From 41b21bb03d7cb7ecc0151c6a97c90f34de7dca5a Mon Sep 17 00:00:00 2001 From: Ashish Dhingra <67916761+ashishdhingra@users.noreply.github.com> Date: Wed, 11 Jun 2025 10:45:19 -0700 Subject: [PATCH 1/4] chore: Pinned to v1.6.0 of aws-github-ops/handle-stale-discussions so that closed GitHub discussions are not auto-reopened. (#2085) --- .github/workflows/handle-stale-discussions.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/handle-stale-discussions.yml b/.github/workflows/handle-stale-discussions.yml index 8b5bcb1f8..534dc6584 100644 --- a/.github/workflows/handle-stale-discussions.yml +++ b/.github/workflows/handle-stale-discussions.yml @@ -13,6 +13,6 @@ jobs: discussions: write steps: - name: Stale discussions action - uses: aws-github-ops/handle-stale-discussions@v1 + uses: aws-github-ops/handle-stale-discussions@v1.6.0 env: GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} From 221d65509e06448650fc3d986eb650935c5c21af Mon Sep 17 00:00:00 2001 From: Philippe El Asmar <53088140+philasmar@users.noreply.github.com> Date: Fri, 11 Jul 2025 14:59:08 -0400 Subject: [PATCH 2/4] Synd dev and master (#2105) * Bump github/codeql-action from 3.28.19 to 3.29.2 (#2098) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.19 to 3.29.2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/fca7ace96b7d713c7035871441bd52efbe39e27e...181d5eefc20863364f96762470ba6f862bdef56b) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 3.29.2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump aws-actions/aws-secretsmanager-get-secrets from 2.0.9 to 2.0.10 (#2099) Bumps [aws-actions/aws-secretsmanager-get-secrets](https://github.com/aws-actions/aws-secretsmanager-get-secrets) from 2.0.9 to 2.0.10. - [Release notes](https://github.com/aws-actions/aws-secretsmanager-get-secrets/releases) - [Commits](https://github.com/aws-actions/aws-secretsmanager-get-secrets/compare/5e19ff380d035695bdd56bbad320ca535c9063f2...a9a7eb4e2f2871d30dc5b892576fde60a2ecc802) --- updated-dependencies: - dependency-name: aws-actions/aws-secretsmanager-get-secrets dependency-version: 2.0.10 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: ASP.NET Core version update in Dockerfiles (#2103) Co-authored-by: aws-sdk-dotnet-automation --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: aws-sdk-dotnet-automation --- .github/workflows/create-release-pr.yml | 2 +- .github/workflows/semgrep-analysis.yml | 2 +- .github/workflows/sync-master-dev.yml | 2 +- LambdaRuntimeDockerfiles/Images/net8/amd64/Dockerfile | 4 ++-- LambdaRuntimeDockerfiles/Images/net8/arm64/Dockerfile | 4 ++-- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/create-release-pr.yml b/.github/workflows/create-release-pr.yml index 352fc6559..f80ab9d45 100644 --- a/.github/workflows/create-release-pr.yml +++ b/.github/workflows/create-release-pr.yml @@ -31,7 +31,7 @@ jobs: aws-region: us-west-2 # Retrieve the Access Token from Secrets Manager - name: Retrieve secret from AWS Secrets Manager - uses: aws-actions/aws-secretsmanager-get-secrets@5e19ff380d035695bdd56bbad320ca535c9063f2 #v2.0.9 + uses: aws-actions/aws-secretsmanager-get-secrets@a9a7eb4e2f2871d30dc5b892576fde60a2ecc802 #v2.0.10 with: secret-ids: | AWS_SECRET, ${{ secrets.RELEASE_WORKFLOW_ACCESS_TOKEN_NAME }} diff --git a/.github/workflows/semgrep-analysis.yml b/.github/workflows/semgrep-analysis.yml index 9703e3e52..d13d75635 100644 --- a/.github/workflows/semgrep-analysis.yml +++ b/.github/workflows/semgrep-analysis.yml @@ -35,7 +35,7 @@ jobs: p/owasp-top-ten - name: Upload SARIF file for GitHub Advanced Security Dashboard - uses: github/codeql-action/upload-sarif@fca7ace96b7d713c7035871441bd52efbe39e27e #v3.28.19 + uses: github/codeql-action/upload-sarif@181d5eefc20863364f96762470ba6f862bdef56b #v3.29.2 with: sarif_file: semgrep.sarif if: always() diff --git a/.github/workflows/sync-master-dev.yml b/.github/workflows/sync-master-dev.yml index b66f0a1c9..2647423a6 100644 --- a/.github/workflows/sync-master-dev.yml +++ b/.github/workflows/sync-master-dev.yml @@ -32,7 +32,7 @@ jobs: aws-region: us-west-2 # Retrieve the Access Token from Secrets Manager - name: Retrieve secret from AWS Secrets Manager - uses: aws-actions/aws-secretsmanager-get-secrets@5e19ff380d035695bdd56bbad320ca535c9063f2 #v2.0.9 + uses: aws-actions/aws-secretsmanager-get-secrets@a9a7eb4e2f2871d30dc5b892576fde60a2ecc802 #v2.0.10 with: secret-ids: | AWS_SECRET, ${{ secrets.RELEASE_WORKFLOW_ACCESS_TOKEN_NAME }} diff --git a/LambdaRuntimeDockerfiles/Images/net8/amd64/Dockerfile b/LambdaRuntimeDockerfiles/Images/net8/amd64/Dockerfile index 7bae312b5..1690f3200 100644 --- a/LambdaRuntimeDockerfiles/Images/net8/amd64/Dockerfile +++ b/LambdaRuntimeDockerfiles/Images/net8/amd64/Dockerfile @@ -1,7 +1,7 @@ # Based on Docker image from: https://github.com/dotnet/dotnet-docker/ -ARG ASPNET_VERSION=8.0.17 -ARG ASPNET_SHA512=b292dea52f70035bb7ccc82c1ed908fb084753eb08f662c7bb2e9206e22f396aa611db6573e827d5c5cff21590810b66eae0ead9b534bc3f8fc695f65f47f28f +ARG ASPNET_VERSION=8.0.18 +ARG ASPNET_SHA512=896e9cab7c3ea5384c174e7e2cffae3c7f8f9ed5d6d2b7434b5a2b0dc3f02b611ff8668f5d70c0b356a6a5d85a28fe40756cf356b168d0306370da11646b4b23 ARG LAMBDA_RUNTIME_NAME=dotnet8 ARG AMAZON_LINUX=public.ecr.aws/lambda/provided:al2023 diff --git a/LambdaRuntimeDockerfiles/Images/net8/arm64/Dockerfile b/LambdaRuntimeDockerfiles/Images/net8/arm64/Dockerfile index 8311e5f1c..a22262ccd 100644 --- a/LambdaRuntimeDockerfiles/Images/net8/arm64/Dockerfile +++ b/LambdaRuntimeDockerfiles/Images/net8/arm64/Dockerfile @@ -1,7 +1,7 @@ # Based on Docker image from: https://github.com/dotnet/dotnet-docker/ -ARG ASPNET_VERSION=8.0.17 -ARG ASPNET_SHA512=4f1a441e400b60f814a161d2718c2599b4d492fffe5df5a5d8a494cec553ad3574c0988e9dc49abf8c928b9e9783a86f5506cbcbdf12d24e562090969aced3c5 +ARG ASPNET_VERSION=8.0.18 +ARG ASPNET_SHA512=997ce36180503fbd4dd86ed43b533f618be1db7cf170f500d0d12f899adff22e5b7714942aa2513eece6c12224761c143fbc91d6e97d83cccaed8a811ebcd835 ARG LAMBDA_RUNTIME_NAME=dotnet8 ARG AMAZON_LINUX=public.ecr.aws/lambda/provided:al2023 From b1105f85a6bb072b4befef007c6d40c71bdfb1d7 Mon Sep 17 00:00:00 2001 From: Garrett Beatty Date: Fri, 12 Sep 2025 14:48:29 -0400 Subject: [PATCH 3/4] auto update lambda runtime images (#2112) (#2133) --- .github/workflows/auto-update-Dockerfiles.yml | 190 ++++++++++++++++++ .github/workflows/update-Dockerfiles.yml | 31 ++- .../get-latest-aspnet-versions.ps1 | 135 +++++++++++++ 3 files changed, 349 insertions(+), 7 deletions(-) create mode 100644 .github/workflows/auto-update-Dockerfiles.yml create mode 100644 LambdaRuntimeDockerfiles/get-latest-aspnet-versions.ps1 diff --git a/.github/workflows/auto-update-Dockerfiles.yml b/.github/workflows/auto-update-Dockerfiles.yml new file mode 100644 index 000000000..1e5af5cc0 --- /dev/null +++ b/.github/workflows/auto-update-Dockerfiles.yml @@ -0,0 +1,190 @@ +name: Auto-Update Lambda Dockerfiles Daily + +permissions: + contents: write + pull-requests: write + +on: + # Run daily at midnight UTC + schedule: + - cron: '0 0 * * *' + # Allows to run this workflow manually from the Actions tab for testing + workflow_dispatch: + + + +jobs: + auto-update: + runs-on: ubuntu-latest + env: + NET_8_AMD64_Dockerfile: "LambdaRuntimeDockerfiles/Images/net8/amd64/Dockerfile" + NET_8_ARM64_Dockerfile: "LambdaRuntimeDockerfiles/Images/net8/arm64/Dockerfile" + NET_9_AMD64_Dockerfile: "LambdaRuntimeDockerfiles/Images/net9/amd64/Dockerfile" + NET_9_ARM64_Dockerfile: "LambdaRuntimeDockerfiles/Images/net9/arm64/Dockerfile" + NET_10_AMD64_Dockerfile: "LambdaRuntimeDockerfiles/Images/net10/amd64/Dockerfile" + NET_10_ARM64_Dockerfile: "LambdaRuntimeDockerfiles/Images/net10/arm64/Dockerfile" + + steps: + # Checks-out the repository under $GITHUB_WORKSPACE + - uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2 #v4.2.2 + with: + ref: 'dev' + + # Update .NET 8 AMD64 Dockerfile + - name: Update .NET 8 AMD64 + id: update-net8-amd64 + shell: pwsh + env: + DOCKERFILE_PATH: ${{ env.NET_8_AMD64_Dockerfile }} + run: | + $version = & "./LambdaRuntimeDockerfiles/get-latest-aspnet-versions.ps1" -MajorVersion "8" + if (-not [string]::IsNullOrEmpty($version)) { + & "./LambdaRuntimeDockerfiles/update-dockerfile.ps1" -DockerfilePath "${{ env.DOCKERFILE_PATH }}" -NextVersion $version + } else { + Write-Host "Skipping .NET 8 AMD64 update - No version detected" + } + + # Update .NET 8 ARM64 Dockerfile + - name: Update .NET 8 ARM64 + id: update-net8-arm64 + shell: pwsh + env: + DOCKERFILE_PATH: ${{ env.NET_8_ARM64_Dockerfile }} + run: | + $version = & "./LambdaRuntimeDockerfiles/get-latest-aspnet-versions.ps1" -MajorVersion "8" + if (-not [string]::IsNullOrEmpty($version)) { + & "./LambdaRuntimeDockerfiles/update-dockerfile.ps1" -DockerfilePath "${{ env.DOCKERFILE_PATH }}" -NextVersion $version + } else { + Write-Host "Skipping .NET 8 ARM64 update - No version detected" + } + + # Update .NET 9 AMD64 Dockerfile + - name: Update .NET 9 AMD64 + id: update-net9-amd64 + shell: pwsh + env: + DOCKERFILE_PATH: ${{ env.NET_9_AMD64_Dockerfile }} + run: | + $version = & "./LambdaRuntimeDockerfiles/get-latest-aspnet-versions.ps1" -MajorVersion "9" + if (-not [string]::IsNullOrEmpty($version)) { + & "./LambdaRuntimeDockerfiles/update-dockerfile.ps1" -DockerfilePath "${{ env.DOCKERFILE_PATH }}" -NextVersion $version + } else { + Write-Host "Skipping .NET 9 AMD64 update - No version detected" + } + + # Update .NET 9 ARM64 Dockerfile + - name: Update .NET 9 ARM64 + id: update-net9-arm64 + shell: pwsh + env: + DOCKERFILE_PATH: ${{ env.NET_9_ARM64_Dockerfile }} + run: | + $version = & "./LambdaRuntimeDockerfiles/get-latest-aspnet-versions.ps1" -MajorVersion "9" + if (-not [string]::IsNullOrEmpty($version)) { + & "./LambdaRuntimeDockerfiles/update-dockerfile.ps1" -DockerfilePath "${{ env.DOCKERFILE_PATH }}" -NextVersion $version + } else { + Write-Host "Skipping .NET 9 ARM64 update - No version detected" + } + + # Update .NET 10 AMD64 Dockerfile + - name: Update .NET 10 AMD64 + id: update-net10-amd64 + shell: pwsh + env: + DOCKERFILE_PATH: ${{ env.NET_10_AMD64_Dockerfile }} + run: | + $version = & "./LambdaRuntimeDockerfiles/get-latest-aspnet-versions.ps1" -MajorVersion "10" + if (-not [string]::IsNullOrEmpty($version)) { + & "./LambdaRuntimeDockerfiles/update-dockerfile.ps1" -DockerfilePath "${{ env.DOCKERFILE_PATH }}" -NextVersion $version + } else { + Write-Host "Skipping .NET 10 AMD64 update - No version detected" + } + + # Update .NET 10 ARM64 Dockerfile + - name: Update .NET 10 ARM64 + id: update-net10-arm64 + shell: pwsh + env: + DOCKERFILE_PATH: ${{ env.NET_10_ARM64_Dockerfile }} + run: | + $version = & "./LambdaRuntimeDockerfiles/get-latest-aspnet-versions.ps1" -MajorVersion "10" + if (-not [string]::IsNullOrEmpty($version)) { + & "./LambdaRuntimeDockerfiles/update-dockerfile.ps1" -DockerfilePath "${{ env.DOCKERFILE_PATH }}" -NextVersion $version + } else { + Write-Host "Skipping .NET 10 ARM64 update - No version detected" + } + + # Commit changes and create a branch + - name: Commit and Push + id: commit-push + shell: pwsh + run: | + # Check if there are any changes to commit + if (git status --porcelain) { + git config --global user.email "github-aws-sdk-dotnet-automation@amazon.com" + git config --global user.name "aws-sdk-dotnet-automation" + + # Generate timestamp for unique local branch name + $timestamp = Get-Date -Format "yyyyMMddHHmmss" + $localBranch = "chore/auto-update-Dockerfiles-daily-$timestamp" + $remoteBranch = "chore/auto-update-Dockerfiles-daily" + + # Always create a new unique local branch + git checkout -b $localBranch + + git add "**/*Dockerfile" + git commit -m "chore: Daily ASP.NET Core version update in Dockerfiles" + + # Push local branch to remote branch (force push to consistent remote branch name) + git push --force-with-lease origin "${localBranch}:${remoteBranch}" + + # Write the remote branch name to GITHUB_OUTPUT for use in the PR step + Add-Content -Path $env:GITHUB_OUTPUT -Value "BRANCH=$remoteBranch" + Add-Content -Path $env:GITHUB_OUTPUT -Value "CHANGES_MADE=true" + echo "Changes committed to local branch $localBranch and pushed to remote branch $remoteBranch" + } else { + echo "No changes detected in Dockerfiles, skipping PR creation" + } + + # Create a Pull Request + - name: Create Pull Request + id: pull-request + if: ${{ steps.commit-push.outputs.CHANGES_MADE == 'true' }} + uses: repo-sync/pull-request@v2 + with: + source_branch: ${{ steps.commit-push.outputs.BRANCH }} + destination_branch: "dev" + pr_title: 'chore: Daily ASP.NET Core version update in Dockerfiles' + pr_body: "This PR automatically updates the Dockerfiles to use the latest ASP.NET Core version. + + Verify that the Dockerfiles have correct versions and matching SHA512 checksums for ASP.NET Core runtime. + + All .NET versions: https://dotnet.microsoft.com/en-us/download/dotnet + + *Description of changes:* + \n${{ format + ( + '{0}\n{1}\n{2}\n{3}\n{4}\n{5}', + join(steps.update-net8-amd64.outputs.MESSAGE, '\n'), + join(steps.update-net8-arm64.outputs.MESSAGE, '\n'), + join(steps.update-net9-amd64.outputs.MESSAGE, '\n'), + join(steps.update-net9-arm64.outputs.MESSAGE, '\n'), + join(steps.update-net10-amd64.outputs.MESSAGE, '\n'), + join(steps.update-net10-arm64.outputs.MESSAGE, '\n') + ) + }}" + github_token: ${{ secrets.GITHUB_TOKEN }} + + # Add "Release Not Needed" label to the PR + - name: Add Release Not Needed label + if: ${{ steps.pull-request.outputs.pr_number }} + uses: actions/github-script@v6 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + github.rest.issues.addLabels({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: ${{ steps.pull-request.outputs.pr_number }}, + labels: ['Release Not Needed'] + }) diff --git a/.github/workflows/update-Dockerfiles.yml b/.github/workflows/update-Dockerfiles.yml index 9fbbd0690..87c1bd83c 100644 --- a/.github/workflows/update-Dockerfiles.yml +++ b/.github/workflows/update-Dockerfiles.yml @@ -1,5 +1,9 @@ name: Update Lambda Dockerfiles +permissions: + contents: write + pull-requests: write + on: # Allows to run this workflow manually from the Actions tab workflow_dispatch: @@ -8,12 +12,12 @@ on: description: ".NET 8 AMD64" type: boolean required: true - default: "true" + default: true NET_8_ARM64: description: ".NET 8 ARM64" type: boolean required: true - default: "true" + default: true NET_8_NEXT_VERSION: description: ".NET 8 Next Version" type: string @@ -22,12 +26,12 @@ on: description: ".NET 9 AMD64" type: boolean required: true - default: "true" + default: true NET_9_ARM64: description: ".NET 9 ARM64" type: boolean required: true - default: "true" + default: true NET_9_NEXT_VERSION: description: ".NET 9 Next Version" type: string @@ -36,12 +40,12 @@ on: description: ".NET 10 AMD64" type: boolean required: true - default: "true" + default: true NET_10_ARM64: description: ".NET 10 ARM64" type: boolean required: true - default: "true" + default: true NET_10_NEXT_VERSION: description: ".NET 10 Next Version" type: string @@ -165,4 +169,17 @@ jobs: ) }}" github_token: ${{ secrets.GITHUB_TOKEN }} - \ No newline at end of file + + # Add "Release Not Needed" label to the PR + - name: Add Release Not Needed label + if: ${{ steps.pull-request.outputs.pr_number }} + uses: actions/github-script@v6 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + github.rest.issues.addLabels({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: ${{ steps.pull-request.outputs.pr_number }}, + labels: ['Release Not Needed'] + }) diff --git a/LambdaRuntimeDockerfiles/get-latest-aspnet-versions.ps1 b/LambdaRuntimeDockerfiles/get-latest-aspnet-versions.ps1 new file mode 100644 index 000000000..fd2a889a7 --- /dev/null +++ b/LambdaRuntimeDockerfiles/get-latest-aspnet-versions.ps1 @@ -0,0 +1,135 @@ +# This script fetches the latest ASP.NET Core runtime version for a specified .NET major version +# It uses the NuGet API to query for Microsoft.AspNetCore.App.Runtime.linux-x64 package versions + +param( + [Parameter(Mandatory=$true)] + [string]$MajorVersion +) + +function Get-LatestAspNetVersion { + param ( + [string]$majorVersion + ) + + Write-Host "Fetching latest ASP.NET Core runtime version for .NET $majorVersion..." + + try { + # Use NuGet API to find latest version + $response = Invoke-RestMethod -Uri "https://api.nuget.org/v3-flatcontainer/microsoft.aspnetcore.app.runtime.linux-x64/index.json" + + # Filter versions matching the major version + $versions = @() + foreach ($ver in $response.versions) { + if ($ver -like "$majorVersion.*") { + $versions += $ver + } + } + + if ($versions.Count -eq 0) { + Write-Error "No versions found for .NET $majorVersion" + return $null + } + + # Separate release and preview versions + $releaseVersions = @() + $previewVersions = @() + + foreach ($ver in $versions) { + if ($ver -match '-preview') { + $previewVersions += $ver + } else { + $releaseVersions += $ver + } + } + + # If we have release versions, get the latest + if ($releaseVersions.Count -gt 0) { + $verObjects = @() + + foreach ($ver in $releaseVersions) { + try { + $verObj = New-Object PSObject + Add-Member -InputObject $verObj -MemberType NoteProperty -Name "OriginalVersion" -Value $ver + + # Convert to Version object for proper comparison + $versionObj = [Version]$ver + Add-Member -InputObject $verObj -MemberType NoteProperty -Name "Version" -Value $versionObj + + $verObjects += $verObj + } catch { + Write-Host "Warning: Could not parse version $ver, skipping." + } + } + + # Sort by version (descending) and get the first one + $sortedVersions = $verObjects | Sort-Object -Property Version -Descending + + if ($sortedVersions.Count -gt 0) { + $latestVersion = $sortedVersions[0].OriginalVersion + } else { + $latestVersion = $null + } + } + # Otherwise get the latest preview version + elseif ($previewVersions.Count -gt 0) { + # For preview versions like "10.0.0-preview.5.25277.114" + $previewObjs = @() + + foreach ($ver in $previewVersions) { + if ($ver -match '(\d+)\.(\d+)\.(\d+)-preview\.(\d+)') { + $major = [int]$matches[1] + $minor = [int]$matches[2] + $patch = [int]$matches[3] + $preview = [int]$matches[4] + + $previewObj = New-Object PSObject + Add-Member -InputObject $previewObj -MemberType NoteProperty -Name "OriginalVersion" -Value $ver + Add-Member -InputObject $previewObj -MemberType NoteProperty -Name "Major" -Value $major + Add-Member -InputObject $previewObj -MemberType NoteProperty -Name "Minor" -Value $minor + Add-Member -InputObject $previewObj -MemberType NoteProperty -Name "Patch" -Value $patch + Add-Member -InputObject $previewObj -MemberType NoteProperty -Name "Preview" -Value $preview + + $previewObjs += $previewObj + } + } + + # Sort by version components + $sortedPreviews = $previewObjs | Sort-Object -Property Major, Minor, Patch, Preview -Descending + + if ($sortedPreviews.Count -gt 0) { + $latestVersion = $sortedPreviews[0].OriginalVersion + } else { + # Fallback - just take the last one alphabetically + $latestVersion = ($previewVersions | Sort-Object)[-1] + } + } + else { + $latestVersion = $null + } + + if ($latestVersion) { + Write-Host "Latest ASP.NET Core runtime version for .NET $majorVersion is $latestVersion" + return $latestVersion + } else { + Write-Error "Could not determine latest version for .NET $majorVersion" + return $null + } + } + catch { + $errorMessage = "Error fetching versions for .NET $majorVersion " + $_ + Write-Error $errorMessage + return $null + } +} + +# Get latest version for the specified .NET major version +$version = Get-LatestAspNetVersion -majorVersion $MajorVersion + +# Verify we got a valid version +if (-not $version) { + Write-Error "Failed to determine .NET $MajorVersion version" + exit 1 +} + +# Output the version directly +Write-Output $version From 36d9cc35b41ffcd8b24a684bba9d0db8d157d491 Mon Sep 17 00:00:00 2001 From: Garrett Beatty Date: Tue, 23 Sep 2025 12:35:14 -0400 Subject: [PATCH 4/4] Add configuration for staging repo (#2141) (#2142) * add staging update bootstrap * update stack names * add comments * update naming * update naming convetion * update naming convetion --- .../src/Infrastructure/Configuration.cs | 7 ++- .../src/Infrastructure/PipelineStack.cs | 56 ++++++++++--------- .../src/Infrastructure/PipelinesStage.cs | 31 +++++++++- .../src/Infrastructure/Program.cs | 2 +- .../SelfMutatingPipelineStack.cs | 12 +++- bootstrap.ps1 | 15 ++++- 6 files changed, 92 insertions(+), 31 deletions(-) diff --git a/LambdaRuntimeDockerfiles/Infrastructure/src/Infrastructure/Configuration.cs b/LambdaRuntimeDockerfiles/Infrastructure/src/Infrastructure/Configuration.cs index 3a52fea23..4b38578e7 100644 --- a/LambdaRuntimeDockerfiles/Infrastructure/src/Infrastructure/Configuration.cs +++ b/LambdaRuntimeDockerfiles/Infrastructure/src/Infrastructure/Configuration.cs @@ -29,9 +29,14 @@ internal class Configuration public string GitHubOwner { get; } = Environment.GetEnvironmentVariable("AWS_LAMBDA_GITHUB_REPO_OWNER"); public string GitHubRepository { get; } = Environment.GetEnvironmentVariable("AWS_LAMBDA_GITHUB_REPO_NAME"); public string GitHubBranch { get; } = Environment.GetEnvironmentVariable("AWS_LAMBDA_GITHUB_REPO_BRANCH"); + + public string GitHubOwnerStaging { get; } = Environment.GetEnvironmentVariable("AWS_LAMBDA_GITHUB_REPO_OWNER_STAGING"); + public string GitHubRepositoryStaging { get; } = Environment.GetEnvironmentVariable("AWS_LAMBDA_GITHUB_REPO_NAME_STAGING"); + public string GitHubBranchStaging { get; } = Environment.GetEnvironmentVariable("AWS_LAMBDA_GITHUB_REPO_BRANCH_STAGING"); + public Ecrs Ecrs { get; } = new Ecrs(); public const string ProjectRoot = "LambdaRuntimeDockerfiles/Infrastructure/src/Infrastructure"; - public static readonly string ProjectName = "aws-lambda-container-images"; + public string ProjectName { get; } = "aws-lambda-container-images"; public readonly FrameworkConfiguration[] Frameworks = new[] { diff --git a/LambdaRuntimeDockerfiles/Infrastructure/src/Infrastructure/PipelineStack.cs b/LambdaRuntimeDockerfiles/Infrastructure/src/Infrastructure/PipelineStack.cs index e47cb40b5..101c0f113 100644 --- a/LambdaRuntimeDockerfiles/Infrastructure/src/Infrastructure/PipelineStack.cs +++ b/LambdaRuntimeDockerfiles/Infrastructure/src/Infrastructure/PipelineStack.cs @@ -34,6 +34,10 @@ internal PipelineStack( string id, Configuration configuration, FrameworkConfiguration frameworkConfiguration, + string gitHubOwner, + string gitHubRepository, + string gitHubBranch, + string pipelineName, IStackProps props = null) : base(scope, id, props) { var sourceArtifact = new Artifact_(); @@ -47,11 +51,11 @@ internal PipelineStack( var sourceAction = new GitHubSourceAction(new GitHubSourceActionProps { - ActionName = configuration.GitHubRepository, + ActionName = gitHubRepository, Output = sourceArtifact, - Owner = configuration.GitHubOwner, - Repo = configuration.GitHubRepository, - Branch = configuration.GitHubBranch, + Owner = gitHubOwner, + Repo = gitHubRepository, + Branch = gitHubBranch, Trigger = GitHubTrigger.WEBHOOK, OauthToken = SecretValue.SecretsManager(configuration.GitHubTokenSecretName, new SecretsManagerSecretOptions { @@ -62,7 +66,7 @@ internal PipelineStack( var pipeline = new Pipeline(this, "CodePipeline", new PipelineProps { PipelineType = PipelineType.V2, - PipelineName = $"{Configuration.ProjectName}-{frameworkConfiguration.Framework}", + PipelineName = pipelineName, RestartExecutionOnUpdate = true, Stages = [ @@ -91,9 +95,9 @@ internal PipelineStack( }, Source = Source.GitHub(new GitHubSourceProps { - Owner = configuration.GitHubOwner, - Repo = configuration.GitHubRepository, - BranchOrRef = configuration.GitHubBranch + Owner = gitHubOwner, + Repo = gitHubRepository, + BranchOrRef = gitHubBranch }), EnvironmentVariables = new Dictionary { @@ -130,9 +134,9 @@ internal PipelineStack( }, Source = Source.GitHub(new GitHubSourceProps { - Owner = configuration.GitHubOwner, - Repo = configuration.GitHubRepository, - BranchOrRef = configuration.GitHubBranch + Owner = gitHubOwner, + Repo = gitHubRepository, + BranchOrRef = gitHubBranch }), EnvironmentVariables = new Dictionary { @@ -174,9 +178,9 @@ internal PipelineStack( }, Source = Source.GitHub(new GitHubSourceProps { - Owner = configuration.GitHubOwner, - Repo = configuration.GitHubRepository, - BranchOrRef = configuration.GitHubBranch + Owner = gitHubOwner, + Repo = gitHubRepository, + BranchOrRef = gitHubBranch }), EnvironmentVariables = new Dictionary { @@ -224,9 +228,9 @@ internal PipelineStack( }, Source = Source.GitHub(new GitHubSourceProps { - Owner = configuration.GitHubOwner, - Repo = configuration.GitHubRepository, - BranchOrRef = configuration.GitHubBranch + Owner = gitHubOwner, + Repo = gitHubRepository, + BranchOrRef = gitHubBranch }), EnvironmentVariables = new Dictionary { @@ -338,9 +342,9 @@ internal PipelineStack( }, Source = Source.GitHub(new GitHubSourceProps { - Owner = configuration.GitHubOwner, - Repo = configuration.GitHubRepository, - BranchOrRef = configuration.GitHubBranch + Owner = gitHubOwner, + Repo = gitHubRepository, + BranchOrRef = gitHubBranch }), EnvironmentVariables = new Dictionary { @@ -387,9 +391,9 @@ internal PipelineStack( }, Source = Source.GitHub(new GitHubSourceProps { - Owner = configuration.GitHubOwner, - Repo = configuration.GitHubRepository, - BranchOrRef = configuration.GitHubBranch + Owner = gitHubOwner, + Repo = gitHubRepository, + BranchOrRef = gitHubBranch }), EnvironmentVariables = new Dictionary { @@ -447,9 +451,9 @@ internal PipelineStack( }, Source = Source.GitHub(new GitHubSourceProps { - Owner = configuration.GitHubOwner, - Repo = configuration.GitHubRepository, - BranchOrRef = configuration.GitHubBranch + Owner = gitHubOwner, + Repo = gitHubRepository, + BranchOrRef = gitHubBranch }), EnvironmentVariables = new Dictionary { diff --git a/LambdaRuntimeDockerfiles/Infrastructure/src/Infrastructure/PipelinesStage.cs b/LambdaRuntimeDockerfiles/Infrastructure/src/Infrastructure/PipelinesStage.cs index cd1e6e022..49a65b068 100644 --- a/LambdaRuntimeDockerfiles/Infrastructure/src/Infrastructure/PipelinesStage.cs +++ b/LambdaRuntimeDockerfiles/Infrastructure/src/Infrastructure/PipelinesStage.cs @@ -13,13 +13,42 @@ public PipelinesStage( string id, Configuration configuration, IStageProps props = null) : base(scope, id, props) + { + // Create pipelines for main repository + CreatePipelinesForRepository(configuration, + configuration.ProjectName, + configuration.GitHubOwner, + configuration.GitHubRepository, + configuration.GitHubBranch); + + // Create pipelines for staging repository + CreatePipelinesForRepository(configuration, + $"{configuration.ProjectName}-staging", + configuration.GitHubOwnerStaging, + configuration.GitHubRepositoryStaging, + configuration.GitHubBranchStaging); + } + + private void CreatePipelinesForRepository( + Configuration configuration, + string pipelinePrefix, + string gitHubOwner, + string gitHubRepository, + string gitHubBranch) { for (var i = 0; i < configuration.Frameworks.Length; i++) { + + var pipelineName = $"{pipelinePrefix}-{configuration.Frameworks[i].Framework}"; + new PipelineStack(this, - configuration.Frameworks[i].Framework, + $"{pipelinePrefix}-{configuration.Frameworks[i].Framework}", configuration, configuration.Frameworks[i], + gitHubOwner, + gitHubRepository, + gitHubBranch, + pipelineName, new StackProps { TerminationProtection = true, diff --git a/LambdaRuntimeDockerfiles/Infrastructure/src/Infrastructure/Program.cs b/LambdaRuntimeDockerfiles/Infrastructure/src/Infrastructure/Program.cs index ae63d3630..75fe97257 100644 --- a/LambdaRuntimeDockerfiles/Infrastructure/src/Infrastructure/Program.cs +++ b/LambdaRuntimeDockerfiles/Infrastructure/src/Infrastructure/Program.cs @@ -26,7 +26,7 @@ public static void Main(string[] args) new SelfMutatingPipelineStack( app, - Configuration.ProjectName, + configuration.ProjectName, configuration, new StackProps { diff --git a/LambdaRuntimeDockerfiles/Infrastructure/src/Infrastructure/SelfMutatingPipelineStack.cs b/LambdaRuntimeDockerfiles/Infrastructure/src/Infrastructure/SelfMutatingPipelineStack.cs index 2c30a006d..e3140244a 100644 --- a/LambdaRuntimeDockerfiles/Infrastructure/src/Infrastructure/SelfMutatingPipelineStack.cs +++ b/LambdaRuntimeDockerfiles/Infrastructure/src/Infrastructure/SelfMutatingPipelineStack.cs @@ -65,9 +65,19 @@ internal SelfMutatingPipelineStack( { "AWS_LAMBDA_DOTNET_FRAMEWORK_CHANNEL", new BuildEnvironmentVariable { Type = BuildEnvironmentVariableType.PLAINTEXT, Value = System.Environment.GetEnvironmentVariable("AWS_LAMBDA_DOTNET_FRAMEWORK_CHANNEL") ?? string.Empty } }, + { "AWS_LAMBDA_GITHUB_REPO_OWNER_STAGING", + new BuildEnvironmentVariable { Type = BuildEnvironmentVariableType.PLAINTEXT, Value = + System.Environment.GetEnvironmentVariable("AWS_LAMBDA_GITHUB_REPO_OWNER_STAGING") ?? string.Empty } }, + { "AWS_LAMBDA_GITHUB_REPO_NAME_STAGING", + new BuildEnvironmentVariable { Type = BuildEnvironmentVariableType.PLAINTEXT, Value = + System.Environment.GetEnvironmentVariable("AWS_LAMBDA_GITHUB_REPO_NAME_STAGING") ?? string.Empty } }, + { "AWS_LAMBDA_GITHUB_REPO_BRANCH_STAGING", + new BuildEnvironmentVariable { Type = BuildEnvironmentVariableType.PLAINTEXT, Value = + System.Environment.GetEnvironmentVariable("AWS_LAMBDA_GITHUB_REPO_BRANCH_STAGING") ?? string.Empty } }, }; // Self mutation + var pipeline = new CodePipeline(this, "SelfMutatingPipeline", new CodePipelineProps { PipelineName = id, @@ -114,6 +124,6 @@ internal SelfMutatingPipelineStack( }); // Add a stage in the pipeline to deploy the Lambda container pipelines - pipeline.AddStage(new PipelinesStage(this, Configuration.ProjectName, configuration)); + pipeline.AddStage(new PipelinesStage(this, configuration.ProjectName, configuration)); } } diff --git a/bootstrap.ps1 b/bootstrap.ps1 index 7cbeba9c1..d68182226 100644 --- a/bootstrap.ps1 +++ b/bootstrap.ps1 @@ -23,6 +23,15 @@ param ( [Parameter(Mandatory = $true, HelpMessage = "GitHub repository branch name.")] [string] $GitHubRepoBranch, + [Parameter(Mandatory = $true, HelpMessage = "GitHub staging repository owner name.")] + [string] $GitHubRepoOwnerStaging, + + [Parameter(Mandatory = $true, HelpMessage = "GitHub staging repository name.")] + [string] $GitHubRepoNameStaging, + + [Parameter(Mandatory = $true, HelpMessage = "GitHub staging repository branch name.")] + [string] $GitHubRepoBranchStaging, + [Parameter(Mandatory = $false, HelpMessage = "ECR URI to store Stage images.")] [string] $StageEcr, @@ -44,9 +53,13 @@ $env:AWS_LAMBDA_GITHUB_REPO_OWNER = $GitHubRepoOwner $env:AWS_LAMBDA_GITHUB_REPO_NAME = $GitHubRepoName $env:AWS_LAMBDA_GITHUB_REPO_BRANCH = $GitHubRepoBranch +$env:AWS_LAMBDA_GITHUB_REPO_OWNER_STAGING = $GitHubRepoOwnerStaging +$env:AWS_LAMBDA_GITHUB_REPO_NAME_STAGING = $GitHubRepoNameStaging +$env:AWS_LAMBDA_GITHUB_REPO_BRANCH_STAGING = $GitHubRepoBranchStaging + $env:AWS_LAMBDA_STAGE_ECR = $StageEcr $env:AWS_LAMBDA_BETA_ECRS = $BetaEcrs $env:AWS_LAMBDA_PROD_ECRS = $ProdEcrs npx cdk bootstrap --cloudformation-execution-policies arn:aws:iam::aws:policy/AdministratorAccess aws://$PipelineAccountId/$Region -npx cdk deploy --require-approval never --all \ No newline at end of file +npx cdk deploy --require-approval never --all