From 04902fde02485658a95f2b3b931891b6b5499108 Mon Sep 17 00:00:00 2001 From: Eric Zhang Date: Mon, 18 Aug 2025 12:33:49 -0700 Subject: [PATCH 1/8] modify release lambda workflow to modify existing GH release --- .github/workflows/release-lambda.yml | 70 +++++++++++++++++----------- 1 file changed, 42 insertions(+), 28 deletions(-) diff --git a/.github/workflows/release-lambda.yml b/.github/workflows/release-lambda.yml index f5b63d03..7ed39eb6 100644 --- a/.github/workflows/release-lambda.yml +++ b/.github/workflows/release-lambda.yml @@ -21,6 +21,20 @@ permissions: contents: write jobs: + check-draft: + runs-on: ubuntu-latest + steps: + - name: Check for release draft + run: | + TAG="v${{ github.event.inputs.version }}" + # Check if draft release exists with this tag + if ! gh release view $TAG --json isDraft -q .isDraft 2>/dev/null | grep -q true; then + echo "No draft release found for tag $TAG. Did you first run the Release Build workflow?" + exit 1 + fi + echo "Found draft release for tag $TAG. Proceeding with Lambda layer release." + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} build-layer: environment: Release runs-on: ubuntu-latest @@ -205,36 +219,36 @@ jobs: id: commit run: | echo "sha_short=$(echo $GITHUB_SHA | cut -c1-7)" >> $GITHUB_OUTPUT - - - name: Create Release Notes - run: | - echo "AWS OpenTelemetry Lambda Layer for JavaScript version ${{ github.event.inputs.version }}-${{ steps.commit.outputs.sha_short }}" > release_notes.md - echo "" >> release_notes.md - echo "Lambda Layer ARNs:" >> release_notes.md - echo "" >> release_notes.md - cat layer-note >> release_notes.md - echo "" >> release_notes.md - echo "Notes:" >> release_notes.md - - name: Create GH release + - name: Update GH release env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - gh release create \ - --target "$GITHUB_REF_NAME" \ - --title "Release lambda-v${{ github.event.inputs.version }}-${{ steps.commit.outputs.sha_short }}" \ - --notes-file release_notes.md \ - --draft \ - "lambda-v${{ github.event.inputs.version }}-${{ steps.commit.outputs.sha_short }}" \ - layer_arns.tf layer.zip - echo Removing release_notes.md ... - rm -f release_notes.md - - name: Upload layer.zip and SHA-256 checksum to SDK Release Notes (tagged with latest) - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - LATEST_SDK_VERSION=$(gh release list --repo "aws-observability/aws-otel-js-instrumentation" --json tagName,isLatest -q 'map(select(.isLatest==true)) | .[0].tagName') + TAG="v${{ github.event.inputs.version }}" # Generate SHA-256 checksum for layer.zip shasum -a 256 layer.zip > layer.zip.sha256 - # Upload layer.zip and its checksum to the latest SDK release note - gh release upload "$LATEST_SDK_VERSION" layer.zip layer.zip.sha256 --repo "aws-observability/aws-otel-js-instrumentation" --clobber - echo "✅ layer.zip successfully uploaded to $LATEST_SDK_VERSION in the upstream repo!" + gh release upload $TAG \ + layer.zip \ + layer.zip.sha256 \ + layer_arns.tf \ + --clobber + - name: Update Release Notes + run: | + TAG="v${{ github.event.inputs.version }}" + # Get current release notes + current_notes=$(gh release view $TAG --json body -q .body) + echo "## Lambda Layer" > lambda_notes.md + echo "" >> lambda_notes.md + echo "AWS OpenTelemetry Lambda Layer for JavaScript version ${{ github.event.inputs.version }}-${{ steps.commit.outputs.sha_short }}" > lambda_notes.md + echo "" >> lambda_notes.md + echo "Lambda Layer ARNs:" >> lambda_notes.md + echo "" >> lambda_notes.md + cat layer-note >> lambda_notes.md + echo "" >> lambda_notes.md + echo "Notes:" >> lambda_notes.md + { + echo "$current_notes" + echo "" + cat lambda_notes.md + } > updated_notes.md + # Update release notes + gh release edit $TAG --notes-file updated_notes.md \ No newline at end of file From 0aaa0c4a3fdadb1bc027b2958f8f50f554467e25 Mon Sep 17 00:00:00 2001 From: Eric Zhang Date: Mon, 18 Aug 2025 13:47:47 -0700 Subject: [PATCH 2/8] minor workflow fixes --- .github/workflows/release-lambda.yml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/.github/workflows/release-lambda.yml b/.github/workflows/release-lambda.yml index 7ed39eb6..d3f10664 100644 --- a/.github/workflows/release-lambda.yml +++ b/.github/workflows/release-lambda.yml @@ -24,6 +24,8 @@ jobs: check-draft: runs-on: ubuntu-latest steps: + - name: Checkout Repo @ SHA - ${{ github.sha }} + uses: actions/checkout@v4 - name: Check for release draft run: | TAG="v${{ github.event.inputs.version }}" @@ -34,9 +36,10 @@ jobs: fi echo "Found draft release for tag $TAG. Proceeding with Lambda layer release." env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} build-layer: environment: Release + needs: check-draft runs-on: ubuntu-latest outputs: aws_regions_json: ${{ steps.set-matrix.outputs.aws_regions_json }} @@ -232,13 +235,13 @@ jobs: layer_arns.tf \ --clobber - name: Update Release Notes + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | TAG="v${{ github.event.inputs.version }}" # Get current release notes current_notes=$(gh release view $TAG --json body -q .body) - echo "## Lambda Layer" > lambda_notes.md - echo "" >> lambda_notes.md - echo "AWS OpenTelemetry Lambda Layer for JavaScript version ${{ github.event.inputs.version }}-${{ steps.commit.outputs.sha_short }}" > lambda_notes.md + echo "This release also includes the AWS OpenTelemetry Lambda Layer for JavaScript version ${{ github.event.inputs.version }}-${{ steps.commit.outputs.sha_short }}." >> lambda_notes.md echo "" >> lambda_notes.md echo "Lambda Layer ARNs:" >> lambda_notes.md echo "" >> lambda_notes.md From 64866332a42bf0f2fcc4039c9afee5005575da11 Mon Sep 17 00:00:00 2001 From: Eric Zhang Date: Mon, 18 Aug 2025 16:42:23 -0700 Subject: [PATCH 3/8] create release notes skeleton for SDK release --- .github/workflows/release-build.yml | 32 +++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/.github/workflows/release-build.yml b/.github/workflows/release-build.yml index 765ce169..63624e30 100644 --- a/.github/workflows/release-build.yml +++ b/.github/workflows/release-build.yml @@ -104,8 +104,40 @@ jobs: gh release download "$LATEST_SDK_VERSION" --repo "aws-observability/aws-otel-js-instrumentation" --pattern "layer.zip" --dir layer_artifact shasum -a 256 layer_artifact/layer.zip > layer_artifact/layer.zip.sha256 + # Create release notes template + cat > release_notes.md << 'EOF' + This release contains the following upstream components: + + - `@opentelemetry/api` - + - `@opentelemetry/auto-configuration-propagators` - + - `@opentelemetry/auto-instrumentations-node` - + - `@opentelemetry/core` - + - `@opentelemetry/exporter-metrics-otlp-grpc` - + - `@opentelemetry/exporter-metrics-otlp-http` - + - `@opentelemetry/exporter-trace-otlp-proto` - + - `@opentelemetry/exporter-zipkin` - + - `@opentelemetry/id-generator-aws-xray` - + - `@opentelemetry/instrumentation` - + - `@opentelemetry/instrumentation-aws-sdk` - + - `@opentelemetry/propagator-aws-xray` - + - `@opentelemetry/resource-detector-aws` - + - `@opentelemetry/resources` - + - `@opentelemetry/sdk-metrics` - + - `@opentelemetry/sdk-node` - + - `@opentelemetry/sdk-trace-base` - + - `@opentelemetry/semantic-conventions` - + - `` - + + This release also publishes to public ECR and NPM. + * See ADOT node auto-instrumentation Docker image v${{ github.event.inputs.version }} in our public ECR repository: + https://gallery.ecr.aws/aws-observability/adot-autoinstrumentation-node + * See version ${{ github.event.inputs.version }} in our NPM repository: + https://www.npmjs.com/package/@aws/aws-distro-opentelemetry-node-autoinstrumentation + EOF + gh release create --target "$GITHUB_REF_NAME" \ --title "Release v${{ github.event.inputs.version }}" \ + --notes-file release_notes.md \ --draft \ "v${{ github.event.inputs.version }}" \ aws-distro-opentelemetry-node-autoinstrumentation/${{ env.ARTIFACT_NAME }} \ From 92b48a4e30bf9236a3320a07a5aa8f42ff936b9c Mon Sep 17 00:00:00 2001 From: Eric Zhang Date: Mon, 18 Aug 2025 17:29:36 -0700 Subject: [PATCH 4/8] remove previous logic uploading most recent lambda layer to new release draft --- .github/workflows/release-build.yml | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/.github/workflows/release-build.yml b/.github/workflows/release-build.yml index 63624e30..05dcc236 100644 --- a/.github/workflows/release-build.yml +++ b/.github/workflows/release-build.yml @@ -98,12 +98,6 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token run: | - # Download layer.zip from existing latest tagged SDK release note - LATEST_SDK_VERSION=$(gh release list --repo "aws-observability/aws-otel-js-instrumentation" --json tagName,isLatest -q 'map(select(.isLatest==true)) | .[0].tagName') - mkdir -p layer_artifact - gh release download "$LATEST_SDK_VERSION" --repo "aws-observability/aws-otel-js-instrumentation" --pattern "layer.zip" --dir layer_artifact - shasum -a 256 layer_artifact/layer.zip > layer_artifact/layer.zip.sha256 - # Create release notes template cat > release_notes.md << 'EOF' This release contains the following upstream components: @@ -141,9 +135,7 @@ jobs: --draft \ "v${{ github.event.inputs.version }}" \ aws-distro-opentelemetry-node-autoinstrumentation/${{ env.ARTIFACT_NAME }} \ - ${{ env.ARTIFACT_NAME }}.sha256 \ - layer_artifact/layer.zip \ - layer_artifact/layer.zip.sha256 + ${{ env.ARTIFACT_NAME }}.sha256 # Publish '@aws/aws-distro-opentelemetry-node-autoinstrumentation' to npm - name: Publish autoinstrumentation to npm From 9e207f2cd8536f4508ed048f5f8932ec723119ee Mon Sep 17 00:00:00 2001 From: Eric Zhang Date: Fri, 22 Aug 2025 13:22:21 -0700 Subject: [PATCH 5/8] automate dependency version in release notes --- .github/workflows/release-build.yml | 31 ++++++++++------------------- 1 file changed, 11 insertions(+), 20 deletions(-) diff --git a/.github/workflows/release-build.yml b/.github/workflows/release-build.yml index 05dcc236..88e82d68 100644 --- a/.github/workflows/release-build.yml +++ b/.github/workflows/release-build.yml @@ -98,29 +98,20 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token run: | - # Create release notes template + # Generate dependency versions from package.json + DEPS=$(node -e " + const pkg = require('./aws-distro-opentelemetry-node-autoinstrumentation/package.json'); + const deps = Object.entries(pkg.dependencies || {}) + .map(([name, version]) => \`- \\\`\${name}\\\` - \${version}\`) + .join('\n'); + console.log(deps); + ") + + # Create release notes cat > release_notes.md << 'EOF' This release contains the following upstream components: - - `@opentelemetry/api` - - - `@opentelemetry/auto-configuration-propagators` - - - `@opentelemetry/auto-instrumentations-node` - - - `@opentelemetry/core` - - - `@opentelemetry/exporter-metrics-otlp-grpc` - - - `@opentelemetry/exporter-metrics-otlp-http` - - - `@opentelemetry/exporter-trace-otlp-proto` - - - `@opentelemetry/exporter-zipkin` - - - `@opentelemetry/id-generator-aws-xray` - - - `@opentelemetry/instrumentation` - - - `@opentelemetry/instrumentation-aws-sdk` - - - `@opentelemetry/propagator-aws-xray` - - - `@opentelemetry/resource-detector-aws` - - - `@opentelemetry/resources` - - - `@opentelemetry/sdk-metrics` - - - `@opentelemetry/sdk-node` - - - `@opentelemetry/sdk-trace-base` - - - `@opentelemetry/semantic-conventions` - - - `` - + $DEPS This release also publishes to public ECR and NPM. * See ADOT node auto-instrumentation Docker image v${{ github.event.inputs.version }} in our public ECR repository: From aa344b96b5b4dad387074b9e38024a6c0a6b97b4 Mon Sep 17 00:00:00 2001 From: Eric Zhang Date: Fri, 22 Aug 2025 13:50:39 -0700 Subject: [PATCH 6/8] combined SDK and Lambda release workflows --- .github/workflows/release-build.yml | 230 +++++++++++++++++++++++- .github/workflows/release-lambda.yml | 257 --------------------------- 2 files changed, 227 insertions(+), 260 deletions(-) delete mode 100644 .github/workflows/release-lambda.yml diff --git a/.github/workflows/release-build.yml b/.github/workflows/release-build.yml index 88e82d68..eaeced83 100644 --- a/.github/workflows/release-build.yml +++ b/.github/workflows/release-build.yml @@ -5,6 +5,10 @@ on: version: description: The version to tag the release with, e.g., 1.2.0 required: true + aws_region: + description: 'Deploy lambda layer to aws regions' + required: true + default: 'us-east-1, us-east-2, us-west-1, us-west-2, ap-south-1, ap-northeast-3, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-northeast-1, ca-central-1, eu-central-1, eu-west-1, eu-west-2, eu-west-3, eu-north-1, sa-east-1, af-south-1, ap-east-1, ap-south-2, ap-southeast-3, ap-southeast-4, eu-central-2, eu-south-1, eu-south-2, il-central-1, me-central-1, me-south-1, ap-southeast-5, ap-southeast-7, mx-central-1, ca-west-1, cn-north-1, cn-northwest-1' env: AWS_DEFAULT_REGION: us-east-1 @@ -14,7 +18,10 @@ env: RELEASE_PRIVATE_REPOSITORY: 020628701572.dkr.ecr.us-west-2.amazonaws.com/adot-autoinstrumentation-node RELEASE_PRIVATE_REGISTRY: 020628701572.dkr.ecr.us-west-2.amazonaws.com PACKAGE_NAME: aws-distro-opentelemetry-node-autoinstrumentation - ARTIFACT_NAME: aws-aws-distro-opentelemetry-node-autoinstrumentation-${{ github.event.inputs.version }}.tgz + ARTIFACT_NAME: aws-aws-distro-opentelemetry-node-autoinstrumentation-${{ github.event.inputs.version }}.tgz + LAMBDA_AWS_REGIONS: ${{ github.event.inputs.aws_region }} + COMMERCIAL_REGIONS: us-east-1, us-east-2, us-west-1, us-west-2, ap-south-1, ap-northeast-3, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-northeast-1, ca-central-1, eu-central-1, eu-west-1, eu-west-2, eu-west-3, eu-north-1, sa-east-1, ap-southeast-5, ap-southeast-7, mx-central-1, ca-west-1, cn-north-1, cn-northwest-1 + LAYER_NAME: AWSOpenTelemetryDistroJs permissions: id-token: write @@ -108,7 +115,7 @@ jobs: ") # Create release notes - cat > release_notes.md << 'EOF' + cat > release_notes.md << EOF This release contains the following upstream components: $DEPS @@ -135,4 +142,221 @@ jobs: NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}} NPM_CONFIG_PROVENANCE: true run: npm publish - + build-layer: + environment: Release + needs: build + runs-on: ubuntu-latest + outputs: + aws_regions_json: ${{ steps.set-matrix.outputs.aws_regions_json }} + steps: + - name: Set up regions matrix + id: set-matrix + run: | + IFS=',' read -ra REGIONS <<< "${{ env.LAMBDA_AWS_REGIONS }}" + MATRIX="[" + for region in "${REGIONS[@]}"; do + trimmed_region=$(echo "$region" | xargs) + MATRIX+="\"$trimmed_region\"," + done + MATRIX="${MATRIX%,}]" + echo ${MATRIX} + echo "aws_regions_json=${MATRIX}" >> $GITHUB_OUTPUT + - name: Checkout Repo @ SHA - ${{ github.sha }} + uses: actions/checkout@v4 + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version: 22 + - name: NPM Clean Install + # https://docs.npmjs.com/cli/v10/commands/npm-ci + run: npm ci + - name: Compile all NPM projects + run: npm run compile + - name: Build Lambda Layer + run: npm run build-lambda + - name: upload layer + uses: actions/upload-artifact@v4 + with: + name: layer.zip + path: lambda-layer/packages/layer/build/layer.zip + publish-layer-prod: + runs-on: ubuntu-latest + needs: build-layer + strategy: + matrix: + aws_region: ${{ fromJson(needs.build-layer.outputs.aws_regions_json) }} + steps: + - name: role arn + env: + COMMERCIAL_REGIONS: ${{ env.COMMERCIAL_REGIONS }} + run: | + COMMERCIAL_REGIONS_ARRAY=(${COMMERCIAL_REGIONS//,/ }) + FOUND=false + for REGION in "${COMMERCIAL_REGIONS_ARRAY[@]}"; do + if [[ "$REGION" == "${{ matrix.aws_region }}" ]]; then + FOUND=true + break + fi + done + if [ "$FOUND" = true ]; then + echo "Found ${{ matrix.aws_region }} in COMMERCIAL_REGIONS" + SECRET_KEY="LAMBDA_LAYER_RELEASE" + else + echo "Not found ${{ matrix.aws_region }} in COMMERCIAL_REGIONS" + SECRET_KEY="${{ matrix.aws_region }}_LAMBDA_LAYER_RELEASE" + fi + SECRET_KEY=${SECRET_KEY//-/_} + echo "SECRET_KEY=${SECRET_KEY}" >> $GITHUB_ENV + - uses: aws-actions/configure-aws-credentials@v4.0.2 + with: + role-to-assume: ${{ secrets[env.SECRET_KEY] }} + role-duration-seconds: 1200 + aws-region: ${{ matrix.aws_region }} + - name: Get s3 bucket name for release + run: | + echo BUCKET_NAME=nodejs-lambda-layer-${{ github.run_id }}-${{ matrix.aws_region }} | tee --append $GITHUB_ENV + - name: download layer.zip + uses: actions/download-artifact@v4 + with: + name: layer.zip + - name: publish + run: | + aws s3 mb s3://${{ env.BUCKET_NAME }} + aws s3 cp layer.zip s3://${{ env.BUCKET_NAME }} + layerARN=$( + aws lambda publish-layer-version \ + --layer-name ${{ env.LAYER_NAME }} \ + --content S3Bucket=${{ env.BUCKET_NAME }},S3Key=layer.zip \ + --compatible-runtimes nodejs18.x nodejs20.x nodejs22.x \ + --compatible-architectures "arm64" "x86_64" \ + --license-info "Apache-2.0" \ + --description "AWS Distro of OpenTelemetry Lambda Layer for NodeJs Runtime" \ + --query 'LayerVersionArn' \ + --output text + ) + echo $layerARN + echo "LAYER_ARN=${layerARN}" >> $GITHUB_ENV + mkdir ${{ env.LAYER_NAME }} + echo $layerARN > ${{ env.LAYER_NAME }}/${{ matrix.aws_region }} + cat ${{ env.LAYER_NAME }}/${{ matrix.aws_region }} + - name: public layer + run: | + layerVersion=$( + aws lambda list-layer-versions \ + --layer-name ${{ env.LAYER_NAME }} \ + --query 'max_by(LayerVersions, &Version).Version' + ) + aws lambda add-layer-version-permission \ + --layer-name ${{ env.LAYER_NAME }} \ + --version-number $layerVersion \ + --principal "*" \ + --statement-id publish \ + --action lambda:GetLayerVersion + - name: upload layer arn artifact + if: ${{ success() }} + uses: actions/upload-artifact@v4 + with: + name: ${{ env.LAYER_NAME }}-${{ matrix.aws_region }} + path: ${{ env.LAYER_NAME }}/${{ matrix.aws_region }} + - name: clean s3 + if: always() + run: | + aws s3 rb --force s3://${{ env.BUCKET_NAME }} + generate-lambda-release-note: + runs-on: ubuntu-latest + needs: publish-layer-prod + steps: + - name: Checkout Repo @ SHA - ${{ github.sha }} + uses: actions/checkout@v4 + - uses: hashicorp/setup-terraform@v2 + - name: download layerARNs + uses: actions/download-artifact@v4 + with: + pattern: ${{ env.LAYER_NAME }}-* + path: ${{ env.LAYER_NAME }} + merge-multiple: true + - name: show layerARNs + run: | + for file in ${{ env.LAYER_NAME }}/* + do + echo $file + cat $file + done + - name: generate layer-note + working-directory: ${{ env.LAYER_NAME }} + run: | + echo "| Region | Layer ARN |" >> ../layer-note + echo "| ---- | ---- |" >> ../layer-note + for file in * + do + read arn < $file + echo "| " $file " | " $arn " |" >> ../layer-note + done + cd .. + cat layer-note + - name: generate tf layer + working-directory: ${{ env.LAYER_NAME }} + run: | + echo "locals {" >> ../layer_arns.tf + echo " sdk_layer_arns = {" >> ../layer_arns.tf + for file in * + do + read arn < $file + echo " \""$file"\" = \""$arn"\"" >> ../layer_arns.tf + done + cd .. + echo " }" >> layer_arns.tf + echo "}" >> layer_arns.tf + terraform fmt layer_arns.tf + cat layer_arns.tf + - name: generate layer ARN constants for CDK + working-directory: ${{ env.LAYER_NAME }} + run: | + echo "{" > ../layer_cdk + for file in *; do + read arn < "$file" + echo " \"$file\": \"$arn\"," >> ../layer_cdk + done + echo "}" >> ../layer_cdk + cat ../layer_cdk + - name: download layer.zip + uses: actions/download-artifact@v4 + with: + name: layer.zip + - name: Get commit hash + id: commit + run: | + echo "sha_short=$(echo $GITHUB_SHA | cut -c1-7)" >> $GITHUB_OUTPUT + - name: Update GH release + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + TAG="v${{ github.event.inputs.version }}" + # Generate SHA-256 checksum for layer.zip + shasum -a 256 layer.zip > layer.zip.sha256 + gh release upload $TAG \ + layer.zip \ + layer.zip.sha256 \ + layer_arns.tf \ + --clobber + - name: Update Release Notes + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + TAG="v${{ github.event.inputs.version }}" + # Get current release notes + current_notes=$(gh release view $TAG --json body -q .body) + echo "This release also includes the AWS OpenTelemetry Lambda Layer for JavaScript version ${{ github.event.inputs.version }}-${{ steps.commit.outputs.sha_short }}." >> lambda_notes.md + echo "" >> lambda_notes.md + echo "Lambda Layer ARNs:" >> lambda_notes.md + echo "" >> lambda_notes.md + cat layer-note >> lambda_notes.md + echo "" >> lambda_notes.md + echo "Notes:" >> lambda_notes.md + { + echo "$current_notes" + echo "" + cat lambda_notes.md + } > updated_notes.md + # Update release notes + gh release edit $TAG --notes-file updated_notes.md \ No newline at end of file diff --git a/.github/workflows/release-lambda.yml b/.github/workflows/release-lambda.yml deleted file mode 100644 index d3f10664..00000000 --- a/.github/workflows/release-lambda.yml +++ /dev/null @@ -1,257 +0,0 @@ -name: Release Lambda layer - -on: - workflow_dispatch: - inputs: - version: - description: The version to tag the lambda release with (should be the same as the current ADOT JavaScript SDK version, e.g., 0.6.0) - required: true - aws_region: - description: 'Deploy to aws regions' - required: true - default: 'us-east-1, us-east-2, us-west-1, us-west-2, ap-south-1, ap-northeast-3, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-northeast-1, ca-central-1, eu-central-1, eu-west-1, eu-west-2, eu-west-3, eu-north-1, sa-east-1, af-south-1, ap-east-1, ap-south-2, ap-southeast-3, ap-southeast-4, eu-central-2, eu-south-1, eu-south-2, il-central-1, me-central-1, me-south-1, ap-southeast-5, ap-southeast-7, mx-central-1, ca-west-1, cn-north-1, cn-northwest-1' - -env: - AWS_REGIONS: ${{ github.event.inputs.aws_region }} - COMMERCIAL_REGIONS: us-east-1, us-east-2, us-west-1, us-west-2, ap-south-1, ap-northeast-3, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-northeast-1, ca-central-1, eu-central-1, eu-west-1, eu-west-2, eu-west-3, eu-north-1, sa-east-1, ap-southeast-5, ap-southeast-7, mx-central-1, ca-west-1, cn-north-1, cn-northwest-1 - LAYER_NAME: AWSOpenTelemetryDistroJs - -permissions: - id-token: write - contents: write - -jobs: - check-draft: - runs-on: ubuntu-latest - steps: - - name: Checkout Repo @ SHA - ${{ github.sha }} - uses: actions/checkout@v4 - - name: Check for release draft - run: | - TAG="v${{ github.event.inputs.version }}" - # Check if draft release exists with this tag - if ! gh release view $TAG --json isDraft -q .isDraft 2>/dev/null | grep -q true; then - echo "No draft release found for tag $TAG. Did you first run the Release Build workflow?" - exit 1 - fi - echo "Found draft release for tag $TAG. Proceeding with Lambda layer release." - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - build-layer: - environment: Release - needs: check-draft - runs-on: ubuntu-latest - outputs: - aws_regions_json: ${{ steps.set-matrix.outputs.aws_regions_json }} - steps: - - name: Set up regions matrix - id: set-matrix - run: | - IFS=',' read -ra REGIONS <<< "${{ env.AWS_REGIONS }}" - MATRIX="[" - for region in "${REGIONS[@]}"; do - trimmed_region=$(echo "$region" | xargs) - MATRIX+="\"$trimmed_region\"," - done - MATRIX="${MATRIX%,}]" - echo ${MATRIX} - echo "aws_regions_json=${MATRIX}" >> $GITHUB_OUTPUT - - name: Checkout Repo @ SHA - ${{ github.sha }} - uses: actions/checkout@v4 - - name: Setup Node - uses: actions/setup-node@v4 - with: - node-version: 22 - - name: NPM Clean Install - # https://docs.npmjs.com/cli/v10/commands/npm-ci - run: npm ci - - name: Compile all NPM projects - run: npm run compile - - name: Build Lambda Layer - run: npm run build-lambda - - name: upload layer - uses: actions/upload-artifact@v4 - with: - name: layer.zip - path: lambda-layer/packages/layer/build/layer.zip - publish-prod: - runs-on: ubuntu-latest - needs: build-layer - strategy: - matrix: - aws_region: ${{ fromJson(needs.build-layer.outputs.aws_regions_json) }} - steps: - - name: role arn - env: - COMMERCIAL_REGIONS: ${{ env.COMMERCIAL_REGIONS }} - run: | - COMMERCIAL_REGIONS_ARRAY=(${COMMERCIAL_REGIONS//,/ }) - FOUND=false - for REGION in "${COMMERCIAL_REGIONS_ARRAY[@]}"; do - if [[ "$REGION" == "${{ matrix.aws_region }}" ]]; then - FOUND=true - break - fi - done - if [ "$FOUND" = true ]; then - echo "Found ${{ matrix.aws_region }} in COMMERCIAL_REGIONS" - SECRET_KEY="LAMBDA_LAYER_RELEASE" - else - echo "Not found ${{ matrix.aws_region }} in COMMERCIAL_REGIONS" - SECRET_KEY="${{ matrix.aws_region }}_LAMBDA_LAYER_RELEASE" - fi - SECRET_KEY=${SECRET_KEY//-/_} - echo "SECRET_KEY=${SECRET_KEY}" >> $GITHUB_ENV - - uses: aws-actions/configure-aws-credentials@v4.0.2 - with: - role-to-assume: ${{ secrets[env.SECRET_KEY] }} - role-duration-seconds: 1200 - aws-region: ${{ matrix.aws_region }} - - name: Get s3 bucket name for release - run: | - echo BUCKET_NAME=nodejs-lambda-layer-${{ github.run_id }}-${{ matrix.aws_region }} | tee --append $GITHUB_ENV - - name: download layer.zip - uses: actions/download-artifact@v4 - with: - name: layer.zip - - name: publish - run: | - aws s3 mb s3://${{ env.BUCKET_NAME }} - aws s3 cp layer.zip s3://${{ env.BUCKET_NAME }} - layerARN=$( - aws lambda publish-layer-version \ - --layer-name ${{ env.LAYER_NAME }} \ - --content S3Bucket=${{ env.BUCKET_NAME }},S3Key=layer.zip \ - --compatible-runtimes nodejs18.x nodejs20.x nodejs22.x \ - --compatible-architectures "arm64" "x86_64" \ - --license-info "Apache-2.0" \ - --description "AWS Distro of OpenTelemetry Lambda Layer for NodeJs Runtime" \ - --query 'LayerVersionArn' \ - --output text - ) - echo $layerARN - echo "LAYER_ARN=${layerARN}" >> $GITHUB_ENV - mkdir ${{ env.LAYER_NAME }} - echo $layerARN > ${{ env.LAYER_NAME }}/${{ matrix.aws_region }} - cat ${{ env.LAYER_NAME }}/${{ matrix.aws_region }} - - name: public layer - run: | - layerVersion=$( - aws lambda list-layer-versions \ - --layer-name ${{ env.LAYER_NAME }} \ - --query 'max_by(LayerVersions, &Version).Version' - ) - aws lambda add-layer-version-permission \ - --layer-name ${{ env.LAYER_NAME }} \ - --version-number $layerVersion \ - --principal "*" \ - --statement-id publish \ - --action lambda:GetLayerVersion - - name: upload layer arn artifact - if: ${{ success() }} - uses: actions/upload-artifact@v4 - with: - name: ${{ env.LAYER_NAME }}-${{ matrix.aws_region }} - path: ${{ env.LAYER_NAME }}/${{ matrix.aws_region }} - - name: clean s3 - if: always() - run: | - aws s3 rb --force s3://${{ env.BUCKET_NAME }} - generate-release-note: - runs-on: ubuntu-latest - needs: publish-prod - steps: - - name: Checkout Repo @ SHA - ${{ github.sha }} - uses: actions/checkout@v4 - - uses: hashicorp/setup-terraform@v2 - - name: download layerARNs - uses: actions/download-artifact@v4 - with: - pattern: ${{ env.LAYER_NAME }}-* - path: ${{ env.LAYER_NAME }} - merge-multiple: true - - name: show layerARNs - run: | - for file in ${{ env.LAYER_NAME }}/* - do - echo $file - cat $file - done - - name: generate layer-note - working-directory: ${{ env.LAYER_NAME }} - run: | - echo "| Region | Layer ARN |" >> ../layer-note - echo "| ---- | ---- |" >> ../layer-note - for file in * - do - read arn < $file - echo "| " $file " | " $arn " |" >> ../layer-note - done - cd .. - cat layer-note - - name: generate tf layer - working-directory: ${{ env.LAYER_NAME }} - run: | - echo "locals {" >> ../layer_arns.tf - echo " sdk_layer_arns = {" >> ../layer_arns.tf - for file in * - do - read arn < $file - echo " \""$file"\" = \""$arn"\"" >> ../layer_arns.tf - done - cd .. - echo " }" >> layer_arns.tf - echo "}" >> layer_arns.tf - terraform fmt layer_arns.tf - cat layer_arns.tf - - name: generate layer ARN constants for CDK - working-directory: ${{ env.LAYER_NAME }} - run: | - echo "{" > ../layer_cdk - for file in *; do - read arn < "$file" - echo " \"$file\": \"$arn\"," >> ../layer_cdk - done - echo "}" >> ../layer_cdk - cat ../layer_cdk - - name: download layer.zip - uses: actions/download-artifact@v4 - with: - name: layer.zip - - name: Get commit hash - id: commit - run: | - echo "sha_short=$(echo $GITHUB_SHA | cut -c1-7)" >> $GITHUB_OUTPUT - - name: Update GH release - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - TAG="v${{ github.event.inputs.version }}" - # Generate SHA-256 checksum for layer.zip - shasum -a 256 layer.zip > layer.zip.sha256 - gh release upload $TAG \ - layer.zip \ - layer.zip.sha256 \ - layer_arns.tf \ - --clobber - - name: Update Release Notes - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - TAG="v${{ github.event.inputs.version }}" - # Get current release notes - current_notes=$(gh release view $TAG --json body -q .body) - echo "This release also includes the AWS OpenTelemetry Lambda Layer for JavaScript version ${{ github.event.inputs.version }}-${{ steps.commit.outputs.sha_short }}." >> lambda_notes.md - echo "" >> lambda_notes.md - echo "Lambda Layer ARNs:" >> lambda_notes.md - echo "" >> lambda_notes.md - cat layer-note >> lambda_notes.md - echo "" >> lambda_notes.md - echo "Notes:" >> lambda_notes.md - { - echo "$current_notes" - echo "" - cat lambda_notes.md - } > updated_notes.md - # Update release notes - gh release edit $TAG --notes-file updated_notes.md \ No newline at end of file From 92daed44964c9df169242fa7cfa414173d2ddb3b Mon Sep 17 00:00:00 2001 From: Eric Zhang Date: Fri, 22 Aug 2025 15:55:58 -0700 Subject: [PATCH 7/8] remove LAMBDA_REGIONS var --- .github/workflows/release-build.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/release-build.yml b/.github/workflows/release-build.yml index eaeced83..47c4c3df 100644 --- a/.github/workflows/release-build.yml +++ b/.github/workflows/release-build.yml @@ -19,7 +19,6 @@ env: RELEASE_PRIVATE_REGISTRY: 020628701572.dkr.ecr.us-west-2.amazonaws.com PACKAGE_NAME: aws-distro-opentelemetry-node-autoinstrumentation ARTIFACT_NAME: aws-aws-distro-opentelemetry-node-autoinstrumentation-${{ github.event.inputs.version }}.tgz - LAMBDA_AWS_REGIONS: ${{ github.event.inputs.aws_region }} COMMERCIAL_REGIONS: us-east-1, us-east-2, us-west-1, us-west-2, ap-south-1, ap-northeast-3, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-northeast-1, ca-central-1, eu-central-1, eu-west-1, eu-west-2, eu-west-3, eu-north-1, sa-east-1, ap-southeast-5, ap-southeast-7, mx-central-1, ca-west-1, cn-north-1, cn-northwest-1 LAYER_NAME: AWSOpenTelemetryDistroJs @@ -152,7 +151,7 @@ jobs: - name: Set up regions matrix id: set-matrix run: | - IFS=',' read -ra REGIONS <<< "${{ env.LAMBDA_AWS_REGIONS }}" + IFS=',' read -ra REGIONS <<< "${{ github.event.inputs.aws_region }}" MATRIX="[" for region in "${REGIONS[@]}"; do trimmed_region=$(echo "$region" | xargs) From a21f235b01fdfbca8b807a8285fbcac89de4877f Mon Sep 17 00:00:00 2001 From: Eric Zhang Date: Mon, 25 Aug 2025 12:26:18 -0700 Subject: [PATCH 8/8] remove release environment from downstream job --- .github/workflows/release-build.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/release-build.yml b/.github/workflows/release-build.yml index 47c4c3df..bc7bf5c3 100644 --- a/.github/workflows/release-build.yml +++ b/.github/workflows/release-build.yml @@ -142,7 +142,6 @@ jobs: NPM_CONFIG_PROVENANCE: true run: npm publish build-layer: - environment: Release needs: build runs-on: ubuntu-latest outputs: