diff --git a/.github/workflows/release-build.yml b/.github/workflows/release-build.yml index e3c8fcf29..aeba4b3c7 100644 --- a/.github/workflows/release-build.yml +++ b/.github/workflows/release-build.yml @@ -5,6 +5,10 @@ on: version: description: The version to tag the release with, e.g., 1.2.0 required: true + aws_region: + description: 'Deploy to aws regions' + required: true + default: 'us-east-1, us-east-2, us-west-1, us-west-2, ap-south-1, ap-northeast-3, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-northeast-1, ca-central-1, eu-central-1, eu-west-1, eu-west-2, eu-west-3, eu-north-1, sa-east-1, af-south-1, ap-east-1, ap-south-2, ap-southeast-3, ap-southeast-4, eu-central-2, eu-south-1, eu-south-2, il-central-1, me-central-1, me-south-1, ap-southeast-5, ap-southeast-7, mx-central-1, ca-west-1, cn-north-1, cn-northwest-1' env: AWS_DEFAULT_REGION: us-east-1 @@ -15,6 +19,9 @@ env: RELEASE_PRIVATE_REGISTRY: 020628701572.dkr.ecr.us-west-2.amazonaws.com PACKAGE_NAME: aws-opentelemetry-distro ARTIFACT_NAME: aws_opentelemetry_distro-${{ github.event.inputs.version }}-py3-none-any.whl + # Legacy list of commercial regions to deploy to. New regions should NOT be added here, and instead should be added to the `aws_region` default input to the workflow. + LEGACY_COMMERCIAL_REGIONS: us-east-1, us-east-2, us-west-1, us-west-2, ap-south-1, ap-northeast-3, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-northeast-1, ca-central-1, eu-central-1, eu-west-1, eu-west-2, eu-west-3, eu-north-1, sa-east-1 + LAYER_NAME: AWSOpenTelemetryDistroPython permissions: id-token: write @@ -132,17 +139,245 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token run: | - # Download layer.zip from existing latest tagged SDK release note - LATEST_SDK_VERSION=$(gh release list --repo "aws-observability/aws-otel-python-instrumentation" --json tagName,isLatest -q 'map(select(.isLatest==true)) | .[0].tagName') - mkdir -p layer_artifact - gh release download "$LATEST_SDK_VERSION" --repo "aws-observability/aws-otel-python-instrumentation" --pattern "layer.zip" --dir layer_artifact - shasum -a 256 layer_artifact/layer.zip > layer_artifact/layer.zip.sha256 + # Extract versions from pyproject.toml + SDK_VERSION=$(grep "opentelemetry-sdk ==" aws-opentelemetry-distro/pyproject.toml | sed 's/.*== \([^,]*\).*/\1/' | tr -d '"') + INSTRUMENTATION_VERSION=$(grep "opentelemetry-instrumentation ==" aws-opentelemetry-distro/pyproject.toml | sed 's/.*== \([^,]*\).*/\1/' | tr -d '"') + + # Create release notes + cat > release_notes.md << EOF + This release contains updates of the following upstream components: + + OpenTelemetry Python - $SDK_VERSION + OpenTelemetry Python Contrib - $INSTRUMENTATION_VERSION + + This release also publishes to public ECR and PyPi. + * See ADOT Python auto-instrumentation Docker image v${{ github.event.inputs.version }} in our public ECR repository: + https://gallery.ecr.aws/aws-observability/adot-autoinstrumentation-python + * See version ${{ github.event.inputs.version }} in our PyPi repository: + https://pypi.org/project/aws-opentelemetry-distro/ + EOF gh release create --target "$GITHUB_REF_NAME" \ --title "Release v${{ github.event.inputs.version }}" \ + --notes-file release_notes.md \ --draft \ "v${{ github.event.inputs.version }}" \ dist/${{ env.ARTIFACT_NAME }} \ - ${{ env.ARTIFACT_NAME }}.sha256 \ - layer_artifact/layer.zip \ - layer_artifact/layer.zip.sha256 + ${{ env.ARTIFACT_NAME }}.sha256 + build-layer: + runs-on: ubuntu-latest + needs: build + outputs: + aws_regions_json: ${{ steps.set-matrix.outputs.aws_regions_json }} + steps: + - name: Set up regions matrix + id: set-matrix + run: | + IFS=',' read -ra REGIONS <<< "${{ github.event.inputs.aws_region }}" + MATRIX="[" + for region in "${REGIONS[@]}"; do + trimmed_region=$(echo "$region" | xargs) + MATRIX+="\"$trimmed_region\"," + done + MATRIX="${MATRIX%,}]" + echo ${MATRIX} + echo "aws_regions_json=${MATRIX}" >> $GITHUB_OUTPUT + - name: Checkout Repo @ SHA - ${{ github.sha }} + uses: actions/checkout@v4 + - uses: actions/setup-python@v5 + with: + python-version: '3.x' + - name: Build layers + working-directory: lambda-layer/src + run: | + ./build-lambda-layer.sh + pip install tox + tox + - name: upload layer + uses: actions/upload-artifact@v4 + with: + name: layer.zip + path: lambda-layer/src/build/aws-opentelemetry-python-layer.zip + publish-layer-prod: + runs-on: ubuntu-latest + needs: build-layer + strategy: + matrix: + aws_region: ${{ fromJson(needs.build-layer.outputs.aws_regions_json) }} + steps: + - name: role arn + env: + LEGACY_COMMERCIAL_REGIONS: ${{ env.LEGACY_COMMERCIAL_REGIONS }} + run: | + LEGACY_COMMERCIAL_REGIONS_ARRAY=(${LEGACY_COMMERCIAL_REGIONS//,/ }) + FOUND=false + for REGION in "${LEGACY_COMMERCIAL_REGIONS_ARRAY[@]}"; do + if [[ "$REGION" == "${{ matrix.aws_region }}" ]]; then + FOUND=true + break + fi + done + if [ "$FOUND" = true ]; then + echo "Found ${{ matrix.aws_region }} in LEGACY_COMMERCIAL_REGIONS" + SECRET_KEY="LAMBDA_LAYER_RELEASE" + else + echo "Not found ${{ matrix.aws_region }} in LEGACY_COMMERCIAL_REGIONS" + SECRET_KEY="${{ matrix.aws_region }}_LAMBDA_LAYER_RELEASE" + fi + SECRET_KEY=${SECRET_KEY//-/_} + echo "SECRET_KEY=${SECRET_KEY}" >> $GITHUB_ENV + - uses: aws-actions/configure-aws-credentials@v4.0.2 + with: + role-to-assume: ${{ secrets[env.SECRET_KEY] }} + role-duration-seconds: 1200 + aws-region: ${{ matrix.aws_region }} + - name: Get s3 bucket name for release + run: | + echo BUCKET_NAME=python-lambda-layer-${{ github.run_id }}-${{ matrix.aws_region }} | tee --append $GITHUB_ENV + - name: download layer.zip + uses: actions/download-artifact@v4 + with: + name: layer.zip + - name: publish + run: | + aws s3 mb s3://${{ env.BUCKET_NAME }} + aws s3 cp aws-opentelemetry-python-layer.zip s3://${{ env.BUCKET_NAME }} + layerARN=$( + aws lambda publish-layer-version \ + --layer-name ${{ env.LAYER_NAME }} \ + --content S3Bucket=${{ env.BUCKET_NAME }},S3Key=aws-opentelemetry-python-layer.zip \ + --compatible-runtimes python3.10 python3.11 python3.12 python3.13 \ + --compatible-architectures "arm64" "x86_64" \ + --license-info "Apache-2.0" \ + --description "AWS Distro of OpenTelemetry Lambda Layer for Python Runtime" \ + --query 'LayerVersionArn' \ + --output text + ) + echo $layerARN + echo "LAYER_ARN=${layerARN}" >> $GITHUB_ENV + mkdir ${{ env.LAYER_NAME }} + echo $layerARN > ${{ env.LAYER_NAME }}/${{ matrix.aws_region }} + cat ${{ env.LAYER_NAME }}/${{ matrix.aws_region }} + - name: public layer + run: | + layerVersion=$( + aws lambda list-layer-versions \ + --layer-name ${{ env.LAYER_NAME }} \ + --query 'max_by(LayerVersions, &Version).Version' + ) + aws lambda add-layer-version-permission \ + --layer-name ${{ env.LAYER_NAME }} \ + --version-number $layerVersion \ + --principal "*" \ + --statement-id publish \ + --action lambda:GetLayerVersion + - name: upload layer arn artifact + if: ${{ success() }} + uses: actions/upload-artifact@v4 + with: + name: ${{ env.LAYER_NAME }}-${{ matrix.aws_region }} + path: ${{ env.LAYER_NAME }}/${{ matrix.aws_region }} + - name: clean s3 + if: always() + run: | + aws s3 rb --force s3://${{ env.BUCKET_NAME }} + generate-lambda-release-note: + runs-on: ubuntu-latest + needs: publish-layer-prod + steps: + - name: Checkout Repo @ SHA - ${{ github.sha }} + uses: actions/checkout@v4 + - uses: hashicorp/setup-terraform@v2 + - name: download layerARNs + uses: actions/download-artifact@v4 + with: + pattern: ${{ env.LAYER_NAME }}-* + path: ${{ env.LAYER_NAME }} + merge-multiple: true + - name: show layerARNs + run: | + for file in ${{ env.LAYER_NAME }}/* + do + echo $file + cat $file + done + - name: generate layer-note + working-directory: ${{ env.LAYER_NAME }} + run: | + echo "| Region | Layer ARN |" >> ../layer-note + echo "| ---- | ---- |" >> ../layer-note + for file in * + do + read arn < $file + echo "| " $file " | " $arn " |" >> ../layer-note + done + cat ../layer-note + - name: generate tf layer + working-directory: ${{ env.LAYER_NAME }} + run: | + echo "locals {" >> ../layer_arns.tf + echo " sdk_layer_arns = {" >> ../layer_arns.tf + for file in * + do + read arn < $file + echo " \""$file"\" = \""$arn"\"" >> ../layer_arns.tf + done + cd .. + echo " }" >> layer_arns.tf + echo "}" >> layer_arns.tf + terraform fmt layer_arns.tf + cat layer_arns.tf + - name: generate layer ARN constants for CDK + working-directory: ${{ env.LAYER_NAME }} + run: | + echo "{" > ../layer_cdk + for file in *; do + read arn < "$file" + echo " \"$file\": \"$arn\"," >> ../layer_cdk + done + echo "}" >> ../layer_cdk + cat ../layer_cdk + - name: download layer.zip + uses: actions/download-artifact@v4 + with: + name: layer.zip + - name: Rename layer file + run: | + cp aws-opentelemetry-python-layer.zip layer.zip + - name: Get commit hash + id: commit + run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT + - name: Update GH release + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + TAG="v${{ github.event.inputs.version }}" + # Generate SHA-256 checksum for layer.zip + shasum -a 256 layer.zip > layer.zip.sha256 + gh release upload $TAG \ + layer.zip \ + layer.zip.sha256 \ + layer_arns.tf \ + --clobber + - name: Update Release Notes + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + TAG="v${{ github.event.inputs.version }}" + # Get current release notes + current_notes=$(gh release view $TAG --json body -q .body) + echo "This release also includes the AWS OpenTelemetry Lambda Layer for Python version ${{ github.event.inputs.version }}-${{ steps.commit.outputs.sha_short }}." >> lambda_notes.md + echo "" >> lambda_notes.md + echo "Lambda Layer ARNs:" >> lambda_notes.md + echo "" >> lambda_notes.md + cat layer-note >> lambda_notes.md + echo "" >> lambda_notes.md + echo "Notes:" >> lambda_notes.md + { + echo "$current_notes" + echo "" + cat lambda_notes.md + } > updated_notes.md + # Update release notes + gh release edit $TAG --notes-file updated_notes.md + diff --git a/.github/workflows/release-lambda.yml b/.github/workflows/release-lambda.yml deleted file mode 100644 index e887d1d1e..000000000 --- a/.github/workflows/release-lambda.yml +++ /dev/null @@ -1,239 +0,0 @@ -name: Release Lambda layer - -on: - workflow_dispatch: - inputs: - version: - description: The version to tag the lambda release with (should be the same as the ADOT SDK version, e.g., 0.8.0) - required: true - aws_region: - description: 'Deploy to aws regions' - required: true - default: 'us-east-1, us-east-2, us-west-1, us-west-2, ap-south-1, ap-northeast-3, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-northeast-1, ca-central-1, eu-central-1, eu-west-1, eu-west-2, eu-west-3, eu-north-1, sa-east-1, af-south-1, ap-east-1, ap-south-2, ap-southeast-3, ap-southeast-4, eu-central-2, eu-south-1, eu-south-2, il-central-1, me-central-1, me-south-1, ap-southeast-5, ap-southeast-7, mx-central-1, ca-west-1, cn-north-1, cn-northwest-1' - -env: - # Legacy list of commercial regions to deploy to. New regions should NOT be added here, and instead should be added to the `aws_region` default input to the workflow. - LEGACY_COMMERCIAL_REGIONS: us-east-1, us-east-2, us-west-1, us-west-2, ap-south-1, ap-northeast-3, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-northeast-1, ca-central-1, eu-central-1, eu-west-1, eu-west-2, eu-west-3, eu-north-1, sa-east-1 - LAYER_NAME: AWSOpenTelemetryDistroPython - -permissions: - id-token: write - contents: write - -jobs: - build-layer: - environment: Release - runs-on: ubuntu-latest - outputs: - aws_regions_json: ${{ steps.set-matrix.outputs.aws_regions_json }} - steps: - - name: Set up regions matrix - id: set-matrix - run: | - IFS=',' read -ra REGIONS <<< "${{ github.event.inputs.aws_region }}" - MATRIX="[" - for region in "${REGIONS[@]}"; do - trimmed_region=$(echo "$region" | xargs) - MATRIX+="\"$trimmed_region\"," - done - MATRIX="${MATRIX%,}]" - echo ${MATRIX} - echo "aws_regions_json=${MATRIX}" >> $GITHUB_OUTPUT - - name: Checkout Repo @ SHA - ${{ github.sha }} - uses: actions/checkout@v4 - - uses: actions/setup-python@v5 - with: - python-version: '3.x' - - name: Build layers - working-directory: lambda-layer/src - run: | - ./build-lambda-layer.sh - pip install tox - tox - - name: upload layer - uses: actions/upload-artifact@v4 - with: - name: layer.zip - path: lambda-layer/src/build/aws-opentelemetry-python-layer.zip - publish-prod: - runs-on: ubuntu-latest - needs: build-layer - strategy: - matrix: - aws_region: ${{ fromJson(needs.build-layer.outputs.aws_regions_json) }} - steps: - - name: role arn - env: - LEGACY_COMMERCIAL_REGIONS: ${{ env.LEGACY_COMMERCIAL_REGIONS }} - run: | - LEGACY_COMMERCIAL_REGIONS_ARRAY=(${LEGACY_COMMERCIAL_REGIONS//,/ }) - FOUND=false - for REGION in "${LEGACY_COMMERCIAL_REGIONS_ARRAY[@]}"; do - if [[ "$REGION" == "${{ matrix.aws_region }}" ]]; then - FOUND=true - break - fi - done - if [ "$FOUND" = true ]; then - echo "Found ${{ matrix.aws_region }} in LEGACY_COMMERCIAL_REGIONS" - SECRET_KEY="LAMBDA_LAYER_RELEASE" - else - echo "Not found ${{ matrix.aws_region }} in LEGACY_COMMERCIAL_REGIONS" - SECRET_KEY="${{ matrix.aws_region }}_LAMBDA_LAYER_RELEASE" - fi - SECRET_KEY=${SECRET_KEY//-/_} - echo "SECRET_KEY=${SECRET_KEY}" >> $GITHUB_ENV - - uses: aws-actions/configure-aws-credentials@v4.0.2 - with: - role-to-assume: ${{ secrets[env.SECRET_KEY] }} - role-duration-seconds: 1200 - aws-region: ${{ matrix.aws_region }} - - name: Get s3 bucket name for release - run: | - echo BUCKET_NAME=python-lambda-layer-${{ github.run_id }}-${{ matrix.aws_region }} | tee --append $GITHUB_ENV - - name: download layer.zip - uses: actions/download-artifact@v4 - with: - name: layer.zip - - name: publish - run: | - aws s3 mb s3://${{ env.BUCKET_NAME }} - aws s3 cp aws-opentelemetry-python-layer.zip s3://${{ env.BUCKET_NAME }} - layerARN=$( - aws lambda publish-layer-version \ - --layer-name ${{ env.LAYER_NAME }} \ - --content S3Bucket=${{ env.BUCKET_NAME }},S3Key=aws-opentelemetry-python-layer.zip \ - --compatible-runtimes python3.10 python3.11 python3.12 python3.13 \ - --compatible-architectures "arm64" "x86_64" \ - --license-info "Apache-2.0" \ - --description "AWS Distro of OpenTelemetry Lambda Layer for Python Runtime" \ - --query 'LayerVersionArn' \ - --output text - ) - echo $layerARN - echo "LAYER_ARN=${layerARN}" >> $GITHUB_ENV - mkdir ${{ env.LAYER_NAME }} - echo $layerARN > ${{ env.LAYER_NAME }}/${{ matrix.aws_region }} - cat ${{ env.LAYER_NAME }}/${{ matrix.aws_region }} - - name: public layer - run: | - layerVersion=$( - aws lambda list-layer-versions \ - --layer-name ${{ env.LAYER_NAME }} \ - --query 'max_by(LayerVersions, &Version).Version' - ) - aws lambda add-layer-version-permission \ - --layer-name ${{ env.LAYER_NAME }} \ - --version-number $layerVersion \ - --principal "*" \ - --statement-id publish \ - --action lambda:GetLayerVersion - - name: upload layer arn artifact - if: ${{ success() }} - uses: actions/upload-artifact@v4 - with: - name: ${{ env.LAYER_NAME }}-${{ matrix.aws_region }} - path: ${{ env.LAYER_NAME }}/${{ matrix.aws_region }} - - name: clean s3 - if: always() - run: | - aws s3 rb --force s3://${{ env.BUCKET_NAME }} - generate-release-note: - runs-on: ubuntu-latest - needs: publish-prod - steps: - - name: Checkout Repo @ SHA - ${{ github.sha }} - uses: actions/checkout@v4 - - uses: hashicorp/setup-terraform@v2 - - name: download layerARNs - uses: actions/download-artifact@v4 - with: - pattern: ${{ env.LAYER_NAME }}-* - path: ${{ env.LAYER_NAME }} - merge-multiple: true - - name: show layerARNs - run: | - for file in ${{ env.LAYER_NAME }}/* - do - echo $file - cat $file - done - - name: generate layer-note - working-directory: ${{ env.LAYER_NAME }} - run: | - echo "| Region | Layer ARN |" >> ../layer-note - echo "| ---- | ---- |" >> ../layer-note - for file in * - do - read arn < $file - echo "| " $file " | " $arn " |" >> ../layer-note - done - cat ../layer-note - - name: generate tf layer - working-directory: ${{ env.LAYER_NAME }} - run: | - echo "locals {" >> ../layer_arns.tf - echo " sdk_layer_arns = {" >> ../layer_arns.tf - for file in * - do - read arn < $file - echo " \""$file"\" = \""$arn"\"" >> ../layer_arns.tf - done - cd .. - echo " }" >> layer_arns.tf - echo "}" >> layer_arns.tf - terraform fmt layer_arns.tf - cat layer_arns.tf - - name: generate layer ARN constants for CDK - working-directory: ${{ env.LAYER_NAME }} - run: | - echo "{" > ../layer_cdk - for file in *; do - read arn < "$file" - echo " \"$file\": \"$arn\"," >> ../layer_cdk - done - echo "}" >> ../layer_cdk - cat ../layer_cdk - - name: download layer.zip - uses: actions/download-artifact@v4 - with: - name: layer.zip - - name: Rename layer file - run: | - cp aws-opentelemetry-python-layer.zip layer.zip - - name: Get commit hash - id: commit - run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT - - name: Create Release Notes - run: | - echo "AWS OpenTelemetry Lambda Layer for Python version ${{ github.event.inputs.version }}-${{ steps.commit.outputs.sha_short }}" > release_notes.md - echo "" >> release_notes.md - echo "" >> release_notes.md - echo "See new Lambda Layer ARNs:" >> release_notes.md - echo "" >> release_notes.md - cat layer-note >> release_notes.md - echo "" >> release_notes.md - echo "Notes:" >> release_notes.md - - name: Create GH release - id: create_release - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token - run: | - gh release create --target "$GITHUB_REF_NAME" \ - --title "Release lambda-v${{ github.event.inputs.version }}-${{ steps.commit.outputs.sha_short }}" \ - --notes-file release_notes.md \ - --draft \ - "lambda-v${{ github.event.inputs.version }}-${{ steps.commit.outputs.sha_short }}" \ - layer_arns.tf layer.zip - echo Removing release_notes.md ... - rm -f release_notes.md - - name: Upload layer.zip and SHA-256 checksum to SDK Release Notes (tagged with latest) - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - LATEST_SDK_VERSION=$(gh release list --repo "aws-observability/aws-otel-python-instrumentation" --json tagName,isLatest -q 'map(select(.isLatest==true)) | .[0].tagName') - # Generate SHA-256 checksum for layer.zip - shasum -a 256 layer.zip > layer.zip.sha256 - # Upload layer.zip and its checksum to the latest SDK release note - gh release upload "$LATEST_SDK_VERSION" layer.zip layer.zip.sha256 --repo "aws-observability/aws-otel-python-instrumentation" --clobber - echo "✅ layer.zip successfully uploaded to $LATEST_SDK_VERSION in the upstream repo!"