From ce56ec74b7aac901ed7a02efcd6477a74c1df763 Mon Sep 17 00:00:00 2001 From: Simon Thulbourn Date: Mon, 14 Oct 2024 11:13:30 +0000 Subject: [PATCH 1/2] fix: test command in verify step --- .github/workflows/layer_govcloud.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/layer_govcloud.yml b/.github/workflows/layer_govcloud.yml index c9750d6f837..4a25e2541e2 100644 --- a/.github/workflows/layer_govcloud.yml +++ b/.github/workflows/layer_govcloud.yml @@ -139,7 +139,7 @@ jobs: run: | REMOTE_SHA=$(aws --region us-gov-east-1 lambda get-layer-version-by-arn --arn arn:aws-us-gov:lambda:us-gov-east-1:${{ secrets.AWS_ACCOUNT_ID }}:layer:${{ matrix.layer }}-${{ matrix.arch }}:${{ inputs.version }} --query 'Content.CodeSha256' --output text) SHA=$(jq -r '.Content.CodeSha256' ${{ matrix.layer }}_${{ matrix.arch }}.json) - test $($REMOTE_SHA == $SHA && echo "SHA OK: ${SHA}" || exit 1 + test $REMOTE_SHA == $SHA && echo "SHA OK: ${SHA}" || exit 1 copy_west: name: Copy (West) @@ -200,4 +200,4 @@ jobs: run: | REMOTE_SHA=$(aws --region us-gov-west-1 lambda get-layer-version-by-arn --arn arn:aws-us-gov:lambda:us-gov-west-1:${{ secrets.AWS_ACCOUNT_ID }}:layer:${{ matrix.layer }}-${{ matrix.arch }}:${{ inputs.version }} --query 'Content.CodeSha256' --output text) SHA=$(jq -r '.Content.CodeSha256' ${{ matrix.layer }}_${{ matrix.arch }}.json) - test $($REMOTE_SHA == $SHA && echo "SHA OK: ${SHA}" || exit 1 \ No newline at end of file + test $REMOTE_SHA == $SHA && echo "SHA OK: ${SHA}" || exit 1 \ No newline at end of file From 6ca760c0146af8956fc724a499c62a7861ffb8fc Mon Sep 17 00:00:00 2001 From: Simon Thulbourn Date: Mon, 14 Oct 2024 12:05:10 +0000 Subject: [PATCH 2/2] fix: remove xargs from create-layer and replace with env var --- .github/workflows/layer_govcloud.yml | 51 +++++++++++++++++----------- 1 file changed, 32 insertions(+), 19 deletions(-) diff --git a/.github/workflows/layer_govcloud.yml b/.github/workflows/layer_govcloud.yml index 4a25e2541e2..43c5961bd4b 100644 --- a/.github/workflows/layer_govcloud.yml +++ b/.github/workflows/layer_govcloud.yml @@ -120,24 +120,30 @@ jobs: aws-region: us-gov-east-1 mask-aws-account-id: true - name: Create Layer + id: create-layer run: | - aws --region us-gov-east-1 lambda publish-layer-version \ + LAYER_VERSION=$(aws --region us-gov-east-1 lambda publish-layer-version \ --layer-name ${{ matrix.layer }}-${{ matrix.arch }} \ --zip-file fileb://./${{ matrix.layer }}_${{ matrix.arch }}.zip \ --compatible-runtimes $(jq -r ".CompatibleRuntimes[0]" ${{ matrix.layer }}_${{ matrix.arch }}.json) \ --compatible-architectures $(jq -r ".CompatibleArchitectures[0]" ${{ matrix.layer }}_${{ matrix.arch }}.json) \ --license-info "MIT-0" \ --description "$(jq -r '.Description' ${{ matrix.layer }}_${{ matrix.arch }}.json)" \ - --query 'Version' | \ - xargs aws --region us-gov-east-1 lambda add-layer-version-permission \ - --layer-name ${{ matrix.layer }}-${{ matrix.arch }} \ - --statement-id 'PublicLayer' \ - --action lambda:GetLayerVersion \ - --principal '*' \ - --version-number + --query 'Version' \ + --output text) + echo "LAYER_VERSION=$LAYER_VERSION" >> "$GITHUB_OUTPUT" + + aws --region us-gov-east-1 lambda add-layer-version-permission \ + --layer-name ${{ matrix.layer }}-${{ matrix.arch }} \ + --statement-id 'PublicLayer' \ + --action lambda:GetLayerVersion \ + --principal '*' \ + --version-number $LAYER_VERSION - name: Verify Layer + env: + LAYER_VERSION: ${{ steps.create-layer.outputs.LAYER_VERSION }} run: | - REMOTE_SHA=$(aws --region us-gov-east-1 lambda get-layer-version-by-arn --arn arn:aws-us-gov:lambda:us-gov-east-1:${{ secrets.AWS_ACCOUNT_ID }}:layer:${{ matrix.layer }}-${{ matrix.arch }}:${{ inputs.version }} --query 'Content.CodeSha256' --output text) + REMOTE_SHA=$(aws --region us-gov-east-1 lambda get-layer-version-by-arn --arn arn:aws-us-gov:lambda:us-gov-east-1:${{ secrets.AWS_ACCOUNT_ID }}:layer:${{ matrix.layer }}-${{ matrix.arch }}:${{ env.LAYER_VERSION }} --query 'Content.CodeSha256' --output text) SHA=$(jq -r '.Content.CodeSha256' ${{ matrix.layer }}_${{ matrix.arch }}.json) test $REMOTE_SHA == $SHA && echo "SHA OK: ${SHA}" || exit 1 @@ -181,23 +187,30 @@ jobs: aws-region: us-gov-west-1 mask-aws-account-id: true - name: Create Layer + id: create-layer run: | - aws --region us-gov-west-1 lambda publish-layer-version \ + LAYER_VERSION=$(aws --region us-gov-west-1 lambda publish-layer-version \ --layer-name ${{ matrix.layer }}-${{ matrix.arch }} \ --zip-file fileb://./${{ matrix.layer }}_${{ matrix.arch }}.zip \ --compatible-runtimes $(jq -r ".CompatibleRuntimes[0]" ${{ matrix.layer }}_${{ matrix.arch }}.json) \ --compatible-architectures $(jq -r ".CompatibleArchitectures[0]" ${{ matrix.layer }}_${{ matrix.arch }}.json) \ --license-info "MIT-0" \ --description "$(jq -r '.Description' ${{ matrix.layer }}_${{ matrix.arch }}.json)" \ - --query 'Version' | \ - xargs aws --region us-gov-west-1 lambda add-layer-version-permission \ - --layer-name ${{ matrix.layer }}-${{ matrix.arch }} \ - --statement-id 'PublicLayer' \ - --action lambda:GetLayerVersion \ - --principal '*' \ - --version-number + --query 'Version' \ + --output text) + + echo "LAYER_VERSION=$LAYER_VERSION" >> "$GITHUB_OUTPUT" + + aws --region us-gov-west-1 lambda add-layer-version-permission \ + --layer-name ${{ matrix.layer }}-${{ matrix.arch }} \ + --statement-id 'PublicLayer' \ + --action lambda:GetLayerVersion \ + --principal '*' \ + --version-number $LAYER_VERSION - name: Verify Layer + env: + LAYER_VERSION: ${{ steps.create-layer.outputs.LAYER_VERSION }} run: | - REMOTE_SHA=$(aws --region us-gov-west-1 lambda get-layer-version-by-arn --arn arn:aws-us-gov:lambda:us-gov-west-1:${{ secrets.AWS_ACCOUNT_ID }}:layer:${{ matrix.layer }}-${{ matrix.arch }}:${{ inputs.version }} --query 'Content.CodeSha256' --output text) + REMOTE_SHA=$(aws --region us-gov-west-1 lambda get-layer-version-by-arn --arn arn:aws-us-gov:lambda:us-gov-west-1:${{ secrets.AWS_ACCOUNT_ID }}:layer:${{ matrix.layer }}-${{ matrix.arch }}:${{ env.LAYER_VERSION }} --query 'Content.CodeSha256' --output text) SHA=$(jq -r '.Content.CodeSha256' ${{ matrix.layer }}_${{ matrix.arch }}.json) - test $REMOTE_SHA == $SHA && echo "SHA OK: ${SHA}" || exit 1 \ No newline at end of file + test $REMOTE_SHA == $SHA && echo "SHA OK: ${SHA}" || exit 1