From 91d2dcb9427f014a4448a4a205f2e266f5bfdced Mon Sep 17 00:00:00 2001
From: Swopnil Dangol <swopnildangol@gmail.com>
Date: Mon, 18 Aug 2025 20:04:25 +0100
Subject: [PATCH 1/7] New layer version calculated by retrieving latest version
 from SSM parameter

---
 .github/scripts/update_layer_arn.sh |  6 ++++--
 .github/workflows/publish_layer.yml | 11 ++---------
 2 files changed, 6 insertions(+), 11 deletions(-)

diff --git a/.github/scripts/update_layer_arn.sh b/.github/scripts/update_layer_arn.sh
index 0679c4cd33..455825067f 100755
--- a/.github/scripts/update_layer_arn.sh
+++ b/.github/scripts/update_layer_arn.sh
@@ -8,8 +8,10 @@
 # see .github/workflows/publish_layer.yml
 
 
-# Get the new version number from the first command-line argument
-new_version=$1
+# Get the current layer version from SSM Parameter
+current_layer_arn=$(aws ssm get-parameter --name /aws/service/powertools/typescript/generic/all/latest --query Parameter.Value --output text --region us-east-1)
+current_layer_version=$(echo $current_layer_arn | sed 's/.*://')
+new_version=$((current_layer_version + 1))
 if [ -z "$new_version" ]; then
     echo "Usage: $0 <new_version>"
     exit 1
diff --git a/.github/workflows/publish_layer.yml b/.github/workflows/publish_layer.yml
index d88fe78673..b30b8ff5b1 100644
--- a/.github/workflows/publish_layer.yml
+++ b/.github/workflows/publish_layer.yml
@@ -11,9 +11,6 @@ on:
         description: "Latest npm published version to rebuild corresponding layer for, e.g. 1.0.2"
         default: "1.0.2"
         required: true
-      layer_documentation_version:
-        description: "Version to be updated in our documentation. e.g. if the current layer number is 3, this value must be 4."
-        required: true
 
   workflow_call:
     inputs:
@@ -26,10 +23,6 @@ on:
         default: false
         type: boolean
         required: false
-      layer_documentation_version:
-        description: "Version to be updated in our documentation. e.g. if the current layer number is 3, this value must be 4."
-        required: true
-        type: string
 
 jobs:
   # Build layer by running cdk synth in layer-publisher directory and uploading cdk.out for deployment
@@ -97,7 +90,7 @@ jobs:
     permissions:
       contents: write
       pull-requests: write
-      id-token: none
+      id-token: write
     steps:
       - name: Checkout repository # reusable workflows start clean, so we need to checkout again
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8  # v5.0.0
@@ -105,7 +98,7 @@ jobs:
           ref: ${{ github.sha }}
       - name: Replace layer versions in documentation
         run: |
-          ./.github/scripts/update_layer_arn.sh ${{ inputs.layer_documentation_version }}
+          ./.github/scripts/update_layer_arn.sh
       - name: Stage changes
         run: git add .
       - name: Create PR

From 8258166b78c4422fda773ae7feebe496bdb2ad5e Mon Sep 17 00:00:00 2001
From: Swopnil Dangol <swopnildangol@gmail.com>
Date: Mon, 18 Aug 2025 20:08:30 +0100
Subject: [PATCH 2/7] Removed the layer version input from Make release
 workflow

---
 .github/workflows/make-release.yml | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/make-release.yml b/.github/workflows/make-release.yml
index bec1e0d654..be173d78f1 100644
--- a/.github/workflows/make-release.yml
+++ b/.github/workflows/make-release.yml
@@ -17,13 +17,7 @@ name: Make Release
 # 4. Merge the PR created by the `publish_layer` workflow to update the documentation
 # 5. Update draft release notes with the latest changes and publish the release on GitHub
 
-on:
-  workflow_dispatch:
-    inputs:
-      layer_documentation_version:
-        description: "Lambda layer version to be updated in our documentation. e.g. if the current layer number is 3, this value must be 4."
-        type: string
-        required: true
+on: workflow_dispatch
 
 permissions:
   contents: read
@@ -105,5 +99,4 @@ jobs:
       pull-requests: write
     uses: ./.github/workflows/publish_layer.yml
     with:
-      latest_published_version: ${{ needs.publish-npm.outputs.RELEASE_VERSION }}
-      layer_documentation_version: ${{ inputs.layer_documentation_version }}
+      latest_published_version: ${{ needs.publish-npm.outputs.RELEASE_VERSION }}
\ No newline at end of file

From b965cfe773c4fae08a1979e03eb6fa1a42bd4253 Mon Sep 17 00:00:00 2001
From: Swopnil Dangol <swopnildangol@gmail.com>
Date: Tue, 19 Aug 2025 12:10:19 +0100
Subject: [PATCH 3/7] Added a step to configure AWS credentials

---
 .github/workflows/publish_layer.yml | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/publish_layer.yml b/.github/workflows/publish_layer.yml
index b30b8ff5b1..49e212bbb2 100644
--- a/.github/workflows/publish_layer.yml
+++ b/.github/workflows/publish_layer.yml
@@ -90,12 +90,18 @@ jobs:
     permissions:
       contents: write
       pull-requests: write
-      id-token: write
+      id-token: none
     steps:
       - name: Checkout repository # reusable workflows start clean, so we need to checkout again
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8  # v5.0.0
         with:
           ref: ${{ github.sha }}
+      - id: creds
+        uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a
+        with:
+          aws-region: us-east-1
+          role-to-assume: ${{ secrets.US_EAST_1 }}
+          mask-aws-account-id: true
       - name: Replace layer versions in documentation
         run: |
           ./.github/scripts/update_layer_arn.sh

From 4a424bbdd7cceae85e1945783ba183b5b3aca84b Mon Sep 17 00:00:00 2001
From: Swopnil Dangol <swopnildangol@gmail.com>
Date: Tue, 19 Aug 2025 18:11:04 +0100
Subject: [PATCH 4/7] Used the version specific parameter to get the latest
 layer version and removed the increment

---
 .github/scripts/update_layer_arn.sh | 9 ++++-----
 .github/workflows/publish_layer.yml | 2 +-
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/.github/scripts/update_layer_arn.sh b/.github/scripts/update_layer_arn.sh
index 455825067f..b92e30514d 100755
--- a/.github/scripts/update_layer_arn.sh
+++ b/.github/scripts/update_layer_arn.sh
@@ -9,13 +9,12 @@
 
 
 # Get the current layer version from SSM Parameter
-current_layer_arn=$(aws ssm get-parameter --name /aws/service/powertools/typescript/generic/all/latest --query Parameter.Value --output text --region us-east-1)
-current_layer_version=$(echo $current_layer_arn | sed 's/.*://')
-new_version=$((current_layer_version + 1))
-if [ -z "$new_version" ]; then
+if [ -z "$1" ]; then
     echo "Usage: $0 <new_version>"
     exit 1
 fi
+current_layer_arn=$(aws ssm get-parameter --name /aws/service/powertools/typescript/generic/all/$1 --query Parameter.Value --output text --region us-east-1)
+current_layer_version=$(echo $current_layer_arn | sed 's/.*://')
 
 # Find all files with specified extensions in ./docs and ./examples directories
 # -type f: only find files (not directories)
@@ -30,7 +29,7 @@ find ./docs ./examples -type f \( -name "*.md" -o -name "*.ts" -o -name "*.yaml"
     # -E: use extended regular expressions
     # IF TESTING IN MAC, replace `-i` with `-i ''`
     # The regex matches the layer name and replaces only the version number at the end
-    sed -i -E "s/AWSLambdaPowertoolsTypeScriptV2:[0-9]+/AWSLambdaPowertoolsTypeScriptV2:$new_version/g" "$file"
+    sed -i -E "s/AWSLambdaPowertoolsTypeScriptV2:[0-9]+/AWSLambdaPowertoolsTypeScriptV2:$current_layer_version/g" "$file"
     if [ $? -eq 0 ]; then
         echo "Updated $file successfully"
         grep "arn:aws:lambda:" "$file"
diff --git a/.github/workflows/publish_layer.yml b/.github/workflows/publish_layer.yml
index 49e212bbb2..ccbdae8c17 100644
--- a/.github/workflows/publish_layer.yml
+++ b/.github/workflows/publish_layer.yml
@@ -104,7 +104,7 @@ jobs:
           mask-aws-account-id: true
       - name: Replace layer versions in documentation
         run: |
-          ./.github/scripts/update_layer_arn.sh
+          ./.github/scripts/update_layer_arn.sh ${{ inputs.latest_published_version }}
       - name: Stage changes
         run: git add .
       - name: Create PR

From 71b235b4bb67db95f98ae52221c3b48fda1c158e Mon Sep 17 00:00:00 2001
From: Swopnil Dangol <swopnildangol@gmail.com>
Date: Tue, 19 Aug 2025 18:46:48 +0100
Subject: [PATCH 5/7] Reverted back to incrementing the layer version

---
 .github/scripts/update_layer_arn.sh | 9 +++------
 .github/workflows/publish_layer.yml | 2 +-
 2 files changed, 4 insertions(+), 7 deletions(-)

diff --git a/.github/scripts/update_layer_arn.sh b/.github/scripts/update_layer_arn.sh
index b92e30514d..89ad2eb4e1 100755
--- a/.github/scripts/update_layer_arn.sh
+++ b/.github/scripts/update_layer_arn.sh
@@ -9,12 +9,9 @@
 
 
 # Get the current layer version from SSM Parameter
-if [ -z "$1" ]; then
-    echo "Usage: $0 <new_version>"
-    exit 1
-fi
-current_layer_arn=$(aws ssm get-parameter --name /aws/service/powertools/typescript/generic/all/$1 --query Parameter.Value --output text --region us-east-1)
+current_layer_arn=$(aws ssm get-parameter --name /aws/service/powertools/typescript/generic/all/latest --query Parameter.Value --output text --region us-east-1)
 current_layer_version=$(echo $current_layer_arn | sed 's/.*://')
+new_version=$((current_layer_version + 1))
 
 # Find all files with specified extensions in ./docs and ./examples directories
 # -type f: only find files (not directories)
@@ -29,7 +26,7 @@ find ./docs ./examples -type f \( -name "*.md" -o -name "*.ts" -o -name "*.yaml"
     # -E: use extended regular expressions
     # IF TESTING IN MAC, replace `-i` with `-i ''`
     # The regex matches the layer name and replaces only the version number at the end
-    sed -i -E "s/AWSLambdaPowertoolsTypeScriptV2:[0-9]+/AWSLambdaPowertoolsTypeScriptV2:$current_layer_version/g" "$file"
+    sed -i -E "s/AWSLambdaPowertoolsTypeScriptV2:[0-9]+/AWSLambdaPowertoolsTypeScriptV2:$new_version/g" "$file"
     if [ $? -eq 0 ]; then
         echo "Updated $file successfully"
         grep "arn:aws:lambda:" "$file"
diff --git a/.github/workflows/publish_layer.yml b/.github/workflows/publish_layer.yml
index ccbdae8c17..49e212bbb2 100644
--- a/.github/workflows/publish_layer.yml
+++ b/.github/workflows/publish_layer.yml
@@ -104,7 +104,7 @@ jobs:
           mask-aws-account-id: true
       - name: Replace layer versions in documentation
         run: |
-          ./.github/scripts/update_layer_arn.sh ${{ inputs.latest_published_version }}
+          ./.github/scripts/update_layer_arn.sh
       - name: Stage changes
         run: git add .
       - name: Create PR

From b48184568a8ff8bee7588ce3d7959e17c535bc6d Mon Sep 17 00:00:00 2001
From: Swopnil Dangol <swopnildangol@gmail.com>
Date: Wed, 20 Aug 2025 14:15:04 +0100
Subject: [PATCH 6/7] Used the output from the deploy layer workflow to get the
 latest deployed layer arn

---
 .github/scripts/update_layer_arn.sh               | 11 +++++++----
 .github/workflows/publish_layer.yml               |  8 +-------
 .github/workflows/reusable_deploy_layer_stack.yml |  9 ++++++++-
 3 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/.github/scripts/update_layer_arn.sh b/.github/scripts/update_layer_arn.sh
index 89ad2eb4e1..3a39f3135b 100755
--- a/.github/scripts/update_layer_arn.sh
+++ b/.github/scripts/update_layer_arn.sh
@@ -8,10 +8,13 @@
 # see .github/workflows/publish_layer.yml
 
 
-# Get the current layer version from SSM Parameter
-current_layer_arn=$(aws ssm get-parameter --name /aws/service/powertools/typescript/generic/all/latest --query Parameter.Value --output text --region us-east-1)
-current_layer_version=$(echo $current_layer_arn | sed 's/.*://')
-new_version=$((current_layer_version + 1))
+# Get the new layer arn from the first command-line argument
+new_layer_arn=$1
+if [ -z "$new_layer_arn" ]; then
+    echo "Usage: $0 <new_layer_arn>"
+    exit 1
+fi
+new_version=$(echo $new_layer_arn | sed 's/.*://')
 
 # Find all files with specified extensions in ./docs and ./examples directories
 # -type f: only find files (not directories)
diff --git a/.github/workflows/publish_layer.yml b/.github/workflows/publish_layer.yml
index 49e212bbb2..9b59b6791f 100644
--- a/.github/workflows/publish_layer.yml
+++ b/.github/workflows/publish_layer.yml
@@ -96,15 +96,9 @@ jobs:
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8  # v5.0.0
         with:
           ref: ${{ github.sha }}
-      - id: creds
-        uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a
-        with:
-          aws-region: us-east-1
-          role-to-assume: ${{ secrets.US_EAST_1 }}
-          mask-aws-account-id: true
       - name: Replace layer versions in documentation
         run: |
-          ./.github/scripts/update_layer_arn.sh
+          ./.github/scripts/update_layer_arn.sh ${{ needs.deploy-prod.outputs.layer-arn }}
       - name: Stage changes
         run: git add .
       - name: Create PR
diff --git a/.github/workflows/reusable_deploy_layer_stack.yml b/.github/workflows/reusable_deploy_layer_stack.yml
index e8ea6aa4ca..9d481b4f15 100644
--- a/.github/workflows/reusable_deploy_layer_stack.yml
+++ b/.github/workflows/reusable_deploy_layer_stack.yml
@@ -15,6 +15,10 @@ on:
         description: "Latest version that is published"
         required: true
         type: string
+    outputs:
+      layer-arn:
+        description: "The latest deployed Layer ARN"
+        value: ${{ jobs.deploy-cdk-stack.outputs.layer-arn }}
     secrets:
       target-account-role:
         required: true
@@ -65,6 +69,8 @@ jobs:
             "il-central-1",
             "mx-central-1"
           ]
+    outputs:
+      layer-arn: ${{ steps.store-latest-layer-arn.outputs.layer-arn }}
     steps:
       - name: checkout
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8  # v5.0.0
@@ -89,11 +95,12 @@ jobs:
       - name: Deploy Layer
         run: npm run cdk -w layers -- deploy --app cdk.out --context region=${{ matrix.region }} 'LayerPublisherStack' --require-approval never --verbose --outputs-file cdk-outputs.json
       - name: Store latest Layer ARN
+        id: store-latest-layer-arn
         if: ${{ inputs.stage == 'PROD' }}
         run: |
           mkdir cdk-layer-stack
           jq -r -c '.LayerPublisherStack.LatestLayerArn' layers/cdk-outputs.json > cdk-layer-stack/${{ matrix.region }}-layer-version.txt
-          cat cdk-layer-stack/${{ matrix.region }}-layer-version.txt
+          echo "layer-arn=$(cat cdk-layer-stack/${{ matrix.region }}-layer-version.txt)" | tee -a "$GITHUB_OUTPUT"
       - name: Save Layer ARN artifact
         if: ${{ inputs.stage == 'PROD' }}
         uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2

From 2d0f96ec258abd4c19ef35f2c1e827686d7dc509 Mon Sep 17 00:00:00 2001
From: Swopnil Dangol <swopnildangol@gmail.com>
Date: Wed, 20 Aug 2025 14:25:42 +0100
Subject: [PATCH 7/7] Output the layern arn only for us-east-1

---
 .github/workflows/reusable_deploy_layer_stack.yml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/reusable_deploy_layer_stack.yml b/.github/workflows/reusable_deploy_layer_stack.yml
index 9d481b4f15..f4bf2955ba 100644
--- a/.github/workflows/reusable_deploy_layer_stack.yml
+++ b/.github/workflows/reusable_deploy_layer_stack.yml
@@ -100,7 +100,11 @@ jobs:
         run: |
           mkdir cdk-layer-stack
           jq -r -c '.LayerPublisherStack.LatestLayerArn' layers/cdk-outputs.json > cdk-layer-stack/${{ matrix.region }}-layer-version.txt
-          echo "layer-arn=$(cat cdk-layer-stack/${{ matrix.region }}-layer-version.txt)" | tee -a "$GITHUB_OUTPUT"
+          if [ "${{ matrix.region }}" = "us-east-1" ]; then
+            echo "layer-arn=$(cat cdk-layer-stack/${{ matrix.region }}-layer-version.txt)" | tee -a "$GITHUB_OUTPUT"
+          else
+            cat cdk-layer-stack/${{ matrix.region }}-layer-version.txt
+          fi
       - name: Save Layer ARN artifact
         if: ${{ inputs.stage == 'PROD' }}
         uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2