2025
b53c29e
Merge branch 'main' into zhaez/merge-releases
ezhang6811 Sep 8, 2025
c0443a8
Merge branch 'main' into zhaez/merge-releases
ezhang6811 Sep 9, 2025
4316e25
refactor releases to build all first
ezhang6811 Sep 11, 2025
31f65ac
Merge branch 'main' into zhaez/merge-releases
ezhang6811 Sep 11, 2025
6e91291
delete lambda workflow
ezhang6811 Sep 11, 2025
e92123b
log in to ECR before building release
ezhang6811 Sep 11, 2025
146dee4
rebuild artifact in publish job
ezhang6811 Sep 11, 2025
3d7bec8
Merge branch 'main' into zhaez/merge-releases
ezhang6811 Sep 29, 2025
4b67baf
bump wrapper validation job sha
ezhang6811 Sep 29, 2025
8967265
Merge branch 'main' into zhaez/merge-releases
ezhang6811 Oct 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
311 changes: 296 additions & 15 deletions .github/workflows/release-build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,10 @@ on:
version:
description: The version to tag the release with, e.g., 1.2.0, 1.2.1-alpha.1
required: true
aws_region:
description: 'Deploy lambda layer to aws regions'
required: true
default: 'us-east-1, us-east-2, us-west-1, us-west-2, ap-south-1, ap-northeast-3, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-northeast-1, ca-central-1, eu-central-1, eu-west-1, eu-west-2, eu-west-3, eu-north-1, sa-east-1, af-south-1, ap-east-1, ap-south-2, ap-southeast-3, ap-southeast-4, eu-central-2, eu-south-1, eu-south-2, il-central-1, me-central-1, me-south-1, ap-southeast-5, ap-southeast-7, mx-central-1, ca-west-1, cn-north-1, cn-northwest-1'

env:
AWS_PUBLIC_ECR_REGION: us-east-1
Expand All @@ -13,14 +17,17 @@ env:
PUBLIC_REPOSITORY: public.ecr.aws/aws-observability/adot-autoinstrumentation-java
PRIVATE_REPOSITORY: 020628701572.dkr.ecr.us-west-2.amazonaws.com/adot-autoinstrumentation-java
PRIVATE_REGISTRY: 020628701572.dkr.ecr.us-west-2.amazonaws.com
ARTIFACT_NAME: aws-opentelemetry-agent.jar
ARTIFACT_NAME: aws-opentelemetry-agent.jar
# Legacy list of commercial regions to deploy to. New regions should NOT be added here, and instead should be added to the `aws_region` default input to the workflow.
LEGACY_COMMERCIAL_REGIONS: us-east-1, us-east-2, us-west-1, us-west-2, ap-south-1, ap-northeast-3, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-northeast-1, ca-central-1, eu-central-1, eu-west-1, eu-west-2, eu-west-3, eu-north-1, sa-east-1
LAYER_NAME: AWSOpenTelemetryDistroJava

permissions:
id-token: write
contents: write

jobs:
build:
build-sdk:
environment: Release
runs-on: ubuntu-latest
steps:
Expand Down Expand Up @@ -71,7 +78,86 @@ jobs:
with:
arguments: build integrationTests -PlocalDocker=true -Prelease.version=${{ github.event.inputs.version }} --stacktrace

- name: Upload SDK artifact
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.2
with:
name: ${{ env.ARTIFACT_NAME }}
path: otelagent/build/libs/aws-opentelemetry-agent-${{ github.event.inputs.version }}.jar

build-layer:
needs: build-sdk
runs-on: ubuntu-latest
outputs:
aws_regions_json: ${{ steps.set-matrix.outputs.aws_regions_json }}
steps:
- name: Set up regions matrix
id: set-matrix
run: |
IFS=',' read -ra REGIONS <<< "${{ github.event.inputs.aws_region }}"
MATRIX="["
for region in "${REGIONS[@]}"; do
trimmed_region=$(echo "$region" | xargs)
MATRIX+="\"$trimmed_region\","
done
MATRIX="${MATRIX%,}]"
echo ${MATRIX}
echo "aws_regions_json=${MATRIX}" >> $GITHUB_OUTPUT

- name: Checkout Repo @ SHA - ${{ github.sha }}
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0

- uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
with:
java-version-file: .java-version
distribution: 'temurin'

- name: Build layers
working-directory: lambda-layer
run: |
./build-layer.sh

- name: Upload layer
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.2
with:
name: layer.zip
path: lambda-layer/build/distributions/aws-opentelemetry-java-layer.zip

publish-sdk:
runs-on: ubuntu-latest
needs: [build-sdk, build-layer]
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0

- uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
with:
java-version-file: .java-version
distribution: 'temurin'
- uses: gradle/actions/wrapper-validation@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3

- name: Publish patched dependencies to maven local
uses: ./.github/actions/patch-dependencies
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
gpg_password: ${{ secrets.GPG_PASSPHRASE }}

- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0
with:
role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }}
aws-region: ${{ env.AWS_PUBLIC_ECR_REGION }}

- name: Log in to AWS ECR
uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 #v3.5.0
with:
registry: public.ecr.aws

# build the artifact again so that its in the output path expected for building the docker image.
- name: Build release with Gradle
uses: gradle/gradle-build-action@a8f75513eafdebd8141bd1cd4e30fcd194af8dfa #v2
with:
arguments: build integrationTests -PlocalDocker=true -Prelease.version=${{ github.event.inputs.version }} --stacktrace

- name: Configure AWS Credentials for public ECR
uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0
with:
role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN_RELEASE }}
Expand Down Expand Up @@ -137,28 +223,223 @@ jobs:
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}

publish-layer-prod:
runs-on: ubuntu-latest
needs: [build-layer, publish-sdk]
strategy:
matrix:
aws_region: ${{ fromJson(needs.build-layer.outputs.aws_regions_json) }}
steps:
- name: role arn
env:
LEGACY_COMMERCIAL_REGIONS: ${{ env.LEGACY_COMMERCIAL_REGIONS }}
run: |
LEGACY_COMMERCIAL_REGIONS_ARRAY=(${LEGACY_COMMERCIAL_REGIONS//,/ })
FOUND=false
for REGION in "${LEGACY_COMMERCIAL_REGIONS_ARRAY[@]}"; do
if [[ "$REGION" == "${{ matrix.aws_region }}" ]]; then
FOUND=true
break
fi
done
if [ "$FOUND" = true ]; then
echo "Found ${{ matrix.aws_region }} in LEGACY_COMMERCIAL_REGIONS"
SECRET_KEY="LAMBDA_LAYER_RELEASE"
else
echo "Not found ${{ matrix.aws_region }} in LEGACY_COMMERCIAL_REGIONS"
SECRET_KEY="${{ matrix.aws_region }}_LAMBDA_LAYER_RELEASE"
fi
SECRET_KEY=${SECRET_KEY//-/_}
echo "SECRET_KEY=${SECRET_KEY}" >> $GITHUB_ENV

- uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0
with:
role-to-assume: ${{ secrets[env.SECRET_KEY] }}
role-duration-seconds: 1200
aws-region: ${{ matrix.aws_region }}

- name: Get SHA256 checksum of release artifact
id: get_sha256
- name: Get s3 bucket name for release
run: |
cp "otelagent/build/libs/aws-opentelemetry-agent-${{ github.event.inputs.version }}.jar" ${{ env.ARTIFACT_NAME }}
shasum -a 256 ${{ env.ARTIFACT_NAME }} > ${{ env.ARTIFACT_NAME }}.sha256
echo BUCKET_NAME=java-lambda-layer-${{ github.run_id }}-${{ matrix.aws_region }} | tee --append $GITHUB_ENV

- name: download layer.zip
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 #v5.0.0
with:
name: layer.zip

- name: publish
run: |
aws s3 mb s3://${{ env.BUCKET_NAME }}
aws s3 cp aws-opentelemetry-java-layer.zip s3://${{ env.BUCKET_NAME }}
layerARN=$(
aws lambda publish-layer-version \
--layer-name ${{ env.LAYER_NAME }} \
--content S3Bucket=${{ env.BUCKET_NAME }},S3Key=aws-opentelemetry-java-layer.zip \
--compatible-runtimes java11 java17 java21 \
--compatible-architectures "arm64" "x86_64" \
--license-info "Apache-2.0" \
--description "AWS Distro of OpenTelemetry Lambda Layer for Java Runtime" \
--query 'LayerVersionArn' \
--output text
)
echo $layerARN
echo "LAYER_ARN=${layerARN}" >> $GITHUB_ENV
mkdir ${{ env.LAYER_NAME }}
echo $layerARN > ${{ env.LAYER_NAME }}/${{ matrix.aws_region }}
cat ${{ env.LAYER_NAME }}/${{ matrix.aws_region }}

- name: Create release
- name: public layer
run: |
layerVersion=$(
aws lambda list-layer-versions \
--layer-name ${{ env.LAYER_NAME }} \
--query 'max_by(LayerVersions, &Version).Version'
)
aws lambda add-layer-version-permission \
--layer-name ${{ env.LAYER_NAME }} \
--version-number $layerVersion \
--principal "*" \
--statement-id publish \
--action lambda:GetLayerVersion

- name: upload layer arn artifact
if: ${{ success() }}
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.2
with:
name: ${{ env.LAYER_NAME }}-${{ matrix.aws_region }}
path: ${{ env.LAYER_NAME }}/${{ matrix.aws_region }}

- name: clean s3
if: always()
run: |
aws s3 rb --force s3://${{ env.BUCKET_NAME }}

generate-lambda-release-note:
runs-on: ubuntu-latest
needs: publish-layer-prod
outputs:
layer-note: ${{ steps.layer-note.outputs.layer-note }}
steps:
- name: Checkout Repo @ SHA - ${{ github.sha }}
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
- uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd #v3.1.2
- name: download layerARNs
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 #v5.0.0
with:
pattern: ${{ env.LAYER_NAME }}-*
path: ${{ env.LAYER_NAME }}
merge-multiple: true
- name: show layerARNs
run: |
for file in ${{ env.LAYER_NAME }}/*
do
echo $file
cat $file
done
- name: generate layer-note
id: layer-note
working-directory: ${{ env.LAYER_NAME }}
run: |
echo "| Region | Layer ARN |" >> ../layer-note
echo "| ---- | ---- |" >> ../layer-note
for file in *
do
read arn < $file
echo "| " $file " | " $arn " |" >> ../layer-note
done
cd ..
{
echo "layer-note<<EOF"
cat layer-note
echo "EOF"
} >> $GITHUB_OUTPUT
cat layer-note
- name: generate tf layer
working-directory: ${{ env.LAYER_NAME }}
run: |
echo "locals {" >> ../layer_arns.tf
echo " sdk_layer_arns = {" >> ../layer_arns.tf
for file in *
do
read arn < $file
echo " \""$file"\" = \""$arn"\"" >> ../layer_arns.tf
done
cd ..
echo " }" >> layer_arns.tf
echo "}" >> layer_arns.tf
terraform fmt layer_arns.tf
cat layer_arns.tf
- name: generate layer ARN constants for CDK
working-directory: ${{ env.LAYER_NAME }}
run: |
echo "{" > ../layer_cdk
for file in *; do
read arn < "$file"
echo " \"$file\": \"$arn\"," >> ../layer_cdk
done
echo "}" >> ../layer_cdk
cat ../layer_cdk

publish-github:
needs: generate-lambda-release-note
runs-on: ubuntu-latest
steps:
- name: Checkout Repo @ SHA - ${{ github.sha }}
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0

- name: Download SDK artifact
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 #v5.0.0
with:
name: ${{ env.ARTIFACT_NAME }}

- name: Download layer.zip artifact
uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 #v5.0.0
with:
name: layer.zip

- name: Rename artifacts
run: |
cp "aws-opentelemetry-agent-${{ github.event.inputs.version }}.jar" ${{ env.ARTIFACT_NAME }}
cp aws-opentelemetry-java-layer.zip layer.zip

# Publish to GitHub releases
- name: Create GH release
id: create_release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
# Download layer.zip from existing latest tagged SDK release note
LATEST_SDK_VERSION=$(gh release list --repo "aws-observability/aws-otel-java-instrumentation" --json tagName,isLatest -q 'map(select(.isLatest==true)) | .[0].tagName')
mkdir -p layer_artifact
gh release download "$LATEST_SDK_VERSION" --repo "aws-observability/aws-otel-java-instrumentation" --pattern "layer.zip" --dir layer_artifact
shasum -a 256 layer_artifact/layer.zip > layer_artifact/layer.zip.sha256
# Extract versions from dependency files
OTEL_INSTRUMENTATION_VERSION=$(grep "val otelVersion" dependencyManagement/build.gradle.kts | sed 's/.*= "\([^"]*\)".*/\1/')
OTEL_CONTRIB_VERSION=$(grep "io.opentelemetry.contrib:opentelemetry-aws-xray" dependencyManagement/build.gradle.kts | sed 's/.*:\([^"]*\)".*/\1/')

# Create release notes
cat > release_notes.md << EOF
This release contains updates of the following upstream components:

OpenTelemetry Java Contrib - $OTEL_CONTRIB_VERSION
Opentelemetry Instrumentation for Java - $OTEL_INSTRUMENTATION_VERSION

This release also publishes to public ECR and Maven Central.
* See ADOT Java auto-instrumentation Docker image v${{ github.event.inputs.version }} in our public ECR repository:
https://gallery.ecr.aws/aws-observability/adot-autoinstrumentation-java
* See version ${{ github.event.inputs.version }} in our Maven Central repository:
https://central.sonatype.com/artifact/software.amazon.opentelemetry/aws-opentelemetry-agent

This release also includes the AWS OpenTelemetry Lambda Layer for Java version ${{ github.event.inputs.version }}-$(echo $GITHUB_SHA | cut -c1-7).

Lambda Layer ARNs:
${{ needs.generate-lambda-release-note.outputs.layer-note }}
EOF

shasum -a 256 ${{ env.ARTIFACT_NAME }} > ${{ env.ARTIFACT_NAME }}.sha256
shasum -a 256 layer.zip > layer.zip.sha256

gh release create --target "$GITHUB_REF_NAME" \
--title "Release v${{ github.event.inputs.version }}" \
--notes-file release_notes.md \
--draft \
"v${{ github.event.inputs.version }}" \
${{ env.ARTIFACT_NAME }} \
${{ env.ARTIFACT_NAME }}.sha256 \
layer_artifact/layer.zip \
layer_artifact/layer.zip.sha256
layer.zip \
layer.zip.sha256
Loading
Loading