From 81da9496c592f3fcb4d16e8b82513218351e80d1 Mon Sep 17 00:00:00 2001 From: ralongit Date: Sun, 16 Jun 2024 17:08:29 +0300 Subject: [PATCH 1/3] Add Lambda layer resource policy - Fixes permission issues with pulling our lambda layers --- .github/workflows/release.yml | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a14ca77..1c54c13 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -29,13 +29,22 @@ jobs: - name: Deploy Layer to AWS region ${{ matrix.aws-region }} working-directory: ./logzio-lambda-extensions-logs/bin run: | - aws lambda publish-layer-version \ + LAYER_VERSION=$(aws lambda publish-layer-version \ --layer-name LogzioLambdaExtensionLogs \ --description "Extension for shipping Lambda logs to Logz.io ${{ github.event.release.tag_name }}." \ --zip-file "fileb://extension.zip" \ --region ${{ matrix.aws-region }} \ --compatible-runtimes dotnet8 python3.12 provided.al2023 dotnet6 java11 java17 java8.al2 nodejs16.x nodejs18.x python3.10 python3.11 python3.8 python3.9 ruby3.2 provided.al2 \ - --compatible-architectures x86_64 + --compatible-architectures x86_64 \ + --output text --query 'Version') + + aws lambda add-layer-version-permission \ + --layer-name LogzioLambdaExtensionLogs \ + --version-number $LAYER_VERSION \ + --statement-id public-access-statement \ + --principal '*' \ + --action lambda:GetLayerVersion \ + --region ${{ matrix.aws-region }} # ARM Build - name: Build ARM ZIP File @@ -44,10 +53,19 @@ jobs: - name: Deploy ARM Layer to AWS region ${{ matrix.aws-region }} working-directory: ./logzio-lambda-extensions-logs/bin run: | - aws lambda publish-layer-version \ + LAYER_VERSION=$(aws lambda publish-layer-version \ --layer-name LogzioLambdaExtensionLogsArm \ - --description "Extension for shipping Lambda logs to Logz.io $ {{ github.event.release.tag_name }}, for arm64 architecture." \ + --description "Extension for shipping Lambda logs to Logz.io ${{ github.event.release.tag_name }}, for arm64 architecture." \ --zip-file "fileb://extension.zip" \ --region ${{ matrix.aws-region }} \ --compatible-runtimes dotnet8 python3.12 provided.al2023 dotnet6 java11 java17 java8.al2 nodejs16.x nodejs18.x python3.10 python3.11 python3.8 python3.9 ruby3.2 provided.al2 \ - --compatible-architectures arm64 + --compatible-architectures arm64 \ + --output text --query 'Version') + + aws lambda add-layer-version-permission \ + --layer-name LogzioLambdaExtensionLogs \ + --version-number $LAYER_VERSION \ + --statement-id public-access-statement \ + --principal '*' \ + --action lambda:GetLayerVersion \ + --region ${{ matrix.aws-region }} \ No newline at end of file From a0b1a052ad19a5a602c83d15c1bb3a32c9398cff Mon Sep 17 00:00:00 2001 From: ralongit Date: Sun, 16 Jun 2024 17:12:57 +0300 Subject: [PATCH 2/3] Fix ARM release --- .github/workflows/release.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1c54c13..b71e6fa 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -26,7 +26,7 @@ jobs: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-region: ${{ matrix.aws-region }} - - name: Deploy Layer to AWS region ${{ matrix.aws-region }} + - name: Deploy AMD64 Layer to AWS region ${{ matrix.aws-region }} working-directory: ./logzio-lambda-extensions-logs/bin run: | LAYER_VERSION=$(aws lambda publish-layer-version \ @@ -55,7 +55,7 @@ jobs: run: | LAYER_VERSION=$(aws lambda publish-layer-version \ --layer-name LogzioLambdaExtensionLogsArm \ - --description "Extension for shipping Lambda logs to Logz.io ${{ github.event.release.tag_name }}, for arm64 architecture." \ + --description "Extension for shipping Lambda logs to Logz.io ${{ github.event.release.tag_name }}, for arm64 architecture.." \ --zip-file "fileb://extension.zip" \ --region ${{ matrix.aws-region }} \ --compatible-runtimes dotnet8 python3.12 provided.al2023 dotnet6 java11 java17 java8.al2 nodejs16.x nodejs18.x python3.10 python3.11 python3.8 python3.9 ruby3.2 provided.al2 \ @@ -63,7 +63,7 @@ jobs: --output text --query 'Version') aws lambda add-layer-version-permission \ - --layer-name LogzioLambdaExtensionLogs \ + --layer-name LogzioLambdaExtensionLogsArm \ --version-number $LAYER_VERSION \ --statement-id public-access-statement \ --principal '*' \ From c006aff85dd0ec34251f248244659358fd970ecb Mon Sep 17 00:00:00 2001 From: ralongit Date: Sun, 16 Jun 2024 18:26:06 +0300 Subject: [PATCH 3/3] Breakdown release steps --- .github/workflows/release.yml | 75 +++++++++++++++++++---------------- 1 file changed, 40 insertions(+), 35 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b71e6fa..25de7bf 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -15,57 +15,62 @@ jobs: uses: actions/setup-go@v5 with: go-version: 1.22 - - # AMD Build - - name: Build AMD ZIP File - working-directory: ./logzio-lambda-extensions-logs - run: ./build-zip.sh - name: Setup AWS uses: aws-actions/configure-aws-credentials@v4 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-region: ${{ matrix.aws-region }} - - name: Deploy AMD64 Layer to AWS region ${{ matrix.aws-region }} + # AMD Build + - name: Build AMD ZIP File + working-directory: ./logzio-lambda-extensions-logs + run: ./build-zip.sh + - name: Publish AMD64 Layer Version working-directory: ./logzio-lambda-extensions-logs/bin run: | LAYER_VERSION=$(aws lambda publish-layer-version \ - --layer-name LogzioLambdaExtensionLogs \ - --description "Extension for shipping Lambda logs to Logz.io ${{ github.event.release.tag_name }}." \ - --zip-file "fileb://extension.zip" \ - --region ${{ matrix.aws-region }} \ - --compatible-runtimes dotnet8 python3.12 provided.al2023 dotnet6 java11 java17 java8.al2 nodejs16.x nodejs18.x python3.10 python3.11 python3.8 python3.9 ruby3.2 provided.al2 \ - --compatible-architectures x86_64 \ - --output text --query 'Version') - + --layer-name LogzioLambdaExtensionLogs \ + --description "Extension for shipping Lambda logs to Logz.io ${{ github.event.release.tag_name }}." \ + --zip-file "fileb://extension.zip" \ + --region ${{ matrix.aws-region }} \ + --compatible-runtimes dotnet8 python3.12 provided.al2023 dotnet6 java11 java17 java8.al2 nodejs16.x nodejs18.x python3.10 python3.11 python3.8 python3.9 ruby3.2 provided.al2 \ + --compatible-architectures x86_64 \ + --output text --query 'Version') + echo "Layer Version: $LAYER_VERSION" # Save the version for next step + - name: Grant Public GetLayerVersion Permission for AMD64 + working-directory: ./logzio-lambda-extensions-logs/bin + run: | aws lambda add-layer-version-permission \ - --layer-name LogzioLambdaExtensionLogs \ - --version-number $LAYER_VERSION \ - --statement-id public-access-statement \ - --principal '*' \ - --action lambda:GetLayerVersion \ - --region ${{ matrix.aws-region }} + --layer-name LogzioLambdaExtensionLogs \ + --version-number ${{ steps.publish.outputs.LAYER_VERSION }} \ + --statement-id public-access-statement \ + --principal '*' \ + --action lambda:GetLayerVersion \ + --region ${{ matrix.aws-region }} # ARM Build - name: Build ARM ZIP File working-directory: ./logzio-lambda-extensions-logs run: chmod +x ./build-arm-zip.sh - - name: Deploy ARM Layer to AWS region ${{ matrix.aws-region }} + - name: Publish ARM64 Layer Version working-directory: ./logzio-lambda-extensions-logs/bin run: | LAYER_VERSION=$(aws lambda publish-layer-version \ - --layer-name LogzioLambdaExtensionLogsArm \ - --description "Extension for shipping Lambda logs to Logz.io ${{ github.event.release.tag_name }}, for arm64 architecture.." \ - --zip-file "fileb://extension.zip" \ - --region ${{ matrix.aws-region }} \ - --compatible-runtimes dotnet8 python3.12 provided.al2023 dotnet6 java11 java17 java8.al2 nodejs16.x nodejs18.x python3.10 python3.11 python3.8 python3.9 ruby3.2 provided.al2 \ - --compatible-architectures arm64 \ - --output text --query 'Version') - + --layer-name LogzioLambdaExtensionLogsArm \ + --description "Extension for shipping Lambda logs to Logz.io ${{ github.event.release.tag_name }}, for arm64 architecture.." \ + --zip-file "fileb://extension.zip" \ + --region ${{ matrix.aws-region }} \ + --compatible-runtimes dotnet8 python3.12 provided.al2023 dotnet6 java11 java17 java8.al2 nodejs16.x nodejs18.x python3.10 python3.11 python3.8 python3.9 ruby3.2 provided.al2 \ + --compatible-architectures arm64 \ + --output text --query 'Version') + echo "Layer Version: $LAYER_VERSION" # Save the version for next step + - name: Grant Public GetLayerVersion Permission + working-directory: ./logzio-lambda-extensions-logs/bin + run: | aws lambda add-layer-version-permission \ - --layer-name LogzioLambdaExtensionLogsArm \ - --version-number $LAYER_VERSION \ - --statement-id public-access-statement \ - --principal '*' \ - --action lambda:GetLayerVersion \ - --region ${{ matrix.aws-region }} \ No newline at end of file + --layer-name LogzioLambdaExtensionLogsArm \ + --version-number ${{ steps.publish.outputs.LAYER_VERSION }} \ + --statement-id public-access-statement \ + --principal '*' \ + --action lambda:GetLayerVersion \ + --region ${{ matrix.aws-region }} \ No newline at end of file