@@ -170,56 +170,57 @@ jobs:
170170 source_code_artifact_name : ${{ inputs.source_code_artifact_name }}
171171 source_code_integrity_hash : ${{ inputs.source_code_integrity_hash }}
172172
173- prod :
174- needs : beta
173+ # UNCOMMENT prod JOB
174+ # prod:
175+ # needs: beta
175176 # lower privilege propagated from parent workflow (release.yml)
176- permissions :
177- id-token : write
178- contents : read
179- pages : write # docs will be updated with latest Layer ARNs
180- pull-requests : write # creation-action will create a PR with Layer ARN updates
181- uses : ./.github/workflows/reusable_deploy_v3_layer_stack.yml
182- secrets : inherit
183- with :
184- stage : " PROD"
185- environment : " layer-prod"
186- source_code_artifact_name : ${{ inputs.source_code_artifact_name }}
187- source_code_integrity_hash : ${{ inputs.source_code_integrity_hash }}
188-
189- sar-beta :
190- needs : beta # canaries run on Layer Beta env
191- permissions :
192- # lower privilege propagated from parent workflow (release.yml)
193- id-token : write
194- contents : read
195- pull-requests : none
196- pages : none
197- uses : ./.github/workflows/reusable_deploy_v3_sar.yml
198- secrets : inherit
199- with :
200- stage : " BETA"
201- environment : " layer-beta"
202- package-version : ${{ inputs.latest_published_version }}
203- source_code_artifact_name : ${{ inputs.source_code_artifact_name }}
204- source_code_integrity_hash : ${{ inputs.source_code_integrity_hash }}
177+ # permissions:
178+ # id-token: write
179+ # contents: read
180+ # pages: write # docs will be updated with latest Layer ARNs
181+ # pull-requests: write # creation-action will create a PR with Layer ARN updates
182+ # uses: ./.github/workflows/reusable_deploy_v3_layer_stack.yml
183+ # secrets: inherit
184+ # with:
185+ # stage: "PROD"
186+ # environment: "layer-prod"
187+ # source_code_artifact_name: ${{ inputs.source_code_artifact_name }}
188+ # source_code_integrity_hash: ${{ inputs.source_code_integrity_hash }}
205189
190+ # sar-beta:
191+ # needs: beta # canaries run on Layer Beta env
192+ # permissions:
193+ # # lower privilege propagated from parent workflow (release.yml)
194+ # id-token: write
195+ # contents: read
196+ # pull-requests: none
197+ # pages: none
198+ # uses: ./.github/workflows/reusable_deploy_v3_sar.yml
199+ # secrets: inherit
200+ # with:
201+ # stage: "BETA"
202+ # environment: "layer-beta"
203+ # package-version: ${{ inputs.latest_published_version }}
204+ # source_code_artifact_name: ${{ inputs.source_code_artifact_name }}
205+ # source_code_integrity_hash: ${{ inputs.source_code_integrity_hash }}
206206
207- sar-prod :
208- needs : sar-beta
209- permissions :
207+ # UNCOMMENT sar-prod JOB
208+ # sar-prod:
209+ # needs: sar-beta
210+ # permissions:
210211 # lower privilege propagated from parent workflow (release.yml)
211- id-token : write
212- contents : read
213- pull-requests : none
214- pages : none
215- uses : ./.github/workflows/reusable_deploy_v3_sar.yml
216- secrets : inherit
217- with :
218- stage : " PROD"
219- environment : " layer-prod"
220- package-version : ${{ inputs.latest_published_version }}
221- source_code_artifact_name : ${{ inputs.source_code_artifact_name }}
222- source_code_integrity_hash : ${{ inputs.source_code_integrity_hash }}
212+ # id-token: write
213+ # contents: read
214+ # pull-requests: none
215+ # pages: none
216+ # uses: ./.github/workflows/reusable_deploy_v3_sar.yml
217+ # secrets: inherit
218+ # with:
219+ # stage: "PROD"
220+ # environment: "layer-prod"
221+ # package-version: ${{ inputs.latest_published_version }}
222+ # source_code_artifact_name: ${{ inputs.source_code_artifact_name }}
223+ # source_code_integrity_hash: ${{ inputs.source_code_integrity_hash }}
223224
224225
225226 # Updating the documentation with the latest Layer ARNs is a two-phase process
@@ -231,84 +232,86 @@ jobs:
231232 # where a new release creates a new doc (2.16.0) while layers are still pointing to 2.15
232233 # because the PR has to be merged while release process is running
233234
234- update_v3_layer_arn_docs :
235- needs : prod
236- outputs :
237- temp_branch : ${{ steps.create-pr.outputs.temp_branch }}
238- runs-on : ubuntu-latest
239- permissions :
235+ # UNCOMMENT update_v3_layer_arn_docs JOB
236+ # update_v3_layer_arn_docs:
237+ # needs: prod
238+ # outputs:
239+ # temp_branch: ${{ steps.create-pr.outputs.temp_branch }}
240+ # runs-on: ubuntu-latest
241+ # permissions:
240242 # lower privilege propagated from parent workflow (release.yml)
241- contents : write
242- pull-requests : write
243- id-token : none
244- pages : none
245- steps :
246- - name : Checkout repository # reusable workflows start clean, so we need to checkout again
247- uses : actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
248- with :
249- ref : ${{ env.RELEASE_COMMIT }}
243+ # contents: write
244+ # pull-requests: write
245+ # id-token: none
246+ # pages: none
247+ # steps:
248+ # - name: Checkout repository # reusable workflows start clean, so we need to checkout again
249+ # uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
250+ # with:
251+ # ref: ${{ env.RELEASE_COMMIT }}
250252
251- - name : Restore sealed source code
252- uses : ./.github/actions/seal-restore
253- with :
254- integrity_hash : ${{ inputs.source_code_integrity_hash }}
255- artifact_name : ${{ inputs.source_code_artifact_name }}
253+ # - name: Restore sealed source code
254+ # uses: ./.github/actions/seal-restore
255+ # with:
256+ # integrity_hash: ${{ inputs.source_code_integrity_hash }}
257+ # artifact_name: ${{ inputs.source_code_artifact_name }}
256258
257- - name : Download CDK layer artifacts
258- uses : actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
259- with :
260- path : cdk-layer-stack
261- pattern : cdk-layer-stack-* # merge all Layer artifacts created per region earlier (reusable_deploy_v2_layer_stack.yml; step "Save Layer ARN artifact")
262- merge-multiple : true
263- - name : Replace layer versions in documentation
264- run : |
265- ls -la cdk-layer-stack/
266- ./layer/scripts/update_layer_arn.sh cdk-layer-stack
259+ # - name: Download CDK layer artifacts
260+ # uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
261+ # with:
262+ # path: cdk-layer-stack
263+ # pattern: cdk-layer-stack-* # merge all Layer artifacts created per region earlier (reusable_deploy_v2_layer_stack.yml; step "Save Layer ARN artifact")
264+ # merge-multiple: true
265+ # - name: Replace layer versions in documentation
266+ # run: |
267+ # ls -la cdk-layer-stack/
268+ # ./layer/scripts/update_layer_arn.sh cdk-layer-stack
267269 # NOTE: It felt unnecessary creating yet another PR to update changelog w/ latest tag
268270 # since this is the only step in the release where we update docs from a temp branch
269- - name : Update changelog with latest tag
270- run : make changelog
271- - name : Create PR
272- id : create-pr
273- uses : ./.github/actions/create-pr
274- with :
275- files : " docs/index.md examples CHANGELOG.md"
276- temp_branch_prefix : " ci-layer-docs"
277- pull_request_title : " chore(ci): layer docs update"
278- github_token : ${{ secrets.GITHUB_TOKEN }}
271+ # - name: Update changelog with latest tag
272+ # run: make changelog
273+ # - name: Create PR
274+ # id: create-pr
275+ # uses: ./.github/actions/create-pr
276+ # with:
277+ # files: "docs/index.md examples CHANGELOG.md"
278+ # temp_branch_prefix: "ci-layer-docs"
279+ # pull_request_title: "chore(ci): layer docs update"
280+ # github_token: ${{ secrets.GITHUB_TOKEN }}
279281
282+ # UNCOMMENT prepare_docs_alias JOB
283+ # prepare_docs_alias:
284+ # runs-on: ubuntu-latest
285+ # permissions:
286+ # # lower privilege propagated from parent workflow (release.yml)
287+ # contents: read
288+ # pages: none
289+ # id-token: none
290+ # pull-requests: none
291+ # outputs:
292+ # DOCS_ALIAS: ${{ steps.set-alias.outputs.DOCS_ALIAS }}
293+ # steps:
294+ # - name: Set docs alias
295+ # id: set-alias
296+ # run: |
297+ # DOCS_ALIAS=latest
298+ # if [[ "${{ inputs.pre_release }}" == true ]] ; then
299+ # DOCS_ALIAS=alpha
300+ # fi
301+ # echo DOCS_ALIAS="$DOCS_ALIAS" >> "$GITHUB_OUTPUT"
280302
281- prepare_docs_alias :
282- runs-on : ubuntu-latest
283- permissions :
284- # lower privilege propagated from parent workflow (release.yml)
285- contents : read
286- pages : none
287- id-token : none
288- pull-requests : none
289- outputs :
290- DOCS_ALIAS : ${{ steps.set-alias.outputs.DOCS_ALIAS }}
291- steps :
292- - name : Set docs alias
293- id : set-alias
294- run : |
295- DOCS_ALIAS=latest
296- if [[ "${{ inputs.pre_release }}" == true ]] ; then
297- DOCS_ALIAS=alpha
298- fi
299- echo DOCS_ALIAS="$DOCS_ALIAS" >> "$GITHUB_OUTPUT"
300-
301- release_docs :
302- needs : [update_v3_layer_arn_docs, prepare_docs_alias]
303- permissions :
304- # lower privilege propagated from parent workflow (release.yml)
305- contents : write
306- pages : write
307- pull-requests : none
308- id-token : write
309- secrets : inherit
310- uses : ./.github/workflows/reusable_publish_docs.yml
311- with :
312- version : ${{ inputs.latest_published_version }}
313- alias : ${{ needs.prepare_docs_alias.outputs.DOCS_ALIAS }}
314- git_ref : ${{ needs.update_v3_layer_arn_docs.outputs.temp_branch }}
303+ # UNCOMMENT release_docs JOB
304+ # release_docs:
305+ # needs: [update_v3_layer_arn_docs, prepare_docs_alias]
306+ # permissions:
307+ # # lower privilege propagated from parent workflow (release.yml)
308+ # contents: write
309+ # pages: write
310+ # pull-requests: none
311+ # id-token: write
312+ # secrets: inherit
313+ # uses: ./.github/workflows/reusable_publish_docs.yml
314+ # with:
315+ # version: ${{ inputs.latest_published_version }}
316+ # alias: ${{ needs.prepare_docs_alias.outputs.DOCS_ALIAS }}
317+ # git_ref: ${{ needs.update_v3_layer_arn_docs.outputs.temp_branch }}
0 commit comments