fix(ci): fix examples workflow layer injection, permissions, and deno… #5
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Merge | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths-ignore: | |
| - "docs/**" | |
| - "examples/**" | |
| permissions: | |
| id-token: write | |
| contents: read | |
| env: | |
| CARGO_TERM_COLOR: always | |
| SAM_TEMPLATE_X86_64: template-x86_64.yaml | |
| SAM_TEMPLATE_ARM64: template-arm64.yaml | |
| GITHUB_RUNNER_ROLE: arn:aws:iam::621808641063:role/GitHubRunnerRole | |
| BETA_STACK_NAME: lambda-adapter-beta | |
| BETA_PIPELINE_EXECUTION_ROLE: arn:aws:iam::477159140107:role/aws-sam-cli-managed-beta-pip-PipelineExecutionRole-13NXRWTRTHDCJ | |
| BETA_CLOUDFORMATION_EXECUTION_ROLE: arn:aws:iam::477159140107:role/aws-sam-cli-managed-beta-CloudFormationExecutionR-132I77VBFOWQ2 | |
| BETA_ARTIFACTS_BUCKET: aws-sam-cli-managed-beta-pipeline-artifactsbucket-889nlo0z1nt0 | |
| BETA_IMAGE_REPOSITORY: 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com/aws-sam-cli-managed-beta-pipeline-resources-imagerepository-0hbn3hxi9pcm | |
| BETA_REGION: ap-northeast-1 | |
| RUST_BACKTRACE: full | |
| jobs: | |
| test: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout sources | |
| uses: actions/checkout@v4 | |
| - name: Configure Rust cache | |
| uses: Swatinem/rust-cache@v2 | |
| - name: Install cargo-nextest | |
| run: curl -LsSf https://get.nexte.st/latest/linux | tar zxf - -C ${CARGO_HOME:-~/.cargo}/bin | |
| - name: linting | |
| run: | | |
| cargo fmt --all -- --check | |
| cargo clippy -- -Dwarnings | |
| - name: run unit and integration tests | |
| run: cargo nextest run --profile ci | |
| build: | |
| needs: [test] | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v4 | |
| with: | |
| python-version: "3.13" | |
| - uses: aws-actions/setup-sam@v2 | |
| with: | |
| use-installer: true | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Install stable toolchain | |
| run: | | |
| rustup target add x86_64-unknown-linux-musl | |
| rustup target add aarch64-unknown-linux-musl | |
| - name: Install cargo lambda | |
| run: pip3 install cargo-lambda | |
| - name: Configure Rust cache | |
| uses: Swatinem/rust-cache@v2 | |
| - name: Add cargo pkg version to env vars | |
| run: | | |
| echo "CARGO_PKG_VERSION=$(cargo metadata --no-deps --format-version=1 | jq -r '.packages[0].version')" >> $GITHUB_ENV | |
| - name: Build x86_64 Layer | |
| run: sam build --template ${SAM_TEMPLATE_X86_64} --parameter-overrides CargoPkgVersion=${CARGO_PKG_VERSION} -b build-x86_64 | |
| - name: Tar files | |
| run: tar -cvf build-x86_64.tar build-x86_64 | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: aws-sam-build-x86_64 | |
| path: build-x86_64.tar | |
| - name: Build arm64 Layer | |
| run: sam build --template ${SAM_TEMPLATE_ARM64} --parameter-overrides CargoPkgVersion=${CARGO_PKG_VERSION} -b build-arm64 | |
| - name: Tar files | |
| run: tar -cvf build-arm64.tar build-arm64 | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: aws-sam-build-arm64 | |
| path: build-arm64.tar | |
| package-beta: | |
| needs: [build] | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v4 | |
| with: | |
| python-version: "3.13" | |
| - uses: aws-actions/setup-sam@v2 | |
| with: | |
| use-installer: true | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Assume the github runner role | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: ${{ env.BETA_REGION }} | |
| role-to-assume: ${{ env.GITHUB_RUNNER_ROLE }} | |
| - name: Assume the beta pipeline user role | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} | |
| aws-session-token: ${{ env.AWS_SESSION_TOKEN }} | |
| role-skip-session-tagging: true | |
| aws-region: ${{ env.BETA_REGION }} | |
| role-to-assume: ${{ env.BETA_PIPELINE_EXECUTION_ROLE }} | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: aws-sam-build-x86_64 | |
| - name: extract build_x86_64 | |
| run: | | |
| tar -xvf build-x86_64.tar | |
| - name: Upload x86_64 layer to beta artifact buckets | |
| run: | | |
| sam package \ | |
| --template build-x86_64/template.yaml \ | |
| --s3-bucket ${BETA_ARTIFACTS_BUCKET} \ | |
| --image-repository ${BETA_IMAGE_REPOSITORY} \ | |
| --region ${BETA_REGION} \ | |
| --output-template-file packaged-beta-x86_64.yaml | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: packaged-beta-x86_64.yaml | |
| path: packaged-beta-x86_64.yaml | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: aws-sam-build-arm64 | |
| - name: extract build_arm64 | |
| run: | | |
| tar -xvf build-arm64.tar | |
| - name: Upload arm64 layer to beta artifact buckets | |
| run: | | |
| sam package \ | |
| --template build-arm64/template.yaml \ | |
| --s3-bucket ${BETA_ARTIFACTS_BUCKET} \ | |
| --image-repository ${BETA_IMAGE_REPOSITORY} \ | |
| --region ${BETA_REGION} \ | |
| --output-template-file packaged-beta-arm64.yaml | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: packaged-beta-arm64.yaml | |
| path: packaged-beta-arm64.yaml | |
| - name: Create and push the x86_64 docker image to beta ecr repo | |
| run: | | |
| aws ecr get-login-password --region ap-northeast-1 | docker login --username AWS --password-stdin 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com | |
| printf 'FROM scratch\nADD build-x86_64/LambdaAdapterLayerX86/extensions/. /\n' | docker build --provenance=false --platform=linux/amd64 -t 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com/awsguru/aws-lambda-adapter:latest-x86_64 -f- . | |
| docker push 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com/awsguru/aws-lambda-adapter:latest-x86_64 | |
| - name: Create and push the arm64 docker image to beta ecr repo | |
| run: | | |
| printf 'FROM scratch\nADD build-arm64/LambdaAdapterLayerArm64/extensions/. /\n' | docker build --provenance=false --platform=linux/arm64 -t 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com/awsguru/aws-lambda-adapter:latest-aarch64 -f- . | |
| docker push 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com/awsguru/aws-lambda-adapter:latest-aarch64 | |
| - name: create and push the multi-arch manifest to beta ecr repo | |
| run: | | |
| docker manifest create 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com/awsguru/aws-lambda-adapter:latest \ | |
| 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com/awsguru/aws-lambda-adapter:latest-x86_64 \ | |
| 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com/awsguru/aws-lambda-adapter:latest-aarch64 | |
| docker manifest push 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com/awsguru/aws-lambda-adapter:latest | |
| deploy-beta: | |
| needs: [package-beta] | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v4 | |
| with: | |
| python-version: "3.13" | |
| - uses: aws-actions/setup-sam@v2 | |
| with: | |
| use-installer: true | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Assume the github runner role | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: ${{ env.BETA_REGION }} | |
| role-to-assume: ${{ env.GITHUB_RUNNER_ROLE }} | |
| - name: Assume the beta pipeline user role | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} | |
| aws-session-token: ${{ env.AWS_SESSION_TOKEN }} | |
| role-skip-session-tagging: true | |
| aws-region: ${{ env.BETA_REGION }} | |
| role-to-assume: ${{ env.BETA_PIPELINE_EXECUTION_ROLE }} | |
| - name: Add cargo pkg version to env vars | |
| run: | | |
| echo "CARGO_PKG_VERSION=$(cargo metadata --no-deps --format-version=1 | jq -r '.packages[0].version')" >> $GITHUB_ENV | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: packaged-beta-x86_64.yaml | |
| - name: Deploy x86_64 layer to beta account | |
| run: | | |
| sam deploy --stack-name ${BETA_STACK_NAME}-x86 \ | |
| --template packaged-beta-x86_64.yaml \ | |
| --parameter-overrides CargoPkgVersion=${CARGO_PKG_VERSION} \ | |
| --capabilities CAPABILITY_IAM \ | |
| --region ${BETA_REGION} \ | |
| --s3-bucket ${BETA_ARTIFACTS_BUCKET} \ | |
| --image-repository ${BETA_IMAGE_REPOSITORY} \ | |
| --no-fail-on-empty-changeset \ | |
| --role-arn ${BETA_CLOUDFORMATION_EXECUTION_ROLE} | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: packaged-beta-arm64.yaml | |
| - name: Deploy arm64 layer to beta account | |
| run: | | |
| sam deploy --stack-name ${BETA_STACK_NAME}-arm64 \ | |
| --template packaged-beta-arm64.yaml \ | |
| --parameter-overrides CargoPkgVersion=${CARGO_PKG_VERSION} \ | |
| --capabilities CAPABILITY_IAM \ | |
| --region ${BETA_REGION} \ | |
| --s3-bucket ${BETA_ARTIFACTS_BUCKET} \ | |
| --image-repository ${BETA_IMAGE_REPOSITORY} \ | |
| --no-fail-on-empty-changeset \ | |
| --role-arn ${BETA_CLOUDFORMATION_EXECUTION_ROLE} | |
| e2e-test-zip: | |
| needs: [deploy-beta] | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install stable toolchain | |
| run: | | |
| rustup target add x86_64-unknown-linux-musl | |
| - name: Install cargo lambda | |
| run: pip3 install cargo-lambda | |
| - name: Configure Rust cache | |
| uses: Swatinem/rust-cache@v2 | |
| - name: Install cargo-nextest | |
| run: curl -LsSf https://get.nexte.st/latest/linux | tar zxf - -C ${CARGO_HOME:-~/.cargo}/bin | |
| - uses: actions/setup-python@v4 | |
| with: | |
| python-version: "3.13" | |
| - uses: aws-actions/setup-sam@v2 | |
| with: | |
| use-installer: true | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Assume the github runner role | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: ${{ env.BETA_REGION }} | |
| role-to-assume: ${{ env.GITHUB_RUNNER_ROLE }} | |
| - name: Assume the beta pipeline user role | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} | |
| aws-session-token: ${{ env.AWS_SESSION_TOKEN }} | |
| role-skip-session-tagging: true | |
| aws-region: ${{ env.BETA_REGION }} | |
| role-to-assume: ${{ env.BETA_PIPELINE_EXECUTION_ROLE }} | |
| - name: deploy the zip x86 integration test stacks for the beta environment | |
| working-directory: ./tests/e2e_tests/fixtures/go-httpbin-zip | |
| run: | | |
| sam build | |
| sam deploy --stack-name ${BETA_STACK_NAME}-zip-x86 \ | |
| --capabilities CAPABILITY_IAM \ | |
| --region ${BETA_REGION} \ | |
| --s3-bucket ${BETA_ARTIFACTS_BUCKET} \ | |
| --image-repository ${BETA_IMAGE_REPOSITORY} \ | |
| --no-fail-on-empty-changeset \ | |
| --role-arn ${BETA_CLOUDFORMATION_EXECUTION_ROLE} | |
| - name: run e2e tests | |
| run: | | |
| API_ENDPOINT=https://httpbin-rest-zip.beta.adapter.awsguru.dev/ API_AUTH_TYPE="open" cargo nextest run --run-ignored ignored-only --profile ci | |
| API_ENDPOINT=https://httpbin-http-zip.beta.adapter.awsguru.dev/ API_AUTH_TYPE="open" cargo nextest run --run-ignored ignored-only --profile ci | |
| API_ENDPOINT=https://httpbin-alb-zip.beta.adapter.awsguru.dev/ API_AUTH_TYPE="open" cargo nextest run --run-ignored ignored-only --profile ci | |
| API_ENDPOINT=https://c26abn6izvm4xvbfs5baaflifm0hqvsn.lambda-url.ap-northeast-1.on.aws/ API_AUTH_TYPE="iam" cargo nextest run --run-ignored ignored-only --profile ci | |
| e2e-test-oci: | |
| needs: [deploy-beta] | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install stable toolchain | |
| run: | | |
| rustup target add x86_64-unknown-linux-musl | |
| - name: Install cargo lambda | |
| run: pip3 install cargo-lambda | |
| - name: Configure Rust cache | |
| uses: Swatinem/rust-cache@v2 | |
| - name: Install cargo-nextest | |
| run: curl -LsSf https://get.nexte.st/latest/linux | tar zxf - -C ${CARGO_HOME:-~/.cargo}/bin | |
| - uses: actions/setup-python@v4 | |
| with: | |
| python-version: "3.13" | |
| - uses: aws-actions/setup-sam@v2 | |
| with: | |
| use-installer: true | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Assume the github runner role | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: ${{ env.BETA_REGION }} | |
| role-to-assume: ${{ env.GITHUB_RUNNER_ROLE }} | |
| - name: Assume the beta pipeline user role | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} | |
| aws-session-token: ${{ env.AWS_SESSION_TOKEN }} | |
| role-skip-session-tagging: true | |
| aws-region: ${{ env.BETA_REGION }} | |
| role-to-assume: ${{ env.BETA_PIPELINE_EXECUTION_ROLE }} | |
| - name: deploy the oci x86 integration test stacks for the beta environment | |
| working-directory: ./tests/e2e_tests/fixtures/go-httpbin | |
| run: | | |
| aws ecr get-login-password --region ap-northeast-1 | docker login --username AWS --password-stdin 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com | |
| sam build | |
| sam deploy --stack-name ${BETA_STACK_NAME}-oci-x86 \ | |
| --capabilities CAPABILITY_IAM \ | |
| --region ${BETA_REGION} \ | |
| --s3-bucket ${BETA_ARTIFACTS_BUCKET} \ | |
| --image-repository ${BETA_IMAGE_REPOSITORY} \ | |
| --no-fail-on-empty-changeset \ | |
| --role-arn ${BETA_CLOUDFORMATION_EXECUTION_ROLE} | |
| - name: run e2e tests | |
| run: | | |
| API_ENDPOINT=https://httpbin-rest-oci.beta.adapter.awsguru.dev/ API_AUTH_TYPE="open" cargo nextest run --run-ignored ignored-only --profile ci | |
| API_ENDPOINT=https://httpbin-http-oci.beta.adapter.awsguru.dev/ API_AUTH_TYPE="open" cargo nextest run --run-ignored ignored-only --profile ci | |
| API_ENDPOINT=https://httpbin-alb-oci.beta.adapter.awsguru.dev/ API_AUTH_TYPE="open" cargo nextest run --run-ignored ignored-only --profile ci | |
| API_ENDPOINT=https://3w6rb56t3lzefztvndn4zg3xru0taszm.lambda-url.ap-northeast-1.on.aws/ API_AUTH_TYPE="iam" cargo nextest run --run-ignored ignored-only --profile ci |