Build publish lambda layer #8
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright (c) 2023 SolarWinds, LLC. | |
| # All rights reserved. | |
| name: Build and publish ruby lambda layer | |
| on: | |
| workflow_dispatch: | |
| permissions: | |
| id-token: write # This is required for requesting the JWT | |
| contents: read # This is required for actions/checkout | |
| jobs: | |
| # create one arm64 ec2 instance on aws as our runner | |
| start_arm64_runner: | |
| outputs: | |
| matrix: ${{ steps.launch.outputs.matrix }} # this will be a json object mapping identifiers to labels and instance ids | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: getsentry/action-github-app-token@v3 | |
| id: github-token | |
| with: | |
| app_id: ${{ vars.APPLICATION_ID }} | |
| private_key: ${{ secrets.APPLICATION_PRIVATE_KEY }} | |
| - uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.EC2_RUNNER_ARN }} | |
| aws-region: us-east-1 | |
| - id: launch | |
| uses: solarwindscloud/ec2-runner-action@main | |
| with: | |
| action: launch | |
| matrix: | # one identifier per line | |
| ubuntu:22.04 | |
| github-token: ${{ steps.github-token.outputs.token }} | |
| runner-user: github | |
| runner-directory: /gh | |
| instance-type: t4g.medium | |
| ami-name: gha-arm64-ubuntu22-.* | |
| ami-owner: "858939916050" | |
| subnet-id: subnet-0fd499f8a50e41807 | |
| security-group-ids: sg-0fd8d8cd6effda4a5 | |
| tags: | | |
| Name=xuan-cao-ec2-runner | |
| # build layer on arm64 and amd64, then upload to artifacts | |
| build_layer: | |
| needs: | |
| - start_arm64_runner | |
| runs-on: ${{ matrix.arch == 'arm64' && fromJSON(needs.start_arm64_runner.outputs.matrix)[matrix.image].label || 'ubuntu-latest' }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| arch: | |
| - x86_64 | |
| - arm64 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: aws-actions/setup-sam@v2 | |
| # Build inside Docker containers | |
| # There is only two ruby runtime for aws lambda ruby 3.2 and 2.7 | |
| # Since the 2.7 is not supported by otel, then we don't use it | |
| # BuildArchitecture: arch is for different architecture build | |
| - name: build lambda layer | |
| run: | | |
| cd lambda/ | |
| echo "" >> template.yml | |
| echo " BuildArchitecture: ${{ matrix.arch }}" >> template.yml | |
| echo "" >> template.yml | |
| sam build -u -t template.yml -e BUNDLE_RUBYGEMS__PKG__GITHUB__COM=$GITHUB_RUBY_TOKEN | |
| ./zip_layer.sh -n ruby-layer-${{ matrix.arch }} | |
| env: | |
| GITHUB_RUBY_TOKEN: ${{ secrets.PACKAGE_GITHUB_TOKEN }} | |
| - name: Upload to artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ruby-layer-${{ matrix.arch }}.zip | |
| path: lambda | |
| # extract the built layer from artifacts, then publish it based on region | |
| publish_layer: | |
| needs: | |
| - build_layer | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| aws_region: | |
| - us-east-1 | |
| arch: | |
| - x86_64 | |
| - arm64 | |
| steps: | |
| - uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.LAMBDA_PUBLISHER_ARN }} | |
| aws-region: ${{ matrix.aws_region }} | |
| - name: extract layer zip from artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: ruby-layer-${{ matrix.arch }}.zip | |
| path: lambda | |
| - name: extract current solarwinds_apm version | |
| run: | | |
| APM_VERSION=$(grep "gem 'solarwinds_apm'" lambda/layer/Gemfile | awk -F"'" '{print $4}') | |
| echo "SOLARWINDS_APM_VERSION=$APM_VERSION" >> $GITHUB_ENV | |
| - name: publish lambda layer | |
| run: | | |
| cd lambda/ | |
| aws lambda publish-layer-version \ | |
| --layer-name solarwinds-ruby-layer-$SOLARWINDS_APM_VERSION-${{ matrix.arch }} \ | |
| --license-info "Apache 2.0" \ | |
| --compatible-architectures ${{ matrix.arch }} \ | |
| --compatible-runtimes ruby3.2 \ | |
| --zip-file fileb://ruby-layer-${{ matrix.arch }}.zip \ | |
| --query 'LayerVersionArn' \ | |
| --compatible-architectures ${{ matrix.arch }} \ | |
| --output text | |
| - name: grant permissions to public for the published layer | |
| run: | | |
| layer_name=solarwinds-ruby-layer-${{ matrix.arch }} | |
| latest_version=$(aws lambda list-layer-versions --layer-name $layer_name | jq -r '.LayerVersions | max_by(.Version) | .Version') | |
| aws lambda add-layer-version-permission \ | |
| --layer-name $layer_name \ | |
| --statement-id apm-ruby-add-permission \ | |
| --action lambda:GetLayerVersion \ | |
| --principal '*' \ | |
| --version-number $latest_version \ | |
| --output text | |
| terminate_arm64_runner: | |
| if: ${{ always() }} | |
| needs: | |
| - start_arm64_runner | |
| - build_layer | |
| - publish_layer | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: getsentry/action-github-app-token@v3 | |
| id: github-token | |
| with: | |
| app_id: ${{ vars.APPLICATION_ID }} | |
| private_key: ${{ secrets.APPLICATION_PRIVATE_KEY }} | |
| - uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.EC2_RUNNER_ARN }} | |
| aws-region: us-east-1 | |
| - uses: solarwindscloud/ec2-runner-action@main | |
| with: | |
| action: terminate | |
| github-token: ${{ steps.github-token.outputs.token }} | |
| matrix: ${{ needs.start_arm64_runner.outputs.matrix }} # passing a matrix will terminate all runners, not just one |