Skip to content

Bump golang.org/x/crypto from 0.21.0 to 0.31.0 in /examples/gin-zip/app #1048

Bump golang.org/x/crypto from 0.21.0 to 0.31.0 in /examples/gin-zip/app

Bump golang.org/x/crypto from 0.21.0 to 0.31.0 in /examples/gin-zip/app #1048

Workflow file for this run

name: Pipeline
on:
push:
branches:
- main
paths-ignore:
- "docs"
- "examples"
pull_request:
branches:
- main
paths-ignore:
- "docs"
- "examples"
release:
types:
- released
permissions:
id-token: write
contents: read
env:
CARGO_TERM_COLOR: always
SAM_TEMPLATE_X86_64: template-x86_64.yaml
SAM_TEMPLATE_ARM64: template-arm64.yaml
GITHUB_RUNNER_ROLE: arn:aws:iam::621808641063:role/GitHubRunnerRole
GITHUB_RUNNER_CHINA_ROLE: arn:aws-cn:iam::075528433517:role/GitHubRunnerRole
BETA_STACK_NAME: lambda-adapter-beta
BETA_PIPELINE_EXECUTION_ROLE: arn:aws:iam::477159140107:role/aws-sam-cli-managed-beta-pip-PipelineExecutionRole-13NXRWTRTHDCJ
BETA_CLOUDFORMATION_EXECUTION_ROLE: arn:aws:iam::477159140107:role/aws-sam-cli-managed-beta-CloudFormationExecutionR-132I77VBFOWQ2
BETA_ARTIFACTS_BUCKET: aws-sam-cli-managed-beta-pipeline-artifactsbucket-889nlo0z1nt0
BETA_IMAGE_REPOSITORY: 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com/aws-sam-cli-managed-beta-pipeline-resources-imagerepository-0hbn3hxi9pcm
BETA_REGION: ap-northeast-1
PROD_ECR_PIPELINE_EXECUTION_ROLE: arn:aws:iam::373534280245:role/aws-sam-cli-managed-prod-ecr-PipelineExecutionRole-12FE9QIHNFYOI
PROD_ECR_CLOUDFORMATION_EXECUTION_ROLE: arn:aws:iam::373534280245:role/aws-sam-cli-managed-prod-CloudFormationExecutionR-RDUT9EAJJ1ZN
PROD_ARTIFACTS_BUCKET: aws-sam-cli-managed-prod-ecr-pipe-artifactsbucket-1mjporc66dkgn
PROD_IMAGE_REPOSITORY: 373534280245.dkr.ecr.us-east-1.amazonaws.com/aws-sam-cli-managed-prod-ecr-pipeline-resources-imagerepository-fhpoty0tapro
PROD_ECR_REGION: us-east-1
RUST_BACKTRACE: full
SCCACHE_GHA_ENABLED: "true"
RUSTC_WRAPPER: "sccache"
CARGO_INCREMENTAL: 0
jobs:
test:
runs-on: ubuntu-20.04
steps:
- name: Checkout sources
uses: actions/checkout@v3
- name: Install stable toolchain
run: |
rustup target add x86_64-unknown-linux-musl
rustup target add aarch64-unknown-linux-musl
- name: Install cargo lambda
run: pip3 install cargo-lambda
- name: Configure cache
uses: mozilla-actions/[email protected]
- name: Install cargo-nextest
run: cargo install cargo-nextest --locked
- name: linting
run: |
cargo fmt --all -- --check
cargo clippy -- -Dwarnings
- name: run unit and integration tests
run: cargo nextest run --profile ci
build:
needs: [ test ]
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: "3.8"
- uses: aws-actions/setup-sam@v2
- name: Install stable toolchain
run: |
rustup target add x86_64-unknown-linux-musl
rustup target add aarch64-unknown-linux-musl
- name: Install cargo lambda
run: pip3 install cargo-lambda
- name: Configure cache
uses: mozilla-actions/[email protected]
- name: Install cargo-nextest
run: cargo install cargo-nextest --locked
- name: Add cargo pkg version to env vars
run: |
echo "CARGO_PKG_VERSION=$(cargo metadata --no-deps --format-version=1 | jq -r '.packages[0].version')" >> $GITHUB_ENV
- name: Build x86_64 Layer
run: sam build --template ${SAM_TEMPLATE_X86_64} --parameter-overrides CargoPkgVersion=${CARGO_PKG_VERSION} -b build-x86_64
- name: Tar files
run: tar -cvf build-x86_64.tar build-x86_64
- uses: actions/upload-artifact@v4
with:
name: aws-sam-build-x86_64
path: build-x86_64.tar
- name: Build arm64 Layer
run: sam build --template ${SAM_TEMPLATE_ARM64} --parameter-overrides CargoPkgVersion=${CARGO_PKG_VERSION} -b build-arm64
- name: Tar files
run: tar -cvf build-arm64.tar build-arm64
- uses: actions/upload-artifact@v4
with:
name: aws-sam-build-arm64
path: build-arm64.tar
package-beta:
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }}
needs: [ build ]
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: "3.8"
- uses: aws-actions/setup-sam@v2
- name: Assume the github runner role
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ env.BETA_REGION }}
role-to-assume: ${{ env.GITHUB_RUNNER_ROLE }}
- name: Assume the beta pipeline user role
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ env.AWS_SESSION_TOKEN }}
role-skip-session-tagging: true
aws-region: ${{ env.BETA_REGION }}
role-to-assume: ${{ env.BETA_PIPELINE_EXECUTION_ROLE }}
- uses: actions/[email protected]
with:
name: aws-sam-build-x86_64
- name: extract build_x86_64
run: |
tar -xvf build-x86_64.tar
- name: Upload x86_64 layer to beta artifact buckets
run: |
sam package \
--template build-x86_64/template.yaml \
--s3-bucket ${BETA_ARTIFACTS_BUCKET} \
--image-repository ${BETA_IMAGE_REPOSITORY} \
--region ${BETA_REGION} \
--output-template-file packaged-beta-x86_64.yaml
- uses: actions/upload-artifact@v4
with:
name: packaged-beta-x86_64.yaml
path: packaged-beta-x86_64.yaml
- uses: actions/[email protected]
with:
name: aws-sam-build-arm64
- name: extract build_arm64
run: |
tar -xvf build-arm64.tar
- name: Upload arm64 layer to beta artifact buckets
run: |
sam package \
--template build-arm64/template.yaml \
--s3-bucket ${BETA_ARTIFACTS_BUCKET} \
--image-repository ${BETA_IMAGE_REPOSITORY} \
--region ${BETA_REGION} \
--output-template-file packaged-beta-arm64.yaml
- uses: actions/upload-artifact@v4
with:
name: packaged-beta-arm64.yaml
path: packaged-beta-arm64.yaml
- name: Create and push the x86_64 docker image to beta ecr repo
run: |
tar -c -C build-x86_64/LambdaAdapterLayerX86/extensions . | docker import --platform linux/amd64 - 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com/awsguru/aws-lambda-adapter:latest-x86_64
aws ecr get-login-password --region ap-northeast-1 | docker login --username AWS --password-stdin 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com
docker push 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com/awsguru/aws-lambda-adapter:latest-x86_64
- name: Create and push the arm64 docker image to beta ecr repo
run: |
tar -c -C build-arm64/LambdaAdapterLayerArm64/extensions . | docker import --platform linux/arm64 - 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com/awsguru/aws-lambda-adapter:latest-aarch64
aws ecr get-login-password --region ap-northeast-1 | docker login --username AWS --password-stdin 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com
docker push 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com/awsguru/aws-lambda-adapter:latest-aarch64
- name: create and push the multi-arch manifest to beta ecr repo
run: |
docker manifest create 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com/awsguru/aws-lambda-adapter:latest \
477159140107.dkr.ecr.ap-northeast-1.amazonaws.com/awsguru/aws-lambda-adapter:latest-x86_64 \
477159140107.dkr.ecr.ap-northeast-1.amazonaws.com/awsguru/aws-lambda-adapter:latest-aarch64
docker manifest push 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com/awsguru/aws-lambda-adapter:latest
deploy-beta:
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }}
needs: [ package-beta ]
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: "3.8"
- uses: aws-actions/setup-sam@v2
- name: Assume the github runner role
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ env.BETA_REGION }}
role-to-assume: ${{ env.GITHUB_RUNNER_ROLE }}
- name: Assume the beta pipeline user role
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ env.AWS_SESSION_TOKEN }}
role-skip-session-tagging: true
aws-region: ${{ env.BETA_REGION }}
role-to-assume: ${{ env.BETA_PIPELINE_EXECUTION_ROLE }}
- name: Add cargo pkg version to env vars
run: |
echo "CARGO_PKG_VERSION=$(cargo metadata --no-deps --format-version=1 | jq -r '.packages[0].version')" >> $GITHUB_ENV
- uses: actions/[email protected]
with:
name: packaged-beta-x86_64.yaml
- name: Deploy x86_64 layer to beta account
run: |
sam deploy --stack-name ${BETA_STACK_NAME}-x86 \
--template packaged-beta-x86_64.yaml \
--parameter-overrides CargoPkgVersion=${CARGO_PKG_VERSION} \
--capabilities CAPABILITY_IAM \
--region ${BETA_REGION} \
--s3-bucket ${BETA_ARTIFACTS_BUCKET} \
--image-repository ${BETA_IMAGE_REPOSITORY} \
--no-fail-on-empty-changeset \
--role-arn ${BETA_CLOUDFORMATION_EXECUTION_ROLE}
- uses: actions/[email protected]
with:
name: packaged-beta-arm64.yaml
- name: Deploy arm64 layer to beta account
run: |
sam deploy --stack-name ${BETA_STACK_NAME}-arm64 \
--template packaged-beta-arm64.yaml \
--parameter-overrides CargoPkgVersion=${CARGO_PKG_VERSION} \
--capabilities CAPABILITY_IAM \
--region ${BETA_REGION} \
--s3-bucket ${BETA_ARTIFACTS_BUCKET} \
--image-repository ${BETA_IMAGE_REPOSITORY} \
--no-fail-on-empty-changeset \
--role-arn ${BETA_CLOUDFORMATION_EXECUTION_ROLE}
e2e-test-zip:
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }}
needs: [ deploy-beta ]
runs-on: ubuntu-20.04
steps:
- name: Install stable toolchain
run: |
rustup target add x86_64-unknown-linux-musl
- name: Install cargo lambda
run: pip3 install cargo-lambda
- name: Configure cache
uses: mozilla-actions/[email protected]
- name: Install cargo-nextest
run: cargo install cargo-nextest --locked
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: "3.8"
- uses: aws-actions/setup-sam@v2
- name: Assume the github runner role
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ env.BETA_REGION }}
role-to-assume: ${{ env.GITHUB_RUNNER_ROLE }}
- name: Assume the beta pipeline user role
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ env.AWS_SESSION_TOKEN }}
role-skip-session-tagging: true
aws-region: ${{ env.BETA_REGION }}
role-to-assume: ${{ env.BETA_PIPELINE_EXECUTION_ROLE }}
- name: deploy the zip x86 integration test stacks for the beta environment
working-directory: ./tests/e2e_tests/fixtures/go-httpbin-zip
run: |
sam build
sam deploy --stack-name ${BETA_STACK_NAME}-zip-x86 \
--capabilities CAPABILITY_IAM \
--region ${BETA_REGION} \
--s3-bucket ${BETA_ARTIFACTS_BUCKET} \
--image-repository ${BETA_IMAGE_REPOSITORY} \
--no-fail-on-empty-changeset \
--role-arn ${BETA_CLOUDFORMATION_EXECUTION_ROLE}
- name: run e2e tests
run: |
API_ENDPOINT=https://httpbin-rest-zip.beta.adapter.awsguru.dev/ API_AUTH_TYPE="open" cargo nextest run --run-ignored ignored-only --profile ci
API_ENDPOINT=https://httpbin-http-zip.beta.adapter.awsguru.dev/ API_AUTH_TYPE="open" cargo nextest run --run-ignored ignored-only --profile ci
API_ENDPOINT=https://httpbin-alb-zip.beta.adapter.awsguru.dev/ API_AUTH_TYPE="open" cargo nextest run --run-ignored ignored-only --profile ci
API_ENDPOINT=https://c26abn6izvm4xvbfs5baaflifm0hqvsn.lambda-url.ap-northeast-1.on.aws/ API_AUTH_TYPE="iam" cargo nextest run --run-ignored ignored-only --profile ci
e2e-test-oci:
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }}
needs: [ deploy-beta ]
runs-on: ubuntu-20.04
steps:
- name: Install stable toolchain
run: |
rustup target add x86_64-unknown-linux-musl
- name: Install cargo lambda
run: pip3 install cargo-lambda
- name: Configure cache
uses: mozilla-actions/[email protected]
- name: Install cargo-nextest
run: cargo install cargo-nextest --locked
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: "3.8"
- uses: aws-actions/setup-sam@v2
- name: Assume the github runner role
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ env.BETA_REGION }}
role-to-assume: ${{ env.GITHUB_RUNNER_ROLE }}
- name: Assume the beta pipeline user role
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ env.AWS_SESSION_TOKEN }}
role-skip-session-tagging: true
aws-region: ${{ env.BETA_REGION }}
role-to-assume: ${{ env.BETA_PIPELINE_EXECUTION_ROLE }}
- name: deploy the oci x86 integration test stacks for the beta environment
working-directory: ./tests/e2e_tests/fixtures/go-httpbin
run: |
aws ecr get-login-password --region ap-northeast-1 | docker login --username AWS --password-stdin 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com
sam build
sam deploy --stack-name ${BETA_STACK_NAME}-oci-x86 \
--capabilities CAPABILITY_IAM \
--region ${BETA_REGION} \
--s3-bucket ${BETA_ARTIFACTS_BUCKET} \
--image-repository ${BETA_IMAGE_REPOSITORY} \
--no-fail-on-empty-changeset \
--role-arn ${BETA_CLOUDFORMATION_EXECUTION_ROLE}
- name: run e2e tests
run: |
API_ENDPOINT=https://httpbin-rest-oci.beta.adapter.awsguru.dev/ API_AUTH_TYPE="open" cargo nextest run --run-ignored ignored-only --profile ci
API_ENDPOINT=https://httpbin-http-oci.beta.adapter.awsguru.dev/ API_AUTH_TYPE="open" cargo nextest run --run-ignored ignored-only --profile ci
API_ENDPOINT=https://httpbin-alb-oci.beta.adapter.awsguru.dev/ API_AUTH_TYPE="open" cargo nextest run --run-ignored ignored-only --profile ci
API_ENDPOINT=https://3w6rb56t3lzefztvndn4zg3xru0taszm.lambda-url.ap-northeast-1.on.aws/ API_AUTH_TYPE="iam" cargo nextest run --run-ignored ignored-only --profile ci
load-gamma-matrix:
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }}
needs: [ e2e-test-zip, e2e-test-oci ]
runs-on: ubuntu-20.04
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- uses: actions/checkout@v3
- id: set-matrix
run: echo "matrix={\"include\":$(jq -r tostring .github/workflows/gamma.json)}" >> $GITHUB_OUTPUT
load-prod-matrix:
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }}
needs: [ e2e-test-zip, e2e-test-oci ]
runs-on: ubuntu-20.04
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- uses: actions/checkout@v3
- id: set-matrix
run: echo "matrix={\"include\":$(jq -r tostring .github/workflows/prod.json)}" >> $GITHUB_OUTPUT
load-china-prod-matrix:
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }}
needs: [ e2e-test-zip, e2e-test-oci ]
runs-on: ubuntu-20.04
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- uses: actions/checkout@v3
- id: set-matrix
run: echo "matrix={\"include\":$(jq -r tostring .github/workflows/cn-prod.json)}" >> $GITHUB_OUTPUT
load-china-gamma-matrix:
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }}
needs: [ e2e-test-zip, e2e-test-oci ]
runs-on: ubuntu-20.04
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- uses: actions/checkout@v3
- id: set-matrix
run: echo "matrix={\"include\":$(jq -r tostring .github/workflows/cn-gamma.json)}" >> $GITHUB_OUTPUT
package-gamma:
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }}
needs: [ build, load-gamma-matrix ]
runs-on: ubuntu-20.04
strategy:
matrix: ${{fromJSON(needs.load-gamma-matrix.outputs.matrix)}}
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: "3.8"
- uses: aws-actions/setup-sam@v2
- name: Assume the github runner role
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ matrix.region }}
role-to-assume: ${{ env.GITHUB_RUNNER_ROLE }}
- name: Assume the gamma pipeline user role
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ env.AWS_SESSION_TOKEN }}
role-skip-session-tagging: true
aws-region: ${{ matrix.region }}
role-to-assume: ${{ matrix.pipeline_execution_role }}
- uses: actions/[email protected]
with:
name: aws-sam-build-x86_64
- name: extract build_x86_64
run: |
tar -xvf build-x86_64.tar
- name: Upload x86_64 layer to gamma artifact buckets
run: |
sam package \
--template build-x86_64/template.yaml \
--s3-bucket ${{ matrix.artifacts_bucket }} \
--image-repository ${{ matrix.image_repository }} \
--region ${{ matrix.region }} \
--output-template-file packaged-gamma-x86_64-${{ matrix.region }}.yaml
- uses: actions/upload-artifact@v4
with:
name: packaged-gamma-x86_64-${{ matrix.region }}.yaml
path: packaged-gamma-x86_64-${{ matrix.region }}.yaml
- uses: actions/[email protected]
with:
name: aws-sam-build-arm64
- name: extract build_arm64
run: |
tar -xvf build-arm64.tar
- name: Upload arm64 layer to gamma artifact buckets
run: |
sam package \
--template build-arm64/template.yaml \
--s3-bucket ${{ matrix.artifacts_bucket }} \
--image-repository ${{ matrix.image_repository }} \
--region ${{ matrix.region }} \
--output-template-file packaged-gamma-arm64-${{ matrix.region }}.yaml
- uses: actions/upload-artifact@v4
with:
name: packaged-gamma-arm64-${{ matrix.region }}.yaml
path: packaged-gamma-arm64-${{ matrix.region }}.yaml
package-prod:
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }}
needs: [ build, load-prod-matrix ]
runs-on: ubuntu-20.04
strategy:
matrix: ${{fromJSON(needs.load-prod-matrix.outputs.matrix)}}
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: "3.8"
- uses: aws-actions/setup-sam@v2
- name: Assume the github runner role
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ matrix.region }}
role-to-assume: ${{ env.GITHUB_RUNNER_ROLE }}
- name: Assume the prod pipeline user role
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ env.AWS_SESSION_TOKEN }}
role-skip-session-tagging: true
aws-region: ${{ matrix.region }}
role-to-assume: ${{ matrix.pipeline_execution_role }}
- uses: actions/[email protected]
with:
name: aws-sam-build-x86_64
- name: extract build_x86_64
run: |
tar -xvf build-x86_64.tar
- name: Upload x86_64 layer to prod artifact buckets
run: |
sam package \
--template build-x86_64/template.yaml \
--s3-bucket ${{ matrix.artifacts_bucket }} \
--image-repository ${{ matrix.image_repository }} \
--region ${{ matrix.region }} \
--output-template-file packaged-prod-x86_64-${{ matrix.region }}.yaml
- uses: actions/upload-artifact@v4
with:
name: packaged-prod-x86_64-${{ matrix.region }}.yaml
path: packaged-prod-x86_64-${{ matrix.region }}.yaml
- uses: actions/[email protected]
with:
name: aws-sam-build-arm64
- name: extract build_arm64
run: |
tar -xvf build-arm64.tar
- name: Upload arm64 layer to prod artifact buckets
run: |
sam package \
--template build-arm64/template.yaml \
--s3-bucket ${{ matrix.artifacts_bucket }} \
--image-repository ${{ matrix.image_repository }} \
--region ${{ matrix.region }} \
--output-template-file packaged-prod-arm64-${{ matrix.region }}.yaml
- uses: actions/upload-artifact@v4
with:
name: packaged-prod-arm64-${{ matrix.region }}.yaml
path: packaged-prod-arm64-${{ matrix.region }}.yaml
package-china-gamma:
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }}
needs: [ build, load-china-gamma-matrix ]
runs-on: ubuntu-20.04
strategy:
matrix: ${{fromJSON(needs.load-china-gamma-matrix.outputs.matrix)}}
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: "3.8"
- uses: aws-actions/setup-sam@v2
- name: Assume the github runner role
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ matrix.region }}
role-to-assume: ${{ env.GITHUB_RUNNER_CHINA_ROLE }}
audience: sts.amazonaws.com.cn
- name: Assume the china pipeline user role
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ env.AWS_SESSION_TOKEN }}
role-skip-session-tagging: true
audience: sts.amazonaws.com.cn
aws-region: ${{ matrix.region }}
role-to-assume: ${{ matrix.pipeline_execution_role }}
- uses: actions/[email protected]
with:
name: aws-sam-build-x86_64
- name: extract build_x86_64
run: |
tar -xvf build-x86_64.tar
- name: Upload x86_64 layer to gamma artifact buckets
run: |
sam package \
--template build-x86_64/template.yaml \
--s3-bucket ${{ matrix.artifacts_bucket }} \
--image-repository ${{ matrix.image_repository }} \
--region ${{ matrix.region }} \
--output-template-file packaged-china-gamma-x86_64-${{ matrix.region }}.yaml
- uses: actions/upload-artifact@v4
with:
name: packaged-china-gamma-x86_64-${{ matrix.region }}.yaml
path: packaged-china-gamma-x86_64-${{ matrix.region }}.yaml
- uses: actions/[email protected]
with:
name: aws-sam-build-arm64
- name: extract build_arm64
run: |
tar -xvf build-arm64.tar
- name: Upload arm64 layer to gamma artifact buckets
run: |
sam package \
--template build-arm64/template.yaml \
--s3-bucket ${{ matrix.artifacts_bucket }} \
--image-repository ${{ matrix.image_repository }} \
--region ${{ matrix.region }} \
--output-template-file packaged-china-gamma-arm64-${{ matrix.region }}.yaml
- uses: actions/upload-artifact@v4
with:
name: packaged-china-gamma-arm64-${{ matrix.region }}.yaml
path: packaged-china-gamma-arm64-${{ matrix.region }}.yaml
package-china-prod:
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }}
needs: [ build, load-china-prod-matrix ]
runs-on: ubuntu-20.04
strategy:
matrix: ${{fromJSON(needs.load-china-prod-matrix.outputs.matrix)}}
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: "3.8"
- uses: aws-actions/setup-sam@v2
- name: Assume the github runner role
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ matrix.region }}
role-to-assume: ${{ env.GITHUB_RUNNER_CHINA_ROLE }}
audience: sts.amazonaws.com.cn
- name: Assume the china pipeline user role
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ env.AWS_SESSION_TOKEN }}
role-skip-session-tagging: true
audience: sts.amazonaws.com.cn
aws-region: ${{ matrix.region }}
role-to-assume: ${{ matrix.pipeline_execution_role }}
- uses: actions/[email protected]
with:
name: aws-sam-build-x86_64
- name: extract build_x86_64
run: |
tar -xvf build-x86_64.tar
- name: Upload x86_64 layer to prod artifact buckets
run: |
sam package \
--template build-x86_64/template.yaml \
--s3-bucket ${{ matrix.artifacts_bucket }} \
--image-repository ${{ matrix.image_repository }} \
--region ${{ matrix.region }} \
--output-template-file packaged-china-prod-x86_64-${{ matrix.region }}.yaml
- uses: actions/upload-artifact@v4
with:
name: packaged-china-prod-x86_64-${{ matrix.region }}.yaml
path: packaged-china-prod-x86_64-${{ matrix.region }}.yaml
- uses: actions/[email protected]
with:
name: aws-sam-build-arm64
- name: extract build_arm64
run: |
tar -xvf build-arm64.tar
- name: Upload arm64 layer to prod artifact buckets
run: |
sam package \
--template build-arm64/template.yaml \
--s3-bucket ${{ matrix.artifacts_bucket }} \
--image-repository ${{ matrix.image_repository }} \
--region ${{ matrix.region }} \
--output-template-file packaged-china-prod-arm64-${{ matrix.region }}.yaml
- uses: actions/upload-artifact@v4
with:
name: packaged-china-prod-arm64-${{ matrix.region }}.yaml
path: packaged-china-prod-arm64-${{ matrix.region }}.yaml
load-gamma-matrix2:
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }}
needs: [ e2e-test-zip, e2e-test-oci, package-gamma ]
runs-on: ubuntu-20.04
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- uses: actions/checkout@v3
- id: set-matrix
run: echo "matrix={\"include\":$(jq -r tostring .github/workflows/gamma.json)}" >> $GITHUB_OUTPUT
deploy-gamma:
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }}
needs: [ load-gamma-matrix2 ]
runs-on: ubuntu-20.04
strategy:
matrix: ${{fromJSON(needs.load-gamma-matrix2.outputs.matrix)}}
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: "3.8"
- uses: aws-actions/setup-sam@v2
- name: Assume the github runner role
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ matrix.region }}
role-to-assume: ${{ env.GITHUB_RUNNER_ROLE }}
- name: Assume the gamma pipeline user role
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ env.AWS_SESSION_TOKEN }}
role-skip-session-tagging: true
aws-region: ${{ matrix.region }}
role-to-assume: ${{ matrix.pipeline_execution_role }}
- name: Add cargo pkg version to env vars
run: |
echo "CARGO_PKG_VERSION=$(cargo metadata --no-deps --format-version=1 | jq -r '.packages[0].version')" >> $GITHUB_ENV
- uses: actions/[email protected]
with:
name: packaged-gamma-x86_64-${{ matrix.region }}.yaml
- name: Deploy x86_64 Layer to all regions in gamma account
run: |
sam deploy --stack-name lambda-adapter-gamma-x86-${{ matrix.region }} \
--template packaged-gamma-x86_64-${{ matrix.region }}.yaml \
--parameter-overrides CargoPkgVersion=${CARGO_PKG_VERSION} \
--capabilities CAPABILITY_IAM \
--region ${{ matrix.region }} \
--s3-bucket ${{ matrix.artifacts_bucket }} \
--image-repository ${{ matrix.image_repository }} \
--no-fail-on-empty-changeset \
--role-arn ${{ matrix.cloudformation_execution_role }}
- uses: actions/[email protected]
with:
name: packaged-gamma-arm64-${{ matrix.region }}.yaml
- name: Deploy arm64 Layer to supported regions in gamma account
if: ${{ matrix.arm64_supported }}
run: |
sam deploy --stack-name lambda-adapter-gamma-arm64-${{ matrix.region }} \
--template packaged-gamma-arm64-${{ matrix.region }}.yaml \
--parameter-overrides CargoPkgVersion=${CARGO_PKG_VERSION} \
--capabilities CAPABILITY_IAM \
--region ${{ matrix.region }} \
--s3-bucket ${{ matrix.artifacts_bucket }} \
--image-repository ${{ matrix.image_repository }} \
--no-fail-on-empty-changeset \
--role-arn ${{ matrix.cloudformation_execution_role }}
load-prod-matrix2:
if: ${{ github.event_name == 'release' }}
needs: [ deploy-gamma, package-prod ]
runs-on: ubuntu-20.04
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- uses: actions/checkout@v3
- id: set-matrix
run: echo "matrix={\"include\":$(jq -r tostring .github/workflows/prod.json)}" >> $GITHUB_OUTPUT
deploy-prod:
if: ${{ github.event_name == 'release' }}
needs: [ load-prod-matrix2 ]
runs-on: ubuntu-20.04
environment: prod
strategy:
matrix: ${{fromJSON(needs.load-prod-matrix2.outputs.matrix)}}
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: "3.8"
- uses: aws-actions/setup-sam@v2
- name: Assume the github runner role
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ matrix.region }}
role-to-assume: ${{ env.GITHUB_RUNNER_ROLE }}
- name: Assume the prod pipeline user role
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ env.AWS_SESSION_TOKEN }}
role-skip-session-tagging: true
aws-region: ${{ matrix.region }}
role-to-assume: ${{ matrix.pipeline_execution_role }}
- name: Add cargo pkg version to env vars
run: |
echo "CARGO_PKG_VERSION=$(cargo metadata --no-deps --format-version=1 | jq -r '.packages[0].version')" >> $GITHUB_ENV
- uses: actions/[email protected]
with:
name: packaged-prod-x86_64-${{ matrix.region }}.yaml
- name: Deploy x86_64 Layer to all regions in prod account
run: |
sam deploy --stack-name lambda-adapter-prod-x86-${{ matrix.region }} \
--template packaged-prod-x86_64-${{ matrix.region }}.yaml \
--parameter-overrides CargoPkgVersion=${CARGO_PKG_VERSION} \
--capabilities CAPABILITY_IAM \
--region ${{ matrix.region }} \
--s3-bucket ${{ matrix.artifacts_bucket }} \
--image-repository ${{ matrix.image_repository }} \
--no-fail-on-empty-changeset \
--role-arn ${{ matrix.cloudformation_execution_role }}
- uses: actions/[email protected]
with:
name: packaged-prod-arm64-${{ matrix.region }}.yaml
- name: Deploy arm64 Layer to supported regions in prod account
if: ${{ matrix.arm64_supported }}
run: |
sam deploy --stack-name lambda-adapter-prod-arm64-${{ matrix.region }} \
--template packaged-prod-arm64-${{ matrix.region }}.yaml \
--parameter-overrides CargoPkgVersion=${CARGO_PKG_VERSION} \
--capabilities CAPABILITY_IAM \
--region ${{ matrix.region }} \
--s3-bucket ${{ matrix.artifacts_bucket }} \
--image-repository ${{ matrix.image_repository }} \
--no-fail-on-empty-changeset \
--role-arn ${{ matrix.cloudformation_execution_role }}
load-china-gamma-matrix2:
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }}
needs: [ e2e-test-zip, e2e-test-oci, package-china-gamma ]
runs-on: ubuntu-20.04
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- uses: actions/checkout@v3
- id: set-matrix
run: echo "matrix={\"include\":$(jq -r tostring .github/workflows/cn-gamma.json)}" >> $GITHUB_OUTPUT
deploy-china-gamma:
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }}
needs: [ load-china-gamma-matrix2 ]
runs-on: ubuntu-20.04
environment: prod
strategy:
matrix: ${{fromJSON(needs.load-china-gamma-matrix2.outputs.matrix)}}
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: "3.8"
- uses: aws-actions/setup-sam@v2
- name: Assume the github runner role
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ matrix.region }}
role-to-assume: ${{ env.GITHUB_RUNNER_CHINA_ROLE }}
audience: sts.amazonaws.com.cn
- name: Assume the china pipeline user role
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ env.AWS_SESSION_TOKEN }}
role-skip-session-tagging: true
audience: sts.amazonaws.com.cn
aws-region: ${{ matrix.region }}
role-to-assume: ${{ matrix.pipeline_execution_role }}
- name: Add cargo pkg version to env vars
run: |
echo "CARGO_PKG_VERSION=$(cargo metadata --no-deps --format-version=1 | jq -r '.packages[0].version')" >> $GITHUB_ENV
- uses: actions/[email protected]
with:
name: packaged-china-gamma-x86_64-${{ matrix.region }}.yaml
- name: Deploy x86_64 Layer to all regions in china
run: |
sam deploy --stack-name lambda-adapter-gamma-x86-${{ matrix.region }} \
--template packaged-china-gamma-x86_64-${{ matrix.region }}.yaml \
--parameter-overrides CargoPkgVersion=${CARGO_PKG_VERSION} \
--capabilities CAPABILITY_IAM \
--region ${{ matrix.region }} \
--s3-bucket ${{ matrix.artifacts_bucket }} \
--image-repository ${{ matrix.image_repository }} \
--no-fail-on-empty-changeset \
--role-arn ${{ matrix.cloudformation_execution_role }}
- uses: actions/[email protected]
with:
name: packaged-china-gamma-arm64-${{ matrix.region }}.yaml
- name: Deploy arm64 Layer to supported china regions
if: ${{ matrix.arm64_supported }}
run: |
sam deploy --stack-name lambda-adapter-gamma-arm64-${{ matrix.region }} \
--template packaged-china-gamma-arm64-${{ matrix.region }}.yaml \
--parameter-overrides CargoPkgVersion=${CARGO_PKG_VERSION} \
--capabilities CAPABILITY_IAM \
--region ${{ matrix.region }} \
--s3-bucket ${{ matrix.artifacts_bucket }} \
--image-repository ${{ matrix.image_repository }} \
--no-fail-on-empty-changeset \
--role-arn ${{ matrix.cloudformation_execution_role }}
load-china-prod-matrix2:
if: ${{ github.event_name == 'release' }}
needs: [ deploy-china-gamma, package-china-prod ]
runs-on: ubuntu-20.04
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- uses: actions/checkout@v3
- id: set-matrix
run: echo "matrix={\"include\":$(jq -r tostring .github/workflows/cn-prod.json)}" >> $GITHUB_OUTPUT
deploy-china-prod:
if: ${{ github.event_name == 'release' }}
needs: [ load-china-prod-matrix2 ]
runs-on: ubuntu-20.04
environment: prod
strategy:
matrix: ${{fromJSON(needs.load-china-prod-matrix2.outputs.matrix)}}
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: "3.8"
- uses: aws-actions/setup-sam@v2
- name: Assume the github runner role
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ matrix.region }}
role-to-assume: ${{ env.GITHUB_RUNNER_CHINA_ROLE }}
audience: sts.amazonaws.com.cn
- name: Assume the china pipeline user role
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ env.AWS_SESSION_TOKEN }}
role-skip-session-tagging: true
audience: sts.amazonaws.com.cn
aws-region: ${{ matrix.region }}
role-to-assume: ${{ matrix.pipeline_execution_role }}
- name: Add cargo pkg version to env vars
run: |
echo "CARGO_PKG_VERSION=$(cargo metadata --no-deps --format-version=1 | jq -r '.packages[0].version')" >> $GITHUB_ENV
- uses: actions/[email protected]
with:
name: packaged-china-prod-x86_64-${{ matrix.region }}.yaml
- name: Deploy x86_64 Layer to all regions in china
run: |
sam deploy --stack-name lambda-adapter-prod-x86-${{ matrix.region }} \
--template packaged-china-prod-x86_64-${{ matrix.region }}.yaml \
--parameter-overrides CargoPkgVersion=${CARGO_PKG_VERSION} \
--capabilities CAPABILITY_IAM \
--region ${{ matrix.region }} \
--s3-bucket ${{ matrix.artifacts_bucket }} \
--image-repository ${{ matrix.image_repository }} \
--no-fail-on-empty-changeset \
--role-arn ${{ matrix.cloudformation_execution_role }}
- uses: actions/[email protected]
with:
name: packaged-china-prod-arm64-${{ matrix.region }}.yaml
- name: Deploy arm64 Layer to supported china regions
if: ${{ matrix.arm64_supported }}
run: |
sam deploy --stack-name lambda-adapter-prod-arm64-${{ matrix.region }} \
--template packaged-china-prod-arm64-${{ matrix.region }}.yaml \
--parameter-overrides CargoPkgVersion=${CARGO_PKG_VERSION} \
--capabilities CAPABILITY_IAM \
--region ${{ matrix.region }} \
--s3-bucket ${{ matrix.artifacts_bucket }} \
--image-repository ${{ matrix.image_repository }} \
--no-fail-on-empty-changeset \
--role-arn ${{ matrix.cloudformation_execution_role }}
publish-to-public-ecr:
if: ${{ github.event_name == 'release' }}
needs: [ deploy-prod ]
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v3
- name: Assume the github runner role
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ env.PROD_ECR_REGION }}
role-to-assume: ${{ env.GITHUB_RUNNER_ROLE }}
- name: Assume the prod pipeline user role
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ env.AWS_SESSION_TOKEN }}
role-skip-session-tagging: true
aws-region: ${{ env.PROD_ECR_REGION }}
role-to-assume: ${{ env.PROD_ECR_PIPELINE_EXECUTION_ROLE }}
- name: Add cargo pkg version to env vars
run: |
echo "CARGO_PKG_VERSION=$(cargo metadata --no-deps --format-version=1 | jq -r '.packages[0].version')" >> $GITHUB_ENV
- name: login ECR Public Registry
run: |
aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws
- uses: actions/[email protected]
with:
name: aws-sam-build-x86_64
- name: extract build_x86_64
run: |
tar -xvf build-x86_64.tar
- uses: actions/[email protected]
with:
name: aws-sam-build-arm64
- name: extract build_arm64
run: |
tar -xvf build-arm64.tar
- name: Create and push the x86_64 docker image to prod ecr public repo
run: |
printf 'FROM scratch\nADD build-x86_64/LambdaAdapterLayerX86/extensions/. /\n' | docker build --platform=linux/amd64 -t public.ecr.aws/awsguru/aws-lambda-adapter:${CARGO_PKG_VERSION}-x86_64 -f- .
docker push public.ecr.aws/awsguru/aws-lambda-adapter:${CARGO_PKG_VERSION}-x86_64
- name: Create and push the arm64 docker image to prod ecr public repo
run: |
printf 'FROM scratch\nADD build-arm64/LambdaAdapterLayerArm64/extensions/. /\n' | docker build --platform=linux/arm64 -t public.ecr.aws/awsguru/aws-lambda-adapter:${CARGO_PKG_VERSION}-aarch64 -f- .
docker push public.ecr.aws/awsguru/aws-lambda-adapter:${CARGO_PKG_VERSION}-aarch64
- name: create and push the multi-arch manifest to prod ecr public repo
run: |
docker manifest create public.ecr.aws/awsguru/aws-lambda-adapter:${CARGO_PKG_VERSION} \
public.ecr.aws/awsguru/aws-lambda-adapter:${CARGO_PKG_VERSION}-x86_64 \
public.ecr.aws/awsguru/aws-lambda-adapter:${CARGO_PKG_VERSION}-aarch64
docker manifest push public.ecr.aws/awsguru/aws-lambda-adapter:${CARGO_PKG_VERSION}