Skip to content

Commit 297e2ab

Browse files
authored
feat(ci): GovCloud Layer Workflow
Signed-off-by: Simon Thulbourn <[email protected]>
1 parent 43da947 commit 297e2ab

File tree

1 file changed

+141
-0
lines changed

1 file changed

+141
-0
lines changed

.github/workflows/layer_govcloud.yml

Lines changed: 141 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,141 @@
1+
on:
2+
workflow_dispatch:
3+
inputs:
4+
environment:
5+
description: Deployment environment
6+
type: choice
7+
options:
8+
- Gamma
9+
- Prod
10+
default: Gamma
11+
required: true
12+
version:
13+
description: Layer version to duplicate
14+
type: number
15+
required: true
16+
17+
name: Layer Deployment (GovCloud)
18+
run-name: Layer Deployment (GovCloud) - ${{ inputs.environment }}
19+
20+
jobs:
21+
stash:
22+
runs-on: ubuntu-latest
23+
permissions:
24+
id-token: write
25+
contents: read
26+
strategy:
27+
matrix:
28+
layer:
29+
- AWSLambdaPowertoolsPythonV3-python38
30+
- AWSLambdaPowertoolsPythonV3-python39
31+
- AWSLambdaPowertoolsPythonV3-python310
32+
- AWSLambdaPowertoolsPythonV3-python311
33+
- AWSLambdaPowertoolsPythonV3-python312
34+
arch:
35+
- arm64
36+
- x86
37+
environment: Prod (Readonly)
38+
steps:
39+
- name: Configure AWS Credentials
40+
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
41+
with:
42+
role-to-assume: ${{ secrets.AWS_IAM_ROLE }}
43+
aws-region: us-east-1
44+
mask-aws-account-id: true
45+
- name: Grab Zip
46+
run: |
47+
aws --region us-east-1 lambda get-layer-version-by-arn --arn arn:aws:lambda:us-east-1:017000801446:layer:${{ matrix.layer }}-${{ matrix.arch }}:${{ inputs.version }} --query 'Content.Location' | xargs curl -L -o ${{ matrix.layer }}_${{ matrix.arch }}.zip
48+
- name: Store Zip
49+
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
50+
with:
51+
name: ${{ matrix.layer }}_${{ matrix.arch }}.zip
52+
path: ${{ matrix.layer }}_${{ matrix.arch }}.zip
53+
retention-days: 1
54+
if-no-files-found: error
55+
56+
copy_east:
57+
name: Copy (East)
58+
needs: stash
59+
runs-on: ubuntu-latest
60+
permissions:
61+
id-token: write
62+
contents: read
63+
strategy:
64+
matrix:
65+
layer:
66+
- AWSLambdaPowertoolsPythonV3-python38
67+
- AWSLambdaPowertoolsPythonV3-python39
68+
- AWSLambdaPowertoolsPythonV3-python310
69+
- AWSLambdaPowertoolsPythonV3-python311
70+
- AWSLambdaPowertoolsPythonV3-python312
71+
arch:
72+
- arm64
73+
- x86
74+
environment: GovCloud ${{ inputs.environment }} (East)
75+
steps:
76+
- name: Download Zip
77+
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
78+
with:
79+
name: ${{ matrix.layer }}_${{ matrix.arch }}.zip
80+
- name: Configure AWS Credentials
81+
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
82+
with:
83+
role-to-assume: ${{ secrets.AWS_IAM_ROLE }}
84+
aws-region: us-gov-east-1
85+
mask-aws-account-id: true
86+
- name: Create Layer
87+
run: |
88+
aws --region us-gov-east-1 lambda publish-layer-version \
89+
--layer-name ${{ inputs.environment }}-${{ matrix.layer }}-${{ matrix.arch }} \
90+
--zip-file fileb://./${{ matrix.layer }}_${{ matrix.arch }}.zip \
91+
--query 'Version' | \
92+
xargs aws --region us-gov-east-1 lambda add-layer-version-permission \
93+
--layer-name ${{ inputs.environment }}-${{ matrix.layer }}-${{ matrix.arch }} \
94+
--statement-id 'PublicLayer' \
95+
--action lambda:GetLayerVersion \
96+
--principal '*' \
97+
--version-number
98+
99+
copy_west:
100+
name: Copy (West)
101+
needs: stash
102+
runs-on: ubuntu-latest
103+
permissions:
104+
id-token: write
105+
contents: read
106+
strategy:
107+
matrix:
108+
layer:
109+
- AWSLambdaPowertoolsPythonV3-python38
110+
- AWSLambdaPowertoolsPythonV3-python39
111+
- AWSLambdaPowertoolsPythonV3-python310
112+
- AWSLambdaPowertoolsPythonV3-python311
113+
- AWSLambdaPowertoolsPythonV3-python312
114+
arch:
115+
- arm64
116+
- x86
117+
environment:
118+
name: GovCloud ${{ inputs.environment }} (West)
119+
steps:
120+
- name: Download Zip
121+
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
122+
with:
123+
name: ${{ matrix.layer }}_${{ matrix.arch }}.zip
124+
- name: Configure AWS Credentials
125+
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
126+
with:
127+
role-to-assume: ${{ secrets.AWS_IAM_ROLE }}
128+
aws-region: us-gov-west-1
129+
mask-aws-account-id: true
130+
- name: Create Layer
131+
run: |
132+
aws --region us-gov-west-1 lambda publish-layer-version \
133+
--layer-name ${{ inputs.environment }}-${{ matrix.layer }}-${{ matrix.arch }} \
134+
--zip-file fileb://./${{ matrix.layer }}_${{ matrix.arch }}.zip \
135+
--query 'Version' | \
136+
xargs aws --region us-gov-west-1 lambda add-layer-version-permission \
137+
--layer-name ${{ inputs.environment }}-${{ matrix.layer }}-${{ matrix.arch }} \
138+
--statement-id 'PublicLayer' \
139+
--action lambda:GetLayerVersion \
140+
--principal '*' \
141+
--version-number

0 commit comments

Comments
 (0)