Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(collector): introduce new workflow to publish collector Lambda layer #1692

Open
wants to merge 9 commits into
base: main
Choose a base branch
from
Open

feat(collector): introduce new workflow to publish collector Lambda layer #1692

wants to merge 9 commits into from

Conversation

serkan-ozal
Copy link
Contributor

@serkan-ozal serkan-ozal commented Feb 4, 2025
edited
Loading

This PR introduces a new Github workflow (named Publish Collector Lambda layer) to allow users publishing their own custom Lambda collector layers from their own forks into their own (or any target) AWS accounts.

@serkan-ozal serkan-ozal requested a review from a team as a code owner February 4, 2025 18:21
@serkan-ozal serkan-ozal force-pushed the feat/collector/custom-build-and-release branch from ce74d1e to ff1c49c Compare February 4, 2025 18:24
@serkan-ozal serkan-ozal changed the title New workflow to build and publish collector Lambda layer from your own fork/branch into your own AWS account feat(collector): introduce new workflow to build and publish collector Lambda layer from your own fork/branch into your own AWS account Feb 4, 2025
pragmaticivan
pragmaticivan reviewed Feb 4, 2025
View reviewed changes
utils/aws-cloudformation/aws-cf-stack-for-layer-publish.yml
ClientIdList:
- "sts.amazonaws.com"
ThumbprintList:
- "ffffffffffffffffffffffffffffffffffffffff"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we consider using the latest published thumbprints here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is not necessary.

https://github.com/aws-actions/configure-aws-credentials?tab=readme-ov-file#configuring-iam-to-trust-github

Note that the thumbprint below has been set to all F's because the thumbprint is not used when authenticating token.actions.githubusercontent.com. This is a special case used only when GitHub's OIDC is authenticating to IAM. IAM uses its library of trusted CAs to authenticate. The value is still the API, so it must be specified.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nvm, this is new to me (used to break)

Note that the thumbprint below has been set to all F's because the thumbprint is not used when authenticating token.actions.githubusercontent.com. This is a special case used only when GitHub's OIDC is authenticating to IAM. IAM uses its library of trusted CAs to authenticate. The value is still the API, so it must be specified.

pragmaticivan
pragmaticivan approved these changes Feb 4, 2025
View reviewed changes
Copy link
Member

@pragmaticivan pragmaticivan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

https://media4.giphy.com/media/UmkNfWnDh8JYk/giphy.gif?cid=790b76119ab01c1921adda52bde0226354d453967c688b74&rid=giphy.gif&ct=g

tylerbenson
tylerbenson approved these changes Feb 4, 2025
View reviewed changes
Copy link
Member

@tylerbenson tylerbenson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good. Only other suggestion is to ask a doc person to review the readme change. It's complicated and could probably use some extra eyes.

.github/workflows/layer-publish.yml Show resolved Hide resolved
.github/workflows/publish-layer-collector.yml Show resolved Hide resolved
@tylerbenson tylerbenson added the go Pull requests that update Go code label Feb 4, 2025
@tylerbenson
Copy link
Member

(Added the go label so we remember to group this in the collector release notes.)

@pragmaticivan
Copy link
Member

Fix for the failing job here: #1693

svrnm
svrnm reviewed Feb 5, 2025
View reviewed changes
Copy link
Member

@svrnm svrnm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few suggestions wordwise, but I at least am able to follow the instructions just fine 👍

collector/README.md Show resolved Hide resolved
collector/README.md Outdated Show resolved Hide resolved
collector/README.md Show resolved Hide resolved
collector/README.md Outdated Show resolved Hide resolved
@serkan-ozal serkan-ozal changed the title feat(collector): introduce new workflow to build and publish collector Lambda layer from your own fork/branch into your own AWS account feat(collector): introduce new workflow to publish collector Lambda layer Feb 6, 2025
@serkan-ozal serkan-ozal force-pushed the feat/collector/custom-build-and-release branch from 96c97e2 to bd9b36b Compare February 7, 2025 08:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@svrnm svrnm svrnm left review comments

@pragmaticivan pragmaticivan pragmaticivan approved these changes

@tylerbenson tylerbenson tylerbenson approved these changes

Assignees
No one assigned
Labels
go Pull requests that update Go code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@serkan-ozal @tylerbenson @pragmaticivan @svrnm