-
Notifications
You must be signed in to change notification settings - Fork 128
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
78 changed files
with
2,096 additions
and
12,578 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
#!/usr/bin/env bash | ||
rm -rf tmp/nodejs | ||
mkdir -p tmp/nodejs | ||
cd tmp/nodejs | ||
npm init -y | ||
npm i \ | ||
@aws-lambda-powertools/logger@$VERSION \ | ||
@aws-lambda-powertools/metrics@$VERSION \ | ||
@aws-lambda-powertools/tracer@$VERSION | ||
rm -rf node_modules/@types \ | ||
package.json \ | ||
package-lock.json | ||
cd ../.. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
#!/bin/bash | ||
|
||
# This script is run during the reusable_update_v2_layer_arn_docs CI job, | ||
# and it is responsible for replacing the layer ARN in our documentation, | ||
# based on the output files generated by CDK when deploying to each pseudo_region. | ||
# | ||
# see .github/workflows/reusable_deploy_v2_layer_stack.yml | ||
|
||
set -eo pipefail | ||
|
||
if [[ $# -ne 1 ]]; then | ||
cat <<EOM | ||
Usage: $(basename $0) cdk-output-dir | ||
cdk-output-dir: directory containing the cdk output files generated when deploying the Layer | ||
EOM | ||
exit 1 | ||
fi | ||
|
||
CDK_OUTPUT_DIR=$1 | ||
|
||
# Check if CDK output dir is a directory | ||
if [ ! -d "$CDK_OUTPUT_DIR" ]; then | ||
echo "No $CDK_OUTPUT_DIR directory found, not replacing lambda layer versions" | ||
exit 1 | ||
fi | ||
|
||
# Process each file inside the directory | ||
files="$CDK_OUTPUT_DIR/*" | ||
for file in $files; do | ||
echo "[+] Processing: $file" | ||
|
||
# Process each line inside the file | ||
lines=$(cat "$file") | ||
for line in $lines; do | ||
echo -e "\t[*] ARN: $line" | ||
# line = arn:aws:lambda:us-east-1:094274105915:layer:AWSLambdaPowertoolsTypeScript:49 | ||
|
||
# From the full ARN, extract everything but the version at the end. This prefix | ||
# will later be used to find/replace the ARN on the documentation file. | ||
prefix=$(echo "$line" | cut -d ':' -f 1-7) | ||
# prefix = arn:aws:lambda:us-east-1:094274105915:layer:AWSLambdaPowertoolsTypeScript | ||
|
||
# Now replace the all "prefix"s in the file with the full new Layer ARN (line) | ||
# prefix:\d+ ==> line | ||
# sed doesn't support \d+ in a portable way, so we cheat with (:digit: :digit: *) | ||
sed -i -e "s/$prefix:[[:digit:]][[:digit:]]*/$line/g" docs/index.md | ||
|
||
# We use the eu-central-1 layer as the version for all the frameworks (SAM, CDK, SLS, etc) | ||
# We could have used any other region. What's important is the version at the end. | ||
|
||
# Examples of strings found in the documentation with pseudo regions: | ||
# arn:aws:lambda:{region}:094274105915:layer:AWSLambdaPowertoolsTypeScript:39 | ||
# arn:aws:lambda:${AWS::Region}:094274105915:layer:AWSLambdaPowertoolsTypeScript:39 | ||
# arn:aws:lambda:${aws:region}:094274105915:layer:AWSLambdaPowertoolsTypeScript:39 | ||
# arn:aws:lambda:{env.region}:094274105915:layer:AWSLambdaPowertoolsTypeScript:39 | ||
if [[ "$line" == *"eu-central-1"* ]]; then | ||
# These are all the framework pseudo parameters currently found in the docs | ||
for pseudo_region in '{region}' '${AWS::Region}' '${aws::region}' '{aws::region}' '{env.region}' '${cdk.Stack.of(this).region}' '${aws.getRegionOutput().name}'; do | ||
prefix_pseudo_region=$(echo "$prefix" | sed "s/eu-central-1/${pseudo_region}/") | ||
# prefix_pseudo_region = arn:aws:lambda:${AWS::Region}:094274105915:layer:AWSLambdaPowertoolsTypeScript | ||
|
||
line_pseudo_region=$(echo "$line" | sed "s/eu-central-1/${pseudo_region}/") | ||
# line_pseudo_region = arn:aws:lambda:${AWS::Region}:094274105915:layer:AWSLambdaPowertoolsTypeScript:49 | ||
|
||
# Replace all the "prefix_pseudo_region"'s in the file | ||
# prefix_pseudo_region:\d+ ==> line_pseudo_region | ||
sed -i -e "s/$prefix_pseudo_region:[[:digit:]][[:digit:]]*/$line_pseudo_region/g" docs/index.md | ||
done | ||
fi | ||
done | ||
done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
name: Lockdown untrusted workflows | ||
|
||
on: | ||
push: | ||
paths: | ||
- ".github/workflows/**" | ||
pull_request: | ||
paths: | ||
- ".github/workflows/**" | ||
|
||
jobs: | ||
enforce_pinned_workflows: | ||
name: Harden Security | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@v3 | ||
- name: Ensure 3rd party workflows have SHA pinned | ||
uses: zgosalvez/github-actions-ensure-sha-pinned-actions@b9ddf6a5153efe6fb94f071c8915175afdce60fa # v2.1.0 | ||
with: | ||
# Trusted GitHub Actions and/or organizations | ||
allowlist: | | ||
aws-actions/ | ||
actions/checkout | ||
actions/github-script | ||
actions/setup-node | ||
actions/setup-python | ||
actions/upload-artifact | ||
actions/download-artifact | ||
github/codeql-action/init | ||
github/codeql-action/analyze | ||
dependabot/fetch-metadata |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
name: Docs | ||
|
||
on: | ||
push: | ||
branches: | ||
- main | ||
paths: | ||
- "docs/**" | ||
- "mkdocs.yml" | ||
- "examples/**" | ||
|
||
jobs: | ||
release-docs: | ||
permissions: | ||
contents: write | ||
pages: write | ||
uses: ./.github/workflows/reusable-publish-docs.yml | ||
with: | ||
workflow_origin: ${{ github.event.repository.full_name }} | ||
version: dev | ||
alias: stage | ||
secrets: | ||
token: ${{ secrets.GITHUB_TOKEN }} |
Oops, something went wrong.