Skip to content

Commit a4bcadc

Browse files
wangzleiwangzlei
authored
add release workflow for lambda layer (#271)
*Description of changes:* Automate the lambda layer releasing and cut the PR to update sample app. By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
1 parent 48360ab commit a4bcadc

File tree

1 file changed

+213
-0
lines changed

1 file changed

+213
-0
lines changed

.github/workflows/release_lambda.yml

Lines changed: 213 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,213 @@
1+
name: Release Lambda layer
2+
3+
on:
4+
workflow_dispatch:
5+
inputs:
6+
aws_region:
7+
description: 'Deploy to aws regions'
8+
required: true
9+
default: 'us-east-1, us-east-2, us-west-1, us-west-2, ap-south-1, ap-northeast-3, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-northeast-1, ca-central-1, eu-central-1, eu-west-1, eu-west-2, eu-west-3, eu-north-1, sa-east-1, af-south-1, ap-east-1, ap-south-2, ap-southeast-3, ap-southeast-4, eu-central-2, eu-south-1, eu-south-2, il-central-1, me-central-1, me-south-1'
10+
11+
env:
12+
COMMERCIAL_REGIONS: us-east-1, us-east-2, us-west-1, us-west-2, ap-south-1, ap-northeast-3, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-northeast-1, ca-central-1, eu-central-1, eu-west-1, eu-west-2, eu-west-3, eu-north-1, sa-east-1
13+
# LAYER_NAME: AWSOpenTelemetryDistroPython
14+
LAYER_NAME: AWSOpenTelemetryDistroPythonBeta
15+
16+
permissions:
17+
id-token: write
18+
contents: write
19+
20+
jobs:
21+
build-layer:
22+
runs-on: ubuntu-latest
23+
outputs:
24+
aws_regions_json: ${{ steps.set-matrix.outputs.aws_regions_json }}
25+
steps:
26+
- name: Set up regions matrix
27+
id: set-matrix
28+
run: |
29+
IFS=',' read -ra REGIONS <<< "${{ github.event.inputs.aws_region }}"
30+
MATRIX="["
31+
for region in "${REGIONS[@]}"; do
32+
trimmed_region=$(echo "$region" | xargs)
33+
MATRIX+="\"$trimmed_region\","
34+
done
35+
MATRIX="${MATRIX%,}]"
36+
echo ${MATRIX}
37+
echo "aws_regions_json=${MATRIX}" >> $GITHUB_OUTPUT
38+
- name: Checkout Repo @ SHA - ${{ github.sha }}
39+
uses: actions/checkout@v4
40+
- uses: actions/setup-python@v5
41+
with:
42+
python-version: '3.x'
43+
- name: Build layers
44+
working-directory: lambda-layer/src
45+
run: |
46+
./build-lambda-layer.sh
47+
pip install tox
48+
tox
49+
- name: upload layer
50+
uses: actions/upload-artifact@v3
51+
with:
52+
name: layer.zip
53+
path: lambda-layer/src/build/aws-opentelemetry-python-layer.zip
54+
publish-prod:
55+
runs-on: ubuntu-latest
56+
needs: build-layer
57+
strategy:
58+
matrix:
59+
# aws_region: ${{ fromJson(github.event.inputs.aws_region) }}
60+
aws_region: ${{ fromJson(needs.build-layer.outputs.aws_regions_json) }}
61+
steps:
62+
- name: role arn
63+
env:
64+
COMMERCIAL_REGIONS: ${{ env.COMMERCIAL_REGIONS }}
65+
run: |
66+
COMMERCIAL_REGIONS_ARRAY=(${COMMERCIAL_REGIONS//,/ })
67+
FOUND=false
68+
for REGION in "${COMMERCIAL_REGIONS_ARRAY[@]}"; do
69+
if [[ "$REGION" == "${{ matrix.aws_region }}" ]]; then
70+
FOUND=true
71+
break
72+
fi
73+
done
74+
if [ "$FOUND" = true ]; then
75+
echo "Found ${{ matrix.aws_region }} in COMMERCIAL_REGIONS"
76+
SECRET_KEY="LAMBDA_LAYER_RELEASE"
77+
else
78+
echo "Not found ${{ matrix.aws_region }} in COMMERCIAL_REGIONS"
79+
SECRET_KEY="${{ matrix.aws_region }}_LAMBDA_LAYER_RELEASE"
80+
fi
81+
SECRET_KEY=${SECRET_KEY//-/_}
82+
echo "SECRET_KEY=${SECRET_KEY}" >> $GITHUB_ENV
83+
- uses: aws-actions/[email protected]
84+
with:
85+
role-to-assume: ${{ secrets[env.SECRET_KEY] }}
86+
role-duration-seconds: 1200
87+
aws-region: ${{ matrix.aws_region }}
88+
- name: Get s3 bucket name for release
89+
run: |
90+
echo BUCKET_NAME=python-lambda-layer-${{ github.run_id }}-${{ matrix.aws_region }} | tee --append $GITHUB_ENV
91+
- name: download layer.zip
92+
uses: actions/download-artifact@v3
93+
with:
94+
name: layer.zip
95+
- name: publish
96+
run: |
97+
aws s3 mb s3://${{ env.BUCKET_NAME }}
98+
aws s3 cp aws-opentelemetry-python-layer.zip s3://${{ env.BUCKET_NAME }}
99+
layerARN=$(
100+
aws lambda publish-layer-version \
101+
--layer-name ${{ env.LAYER_NAME }} \
102+
--content S3Bucket=${{ env.BUCKET_NAME }},S3Key=aws-opentelemetry-python-layer.zip \
103+
--compatible-runtimes python3.10 python3.11 python3.12 \
104+
--compatible-architectures "arm64" "x86_64" \
105+
--license-info "Apache-2.0" \
106+
--description "AWS Distro of OpenTelemetry Lambda Layer for Python Runtime" \
107+
--query 'LayerVersionArn' \
108+
--output text
109+
)
110+
echo $layerARN
111+
echo "LAYER_ARN=${layerARN}" >> $GITHUB_ENV
112+
mkdir ${{ env.LAYER_NAME }}
113+
echo $layerARN > ${{ env.LAYER_NAME }}/${{ matrix.aws_region }}
114+
cat ${{ env.LAYER_NAME }}/${{ matrix.aws_region }}
115+
pwd
116+
- name: public layer
117+
run: |
118+
layerVersion=$(
119+
aws lambda list-layer-versions \
120+
--layer-name ${{ env.LAYER_NAME }} \
121+
--query 'max_by(LayerVersions, &Version).Version'
122+
)
123+
aws lambda add-layer-version-permission \
124+
--layer-name ${{ env.LAYER_NAME }} \
125+
--version-number $layerVersion \
126+
--principal "*" \
127+
--statement-id publish \
128+
--action lambda:GetLayerVersion
129+
- name: upload layer arn artifact
130+
if: ${{ success() }}
131+
uses: actions/upload-artifact@v3
132+
with:
133+
name: ${{ env.LAYER_NAME }}
134+
path: ${{ env.LAYER_NAME }}/${{ matrix.aws_region }}
135+
- name: clean s3
136+
if: always()
137+
run: |
138+
aws s3 rb --force s3://${{ env.BUCKET_NAME }}
139+
generate-release-note:
140+
runs-on: ubuntu-latest
141+
needs: publish-prod
142+
steps:
143+
- name: Checkout Repo @ SHA - ${{ github.sha }}
144+
uses: actions/checkout@v4
145+
- uses: hashicorp/setup-terraform@v2
146+
- name: download layerARNs
147+
uses: actions/download-artifact@v3
148+
with:
149+
name: ${{ env.LAYER_NAME }}
150+
path: ${{ env.LAYER_NAME }}
151+
- name: show layerARNs
152+
run: |
153+
for file in ${{ env.LAYER_NAME }}/*
154+
do
155+
echo $file
156+
cat $file
157+
done
158+
- name: generate layer-note
159+
working-directory: ${{ env.LAYER_NAME }}
160+
run: |
161+
echo "| Region | Layer ARN |" >> ../layer-note
162+
echo "| ---- | ---- |" >> ../layer-note
163+
for file in *
164+
do
165+
read arn < $file
166+
echo "| " $file " | " $arn " |" >> ../layer-note
167+
done
168+
cd ..
169+
cat layer-note
170+
- name: generate tf layer
171+
working-directory: ${{ env.LAYER_NAME }}
172+
run: |
173+
echo "locals {" >> ../layer.tf
174+
echo " sdk_layer_arns = {" >> ../layer.tf
175+
for file in *
176+
do
177+
read arn < $file
178+
echo " \""$file"\" = \""$arn"\"" >> ../layer.tf
179+
done
180+
cd ..
181+
echo " }" >> layer.tf
182+
echo "}" >> layer.tf
183+
terraform fmt layer.tf
184+
cat layer.tf
185+
- name: upload layer tf file
186+
uses: actions/upload-artifact@v3
187+
with:
188+
name: layer.tf
189+
path: layer.tf
190+
- name: Commit changes
191+
env:
192+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
193+
run: |
194+
git config user.name "github-actions[bot]"
195+
git config user.email "github-actions[bot]@users.noreply.github.com"
196+
git checkout -b "release-lambda-${{ github.run_id }}"
197+
mv layer.tf lambda-layer/terraform/lambda/
198+
git add lambda-layer/terraform/lambda/layer.tf
199+
git commit -m "Update Lambda layer ARNs for releasing" || echo "No changes to commit"
200+
git push --set-upstream origin "release-lambda-${{ github.run_id }}"
201+
- name: Create Pull Request
202+
env:
203+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
204+
uses: peter-evans/create-pull-request@v5
205+
with:
206+
token: ${{ secrets.GITHUB_TOKEN }}
207+
commit-message: "Update Lambda layer ARNs for releasing"
208+
title: "Update Layer layer ARNs for releasing"
209+
body: |
210+
This PR updates the layer.tf file for the AWS region `${{ matrix.aws_region }}`.
211+
branch: release-lambda-${{ github.run_id }}
212+
base: main
213+

0 commit comments

Comments
 (0)