From f0971e6af752f64535b723ab7789c614131921e2 Mon Sep 17 00:00:00 2001 From: Swopnil Dangol Date: Mon, 18 Aug 2025 20:53:52 +0100 Subject: [PATCH 1/4] Automated the layer version increment process --- .github/workflows/update_ssm.yml | 17 +++++++++-------- docs/maintainers.md | 16 ++++------------ 2 files changed, 13 insertions(+), 20 deletions(-) diff --git a/.github/workflows/update_ssm.yml b/.github/workflows/update_ssm.yml index c9fe02d307..de59aa5e30 100644 --- a/.github/workflows/update_ssm.yml +++ b/.github/workflows/update_ssm.yml @@ -5,7 +5,6 @@ # * environment: will prefix /beta/ into the parameter # * write_latest: will create a latest alias instead of a version number in the parameter # * package_version: semantic version number of the released layer (3.x.y) -# * layer_version: this is sequential layer version from the ARN # # A successful parameter would look similar to: # /aws/service/powertools/python/arm64/python3.8/3.1.0 @@ -41,11 +40,6 @@ on: type: string required: true - layer_version: - description: Layer version - type: string - required: true - name: SSM Parameters run-name: SSM Parameters - TypeScript @@ -107,15 +101,22 @@ jobs: # Dynamic secret access is safe here - secrets are scoped per environment role-to-assume: ${{ secrets[format('{0}', steps.transform.outputs.CONVERTED_REGION)] }} mask-aws-account-id: true + - id: get-version + env: + prefix: ${{ inputs.environment == 'beta' && '/aws/service/powertools/beta' || '/aws/service/powertools' }} + run: | + current_layer_version=$(aws ssm get-parameter --name ${{ env.prefix }}/typescript/generic/all/${{ inputs.package_version }} --query Parameter.Value --output text --region us-east-1) + new_layer_version=$((current_layer_version + 1)) + echo "new_layer_version=$new_layer_version" >> "$GITHUB_OUTPUT" - id: write-version env: prefix: ${{ inputs.environment == 'beta' && '/aws/service/powertools/beta' || '/aws/service/powertools' }} run: | - aws ssm put-parameter --name ${{ env.prefix }}/typescript/generic/all/${{ inputs.package_version }} --value "arn:aws:lambda:${{ matrix.region }}:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:${{ inputs.layer_version }}" --type String --overwrite + aws ssm put-parameter --name ${{ env.prefix }}/typescript/generic/all/${{ inputs.package_version }} --value "arn:aws:lambda:${{ matrix.region }}:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:${{ steps.get-version.outputs.new_layer_version }}" --type String --overwrite - id: write-latest if: inputs.write_latest == true env: prefix: ${{ inputs.environment == 'beta' && '/aws/service/powertools/beta' || '/aws/service/powertools' }} run: | - aws ssm put-parameter --name ${{ env.prefix }}/typescript/generic/all/latest --value "arn:aws:lambda:${{ matrix.region }}:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:${{ inputs.layer_version }}" --type String --overwrite + aws ssm put-parameter --name ${{ env.prefix }}/typescript/generic/all/latest --value "arn:aws:lambda:${{ matrix.region }}:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:${{ steps.get-version.outputs.new_layer_version }}" --type String --overwrite diff --git a/docs/maintainers.md b/docs/maintainers.md index e6c19b3085..3027d98766 100644 --- a/docs/maintainers.md +++ b/docs/maintainers.md @@ -191,20 +191,12 @@ This will publish the Lambda layer to the AWS China (Beijing) Region. 9. **Merge docs PR**: Once the `Layer Deployment (Partition)` workflow for the production China partition is complete, merge the PR from step 4 to update the documentation with the new version. 10. **Update SSM Parameters (Beta)**: Run the `SSM Parameters` workflow with the `main` branch, targeting the `beta` -deployment environment, and using the package version from npm (i.e., `2.20.0`) and Lambda layer version from step 4. +deployment environment, and using the package version from npm (i.e., `2.20.0`). This will update the SSM parameters with the new version. -11. **Verify SSM Parameters (Beta)**: Use the AWS CLI to verify that the SSM parameters were updated correctly. Run -the following command: `aws ssm get-parameter --name=/aws/service/powertools/beta/typescript/generic/all/latest` -and `aws ssm get-parameter --name=/aws/service/powertools/beta/typescript/generic/all/` to verify that the -SSM parameters were updated correctly. -12. **Update SSM Parameters (Prod)**: Run the `SSM Parameters` workflow with the `main` branch, targeting the `prod` -deployment environment, and using the package version from npm (i.e., `2.20.0`) and Lambda layer version from step 4. +11. **Update SSM Parameters (Prod)**: Run the `SSM Parameters` workflow with the `main` branch, targeting the `prod` +deployment environment, and using the package version from npm (i.e., `2.20.0`). This will update the SSM parameters with the new version. -13. **Verify SSM Parameters (Prod)**: Use the AWS CLI to verify that the SSM parameters were updated correctly. Run -the following command: `aws ssm get-parameter --name=/aws/service/powertools/typescript/generic/all/latest` -and `aws ssm get-parameter --name=/aws/service/powertools/typescript/generic/all/` to verify that the -SSM parameters were updated correctly. -14. **Update Docs**: Run the `Rebuild latest docs` workflow with the `main` branch using the package version from +12. **Update Docs**: Run the `Rebuild latest docs` workflow with the `main` branch using the package version from npm (i.e. `2.20.0`). This will update the documentation with the new version. Once complete, you can start drafting the release notes to let customers know **what changed and what's in it for them (a.k.a why they should care)**. We have guidelines in the release notes section so you know what good looks like. From 84e984c8cb35e18639fe94cb6383ffcb33d3609b Mon Sep 17 00:00:00 2001 From: Swopnil Dangol Date: Thu, 21 Aug 2025 21:50:08 +0100 Subject: [PATCH 2/4] Output the layer version instead of layer arn from the deploy layer workflow and added update ssm workflow to be called from the publish layer workflow --- .github/scripts/update_layer_arn.sh | 9 ++-- .github/workflows/publish_layer.yml | 22 +++++++++- .../workflows/reusable_deploy_layer_stack.yml | 15 +++---- .github/workflows/update_ssm.yml | 41 ++++++++++++++----- 4 files changed, 63 insertions(+), 24 deletions(-) diff --git a/.github/scripts/update_layer_arn.sh b/.github/scripts/update_layer_arn.sh index 3a39f3135b..337b908a80 100755 --- a/.github/scripts/update_layer_arn.sh +++ b/.github/scripts/update_layer_arn.sh @@ -8,13 +8,12 @@ # see .github/workflows/publish_layer.yml -# Get the new layer arn from the first command-line argument -new_layer_arn=$1 -if [ -z "$new_layer_arn" ]; then - echo "Usage: $0 " +# Get the new layer version from the first command-line argument +new_version=$1 +if [ -z "$new_version" ]; then + echo "Usage: $0 " exit 1 fi -new_version=$(echo $new_layer_arn | sed 's/.*://') # Find all files with specified extensions in ./docs and ./examples directories # -type f: only find files (not directories) diff --git a/.github/workflows/publish_layer.yml b/.github/workflows/publish_layer.yml index 9b59b6791f..a7c2fa4078 100644 --- a/.github/workflows/publish_layer.yml +++ b/.github/workflows/publish_layer.yml @@ -80,6 +80,26 @@ jobs: secrets: target-account-role: ${{ secrets.AWS_LAYERS_PROD_ROLE_ARN }} + update-ssm-beta: + needs: [deploy-beta] + uses: ./.github/workflows/update_ssm.yml + permissions: + contents: read + with: + environment: beta + package_version: ${{ inputs.latest_published_version }} + layer-version: ${{ needs.deploy-beta.outputs.layer-version }} + + update-ssm-prod: + needs: [deploy-prod] + uses: ./.github/workflows/update_ssm.yml + permissions: + contents: read + with: + environment: prod + package_version: ${{ inputs.latest_published_version }} + layer-version: ${{ needs.deploy-prod.outputs.layer-version }} + update_layer_arn_docs: needs: [deploy-prod] # Force Github action to run only a single job at a time (based on the group name) @@ -98,7 +118,7 @@ jobs: ref: ${{ github.sha }} - name: Replace layer versions in documentation run: | - ./.github/scripts/update_layer_arn.sh ${{ needs.deploy-prod.outputs.layer-arn }} + ./.github/scripts/update_layer_arn.sh ${{ needs.deploy-prod.outputs.layer-version }} - name: Stage changes run: git add . - name: Create PR diff --git a/.github/workflows/reusable_deploy_layer_stack.yml b/.github/workflows/reusable_deploy_layer_stack.yml index f4bf2955ba..c7a5afc855 100644 --- a/.github/workflows/reusable_deploy_layer_stack.yml +++ b/.github/workflows/reusable_deploy_layer_stack.yml @@ -16,9 +16,9 @@ on: required: true type: string outputs: - layer-arn: - description: "The latest deployed Layer ARN" - value: ${{ jobs.deploy-cdk-stack.outputs.layer-arn }} + layer-version: + description: "The latest deployed Layer version" + value: ${{ jobs.deploy-cdk-stack.outputs.layer-version }} secrets: target-account-role: required: true @@ -70,7 +70,7 @@ jobs: "mx-central-1" ] outputs: - layer-arn: ${{ steps.store-latest-layer-arn.outputs.layer-arn }} + layer-version: ${{ steps.store-latest-layer-arn.outputs.layer-version }} steps: - name: checkout uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 @@ -100,10 +100,11 @@ jobs: run: | mkdir cdk-layer-stack jq -r -c '.LayerPublisherStack.LatestLayerArn' layers/cdk-outputs.json > cdk-layer-stack/${{ matrix.region }}-layer-version.txt + layer_arn=$(cat cdk-layer-stack/${{ matrix.region }}-layer-version.txt) + echo "$layer_arn" if [ "${{ matrix.region }}" = "us-east-1" ]; then - echo "layer-arn=$(cat cdk-layer-stack/${{ matrix.region }}-layer-version.txt)" | tee -a "$GITHUB_OUTPUT" - else - cat cdk-layer-stack/${{ matrix.region }}-layer-version.txt + layer_version=$(echo $layer_arn | sed 's/.*://') + echo "layer-version=$layer_version" >> "$GITHUB_OUTPUT" fi - name: Save Layer ARN artifact if: ${{ inputs.stage == 'PROD' }} diff --git a/.github/workflows/update_ssm.yml b/.github/workflows/update_ssm.yml index de59aa5e30..39806ea5ea 100644 --- a/.github/workflows/update_ssm.yml +++ b/.github/workflows/update_ssm.yml @@ -26,8 +26,8 @@ on: description: Environment to deploy to type: choice options: - - Beta - - Prod + - beta + - prod required: true write_latest: @@ -40,6 +40,32 @@ on: type: string required: true + layer-version: + description: Layer version of the published layer + type: string + required: true + + workflow_call: + inputs: + environment: + description: Environment to deploy to + type: string + required: true + + write_latest: + description: Write to the latest path + type: boolean + required: false + + package_version: + description: Semantic Version of published layer + type: string + required: true + layer-version: + description: Layer version of the published layer + type: string + required: true + name: SSM Parameters run-name: SSM Parameters - TypeScript @@ -101,22 +127,15 @@ jobs: # Dynamic secret access is safe here - secrets are scoped per environment role-to-assume: ${{ secrets[format('{0}', steps.transform.outputs.CONVERTED_REGION)] }} mask-aws-account-id: true - - id: get-version - env: - prefix: ${{ inputs.environment == 'beta' && '/aws/service/powertools/beta' || '/aws/service/powertools' }} - run: | - current_layer_version=$(aws ssm get-parameter --name ${{ env.prefix }}/typescript/generic/all/${{ inputs.package_version }} --query Parameter.Value --output text --region us-east-1) - new_layer_version=$((current_layer_version + 1)) - echo "new_layer_version=$new_layer_version" >> "$GITHUB_OUTPUT" - id: write-version env: prefix: ${{ inputs.environment == 'beta' && '/aws/service/powertools/beta' || '/aws/service/powertools' }} run: | - aws ssm put-parameter --name ${{ env.prefix }}/typescript/generic/all/${{ inputs.package_version }} --value "arn:aws:lambda:${{ matrix.region }}:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:${{ steps.get-version.outputs.new_layer_version }}" --type String --overwrite + aws ssm put-parameter --name ${{ env.prefix }}/typescript/generic/all/${{ inputs.package_version }} --value "arn:aws:lambda:${{ matrix.region }}:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:${{ inputs.layer-version }}" --type String --overwrite - id: write-latest if: inputs.write_latest == true env: prefix: ${{ inputs.environment == 'beta' && '/aws/service/powertools/beta' || '/aws/service/powertools' }} run: | - aws ssm put-parameter --name ${{ env.prefix }}/typescript/generic/all/latest --value "arn:aws:lambda:${{ matrix.region }}:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:${{ steps.get-version.outputs.new_layer_version }}" --type String --overwrite + aws ssm put-parameter --name ${{ env.prefix }}/typescript/generic/all/latest --value "arn:aws:lambda:${{ matrix.region }}:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:${{ inputs.layer-version }}" --type String --overwrite From 56c2f1593176fa1ccbb9ec2dba4c7b6866d8fc10 Mon Sep 17 00:00:00 2001 From: Swopnil Dangol Date: Thu, 21 Aug 2025 22:01:25 +0100 Subject: [PATCH 3/4] Removed the steps to update the SSM parameter from the maintainers documentation --- docs/maintainers.md | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/docs/maintainers.md b/docs/maintainers.md index 3027d98766..1ad48a25b7 100644 --- a/docs/maintainers.md +++ b/docs/maintainers.md @@ -190,13 +190,7 @@ targeting the `Prod` deployment environment and the China partition, and using t This will publish the Lambda layer to the AWS China (Beijing) Region. 9. **Merge docs PR**: Once the `Layer Deployment (Partition)` workflow for the production China partition is complete, merge the PR from step 4 to update the documentation with the new version. -10. **Update SSM Parameters (Beta)**: Run the `SSM Parameters` workflow with the `main` branch, targeting the `beta` -deployment environment, and using the package version from npm (i.e., `2.20.0`). -This will update the SSM parameters with the new version. -11. **Update SSM Parameters (Prod)**: Run the `SSM Parameters` workflow with the `main` branch, targeting the `prod` -deployment environment, and using the package version from npm (i.e., `2.20.0`). -This will update the SSM parameters with the new version. -12. **Update Docs**: Run the `Rebuild latest docs` workflow with the `main` branch using the package version from +10. **Update Docs**: Run the `Rebuild latest docs` workflow with the `main` branch using the package version from npm (i.e. `2.20.0`). This will update the documentation with the new version. Once complete, you can start drafting the release notes to let customers know **what changed and what's in it for them (a.k.a why they should care)**. We have guidelines in the release notes section so you know what good looks like. From 0cef27741d1724a695a79364bc251ecc1368fab6 Mon Sep 17 00:00:00 2001 From: Swopnil Dangol Date: Fri, 22 Aug 2025 10:07:00 +0100 Subject: [PATCH 4/4] Removed the update-ssm-beta job --- .github/workflows/publish_layer.yml | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/.github/workflows/publish_layer.yml b/.github/workflows/publish_layer.yml index a7c2fa4078..5187e16f72 100644 --- a/.github/workflows/publish_layer.yml +++ b/.github/workflows/publish_layer.yml @@ -80,16 +80,6 @@ jobs: secrets: target-account-role: ${{ secrets.AWS_LAYERS_PROD_ROLE_ARN }} - update-ssm-beta: - needs: [deploy-beta] - uses: ./.github/workflows/update_ssm.yml - permissions: - contents: read - with: - environment: beta - package_version: ${{ inputs.latest_published_version }} - layer-version: ${{ needs.deploy-beta.outputs.layer-version }} - update-ssm-prod: needs: [deploy-prod] uses: ./.github/workflows/update_ssm.yml