Layer Verification (GovCloud) #8
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # GovCloud Layer Verification | |
| # --- | |
| # This workflow queries the GovCloud layer info in production only | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| version: | |
| description: Layer version to verify information | |
| type: string | |
| required: true | |
| workflow_call: | |
| inputs: | |
| version: | |
| description: Layer version to verify information | |
| type: string | |
| required: true | |
| name: Layer Verification (GovCloud) | |
| run-name: Layer Verification (GovCloud) | |
| jobs: | |
| commercial: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| strategy: | |
| matrix: | |
| layer: | |
| - AWSLambdaPowertoolsPythonV3-python39 | |
| - AWSLambdaPowertoolsPythonV3-python310 | |
| - AWSLambdaPowertoolsPythonV3-python311 | |
| - AWSLambdaPowertoolsPythonV3-python312 | |
| - AWSLambdaPowertoolsPythonV3-python313 | |
| arch: | |
| - arm64 | |
| - x86_64 | |
| environment: Prod (Readonly) | |
| steps: | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@4fc4975a852c8cd99761e2de1f4ba73402e44dd9 # v4.0.3 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_IAM_ROLE }} | |
| aws-region: us-east-1 | |
| mask-aws-account-id: true | |
| - name: Output ${{ matrix.layer }}-${{ matrix.arch }} | |
| run: | | |
| aws --region us-east-1 lambda get-layer-version-by-arn --arn 'arn:aws:lambda:us-east-1:017000801446:layer:${{ matrix.layer }}-${{ matrix.arch }}:${{ inputs.version }}' | jq -r '{"Layer Version Arn": .LayerVersionArn, "Version": .Version, "Description": .Description, "Compatible Runtimes": .CompatibleRuntimes[0], "Compatible Architectures": .CompatibleArchitectures[0], "SHA": .Content.CodeSha256} | keys[] as $k | [$k, .[$k]] | @tsv' | column -t -s $'\t' | |
| gov_east: | |
| name: Verify (East) | |
| needs: commercial | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| strategy: | |
| matrix: | |
| layer: | |
| - AWSLambdaPowertoolsPythonV3-python39 | |
| - AWSLambdaPowertoolsPythonV3-python310 | |
| - AWSLambdaPowertoolsPythonV3-python311 | |
| - AWSLambdaPowertoolsPythonV3-python312 | |
| - AWSLambdaPowertoolsPythonV3-python313 | |
| arch: | |
| - arm64 | |
| - x86_64 | |
| environment: GovCloud Prod (East) | |
| steps: | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@4fc4975a852c8cd99761e2de1f4ba73402e44dd9 # v4.0.3 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_IAM_ROLE }} | |
| aws-region: us-gov-east-1 | |
| mask-aws-account-id: true | |
| - name: Verify Layer ${{ matrix.layer }}-${{ matrix.arch }} | |
| id: verify-layer | |
| run: | | |
| aws --region us-gov-east-1 lambda get-layer-version-by-arn --arn 'arn:aws-us-gov:lambda:us-gov-east-1:${{ secrets.AWS_ACCOUNT_ID }}:layer:${{ matrix.layer }}-${{ matrix.arch }}:${{ inputs.version }}' | jq -r '{"Layer Version Arn": .LayerVersionArn, "Version": .Version, "Description": .Description, "Compatible Runtimes": .CompatibleRuntimes[0], "Compatible Architectures": .CompatibleArchitectures[0], "SHA": .Content.CodeSha256} | keys[] as $k | [$k, .[$k]] | @tsv' | column -t -s $'\t' | |
| gov_west: | |
| name: Verify (West) | |
| needs: commercial | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| strategy: | |
| matrix: | |
| layer: | |
| - AWSLambdaPowertoolsPythonV3-python39 | |
| - AWSLambdaPowertoolsPythonV3-python310 | |
| - AWSLambdaPowertoolsPythonV3-python311 | |
| - AWSLambdaPowertoolsPythonV3-python312 | |
| - AWSLambdaPowertoolsPythonV3-python313 | |
| arch: | |
| - arm64 | |
| - x86_64 | |
| environment: GovCloud Prod (West) | |
| steps: | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@4fc4975a852c8cd99761e2de1f4ba73402e44dd9 # v4.0.3 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_IAM_ROLE }} | |
| aws-region: us-gov-east-1 | |
| mask-aws-account-id: true | |
| - name: Verify Layer ${{ matrix.layer }}-${{ matrix.arch }} | |
| id: verify-layer | |
| run: | | |
| aws --region us-gov-west-1 lambda get-layer-version-by-arn --arn 'arn:aws-us-gov:lambda:us-gov-west-1:${{ secrets.AWS_ACCOUNT_ID }}:layer:${{ matrix.layer }}-${{ matrix.arch }}:${{ inputs.version }}' | jq -r '{"Layer Version Arn": .LayerVersionArn, "Version": .Version, "Description": .Description, "Compatible Runtimes": .CompatibleRuntimes[0], "Compatible Architectures": .CompatibleArchitectures[0], "SHA": .Content.CodeSha256} | keys[] as $k | [$k, .[$k]] | @tsv' | column -t -s $'\t' |