-
Notifications
You must be signed in to change notification settings - Fork 2
202 lines (188 loc) · 6.13 KB
/
ci.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
name: CI
permissions:
id-token: write
contents: read
on:
pull_request:
branches:
- main
push:
branches:
- main
tags:
- "v*"
env:
GOVERSION: "1.18"
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: ${{ env.GOVERSION }}
- uses: golangci/golangci-lint-action@v3
test:
name: Test
runs-on: ubuntu-latest
needs:
- lint
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: ${{ env.GOVERSION }}
- name: unit tests
run: make test
build:
name: Build
runs-on: ubuntu-latest
needs:
- lint
strategy:
matrix:
architecture:
- amd64
- arm64
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: ${{ env.GOVERSION }}
- name: build the binary ${{ matrix.architecture }}
run: GOARCH=${{ matrix.architecture }} make build
publish:
name: Publish ${{ matrix.architecture }} binary in ${{ matrix.region }} in Development AWS Account
runs-on: ubuntu-latest
if: github.repository_owner == 'axiomhq' && github.ref == 'refs/heads/main'
needs:
- build
strategy:
matrix:
architecture:
- amd64
- arm64
region: # TODO: Add all regions where Lambda is available
- eu-west-1
- us-east-1
- us-east-2
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: ${{ env.GOVERSION }}
- name: Package the binary
run: GOARCH=${{ matrix.architecture }} make package
- uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ secrets.AWS_DEV_IAM_ROLE }}
role-session-name: lambda_extension
aws-region: ${{ matrix.region }}
- name: Publish Lambda ${{ matrix.architecture }} layer to ${{ matrix.region }}
run: |
ARCH=${{ matrix.architecture }}
if [[ $ARCH == "amd64" ]]; then
ARCH=x86_64
fi
# Publish Lambda layer
LAYER_VERSION=$(aws lambda publish-layer-version \
--layer-name axiom-extension-$ARCH \
--region ${{ matrix.region }} \
--description 'axiom lambda extension to push lambda logs to https://axiom.co' \
--compatible-architectures $ARCH \
--zip-file "fileb://bin/extension.zip" --output json | jq .Version)
# THIS make the lambda layer only accessible by the Axiom AWS organization
aws lambda add-layer-version-permission \
--layer-name axiom-extension-$ARCH \
--version-number $LAYER_VERSION \
--statement-id axiomOrg \
--principal '*' \
--organization-id ${{ secrets.AWS_ORGANIZATION_ID }} \
--region ${{ matrix.region }} \
--action lambda:GetLayerVersion
deploy_latest_layer_dev:
name: Deploy Latest Layer in Development Query Lambda
runs-on: ubuntu-latest
if: github.repository_owner == 'axiomhq' && github.ref == 'refs/heads/main'
needs:
- publish
steps:
- uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ secrets.AWS_DEV_IAM_ROLE }}
role-session-name: lambda_extension
aws-region: eu-west-1
- name: Update DB query with the latest layer version
run: |
# get Latest Layer version
LATEST_LAYER_ARN=$(aws lambda list-layer-versions \
--layer-name axiom-extension-arm64 \
--query 'LayerVersions[0].LayerVersionArn' | tr -d '"' )
# Update DB Query function with the latest version
aws lambda update-function-configuration \
--function-name db-query-function-5k4h7 \
--layers $LATEST_LAYER_ARN
publish_to_production:
name: Publish ${{ matrix.architecture }} binary in ${{ matrix.region }} in Production AWS Account
runs-on: ubuntu-latest
if: github.repository_owner == 'axiomhq' && startsWith(github.ref, 'refs/tags') # Only on tags
needs:
- build
strategy:
fail-fast: false
matrix:
architecture:
- amd64
- arm64
region:
- us-west-1
- us-west-2
- us-east-1
- us-east-2
- eu-west-1
- eu-west-2
- eu-west-3
- eu-north-1
- eu-central-1
- ca-central-1
- sa-east-1
- ap-south-1
- ap-southeast-1
- ap-southeast-2
- ap-northeast-1
- ap-northeast-2
- ap-northeast-3
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: ${{ env.GOVERSION }}
- name: Package the binary
run: GOARCH=${{ matrix.architecture }} make package
- uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ secrets.AWS_PROD_IAM_ROLE }}
role-session-name: lambda_extension
aws-region: ${{ matrix.region }}
- name: Publish Lambda ${{ matrix.architecture }} layer to ${{ matrix.region }}
run: |
ARCH=${{ matrix.architecture }}
if [[ $ARCH == "amd64" ]]; then
ARCH=x86_64
fi
# Publish Lambda layer
LAYER_VERSION=$(aws lambda publish-layer-version \
--layer-name axiom-extension-$ARCH \
--region ${{ matrix.region }} \
--description 'axiom lambda extension to push lambda logs to https://axiom.co' \
--compatible-architectures $ARCH \
--zip-file "fileb://bin/extension.zip" --output json | jq .Version)
# THIS makes the lambda layer public
aws lambda add-layer-version-permission \
--layer-name axiom-extension-$ARCH \
--version-number $LAYER_VERSION \
--statement-id allOrgs \
--principal '*' \
--region ${{ matrix.region }} \
--action lambda:GetLayerVersion