diff --git a/.github/workflows/bootstrap_region.yml b/.github/workflows/bootstrap_region.yml new file mode 100644 index 000000000..684b1bfd3 --- /dev/null +++ b/.github/workflows/bootstrap_region.yml @@ -0,0 +1,94 @@ +# bootstraps new regions +# +# PURPOSE +# Ensures new regions are deployable in future releases +# +# JOB 1 PROCESS +# +# 1. Installs CDK +# 2. Bootstraps region +# +# JOB 2 PROCESS +# 1. Sets up Go +# 2. Installs the balance script +# 3. Runs balance script to copy layers between aws regions + +on: + workflow_dispatch: + inputs: + environment: + type: choice + options: + - beta + - prod + description: Deployment environment + region: + type: string + required: true + description: AWS region to bootstrap (i.e. eu-west-1) + +name: Region Bootstrap +run-name: Region Bootstrap ${{ inputs.region }} + +permissions: + contents: read + +jobs: + cdk: + name: Install CDK + runs-on: ubuntu-latest + permissions: + contents: write + id-token: write + environment: layer-${{ inputs.environment }} + steps: + - id: credentials + name: AWS Credentials + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 + with: + aws-region: ${{ inputs.region }} + role-to-assume: ${{ secrets.REGION_IAM_ROLE }} + mask-aws-account-id: true + - id: workdir + name: Create Workdir + run: | + mkdir -p build/project + - id: cdk-install + name: Install CDK + working-directory: build + run: | + npm i aws-cdk + - id: cdk-project + name: CDK Project + working-directory: build/project + run: | + npx cdk init app --language=typescript + AWS_REGION="${{ inputs.region }}" npx cdk bootstrap + + copy_layers: + name: Copy Layers + runs-on: ubuntu-latest + permissions: + contents: write + id-token: write + environment: layer-${{ inputs.environment }} + steps: + - id: credentials + name: AWS Credentials + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 + with: + aws-region: us-east-1 + role-to-assume: ${{ secrets.REGION_IAM_ROLE }} + mask-aws-account-id: true + - id: go-setup + name: Setup Go + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + - id: go-env + name: Go Env + run: go env + - id: go-install-pkg + name: Install + run: go install github.com/aws-powertools/actions/layer-balancer/cmd/balance@latest + - id: run-balance + name: Run Balance + run: balance -read-region us-east-1 -write-region ${{ inputs.region }} -write-role ${{ secrets.BALANCE_ROLE_ARN }} -layer-name AWSLambdaPowertoolsTypeScriptV2 -dry-run=false \ No newline at end of file diff --git a/.github/workflows/update_ssm.yml b/.github/workflows/update_ssm.yml new file mode 100644 index 000000000..3591f4349 --- /dev/null +++ b/.github/workflows/update_ssm.yml @@ -0,0 +1,85 @@ +# SSM Parameters update +# +# PROCESS +# Creates parameters in regional AWS accounts for each layer we create, using the inputs to target specific releases +# * environment: will prefix /beta/ into the parameter +# * write_latest: will create a latest alias instead of a version number in the parameter +# * package_version: semantic version number of the released layer (3.x.y) +# * layer_version: this is sequential layer version from the ARN +# +# A successful parameter would look similar to: +# /aws/service/powertools/python/arm64/python3.8/3.1.0 +# And will have a value of: +# arn:aws:lambda:eu-west-1:094274105915:layer:AWSLambdaPowertoolsPythonV3-python38-arm64:4 + +on: + workflow_dispatch: + inputs: + environment: + description: Environment to deploy to + type: choice + options: + - Beta + - Prod + required: true + + write_latest: + description: Write to the latest path + type: boolean + required: false + + package_version: + description: Semantic Version of published layer + type: string + required: true + + layer_version: + description: Layer version + type: string + required: true + +name: SSM Parameters +run-name: SSM Parameters - TypeScript + +permissions: + contents: read + +jobs: + typescript: + runs-on: ubuntu-latest + environment: SSM + strategy: + matrix: + region: ["af-south-1", "ap-east-1", "ap-northeast-1", "ap-northeast-2", "ap-northeast-3", + "ap-south-1", "ap-south-2", "ap-southeast-1", "ap-southeast-2", "ap-southeast-3", + "ap-southeast-4", "ca-central-1", "ca-west-1", "eu-central-1", "eu-central-2", + "eu-north-1", "eu-south-1", "eu-south-2", "eu-west-1", "eu-west-2", "eu-west-3", + "il-central-1", "me-central-1", "me-south-1", "sa-east-1", "us-east-1", + "us-east-2", "us-west-1", "us-west-2", "ap-southeast-5" + ] + + permissions: + contents: write + id-token: write + steps: + - id: transform + run: | + echo 'CONVERTED_REGION=${{ matrix.region }}' | tr 'a-z\-' 'A-Z_' >> "$GITHUB_OUTPUT" + - id: creds + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 + with: + aws-region: ${{ matrix.region }} + role-to-assume: ${{ secrets[format('{0}', steps.transform.outputs.CONVERTED_REGION)] }} + mask-aws-account-id: true + - id: write-version + env: + prefix: ${{ inputs.environment == 'beta' && '/aws/service/powertools/beta' || '/aws/service/powertools' }} + run: | + aws ssm put-parameter --name ${{ env.prefix }}/typescript/generic/all/${{ inputs.package_version }} --value "arn:aws:lambda:${{ matrix.region }}:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:${{ inputs.layer_version }}" --type String --overwrite + + - id: write-latest + if: inputs.write_latest == true + env: + prefix: ${{ inputs.environment == 'beta' && '/aws/service/powertools/beta' || '/aws/service/powertools' }} + run: | + aws ssm put-parameter --name ${{ env.prefix }}/generic/all/latest --value "arn:aws:lambda:${{ matrix.region }}:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:${{ inputs.layer_version }}" --type String --overwrite \ No newline at end of file