Release Lambda layer #9
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release Lambda layer | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| version: | |
| description: The version to tag the lambda release with (should be the same as the current ADOT JavaScript SDK version, e.g., 0.6.0) | |
| required: true | |
| aws_region: | |
| description: 'Deploy to aws regions' | |
| required: true | |
| default: 'us-east-1, us-east-2, us-west-1, us-west-2, ap-south-1, ap-northeast-3, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-northeast-1, ca-central-1, eu-central-1, eu-west-1, eu-west-2, eu-west-3, eu-north-1, sa-east-1, af-south-1, ap-east-1, ap-south-2, ap-southeast-3, ap-southeast-4, eu-central-2, eu-south-1, eu-south-2, il-central-1, me-central-1, me-south-1' | |
| env: | |
| AWS_REGIONS: ${{ github.event.inputs.aws_region }} | |
| COMMERCIAL_REGIONS: us-east-1, us-east-2, us-west-1, us-west-2, ap-south-1, ap-northeast-3, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-northeast-1, ca-central-1, eu-central-1, eu-west-1, eu-west-2, eu-west-3, eu-north-1, sa-east-1 | |
| LAYER_NAME: AWSOpenTelemetryDistroJs | |
| permissions: | |
| id-token: write | |
| contents: write | |
| jobs: | |
| build-layer: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| aws_regions_json: ${{ steps.set-matrix.outputs.aws_regions_json }} | |
| steps: | |
| - name: Set up regions matrix | |
| id: set-matrix | |
| run: | | |
| IFS=',' read -ra REGIONS <<< "${{ env.AWS_REGIONS }}" | |
| MATRIX="[" | |
| for region in "${REGIONS[@]}"; do | |
| trimmed_region=$(echo "$region" | xargs) | |
| MATRIX+="\"$trimmed_region\"," | |
| done | |
| MATRIX="${MATRIX%,}]" | |
| echo ${MATRIX} | |
| echo "aws_regions_json=${MATRIX}" >> $GITHUB_OUTPUT | |
| - name: Checkout Repo @ SHA - ${{ github.sha }} | |
| uses: actions/checkout@v4 | |
| - name: Setup Node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| - name: NPM Clean Install | |
| # https://docs.npmjs.com/cli/v10/commands/npm-ci | |
| run: npm ci | |
| - name: Compile all NPM projects | |
| run: npm run compile | |
| - name: Build Lambda Layer | |
| run: npm run build-lambda | |
| - name: upload layer | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: layer.zip | |
| path: lambda-layer/packages/layer/build/layer.zip | |
| publish-prod: | |
| runs-on: ubuntu-latest | |
| needs: build-layer | |
| strategy: | |
| matrix: | |
| aws_region: ${{ fromJson(needs.build-layer.outputs.aws_regions_json) }} | |
| steps: | |
| - name: role arn | |
| env: | |
| COMMERCIAL_REGIONS: ${{ env.COMMERCIAL_REGIONS }} | |
| run: | | |
| COMMERCIAL_REGIONS_ARRAY=(${COMMERCIAL_REGIONS//,/ }) | |
| FOUND=false | |
| for REGION in "${COMMERCIAL_REGIONS_ARRAY[@]}"; do | |
| if [[ "$REGION" == "${{ matrix.aws_region }}" ]]; then | |
| FOUND=true | |
| break | |
| fi | |
| done | |
| if [ "$FOUND" = true ]; then | |
| echo "Found ${{ matrix.aws_region }} in COMMERCIAL_REGIONS" | |
| SECRET_KEY="LAMBDA_LAYER_RELEASE" | |
| else | |
| echo "Not found ${{ matrix.aws_region }} in COMMERCIAL_REGIONS" | |
| SECRET_KEY="${{ matrix.aws_region }}_LAMBDA_LAYER_RELEASE" | |
| fi | |
| SECRET_KEY=${SECRET_KEY//-/_} | |
| echo "SECRET_KEY=${SECRET_KEY}" >> $GITHUB_ENV | |
| - uses: aws-actions/configure-aws-credentials@v4.0.2 | |
| with: | |
| role-to-assume: ${{ secrets[env.SECRET_KEY] }} | |
| role-duration-seconds: 1200 | |
| aws-region: ${{ matrix.aws_region }} | |
| - name: Get s3 bucket name for release | |
| run: | | |
| echo BUCKET_NAME=nodejs-lambda-layer-${{ github.run_id }}-${{ matrix.aws_region }} | tee --append $GITHUB_ENV | |
| - name: download layer.zip | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: layer.zip | |
| - name: publish | |
| run: | | |
| aws s3 mb s3://${{ env.BUCKET_NAME }} | |
| aws s3 cp layer.zip s3://${{ env.BUCKET_NAME }} | |
| layerARN=$( | |
| aws lambda publish-layer-version \ | |
| --layer-name ${{ env.LAYER_NAME }} \ | |
| --content S3Bucket=${{ env.BUCKET_NAME }},S3Key=layer.zip \ | |
| --compatible-runtimes nodejs18.x nodejs20.x nodejs22.x \ | |
| --compatible-architectures "arm64" "x86_64" \ | |
| --license-info "Apache-2.0" \ | |
| --description "AWS Distro of OpenTelemetry Lambda Layer for NodeJs Runtime" \ | |
| --query 'LayerVersionArn' \ | |
| --output text | |
| ) | |
| echo $layerARN | |
| echo "LAYER_ARN=${layerARN}" >> $GITHUB_ENV | |
| mkdir ${{ env.LAYER_NAME }} | |
| echo $layerARN > ${{ env.LAYER_NAME }}/${{ matrix.aws_region }} | |
| cat ${{ env.LAYER_NAME }}/${{ matrix.aws_region }} | |
| - name: public layer | |
| run: | | |
| layerVersion=$( | |
| aws lambda list-layer-versions \ | |
| --layer-name ${{ env.LAYER_NAME }} \ | |
| --query 'max_by(LayerVersions, &Version).Version' | |
| ) | |
| aws lambda add-layer-version-permission \ | |
| --layer-name ${{ env.LAYER_NAME }} \ | |
| --version-number $layerVersion \ | |
| --principal "*" \ | |
| --statement-id publish \ | |
| --action lambda:GetLayerVersion | |
| - name: upload layer arn artifact | |
| if: ${{ success() }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ env.LAYER_NAME }}-${{ matrix.aws_region }} | |
| path: ${{ env.LAYER_NAME }}/${{ matrix.aws_region }} | |
| - name: clean s3 | |
| if: always() | |
| run: | | |
| aws s3 rb --force s3://${{ env.BUCKET_NAME }} | |
| generate-release-note: | |
| runs-on: ubuntu-latest | |
| needs: publish-prod | |
| steps: | |
| - name: Checkout Repo @ SHA - ${{ github.sha }} | |
| uses: actions/checkout@v4 | |
| - uses: hashicorp/setup-terraform@v2 | |
| - name: download layerARNs | |
| uses: actions/download-artifact@v4 | |
| with: | |
| pattern: ${{ env.LAYER_NAME }}-* | |
| path: ${{ env.LAYER_NAME }} | |
| merge-multiple: true | |
| - name: show layerARNs | |
| run: | | |
| for file in ${{ env.LAYER_NAME }}/* | |
| do | |
| echo $file | |
| cat $file | |
| done | |
| - name: generate layer-note | |
| working-directory: ${{ env.LAYER_NAME }} | |
| run: | | |
| echo "| Region | Layer ARN |" >> ../layer-note | |
| echo "| ---- | ---- |" >> ../layer-note | |
| for file in * | |
| do | |
| read arn < $file | |
| echo "| " $file " | " $arn " |" >> ../layer-note | |
| done | |
| cd .. | |
| cat layer-note | |
| - name: generate tf layer | |
| working-directory: ${{ env.LAYER_NAME }} | |
| run: | | |
| echo "locals {" >> ../layer_arns.tf | |
| echo " sdk_layer_arns = {" >> ../layer_arns.tf | |
| for file in * | |
| do | |
| read arn < $file | |
| echo " \""$file"\" = \""$arn"\"" >> ../layer_arns.tf | |
| done | |
| cd .. | |
| echo " }" >> layer_arns.tf | |
| echo "}" >> layer_arns.tf | |
| terraform fmt layer_arns.tf | |
| cat layer_arns.tf | |
| - name: download layer.zip | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: layer.zip | |
| - name: Get commit hash | |
| id: commit | |
| run: | | |
| echo "sha_short=$(echo $GITHUB_SHA | cut -c1-7)" >> $GITHUB_OUTPUT | |
| - name: Create Release Notes | |
| run: | | |
| echo "AWS OpenTelemetry Lambda Layer for JavaScript version ${{ github.event.inputs.version }}-${{ steps.commit.outputs.sha_short }}" > release_notes.md | |
| echo "" >> release_notes.md | |
| echo "Lambda Layer ARNs:" >> release_notes.md | |
| echo "" >> release_notes.md | |
| cat layer-note >> release_notes.md | |
| echo "" >> release_notes.md | |
| echo "Notes:" >> release_notes.md | |
| - name: Create GH release | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| gh release create \ | |
| --target "$GITHUB_REF_NAME" \ | |
| --title "Release lambda-v${{ github.event.inputs.version }}-${{ steps.commit.outputs.sha_short }}" \ | |
| --notes-file release_notes.md \ | |
| --draft \ | |
| "lambda-v${{ github.event.inputs.version }}-${{ steps.commit.outputs.sha_short }}" \ | |
| layer_arns.tf layer.zip | |
| echo Removing release_notes.md ... | |
| rm -f release_notes.md | |
| - name: Upload layer.zip and SHA-256 checksum to SDK Release Notes (tagged with latest) | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| LATEST_SDK_VERSION=$(gh release list --repo "aws-observability/aws-otel-js-instrumentation" --json tagName,isLatest -q 'map(select(.isLatest==true)) | .[0].tagName') | |
| # Generate SHA-256 checksum for layer.zip | |
| shasum -a 256 layer.zip > layer.zip.sha256 | |
| # Upload layer.zip and its checksum to the latest SDK release note | |
| gh release upload "$LATEST_SDK_VERSION" layer.zip layer.zip.sha256 --repo "aws-observability/aws-otel-js-instrumentation" --clobber | |
| echo "✅ layer.zip successfully uploaded to $LATEST_SDK_VERSION in the upstream repo!" |