Skip to content

Group Amazon.Lambda updates #2470

Group Amazon.Lambda updates

Group Amazon.Lambda updates #2470

Workflow file for this run

name: build
on:
push:
branches: [ main ]
paths-ignore:
- '**/*.md'
- '**/*.gitignore'
- '**/*.gitattributes'
pull_request:
branches:
- main
- dotnet-vnext
- dotnet-nightly
workflow_dispatch:
env:
ARTIFACT_NAME: 'lambda'
AWS_ACCOUNT_ID: ${{ vars.AWS_ACCOUNT_ID }}
AWS_REGION: ${{ vars.AWS_REGION }}
DOTNET_CLI_TELEMETRY_OPTOUT: true
DOTNET_GENERATE_ASPNET_CERTIFICATE: false
DOTNET_MULTILEVEL_LOOKUP: 0
DOTNET_NOLOGO: true
DOTNET_SKIP_FIRST_TIME_EXPERIENCE: 1
DOTNET_SYSTEM_CONSOLE_ALLOW_ANSI_COLOR_REDIRECTION: 1
LAMBDA_DESCRIPTION: 'Deploy build ${{ github.run_number }} to AWS Lambda via GitHub Actions'
LAMBDA_FUNCTION: 'alexa-london-travel'
LAMBDA_ROLE: ${{ vars.AWS_LAMBDA_ROLE }}
NUGET_XMLDOC_MODE: skip
TERM: xterm
permissions:
contents: read
jobs:
build:
name: ${{ matrix.os }}
runs-on: ${{ matrix.os }}
timeout-minutes: 20
permissions:
attestations: write
contents: read
id-token: write
strategy:
fail-fast: false
matrix:
os: [ macos-latest, ubuntu-latest, windows-latest ]
include:
- os: macos-latest
os_name: macos
- os: ubuntu-latest
os_name: linux
- os: windows-latest
os_name: windows
steps:
- name: Setup arm64 support for native AoT
if: runner.os == 'Linux'
shell: bash
run: |
sudo dpkg --add-architecture arm64
sudo bash -c 'cat > /etc/apt/sources.list.d/arm64.list <<EOF
deb [arch=arm64] http://ports.ubuntu.com/ubuntu-ports/ jammy main restricted
deb [arch=arm64] http://ports.ubuntu.com/ubuntu-ports/ jammy-updates main restricted
deb [arch=arm64] http://ports.ubuntu.com/ubuntu-ports/ jammy-backports main restricted universe multiverse
EOF'
sudo sed -i -e 's/deb http/deb [arch=amd64] http/g' /etc/apt/sources.list
sudo sed -i -e 's/deb mirror/deb [arch=amd64] mirror/g' /etc/apt/sources.list
sudo apt update
sudo apt install --yes clang llvm binutils-aarch64-linux-gnu gcc-aarch64-linux-gnu zlib1g-dev:arm64
- name: Checkout code
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
- name: Setup .NET SDK
uses: actions/setup-dotnet@4d6c8fcf3c8f7a60068d26b594648e99df24cee3 # v4.0.0
- name: Build, Test and Package
shell: pwsh
run: ./build.ps1
- name: Upload coverage to Codecov
uses: codecov/codecov-action@125fc84a9a348dbcf27191600683ec096ec9021c # v4.4.1
with:
file: ./artifacts/coverage/coverage.cobertura.xml
flags: ${{ matrix.os_name }}
token: ${{ secrets.CODECOV_TOKEN }}
- name: Publish artifacts
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: artifacts-${{ matrix.os_name }}
path: ./artifacts
- name: Create Lambda ZIP file
if: runner.os == 'Linux'
shell: bash
run: |
cd "./artifacts/publish/LondonTravel.Skill/release_linux-arm64" || exit
if [ -f "./bootstrap" ]
then
chmod +x ./bootstrap
fi
zip -r "../../../${LAMBDA_FUNCTION}.zip" . || exit 1
- name: Attest artifacts
uses: actions/attest-build-provenance@173725a1209d09b31f9d30a3890cf2757ebbff0d # v1.1.2
if: |
runner.os == 'Linux' &&
github.event.repository.fork == false &&
github.ref_name == github.event.repository.default_branch
with:
subject-path: ./artifacts/${{ env.LAMBDA_FUNCTION }}.zip
- name: Publish deployment package
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
if: runner.os == 'Linux' && success()
with:
name: ${{ env.ARTIFACT_NAME }}
path: ./artifacts/${{ env.LAMBDA_FUNCTION }}.zip
if-no-files-found: error
deploy-dev:
if: |
github.event.repository.fork == false &&
github.ref_name == github.event.repository.default_branch
name: dev
needs: build
concurrency: dev_environment
runs-on: ubuntu-latest
environment:
name: dev
permissions:
id-token: write
steps:
- name: Set function name
shell: bash
run: |
echo "FUNCTION_NAME=${LAMBDA_FUNCTION}-dev" >> "$GITHUB_ENV"
- name: Download artifacts
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
name: ${{ env.ARTIFACT_NAME }}
- name: Get Lambda configuration
shell: bash
run: |
LAMBDA_CONFIG="$(unzip -p "${LAMBDA_FUNCTION}.zip" aws-lambda-tools-defaults.json)"
{
echo "LAMBDA_ARCHITECTURES=$(echo "${LAMBDA_CONFIG}" | jq -r '."function-architecture"')"
echo "LAMBDA_HANDLER=$(echo "${LAMBDA_CONFIG}" | jq -r '."function-handler"')"
echo "LAMBDA_MEMORY=$(echo "${LAMBDA_CONFIG}" | jq -r '."function-memory-size"')"
echo "LAMBDA_RUNTIME=$(echo "${LAMBDA_CONFIG}" | jq -r '."function-runtime"')"
echo "LAMBDA_TIMEOUT=$(echo "${LAMBDA_CONFIG}" | jq -r '."function-timeout"')"
} >> "$GITHUB_ENV"
- name: Get Lambda environment variables
env:
SKILL_API_URL: ${{ vars.SKILL_API_URL }}
SKILL_ID: ${{ secrets.SKILL_ID }}
TFL_APPLICATION_ID: ${{ secrets.TFL_APPLICATION_ID }}
TFL_APPLICATION_KEY: ${{ secrets.TFL_APPLICATION_KEY }}
VERIFY_SKILL_ID: "true"
shell: bash
run: |
lambda_vars="{\
\"Variables\": {\
\"SSL_CERT_FILE\": \"/tmp/noop\",\
\"Skill__SkillApiUrl\": \"${SKILL_API_URL}\",\
\"Skill__SkillId\": \"${SKILL_ID}\",\
\"Skill__TflApplicationId\": \"${TFL_APPLICATION_ID}\",\
\"Skill__TflApplicationKey\": \"${TFL_APPLICATION_KEY}\",\
\"Skill__VerifySkillId\": \"${VERIFY_SKILL_ID}\"\
}\
}"
echo "LAMBDA_ENVIRONMENT_VARIABLES=${lambda_vars}" >> "$GITHUB_ENV"
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with:
role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/github-actions-deploy
role-session-name: ${{ github.event.repository.name }}-${{ github.run_id }}-deploy-dev
aws-region: ${{ env.AWS_REGION }}
- name: Update function code
shell: bash
run: |
aws lambda update-function-code \
--function-name "${FUNCTION_NAME}" \
--architectures "${LAMBDA_ARCHITECTURES}" \
--zip-file "fileb://./${LAMBDA_FUNCTION}.zip"
- name: Wait for function code update
shell: bash
run: |
aws lambda wait function-updated-v2 \
--function-name "${FUNCTION_NAME}"
- name: Update function configuration
shell: bash
env:
LAMBDA_LAYERS: ${{ vars.AWS_LAMBDA_LAYERS }}
LAMBDA_LOGGING_CONFIG: ${{ vars.AWS_LAMBDA_LOGGING_CONFIG }}
LAMBDA_TRACING_MODE: ${{ vars.AWS_TRACING_MODE }}
run: |
aws lambda update-function-configuration \
--function-name "${FUNCTION_NAME}" \
--description "${LAMBDA_DESCRIPTION}" \
--environment "${LAMBDA_ENVIRONMENT_VARIABLES}" \
--handler "${LAMBDA_HANDLER}" \
--layers "${LAMBDA_LAYERS}" \
--logging-config "${LAMBDA_LOGGING_CONFIG}" \
--memory-size "${LAMBDA_MEMORY}" \
--role "${LAMBDA_ROLE}" \
--runtime "${LAMBDA_RUNTIME}" \
--timeout "${LAMBDA_TIMEOUT}" \
--tracing-config "Mode=${LAMBDA_TRACING_MODE}"
- name: Wait for function configuration update
shell: bash
run: |
aws lambda wait function-updated-v2 \
--function-name "${FUNCTION_NAME}"
tests-dev:
name: tests-dev
needs: deploy-dev
runs-on: ubuntu-latest
concurrency: dev_environment
permissions:
id-token: write
steps:
- name: Checkout code
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
- name: Setup .NET SDK
uses: actions/setup-dotnet@4d6c8fcf3c8f7a60068d26b594648e99df24cee3 # v4.0.0
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with:
role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/github-actions-test
role-session-name: ${{ github.event.repository.name }}-${{ github.run_id }}-tests-dev
aws-region: ${{ env.AWS_REGION }}
- name: Run end-to-end tests
shell: pwsh
run: dotnet test ./test/LondonTravel.Skill.EndToEndTests --configuration Release --logger "GitHubActions;report-warnings=false"
env:
LAMBDA_FUNCTION_NAME: ${{ env.LAMBDA_FUNCTION }}-dev
LWA_CLIENT_ID: ${{ secrets.LWA_CLIENT_ID }}
LWA_CLIENT_SECRET: ${{ secrets.LWA_CLIENT_SECRET }}
LWA_REFRESH_TOKEN: ${{ secrets.LWA_REFRESH_TOKEN }}
SKILL_ID: ${{ secrets.SKILL_ID }}
SKILL_STAGE: development
deploy-prod:
name: production
needs: tests-dev
runs-on: ubuntu-latest
concurrency: production_environment
environment:
name: production
permissions:
id-token: write
steps:
- name: Set function name
shell: bash
run: |
echo "FUNCTION_NAME=${LAMBDA_FUNCTION}" >> "$GITHUB_ENV"
- name: Download artifacts
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
name: ${{ env.ARTIFACT_NAME }}
- name: Get Lambda configuration
shell: bash
run: |
LAMBDA_CONFIG="$(unzip -p "${LAMBDA_FUNCTION}.zip" aws-lambda-tools-defaults.json)"
{
echo "LAMBDA_ARCHITECTURES=$(echo "${LAMBDA_CONFIG}" | jq -r '."function-architecture"')"
echo "LAMBDA_HANDLER=$(echo "${LAMBDA_CONFIG}" | jq -r '."function-handler"')"
echo "LAMBDA_MEMORY=$(echo "${LAMBDA_CONFIG}" | jq -r '."function-memory-size"')"
echo "LAMBDA_RUNTIME=$(echo "${LAMBDA_CONFIG}" | jq -r '."function-runtime"')"
echo "LAMBDA_TIMEOUT=$(echo "${LAMBDA_CONFIG}" | jq -r '."function-timeout"')"
} >> "$GITHUB_ENV"
- name: Get Lambda environment variables
env:
SKILL_API_URL: ${{ vars.SKILL_API_URL }}
SKILL_ID: ${{ secrets.SKILL_ID }}
TFL_APPLICATION_ID: ${{ secrets.TFL_APPLICATION_ID }}
TFL_APPLICATION_KEY: ${{ secrets.TFL_APPLICATION_KEY }}
VERIFY_SKILL_ID: "true"
shell: bash
run: |
lambda_vars="{\
\"Variables\": {\
\"SSL_CERT_FILE\": \"/tmp/noop\",\
\"Skill__SkillApiUrl\": \"${SKILL_API_URL}\",\
\"Skill__SkillId\": \"${SKILL_ID}\",\
\"Skill__TflApplicationId\": \"${TFL_APPLICATION_ID}\",\
\"Skill__TflApplicationKey\": \"${TFL_APPLICATION_KEY}\",\
\"Skill__VerifySkillId\": \"${VERIFY_SKILL_ID}\"\
}\
}"
echo "LAMBDA_ENVIRONMENT_VARIABLES=${lambda_vars}" >> "$GITHUB_ENV"
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with:
role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/github-actions-deploy
role-session-name: ${{ github.event.repository.name }}-${{ github.run_id }}-deploy-production
aws-region: ${{ env.AWS_REGION }}
- name: Update function code
shell: bash
run: |
aws lambda update-function-code \
--function-name "${FUNCTION_NAME}" \
--architectures "${LAMBDA_ARCHITECTURES}" \
--zip-file "fileb://./${LAMBDA_FUNCTION}.zip"
- name: Wait for function code update
shell: bash
run: |
aws lambda wait function-updated-v2 \
--function-name "${FUNCTION_NAME}"
- name: Update function configuration
shell: bash
env:
LAMBDA_LAYERS: ${{ vars.AWS_LAMBDA_LAYERS }}
LAMBDA_LOGGING_CONFIG: ${{ vars.AWS_LAMBDA_LOGGING_CONFIG }}
LAMBDA_TRACING_MODE: ${{ vars.AWS_TRACING_MODE }}
run: |
aws lambda update-function-configuration \
--function-name "${FUNCTION_NAME}" \
--description "${LAMBDA_DESCRIPTION}" \
--environment "${LAMBDA_ENVIRONMENT_VARIABLES}" \
--handler "${LAMBDA_HANDLER}" \
--layers "${LAMBDA_LAYERS}" \
--logging-config "${LAMBDA_LOGGING_CONFIG}" \
--memory-size "${LAMBDA_MEMORY}" \
--role "${LAMBDA_ROLE}" \
--runtime "${LAMBDA_RUNTIME}" \
--timeout "${LAMBDA_TIMEOUT}" \
--tracing-config "Mode=${LAMBDA_TRACING_MODE}"
- name: Wait for function configuration update
shell: bash
run: |
aws lambda wait function-updated-v2 \
--function-name "${FUNCTION_NAME}"
tests-prod:
needs: deploy-prod
runs-on: ubuntu-latest
concurrency: production_environment
permissions:
id-token: write
steps:
- name: Checkout code
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
- name: Setup .NET SDK
uses: actions/setup-dotnet@4d6c8fcf3c8f7a60068d26b594648e99df24cee3 # v4.0.0
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with:
role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/github-actions-test
role-session-name: ${{ github.event.repository.name }}-${{ github.run_id }}-tests-production
aws-region: ${{ env.AWS_REGION }}
- name: Run end-to-end tests
shell: pwsh
run: dotnet test ./test/LondonTravel.Skill.EndToEndTests --configuration Release --logger "GitHubActions;report-warnings=false"
env:
LAMBDA_FUNCTION_NAME: ${{ env.LAMBDA_FUNCTION }}
LWA_CLIENT_ID: ${{ secrets.LWA_CLIENT_ID }}
LWA_CLIENT_SECRET: ${{ secrets.LWA_CLIENT_SECRET }}
LWA_REFRESH_TOKEN: ${{ secrets.LWA_REFRESH_TOKEN }}
SKILL_ID: ${{ secrets.SKILL_ID }}
SKILL_STAGE: live