Release Lambda layer #6
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release Lambda layer | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| aws_region: | |
| description: 'Deploy to aws regions' | |
| required: true | |
| default: 'us-east-1, us-east-2, us-west-1, us-west-2, ap-south-1, ap-northeast-3, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-northeast-1, ca-central-1, eu-central-1, eu-west-1, eu-west-2, eu-west-3, eu-north-1, sa-east-1, af-south-1, ap-east-1, ap-south-2, ap-southeast-3, ap-southeast-4, eu-central-2, eu-south-1, eu-south-2, il-central-1, me-central-1, me-south-1' | |
| env: | |
| COMMERCIAL_REGIONS: us-east-1, us-east-2, us-west-1, us-west-2, ap-south-1, ap-northeast-3, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-northeast-1, ca-central-1, eu-central-1, eu-west-1, eu-west-2, eu-west-3, eu-north-1, sa-east-1 | |
| LAYER_NAME: AWSOpenTelemetryDistroPython | |
| permissions: | |
| id-token: write | |
| contents: write | |
| jobs: | |
| build-layer: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| aws_regions_json: ${{ steps.set-matrix.outputs.aws_regions_json }} | |
| steps: | |
| - name: Set up regions matrix | |
| id: set-matrix | |
| run: | | |
| IFS=',' read -ra REGIONS <<< "${{ github.event.inputs.aws_region }}" | |
| MATRIX="[" | |
| for region in "${REGIONS[@]}"; do | |
| trimmed_region=$(echo "$region" | xargs) | |
| MATRIX+="\"$trimmed_region\"," | |
| done | |
| MATRIX="${MATRIX%,}]" | |
| echo ${MATRIX} | |
| echo "aws_regions_json=${MATRIX}" >> $GITHUB_OUTPUT | |
| - name: Checkout Repo @ SHA - ${{ github.sha }} | |
| uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.x' | |
| - name: Build layers | |
| working-directory: lambda-layer/src | |
| run: | | |
| ./build-lambda-layer.sh | |
| pip install tox | |
| tox | |
| - name: upload layer | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: layer.zip | |
| path: lambda-layer/src/build/aws-opentelemetry-python-layer.zip | |
| publish-prod: | |
| runs-on: ubuntu-latest | |
| needs: build-layer | |
| strategy: | |
| matrix: | |
| aws_region: ${{ fromJson(needs.build-layer.outputs.aws_regions_json) }} | |
| steps: | |
| - name: role arn | |
| env: | |
| COMMERCIAL_REGIONS: ${{ env.COMMERCIAL_REGIONS }} | |
| run: | | |
| COMMERCIAL_REGIONS_ARRAY=(${COMMERCIAL_REGIONS//,/ }) | |
| FOUND=false | |
| for REGION in "${COMMERCIAL_REGIONS_ARRAY[@]}"; do | |
| if [[ "$REGION" == "${{ matrix.aws_region }}" ]]; then | |
| FOUND=true | |
| break | |
| fi | |
| done | |
| if [ "$FOUND" = true ]; then | |
| echo "Found ${{ matrix.aws_region }} in COMMERCIAL_REGIONS" | |
| SECRET_KEY="LAMBDA_LAYER_RELEASE" | |
| else | |
| echo "Not found ${{ matrix.aws_region }} in COMMERCIAL_REGIONS" | |
| SECRET_KEY="${{ matrix.aws_region }}_LAMBDA_LAYER_RELEASE" | |
| fi | |
| SECRET_KEY=${SECRET_KEY//-/_} | |
| echo "SECRET_KEY=${SECRET_KEY}" >> $GITHUB_ENV | |
| - uses: aws-actions/[email protected] | |
| with: | |
| role-to-assume: ${{ secrets[env.SECRET_KEY] }} | |
| role-duration-seconds: 1200 | |
| aws-region: ${{ matrix.aws_region }} | |
| - name: Get s3 bucket name for release | |
| run: | | |
| echo BUCKET_NAME=python-lambda-layer-${{ github.run_id }}-${{ matrix.aws_region }} | tee --append $GITHUB_ENV | |
| - name: download layer.zip | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: layer.zip | |
| - name: publish | |
| run: | | |
| aws s3 mb s3://${{ env.BUCKET_NAME }} | |
| aws s3 cp aws-opentelemetry-python-layer.zip s3://${{ env.BUCKET_NAME }} | |
| layerARN=$( | |
| aws lambda publish-layer-version \ | |
| --layer-name ${{ env.LAYER_NAME }} \ | |
| --content S3Bucket=${{ env.BUCKET_NAME }},S3Key=aws-opentelemetry-python-layer.zip \ | |
| --compatible-runtimes python3.10 python3.11 python3.12 \ | |
| --compatible-architectures "arm64" "x86_64" \ | |
| --license-info "Apache-2.0" \ | |
| --description "AWS Distro of OpenTelemetry Lambda Layer for Python Runtime" \ | |
| --query 'LayerVersionArn' \ | |
| --output text | |
| ) | |
| echo $layerARN | |
| echo "LAYER_ARN=${layerARN}" >> $GITHUB_ENV | |
| mkdir ${{ env.LAYER_NAME }} | |
| echo $layerARN > ${{ env.LAYER_NAME }}/${{ matrix.aws_region }} | |
| cat ${{ env.LAYER_NAME }}/${{ matrix.aws_region }} | |
| - name: public layer | |
| run: | | |
| layerVersion=$( | |
| aws lambda list-layer-versions \ | |
| --layer-name ${{ env.LAYER_NAME }} \ | |
| --query 'max_by(LayerVersions, &Version).Version' | |
| ) | |
| aws lambda add-layer-version-permission \ | |
| --layer-name ${{ env.LAYER_NAME }} \ | |
| --version-number $layerVersion \ | |
| --principal "*" \ | |
| --statement-id publish \ | |
| --action lambda:GetLayerVersion | |
| - name: upload layer arn artifact | |
| if: ${{ success() }} | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: ${{ env.LAYER_NAME }} | |
| path: ${{ env.LAYER_NAME }}/${{ matrix.aws_region }} | |
| - name: clean s3 | |
| if: always() | |
| run: | | |
| aws s3 rb --force s3://${{ env.BUCKET_NAME }} | |
| generate-release-note: | |
| runs-on: ubuntu-latest | |
| needs: publish-prod | |
| steps: | |
| - name: Checkout Repo @ SHA - ${{ github.sha }} | |
| uses: actions/checkout@v4 | |
| - uses: hashicorp/setup-terraform@v2 | |
| - name: download layerARNs | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: ${{ env.LAYER_NAME }} | |
| path: ${{ env.LAYER_NAME }} | |
| - name: show layerARNs | |
| run: | | |
| for file in ${{ env.LAYER_NAME }}/* | |
| do | |
| echo $file | |
| cat $file | |
| done | |
| - name: generate layer-note | |
| working-directory: ${{ env.LAYER_NAME }} | |
| run: | | |
| echo "| Region | Layer ARN |" >> ../layer-note | |
| echo "| ---- | ---- |" >> ../layer-note | |
| for file in * | |
| do | |
| read arn < $file | |
| echo "| " $file " | " $arn " |" >> ../layer-note | |
| done | |
| cd .. | |
| cat layer-note | |
| - name: generate tf layer | |
| working-directory: ${{ env.LAYER_NAME }} | |
| run: | | |
| echo "locals {" >> ../layer.tf | |
| echo " sdk_layer_arns = {" >> ../layer.tf | |
| for file in * | |
| do | |
| read arn < $file | |
| echo " \""$file"\" = \""$arn"\"" >> ../layer.tf | |
| done | |
| cd .. | |
| echo " }" >> layer.tf | |
| echo "}" >> layer.tf | |
| terraform fmt layer.tf | |
| cat layer.tf | |
| - name: upload layer tf file | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: layer.tf | |
| path: layer.tf | |
| - name: Commit changes | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| git config user.name "github-actions[bot]" | |
| git config user.email "github-actions[bot]@users.noreply.github.com" | |
| mv layer.tf lambda-layer/terraform/lambda/ | |
| git add lambda-layer/terraform/lambda/layer.tf | |
| git commit -m "Update Lambda layer ARNs for releasing" || echo "No changes to commit" | |
| git push | |
| create-release: | |
| runs-on: ubuntu-latest | |
| needs: generate-release-note | |
| steps: | |
| - name: Checkout Repo @ SHA - ${{ github.sha }} | |
| uses: actions/checkout@v4 | |
| - name: Get latest commit SHA | |
| run: | | |
| echo "COMMIT_SHA=${GITHUB_SHA}" >> $GITHUB_ENV | |
| SHORT_SHA=$(echo $GITHUB_SHA | cut -c1-7) | |
| echo "SHORT_SHA=${SHORT_SHA}" >> $GITHUB_ENV | |
| - name: Create Tag | |
| run: | | |
| git config user.name "github-actions[bot]" | |
| git config user.email "github-actions[bot]@users.noreply.github.com" | |
| TAG_NAME="lambda-${SHORT_SHA}" | |
| git tag -a "$TAG_NAME" -m "Release Lambda layer based on commit $TAG_NAME" | |
| git push origin "$TAG_NAME" | |
| echo "TAG_NAME=${TAG_NAME}" >> $GITHUB_ENV | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Create Release | |
| id: create_release | |
| uses: actions/create-release@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| tag_name: ${{ env.TAG_NAME }} | |
| release_name: "Release AWSOpenTelemetryDistroPython Lambda Layer" | |
| body_path: lambda-layer/terraform/lambda/layer.tf | |
| draft: true | |
| prerelease: false |