Optimize GitHub Actions workflow #690
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Pipeline | |
on: | |
push: | |
branches: | |
- main | |
paths-ignore: | |
- "docs" | |
- "examples" | |
pull_request: | |
branches: | |
- main | |
paths-ignore: | |
- "docs" | |
- "examples" | |
release: | |
types: | |
- released | |
env: | |
CARGO_TERM_COLOR: always | |
PIPELINE_USER_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
PIPELINE_USER_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
PIPELINE_CN_USER_ACCESS_KEY_ID: ${{ secrets.AWS_CN_ACCESS_KEY_ID }} | |
PIPELINE_CN_USER_SECRET_ACCESS_KEY: ${{ secrets.AWS_CN_SECRET_ACCESS_KEY }} | |
SAM_TEMPLATE_X86_64: template-x86_64.yaml | |
SAM_TEMPLATE_ARM64: template-arm64.yaml | |
BETA_STACK_NAME: lambda-adapter-beta | |
BETA_PIPELINE_EXECUTION_ROLE: arn:aws:iam::477159140107:role/aws-sam-cli-managed-beta-pip-PipelineExecutionRole-13NXRWTRTHDCJ | |
BETA_CLOUDFORMATION_EXECUTION_ROLE: arn:aws:iam::477159140107:role/aws-sam-cli-managed-beta-CloudFormationExecutionR-132I77VBFOWQ2 | |
BETA_ARTIFACTS_BUCKET: aws-sam-cli-managed-beta-pipeline-artifactsbucket-889nlo0z1nt0 | |
BETA_IMAGE_REPOSITORY: 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com/aws-sam-cli-managed-beta-pipeline-resources-imagerepository-0hbn3hxi9pcm | |
BETA_REGION: ap-northeast-1 | |
PROD_ECR_PIPELINE_EXECUTION_ROLE: arn:aws:iam::373534280245:role/aws-sam-cli-managed-prod-ecr-PipelineExecutionRole-12FE9QIHNFYOI | |
PROD_ECR_CLOUDFORMATION_EXECUTION_ROLE: arn:aws:iam::373534280245:role/aws-sam-cli-managed-prod-CloudFormationExecutionR-RDUT9EAJJ1ZN | |
PROD_ARTIFACTS_BUCKET: aws-sam-cli-managed-prod-ecr-pipe-artifactsbucket-1mjporc66dkgn | |
PROD_IMAGE_REPOSITORY: 373534280245.dkr.ecr.us-east-1.amazonaws.com/aws-sam-cli-managed-prod-ecr-pipeline-resources-imagerepository-fhpoty0tapro | |
PROD_ECR_REGION: us-east-1 | |
RUST_BACKTRACE: full | |
SCCACHE_GHA_ENABLED: "true" | |
RUSTC_WRAPPER: "sccache" | |
CARGO_INCREMENTAL: 0 | |
jobs: | |
test: | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@v3 | |
- name: Install stable toolchain | |
uses: dtolnay/rust-toolchain@stable | |
with: | |
components: clippy, rustfmt | |
targets: x86_64-unknown-linux-musl,aarch64-unknown-linux-musl | |
- uses: korandoru/setup-zig@v1 | |
with: | |
zig-version: 0.11.0 | |
- name: Configure cache | |
uses: mozilla-actions/[email protected] | |
- uses: taiki-e/install-action@nextest | |
- name: linting | |
run: | | |
cargo fmt --all -- --check | |
cargo clippy -- -Dwarnings | |
- name: run unit and integration tests | |
run: cargo nextest run --profile ci | |
build: | |
needs: [test] | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: "3.8" | |
- uses: aws-actions/setup-sam@v2 | |
- name: Install stable toolchain | |
uses: dtolnay/rust-toolchain@stable | |
with: | |
targets: x86_64-unknown-linux-musl,aarch64-unknown-linux-musl | |
- uses: korandoru/setup-zig@v1 | |
with: | |
zig-version: 0.11.0 | |
- name: Configure cache | |
uses: mozilla-actions/[email protected] | |
- name: Add cargo pkg version to env vars | |
run: | | |
echo "CARGO_PKG_VERSION=$(cargo metadata --no-deps --format-version=1 | jq -r '.packages[0].version')" >> $GITHUB_ENV | |
- name: Build x86_64 Layer | |
run: sam build --template ${SAM_TEMPLATE_X86_64} --parameter-overrides CargoPkgVersion=${CARGO_PKG_VERSION} -b build-x86_64 | |
- name: Tar files | |
run: tar -cvf build-x86_64.tar build-x86_64 | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: aws-sam-build-x86_64 | |
path: build-x86_64.tar | |
- name: Build arm64 Layer | |
run: sam build --template ${SAM_TEMPLATE_ARM64} --parameter-overrides CargoPkgVersion=${CARGO_PKG_VERSION} -b build-arm64 | |
- name: Tar files | |
run: tar -cvf build-arm64.tar build-arm64 | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: aws-sam-build-arm64 | |
path: build-arm64.tar | |
package-beta: | |
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }} | |
needs: [ build ] | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: "3.8" | |
- uses: aws-actions/setup-sam@v2 | |
- name: Assume the beta pipeline user role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-access-key-id: ${{ env.PIPELINE_USER_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ env.PIPELINE_USER_SECRET_ACCESS_KEY }} | |
aws-region: ${{ env.BETA_REGION }} | |
role-to-assume: ${{ env.BETA_PIPELINE_EXECUTION_ROLE }} | |
role-session-name: beta-packaging | |
role-duration-seconds: 3600 | |
role-skip-session-tagging: true | |
- uses: actions/download-artifact@v3 | |
with: | |
name: aws-sam-build-x86_64 | |
- name: extract build_x86_64 | |
run: | | |
tar -xvf build-x86_64.tar | |
- name: Upload x86_64 layer to beta artifact buckets | |
run: | | |
sam package \ | |
--template build-x86_64/template.yaml \ | |
--s3-bucket ${BETA_ARTIFACTS_BUCKET} \ | |
--image-repository ${BETA_IMAGE_REPOSITORY} \ | |
--region ${BETA_REGION} \ | |
--output-template-file packaged-beta-x86_64.yaml | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: packaged-beta-x86_64.yaml | |
path: packaged-beta-x86_64.yaml | |
- uses: actions/download-artifact@v3 | |
with: | |
name: aws-sam-build-arm64 | |
- name: extract build_arm64 | |
run: | | |
tar -xvf build-arm64.tar | |
- name: Upload arm64 layer to beta artifact buckets | |
run: | | |
sam package \ | |
--template build-arm64/template.yaml \ | |
--s3-bucket ${BETA_ARTIFACTS_BUCKET} \ | |
--image-repository ${BETA_IMAGE_REPOSITORY} \ | |
--region ${BETA_REGION} \ | |
--output-template-file packaged-beta-arm64.yaml | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: packaged-beta-arm64.yaml | |
path: packaged-beta-arm64.yaml | |
- name: Create and push the x86_64 docker image to beta ecr repo | |
run: | | |
tar -c -C build-x86_64/LambdaAdapterLayerX86/extensions . | docker import --platform linux/amd64 - 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com/awsguru/aws-lambda-adapter:latest-x86_64 | |
aws ecr get-login-password --region ap-northeast-1 | docker login --username AWS --password-stdin 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com | |
docker push 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com/awsguru/aws-lambda-adapter:latest-x86_64 | |
- name: Create and push the arm64 docker image to beta ecr repo | |
run: | | |
tar -c -C build-arm64/LambdaAdapterLayerArm64/extensions . | docker import --platform linux/arm64 - 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com/awsguru/aws-lambda-adapter:latest-aarch64 | |
aws ecr get-login-password --region ap-northeast-1 | docker login --username AWS --password-stdin 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com | |
docker push 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com/awsguru/aws-lambda-adapter:latest-aarch64 | |
- name: create and push the multi-arch manifest to beta ecr repo | |
run: | | |
docker manifest create 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com/awsguru/aws-lambda-adapter:latest \ | |
477159140107.dkr.ecr.ap-northeast-1.amazonaws.com/awsguru/aws-lambda-adapter:latest-x86_64 \ | |
477159140107.dkr.ecr.ap-northeast-1.amazonaws.com/awsguru/aws-lambda-adapter:latest-aarch64 | |
docker manifest push 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com/awsguru/aws-lambda-adapter:latest | |
deploy-beta: | |
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }} | |
needs: [package-beta] | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: "3.8" | |
- uses: aws-actions/setup-sam@v2 | |
- name: Assume the beta pipeline user role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-access-key-id: ${{ env.PIPELINE_USER_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ env.PIPELINE_USER_SECRET_ACCESS_KEY }} | |
aws-region: ${{ env.BETA_REGION }} | |
role-to-assume: ${{ env.BETA_PIPELINE_EXECUTION_ROLE }} | |
role-session-name: beta-deployment | |
role-duration-seconds: 3600 | |
role-skip-session-tagging: true | |
- uses: actions/download-artifact@v3 | |
with: | |
name: packaged-beta-x86_64.yaml | |
- name: Deploy x86_64 layer to beta account | |
run: | | |
sam deploy --stack-name ${BETA_STACK_NAME}-x86 \ | |
--template packaged-beta-x86_64.yaml \ | |
--parameter-overrides CargoPkgVersion=${CARGO_PKG_VERSION} \ | |
--capabilities CAPABILITY_IAM \ | |
--region ${BETA_REGION} \ | |
--s3-bucket ${BETA_ARTIFACTS_BUCKET} \ | |
--image-repository ${BETA_IMAGE_REPOSITORY} \ | |
--no-fail-on-empty-changeset \ | |
--role-arn ${BETA_CLOUDFORMATION_EXECUTION_ROLE} | |
- uses: actions/download-artifact@v3 | |
with: | |
name: packaged-beta-arm64.yaml | |
- name: Deploy arm64 layer to beta account | |
run: | | |
sam deploy --stack-name ${BETA_STACK_NAME}-arm64 \ | |
--template packaged-beta-arm64.yaml \ | |
--parameter-overrides CargoPkgVersion=${CARGO_PKG_VERSION} \ | |
--capabilities CAPABILITY_IAM \ | |
--region ${BETA_REGION} \ | |
--s3-bucket ${BETA_ARTIFACTS_BUCKET} \ | |
--image-repository ${BETA_IMAGE_REPOSITORY} \ | |
--no-fail-on-empty-changeset \ | |
--role-arn ${BETA_CLOUDFORMATION_EXECUTION_ROLE} | |
e2e-test-zip: | |
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }} | |
needs: [deploy-beta] | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Install stable toolchain | |
uses: dtolnay/rust-toolchain@stable | |
with: | |
components: clippy, rustfmt | |
targets: x86_64-unknown-linux-musl | |
- uses: korandoru/setup-zig@v1 | |
with: | |
zig-version: 0.11.0 | |
- name: Configure cache | |
uses: mozilla-actions/[email protected] | |
- uses: taiki-e/install-action@nextest | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: "3.8" | |
- uses: aws-actions/setup-sam@v2 | |
- name: Assume the beta pipeline user role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-access-key-id: ${{ env.PIPELINE_USER_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ env.PIPELINE_USER_SECRET_ACCESS_KEY }} | |
aws-region: ${{ env.BETA_REGION }} | |
role-to-assume: ${{ env.BETA_PIPELINE_EXECUTION_ROLE }} | |
role-session-name: beta-deployment | |
role-duration-seconds: 3600 | |
role-skip-session-tagging: true | |
- name: deploy the zip x86 integration test stacks for the beta environment | |
working-directory: ./tests/e2e_tests/fixtures/go-httpbin-zip | |
run: | | |
sam build | |
sam deploy --stack-name ${BETA_STACK_NAME}-zip-x86 \ | |
--capabilities CAPABILITY_IAM \ | |
--region ${BETA_REGION} \ | |
--s3-bucket ${BETA_ARTIFACTS_BUCKET} \ | |
--image-repository ${BETA_IMAGE_REPOSITORY} \ | |
--no-fail-on-empty-changeset \ | |
--role-arn ${BETA_CLOUDFORMATION_EXECUTION_ROLE} | |
- uses: dkershner6/aws-ssm-getparameters-action@v1 | |
with: | |
parameterPairs: "/lambda-web-adapter/e2e/httpbin/zip/rest-api-endpoint = HTTPBIN_ZIP_REST_ENDPOINT, | |
/lambda-web-adapter/e2e/httpbin/zip/http-api-endpoint = HTTPBIN_ZIP_HTTP_ENDPOINT, | |
/lambda-web-adapter/e2e/httpbin/zip/alb-endpoint = HTTPBIN_ZIP_ALB_ENDPOINT, | |
/lambda-web-adapter/e2e/httpbin/zip/function-url = HTTPBIN_ZIP_FURL_ENDPOINT" | |
- name: run e2e tests | |
run: | | |
API_ENDPOINT=${HTTPBIN_ZIP_REST_ENDPOINT} API_AUTH_TYPE="open" cargo nextest run --run-ignored ignored-only --profile ci | |
API_ENDPOINT=${HTTPBIN_ZIP_HTTP_ENDPOINT} API_AUTH_TYPE="open" cargo nextest run --run-ignored ignored-only --profile ci | |
API_ENDPOINT=${HTTPBIN_ZIP_ALB_ENDPOINT} API_AUTH_TYPE="open" cargo nextest run --run-ignored ignored-only --profile ci | |
API_ENDPOINT=${HTTPBIN_ZIP_FURL_ENDPOINT} API_AUTH_TYPE="iam" cargo nextest run --run-ignored ignored-only --profile ci | |
- name: remove the zip x86 integration test stacks | |
working-directory: ./tests/e2e_tests/fixtures/go-httpbin-zip | |
run: | | |
sam delete --no-prompts --region ${BETA_REGION} --stack-name ${BETA_STACK_NAME}-zip-x86 | |
e2e-test-oci: | |
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }} | |
needs: [deploy-beta] | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Install stable toolchain | |
uses: dtolnay/rust-toolchain@stable | |
with: | |
components: clippy, rustfmt | |
targets: x86_64-unknown-linux-musl | |
- uses: korandoru/setup-zig@v1 | |
with: | |
zig-version: 0.11.0 | |
- name: Configure cache | |
uses: mozilla-actions/[email protected] | |
- uses: taiki-e/install-action@nextest | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: "3.8" | |
- uses: aws-actions/setup-sam@v2 | |
- name: Assume the beta pipeline user role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-access-key-id: ${{ env.PIPELINE_USER_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ env.PIPELINE_USER_SECRET_ACCESS_KEY }} | |
aws-region: ${{ env.BETA_REGION }} | |
role-to-assume: ${{ env.BETA_PIPELINE_EXECUTION_ROLE }} | |
role-session-name: beta-deployment | |
role-duration-seconds: 3600 | |
role-skip-session-tagging: true | |
- name: deploy the oci x86 integration test stacks for the beta environment | |
working-directory: ./tests/e2e_tests/fixtures/go-httpbin | |
run: | | |
aws ecr get-login-password --region ap-northeast-1 | docker login --username AWS --password-stdin 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com | |
sam build | |
sam deploy --stack-name ${BETA_STACK_NAME}-oci-x86 \ | |
--capabilities CAPABILITY_IAM \ | |
--region ${BETA_REGION} \ | |
--s3-bucket ${BETA_ARTIFACTS_BUCKET} \ | |
--image-repository ${BETA_IMAGE_REPOSITORY} \ | |
--no-fail-on-empty-changeset \ | |
--role-arn ${BETA_CLOUDFORMATION_EXECUTION_ROLE} | |
- uses: dkershner6/aws-ssm-getparameters-action@v1 | |
with: | |
parameterPairs: "/lambda-web-adapter/e2e/httpbin/oci/rest-api-endpoint = HTTPBIN_OCI_REST_ENDPOINT, | |
/lambda-web-adapter/e2e/httpbin/oci/http-api-endpoint = HTTPBIN_OCI_HTTP_ENDPOINT, | |
/lambda-web-adapter/e2e/httpbin/oci/alb-endpoint = HTTPBIN_OCI_ALB_ENDPOINT, | |
/lambda-web-adapter/e2e/httpbin/oci/function-url = HTTPBIN_OCI_FURL_ENDPOINT" | |
- name: run e2e tests | |
run: | | |
API_ENDPOINT=${HTTPBIN_OCI_REST_ENDPOINT} API_AUTH_TYPE="open" cargo nextest run --run-ignored ignored-only --profile ci | |
API_ENDPOINT=${HTTPBIN_OCI_HTTP_ENDPOINT} API_AUTH_TYPE="open" cargo nextest run --run-ignored ignored-only --profile ci | |
API_ENDPOINT=${HTTPBIN_OCI_ALB_ENDPOINT} API_AUTH_TYPE="open" cargo nextest run --run-ignored ignored-only --profile ci | |
API_ENDPOINT=${HTTPBIN_OCI_FURL_ENDPOINT} API_AUTH_TYPE="iam" cargo nextest run --run-ignored ignored-only --profile ci | |
- name: remove the oci x86 integration test stacks | |
working-directory: ./tests/e2e_tests/fixtures/go-httpbin | |
run: | | |
sam delete --no-prompts --region ${BETA_REGION} --stack-name ${BETA_STACK_NAME}-oci-x86 | |
load-gamma-matrix: | |
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }} | |
needs: [ e2e-test-zip, e2e-test-oci] | |
runs-on: ubuntu-20.04 | |
outputs: | |
matrix: ${{ steps.set-matrix.outputs.matrix }} | |
steps: | |
- uses: actions/checkout@v3 | |
- id: set-matrix | |
run: echo "matrix={\"include\":$(jq -r tostring .github/workflows/gamma.json)}" >> $GITHUB_OUTPUT | |
load-prod-matrix: | |
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }} | |
needs: [ e2e-test-zip, e2e-test-oci ] | |
runs-on: ubuntu-20.04 | |
outputs: | |
matrix: ${{ steps.set-matrix.outputs.matrix }} | |
steps: | |
- uses: actions/checkout@v3 | |
- id: set-matrix | |
run: echo "matrix={\"include\":$(jq -r tostring .github/workflows/prod.json)}" >> $GITHUB_OUTPUT | |
load-china-prod-matrix: | |
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }} | |
needs: [ e2e-test-zip, e2e-test-oci ] | |
runs-on: ubuntu-20.04 | |
outputs: | |
matrix: ${{ steps.set-matrix.outputs.matrix }} | |
steps: | |
- uses: actions/checkout@v3 | |
- id: set-matrix | |
run: echo "matrix={\"include\":$(jq -r tostring .github/workflows/cn-prod.json)}" >> $GITHUB_OUTPUT | |
load-china-gamma-matrix: | |
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }} | |
needs: [ e2e-test-zip, e2e-test-oci ] | |
runs-on: ubuntu-20.04 | |
outputs: | |
matrix: ${{ steps.set-matrix.outputs.matrix }} | |
steps: | |
- uses: actions/checkout@v3 | |
- id: set-matrix | |
run: echo "matrix={\"include\":$(jq -r tostring .github/workflows/cn-gamma.json)}" >> $GITHUB_OUTPUT | |
package-gamma: | |
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }} | |
needs: [ build, load-gamma-matrix ] | |
runs-on: ubuntu-20.04 | |
strategy: | |
matrix: ${{fromJSON(needs.load-gamma-matrix.outputs.matrix)}} | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: "3.8" | |
- uses: aws-actions/setup-sam@v2 | |
- name: Assume the gamma pipeline user role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-access-key-id: ${{ env.PIPELINE_USER_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ env.PIPELINE_USER_SECRET_ACCESS_KEY }} | |
aws-region: ${{ matrix.region }} | |
role-to-assume: ${{ matrix.pipeline_execution_role }} | |
role-session-name: gamma-packaging | |
role-duration-seconds: 3600 | |
role-skip-session-tagging: true | |
- uses: actions/download-artifact@v3 | |
with: | |
name: aws-sam-build-x86_64 | |
- name: extract build_x86_64 | |
run: | | |
tar -xvf build-x86_64.tar | |
- name: Upload x86_64 layer to gamma artifact buckets | |
run: | | |
sam package \ | |
--template build-x86_64/template.yaml \ | |
--s3-bucket ${{ matrix.artifacts_bucket }} \ | |
--image-repository ${{ matrix.image_repository }} \ | |
--region ${{ matrix.region }} \ | |
--output-template-file packaged-gamma-x86_64-${{ matrix.region }}.yaml | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: packaged-gamma-x86_64-${{ matrix.region }}.yaml | |
path: packaged-gamma-x86_64-${{ matrix.region }}.yaml | |
- uses: actions/download-artifact@v3 | |
with: | |
name: aws-sam-build-arm64 | |
- name: extract build_arm64 | |
run: | | |
tar -xvf build-arm64.tar | |
- name: Upload arm64 layer to gamma artifact buckets | |
run: | | |
sam package \ | |
--template build-arm64/template.yaml \ | |
--s3-bucket ${{ matrix.artifacts_bucket }} \ | |
--image-repository ${{ matrix.image_repository }} \ | |
--region ${{ matrix.region }} \ | |
--output-template-file packaged-gamma-arm64-${{ matrix.region }}.yaml | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: packaged-gamma-arm64-${{ matrix.region }}.yaml | |
path: packaged-gamma-arm64-${{ matrix.region }}.yaml | |
package-prod: | |
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }} | |
needs: [ build, load-prod-matrix ] | |
runs-on: ubuntu-20.04 | |
strategy: | |
matrix: ${{fromJSON(needs.load-prod-matrix.outputs.matrix)}} | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: "3.8" | |
- uses: aws-actions/setup-sam@v2 | |
- name: Assume the prod pipeline user role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-access-key-id: ${{ env.PIPELINE_USER_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ env.PIPELINE_USER_SECRET_ACCESS_KEY }} | |
aws-region: ${{ matrix.region }} | |
role-to-assume: ${{ matrix.pipeline_execution_role }} | |
role-session-name: prod-packaging | |
role-duration-seconds: 3600 | |
role-skip-session-tagging: true | |
- uses: actions/download-artifact@v3 | |
with: | |
name: aws-sam-build-x86_64 | |
- name: extract build_x86_64 | |
run: | | |
tar -xvf build-x86_64.tar | |
- name: Upload x86_64 layer to prod artifact buckets | |
run: | | |
sam package \ | |
--template build-x86_64/template.yaml \ | |
--s3-bucket ${{ matrix.artifacts_bucket }} \ | |
--image-repository ${{ matrix.image_repository }} \ | |
--region ${{ matrix.region }} \ | |
--output-template-file packaged-prod-x86_64-${{ matrix.region }}.yaml | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: packaged-prod-x86_64-${{ matrix.region }}.yaml | |
path: packaged-prod-x86_64-${{ matrix.region }}.yaml | |
- uses: actions/download-artifact@v3 | |
with: | |
name: aws-sam-build-arm64 | |
- name: extract build_arm64 | |
run: | | |
tar -xvf build-arm64.tar | |
- name: Upload arm64 layer to prod artifact buckets | |
run: | | |
sam package \ | |
--template build-arm64/template.yaml \ | |
--s3-bucket ${{ matrix.artifacts_bucket }} \ | |
--image-repository ${{ matrix.image_repository }} \ | |
--region ${{ matrix.region }} \ | |
--output-template-file packaged-prod-arm64-${{ matrix.region }}.yaml | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: packaged-prod-arm64-${{ matrix.region }}.yaml | |
path: packaged-prod-arm64-${{ matrix.region }}.yaml | |
package-china-gamma: | |
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }} | |
needs: [ build, load-china-gamma-matrix ] | |
runs-on: ubuntu-20.04 | |
strategy: | |
matrix: ${{fromJSON(needs.load-china-gamma-matrix.outputs.matrix)}} | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: "3.8" | |
- uses: aws-actions/setup-sam@v2 | |
- name: Assume the china pipeline user role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-access-key-id: ${{ env.PIPELINE_CN_USER_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ env.PIPELINE_CN_USER_SECRET_ACCESS_KEY }} | |
aws-region: ${{ matrix.region }} | |
role-to-assume: ${{ matrix.pipeline_execution_role }} | |
role-session-name: china-gamma-packaging | |
role-duration-seconds: 3600 | |
role-skip-session-tagging: true | |
- uses: actions/download-artifact@v3 | |
with: | |
name: aws-sam-build-x86_64 | |
- name: extract build_x86_64 | |
run: | | |
tar -xvf build-x86_64.tar | |
- name: Upload x86_64 layer to gamma artifact buckets | |
run: | | |
sam package \ | |
--template build-x86_64/template.yaml \ | |
--s3-bucket ${{ matrix.artifacts_bucket }} \ | |
--image-repository ${{ matrix.image_repository }} \ | |
--region ${{ matrix.region }} \ | |
--output-template-file packaged-china-gamma-x86_64-${{ matrix.region }}.yaml | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: packaged-china-gamma-x86_64-${{ matrix.region }}.yaml | |
path: packaged-china-gamma-x86_64-${{ matrix.region }}.yaml | |
- uses: actions/download-artifact@v3 | |
with: | |
name: aws-sam-build-arm64 | |
- name: extract build_arm64 | |
run: | | |
tar -xvf build-arm64.tar | |
- name: Upload arm64 layer to gamma artifact buckets | |
run: | | |
sam package \ | |
--template build-arm64/template.yaml \ | |
--s3-bucket ${{ matrix.artifacts_bucket }} \ | |
--image-repository ${{ matrix.image_repository }} \ | |
--region ${{ matrix.region }} \ | |
--output-template-file packaged-china-gamma-arm64-${{ matrix.region }}.yaml | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: packaged-china-gamma-arm64-${{ matrix.region }}.yaml | |
path: packaged-china-gamma-arm64-${{ matrix.region }}.yaml | |
package-china-prod: | |
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }} | |
needs: [ build, load-china-prod-matrix ] | |
runs-on: ubuntu-20.04 | |
strategy: | |
matrix: ${{fromJSON(needs.load-china-prod-matrix.outputs.matrix)}} | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: "3.8" | |
- uses: aws-actions/setup-sam@v2 | |
- name: Assume the china pipeline user role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-access-key-id: ${{ env.PIPELINE_CN_USER_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ env.PIPELINE_CN_USER_SECRET_ACCESS_KEY }} | |
aws-region: ${{ matrix.region }} | |
role-to-assume: ${{ matrix.pipeline_execution_role }} | |
role-session-name: china-prod-packaging | |
role-duration-seconds: 3600 | |
role-skip-session-tagging: true | |
- uses: actions/download-artifact@v3 | |
with: | |
name: aws-sam-build-x86_64 | |
- name: extract build_x86_64 | |
run: | | |
tar -xvf build-x86_64.tar | |
- name: Upload x86_64 layer to prod artifact buckets | |
run: | | |
sam package \ | |
--template build-x86_64/template.yaml \ | |
--s3-bucket ${{ matrix.artifacts_bucket }} \ | |
--image-repository ${{ matrix.image_repository }} \ | |
--region ${{ matrix.region }} \ | |
--output-template-file packaged-china-prod-x86_64-${{ matrix.region }}.yaml | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: packaged-china-prod-x86_64-${{ matrix.region }}.yaml | |
path: packaged-china-prod-x86_64-${{ matrix.region }}.yaml | |
- uses: actions/download-artifact@v3 | |
with: | |
name: aws-sam-build-arm64 | |
- name: extract build_arm64 | |
run: | | |
tar -xvf build-arm64.tar | |
- name: Upload arm64 layer to prod artifact buckets | |
run: | | |
sam package \ | |
--template build-arm64/template.yaml \ | |
--s3-bucket ${{ matrix.artifacts_bucket }} \ | |
--image-repository ${{ matrix.image_repository }} \ | |
--region ${{ matrix.region }} \ | |
--output-template-file packaged-china-prod-arm64-${{ matrix.region }}.yaml | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: packaged-china-prod-arm64-${{ matrix.region }}.yaml | |
path: packaged-china-prod-arm64-${{ matrix.region }}.yaml | |
load-gamma-matrix2: | |
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }} | |
needs: [ e2e-test-zip, e2e-test-oci, package-gamma ] | |
runs-on: ubuntu-20.04 | |
outputs: | |
matrix: ${{ steps.set-matrix.outputs.matrix }} | |
steps: | |
- uses: actions/checkout@v3 | |
- id: set-matrix | |
run: echo "matrix={\"include\":$(jq -r tostring .github/workflows/gamma.json)}" >> $GITHUB_OUTPUT | |
deploy-gamma: | |
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }} | |
needs: [load-gamma-matrix2] | |
runs-on: ubuntu-20.04 | |
strategy: | |
matrix: ${{fromJSON(needs.load-gamma-matrix2.outputs.matrix)}} | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: "3.8" | |
- uses: aws-actions/setup-sam@v2 | |
- name: Assume the gamma pipeline user role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-access-key-id: ${{ env.PIPELINE_USER_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ env.PIPELINE_USER_SECRET_ACCESS_KEY }} | |
aws-region: ${{ matrix.region }} | |
role-to-assume: ${{ matrix.pipeline_execution_role }} | |
role-session-name: gamma-deployment | |
role-duration-seconds: 3600 | |
role-skip-session-tagging: true | |
- uses: actions/download-artifact@v3 | |
with: | |
name: packaged-gamma-x86_64-${{ matrix.region }}.yaml | |
- name: Deploy x86_64 Layer to all regions in gamma account | |
run: | | |
sam deploy --stack-name lambda-adapter-gamma-x86-${{ matrix.region }} \ | |
--template packaged-gamma-x86_64-${{ matrix.region }}.yaml \ | |
--capabilities CAPABILITY_IAM \ | |
--region ${{ matrix.region }} \ | |
--s3-bucket ${{ matrix.artifacts_bucket }} \ | |
--image-repository ${{ matrix.image_repository }} \ | |
--no-fail-on-empty-changeset \ | |
--role-arn ${{ matrix.cloudformation_execution_role }} | |
- uses: actions/download-artifact@v3 | |
with: | |
name: packaged-gamma-arm64-${{ matrix.region }}.yaml | |
- name: Deploy arm64 Layer to supported regions in gamma account | |
if: ${{ matrix.arm64_supported }} | |
run: | | |
sam deploy --stack-name lambda-adapter-gamma-arm64-${{ matrix.region }} \ | |
--template packaged-gamma-arm64-${{ matrix.region }}.yaml \ | |
--capabilities CAPABILITY_IAM \ | |
--region ${{ matrix.region }} \ | |
--s3-bucket ${{ matrix.artifacts_bucket }} \ | |
--image-repository ${{ matrix.image_repository }} \ | |
--no-fail-on-empty-changeset \ | |
--role-arn ${{ matrix.cloudformation_execution_role }} | |
load-prod-matrix2: | |
if: ${{ github.event_name == 'release' }} | |
needs: [ deploy-gamma, package-prod ] | |
runs-on: ubuntu-20.04 | |
outputs: | |
matrix: ${{ steps.set-matrix.outputs.matrix }} | |
steps: | |
- uses: actions/checkout@v3 | |
- id: set-matrix | |
run: echo "matrix={\"include\":$(jq -r tostring .github/workflows/prod.json)}" >> $GITHUB_OUTPUT | |
deploy-prod: | |
if: ${{ github.event_name == 'release' }} | |
needs: [load-prod-matrix2] | |
runs-on: ubuntu-20.04 | |
environment: prod | |
strategy: | |
matrix: ${{fromJSON(needs.load-prod-matrix2.outputs.matrix)}} | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: "3.8" | |
- uses: aws-actions/setup-sam@v2 | |
- name: Assume the prod pipeline user role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-access-key-id: ${{ env.PIPELINE_USER_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ env.PIPELINE_USER_SECRET_ACCESS_KEY }} | |
aws-region: ${{ matrix.region }} | |
role-to-assume: ${{ matrix.pipeline_execution_role }} | |
role-session-name: prod-deployment | |
role-duration-seconds: 3600 | |
role-skip-session-tagging: true | |
- uses: actions/download-artifact@v3 | |
with: | |
name: packaged-prod-x86_64-${{ matrix.region }}.yaml | |
- name: Deploy x86_64 Layer to all regions in prod account | |
run: | | |
sam deploy --stack-name lambda-adapter-prod-x86-${{ matrix.region }} \ | |
--template packaged-prod-x86_64-${{ matrix.region }}.yaml \ | |
--capabilities CAPABILITY_IAM \ | |
--region ${{ matrix.region }} \ | |
--s3-bucket ${{ matrix.artifacts_bucket }} \ | |
--image-repository ${{ matrix.image_repository }} \ | |
--no-fail-on-empty-changeset \ | |
--role-arn ${{ matrix.cloudformation_execution_role }} | |
- uses: actions/download-artifact@v3 | |
with: | |
name: packaged-prod-arm64-${{ matrix.region }}.yaml | |
- name: Deploy arm64 Layer to supported regions in prod account | |
if: ${{ matrix.arm64_supported }} | |
run: | | |
sam deploy --stack-name lambda-adapter-prod-arm64-${{ matrix.region }} \ | |
--template packaged-prod-arm64-${{ matrix.region }}.yaml \ | |
--capabilities CAPABILITY_IAM \ | |
--region ${{ matrix.region }} \ | |
--s3-bucket ${{ matrix.artifacts_bucket }} \ | |
--image-repository ${{ matrix.image_repository }} \ | |
--no-fail-on-empty-changeset \ | |
--role-arn ${{ matrix.cloudformation_execution_role }} | |
load-china-gamma-matrix2: | |
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }} | |
needs: [ e2e-test-zip, e2e-test-oci, package-china-gamma] | |
runs-on: ubuntu-20.04 | |
outputs: | |
matrix: ${{ steps.set-matrix.outputs.matrix }} | |
steps: | |
- uses: actions/checkout@v3 | |
- id: set-matrix | |
run: echo "matrix={\"include\":$(jq -r tostring .github/workflows/cn-gamma.json)}" >> $GITHUB_OUTPUT | |
deploy-china-gamma: | |
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }} | |
needs: [load-china-gamma-matrix2] | |
runs-on: ubuntu-20.04 | |
environment: prod | |
strategy: | |
matrix: ${{fromJSON(needs.load-china-gamma-matrix2.outputs.matrix)}} | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: "3.8" | |
- uses: aws-actions/setup-sam@v2 | |
- name: Assume the china pipeline user role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-access-key-id: ${{ env.PIPELINE_CN_USER_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ env.PIPELINE_CN_USER_SECRET_ACCESS_KEY }} | |
aws-region: ${{ matrix.region }} | |
role-to-assume: ${{ matrix.pipeline_execution_role }} | |
role-session-name: china-deployment | |
role-duration-seconds: 3600 | |
role-skip-session-tagging: true | |
- uses: actions/download-artifact@v3 | |
with: | |
name: packaged-china-gamma-x86_64-${{ matrix.region }}.yaml | |
- name: Deploy x86_64 Layer to all regions in china | |
run: | | |
sam deploy --stack-name lambda-adapter-gamma-x86-${{ matrix.region }} \ | |
--template packaged-china-gamma-x86_64-${{ matrix.region }}.yaml \ | |
--capabilities CAPABILITY_IAM \ | |
--region ${{ matrix.region }} \ | |
--s3-bucket ${{ matrix.artifacts_bucket }} \ | |
--image-repository ${{ matrix.image_repository }} \ | |
--no-fail-on-empty-changeset \ | |
--role-arn ${{ matrix.cloudformation_execution_role }} | |
- uses: actions/download-artifact@v3 | |
with: | |
name: packaged-china-gamma-arm64-${{ matrix.region }}.yaml | |
- name: Deploy arm64 Layer to supported china regions | |
if: ${{ matrix.arm64_supported }} | |
run: | | |
sam deploy --stack-name lambda-adapter-gamma-arm64-${{ matrix.region }} \ | |
--template packaged-china-gamma-arm64-${{ matrix.region }}.yaml \ | |
--capabilities CAPABILITY_IAM \ | |
--region ${{ matrix.region }} \ | |
--s3-bucket ${{ matrix.artifacts_bucket }} \ | |
--image-repository ${{ matrix.image_repository }} \ | |
--no-fail-on-empty-changeset \ | |
--role-arn ${{ matrix.cloudformation_execution_role }} | |
load-china-prod-matrix2: | |
if: ${{ github.event_name == 'release' }} | |
needs: [ deploy-china-gamma, package-china-prod] | |
runs-on: ubuntu-20.04 | |
outputs: | |
matrix: ${{ steps.set-matrix.outputs.matrix }} | |
steps: | |
- uses: actions/checkout@v3 | |
- id: set-matrix | |
run: echo "matrix={\"include\":$(jq -r tostring .github/workflows/cn-prod.json)}" >> $GITHUB_OUTPUT | |
deploy-china-prod: | |
if: ${{ github.event_name == 'release' }} | |
needs: [load-china-prod-matrix2] | |
runs-on: ubuntu-20.04 | |
environment: prod | |
strategy: | |
matrix: ${{fromJSON(needs.load-china-prod-matrix2.outputs.matrix)}} | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: "3.8" | |
- uses: aws-actions/setup-sam@v2 | |
- name: Assume the china pipeline user role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-access-key-id: ${{ env.PIPELINE_CN_USER_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ env.PIPELINE_CN_USER_SECRET_ACCESS_KEY }} | |
aws-region: ${{ matrix.region }} | |
role-to-assume: ${{ matrix.pipeline_execution_role }} | |
role-session-name: china-deployment | |
role-duration-seconds: 3600 | |
role-skip-session-tagging: true | |
- uses: actions/download-artifact@v3 | |
with: | |
name: packaged-china-prod-x86_64-${{ matrix.region }}.yaml | |
- name: Deploy x86_64 Layer to all regions in china | |
run: | | |
sam deploy --stack-name lambda-adapter-prod-x86-${{ matrix.region }} \ | |
--template packaged-china-prod-x86_64-${{ matrix.region }}.yaml \ | |
--capabilities CAPABILITY_IAM \ | |
--region ${{ matrix.region }} \ | |
--s3-bucket ${{ matrix.artifacts_bucket }} \ | |
--image-repository ${{ matrix.image_repository }} \ | |
--no-fail-on-empty-changeset \ | |
--role-arn ${{ matrix.cloudformation_execution_role }} | |
- uses: actions/download-artifact@v3 | |
with: | |
name: packaged-china-prod-arm64-${{ matrix.region }}.yaml | |
- name: Deploy arm64 Layer to supported china regions | |
if: ${{ matrix.arm64_supported }} | |
run: | | |
sam deploy --stack-name lambda-adapter-prod-arm64-${{ matrix.region }} \ | |
--template packaged-china-prod-arm64-${{ matrix.region }}.yaml \ | |
--capabilities CAPABILITY_IAM \ | |
--region ${{ matrix.region }} \ | |
--s3-bucket ${{ matrix.artifacts_bucket }} \ | |
--image-repository ${{ matrix.image_repository }} \ | |
--no-fail-on-empty-changeset \ | |
--role-arn ${{ matrix.cloudformation_execution_role }} | |
publish-to-public-ecr: | |
if: ${{ github.event_name == 'release' }} | |
needs: [deploy-prod] | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Assume the prod pipeline user role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-access-key-id: ${{ env.PIPELINE_USER_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ env.PIPELINE_USER_SECRET_ACCESS_KEY }} | |
aws-region: ${{ env.PROD_ECR_REGION }} | |
role-to-assume: ${{ env.PROD_ECR_PIPELINE_EXECUTION_ROLE }} | |
role-session-name: prod-deployment | |
role-duration-seconds: 3600 | |
role-skip-session-tagging: true | |
- name: login ECR Public Registry | |
run: | | |
aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws | |
- uses: actions/download-artifact@v3 | |
with: | |
name: aws-sam-build-x86_64 | |
- name: extract build_x86_64 | |
run: | | |
tar -xvf build-x86_64.tar | |
- uses: actions/download-artifact@v3 | |
with: | |
name: aws-sam-build-arm64 | |
- name: extract build_arm64 | |
run: | | |
tar -xvf build-arm64.tar | |
- name: Create and push the x86_64 docker image to prod ecr public repo | |
run: | | |
tar -c -C build-x86_64/LambdaAdapterLayerX86/extensions . | docker import --platform linux/amd64 - public.ecr.aws/awsguru/aws-lambda-adapter:$(CARGO_PKG_VERSION)-x86_64 | |
docker push public.ecr.aws/awsguru/aws-lambda-adapter:$(CARGO_PKG_VERSION)-x86_64 | |
- name: Create and push the arm64 docker image to prod ecr public repo | |
run: | | |
tar -c -C build-arm64/LambdaAdapterLayerArm64/extensions . | docker import --platform linux/arm64 - public.ecr.aws/awsguru/aws-lambda-adapter:$(CARGO_PKG_VERSION)-aarch64 | |
docker push public.ecr.aws/awsguru/aws-lambda-adapter:$(CARGO_PKG_VERSION)-aarch64 | |
- name: create and push the multi-arch manifest to prod ecr public repo | |
run: | | |
docker manifest create public.ecr.aws/awsguru/aws-lambda-adapter:$(CARGO_PKG_VERSION) \ | |
public.ecr.aws/awsguru/aws-lambda-adapter:$(CARGO_PKG_VERSION)-x86_64 \ | |
public.ecr.aws/awsguru/aws-lambda-adapter:$(CARGO_PKG_VERSION)-aarch64 | |
docker manifest push public.ecr.aws/awsguru/aws-lambda-adapter:$(CARGO_PKG_VERSION) |