Skip to content

Merge pull request #31 from qpre/patch-1 #155

Merge pull request #31 from qpre/patch-1

Merge pull request #31 from qpre/patch-1 #155

Workflow file for this run

name: CI
permissions:
id-token: write
contents: read
on:
pull_request:
branches:
- main
push:
branches:
- main
tags:
- "v*"
env:
GOVERSION: "1.18"
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: ${{ env.GOVERSION }}
- uses: golangci/golangci-lint-action@v3
test:
name: Test
runs-on: ubuntu-latest
needs:
- lint
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: ${{ env.GOVERSION }}
- name: unit tests
run: make test
build:
name: Build
runs-on: ubuntu-latest
needs:
- lint
strategy:
matrix:
architecture:
- amd64
- arm64
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: ${{ env.GOVERSION }}
- name: build the binary ${{ matrix.architecture }}
run: GOARCH=${{ matrix.architecture }} make build
publish:
name: Publish ${{ matrix.architecture }} binary in ${{ matrix.region }} in Development AWS Account
runs-on: ubuntu-latest
if: github.repository_owner == 'axiomhq' && github.ref == 'refs/heads/main'
needs:
- build
strategy:
matrix:
architecture:
- amd64
- arm64
region:
- eu-west-1
- us-east-1
- us-east-2
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: ${{ env.GOVERSION }}
- name: Package the binary
run: GOARCH=${{ matrix.architecture }} make package
- uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ secrets.AWS_DEV_IAM_ROLE }}
role-session-name: lambda_extension
aws-region: ${{ matrix.region }}
- name: Publish Lambda ${{ matrix.architecture }} layer to ${{ matrix.region }}
run: |
ARCH=${{ matrix.architecture }}
if [[ $ARCH == "amd64" ]]; then
ARCH=x86_64
fi
# Publish Lambda layer
LAYER_VERSION=$(aws lambda publish-layer-version \
--layer-name axiom-extension-$ARCH \
--region ${{ matrix.region }} \
--description 'axiom lambda extension to push lambda logs to https://axiom.co' \
--compatible-architectures $ARCH \
--zip-file "fileb://bin/extension.zip" --output json | jq .Version)
# THIS make the lambda layer only accessible by the Axiom AWS organization
aws lambda add-layer-version-permission \
--layer-name axiom-extension-$ARCH \
--version-number $LAYER_VERSION \
--statement-id axiomOrg \
--principal '*' \
--organization-id ${{ secrets.AWS_ORGANIZATION_ID }} \
--region ${{ matrix.region }} \
--action lambda:GetLayerVersion
deploy_latest_layer_dev:
name: Deploy Latest Layer in Development Query Lambda
runs-on: ubuntu-latest
if: github.repository_owner == 'axiomhq' && github.ref == 'refs/heads/main'
needs:
- publish
steps:
- uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ secrets.AWS_DEV_IAM_ROLE }}
role-session-name: lambda_extension
aws-region: eu-west-1
- name: Update DB query with the latest layer version
run: |
# get Latest Layer version
LATEST_LAYER_ARN=$(aws lambda list-layer-versions \
--layer-name axiom-extension-arm64 \
--query 'LayerVersions[0].LayerVersionArn' | tr -d '"' )
# Update DB Query function with the latest version
aws lambda update-function-configuration \
--function-name db-query-function-5k4h7 \
--layers $LATEST_LAYER_ARN
publish_to_production:
name: Publish ${{ matrix.architecture }} binary in ${{ matrix.region }} in Production AWS Account
runs-on: ubuntu-latest
if: github.repository_owner == 'axiomhq' && startsWith(github.ref, 'refs/tags') # Only on tags
needs:
- build
strategy:
fail-fast: false
matrix:
architecture:
- amd64
- arm64
region:
- us-east-2
- us-east-1
- us-west-1
- us-west-2
- af-south-1
- ap-east-1
- ap-south-2
- ap-southeast-3
- ap-southeast-4
- ap-south-1
- ap-northeast-3
- ap-northeast-2
- ap-southeast-1
- ap-southeast-2
- ap-northeast-1
- ca-central-1
- ca-west-1
- eu-central-1
- eu-west-1
- eu-west-2
- eu-south-1
- eu-west-3
- eu-south-2
- eu-north-1
- eu-central-2
- il-central-1
- me-south-1
- me-central-1
- sa-east-1
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: ${{ env.GOVERSION }}
- name: Package the binary
run: GOARCH=${{ matrix.architecture }} make package
- uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ secrets.AWS_PROD_IAM_ROLE }}
role-session-name: lambda_extension
aws-region: ${{ matrix.region }}
- name: Publish Lambda ${{ matrix.architecture }} layer to ${{ matrix.region }}
run: |
ARCH=${{ matrix.architecture }}
if [[ $ARCH == "amd64" ]]; then
ARCH=x86_64
fi
# Publish Lambda layer
LAYER_VERSION=$(aws lambda publish-layer-version \
--layer-name axiom-extension-$ARCH \
--region ${{ matrix.region }} \
--description 'axiom lambda extension to push lambda logs to https://axiom.co' \
--compatible-architectures $ARCH \
--zip-file "fileb://bin/extension.zip" --output json | jq .Version)
# THIS makes the lambda layer public
aws lambda add-layer-version-permission \
--layer-name axiom-extension-$ARCH \
--version-number $LAYER_VERSION \
--statement-id allOrgs \
--principal '*' \
--region ${{ matrix.region }} \
--action lambda:GetLayerVersion