aws-powertools · rubenfonseca · Oct 18, 2022 · Oct 17, 2022 · Oct 17, 2022 · Oct 17, 2022
@@ -82,6 +82,7 @@ jobs:
       stage: "BETA"
       artefact-name: "cdk-layer-artefact"
       environment: "layer-beta"
+      latest_published_version: ${{ inputs.latest_published_version }}
 
   # deploy-prod:
   #   needs:
@@ -92,6 +93,7 @@ jobs:
   #     stage: "PROD"
   #     artefact-name: "cdk-layer-artefact"
   #     environment: "layer-prod"
+  #     latest_published_version: ${{ inputs.latest_published_version }}
 
   deploy-sar-beta:
     needs: build-layer
@@ -104,7 +106,7 @@ jobs:
       package-version: ${{ needs.build-layer.outputs.release-tag-version }}
 
   deploy-sar-prod:
-    needs: deploy-sar-beta
+    needs: [build-layer, deploy-sar-beta]
     uses: ./.github/workflows/reusable_deploy_v2_sar.yml
     secrets: inherit
     with:

@@ -22,6 +22,10 @@ on:
         description: "GitHub Environment to use for encrypted secrets"
         required: true
         type: string
+      latest_published_version:
+        description: "Latest version that is published"
+        required: true
+        type: string
 
 jobs:
   deploy-cdk-stack:
@@ -97,6 +101,23 @@ jobs:
       - name: unzip artefact
         run: unzip cdk.out.zip
       - name: CDK Deploy Layer
-        run: cdk deploy --app cdk.out --context region=${{ matrix.region }} 'LayerV2Stack' --require-approval never --verbose
+        run: cdk deploy --app cdk.out --context region=${{ matrix.region }} 'LayerV2Stack' --require-approval never --verbose --outputs-file cdk-outputs.json
+      - name: Store latest Layer ARN
+        if: ${{ inputs.stage == 'PROD' }}
+        run: |
+          jq -c '.LayerV2Stack.VersionArn' cdk-outputs.json > cdk-layer-stack-${{ matrix.region }}-layer-version.txt
+          jq -c '.LayerV2Stack.Arm64VersionArn' cdk-outputs.json >> cdk-layer-stack-${{ matrix.region }}-layer-version.txt
       - name: CDK Deploy Canary
         run: cdk deploy --app cdk.out --context region=${{ matrix.region}} --parameters DeployStage="${{ inputs.stage }}" 'CanaryV2Stack' --require-approval never --verbose
+      - name: Save Layer ARN artifact
+        uses: actions/upload-artifacts@v3
+        with:
+          name: cdk-layer-stack
+          path: cdk-layer-stack*
+
+  publish_v2_layer_arn:
+    permissions:
+      contents: write
+    uses: ./.github/workflows/reusable_publish_v2_layer_arn.yml
+    with:
+      latest_published_version: ${{ inputs.latest_published_version }}
diff --git a/.github/workflows/reusable_publish_v2_layer_arn.yml b/.github/workflows/reusable_publish_v2_layer_arn.yml
@@ -0,0 +1,60 @@
+name: Publish V2 Layer ARN
+
+on:
+  workflow_call:
+    inputs:
+      latest_published_version:
+        description: "Latest PyPi published version to rebuild latest docs for, e.g. v2.0.0"
+        type: string
+        required: true
+
+permissions:
+  contents: write
+
+env:
+  BRANCH: v2
+
+jobs:
+  publish_v2_layer_arn:
+    # Force Github action to run only a single job at a time (based on the group name)
+    # This is to prevent race-condition and inconsistencies with changelog push
+    concurrency:
+      group: changelog-build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository # reusable workflows start clean, so we need to checkout again
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Git client setup and refresh tip
+        run: |
+          git config user.name "Release bot"
+          git config user.email "[email protected]"
+          git config pull.rebase true
+          git config remote.origin.url >&- || git remote add origin https://github.com/"${origin}" # Git Detached mode (release notes) doesn't have origin
+          git pull origin "${BRANCH}"
+      - name: Download CDK layer artifact
+        uses: actions/download-artifact@v3
+        with:
+          name: cdk-layer-stack
+          path: cdk-layer-stack
+      - name: Replace layer versions in documentation
+        run: ./layer/scripts/update_layer_arn.sh cdk-layer-stack
+      - name: Update documentation in trunk
+        run: |
+          HAS_CHANGE=$(git status --porcelain)
+          test -z "${HAS_CHANGE}" && echo "Nothing to update" && exit 0
+          git add CHANGELOG.md
+          git commit -m "chore: update v2 layer ARN on documentation"
+          git pull origin "${BRANCH}" # prevents concurrent branch update failing push
+          git push origin HEAD:refs/heads/"${BRANCH}"
+
+  release-docs:
+    needs: publish_v2_layer_arn
+    permissions:
+      contents: write
+      pages: write
+    uses: ./.github/workflows/reusable_publish_docs.yml
+    with:
+      version: ${{ inputs.latest_published_version }}
+      alias: alpha
@@ -40,7 +40,7 @@ repos:
       - id: cfn-python-lint
         files: examples/.*\.(yaml|yml)$
   - repo: https://github.com/rhysd/actionlint
-    rev: v1.6.16
+    rev: v1.6.21
     hooks:
       - id: actionlint-docker
         args: [-pyflakes=]