Skip to content

Commit

Permalink
feat(ci): Add advanced automation
Browse files Browse the repository at this point in the history
  • Loading branch information
@sthulb
sthulb authored Dec 20, 2024
1 parent cbe5ccb commit edeb72b
Show file tree
Hide file tree
Showing 2 changed files with 179 additions and 0 deletions.
94 changes: 94 additions & 0 deletions .github/workflows/bootstrap_region.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,94 @@
# bootstraps new regions
#
# PURPOSE
# Ensures new regions are deployable in future releases
#
# JOB 1 PROCESS
#
# 1. Installs CDK
# 2. Bootstraps region
#
# JOB 2 PROCESS
# 1. Sets up Go
# 2. Installs the balance script
# 3. Runs balance script to copy layers between aws regions

on:
workflow_dispatch:
inputs:
environment:
type: choice
options:
- beta
- prod
description: Deployment environment
region:
type: string
required: true
description: AWS region to bootstrap (i.e. eu-west-1)

name: Region Bootstrap
run-name: Region Bootstrap ${{ inputs.region }}

permissions:
contents: read

jobs:
cdk:
name: Install CDK
runs-on: ubuntu-latest
permissions:
contents: write
id-token: write
environment: layer-${{ inputs.environment }}
steps:
- id: credentials
name: AWS Credentials
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502
with:
aws-region: ${{ inputs.region }}
role-to-assume: ${{ secrets.REGION_IAM_ROLE }}
mask-aws-account-id: true
- id: workdir
name: Create Workdir
run: |
mkdir -p build/project
- id: cdk-install
name: Install CDK
working-directory: build
run: |
npm i aws-cdk
- id: cdk-project
name: CDK Project
working-directory: build/project
run: |
npx cdk init app --language=typescript
AWS_REGION="${{ inputs.region }}" npx cdk bootstrap
copy_layers:
name: Copy Layers
runs-on: ubuntu-latest
permissions:
contents: write
id-token: write
environment: layer-${{ inputs.environment }}
steps:
- id: credentials
name: AWS Credentials
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502
with:
aws-region: us-east-1
role-to-assume: ${{ secrets.REGION_IAM_ROLE }}
mask-aws-account-id: true
- id: go-setup
name: Setup Go
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
- id: go-env
name: Go Env
run: go env
- id: go-install-pkg
name: Install
run: go install github.com/aws-powertools/actions/layer-balancer/cmd/balance@latest
- id: run-balance
name: Run Balance
run: balance -read-region us-east-1 -write-region ${{ inputs.region }} -write-role ${{ secrets.BALANCE_ROLE_ARN }} -layer-name AWSLambdaPowertoolsTypeScriptV2 -dry-run=false
85 changes: 85 additions & 0 deletions .github/workflows/update_ssm.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,85 @@
# SSM Parameters update
#
# PROCESS
# Creates parameters in regional AWS accounts for each layer we create, using the inputs to target specific releases
# * environment: will prefix /beta/ into the parameter
# * write_latest: will create a latest alias instead of a version number in the parameter
# * package_version: semantic version number of the released layer (3.x.y)
# * layer_version: this is sequential layer version from the ARN
#
# A successful parameter would look similar to:
# /aws/service/powertools/python/arm64/python3.8/3.1.0
# And will have a value of:
# arn:aws:lambda:eu-west-1:094274105915:layer:AWSLambdaPowertoolsPythonV3-python38-arm64:4

on:
workflow_dispatch:
inputs:
environment:
description: Environment to deploy to
type: choice
options:
- Beta
- Prod
required: true

write_latest:
description: Write to the latest path
type: boolean
required: false

package_version:
description: Semantic Version of published layer
type: string
required: true

layer_version:
description: Layer version
type: string
required: true

name: SSM Parameters
run-name: SSM Parameters - TypeScript

permissions:
contents: read

jobs:
typescript:
runs-on: ubuntu-latest
environment: SSM
strategy:
matrix:
region: ["af-south-1", "ap-east-1", "ap-northeast-1", "ap-northeast-2", "ap-northeast-3",
"ap-south-1", "ap-south-2", "ap-southeast-1", "ap-southeast-2", "ap-southeast-3",
"ap-southeast-4", "ca-central-1", "ca-west-1", "eu-central-1", "eu-central-2",
"eu-north-1", "eu-south-1", "eu-south-2", "eu-west-1", "eu-west-2", "eu-west-3",
"il-central-1", "me-central-1", "me-south-1", "sa-east-1", "us-east-1",
"us-east-2", "us-west-1", "us-west-2", "ap-southeast-5"
]

permissions:
contents: write
id-token: write
steps:
- id: transform
run: |
echo 'CONVERTED_REGION=${{ matrix.region }}' | tr 'a-z\-' 'A-Z_' >> "$GITHUB_OUTPUT"
- id: creds
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502
with:
aws-region: ${{ matrix.region }}
role-to-assume: ${{ secrets[format('{0}', steps.transform.outputs.CONVERTED_REGION)] }}
mask-aws-account-id: true
- id: write-version
env:
prefix: ${{ inputs.environment == 'beta' && '/aws/service/powertools/beta' || '/aws/service/powertools' }}
run: |
aws ssm put-parameter --name ${{ env.prefix }}/typescript/generic/all/${{ inputs.package_version }} --value "arn:aws:lambda:${{ matrix.region }}:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:${{ inputs.layer_version }}" --type String --overwrite
- id: write-latest
if: inputs.write_latest == true
env:
prefix: ${{ inputs.environment == 'beta' && '/aws/service/powertools/beta' || '/aws/service/powertools' }}
run: |
aws ssm put-parameter --name ${{ env.prefix }}/generic/all/latest --value "arn:aws:lambda:${{ matrix.region }}:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:${{ inputs.layer_version }}" --type String --overwrite

0 comments on commit edeb72b

Please sign in to comment.