Build & Publish Layer #3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build & Publish Layer | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| type: | |
| type: choice | |
| description: Type of package to use | |
| options: | |
| - production | |
| - testing | |
| required: true | |
| version: | |
| type: string | |
| description: Version of the package to use | |
| required: true | |
| workflow_call: | |
| inputs: | |
| type: | |
| type: string | |
| description: Type of package to use | |
| required: true | |
| version: | |
| type: string | |
| description: Version of the package to use | |
| required: true | |
| secrets: | |
| LAMBDA_PROD_PUBLISHER_ARN: | |
| required: true | |
| LAMBDA_STAGE_PUBLISHER_ARN: | |
| required: true | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| PACKAGE_NAME: ${{ inputs.type == 'production' && 'solarwinds-apm' || '@solarwinds/solarwinds-apm' }} | |
| PACKAGE_VERSION: ${{ inputs.version }} | |
| YARN_ENABLE_IMMUTABLE_INSTALLS: false | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| lfs: true | |
| submodules: true | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| - run: corepack enable | |
| - run: yarn install | |
| - run: yarn lambda $PACKAGE_NAME $PACKAGE_VERSION | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: layer.zip | |
| path: lambda/layer.zip | |
| publish: | |
| needs: build | |
| permissions: | |
| id-token: write | |
| strategy: | |
| matrix: | |
| region: |- | |
| ${{ | |
| inputs.type == 'production' && fromJSON('[ | |
| "ap-northeast-1", | |
| "ap-northeast-2", | |
| "ap-south-1", | |
| "ap-southeast-1", | |
| "ap-southeast-2", | |
| "ca-central-1", | |
| "eu-central-1", | |
| "eu-north-1", | |
| "eu-west-1", | |
| "eu-west-2", | |
| "eu-west-3", | |
| "sa-east-1", | |
| "us-east-1", | |
| "us-east-2", | |
| "us-west-1", | |
| "us-west-2" | |
| ]') || fromJSON('["us-east-1"]') | |
| }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: layer.zip | |
| - uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ inputs.type == 'production' && secrets.LAMBDA_PROD_PUBLISHER_ARN || secrets.LAMBDA_STAGE_PUBLISHER_ARN }} | |
| aws-region: ${{ matrix.region }} | |
| - name: Calculate layer name | |
| run: | | |
| LAYER_NAME="solarwinds-apm-js" | |
| if [[ "${{ inputs.type }}" != "production" ]]; then | |
| LAYER_NAME="${LAYER_NAME}-${{ inputs.type }}" | |
| else | |
| LAYER_NAME="${LAYER_NAME}-$(echo '${{ inputs.version }}' | sed -r 's/\./_/g')" | |
| fi | |
| echo "LAYER_NAME=$LAYER_NAME" >> $GITHUB_ENV | |
| - name: Publish | |
| run: | | |
| LAYER_ARN=$( | |
| aws lambda publish-layer-version \ | |
| --layer-name $LAYER_NAME \ | |
| --license-info "Apache 2.0" \ | |
| --compatible-architectures x86_64 arm64 \ | |
| --compatible-runtimes nodejs20.x nodejs18.x nodejs16.x \ | |
| --zip-file fileb://layer.zip \ | |
| --query 'LayerVersionArn' \ | |
| --output text | |
| ) | |
| echo "::notice::$LAYER_ARN" | |
| - name: Make public | |
| if: inputs.type == 'production' | |
| run: | | |
| LAYER_VERSION=$( | |
| aws lambda list-layer-versions \ | |
| --layer-name $LAYER_NAME \ | |
| --query 'max_by(LayerVersions, &Version).Version' | |
| ) | |
| aws lambda add-layer-version-permission \ | |
| --layer-name $LAYER_NAME \ | |
| --version-number $LAYER_VERSION \ | |
| --principal '*' \ | |
| --action lambda:GetLayerVersion \ | |
| --statement-id apm-js-add-permission |