Skip to content

Commit c05cd25

Browse files
sthulbSimon Thulbourn
sthulb
and
Simon Thulbourn
authored
fix(ci): GovCloud layer verification (#5382)
* fix: test command in verify step * fix: remove xargs from create-layer and replace with env var --------- Signed-off-by: Simon Thulbourn <[email protected]> Co-authored-by: Simon Thulbourn <sthulb@@users.noreply.github.com>
1 parent 5e8405b commit c05cd25

File tree

1 file changed

+32
-19
lines changed

1 file changed

+32
-19
lines changed

Diff for: .github/workflows/layer_govcloud.yml

+32-19
Original file line numberDiff line numberDiff line change
@@ -120,24 +120,30 @@ jobs:
120120
aws-region: us-gov-east-1
121121
mask-aws-account-id: true
122122
- name: Create Layer
123+
id: create-layer
123124
run: |
124-
aws --region us-gov-east-1 lambda publish-layer-version \
125+
LAYER_VERSION=$(aws --region us-gov-east-1 lambda publish-layer-version \
125126
--layer-name ${{ matrix.layer }}-${{ matrix.arch }} \
126127
--zip-file fileb://./${{ matrix.layer }}_${{ matrix.arch }}.zip \
127128
--compatible-runtimes $(jq -r ".CompatibleRuntimes[0]" ${{ matrix.layer }}_${{ matrix.arch }}.json) \
128129
--compatible-architectures $(jq -r ".CompatibleArchitectures[0]" ${{ matrix.layer }}_${{ matrix.arch }}.json) \
129130
--license-info "MIT-0" \
130131
--description "$(jq -r '.Description' ${{ matrix.layer }}_${{ matrix.arch }}.json)" \
131-
--query 'Version' | \
132-
xargs aws --region us-gov-east-1 lambda add-layer-version-permission \
133-
--layer-name ${{ matrix.layer }}-${{ matrix.arch }} \
134-
--statement-id 'PublicLayer' \
135-
--action lambda:GetLayerVersion \
136-
--principal '*' \
137-
--version-number
132+
--query 'Version' \
133+
--output text)
134+
echo "LAYER_VERSION=$LAYER_VERSION" >> "$GITHUB_OUTPUT"
135+
136+
aws --region us-gov-east-1 lambda add-layer-version-permission \
137+
--layer-name ${{ matrix.layer }}-${{ matrix.arch }} \
138+
--statement-id 'PublicLayer' \
139+
--action lambda:GetLayerVersion \
140+
--principal '*' \
141+
--version-number $LAYER_VERSION
138142
- name: Verify Layer
143+
env:
144+
LAYER_VERSION: ${{ steps.create-layer.outputs.LAYER_VERSION }}
139145
run: |
140-
REMOTE_SHA=$(aws --region us-gov-east-1 lambda get-layer-version-by-arn --arn arn:aws-us-gov:lambda:us-gov-east-1:${{ secrets.AWS_ACCOUNT_ID }}:layer:${{ matrix.layer }}-${{ matrix.arch }}:${{ inputs.version }} --query 'Content.CodeSha256' --output text)
146+
REMOTE_SHA=$(aws --region us-gov-east-1 lambda get-layer-version-by-arn --arn arn:aws-us-gov:lambda:us-gov-east-1:${{ secrets.AWS_ACCOUNT_ID }}:layer:${{ matrix.layer }}-${{ matrix.arch }}:${{ env.LAYER_VERSION }} --query 'Content.CodeSha256' --output text)
141147
SHA=$(jq -r '.Content.CodeSha256' ${{ matrix.layer }}_${{ matrix.arch }}.json)
142148
test $REMOTE_SHA == $SHA && echo "SHA OK: ${SHA}" || exit 1
143149
@@ -181,23 +187,30 @@ jobs:
181187
aws-region: us-gov-west-1
182188
mask-aws-account-id: true
183189
- name: Create Layer
190+
id: create-layer
184191
run: |
185-
aws --region us-gov-west-1 lambda publish-layer-version \
192+
LAYER_VERSION=$(aws --region us-gov-west-1 lambda publish-layer-version \
186193
--layer-name ${{ matrix.layer }}-${{ matrix.arch }} \
187194
--zip-file fileb://./${{ matrix.layer }}_${{ matrix.arch }}.zip \
188195
--compatible-runtimes $(jq -r ".CompatibleRuntimes[0]" ${{ matrix.layer }}_${{ matrix.arch }}.json) \
189196
--compatible-architectures $(jq -r ".CompatibleArchitectures[0]" ${{ matrix.layer }}_${{ matrix.arch }}.json) \
190197
--license-info "MIT-0" \
191198
--description "$(jq -r '.Description' ${{ matrix.layer }}_${{ matrix.arch }}.json)" \
192-
--query 'Version' | \
193-
xargs aws --region us-gov-west-1 lambda add-layer-version-permission \
194-
--layer-name ${{ matrix.layer }}-${{ matrix.arch }} \
195-
--statement-id 'PublicLayer' \
196-
--action lambda:GetLayerVersion \
197-
--principal '*' \
198-
--version-number
199+
--query 'Version' \
200+
--output text)
201+
202+
echo "LAYER_VERSION=$LAYER_VERSION" >> "$GITHUB_OUTPUT"
203+
204+
aws --region us-gov-west-1 lambda add-layer-version-permission \
205+
--layer-name ${{ matrix.layer }}-${{ matrix.arch }} \
206+
--statement-id 'PublicLayer' \
207+
--action lambda:GetLayerVersion \
208+
--principal '*' \
209+
--version-number $LAYER_VERSION
199210
- name: Verify Layer
211+
env:
212+
LAYER_VERSION: ${{ steps.create-layer.outputs.LAYER_VERSION }}
200213
run: |
201-
REMOTE_SHA=$(aws --region us-gov-west-1 lambda get-layer-version-by-arn --arn arn:aws-us-gov:lambda:us-gov-west-1:${{ secrets.AWS_ACCOUNT_ID }}:layer:${{ matrix.layer }}-${{ matrix.arch }}:${{ inputs.version }} --query 'Content.CodeSha256' --output text)
214+
REMOTE_SHA=$(aws --region us-gov-west-1 lambda get-layer-version-by-arn --arn arn:aws-us-gov:lambda:us-gov-west-1:${{ secrets.AWS_ACCOUNT_ID }}:layer:${{ matrix.layer }}-${{ matrix.arch }}:${{ env.LAYER_VERSION }} --query 'Content.CodeSha256' --output text)
202215
SHA=$(jq -r '.Content.CodeSha256' ${{ matrix.layer }}_${{ matrix.arch }}.json)
203-
test $REMOTE_SHA == $SHA && echo "SHA OK: ${SHA}" || exit 1
216+
test $REMOTE_SHA == $SHA && echo "SHA OK: ${SHA}" || exit 1

0 commit comments

Comments
 (0)