improv(ci): Automate the SSM Parameter Update step of the release workflow (#4356)

Author: sdangol

.github/scripts/update_layer_arn.sh

@@ -8,13 +8,12 @@
 # see .github/workflows/publish_layer.yml
 
 
-# Get the new layer arn from the first command-line argument
-new_layer_arn=$1
-if [ -z "$new_layer_arn" ]; then
-    echo "Usage: $0 <new_layer_arn>"
+# Get the new layer version from the first command-line argument
+new_version=$1
+if [ -z "$new_version" ]; then
+    echo "Usage: $0 <new_version>"
     exit 1
 fi
-new_version=$(echo $new_layer_arn | sed 's/.*://')
 
 # Find all files with specified extensions in ./docs and ./examples directories
 # -type f: only find files (not directories)

.github/workflows/publish_layer.yml

@@ -80,6 +80,16 @@ jobs:
     secrets:
       target-account-role: ${{ secrets.AWS_LAYERS_PROD_ROLE_ARN }}
 
+  update-ssm-prod:
+    needs: [deploy-prod]
+    uses: ./.github/workflows/update_ssm.yml
+    permissions:
+      contents: read
+    with:
+      environment: prod
+      package_version: ${{ inputs.latest_published_version }}
+      layer-version: ${{ needs.deploy-prod.outputs.layer-version }}
+
   update_layer_arn_docs:
     needs: [deploy-prod]
     # Force Github action to run only a single job at a time (based on the group name)
@@ -98,7 +108,7 @@ jobs:
           ref: ${{ github.sha }}
       - name: Replace layer versions in documentation
         run: |
-          ./.github/scripts/update_layer_arn.sh ${{ needs.deploy-prod.outputs.layer-arn }}
+          ./.github/scripts/update_layer_arn.sh ${{ needs.deploy-prod.outputs.layer-version }}
       - name: Stage changes
         run: git add .
       - name: Create PR

.github/workflows/reusable_deploy_layer_stack.yml

@@ -16,9 +16,9 @@ on:
         required: true
         type: string
     outputs:
-      layer-arn:
-        description: "The latest deployed Layer ARN"
-        value: ${{ jobs.deploy-cdk-stack.outputs.layer-arn }}
+      layer-version:
+        description: "The latest deployed Layer version"
+        value: ${{ jobs.deploy-cdk-stack.outputs.layer-version }}
     secrets:
       target-account-role:
         required: true
@@ -70,7 +70,7 @@ jobs:
             "mx-central-1"
           ]
     outputs:
-      layer-arn: ${{ steps.store-latest-layer-arn.outputs.layer-arn }}
+      layer-version: ${{ steps.store-latest-layer-arn.outputs.layer-version }}
     steps:
       - name: checkout
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8  # v5.0.0
@@ -100,10 +100,11 @@ jobs:
         run: |
           mkdir cdk-layer-stack
           jq -r -c '.LayerPublisherStack.LatestLayerArn' layers/cdk-outputs.json > cdk-layer-stack/${{ matrix.region }}-layer-version.txt
+          layer_arn=$(cat cdk-layer-stack/${{ matrix.region }}-layer-version.txt)
+          echo "$layer_arn"
           if [ "${{ matrix.region }}" = "us-east-1" ]; then
-            echo "layer-arn=$(cat cdk-layer-stack/${{ matrix.region }}-layer-version.txt)" | tee -a "$GITHUB_OUTPUT"
-          else
-            cat cdk-layer-stack/${{ matrix.region }}-layer-version.txt
+            layer_version=$(echo $layer_arn | sed 's/.*://')
+            echo "layer-version=$layer_version" >> "$GITHUB_OUTPUT"
           fi
       - name: Save Layer ARN artifact
         if: ${{ inputs.stage == 'PROD' }}

.github/workflows/update_ssm.yml

@@ -5,7 +5,6 @@
 # * environment: will prefix /beta/ into the parameter
 # * write_latest: will create a latest alias instead of a version number in the parameter
 # * package_version: semantic version number of the released layer (3.x.y)
-# * layer_version: this is sequential layer version from the ARN
 #
 # A successful parameter would look similar to:
 #   /aws/service/powertools/python/arm64/python3.8/3.1.0
@@ -27,8 +26,8 @@ on:
         description: Environment to deploy to
         type: choice
         options:
-          - Beta
-          - Prod
+          - beta
+          - prod
         required: true
 
       write_latest:
@@ -41,8 +40,29 @@ on:
         type: string
         required: true
 
-      layer_version:
-        description: Layer version
+      layer-version:
+        description: Layer version of the published layer
+        type: string
+        required: true
+
+  workflow_call:
+    inputs:
+      environment:
+        description: Environment to deploy to
+        type: string
+        required: true
+
+      write_latest:
+        description: Write to the latest path
+        type: boolean
+        required: false
+
+      package_version:
+        description: Semantic Version of published layer
+        type: string
+        required: true
+      layer-version:
+        description: Layer version of the published layer
         type: string
         required: true
 
@@ -111,11 +131,11 @@ jobs:
         env:
           prefix: ${{ inputs.environment == 'beta' && '/aws/service/powertools/beta' || '/aws/service/powertools' }}
         run: |
-          aws ssm put-parameter --name ${{ env.prefix }}/typescript/generic/all/${{ inputs.package_version }} --value "arn:aws:lambda:${{ matrix.region }}:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:${{ inputs.layer_version }}" --type String --overwrite
+          aws ssm put-parameter --name ${{ env.prefix }}/typescript/generic/all/${{ inputs.package_version }} --value "arn:aws:lambda:${{ matrix.region }}:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:${{ inputs.layer-version }}" --type String --overwrite
 
       - id: write-latest
         if: inputs.write_latest == true
         env:
           prefix: ${{ inputs.environment == 'beta' && '/aws/service/powertools/beta' || '/aws/service/powertools' }}
         run: |
-          aws ssm put-parameter --name ${{ env.prefix }}/typescript/generic/all/latest --value "arn:aws:lambda:${{ matrix.region }}:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:${{ inputs.layer_version }}" --type String --overwrite
+          aws ssm put-parameter --name ${{ env.prefix }}/typescript/generic/all/latest --value "arn:aws:lambda:${{ matrix.region }}:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:${{ inputs.layer-version }}" --type String --overwrite

docs/maintainers.md

@@ -190,21 +190,7 @@ targeting the `Prod` deployment environment and the China partition, and using t
 This will publish the Lambda layer to the AWS China (Beijing) Region.
 9. **Merge docs PR**: Once the `Layer Deployment (Partition)` workflow for the production China partition is complete,
 merge the PR from step 4 to update the documentation with the new version.
-10. **Update SSM Parameters (Beta)**: Run the `SSM Parameters` workflow with the `main` branch, targeting the `beta`
-deployment environment, and using the package version from npm (i.e., `2.20.0`) and Lambda layer version from step 4.
-This will update the SSM parameters with the new version.
-11. **Verify SSM Parameters (Beta)**: Use the AWS CLI to verify that the SSM parameters were updated correctly. Run
-the following command: `aws ssm get-parameter --name=/aws/service/powertools/beta/typescript/generic/all/latest`
-and `aws ssm get-parameter --name=/aws/service/powertools/beta/typescript/generic/all/<version>` to verify that the
-SSM parameters were updated correctly.
-12. **Update SSM Parameters (Prod)**: Run the `SSM Parameters` workflow with the `main` branch, targeting the `prod`
-deployment environment, and using the package version from npm (i.e., `2.20.0`) and Lambda layer version from step 4.
-This will update the SSM parameters with the new version.
-13. **Verify SSM Parameters (Prod)**: Use the AWS CLI to verify that the SSM parameters were updated correctly. Run
-the following command: `aws ssm get-parameter --name=/aws/service/powertools/typescript/generic/all/latest`
-and `aws ssm get-parameter --name=/aws/service/powertools/typescript/generic/all/<version>` to verify that the
-SSM parameters were updated correctly.
-14. **Update Docs**: Run the `Rebuild latest docs` workflow with the `main` branch using the package version from
+10. **Update Docs**: Run the `Rebuild latest docs` workflow with the `main` branch using the package version from
 npm (i.e. `2.20.0`). This will update the documentation with the new version.
 
 Once complete, you can start drafting the release notes to let customers know **what changed and what's in it for them (a.k.a why they should care)**. We have guidelines in the release notes section so you know what good looks like.