From 1c924058a70bce39f2a0796e7229eb9b5f13edde Mon Sep 17 00:00:00 2001 From: xuan-cao-swi Date: Thu, 12 Sep 2024 13:55:36 -0400 Subject: [PATCH] test out the reverse lab on layer --- .../workflows/build_publish_lambda_layer.yml | 179 ++++++++++-------- 1 file changed, 98 insertions(+), 81 deletions(-) diff --git a/.github/workflows/build_publish_lambda_layer.yml b/.github/workflows/build_publish_lambda_layer.yml index 3dce0c0..6d3a39f 100644 --- a/.github/workflows/build_publish_lambda_layer.yml +++ b/.github/workflows/build_publish_lambda_layer.yml @@ -81,6 +81,20 @@ jobs: steps: - uses: actions/checkout@v4 + - if: ${{ inputs.publish-dest == 'staging' }} + name: use staging credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.LAMBDA_PUBLISHER_ARN_STAGING }} + aws-region: ${{ matrix.aws_region }} + + - if: ${{ inputs.publish-dest == 'production' }} + name: use production credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.LAMBDA_PUBLISHER_ARN_PROD }} + aws-region: ${{ matrix.aws_region }} + - name: extract layer zip from artifacts uses: actions/download-artifact@v4 with: @@ -91,7 +105,10 @@ jobs: run: | APM_VERSION=$(grep "gem 'solarwinds_apm'" lambda/otel/layer/Gemfile | awk -F"'" '{print $4}') APM_VERSION="${APM_VERSION//./_}" - echo "SOLARWINDS_APM_VERSION=$APM_VERSION" >> $GITHUB_ENV + LAYER_NAME=solarwinds-apm-ruby-${{ matrix.arch }}-$APM_VERSION + LATEST_VERSION=$(aws lambda list-layer-versions --layer-name $LAYER_NAME | jq -r '.LayerVersions | max_by(.Version) | .Version') + NEXT_LATEST_VERSION=$(( $LATEST_VERSION + 1)) + echo "LAYER_VERSION=$NEXT_LATEST_VERSION" >> $GITHUB_ENV - name: Scan build artifact on the Portal ${{ matrix.arch }} id: rl-scan @@ -106,7 +123,7 @@ jobs: rl-portal-server: solarwinds rl-portal-org: SolarWinds rl-portal-group: SaaS-Agents-SWO - rl-package-url: solarwinds-apm-ruby/apm-ruby-lambda-layer-${{ matrix.arch }}@${{ steps.build-apm-ruby-ci-reverse-lab.outputs.gem_version }} + rl-package-url: solarwinds-apm-ruby/apm-ruby-lambda-layer-${{ matrix.arch }}@${{ env.LAYER_VERSION }} rl-submit-only: true - name: report the scan status @@ -116,82 +133,82 @@ jobs: echo "The description is: '${{ steps.rl-scan.outputs.description }}'" # extract the built layer from artifacts, then publish it based on region - publish_layer: - needs: - - build_layer - runs-on: ubuntu-latest - strategy: - matrix: - aws_region: - - ap-northeast-1 - - ap-northeast-2 - - ap-south-1 - - ap-southeast-1 - - ap-southeast-2 - - ca-central-1 - - eu-central-1 - - eu-north-1 - - eu-west-1 - - eu-west-2 - - eu-west-3 - - sa-east-1 - - us-east-1 - - us-east-2 - - us-west-1 - - us-west-2 - arch: - - x86_64 - - arm64 - steps: - - uses: actions/checkout@v4 - - - if: ${{ inputs.publish-dest == 'staging' }} - name: use staging credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: ${{ secrets.LAMBDA_PUBLISHER_ARN_STAGING }} - aws-region: ${{ matrix.aws_region }} - - - if: ${{ inputs.publish-dest == 'production' }} - name: use production credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: ${{ secrets.LAMBDA_PUBLISHER_ARN_PROD }} - aws-region: ${{ matrix.aws_region }} - - - name: extract layer zip from artifacts - uses: actions/download-artifact@v4 - with: - name: ruby-layer-${{ matrix.arch }}.zip - path: lambda - - - name: extract current solarwinds_apm version - run: | - APM_VERSION=$(grep "gem 'solarwinds_apm'" lambda/otel/layer/Gemfile | awk -F"'" '{print $4}') - APM_VERSION="${APM_VERSION//./_}" - echo "SOLARWINDS_APM_VERSION=$APM_VERSION" >> $GITHUB_ENV - - - name: publish lambda layer - run: | - cd lambda/ - aws lambda publish-layer-version \ - --layer-name solarwinds-apm-ruby-${{ matrix.arch }}-${{ env.SOLARWINDS_APM_VERSION }} \ - --license-info "Apache 2.0" \ - --compatible-architectures ${{ matrix.arch }} \ - --compatible-runtimes ruby3.2 ruby3.3 \ - --zip-file fileb://ruby-layer-${{ matrix.arch }}.zip \ - --query 'LayerVersionArn' \ - --compatible-architectures ${{ matrix.arch }} \ - --output text - - - name: grant permissions to public for the published layer - run: | - layer_name=solarwinds-apm-ruby-${{ matrix.arch }}-${{ env.SOLARWINDS_APM_VERSION }} - latest_version=$(aws lambda list-layer-versions --layer-name $layer_name | jq -r '.LayerVersions | max_by(.Version) | .Version') - aws lambda add-layer-version-permission \ - --layer-name $layer_name \ - --statement-id apm-ruby-add-permission \ - --action lambda:GetLayerVersion \ - --principal '*' \ - --version-number $latest_version \ - --output text + # publish_layer: + # needs: + # - build_layer + # runs-on: ubuntu-latest + # strategy: + # matrix: + # aws_region: + # - ap-northeast-1 + # - ap-northeast-2 + # - ap-south-1 + # - ap-southeast-1 + # - ap-southeast-2 + # - ca-central-1 + # - eu-central-1 + # - eu-north-1 + # - eu-west-1 + # - eu-west-2 + # - eu-west-3 + # - sa-east-1 + # - us-east-1 + # - us-east-2 + # - us-west-1 + # - us-west-2 + # arch: + # - x86_64 + # - arm64 + # steps: + # - uses: actions/checkout@v4 + + # - if: ${{ inputs.publish-dest == 'staging' }} + # name: use staging credentials + # uses: aws-actions/configure-aws-credentials@v4 + # with: + # role-to-assume: ${{ secrets.LAMBDA_PUBLISHER_ARN_STAGING }} + # aws-region: ${{ matrix.aws_region }} + + # - if: ${{ inputs.publish-dest == 'production' }} + # name: use production credentials + # uses: aws-actions/configure-aws-credentials@v4 + # with: + # role-to-assume: ${{ secrets.LAMBDA_PUBLISHER_ARN_PROD }} + # aws-region: ${{ matrix.aws_region }} + + # - name: extract layer zip from artifacts + # uses: actions/download-artifact@v4 + # with: + # name: ruby-layer-${{ matrix.arch }}.zip + # path: lambda + + # - name: extract current solarwinds_apm version + # run: | + # APM_VERSION=$(grep "gem 'solarwinds_apm'" lambda/otel/layer/Gemfile | awk -F"'" '{print $4}') + # APM_VERSION="${APM_VERSION//./_}" + # echo "SOLARWINDS_APM_VERSION=$APM_VERSION" >> $GITHUB_ENV + + # - name: publish lambda layer + # run: | + # cd lambda/ + # aws lambda publish-layer-version \ + # --layer-name solarwinds-apm-ruby-${{ matrix.arch }}-${{ env.SOLARWINDS_APM_VERSION }} \ + # --license-info "Apache 2.0" \ + # --compatible-architectures ${{ matrix.arch }} \ + # --compatible-runtimes ruby3.2 ruby3.3 \ + # --zip-file fileb://ruby-layer-${{ matrix.arch }}.zip \ + # --query 'LayerVersionArn' \ + # --compatible-architectures ${{ matrix.arch }} \ + # --output text + + # - name: grant permissions to public for the published layer + # run: | + # layer_name=solarwinds-apm-ruby-${{ matrix.arch }}-${{ env.SOLARWINDS_APM_VERSION }} + # latest_version=$(aws lambda list-layer-versions --layer-name $layer_name | jq -r '.LayerVersions | max_by(.Version) | .Version') + # aws lambda add-layer-version-permission \ + # --layer-name $layer_name \ + # --statement-id apm-ruby-add-permission \ + # --action lambda:GetLayerVersion \ + # --principal '*' \ + # --version-number $latest_version \ + # --output text