add upload-layer job to the release pipeline and for now to the main pipeline, just for the test

zhelezovartem · zhelezovartem · commit 99588d50ad15 · 2024-12-24T22:08:12.000+03:00
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -3,7 +3,7 @@ name: Main
 on:
   push:
     branches:
-      - '**'
+      - "**"
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
@@ -16,29 +16,27 @@ jobs:
       trail_name: ${{ steps.prep.outputs.trail_name }}
       trail_template_file: ${{ steps.prep.outputs.trail_template_file }}
     steps:
+      - uses: actions/checkout@v4
 
-    - uses: actions/checkout@v4
+      - name: Prepare
+        id: prep
+        run: |
+          TAG=$(echo $GITHUB_SHA | head -c7)
+          echo "TAG=${TAG}" >> ${GITHUB_ENV}
+          echo "tag=$TAG" >> $GITHUB_OUTPUT
 
-    - name: Prepare
-      id: prep
-      run: |
-        TAG=$(echo $GITHUB_SHA | head -c7)
-        echo "TAG=${TAG}" >> ${GITHUB_ENV}
-        echo "tag=$TAG" >> $GITHUB_OUTPUT
-
-        if [ "${GITHUB_REF}" == refs/tags/* ]; then
-          TRAIL_NAME=${GITHUB_REF##refs/tags/}
-          TRAIL_TEMPLATE_FILE=release-flow-template.yml
-        else
-          TRAIL_NAME=$(echo $GITHUB_SHA | head -c 7)
-          TRAIL_TEMPLATE_FILE=main-flow-template.yml
-        fi
-        echo "TRAIL_NAME=${TRAIL_NAME}" >> $GITHUB_ENV
-        echo "trail_name=$TRAIL_NAME" >> $GITHUB_OUTPUT
-
-        echo "TRAIL_TEMPLATE_FILE=${TRAIL_TEMPLATE_FILE}" >> $GITHUB_ENV
-        echo "trail_template_file=$TRAIL_TEMPLATE_FILE" >> $GITHUB_OUTPUT
+          if [ "${GITHUB_REF}" == refs/tags/* ]; then
+            TRAIL_NAME=${GITHUB_REF##refs/tags/}
+            TRAIL_TEMPLATE_FILE=release-flow-template.yml
+          else
+            TRAIL_NAME=$(echo $GITHUB_SHA | head -c 7)
+            TRAIL_TEMPLATE_FILE=main-flow-template.yml
+          fi
+          echo "TRAIL_NAME=${TRAIL_NAME}" >> $GITHUB_ENV
+          echo "trail_name=$TRAIL_NAME" >> $GITHUB_OUTPUT
 
+          echo "TRAIL_TEMPLATE_FILE=${TRAIL_TEMPLATE_FILE}" >> $GITHUB_ENV
+          echo "trail_template_file=$TRAIL_TEMPLATE_FILE" >> $GITHUB_OUTPUT
 
   init-kosli:
     needs: [pre-build]
@@ -52,7 +50,6 @@ jobs:
       kosli_api_token: ${{ secrets.KOSLI_PUBLIC_API_TOKEN }}
       pr_github_token: ${{ secrets.GITHUB_TOKEN }}
 
-
   test:
     needs: [pre-build, init-kosli]
     uses: ./.github/workflows/test.yml
@@ -76,6 +73,16 @@ jobs:
       snyk_token: ${{ secrets.SNYK_TOKEN }}
       kosli_api_token: ${{ secrets.KOSLI_PUBLIC_API_TOKEN }}
 
+  environment-reporter-upload-layer:
+    needs: [pre-build, init-kosli]
+    runs-on: ubuntu-24.04
+    uses: ./.github/workflows/upload-cli-layer.yml
+    with:
+      # tag: v2.11.2
+      tag: ${{ needs.pre-build.outputs.tag }}
+      AWS_ACCOUNT_ID: 585008075785
+      AWS_REGION: eu-central-1
+
   docker:
     needs: [pre-build, test, init-kosli]
     uses: ./.github/workflows/docker.yml
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -2,10 +2,10 @@ name: release
 
 on:
   push:
-    tags:        
-      - 'v*' 
+    tags:
+      - "v*"
 
-env: 
+env:
   GO_VERSION: 1.22.0
 
 concurrency:
@@ -19,48 +19,47 @@ jobs:
       trail_name: ${{ steps.prep.outputs.trail_name }}
       trail_template_file: ${{ steps.prep.outputs.trail_template_file }}
     steps:
-    
-    - uses: actions/checkout@v4
-
-    - name: Get tag
-      id: tag
-      uses: dawidd6/action-get-tag@v1
-
-    - name: Prepare
-      id: prep
-      run: |
-        echo "TRAIL_NAME=${{ steps.tag.outputs.tag }}" >> $GITHUB_STATE
-        echo "trail_name=${{ steps.tag.outputs.tag }}" >> $GITHUB_OUTPUT
-
-        echo "TRAIL_TEMPLATE_FILE=release-flow-template.yml" >> $GITHUB_STATE
-        echo "trail_template_file=release-flow-template.yml" >> $GITHUB_OUTPUT
-  
+      - uses: actions/checkout@v4
+
+      - name: Get tag
+        id: tag
+        uses: dawidd6/action-get-tag@v1
+
+      - name: Prepare
+        id: prep
+        run: |
+          echo "TRAIL_NAME=${{ steps.tag.outputs.tag }}" >> $GITHUB_STATE
+          echo "trail_name=${{ steps.tag.outputs.tag }}" >> $GITHUB_OUTPUT
+
+          echo "TRAIL_TEMPLATE_FILE=release-flow-template.yml" >> $GITHUB_STATE
+          echo "trail_template_file=release-flow-template.yml" >> $GITHUB_OUTPUT
+
   init-kosli:
-      needs: [pre-build]
-      uses: ./.github/workflows/init_kosli.yml
-      with:
-        FLOW_NAME: cli-release
-        TRAIL_NAME: ${{ needs.pre-build.outputs.trail_name }}
-        FLOW_TEMPLATE_FILE: ${{ needs.pre-build.outputs.trail_template_file }}
-        KOSLI_ORG: kosli-public
-      secrets:
-        kosli_api_token: ${{ secrets.KOSLI_PUBLIC_API_TOKEN }}
-        pr_github_token: ${{ secrets.GITHUB_TOKEN }}
+    needs: [pre-build]
+    uses: ./.github/workflows/init_kosli.yml
+    with:
+      FLOW_NAME: cli-release
+      TRAIL_NAME: ${{ needs.pre-build.outputs.trail_name }}
+      FLOW_TEMPLATE_FILE: ${{ needs.pre-build.outputs.trail_template_file }}
+      KOSLI_ORG: kosli-public
+    secrets:
+      kosli_api_token: ${{ secrets.KOSLI_PUBLIC_API_TOKEN }}
+      pr_github_token: ${{ secrets.GITHUB_TOKEN }}
 
   never-alone-trail:
-      needs: [pre-build, init-kosli]
-      uses: ./.github/workflows/never_alone_trail.yml
-      with:
-        FLOW_NAME: cli-release-never-alone
-        TRAIL_NAME: ${{ needs.pre-build.outputs.trail_name }}
-        SOURCE_FLOW_NAME: cli
-        ATTESTATION_NAME: never-alone-data
-        PARENT_FLOW_NAME: cli-release
-        PARENT_TRAIL_NAME: ${{ needs.pre-build.outputs.trail_name }}
-        KOSLI_ORG: kosli-public
-      secrets:
-        kosli_api_token: ${{ secrets.KOSLI_PUBLIC_API_TOKEN }}
-        pr_github_token: ${{ secrets.GITHUB_TOKEN }}        
+    needs: [pre-build, init-kosli]
+    uses: ./.github/workflows/never_alone_trail.yml
+    with:
+      FLOW_NAME: cli-release-never-alone
+      TRAIL_NAME: ${{ needs.pre-build.outputs.trail_name }}
+      SOURCE_FLOW_NAME: cli
+      ATTESTATION_NAME: never-alone-data
+      PARENT_FLOW_NAME: cli-release
+      PARENT_TRAIL_NAME: ${{ needs.pre-build.outputs.trail_name }}
+      KOSLI_ORG: kosli-public
+    secrets:
+      kosli_api_token: ${{ secrets.KOSLI_PUBLIC_API_TOKEN }}
+      pr_github_token: ${{ secrets.GITHUB_TOKEN }}
 
   test:
     needs: [pre-build, init-kosli]
@@ -131,13 +130,13 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           FURY_TOKEN: ${{ secrets.FURY_TOKEN }}
-      
+
       - uses: actions/upload-artifact@v4
         with:
           name: dist
           path: dist
           retention-days: 1
-      
+
       - name: Prepare artifacts list
         id: prepare-artifacts-list
         run: |
@@ -151,12 +150,11 @@ jobs:
                 .
             end
            )][]' dist/artifacts.json)
-          
+
           echo "artifacts<<nEOFn" >> $GITHUB_OUTPUT
           echo "${ARTIFACTS}" >> $GITHUB_OUTPUT
           echo "nEOFn" >> $GITHUB_OUTPUT
 
-
   binary-provenance:
     needs: [goreleaser, pre-build]
     name: Artifacts Binary Provenance
@@ -183,7 +181,7 @@ jobs:
         env:
           # the personal access token should have "repo" & "workflow" scopes
           COMMITTER_TOKEN: ${{ secrets.COMMITTER_TOKEN }}
-    
+
   docs-gen:
     needs: [goreleaser, pre-build]
     runs-on: ubuntu-latest
@@ -197,14 +195,14 @@ jobs:
         uses: actions/setup-go@v5
         with:
           go-version: ${{ env.GO_VERSION }}
-    
+
       - name: Generate docs
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         # legacy-ref should happen first as it has the side effect of deleting generated files outside the legacy_ref
-        run: | 
+        run: |
           make legacy-ref-docs 
-          make cli-docs 
+          make cli-docs
 
       - name: Generate json
         run: |
@@ -243,3 +241,12 @@ jobs:
           repository: kosli-dev/terraform-aws-kosli-reporter
           event-type: upload-package
           client-payload: '{"kosli_cli_tag": "${{ needs.pre-build.outputs.tag }}"}'
+
+  environment-reporter-upload-layer:
+    needs: [pre-build, goreleaser]
+    runs-on: ubuntu-24.04
+    uses: ./.github/workflows/upload-cli-layer.yml
+    with:
+      tag: ${{ needs.pre-build.outputs.tag }}
+      AWS_ACCOUNT_ID: 585008075785
+      AWS_REGION: eu-central-1
diff --git a/.github/workflows/upload-cli-layer.yml b/.github/workflows/upload-cli-layer.yml
@@ -1,20 +1,17 @@
 name: Upload Kosli cli lambda layer
 
 on:
-  push:
-    branches:
-      - "lambda-layer"
-  # workflow_call:
-  #   inputs:
-  #     tag:
-  #       required: true
-  #       type: string
-  #     AWS_ACCOUNT_ID:
-  #       required: true
-  #       type: string
-  #     AWS_REGION:
-  #       required: true
-  #       type: string
+  workflow_call:
+    inputs:
+      tag:
+        required: true
+        type: string
+      AWS_ACCOUNT_ID:
+        required: true
+        type: string
+      AWS_REGION:
+        required: true
+        type: string
 
 jobs:
   upload-layer:
@@ -28,18 +25,14 @@ jobs:
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:
-          # role-to-assume: arn:aws:iam::${{ inputs.AWS_ACCOUNT_ID }}:role/cli
-          # aws-region: ${{ inputs.AWS_REGION }}
-          role-to-assume: arn:aws:iam::585008075785:role/cli
-          aws-region: "eu-central-1"
+          role-to-assume: arn:aws:iam::${{ inputs.AWS_ACCOUNT_ID }}:role/cli
+          aws-region: ${{ inputs.AWS_REGION }}
           role-duration-seconds: 2400
           role-session-name: ${{ github.event.repository.name }}
 
       - name: Upload reporter lambda package
         id: upload-reporter-lambda-package
         env:
-          # TAG: ${{ inputs.tag }}
-          # AWS_ACCOUNT_ID: ${{ inputs.AWS_ACCOUNT_ID }}
-          TAG: v2.11.1
-          AWS_ACCOUNT_ID: 585008075785
+          TAG: ${{ inputs.tag }}
+          AWS_ACCOUNT_ID: ${{ inputs.AWS_ACCOUNT_ID }}
         run: ./bin/upload_cli_layer.sh
diff --git a/.github/workflows/upload-reporter-package.yml b/.github/workflows/upload-reporter-package.yml
