forked from open-telemetry/opentelemetry-lambda
-
Notifications
You must be signed in to change notification settings - Fork 2
116 lines (100 loc) · 3.76 KB
/
layer-publish.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
name: Publish Lambda Layer
on:
workflow_call:
inputs:
artifact-name:
description: 'This should correspond to a actions/upload-artifact name earlier in the build.'
required: true
type: string
layer-name:
description: 'Layer name not including other parts like arch or version.'
required: true
type: string
component-version:
description: 'Version of the component included in this release. Not the same as the layer/tagged version.'
required: true
type: string
architecture:
description: '(optional) amd64 or arm64'
required: false
type: string
runtimes:
description: '(optional) a space delimited list of compatible runtimes (from https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html)'
required: false
type: string
release-group:
description: 'Release to dev or prod? "prod" yields empty value. (Default: dev)'
required: true
default: dev
type: string
aws_region:
description: 'Publish to which AWS region?'
required: true
type: string
permissions:
id-token: write
contents: read
jobs:
publish_layer:
runs-on: ubuntu-latest
steps:
- name: Construct Layer Name
shell: bash
run: |
LAYER_NAME=${{ inputs.layer-name }}
if [[ -n "${{ inputs.architecture }}" ]]; then
LAYER_NAME=$LAYER_NAME-${{ inputs.architecture }}
ARCH=$(echo "${{ inputs.architecture }}" | sed -r 's/amd64/x86_64/g')
else
ARCH="x86_64 arm64"
fi
echo "ARCH=$ARCH" >> $GITHUB_ENV
if [[ -n "${{ inputs.runtimes }}" ]]; then
RUNTIMES="--compatible-runtimes ${{ inputs.runtimes }}"
fi
echo "RUNTIMES=$RUNTIMES" >> $GITHUB_ENV
if [[ "${{ inputs.release-group }}" != "prod" ]]; then
LAYER_NAME=$LAYER_NAME-${{ inputs.release-group }}
fi
LAYER_VERSION=$(echo "$GITHUB_REF_NAME" | sed -r 's/.*\/[^0-9\.]*//g')
LAYER_VERSION_CLEANED=$(echo "$LAYER_VERSION" | sed -r 's/\./_/g')
LAYER_NAME=$LAYER_NAME-$LAYER_VERSION_CLEANED
echo "LAYER_NAME=$LAYER_NAME" >> $GITHUB_ENV
echo GITHUB_ENV:
cat $GITHUB_ENV
- name: Download built layer
uses: actions/download-artifact@v3
with:
name: ${{ inputs.artifact-name }}
- uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.PROD_LAMBDA_ROLE_ARN }}
role-duration-seconds: 1200
aws-region: ${{ inputs.aws_region }}
mask-aws-account-id: false
- name: Publish Lambda Layer
run: |
LAYER_ARN=$(
aws lambda publish-layer-version \
--layer-name $LAYER_NAME \
--license-info "Apache 2.0" \
--compatible-architectures $ARCH $RUNTIMES \
--zip-file fileb://${{ inputs.artifact-name }} \
--query 'LayerVersionArn' \
--output text
)
echo "::notice ::$LAYER_ARN component-version=${{ inputs.component-version }}"
# echo "* $LAYER_ARN" >> $GITHUB_STEP_SUMMARY
- name: Make Layer Public
run: |
LAYER_VERSION=$(
aws lambda list-layer-versions \
--layer-name $LAYER_NAME \
--query 'max_by(LayerVersions, &Version).Version'
)
aws lambda add-layer-version-permission \
--layer-name $LAYER_NAME \
--version-number $LAYER_VERSION \
--principal "*" \
--statement-id publish \
--action lambda:GetLayerVersion