Merge pull request #31 from qpre/patch-1 #155
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
permissions: | |
id-token: write | |
contents: read | |
on: | |
pull_request: | |
branches: | |
- main | |
push: | |
branches: | |
- main | |
tags: | |
- "v*" | |
env: | |
GOVERSION: "1.18" | |
jobs: | |
lint: | |
name: Lint | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-go@v3 | |
with: | |
go-version: ${{ env.GOVERSION }} | |
- uses: golangci/golangci-lint-action@v3 | |
test: | |
name: Test | |
runs-on: ubuntu-latest | |
needs: | |
- lint | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-go@v3 | |
with: | |
go-version: ${{ env.GOVERSION }} | |
- name: unit tests | |
run: make test | |
build: | |
name: Build | |
runs-on: ubuntu-latest | |
needs: | |
- lint | |
strategy: | |
matrix: | |
architecture: | |
- amd64 | |
- arm64 | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-go@v3 | |
with: | |
go-version: ${{ env.GOVERSION }} | |
- name: build the binary ${{ matrix.architecture }} | |
run: GOARCH=${{ matrix.architecture }} make build | |
publish: | |
name: Publish ${{ matrix.architecture }} binary in ${{ matrix.region }} in Development AWS Account | |
runs-on: ubuntu-latest | |
if: github.repository_owner == 'axiomhq' && github.ref == 'refs/heads/main' | |
needs: | |
- build | |
strategy: | |
matrix: | |
architecture: | |
- amd64 | |
- arm64 | |
region: | |
- eu-west-1 | |
- us-east-1 | |
- us-east-2 | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-go@v3 | |
with: | |
go-version: ${{ env.GOVERSION }} | |
- name: Package the binary | |
run: GOARCH=${{ matrix.architecture }} make package | |
- uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
role-to-assume: ${{ secrets.AWS_DEV_IAM_ROLE }} | |
role-session-name: lambda_extension | |
aws-region: ${{ matrix.region }} | |
- name: Publish Lambda ${{ matrix.architecture }} layer to ${{ matrix.region }} | |
run: | | |
ARCH=${{ matrix.architecture }} | |
if [[ $ARCH == "amd64" ]]; then | |
ARCH=x86_64 | |
fi | |
# Publish Lambda layer | |
LAYER_VERSION=$(aws lambda publish-layer-version \ | |
--layer-name axiom-extension-$ARCH \ | |
--region ${{ matrix.region }} \ | |
--description 'axiom lambda extension to push lambda logs to https://axiom.co' \ | |
--compatible-architectures $ARCH \ | |
--zip-file "fileb://bin/extension.zip" --output json | jq .Version) | |
# THIS make the lambda layer only accessible by the Axiom AWS organization | |
aws lambda add-layer-version-permission \ | |
--layer-name axiom-extension-$ARCH \ | |
--version-number $LAYER_VERSION \ | |
--statement-id axiomOrg \ | |
--principal '*' \ | |
--organization-id ${{ secrets.AWS_ORGANIZATION_ID }} \ | |
--region ${{ matrix.region }} \ | |
--action lambda:GetLayerVersion | |
deploy_latest_layer_dev: | |
name: Deploy Latest Layer in Development Query Lambda | |
runs-on: ubuntu-latest | |
if: github.repository_owner == 'axiomhq' && github.ref == 'refs/heads/main' | |
needs: | |
- publish | |
steps: | |
- uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
role-to-assume: ${{ secrets.AWS_DEV_IAM_ROLE }} | |
role-session-name: lambda_extension | |
aws-region: eu-west-1 | |
- name: Update DB query with the latest layer version | |
run: | | |
# get Latest Layer version | |
LATEST_LAYER_ARN=$(aws lambda list-layer-versions \ | |
--layer-name axiom-extension-arm64 \ | |
--query 'LayerVersions[0].LayerVersionArn' | tr -d '"' ) | |
# Update DB Query function with the latest version | |
aws lambda update-function-configuration \ | |
--function-name db-query-function-5k4h7 \ | |
--layers $LATEST_LAYER_ARN | |
publish_to_production: | |
name: Publish ${{ matrix.architecture }} binary in ${{ matrix.region }} in Production AWS Account | |
runs-on: ubuntu-latest | |
if: github.repository_owner == 'axiomhq' && startsWith(github.ref, 'refs/tags') # Only on tags | |
needs: | |
- build | |
strategy: | |
fail-fast: false | |
matrix: | |
architecture: | |
- amd64 | |
- arm64 | |
region: | |
- us-east-2 | |
- us-east-1 | |
- us-west-1 | |
- us-west-2 | |
- af-south-1 | |
- ap-east-1 | |
- ap-south-2 | |
- ap-southeast-3 | |
- ap-southeast-4 | |
- ap-south-1 | |
- ap-northeast-3 | |
- ap-northeast-2 | |
- ap-southeast-1 | |
- ap-southeast-2 | |
- ap-northeast-1 | |
- ca-central-1 | |
- ca-west-1 | |
- eu-central-1 | |
- eu-west-1 | |
- eu-west-2 | |
- eu-south-1 | |
- eu-west-3 | |
- eu-south-2 | |
- eu-north-1 | |
- eu-central-2 | |
- il-central-1 | |
- me-south-1 | |
- me-central-1 | |
- sa-east-1 | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-go@v3 | |
with: | |
go-version: ${{ env.GOVERSION }} | |
- name: Package the binary | |
run: GOARCH=${{ matrix.architecture }} make package | |
- uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
role-to-assume: ${{ secrets.AWS_PROD_IAM_ROLE }} | |
role-session-name: lambda_extension | |
aws-region: ${{ matrix.region }} | |
- name: Publish Lambda ${{ matrix.architecture }} layer to ${{ matrix.region }} | |
run: | | |
ARCH=${{ matrix.architecture }} | |
if [[ $ARCH == "amd64" ]]; then | |
ARCH=x86_64 | |
fi | |
# Publish Lambda layer | |
LAYER_VERSION=$(aws lambda publish-layer-version \ | |
--layer-name axiom-extension-$ARCH \ | |
--region ${{ matrix.region }} \ | |
--description 'axiom lambda extension to push lambda logs to https://axiom.co' \ | |
--compatible-architectures $ARCH \ | |
--zip-file "fileb://bin/extension.zip" --output json | jq .Version) | |
# THIS makes the lambda layer public | |
aws lambda add-layer-version-permission \ | |
--layer-name axiom-extension-$ARCH \ | |
--version-number $LAYER_VERSION \ | |
--statement-id allOrgs \ | |
--principal '*' \ | |
--region ${{ matrix.region }} \ | |
--action lambda:GetLayerVersion |