Skip to content

Commit

Permalink
Update github actions to deploy LWA layer in china regions (#266)
Browse files Browse the repository at this point in the history 
* Update github actions to deploy LWA layer in china regions

* deploy LWA layer in gamma accounts in china
  • Loading branch information
@mbfreder
mbfreder authored Aug 9, 2023
1 parent 7b1db82 commit cc19cc3
Show file tree
Hide file tree
Showing 3 changed files with 335 additions and 0 deletions.
20 changes: 20 additions & 0 deletions .github/workflows/cn-gamma.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
[
{
"artifacts_bucket": "aws-sam-cli-managed-gamma-pipelin-artifactsbucket-1pmml6dfys0rx",
"cloudformation_execution_role": "arn:aws-cn:iam::336678493554:role/aws-sam-cli-managed-gamma-CloudFormationExecutionR-1CDG186WIXL49",
"image_repository": "336678493554.dkr.ecr.cn-north-1.amazonaws.com.cn/aws-sam-cli-managed-gamma-pipeline-resources-imagerepository-jfceoqzu6uhe",
"pipeline_execution_role": "arn:aws-cn:iam::336678493554:role/aws-sam-cli-managed-gamma-pi-PipelineExecutionRole-ZO7FHGWQREIE",
"arm64_supported": false,
"region": "cn-north-1"
},
{
"artifacts_bucket": "aws-sam-cli-managed-gamma-pipelin-artifactsbucket-3fvfgiibxbkf",
"cloudformation_execution_role": "arn:aws-cn:iam::336815664844:role/aws-sam-cli-managed-gamma-CloudFormationExecutionR-GLTF2A1D149Y",
"image_repository": "336815664844.dkr.ecr.cn-northwest-1.amazonaws.com.cn/aws-sam-cli-managed-gamma-pipeline-resources-imagerepository-yhde61uzmjpx",
"pipeline_execution_role": "arn:aws-cn:iam::336815664844:role/aws-sam-cli-managed-gamma-pi-PipelineExecutionRole-1ANKMP1054CRU",
"arm64_supported": false,
"region": "cn-northwest-1"
}
]


18 changes: 18 additions & 0 deletions .github/workflows/cn-prod.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
[
{
"artifacts_bucket": "aws-sam-cli-managed-bjs-pipeline-artifactsbucket-1pmpo0vg2orma",
"cloudformation_execution_role": "arn:aws-cn:iam::041581134020:role/aws-sam-cli-managed-bjs-p-CloudFormationExecutionR-FIBRJ5SR32TU",
"image_repository": "041581134020.dkr.ecr.cn-north-1.amazonaws.com.cn/aws-sam-cli-managed-bjs-pipeline-resources-imagerepository-fyybklhlqavr",
"pipeline_execution_role": "arn:aws-cn:iam::041581134020:role/aws-sam-cli-managed-bjs-pipe-PipelineExecutionRole-1K7Y9PGEBE79R",
"arm64_supported": false,
"region": "cn-north-1"
},
{
"artifacts_bucket": "aws-sam-cli-managed-zhy-pipeline-artifactsbucket-1nxecxf5j1cmy",
"cloudformation_execution_role": "arn:aws-cn:iam::069767869989:role/aws-sam-cli-managed-zhy-p-CloudFormationExecutionR-17JWICM90EHQY",
"image_repository": "069767869989.dkr.ecr.cn-northwest-1.amazonaws.com.cn/aws-sam-cli-managed-zhy-pipeline-resources-imagerepository-eadb6wulxfhl",
"pipeline_execution_role": "arn:aws-cn:iam::069767869989:role/aws-sam-cli-managed-zhy-pipe-PipelineExecutionRole-JG1BG5I3CXDB",
"arm64_supported": false,
"region": "cn-northwest-1"
}
]
297 changes: 297 additions & 0 deletions .github/workflows/pipeline.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@ env:
CARGO_TERM_COLOR: always
PIPELINE_USER_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
PIPELINE_USER_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
PIPELINE_CN_USER_ACCESS_KEY_ID: ${{ secrets.AWS_CN_ACCESS_KEY_ID }}
PIPELINE_CN_USER_SECRET_ACCESS_KEY: ${{ secrets.AWS_CN_SECRET_ACCESS_KEY }}
SAM_TEMPLATE_X86_64: template-x86_64.yaml
SAM_TEMPLATE_ARM64: template-arm64.yaml
BETA_STACK_NAME: lambda-adapter-beta
Expand Down Expand Up @@ -349,6 +351,28 @@ jobs:
- uses: actions/checkout@v3
- id: set-matrix
run: echo "matrix={\"include\":$(jq -r tostring .github/workflows/prod.json)}" >> $GITHUB_OUTPUT

load-china-prod-matrix:
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }}
needs: [ e2e-test ]
runs-on: ubuntu-20.04
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- uses: actions/checkout@v3
- id: set-matrix
run: echo "matrix={\"include\":$(jq -r tostring .github/workflows/cn-prod.json)}" >> $GITHUB_OUTPUT

load-china-gamma-matrix:
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }}
needs: [ e2e-test ]
runs-on: ubuntu-20.04
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- uses: actions/checkout@v3
- id: set-matrix
run: echo "matrix={\"include\":$(jq -r tostring .github/workflows/cn-gamma.json)}" >> $GITHUB_OUTPUT

package-gamma:
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }}
Expand Down Expand Up @@ -486,6 +510,143 @@ jobs:
name: packaged-prod-arm64-${{ matrix.region }}.yaml
path: packaged-prod-arm64-${{ matrix.region }}.yaml

package-china-gamma:
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }}
needs: [ build, load-china-gamma-matrix ]
runs-on: ubuntu-20.04
strategy:
matrix: ${{fromJSON(needs.load-china-gamma-matrix.outputs.matrix)}}
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: "3.8"
- uses: aws-actions/setup-sam@v2

- name: Assume the china pipeline user role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-access-key-id: ${{ env.PIPELINE_CN_USER_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.PIPELINE_CN_USER_SECRET_ACCESS_KEY }}
aws-region: ${{ matrix.region }}
role-to-assume: ${{ matrix.pipeline_execution_role }}
role-session-name: china-gamma-packaging
role-duration-seconds: 3600
role-skip-session-tagging: true

- uses: actions/download-artifact@v3
with:
name: aws-sam-build-x86_64

- name: extract build_x86_64
run: |
tar -xvf build-x86_64.tar
- name: Upload x86_64 layer to gamma artifact buckets
run: |
sam package \
--template build-x86_64/template.yaml \
--s3-bucket ${{ matrix.artifacts_bucket }} \
--image-repository ${{ matrix.image_repository }} \
--region ${{ matrix.region }} \
--output-template-file packaged-china-gamma-x86_64-${{ matrix.region }}.yaml
- uses: actions/upload-artifact@v3
with:
name: packaged-china-gamma-x86_64-${{ matrix.region }}.yaml
path: packaged-china-gamma-x86_64-${{ matrix.region }}.yaml

- uses: actions/download-artifact@v3
with:
name: aws-sam-build-arm64

- name: extract build_arm64
run: |
tar -xvf build-arm64.tar
- name: Upload arm64 layer to gamma artifact buckets
run: |
sam package \
--template build-arm64/template.yaml \
--s3-bucket ${{ matrix.artifacts_bucket }} \
--image-repository ${{ matrix.image_repository }} \
--region ${{ matrix.region }} \
--output-template-file packaged-china-gamma-arm64-${{ matrix.region }}.yaml
- uses: actions/upload-artifact@v3
with:
name: packaged-china-gamma-arm64-${{ matrix.region }}.yaml
path: packaged-china-gamma-arm64-${{ matrix.region }}.yaml


package-china-prod:
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }}
needs: [ build, load-china-prod-matrix ]
runs-on: ubuntu-20.04
strategy:
matrix: ${{fromJSON(needs.load-china-prod-matrix.outputs.matrix)}}
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: "3.8"
- uses: aws-actions/setup-sam@v2

- name: Assume the china pipeline user role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-access-key-id: ${{ env.PIPELINE_CN_USER_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.PIPELINE_CN_USER_SECRET_ACCESS_KEY }}
aws-region: ${{ matrix.region }}
role-to-assume: ${{ matrix.pipeline_execution_role }}
role-session-name: china-prod-packaging
role-duration-seconds: 3600
role-skip-session-tagging: true

- uses: actions/download-artifact@v3
with:
name: aws-sam-build-x86_64

- name: extract build_x86_64
run: |
tar -xvf build-x86_64.tar
- name: Upload x86_64 layer to prod artifact buckets
run: |
sam package \
--template build-x86_64/template.yaml \
--s3-bucket ${{ matrix.artifacts_bucket }} \
--image-repository ${{ matrix.image_repository }} \
--region ${{ matrix.region }} \
--output-template-file packaged-china-prod-x86_64-${{ matrix.region }}.yaml
- uses: actions/upload-artifact@v3
with:
name: packaged-china-prod-x86_64-${{ matrix.region }}.yaml
path: packaged-china-prod-x86_64-${{ matrix.region }}.yaml

- uses: actions/download-artifact@v3
with:
name: aws-sam-build-arm64

- name: extract build_arm64
run: |
tar -xvf build-arm64.tar
- name: Upload arm64 layer to prod artifact buckets
run: |
sam package \
--template build-arm64/template.yaml \
--s3-bucket ${{ matrix.artifacts_bucket }} \
--image-repository ${{ matrix.image_repository }} \
--region ${{ matrix.region }} \
--output-template-file packaged-china-prod-arm64-${{ matrix.region }}.yaml
- uses: actions/upload-artifact@v3
with:
name: packaged-china-prod-arm64-${{ matrix.region }}.yaml
path: packaged-china-prod-arm64-${{ matrix.region }}.yaml

load-gamma-matrix2:
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }}
needs: [ e2e-test, package-gamma ]
Expand Down Expand Up @@ -619,6 +780,142 @@ jobs:
--no-fail-on-empty-changeset \
--role-arn ${{ matrix.cloudformation_execution_role }}
load-china-gamma-matrix2:
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }}
needs: [ e2e-test ]
runs-on: ubuntu-20.04
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- uses: actions/checkout@v3
- id: set-matrix
run: echo "matrix={\"include\":$(jq -r tostring .github/workflows/cn-gamma.json)}" >> $GITHUB_OUTPUT

deploy-china-gamma:
if: ${{ github.event_name == 'release' }}
needs: [load-china-gamma-matrix2]
runs-on: ubuntu-20.04
environment: prod
strategy:
matrix: ${{fromJSON(needs.load-china-gamma-matrix2.outputs.matrix)}}
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: "3.8"
- uses: aws-actions/setup-sam@v2

- name: Assume the china pipeline user role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-access-key-id: ${{ env.PIPELINE_CN_USER_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.PIPELINE_CN_USER_SECRET_ACCESS_KEY }}
aws-region: ${{ matrix.region }}
role-to-assume: ${{ matrix.pipeline_execution_role }}
role-session-name: china-deployment
role-duration-seconds: 3600
role-skip-session-tagging: true

- uses: actions/download-artifact@v3
with:
name: packaged-china-gamma-x86_64-${{ matrix.region }}.yaml

- name: Deploy x86_64 Layer to all regions in china
run: |
sam deploy --stack-name lambda-adapter-gamma-x86-${{ matrix.region }} \
--template packaged-china-gamma-x86_64-${{ matrix.region }}.yaml \
--capabilities CAPABILITY_IAM \
--region ${{ matrix.region }} \
--s3-bucket ${{ matrix.artifacts_bucket }} \
--image-repository ${{ matrix.image_repository }} \
--no-fail-on-empty-changeset \
--role-arn ${{ matrix.cloudformation_execution_role }}
- uses: actions/download-artifact@v3
with:
name: packaged-china-gamma-arm64-${{ matrix.region }}.yaml

- name: Deploy arm64 Layer to supported china regions
if: ${{ matrix.arm64_supported }}
run: |
sam deploy --stack-name lambda-adapter-gamma-arm64-${{ matrix.region }} \
--template packaged-china-gamma-arm64-${{ matrix.region }}.yaml \
--capabilities CAPABILITY_IAM \
--region ${{ matrix.region }} \
--s3-bucket ${{ matrix.artifacts_bucket }} \
--image-repository ${{ matrix.image_repository }} \
--no-fail-on-empty-changeset \
--role-arn ${{ matrix.cloudformation_execution_role }}
load-china-prod-matrix2:
if: ${{ github.ref == 'refs/heads/main' || github.event_name == 'release' }}
needs: [ e2e-test, package-china-prod]
runs-on: ubuntu-20.04
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- uses: actions/checkout@v3
- id: set-matrix
run: echo "matrix={\"include\":$(jq -r tostring .github/workflows/china.json)}" >> $GITHUB_OUTPUT

deploy-china-prod:
if: ${{ github.event_name == 'release' }}
needs: [load-china-prod-matrix2]
runs-on: ubuntu-20.04
environment: prod
strategy:
matrix: ${{fromJSON(needs.load-china-prod-matrix2.outputs.matrix)}}
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
with:
python-version: "3.8"
- uses: aws-actions/setup-sam@v2

- name: Assume the china pipeline user role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-access-key-id: ${{ env.PIPELINE_CN_USER_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.PIPELINE_CN_USER_SECRET_ACCESS_KEY }}
aws-region: ${{ matrix.region }}
role-to-assume: ${{ matrix.pipeline_execution_role }}
role-session-name: china-deployment
role-duration-seconds: 3600
role-skip-session-tagging: true

- uses: actions/download-artifact@v3
with:
name: packaged-china-prod-x86_64-${{ matrix.region }}.yaml

- name: Deploy x86_64 Layer to all regions in china
run: |
sam deploy --stack-name lambda-adapter-prod-x86-${{ matrix.region }} \
--template packaged-china-prod-x86_64-${{ matrix.region }}.yaml \
--capabilities CAPABILITY_IAM \
--region ${{ matrix.region }} \
--s3-bucket ${{ matrix.artifacts_bucket }} \
--image-repository ${{ matrix.image_repository }} \
--no-fail-on-empty-changeset \
--role-arn ${{ matrix.cloudformation_execution_role }}
- uses: actions/download-artifact@v3
with:
name: packaged-china-prod-arm64-${{ matrix.region }}.yaml

- name: Deploy arm64 Layer to supported china regions
if: ${{ matrix.arm64_supported }}
run: |
sam deploy --stack-name lambda-adapter-prod-arm64-${{ matrix.region }} \
--template packaged-china-prod-arm64-${{ matrix.region }}.yaml \
--capabilities CAPABILITY_IAM \
--region ${{ matrix.region }} \
--s3-bucket ${{ matrix.artifacts_bucket }} \
--image-repository ${{ matrix.image_repository }} \
--no-fail-on-empty-changeset \
--role-arn ${{ matrix.cloudformation_execution_role }}

publish-to-public-ecr:
if: ${{ github.event_name == 'release' }}
needs: [deploy-prod]
Expand Down

0 comments on commit cc19cc3

Please sign in to comment.