v0.11.0 #820
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| release: | |
| types: [published] | |
| jobs: | |
| check-access: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| has-token-access: ${{ steps.check.outputs.has-token-access }} | |
| steps: | |
| - id: check | |
| run: | | |
| echo "has-token-access=$(if [[ '${{ github.event.pull_request.head.repo.fork }}' != 'true' && '${{ github.actor }}' != 'dependabot[bot]' ]]; then echo 'true'; else echo 'false'; fi)" >> $GITHUB_OUTPUT | |
| dotnet-tests: | |
| needs: check-access | |
| runs-on: ubuntu-latest | |
| if: github.event_name != 'pull_request' || !contains( github.event.pull_request.labels.*.name, 'USE-PUBLIC-IMAGES') | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Run DotNet Tests | |
| run: | | |
| dotnet test --collect:"XPlat Code Coverage" | |
| - name: Generate code coverage | |
| run: | | |
| dotnet tool install --global dotnet-reportgenerator-globaltool | |
| reportgenerator \ | |
| "-reports:test/coverage/projects/**/coverage.opencover.xml" \ | |
| "-targetdir:coveragereport" \ | |
| -reporttypes:lcov | |
| - name: Upload code coverage | |
| if: github.event_name == 'pull_request' && needs.check-access.outputs.has-token-access == 'true' | |
| uses: ./.github/actions/coverage-report | |
| with: | |
| lcov-file: coveragereport/lcov.info | |
| title: DotNet Code Coverage Report | |
| rust-tests: | |
| needs: check-access | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| if: github.event_name != 'pull_request' || !contains( github.event.pull_request.labels.*.name, 'USE-PUBLIC-IMAGES') | |
| env: | |
| CARGO_TERM_COLOR: always | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: moonrepo/setup-rust@v1 | |
| - name: Install cargo-llvm-cov | |
| uses: taiki-e/install-action@cargo-llvm-cov | |
| - name: Generate code coverage | |
| run: cargo llvm-cov --all-features --workspace --lcov --output-path lcov.info | |
| - name: Upload code coverage | |
| if: github.event_name == 'pull_request' && needs.check-access.outputs.has-token-access == 'true' | |
| uses: ./.github/actions/coverage-report | |
| with: | |
| lcov-file: lcov.info | |
| title: Rust Code Coverage Report | |
| build-router: | |
| needs: check-access | |
| if: github.event_name != 'pull_request' || !contains( github.event.pull_request.labels.*.name, 'USE-PUBLIC-IMAGES') | |
| env: | |
| PUBLIC_REGISTRY_IMAGE: public.ecr.aws/pwrdrvr/lambda-dispatch-router${{ github.event_name == 'pull_request' && '-dev' || '' }} | |
| PRIVATE_REGISTRY_IMAGE: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.us-east-2.amazonaws.com/lambda-dispatch-router | |
| strategy: | |
| matrix: | |
| include: | |
| - arch: amd64 | |
| runner: ubuntu-latest | |
| platform: linux/amd64 | |
| build_arch: linux-x64 | |
| - arch: arm64 | |
| runner: [self-hosted, arm64] | |
| platform: linux/arm64 | |
| build_arch: linux-arm64 | |
| runs-on: ${{ matrix.runner }} | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Run the certs script | |
| run: | | |
| ./certs.sh | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| ${{ env.PUBLIC_REGISTRY_IMAGE }} | |
| ${{ env.PRIVATE_REGISTRY_IMAGE }} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Set up values to identify image build | |
| id: image-ids | |
| run: | | |
| echo "BUILD_TIME=$(date)" >> $GITHUB_OUTPUT | |
| echo "GIT_HASH=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT | |
| - name: Configure AWS Credentials | |
| if: needs.check-access.outputs.has-token-access == 'true' | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-session-name: lambda-dispatch-ghpublic-build | |
| role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/builder-writeRole | |
| aws-region: us-east-1 | |
| - name: Login to ECR Public | |
| if: needs.check-access.outputs.has-token-access == 'true' | |
| id: login-ecr-public | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| with: | |
| registry-type: public | |
| - name: Configure AWS Credentials | |
| if: needs.check-access.outputs.has-token-access == 'true' | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-session-name: lambda-dispatch-ghpublic-build | |
| role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/builder-writeRole | |
| aws-region: us-east-2 | |
| - name: Login to ECR Private | |
| if: needs.check-access.outputs.has-token-access == 'true' | |
| id: login-ecr-private | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| with: | |
| registry-type: private | |
| - name: Build Router Private | |
| id: build-private | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ./DockerfileRouter | |
| build-args: | | |
| BUILD_ARCH=${{ matrix.build_arch }} | |
| BUILD_TIME=${{ steps.image-ids.outputs.BUILD_TIME }} | |
| GIT_HASH=${{ steps.image-ids.outputs.GIT_HASH }} | |
| platforms: ${{ matrix.platform }} | |
| outputs: | | |
| type=image,name=${{ env.PRIVATE_REGISTRY_IMAGE }},push-by-digest=${{ needs.check-access.outputs.has-token-access == 'true' }},name-canonical=true,push=${{ needs.check-access.outputs.has-token-access == 'true' }} | |
| - name: Build Router Public | |
| id: build-public | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ./DockerfileRouter | |
| build-args: | | |
| BUILD_ARCH=${{ matrix.build_arch }} | |
| BUILD_TIME=${{ steps.image-ids.outputs.BUILD_TIME }} | |
| GIT_HASH=${{ steps.image-ids.outputs.GIT_HASH }} | |
| platforms: ${{ matrix.platform }} | |
| outputs: | | |
| type=image,name=${{ env.PUBLIC_REGISTRY_IMAGE }},push-by-digest=${{ needs.check-access.outputs.has-token-access == 'true' }},name-canonical=true,push=${{ needs.check-access.outputs.has-token-access == 'true' }} | |
| - name: Debug metadata | |
| run: | | |
| echo "steps.build-private.outputs.metadata: ${{ steps.build-private.outputs.metadata }}" | |
| echo "steps.build-public.outputs.metadata: ${{ steps.build-public.outputs.metadata }}" | |
| - name: Export digest | |
| run: | | |
| mkdir -p /tmp/digests-router/public /tmp/digests-router/private | |
| rm -rf /tmp/digests-router/public/* /tmp/digests-router/private/* || true | |
| digest="${{ steps.build-private.outputs.digest }}" | |
| touch "/tmp/digests-router/private/${digest#sha256:}" | |
| digest="${{ steps.build-public.outputs.digest }}" | |
| touch "/tmp/digests-router/public/${digest#sha256:}" | |
| - name: Upload digest | |
| if: needs.check-access.outputs.has-token-access == 'true' | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: digests-router | |
| path: /tmp/digests-router/* | |
| if-no-files-found: error | |
| retention-days: 1 | |
| merge-router: | |
| if: needs.check-access.outputs.has-token-access == 'true' && (github.event_name != 'pull_request' || !contains( github.event.pull_request.labels.*.name, 'USE-PUBLIC-IMAGES')) | |
| env: | |
| PUBLIC_REGISTRY_IMAGE: public.ecr.aws/pwrdrvr/lambda-dispatch-router${{ github.event_name == 'pull_request' && '-dev' || '' }} | |
| PRIVATE_REGISTRY_IMAGE: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.us-east-2.amazonaws.com/lambda-dispatch-router | |
| runs-on: ubuntu-latest | |
| needs: | |
| - check-access | |
| - build-router | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - name: Clear digests | |
| run: | | |
| rm -rf /tmp/digests-router/* || true | |
| - name: Download digests | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: digests-router | |
| path: /tmp/digests-router | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Docker meta public | |
| id: meta-public | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| ${{ env.PUBLIC_REGISTRY_IMAGE }} | |
| tags: | | |
| enable=${{ github.event_name == 'release' }},type=raw,value=latest | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=semver,pattern={{version}} | |
| labels: | | |
| org.opencontainers.image.source=${{ github.event.repository.html_url }} | |
| org.opencontainers.image.revision=${{ github.sha }} | |
| - name: Docker meta private | |
| id: meta-private | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| ${{ env.PRIVATE_REGISTRY_IMAGE }} | |
| tags: | | |
| enable=${{ github.event_name == 'release' }},type=raw,value=latest | |
| type=ref,event=branch | |
| type=semver,pattern={{version}} | |
| type=ref,event=pr | |
| type=ref,event=pr,suffix=-{{sha}} | |
| labels: | | |
| org.opencontainers.image.source=${{ github.event.repository.html_url }} | |
| org.opencontainers.image.revision=${{ github.sha }} | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-session-name: lambda-dispatch-ghpublic-build | |
| role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/builder-writeRole | |
| aws-region: us-east-1 | |
| - name: Login to ECR Public | |
| id: login-ecr-public | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| with: | |
| registry-type: public | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-session-name: lambda-dispatch-ghpublic-build | |
| role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/builder-writeRole | |
| aws-region: us-east-2 | |
| - name: Login to ECR Private | |
| id: login-ecr-private | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| with: | |
| registry-type: private | |
| - name: Set DOCKER_METADATA_OUTPUT_JSON environment variable public | |
| run: echo "DOCKER_METADATA_OUTPUT_JSON=$(echo '${{ toJson(steps.meta-public.outputs) }}' | tr '\n' ' ')" >> $GITHUB_ENV | |
| - name: Create manifest list and push to Public ECR | |
| working-directory: /tmp/digests-router/public | |
| run: | | |
| docker buildx imagetools create $((jq -r '.json' | jq -cr '.tags | map("-t " + .) | join(" ")') <<< "$DOCKER_METADATA_OUTPUT_JSON") \ | |
| $(printf '${{ env.PUBLIC_REGISTRY_IMAGE }}@sha256:%s ' *) | |
| - name: Set DOCKER_METADATA_OUTPUT_JSON environment variable private | |
| run: echo "DOCKER_METADATA_OUTPUT_JSON=$(echo '${{ toJson(steps.meta-private.outputs) }}' | tr '\n' ' ')" >> $GITHUB_ENV | |
| - name: Create manifest list and push to Private ECR | |
| working-directory: /tmp/digests-router/private | |
| run: | | |
| docker buildx imagetools create $((jq -r '.json' | jq -cr '.tags | map("-t " + .) | join(" ")') <<< "$DOCKER_METADATA_OUTPUT_JSON") \ | |
| $(printf '${{ env.PRIVATE_REGISTRY_IMAGE }}@sha256:%s ' *) | |
| - name: Inspect image | |
| run: | | |
| docker buildx imagetools inspect ${{ env.PUBLIC_REGISTRY_IMAGE }}:${{ steps.meta-public.outputs.version }} | |
| docker buildx imagetools inspect ${{ env.PRIVATE_REGISTRY_IMAGE }}:${{ steps.meta-private.outputs.version }} | |
| build-extension: | |
| needs: check-access | |
| if: github.event_name != 'pull_request' || !contains( github.event.pull_request.labels.*.name, 'USE-PUBLIC-IMAGES') | |
| env: | |
| REGISTRY_IMAGE: public.ecr.aws/pwrdrvr/lambda-dispatch-extension${{ github.event_name == 'pull_request' && '-dev' || '' }} | |
| strategy: | |
| matrix: | |
| include: | |
| - arch: x86_64 | |
| runner: ubuntu-latest | |
| platform: linux/amd64 | |
| build_arch: linux-x64 | |
| rust_target: x86_64-unknown-linux-musl | |
| - arch: aarch64 | |
| runner: ubuntu-latest | |
| platform: linux/arm64 | |
| build_arch: linux-arm64 | |
| rust_target: aarch64-unknown-linux-musl | |
| permissions: | |
| contents: read | |
| id-token: write | |
| runs-on: ${{ matrix.runner }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Install gcc musl cross-compiler | |
| uses: ./.github/actions/setup-gcc-musl-cross | |
| with: | |
| arch: ${{ matrix.arch }} | |
| - uses: moonrepo/setup-rust@v1 | |
| with: | |
| targets: ${{ matrix.rust_target }} | |
| cache-target: release | |
| - name: Build extension | |
| env: | |
| CC: ${{ matrix.arch }}-linux-musl-gcc | |
| run: | | |
| cargo build --release --target ${{ matrix.rust_target }} | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY_IMAGE }} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Configure AWS Credentials | |
| if: needs.check-access.outputs.has-token-access == 'true' | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-session-name: lambda-dispatch-ghpublic-build | |
| role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/builder-writeRole | |
| aws-region: us-east-1 | |
| - name: Login to ECR Public | |
| if: needs.check-access.outputs.has-token-access == 'true' | |
| id: login-ecr-public | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| with: | |
| registry-type: public | |
| - name: Build Lambda | |
| id: build | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ./DockerfileExtensionCross | |
| build-args: | | |
| ARCH=${{ matrix.arch }} | |
| TARGET_PLATFORM=${{ matrix.platform }} | |
| platforms: ${{ matrix.platform }} | |
| outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=${{ needs.check-access.outputs.has-token-access == 'true' }},name-canonical=true,push=${{ needs.check-access.outputs.has-token-access == 'true' }} | |
| - name: Export digest | |
| run: | | |
| mkdir -p /tmp/digests | |
| rm /tmp/digests/* || true | |
| digest="${{ steps.build.outputs.digest }}" | |
| touch "/tmp/digests/${digest#sha256:}" | |
| - name: Upload digest | |
| if: needs.check-access.outputs.has-token-access == 'true' | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: digests-extension | |
| path: /tmp/digests/* | |
| if-no-files-found: error | |
| retention-days: 1 | |
| merge-extension: | |
| if: needs.check-access.outputs.has-token-access == 'true' && (github.event_name != 'pull_request' || !contains( github.event.pull_request.labels.*.name, 'USE-PUBLIC-IMAGES')) | |
| env: | |
| REGISTRY_IMAGE: public.ecr.aws/pwrdrvr/lambda-dispatch-extension${{ github.event_name == 'pull_request' && '-dev' || '' }} | |
| runs-on: ubuntu-latest | |
| needs: | |
| - check-access | |
| - build-extension | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - name: Clear digests | |
| run: | | |
| rm -rf /tmp/digests/* || true | |
| - name: Download digests | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: digests-extension | |
| path: /tmp/digests | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY_IMAGE }} | |
| tags: | | |
| enable=${{ github.event_name == 'release' }},type=raw,value=latest | |
| type=ref,event=branch | |
| type=semver,pattern={{version}} | |
| type=ref,event=pr | |
| type=ref,event=pr,suffix=-{{sha}} | |
| labels: | | |
| org.opencontainers.image.source=${{ github.event.repository.html_url }} | |
| org.opencontainers.image.revision=${{ github.sha }} | |
| - name: Set DOCKER_METADATA_OUTPUT_JSON environment variable | |
| run: echo "DOCKER_METADATA_OUTPUT_JSON=$(echo '${{ toJson(steps.meta.outputs) }}' | tr '\n' ' ')" >> $GITHUB_ENV | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-session-name: lambda-dispatch-ghpublic-build | |
| role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/builder-writeRole | |
| aws-region: us-east-1 | |
| - name: Login to ECR Public | |
| id: login-ecr-public | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| with: | |
| registry-type: public | |
| - name: Create manifest list and push | |
| working-directory: /tmp/digests | |
| run: | | |
| docker buildx imagetools create $((jq -r '.json' | jq -cr '.tags | map("-t " + .) | join(" ")') <<< "$DOCKER_METADATA_OUTPUT_JSON") \ | |
| $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *) | |
| - name: Inspect image | |
| run: | | |
| docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }} | |
| build-demoapp: | |
| needs: | |
| - check-access | |
| - merge-extension | |
| runs-on: ubuntu-latest | |
| if: github.event_name != 'pull_request' || !contains( github.event.pull_request.labels.*.name, 'USE-PUBLIC-IMAGES') | |
| env: | |
| PUBLIC_REGISTRY_IMAGE: public.ecr.aws/pwrdrvr/lambda-dispatch-demo-app${{ github.event_name == 'pull_request' && '-dev' || '' }} | |
| PRIVATE_REGISTRY_IMAGE: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.us-east-2.amazonaws.com/lambda-dispatch-demo-app | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| ${{ env.PUBLIC_REGISTRY_IMAGE }} | |
| ${{ env.PRIVATE_REGISTRY_IMAGE }} | |
| tags: | | |
| enable=${{ github.event_name == 'release' }},type=raw,value=latest | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=semver,pattern={{version}} | |
| labels: | | |
| org.opencontainers.image.source=${{ github.event.repository.html_url }} | |
| org.opencontainers.image.revision=${{ github.sha }} | |
| - name: Get Git SHA | |
| id: git-sha | |
| run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT | |
| - name: Compute Versions | |
| id: version | |
| run: | | |
| if [ -n "${{ github.event.pull_request.number }}" ]; then | |
| IMAGE_TAG="pr-${{ github.event.pull_request.number }}" | |
| echo "imageTag=pr-${{ github.event.pull_request.number }}-${{ steps.git-sha.outputs.sha_short }}" >> $GITHUB_OUTPUT | |
| echo "PR_SUFFIX=-pr-"${{ github.event.pull_request.number }} >> $GITHUB_ENV | |
| else | |
| TAG_OR_BRANCH=$(echo $GITHUB_REF | sed -e 's|refs/tags/v||' -e 's|refs/heads/||') | |
| IMAGE_TAG="${TAG_OR_BRANCH}" | |
| echo "imageTag=${TAG_OR_BRANCH}" >> $GITHUB_OUTPUT | |
| echo "PR_SUFFIX=" >> $GITHUB_ENV | |
| fi | |
| echo "imageTagArm64=${IMAGE_TAG}-arm64" >> $GITHUB_OUTPUT | |
| echo "imageTagAmd64=${IMAGE_TAG}-amd64" >> $GITHUB_OUTPUT | |
| - name: Swap in tagged image name in the Dockerfile | |
| run: | | |
| sed -i "s|FROM lambda-dispatch-extension|FROM public.ecr.aws/pwrdrvr/lambda-dispatch-extension${{ github.event_name == 'pull_request' && '-dev' || '' }}:${{ steps.version.outputs.imageTag }}|g" ./DockerfileLambdaDemoApp | |
| - name: Configure AWS Credentials | |
| if: needs.check-access.outputs.has-token-access == 'true' | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-session-name: lambda-dispatch-ghpublic-build | |
| role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/builder-writeRole | |
| aws-region: us-east-1 | |
| - name: Login to ECR Public | |
| if: needs.check-access.outputs.has-token-access == 'true' | |
| id: login-ecr-public | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| with: | |
| registry-type: public | |
| - name: Configure AWS Credentials | |
| if: needs.check-access.outputs.has-token-access == 'true' | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-session-name: lambda-dispatch-ghpublic-build | |
| role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/builder-writeRole | |
| aws-region: us-east-2 | |
| - name: Login to ECR Private | |
| if: needs.check-access.outputs.has-token-access == 'true' | |
| id: login-ecr-private | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| with: | |
| registry-type: private | |
| - name: Build and push Docker image for arm64 | |
| run: | | |
| docker buildx build --platform linux/arm64 --file ./DockerfileLambdaDemoApp \ | |
| -t ${{ env.PRIVATE_REGISTRY_IMAGE }}:${{ steps.version.outputs.imageTagArm64 }} \ | |
| -t ${{ env.PRIVATE_REGISTRY_IMAGE }}:${{ steps.version.outputs.imageTagArm64 }}-${{ steps.git-sha.outputs.sha_short }} \ | |
| --load . | |
| docker push ${{ env.PRIVATE_REGISTRY_IMAGE }}:${{ steps.version.outputs.imageTagArm64 }} | |
| docker push ${{ env.PRIVATE_REGISTRY_IMAGE }}:${{ steps.version.outputs.imageTagArm64 }}-${{ steps.git-sha.outputs.sha_short }} | |
| docker buildx imagetools inspect ${{ env.PRIVATE_REGISTRY_IMAGE }}:${{ steps.version.outputs.imageTagArm64 }} | |
| docker buildx build --platform linux/arm64 --file ./DockerfileLambdaDemoApp \ | |
| -t ${{ env.PUBLIC_REGISTRY_IMAGE }}:${{ steps.version.outputs.imageTagArm64 }} \ | |
| --load . | |
| docker push ${{ env.PUBLIC_REGISTRY_IMAGE }}:${{ steps.version.outputs.imageTagArm64 }} | |
| docker buildx imagetools inspect ${{ env.PUBLIC_REGISTRY_IMAGE }}:${{ steps.version.outputs.imageTagArm64 }} | |
| - name: Build and push Docker image for amd64 | |
| run: | | |
| docker buildx build --platform linux/amd64 --file ./DockerfileLambdaDemoApp \ | |
| -t ${{ env.PRIVATE_REGISTRY_IMAGE }}:${{ steps.version.outputs.imageTagAmd64 }} \ | |
| -t ${{ env.PRIVATE_REGISTRY_IMAGE }}:${{ steps.version.outputs.imageTagAmd64 }}-${{ steps.git-sha.outputs.sha_short }} \ | |
| --load . | |
| docker push ${{ env.PRIVATE_REGISTRY_IMAGE }}:${{ steps.version.outputs.imageTagAmd64 }} | |
| docker push ${{ env.PRIVATE_REGISTRY_IMAGE }}:${{ steps.version.outputs.imageTagAmd64 }}-${{ steps.git-sha.outputs.sha_short }} | |
| docker buildx imagetools inspect ${{ env.PRIVATE_REGISTRY_IMAGE }}:${{ steps.version.outputs.imageTagAmd64 }} | |
| docker buildx build --platform linux/amd64 --file ./DockerfileLambdaDemoApp \ | |
| -t ${{ env.PUBLIC_REGISTRY_IMAGE }}:${{ steps.version.outputs.imageTagAmd64 }} \ | |
| --load . | |
| docker push ${{ env.PUBLIC_REGISTRY_IMAGE }}:${{ steps.version.outputs.imageTagAmd64 }} | |
| docker buildx imagetools inspect ${{ env.PUBLIC_REGISTRY_IMAGE }}:${{ steps.version.outputs.imageTagAmd64 }} | |
| # Also push multi-platform image | |
| # We do this because we can use it as a source with src/cdk-construct/DockerfileLambda | |
| # to push a lambda-compatible single-platform image using CDK without | |
| # having to get the platform-specific tag correct (we can use pr-123, main, or latest) | |
| - name: Build and push | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ./DockerfileLambdaDemoApp | |
| platforms: linux/amd64,linux/arm64 | |
| push: ${{ needs.check-access.outputs.has-token-access == 'true' }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| install-deps: | |
| needs: | |
| - build-demoapp | |
| - merge-router | |
| runs-on: ubuntu-latest | |
| if: ${{ !failure() && (needs.build-demoapp.result == 'skipped' || needs.build-demoapp.result == 'success') && (needs.merge-router.result == 'skipped' || needs.merge-router.result == 'success') }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: ./.github/actions/configure-nodejs | |
| with: | |
| lookup-only: 'true' # We only want to lookup from the cache - if a hit, this job does nothing | |
| deploy: | |
| needs: [install-deps] | |
| runs-on: ubuntu-latest | |
| environment: | |
| name: ghpublic | |
| url: https://lambdadispatch${{ steps.getDeployUrl.outputs.stack-url-suffix }}.ghpublic.pwrdrvr.com/ping | |
| permissions: | |
| id-token: write | |
| contents: read | |
| concurrency: | |
| group: deploy-${{ github.workflow }}-${{ github.event.pull_request.number }} | |
| cancel-in-progress: false | |
| outputs: | |
| stack-url-suffix: ${{ steps.getDeployUrl.outputs.stack-url-suffix }} | |
| url: https://lambdadispatch${{ steps.getDeployUrl.outputs.stack-url-suffix }}.ghpublic.pwrdrvr.com | |
| if: ${{ always() && needs.install-deps.result != 'failed' }} | |
| env: | |
| DEMO_APP_REGISTRY_IMAGE: public.ecr.aws/pwrdrvr/lambda-dispatch-demo-app${{ github.event_name == 'pull_request' && '-dev' || '' }} | |
| ROUTER_REGISTRY_IMAGE: public.ecr.aws/pwrdrvr/lambda-dispatch-router${{ github.event_name == 'pull_request' && '-dev' || '' }} | |
| IMAGE_TAG: ${{ github.event_name == 'pull_request' && 'pr-${{ github.event.pull_request.number }}' || 'latest' }} | |
| USE_PUBLIC_IMAGES: ${{ contains(github.event.pull_request.labels.*.name, 'USE-PUBLIC-IMAGES') && 'true' || 'false' }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-session-name: lambda-dispatch-ghpublic-build | |
| role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/builder-writeRole | |
| aws-region: us-east-2 | |
| - uses: ./.github/actions/configure-nodejs | |
| - name: Build CDK Stack | |
| run: | | |
| yarn build | |
| - name: Get Deploy URL | |
| id: getDeployUrl | |
| run: | | |
| if [ "${{ github.event_name }}" == "pull_request" ]; then | |
| echo stack-url-suffix="-pr-${{ github.event.pull_request.number }}" >> $GITHUB_OUTPUT | |
| else | |
| echo stack-url-suffix="" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Get Git SHA | |
| id: git-sha | |
| run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT | |
| - name: Deploy Stack | |
| env: | |
| PR_NUMBER: ${{ github.event.pull_request.number }} | |
| GIT_SHA_SHORT: ${{ steps.git-sha.outputs.sha_short }} | |
| run: | | |
| cd src/cdk-stack | |
| STACK_SUFFIX=${{ github.event_name == 'pull_request' && '-pr' || '' }} | |
| npx cdk deploy lambda-dispatch${STACK_SUFFIX} --require-approval never | |
| smoke-test: | |
| needs: [deploy] | |
| runs-on: ubuntu-latest | |
| if: ${{ always() && needs.deploy.result != 'failed' }} | |
| steps: | |
| - name: Smoke Test | |
| run: | | |
| if [ "${{ github.event_name }}" == "pull_request" ]; then | |
| STACK_SUFFIX="-pr-${{ github.event.pull_request.number }}" | |
| else | |
| STACK_SUFFIX="" | |
| fi | |
| BASE_URL="${{ needs.deploy.outputs.url }}" | |
| echo "Smoke testing ${BASE_URL}" | |
| for i in {1..5}; do | |
| curl ${BASE_URL}/ping | |
| done |