aws-lambda-layer/action.yml at main · stephenbawks/aws-lambda-layer · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
name: AWS Lambda Layer Builder
description: Action will create/publish an AWS Lambda Layer from your GitHub Workflow. Does the undifferentiated heavy lifting for you.

# Including library dependencies in a layer
# https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html#configuration-layers-path
# https://awscli.amazonaws.com/v2/documentation/api/2.4.18/reference/lambda/add-layer-version-permission.html

# Lambda Runtimes
# https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html

# Including library dependencies in a layer
# https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html#configuration-layers-path


branding:
  icon: layers
  color: orange

inputs:
  layer-name:
    description: Name for the Lambda Layer
    required: true
  layer-directory:
    description: Working directory in repository where requirements file exists
    required: true
  runtime:
    description: AWS Lambda Runtime
    required: true
  bucketname:
    description: AWS S3 Bucket Name where layer will be uploaded
    required: true
  prefix-folder-path:
    description: An optional prefix that will be used for a folder path inside the S3 bucket
  principal:
    description: An AWS Account ID to grant layer usage permissions to.
    required: true
  organization-id:
    description: An AWS Organization ID to grant layer usage permissions to. Principal must be "*" if this is set.
  compatible-runtimes:
    description: A list of compatible function runtimes. Used for filtering with ListLayers and ListLayerVersions.

runs:
  using: 'composite'
  steps:

    - name: Install Python Requirements
      shell: bash
      working-directory: ${{ inputs.layer-directory }}
      run: |
        if [ "${{ inputs.runtime }}" = "python" ]; then
          echo "🚧 👷 Building Python Layer 🚀"
          mkdir -p python && pip3 install -r requirements.txt -t ./python
          zip -r lambda_layer.zip ./python
        elif [ "${{ inputs.runtime }}" = "node" ]; then
          echo "🚧 👷 Building Node Layer 🚀"
          mkdir -p nodejs/node_modules  && cd nodejs
          npm init -y
          while read p; do
              npm install --save "$p"
          done < ../requirements.txt
          cd ..
          zip -r lambda_layer.zip ./nodejs/node_modules
        else
          echo "Something else was specified for runtime"
        fi

    - name: Installing boto3
      shell: bash
      run: pip3 install boto3

    - name: Upload Zip and Create Layer
      shell: bash
      id: build-layer
      working-directory: ${{ inputs.layer-directory }}
      run: |
        DATE=$(date +"%d_%m_%Y")
        FOLDER_PATH="${{ inputs.prefix-folder-path }}"
        FORMATTED_LAYER_NAME="${{ inputs.layer-name }}-${DATE}"
        FORMATTED_ZIP="${FORMATTED_LAYER_NAME}-${RANDOM}.zip"
        aws s3 cp ./lambda_layer.zip s3://${{ inputs.bucketname }}/${{ inputs.prefix-folder-path }}/${FORMATTED_ZIP}
        RESPONSE=$(aws lambda publish-layer-version --layer-name ${FORMATTED_LAYER_NAME} \
        --description "${{ inputs.layer-name }} Layer" \
        --content S3Bucket=${{ inputs.bucketname }},S3Key=${{ inputs.prefix-folder-path }}/${FORMATTED_ZIP})

        echo "::set-output name=layer_version::$(echo $RESPONSE | jq -r '.Version')"
        echo "::set-output name=layer_arn::$(echo $RESPONSE | jq -r '.LayerArn')"
        echo "::set-output name=layer_name::${FORMATTED_LAYER_NAME}"

    - uses: actions/upload-artifact@v3
      with:
        name: lambda-layer
        path: ./${{ inputs.layer-directory }}/lambda_layer.zip
        retention-days: 5

    - name: Lambda Layer Permission
      shell: bash
      run: |
        if [ "${{ inputs.principal }}" = "*" ] && [ ! -z "${{ inputs.organization-id }}" ]; then
          aws lambda add-layer-version-permission --layer-name ${{ steps.build-layer.outputs.layer_name }} \
          --version-number ${{ steps.build-layer.outputs.layer_version }} \
          --principal ${{ inputs.principal }} \
          --organization-id ${{ inputs.organization-id }} \
          --statement-id "GrantOrgAccess-${RANDOM}" \
          --action lambda:GetLayerVersion
        else
          aws lambda add-layer-version-permission --layer-name ${{ steps.build-layer.outputs.layer_name }} \
          --version-number ${{ steps.build-layer.outputs.layer_version }} \
          --principal ${{ inputs.principal }} \
          --statement-id "GrantAccountAccess-${RANDOM}" \
          --action lambda:GetLayerVersion
        fi