Release Lambda layer #3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release Lambda layer | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| version: | |
| description: The version to tag the lambda release with, e.g., 1.2.0 | |
| required: true | |
| aws_region: | |
| description: 'Deploy to aws regions' | |
| required: true | |
| default: 'us-east-1' | |
| env: | |
| COMMERCIAL_REGIONS: us-east-1 | |
| LAYER_NAME: AWSOpenTelemetryDistroPython | |
| permissions: | |
| id-token: write | |
| contents: write | |
| jobs: | |
| build-layer: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| aws_regions_json: ${{ steps.set-matrix.outputs.aws_regions_json }} | |
| steps: | |
| - name: Set up regions matrix | |
| id: set-matrix | |
| run: | | |
| IFS=',' read -ra REGIONS <<< "${{ github.event.inputs.aws_region }}" | |
| MATRIX="[" | |
| for region in "${REGIONS[@]}"; do | |
| trimmed_region=$(echo "$region" | xargs) | |
| MATRIX+="\"$trimmed_region\"," | |
| done | |
| MATRIX="${MATRIX%,}]" | |
| echo ${MATRIX} | |
| echo "aws_regions_json=${MATRIX}" >> $GITHUB_OUTPUT | |
| - name: Checkout Repo @ SHA - ${{ github.sha }} | |
| uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.x' | |
| - name: Build layers | |
| working-directory: lambda-layer/src | |
| run: | | |
| ./build-lambda-layer.sh | |
| pip install tox | |
| tox | |
| - name: upload layer | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: layer.zip | |
| path: lambda-layer/src/build/aws-opentelemetry-python-layer.zip | |
| publish-prod: | |
| runs-on: ubuntu-latest | |
| needs: build-layer | |
| strategy: | |
| matrix: | |
| aws_region: ${{ fromJson(needs.build-layer.outputs.aws_regions_json) }} | |
| steps: | |
| - name: role arn | |
| env: | |
| COMMERCIAL_REGIONS: ${{ env.COMMERCIAL_REGIONS }} | |
| run: | | |
| COMMERCIAL_REGIONS_ARRAY=(${COMMERCIAL_REGIONS//,/ }) | |
| FOUND=false | |
| for REGION in "${COMMERCIAL_REGIONS_ARRAY[@]}"; do | |
| if [[ "$REGION" == "${{ matrix.aws_region }}" ]]; then | |
| FOUND=true | |
| break | |
| fi | |
| done | |
| if [ "$FOUND" = true ]; then | |
| echo "Found ${{ matrix.aws_region }} in COMMERCIAL_REGIONS" | |
| SECRET_KEY="LAMBDA_LAYER_RELEASE" | |
| else | |
| echo "Not found ${{ matrix.aws_region }} in COMMERCIAL_REGIONS" | |
| SECRET_KEY="${{ matrix.aws_region }}_LAMBDA_LAYER_RELEASE" | |
| fi | |
| SECRET_KEY=${SECRET_KEY//-/_} | |
| echo "SECRET_KEY=${SECRET_KEY}" >> $GITHUB_ENV | |
| - uses: aws-actions/configure-aws-credentials@v4.0.2 | |
| with: | |
| role-to-assume: ${{ secrets[env.SECRET_KEY] }} | |
| role-duration-seconds: 1200 | |
| aws-region: ${{ matrix.aws_region }} | |
| - name: Get s3 bucket name for release | |
| run: | | |
| echo BUCKET_NAME=python-lambda-layer-${{ github.run_id }}-${{ matrix.aws_region }} | tee --append $GITHUB_ENV | |
| - name: download layer.zip | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: layer.zip | |
| - name: publish | |
| run: | | |
| aws s3 mb s3://${{ env.BUCKET_NAME }} | |
| aws s3 cp aws-opentelemetry-python-layer.zip s3://${{ env.BUCKET_NAME }} | |
| layerARN=$( | |
| aws lambda publish-layer-version \ | |
| --layer-name ${{ env.LAYER_NAME }} \ | |
| --content S3Bucket=${{ env.BUCKET_NAME }},S3Key=aws-opentelemetry-python-layer.zip \ | |
| --compatible-runtimes python3.10 python3.11 python3.12 python3.13 \ | |
| --compatible-architectures "arm64" "x86_64" \ | |
| --license-info "Apache-2.0" \ | |
| --description "AWS Distro of OpenTelemetry Lambda Layer for Python Runtime" \ | |
| --query 'LayerVersionArn' \ | |
| --output text | |
| ) | |
| echo $layerARN | |
| echo "LAYER_ARN=${layerARN}" >> $GITHUB_ENV | |
| mkdir ${{ env.LAYER_NAME }} | |
| echo $layerARN > ${{ env.LAYER_NAME }}/${{ matrix.aws_region }} | |
| cat ${{ env.LAYER_NAME }}/${{ matrix.aws_region }} | |
| - name: public layer | |
| run: | | |
| layerVersion=$( | |
| aws lambda list-layer-versions \ | |
| --layer-name ${{ env.LAYER_NAME }} \ | |
| --query 'max_by(LayerVersions, &Version).Version' | |
| ) | |
| aws lambda add-layer-version-permission \ | |
| --layer-name ${{ env.LAYER_NAME }} \ | |
| --version-number $layerVersion \ | |
| --principal "*" \ | |
| --statement-id publish \ | |
| --action lambda:GetLayerVersion | |
| - name: upload layer arn artifact | |
| if: ${{ success() }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ env.LAYER_NAME }} | |
| path: ${{ env.LAYER_NAME }}/${{ matrix.aws_region }} | |
| - name: clean s3 | |
| if: always() | |
| run: | | |
| aws s3 rb --force s3://${{ env.BUCKET_NAME }} | |
| generate-release-note: | |
| runs-on: ubuntu-latest | |
| needs: publish-prod | |
| steps: | |
| - name: Checkout Repo @ SHA - ${{ github.sha }} | |
| uses: actions/checkout@v4 | |
| - uses: hashicorp/setup-terraform@v2 | |
| - name: download layerARNs | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: ${{ env.LAYER_NAME }} | |
| path: ${{ env.LAYER_NAME }} | |
| - name: show layerARNs | |
| run: | | |
| for file in ${{ env.LAYER_NAME }}/* | |
| do | |
| echo $file | |
| cat $file | |
| done | |
| - name: generate layer-note | |
| working-directory: ${{ env.LAYER_NAME }} | |
| run: | | |
| echo "| Region | Layer ARN |" >> ../layer-note | |
| echo "| ---- | ---- |" >> ../layer-note | |
| for file in * | |
| do | |
| read arn < $file | |
| echo "| " $file " | " $arn " |" >> ../layer-note | |
| done | |
| cd .. | |
| cat layer-note | |
| - name: generate tf layer | |
| working-directory: ${{ env.LAYER_NAME }} | |
| run: | | |
| echo "locals {" >> ../layer.tf | |
| echo " sdk_layer_arns = {" >> ../layer.tf | |
| for file in * | |
| do | |
| read arn < $file | |
| echo " \""$file"\" = \""$arn"\"" >> ../layer.tf | |
| done | |
| cd .. | |
| echo " }" >> layer.tf | |
| echo "}" >> layer.tf | |
| terraform fmt layer.tf | |
| cat layer.tf | |
| - name: upload layer tf file | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: layer.tf | |
| path: layer.tf | |
| - name: Create Release Notes | |
| run: | | |
| echo "AWS OpenTelemetry Lambda Layer for Python version ${{ github.event.inputs.version }}" > release_notes.md | |
| echo "" >> release_notes.md | |
| echo "" >> release_notes.md | |
| echo "## See new Lambda Layer ARNs" >> release_notes.md | |
| echo "" | |
| echo "https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Application-Signals-Enable-Lambda.html#Application-Signals-Enable-Lambda-Methods" | |
| echo "" >> release_notes.md | |
| echo "Notes:" >> release_notes.md | |
| - name: Create GH release | |
| id: create_release | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token | |
| run: | | |
| gh release create --target "$GITHUB_REF_NAME" \ | |
| --title "Release lambda-v${{ github.event.inputs.version }}" \ | |
| --notes-file release_notes.md \ | |
| --draft \ | |
| "lambda-v${{ github.event.inputs.version }}" \ | |
| layer.tf | |
| rm -f release_notes.md |