From 12b8000a8a965c58e6284c1dca2d7c8b4b1052d7 Mon Sep 17 00:00:00 2001 From: Simon Thulbourn Date: Tue, 1 Jul 2025 07:54:03 +0000 Subject: [PATCH] chore(ci): Remove GovCloud specific workflows --- .github/workflows/layer_govcloud.yml | 221 ------------------ .../workflows/layer_govcloud_python313.yml | 209 ----------------- .github/workflows/layer_govcloud_verify.yml | 111 --------- 3 files changed, 541 deletions(-) delete mode 100644 .github/workflows/layer_govcloud.yml delete mode 100644 .github/workflows/layer_govcloud_python313.yml delete mode 100644 .github/workflows/layer_govcloud_verify.yml diff --git a/.github/workflows/layer_govcloud.yml b/.github/workflows/layer_govcloud.yml deleted file mode 100644 index a136d1fa670..00000000000 --- a/.github/workflows/layer_govcloud.yml +++ /dev/null @@ -1,221 +0,0 @@ -name: Layer Deployment (GovCloud) - -# GovCloud Layer Publish -# --- -# This workflow publishes a specific layer version in an AWS account based on the environment input. -# -# Using a matrix, we pull each architecture and python version of the layer and store them as artifacts -# we upload them to each of the GovCloud AWS accounts. -# -# A number of safety checks are performed to ensure safety. - -on: - workflow_dispatch: - inputs: - environment: - description: Deployment environment - type: choice - options: - - Gamma - - Prod - required: true - version: - description: Layer version to duplicate - type: string - required: true - workflow_call: - inputs: - environment: - description: Deployment environment - type: string - required: true - version: - description: Layer version to duplicate - type: string - required: true - -run-name: Layer Deployment (GovCloud) - ${{ inputs.environment }} - -permissions: - contents: read - -jobs: - download: - runs-on: ubuntu-latest - permissions: - id-token: write - contents: read - strategy: - matrix: - layer: - - AWSLambdaPowertoolsPythonV3-python39 - - AWSLambdaPowertoolsPythonV3-python310 - - AWSLambdaPowertoolsPythonV3-python311 - - AWSLambdaPowertoolsPythonV3-python312 - - AWSLambdaPowertoolsPythonV3-python313 - arch: - - arm64 - - x86_64 - environment: Prod (Readonly) - steps: - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 - with: - role-to-assume: ${{ secrets.AWS_IAM_ROLE }} - aws-region: us-east-1 - mask-aws-account-id: true - - name: Grab Zip - run: | - aws --region us-east-1 lambda get-layer-version-by-arn --arn arn:aws:lambda:us-east-1:017000801446:layer:${{ matrix.layer }}-${{ matrix.arch }}:${{ inputs.version }} --query 'Content.Location' | xargs curl -L -o ${{ matrix.layer }}_${{ matrix.arch }}.zip - aws --region us-east-1 lambda get-layer-version-by-arn --arn arn:aws:lambda:us-east-1:017000801446:layer:${{ matrix.layer }}-${{ matrix.arch }}:${{ inputs.version }} > ${{ matrix.layer }}_${{ matrix.arch }}.json - - name: Store Zip - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: ${{ matrix.layer }}_${{ matrix.arch }}.zip - path: ${{ matrix.layer }}_${{ matrix.arch }}.zip - retention-days: 1 - if-no-files-found: error - - name: Store Metadata - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: ${{ matrix.layer }}_${{ matrix.arch }}.json - path: ${{ matrix.layer }}_${{ matrix.arch }}.json - retention-days: 1 - if-no-files-found: error - - copy_east: - name: Copy (East) - needs: download - runs-on: ubuntu-latest - permissions: - id-token: write - contents: read - strategy: - matrix: - layer: - - AWSLambdaPowertoolsPythonV3-python39 - - AWSLambdaPowertoolsPythonV3-python310 - - AWSLambdaPowertoolsPythonV3-python311 - - AWSLambdaPowertoolsPythonV3-python312 - - AWSLambdaPowertoolsPythonV3-python313 - arch: - - arm64 - - x86_64 - environment: GovCloud ${{ inputs.environment }} (East) - steps: - - name: Download Zip - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 - with: - name: ${{ matrix.layer }}_${{ matrix.arch }}.zip - - name: Download Metadata - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 - with: - name: ${{ matrix.layer }}_${{ matrix.arch }}.json - - name: Verify Layer Signature - run: | - SHA=$(jq -r '.Content.CodeSha256' '${{ matrix.layer }}_${{ matrix.arch }}.json') - test "$(openssl dgst -sha256 -binary ${{ matrix.layer }}_${{ matrix.arch }}.zip | openssl enc -base64)" == "$SHA" && echo "SHA OK: ${SHA}" || exit 1 - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 - with: - role-to-assume: ${{ secrets.AWS_IAM_ROLE }} - aws-region: us-gov-east-1 - mask-aws-account-id: true - - name: Create Layer - id: create-layer - run: | - LAYER_VERSION=$(aws --region us-gov-east-1 lambda publish-layer-version \ - --layer-name ${{ matrix.layer }}-${{ matrix.arch }} \ - --zip-file fileb://./${{ matrix.layer }}_${{ matrix.arch }}.zip \ - --compatible-runtimes "$(jq -r '.CompatibleRuntimes[0]' '${{ matrix.layer }}_${{ matrix.arch }}.json')" \ - --compatible-architectures "$(jq -r '.CompatibleArchitectures[0]' '${{ matrix.layer }}_${{ matrix.arch }}.json')" \ - --license-info "MIT-0" \ - --description "$(jq -r '.Description' '${{ matrix.layer }}_${{ matrix.arch }}.json')" \ - --query 'Version' \ - --output text) - - echo "LAYER_VERSION=$LAYER_VERSION" >> "$GITHUB_OUTPUT" - - aws --region us-gov-east-1 lambda add-layer-version-permission \ - --layer-name '${{ matrix.layer }}-${{ matrix.arch }}' \ - --statement-id 'PublicLayer' \ - --action lambda:GetLayerVersion \ - --principal '*' \ - --version-number "$LAYER_VERSION" - - name: Verify Layer - env: - LAYER_VERSION: ${{ steps.create-layer.outputs.LAYER_VERSION }} - run: | - REMOTE_SHA=$(aws --region us-gov-east-1 lambda get-layer-version-by-arn --arn 'arn:aws-us-gov:lambda:us-gov-east-1:${{ secrets.AWS_ACCOUNT_ID }}:layer:${{ matrix.layer }}-${{ matrix.arch }}:${{ env.LAYER_VERSION }}' --query 'Content.CodeSha256' --output text) - SHA=$(jq -r '.Content.CodeSha256' '${{ matrix.layer }}_${{ matrix.arch }}.json') - test "$REMOTE_SHA" == "$SHA" && echo "SHA OK: ${SHA}" || exit 1 - aws --region us-gov-east-1 lambda get-layer-version-by-arn --arn 'arn:aws-us-gov:lambda:us-gov-east-1:${{ secrets.AWS_ACCOUNT_ID }}:layer:${{ matrix.layer }}-${{ matrix.arch }}:${{ env.LAYER_VERSION }}' --output table - - copy_west: - name: Copy (West) - needs: download - runs-on: ubuntu-latest - permissions: - id-token: write - contents: read - strategy: - matrix: - layer: - - AWSLambdaPowertoolsPythonV3-python39 - - AWSLambdaPowertoolsPythonV3-python310 - - AWSLambdaPowertoolsPythonV3-python311 - - AWSLambdaPowertoolsPythonV3-python312 - - AWSLambdaPowertoolsPythonV3-python313 - arch: - - arm64 - - x86_64 - environment: - name: GovCloud ${{ inputs.environment }} (West) - steps: - - name: Download Zip - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 - with: - name: ${{ matrix.layer }}_${{ matrix.arch }}.zip - - name: Download Metadata - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 - with: - name: ${{ matrix.layer }}_${{ matrix.arch }}.json - - name: Verify Layer Signature - run: | - SHA=$(jq -r '.Content.CodeSha256' '${{ matrix.layer }}_${{ matrix.arch }}.json') - test "$(openssl dgst -sha256 -binary ${{ matrix.layer }}_${{ matrix.arch }}.zip | openssl enc -base64)" == "$SHA" && echo "SHA OK: ${SHA}" || exit 1 - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 - with: - role-to-assume: ${{ secrets.AWS_IAM_ROLE }} - aws-region: us-gov-west-1 - mask-aws-account-id: true - - name: Create Layer - id: create-layer - run: | - LAYER_VERSION=$(aws --region us-gov-west-1 lambda publish-layer-version \ - --layer-name ${{ matrix.layer }}-${{ matrix.arch }} \ - --zip-file fileb://./${{ matrix.layer }}_${{ matrix.arch }}.zip \ - --compatible-runtimes "$(jq -r '.CompatibleRuntimes[0]' '${{ matrix.layer }}_${{ matrix.arch }}.json')" \ - --compatible-architectures "$(jq -r '.CompatibleArchitectures[0]' '${{ matrix.layer }}_${{ matrix.arch }}.json')" \ - --license-info "MIT-0" \ - --description "$(jq -r '.Description' '${{ matrix.layer }}_${{ matrix.arch }}.json')" \ - --query 'Version' \ - --output text) - - echo "LAYER_VERSION=$LAYER_VERSION" >> "$GITHUB_OUTPUT" - - aws --region us-gov-west-1 lambda add-layer-version-permission \ - --layer-name '${{ matrix.layer }}-${{ matrix.arch }}' \ - --statement-id 'PublicLayer' \ - --action lambda:GetLayerVersion \ - --principal '*' \ - --version-number "$LAYER_VERSION" - - name: Verify Layer - env: - LAYER_VERSION: ${{ steps.create-layer.outputs.LAYER_VERSION }} - run: | - REMOTE_SHA=$(aws --region us-gov-west-1 lambda get-layer-version-by-arn --arn 'arn:aws-us-gov:lambda:us-gov-west-1:${{ secrets.AWS_ACCOUNT_ID }}:layer:${{ matrix.layer }}-${{ matrix.arch }}:${{ env.LAYER_VERSION }}' --query 'Content.CodeSha256' --output text) - SHA=$(jq -r '.Content.CodeSha256' '${{ matrix.layer }}_${{ matrix.arch }}.json') - test "$REMOTE_SHA" == "$SHA" && echo "SHA OK: ${SHA}" || exit 1 - aws --region us-gov-west-1 lambda get-layer-version-by-arn --arn 'arn:aws-us-gov:lambda:us-gov-west-1:${{ secrets.AWS_ACCOUNT_ID }}:layer:${{ matrix.layer }}-${{ matrix.arch }}:${{ env.LAYER_VERSION }}' --output table diff --git a/.github/workflows/layer_govcloud_python313.yml b/.github/workflows/layer_govcloud_python313.yml deleted file mode 100644 index b889e258ca4..00000000000 --- a/.github/workflows/layer_govcloud_python313.yml +++ /dev/null @@ -1,209 +0,0 @@ -name: Layer Deployment (GovCloud) - Temporary for Python 3.13 - -# GovCloud Layer Publish -# --- -# This workflow publishes a specific layer version in an AWS account based on the environment input. -# -# Using a matrix, we pull each architecture and python version of the layer and store them as artifacts -# we upload them to each of the GovCloud AWS accounts. -# -# A number of safety checks are performed to ensure safety. - -on: - workflow_dispatch: - inputs: - environment: - description: Deployment environment - type: choice - options: - - Gamma - - Prod - required: true - version: - description: Layer version to duplicate - type: string - required: true - workflow_call: - inputs: - environment: - description: Deployment environment - type: string - required: true - version: - description: Layer version to duplicate - type: string - required: true - -run-name: Layer Deployment (GovCloud) - ${{ inputs.environment }} - -permissions: - contents: read - -jobs: - download: - runs-on: ubuntu-latest - permissions: - id-token: write - contents: read - strategy: - matrix: - layer: - - AWSLambdaPowertoolsPythonV3-python313 - arch: - - arm64 - - x86_64 - environment: Prod (Readonly) - steps: - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 - with: - role-to-assume: ${{ secrets.AWS_IAM_ROLE }} - aws-region: us-east-1 - mask-aws-account-id: true - - name: Grab Zip - run: | - aws --region us-east-1 lambda get-layer-version-by-arn --arn arn:aws:lambda:us-east-1:017000801446:layer:${{ matrix.layer }}-${{ matrix.arch }}:${{ inputs.version }} --query 'Content.Location' | xargs curl -L -o ${{ matrix.layer }}_${{ matrix.arch }}.zip - aws --region us-east-1 lambda get-layer-version-by-arn --arn arn:aws:lambda:us-east-1:017000801446:layer:${{ matrix.layer }}-${{ matrix.arch }}:${{ inputs.version }} > ${{ matrix.layer }}_${{ matrix.arch }}.json - - name: Store Zip - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: ${{ matrix.layer }}_${{ matrix.arch }}.zip - path: ${{ matrix.layer }}_${{ matrix.arch }}.zip - retention-days: 1 - if-no-files-found: error - - name: Store Metadata - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: ${{ matrix.layer }}_${{ matrix.arch }}.json - path: ${{ matrix.layer }}_${{ matrix.arch }}.json - retention-days: 1 - if-no-files-found: error - - copy_east: - name: Copy (East) - needs: download - runs-on: ubuntu-latest - permissions: - id-token: write - contents: read - strategy: - matrix: - layer: - - AWSLambdaPowertoolsPythonV3-python313 - arch: - - arm64 - - x86_64 - environment: GovCloud ${{ inputs.environment }} (East) - steps: - - name: Download Zip - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 - with: - name: ${{ matrix.layer }}_${{ matrix.arch }}.zip - - name: Download Metadata - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 - with: - name: ${{ matrix.layer }}_${{ matrix.arch }}.json - - name: Verify Layer Signature - run: | - SHA=$(jq -r '.Content.CodeSha256' '${{ matrix.layer }}_${{ matrix.arch }}.json') - test "$(openssl dgst -sha256 -binary ${{ matrix.layer }}_${{ matrix.arch }}.zip | openssl enc -base64)" == "$SHA" && echo "SHA OK: ${SHA}" || exit 1 - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 - with: - role-to-assume: ${{ secrets.AWS_IAM_ROLE }} - aws-region: us-gov-east-1 - mask-aws-account-id: true - - name: Create Layer - id: create-layer - run: | - LAYER_VERSION=$(aws --region us-gov-east-1 lambda publish-layer-version \ - --layer-name ${{ matrix.layer }}-${{ matrix.arch }} \ - --zip-file fileb://./${{ matrix.layer }}_${{ matrix.arch }}.zip \ - --compatible-runtimes "$(jq -r '.CompatibleRuntimes[0]' '${{ matrix.layer }}_${{ matrix.arch }}.json')" \ - --compatible-architectures "$(jq -r '.CompatibleArchitectures[0]' '${{ matrix.layer }}_${{ matrix.arch }}.json')" \ - --license-info "MIT-0" \ - --description "$(jq -r '.Description' '${{ matrix.layer }}_${{ matrix.arch }}.json')" \ - --query 'Version' \ - --output text) - - echo "LAYER_VERSION=$LAYER_VERSION" >> "$GITHUB_OUTPUT" - - aws --region us-gov-east-1 lambda add-layer-version-permission \ - --layer-name '${{ matrix.layer }}-${{ matrix.arch }}' \ - --statement-id 'PublicLayer' \ - --action lambda:GetLayerVersion \ - --principal '*' \ - --version-number "$LAYER_VERSION" - - name: Verify Layer - env: - LAYER_VERSION: ${{ steps.create-layer.outputs.LAYER_VERSION }} - run: | - REMOTE_SHA=$(aws --region us-gov-east-1 lambda get-layer-version-by-arn --arn 'arn:aws-us-gov:lambda:us-gov-east-1:${{ secrets.AWS_ACCOUNT_ID }}:layer:${{ matrix.layer }}-${{ matrix.arch }}:${{ env.LAYER_VERSION }}' --query 'Content.CodeSha256' --output text) - SHA=$(jq -r '.Content.CodeSha256' '${{ matrix.layer }}_${{ matrix.arch }}.json') - test "$REMOTE_SHA" == "$SHA" && echo "SHA OK: ${SHA}" || exit 1 - aws --region us-gov-east-1 lambda get-layer-version-by-arn --arn 'arn:aws-us-gov:lambda:us-gov-east-1:${{ secrets.AWS_ACCOUNT_ID }}:layer:${{ matrix.layer }}-${{ matrix.arch }}:${{ env.LAYER_VERSION }}' --output table - - copy_west: - name: Copy (West) - needs: download - runs-on: ubuntu-latest - permissions: - id-token: write - contents: read - strategy: - matrix: - layer: - - AWSLambdaPowertoolsPythonV3-python313 - arch: - - arm64 - - x86_64 - environment: - name: GovCloud ${{ inputs.environment }} (West) - steps: - - name: Download Zip - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 - with: - name: ${{ matrix.layer }}_${{ matrix.arch }}.zip - - name: Download Metadata - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 - with: - name: ${{ matrix.layer }}_${{ matrix.arch }}.json - - name: Verify Layer Signature - run: | - SHA=$(jq -r '.Content.CodeSha256' '${{ matrix.layer }}_${{ matrix.arch }}.json') - test "$(openssl dgst -sha256 -binary ${{ matrix.layer }}_${{ matrix.arch }}.zip | openssl enc -base64)" == "$SHA" && echo "SHA OK: ${SHA}" || exit 1 - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 - with: - role-to-assume: ${{ secrets.AWS_IAM_ROLE }} - aws-region: us-gov-west-1 - mask-aws-account-id: true - - name: Create Layer - id: create-layer - run: | - LAYER_VERSION=$(aws --region us-gov-west-1 lambda publish-layer-version \ - --layer-name ${{ matrix.layer }}-${{ matrix.arch }} \ - --zip-file fileb://./${{ matrix.layer }}_${{ matrix.arch }}.zip \ - --compatible-runtimes "$(jq -r '.CompatibleRuntimes[0]' '${{ matrix.layer }}_${{ matrix.arch }}.json')" \ - --compatible-architectures "$(jq -r '.CompatibleArchitectures[0]' '${{ matrix.layer }}_${{ matrix.arch }}.json')" \ - --license-info "MIT-0" \ - --description "$(jq -r '.Description' '${{ matrix.layer }}_${{ matrix.arch }}.json')" \ - --query 'Version' \ - --output text) - - echo "LAYER_VERSION=$LAYER_VERSION" >> "$GITHUB_OUTPUT" - - aws --region us-gov-west-1 lambda add-layer-version-permission \ - --layer-name '${{ matrix.layer }}-${{ matrix.arch }}' \ - --statement-id 'PublicLayer' \ - --action lambda:GetLayerVersion \ - --principal '*' \ - --version-number "$LAYER_VERSION" - - name: Verify Layer - env: - LAYER_VERSION: ${{ steps.create-layer.outputs.LAYER_VERSION }} - run: | - REMOTE_SHA=$(aws --region us-gov-west-1 lambda get-layer-version-by-arn --arn 'arn:aws-us-gov:lambda:us-gov-west-1:${{ secrets.AWS_ACCOUNT_ID }}:layer:${{ matrix.layer }}-${{ matrix.arch }}:${{ env.LAYER_VERSION }}' --query 'Content.CodeSha256' --output text) - SHA=$(jq -r '.Content.CodeSha256' '${{ matrix.layer }}_${{ matrix.arch }}.json') - test "$REMOTE_SHA" == "$SHA" && echo "SHA OK: ${SHA}" || exit 1 - aws --region us-gov-west-1 lambda get-layer-version-by-arn --arn 'arn:aws-us-gov:lambda:us-gov-west-1:${{ secrets.AWS_ACCOUNT_ID }}:layer:${{ matrix.layer }}-${{ matrix.arch }}:${{ env.LAYER_VERSION }}' --output table diff --git a/.github/workflows/layer_govcloud_verify.yml b/.github/workflows/layer_govcloud_verify.yml deleted file mode 100644 index fe12fc1c111..00000000000 --- a/.github/workflows/layer_govcloud_verify.yml +++ /dev/null @@ -1,111 +0,0 @@ -# GovCloud Layer Verification -# --- -# This workflow queries the GovCloud layer info in production only - -on: - workflow_dispatch: - inputs: - version: - description: Layer version to verify information - type: string - required: true - workflow_call: - inputs: - version: - description: Layer version to verify information - type: string - required: true - -name: Layer Verification (GovCloud) -run-name: Layer Verification (GovCloud) - -jobs: - commercial: - runs-on: ubuntu-latest - permissions: - id-token: write - contents: read - strategy: - matrix: - layer: - - AWSLambdaPowertoolsPythonV3-python39 - - AWSLambdaPowertoolsPythonV3-python310 - - AWSLambdaPowertoolsPythonV3-python311 - - AWSLambdaPowertoolsPythonV3-python312 - - AWSLambdaPowertoolsPythonV3-python313 - arch: - - arm64 - - x86_64 - environment: Prod (Readonly) - steps: - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 - with: - role-to-assume: ${{ secrets.AWS_IAM_ROLE }} - aws-region: us-east-1 - mask-aws-account-id: true - - name: Output ${{ matrix.layer }}-${{ matrix.arch }} - run: | - aws --region us-east-1 lambda get-layer-version-by-arn --arn 'arn:aws:lambda:us-east-1:017000801446:layer:${{ matrix.layer }}-${{ matrix.arch }}:${{ inputs.version }}' | jq -r '{"Layer Version Arn": .LayerVersionArn, "Version": .Version, "Description": .Description, "Compatible Runtimes": .CompatibleRuntimes[0], "Compatible Architectures": .CompatibleArchitectures[0], "SHA": .Content.CodeSha256} | keys[] as $k | [$k, .[$k]] | @tsv' | column -t -s $'\t' - - gov_east: - name: Verify (East) - needs: commercial - runs-on: ubuntu-latest - permissions: - id-token: write - contents: read - strategy: - matrix: - layer: - - AWSLambdaPowertoolsPythonV3-python39 - - AWSLambdaPowertoolsPythonV3-python310 - - AWSLambdaPowertoolsPythonV3-python311 - - AWSLambdaPowertoolsPythonV3-python312 - - AWSLambdaPowertoolsPythonV3-python313 - arch: - - arm64 - - x86_64 - environment: GovCloud Prod (East) - steps: - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 - with: - role-to-assume: ${{ secrets.AWS_IAM_ROLE }} - aws-region: us-gov-east-1 - mask-aws-account-id: true - - name: Verify Layer ${{ matrix.layer }}-${{ matrix.arch }} - id: verify-layer - run: | - aws --region us-gov-east-1 lambda get-layer-version-by-arn --arn 'arn:aws-us-gov:lambda:us-gov-east-1:${{ secrets.AWS_ACCOUNT_ID }}:layer:${{ matrix.layer }}-${{ matrix.arch }}:${{ inputs.version }}' | jq -r '{"Layer Version Arn": .LayerVersionArn, "Version": .Version, "Description": .Description, "Compatible Runtimes": .CompatibleRuntimes[0], "Compatible Architectures": .CompatibleArchitectures[0], "SHA": .Content.CodeSha256} | keys[] as $k | [$k, .[$k]] | @tsv' | column -t -s $'\t' - - gov_west: - name: Verify (West) - needs: commercial - runs-on: ubuntu-latest - permissions: - id-token: write - contents: read - strategy: - matrix: - layer: - - AWSLambdaPowertoolsPythonV3-python39 - - AWSLambdaPowertoolsPythonV3-python310 - - AWSLambdaPowertoolsPythonV3-python311 - - AWSLambdaPowertoolsPythonV3-python312 - - AWSLambdaPowertoolsPythonV3-python313 - arch: - - arm64 - - x86_64 - environment: GovCloud Prod (West) - steps: - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1 - with: - role-to-assume: ${{ secrets.AWS_IAM_ROLE }} - aws-region: us-gov-east-1 - mask-aws-account-id: true - - name: Verify Layer ${{ matrix.layer }}-${{ matrix.arch }} - id: verify-layer - run: | - aws --region us-gov-west-1 lambda get-layer-version-by-arn --arn 'arn:aws-us-gov:lambda:us-gov-west-1:${{ secrets.AWS_ACCOUNT_ID }}:layer:${{ matrix.layer }}-${{ matrix.arch }}:${{ inputs.version }}' | jq -r '{"Layer Version Arn": .LayerVersionArn, "Version": .Version, "Description": .Description, "Compatible Runtimes": .CompatibleRuntimes[0], "Compatible Architectures": .CompatibleArchitectures[0], "SHA": .Content.CodeSha256} | keys[] as $k | [$k, .[$k]] | @tsv' | column -t -s $'\t'