From 2d73675283b53d3f44fbd024df443298c81a87ff Mon Sep 17 00:00:00 2001
From: Leandro Damascena <lcdama@amazon.pt>
Date: Fri, 14 Feb 2025 17:41:31 +0000
Subject: [PATCH 1/7] Enabling SAR deployment

---
 .github/workflows/publish_v3_layer.yml       | 62 ++++++++++----------
 .github/workflows/reusable_deploy_v3_sar.yml |  6 +-
 2 files changed, 33 insertions(+), 35 deletions(-)

diff --git a/.github/workflows/publish_v3_layer.yml b/.github/workflows/publish_v3_layer.yml
index 90805f9434e..a935101c28c 100644
--- a/.github/workflows/publish_v3_layer.yml
+++ b/.github/workflows/publish_v3_layer.yml
@@ -195,41 +195,39 @@ jobs:
       source_code_artifact_name: ${{ inputs.source_code_artifact_name }}
       source_code_integrity_hash: ${{ inputs.source_code_integrity_hash }}
 
-  # UNCOMMENT sar-beta JOB
-  #sar-beta:
-  #  needs: beta  # canaries run on Layer Beta env
-  #  permissions:
+  sar-beta:
+    needs: beta  # canaries run on Layer Beta env
+    permissions:
       # lower privilege propagated from parent workflow (release.yml)
-  #    id-token: write
-  #    contents: read
-  #    pull-requests: none
-  #    pages: none
-  #  uses: ./.github/workflows/reusable_deploy_v3_sar.yml
-  #  secrets: inherit
-  #  with:
-  #    stage: "BETA"
-  #    environment: "layer-beta"
-  #    package-version: ${{ inputs.latest_published_version }}
-  #    source_code_artifact_name: ${{ inputs.source_code_artifact_name }}
-  #    source_code_integrity_hash: ${{ inputs.source_code_integrity_hash }}
+      id-token: write
+      contents: read
+      pull-requests: none
+      pages: none
+    uses: ./.github/workflows/reusable_deploy_v3_sar.yml
+    secrets: inherit
+    with:
+      stage: "BETA"
+      environment: "layer-beta"
+      package-version: ${{ inputs.latest_published_version }}
+      source_code_artifact_name: ${{ inputs.source_code_artifact_name }}
+      source_code_integrity_hash: ${{ inputs.source_code_integrity_hash }}
 
-  # UNCOMMENT sar-prod JOB
-  #sar-prod:
-  #  needs: sar-beta
-  #  permissions:
+  sar-prod:
+    needs: sar-beta
+    permissions:
       # lower privilege propagated from parent workflow (release.yml)
-  #    id-token: write
-  #    contents: read
-  #    pull-requests: none
-  #    pages: none
-  #  uses: ./.github/workflows/reusable_deploy_v3_sar.yml
-  #  secrets: inherit
-  #  with:
-  #    stage: "PROD"
-  #    environment: "layer-prod"
-  #    package-version: ${{ inputs.latest_published_version }}
-  #    source_code_artifact_name: ${{ inputs.source_code_artifact_name }}
-  #    source_code_integrity_hash: ${{ inputs.source_code_integrity_hash }}
+      id-token: write
+      contents: read
+      pull-requests: none
+      pages: none
+    uses: ./.github/workflows/reusable_deploy_v3_sar.yml
+    secrets: inherit
+    with:
+      stage: "PROD"
+      environment: "layer-prod"
+      package-version: ${{ inputs.latest_published_version }}
+      source_code_artifact_name: ${{ inputs.source_code_artifact_name }}
+      source_code_integrity_hash: ${{ inputs.source_code_integrity_hash }}
 
 
   # Updating the documentation with the latest Layer ARNs is a two-phase process
diff --git a/.github/workflows/reusable_deploy_v3_sar.yml b/.github/workflows/reusable_deploy_v3_sar.yml
index 977bc32aa64..f6dd1c3a88f 100644
--- a/.github/workflows/reusable_deploy_v3_sar.yml
+++ b/.github/workflows/reusable_deploy_v3_sar.yml
@@ -135,8 +135,7 @@ jobs:
         env:
           VERSION: ${{ inputs.package-version }}
         run: |
-          # VERSION="${VERSION/a/-a}"
-          VERSION="3.0.0"
+          VERSION="${VERSION/a/-a}"
           echo "VERSION=${VERSION}" >> "$GITHUB_OUTPUT"
       - name: Prepare SAR App
         env:
@@ -149,7 +148,7 @@ jobs:
 
           # fill in the SAR SAM template
           sed \
-            -e "s|<VERSION>|${VERSION}|g" \
+            -e "s|<VERSION>|${{ env.VERSION }}|g" \
             -e "s/<SAR_APP_NAME>/${{ env.SAR_NAME }}/g" \
             -e "s|<LAYER_CONTENT_PATH>|./cdk.out/$asset|g" \
             -e "s|<PYTHON_RUNTIME>|${{ matrix.python-version }}|g" \
@@ -165,6 +164,7 @@ jobs:
 
           # Package the SAR to our SAR S3 bucket, and publish it
           sam package --template-file template.yml --output-template-file packaged.yml --s3-bucket ${{ secrets.AWS_SAR_S3_BUCKET_V3 }}
+          cat packaged.yml
           sam publish --template packaged.yml --region "$AWS_REGION"
       - name: Deploy BETA canary
         if: ${{ inputs.stage == 'BETA' }}

From 7429f843999fbcb64e1766a9f9a2a57a4fed0b06 Mon Sep 17 00:00:00 2001
From: Leandro Damascena <lcdama@amazon.pt>
Date: Fri, 14 Feb 2025 17:48:06 +0000
Subject: [PATCH 2/7] Enabling SAR deployment

---
 docs/index.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/index.md b/docs/index.md
index 4ab5b89a701..dca40290d0a 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -238,8 +238,8 @@ You can install Powertools for AWS Lambda (Python) using your favorite dependenc
 
     | App                                                                                                                                                                                 |     |     | ARN                                                                                                                           |
     | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --- | --- | ----------------------------------------------------------------------------------------------------------------------------- |
-    | [**aws-lambda-powertools-python-layer**](https://serverlessrepo.aws.amazon.com/applications/eu-west-1/057560766410/aws-lambda-powertools-python-layer){target="_blank"}             |     |     | __arn:aws:serverlessrepo:eu-west-1:057560766410:applications/aws-lambda-powertools-python-layer__{: .copyMe}:clipboard:       |
-    | [**aws-lambda-powertools-python-layer-arm64**](https://serverlessrepo.aws.amazon.com/applications/eu-west-1/057560766410/aws-lambda-powertools-python-layer-arm64){target="_blank"} |     |     | __arn:aws:serverlessrepo:eu-west-1:057560766410:applications/aws-lambda-powertools-python-layer-arm64__{: .copyMe}:clipboard: |
+    | [**aws-lambda-powertools-python-layer-v3**](https://serverlessrepo.aws.amazon.com/applications/eu-west-1/057560766410/aws-lambda-powertools-python-layer){target="_blank"}             |     |     | __arn:aws:serverlessrepo:eu-west-1:057560766410:applications/aws-lambda-powertools-python-layer__{: .copyMe}:clipboard:       |
+    | [**aws-lambda-powertools-python-layer-arm64-v3**](https://serverlessrepo.aws.amazon.com/applications/eu-west-1/057560766410/aws-lambda-powertools-python-layer-arm64){target="_blank"} |     |     | __arn:aws:serverlessrepo:eu-west-1:057560766410:applications/aws-lambda-powertools-python-layer-arm64__{: .copyMe}:clipboard: |
 
     ??? question "Don't have enough permissions? Expand for a least-privilege IAM policy example"
 

From b4a5321b7578639ca6cc79ad4f625e227c634371 Mon Sep 17 00:00:00 2001
From: Leandro Damascena <lcdama@amazon.pt>
Date: Wed, 26 Feb 2025 15:26:03 +0000
Subject: [PATCH 3/7] Making SAR version works as expected

---
 .github/workflows/reusable_deploy_v3_sar.yml | 20 +++++++++-----------
 1 file changed, 9 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/reusable_deploy_v3_sar.yml b/.github/workflows/reusable_deploy_v3_sar.yml
index f6dd1c3a88f..7dc99865c47 100644
--- a/.github/workflows/reusable_deploy_v3_sar.yml
+++ b/.github/workflows/reusable_deploy_v3_sar.yml
@@ -130,25 +130,23 @@ jobs:
           ARCH_NAME=$(echo ${{ matrix.architecture }} | tr -d '_')
           SAR_NAME="${SAR_NAME}-python${{env.PYTHON_VERSION}}-${ARCH_NAME}"
           echo SAR_NAME="${SAR_NAME}" >> "$GITHUB_ENV"
-      - name: Normalize semantic version
-        id: semantic-version # v2.0.0a0 -> v2.0.0-a0
-        env:
-          VERSION: ${{ inputs.package-version }}
-        run: |
-          VERSION="${VERSION/a/-a}"
-          echo "VERSION=${VERSION}" >> "$GITHUB_OUTPUT"
       - name: Prepare SAR App
-        env:
-          VERSION: ${{ steps.semantic-version.outputs.VERSION }}
         run: |
           # From the generated LayerStack cdk.out artifact, find the layer asset path for the correct architecture.
           # We'll use this as the source directory of our SAR. This way we are re-using the same layer asset for our SAR.
           PYTHON_VERSION=$(echo ${{ matrix.python-version }} | tr -d '.')
-          asset=$(jq -jc '.Resources[] | select(.Properties.CompatibleArchitectures == ["${{ matrix.architecture }}"]) | .Metadata."aws:asset:path"' "cdk.out/LayerV3Stack-python${PYTHON_VERSION}.template.json")
+          asset_cdk=$(jq -jc '.Resources[] | select(.Properties.CompatibleArchitectures == ["${{ matrix.architecture }}"]) | .Metadata."aws:asset:path"' "cdk.out/LayerV3Stack-python${PYTHON_VERSION}.template.json")
+
+          echo "Normalizing the asset variable"
+          asset=$(echo $asset_cdk | sed -E 's/^(asset\.[^.]+).*\1/\1/')
+
+          VERSION=$(echo ${{ inputs.package-version }} | sed 's/^v//')
+          echo $asset
+          echo $VERSION
 
           # fill in the SAR SAM template
           sed \
-            -e "s|<VERSION>|${{ env.VERSION }}|g" \
+            -e "s|<VERSION>|${VERSION}|g" \
             -e "s/<SAR_APP_NAME>/${{ env.SAR_NAME }}/g" \
             -e "s|<LAYER_CONTENT_PATH>|./cdk.out/$asset|g" \
             -e "s|<PYTHON_RUNTIME>|${{ matrix.python-version }}|g" \

From 1fd4e7a541c45f2ad8f760cb6dba0d7f5cfb175e Mon Sep 17 00:00:00 2001
From: Leandro Damascena <lcdama@amazon.pt>
Date: Wed, 26 Feb 2025 15:48:57 +0000
Subject: [PATCH 4/7] Making SAR version works as expected

---
 .github/workflows/publish_v3_layer.yml | 12 ++++++++++++
 .github/workflows/release-v3.yml       |  6 ++++++
 docs/index.md                          |  4 ++--
 3 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/publish_v3_layer.yml b/.github/workflows/publish_v3_layer.yml
index 2244324d48b..6671aa8b16b 100644
--- a/.github/workflows/publish_v3_layer.yml
+++ b/.github/workflows/publish_v3_layer.yml
@@ -49,6 +49,11 @@ on:
         default: false
         type: boolean
         required: false
+      skip_lambda_layer:
+        description: "Skip publishing Lambda Layers as it can't publish more than once. Useful for semi-failed releases"
+        type: boolean
+        required: false
+
   workflow_call:
     inputs:
       latest_published_version:
@@ -72,6 +77,11 @@ on:
         description: "Sealed source code integrity hash"
         type: string
         required: true
+      skip_lambda_layer:
+        description: "Skip publishing Lambda Layers as it can't publish more than once. Useful for semi-failed releases"
+        default: false
+        type: boolean
+        required: false
 
 permissions:
   contents: read
@@ -164,6 +174,7 @@ jobs:
           path: layer_v3/cdk.py${{ matrix.python-version }}.out.zip
 
   beta:
+    if: ${{ !inputs.skip_lambda_layer }}
     needs: build-layer
     # lower privilege propagated from parent workflow (release-v3.yml)
     permissions:
@@ -180,6 +191,7 @@ jobs:
       source_code_integrity_hash: ${{ inputs.source_code_integrity_hash }}
 
   prod:
+    if: ${{ !inputs.skip_lambda_layer }}
     needs: beta
     # lower privilege propagated from parent workflow (release-v3.yml)
     permissions:
diff --git a/.github/workflows/release-v3.yml b/.github/workflows/release-v3.yml
index 8d2ba92bc57..4c2d5958f08 100644
--- a/.github/workflows/release-v3.yml
+++ b/.github/workflows/release-v3.yml
@@ -48,6 +48,11 @@ on:
         default: false
         type: boolean
         required: false
+      skip_lambda_layer:
+        description: "Skip publishing Lambda Layers as it can't publish more than once. Useful for semi-failed releases"
+        default: false
+        type: boolean
+        required: false
       skip_code_quality:
         description: "Skip tests, linting, and baseline. Only use if release fail for reasons beyond our control and you need a quick release."
         default: false
@@ -350,6 +355,7 @@ jobs:
       pre_release: ${{ inputs.pre_release }}
       source_code_artifact_name: ${{ needs.seal.outputs.artifact_name }}
       source_code_integrity_hash: ${{ needs.seal.outputs.integrity_hash }}
+      skip_lambda_layer: ${{ inputs.skip_lambda_layer }}
 
   post_release:
     needs: [seal, release, publish_layer]
diff --git a/docs/index.md b/docs/index.md
index df8b2c9c0da..3c4b9fd54eb 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -238,8 +238,8 @@ You can install Powertools for AWS Lambda (Python) using your favorite dependenc
 
     | App                                                                                                                                                                                 |     |     | ARN                                                                                                                           |
     | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --- | --- | ----------------------------------------------------------------------------------------------------------------------------- |
-    | [**aws-lambda-powertools-python-layer-v3**](https://serverlessrepo.aws.amazon.com/applications/eu-west-1/057560766410/aws-lambda-powertools-python-layer){target="_blank"}             |     |     | __arn:aws:serverlessrepo:eu-west-1:057560766410:applications/aws-lambda-powertools-python-layer__{: .copyMe}:clipboard:       |
-    | [**aws-lambda-powertools-python-layer-arm64-v3**](https://serverlessrepo.aws.amazon.com/applications/eu-west-1/057560766410/aws-lambda-powertools-python-layer-arm64){target="_blank"} |     |     | __arn:aws:serverlessrepo:eu-west-1:057560766410:applications/aws-lambda-powertools-python-layer-arm64__{: .copyMe}:clipboard: |
+    | [**aws-lambda-powertools-python-layer**](https://serverlessrepo.aws.amazon.com/applications/eu-west-1/057560766410/aws-lambda-powertools-python-layer){target="_blank"}             |     |     | __arn:aws:serverlessrepo:eu-west-1:057560766410:applications/aws-lambda-powertools-python-layer__{: .copyMe}:clipboard:       |
+    | [**aws-lambda-powertools-python-layer-arm64**](https://serverlessrepo.aws.amazon.com/applications/eu-west-1/057560766410/aws-lambda-powertools-python-layer-arm64){target="_blank"} |     |     | __arn:aws:serverlessrepo:eu-west-1:057560766410:applications/aws-lambda-powertools-python-layer-arm64__{: .copyMe}:clipboard: |
 
     ??? question "Don't have enough permissions? Expand for a least-privilege IAM policy example"
 

From ef1d996834aed9edcf8dd8181b8d13fc6e904e03 Mon Sep 17 00:00:00 2001
From: Leandro Damascena <lcdama@amazon.pt>
Date: Wed, 26 Feb 2025 15:50:55 +0000
Subject: [PATCH 5/7] Making SAR version works as expected

---
 .github/workflows/publish_v3_layer.yml | 4 ++--
 .github/workflows/release-v3.yml       | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/publish_v3_layer.yml b/.github/workflows/publish_v3_layer.yml
index 6671aa8b16b..f7d671bb720 100644
--- a/.github/workflows/publish_v3_layer.yml
+++ b/.github/workflows/publish_v3_layer.yml
@@ -50,7 +50,7 @@ on:
         type: boolean
         required: false
       skip_lambda_layer:
-        description: "Skip publishing Lambda Layers as it can't publish more than once. Useful for semi-failed releases"
+        description: "Skip publishing Lambda Layers as it can publish duplicated versions of the same layer. Useful for semi-failed releases"
         type: boolean
         required: false
 
@@ -78,7 +78,7 @@ on:
         type: string
         required: true
       skip_lambda_layer:
-        description: "Skip publishing Lambda Layers as it can't publish more than once. Useful for semi-failed releases"
+        description: "Skip publishing Lambda Layers as it can publish duplicated versions of the same layer. Useful for semi-failed releases"
         default: false
         type: boolean
         required: false
diff --git a/.github/workflows/release-v3.yml b/.github/workflows/release-v3.yml
index 4c2d5958f08..2abd57cf60a 100644
--- a/.github/workflows/release-v3.yml
+++ b/.github/workflows/release-v3.yml
@@ -49,7 +49,7 @@ on:
         type: boolean
         required: false
       skip_lambda_layer:
-        description: "Skip publishing Lambda Layers as it can't publish more than once. Useful for semi-failed releases"
+        description: "Skip publishing Lambda Layers as it can publish duplicated versions of the same layer. Useful for semi-failed releases"
         default: false
         type: boolean
         required: false

From 8a8333f93c488971337af1a32f1d795611ee1c21 Mon Sep 17 00:00:00 2001
From: Leandro Damascena <lcdama@amazon.pt>
Date: Wed, 26 Feb 2025 16:14:02 +0000
Subject: [PATCH 6/7] Making SAR version works as expected

---
 .github/workflows/reusable_deploy_v3_sar.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/reusable_deploy_v3_sar.yml b/.github/workflows/reusable_deploy_v3_sar.yml
index 7dc99865c47..8954e9bec9e 100644
--- a/.github/workflows/reusable_deploy_v3_sar.yml
+++ b/.github/workflows/reusable_deploy_v3_sar.yml
@@ -106,7 +106,7 @@ jobs:
           aws-session-token: ${{ env.AWS_SESSION_TOKEN }}
           role-duration-seconds: 1200
           aws-region: ${{ env.AWS_REGION }}
-          role-to-assume: ${{ secrets.AWS_SAR_V2_ROLE_ARN }}
+          role-to-assume: ${{ secrets.AWS_SAR_V3_ROLE_ARN }}
           mask-aws-account-id: true
       - name: Setup Node.js
         uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0

From 9748b617a3efc5820d7810419ed90e41f517f648 Mon Sep 17 00:00:00 2001
From: Leandro Damascena <lcdama@amazon.pt>
Date: Wed, 26 Feb 2025 22:04:30 +0000
Subject: [PATCH 7/7] Modify arch name

---
 .github/workflows/publish_v3_layer.yml       | 1 -
 .github/workflows/reusable_deploy_v3_sar.yml | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/workflows/publish_v3_layer.yml b/.github/workflows/publish_v3_layer.yml
index f7d671bb720..4512be291ff 100644
--- a/.github/workflows/publish_v3_layer.yml
+++ b/.github/workflows/publish_v3_layer.yml
@@ -174,7 +174,6 @@ jobs:
           path: layer_v3/cdk.py${{ matrix.python-version }}.out.zip
 
   beta:
-    if: ${{ !inputs.skip_lambda_layer }}
     needs: build-layer
     # lower privilege propagated from parent workflow (release-v3.yml)
     permissions:
diff --git a/.github/workflows/reusable_deploy_v3_sar.yml b/.github/workflows/reusable_deploy_v3_sar.yml
index 8954e9bec9e..4dc60cc057f 100644
--- a/.github/workflows/reusable_deploy_v3_sar.yml
+++ b/.github/workflows/reusable_deploy_v3_sar.yml
@@ -127,7 +127,7 @@ jobs:
           if [[ "${{ inputs.stage }}" == "BETA" ]]; then
             SAR_NAME="test-${SAR_NAME}"
           fi
-          ARCH_NAME=$(echo ${{ matrix.architecture }} | tr -d '_')
+          ARCH_NAME=$(echo ${{ matrix.architecture }} | tr '_' '-')
           SAR_NAME="${SAR_NAME}-python${{env.PYTHON_VERSION}}-${ARCH_NAME}"
           echo SAR_NAME="${SAR_NAME}" >> "$GITHUB_ENV"
       - name: Prepare SAR App