From 00af348bd5753cabd719f35c2c2b1f5f3e6f1942 Mon Sep 17 00:00:00 2001 From: Eric Zhang Date: Tue, 21 Oct 2025 16:48:18 -0700 Subject: [PATCH 1/2] Merge SDK and Lambda Releases (#461) *Issue #, if available:* *Description of changes:* We plan to consolidate our ADOT SDK and Lambda layer releases for future versions. This PR merges the Lambda release workflow into the main release workflow, and publishes the layer artifacts and ARN notes to the same Github release as the SDK. The release build workflow also now includes the SDK release notes with our upstream Otel dependency versions to eliminate the manual effort needed when updating release notes. By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice. --------- Co-authored-by: Thomas Pierce --- .github/workflows/release-build.yml | 291 +++++++++++++++++++++++++-- .github/workflows/release-lambda.yml | 239 ---------------------- 2 files changed, 276 insertions(+), 254 deletions(-) delete mode 100644 .github/workflows/release-lambda.yml diff --git a/.github/workflows/release-build.yml b/.github/workflows/release-build.yml index 6d818c0e7..209b6d5b1 100644 --- a/.github/workflows/release-build.yml +++ b/.github/workflows/release-build.yml @@ -5,6 +5,10 @@ on: version: description: The version to tag the release with, e.g., 1.2.0 required: true + aws_region: + description: 'Deploy lambda layer to aws regions' + required: true + default: 'us-east-1, us-east-2, us-west-1, us-west-2, ap-south-1, ap-northeast-3, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-northeast-1, ca-central-1, eu-central-1, eu-west-1, eu-west-2, eu-west-3, eu-north-1, sa-east-1, af-south-1, ap-east-1, ap-south-2, ap-southeast-3, ap-southeast-4, eu-central-2, eu-south-1, eu-south-2, il-central-1, me-central-1, me-south-1, ap-southeast-5, ap-southeast-7, mx-central-1, ca-west-1, cn-north-1, cn-northwest-1' env: AWS_DEFAULT_REGION: us-east-1 @@ -15,13 +19,16 @@ env: RELEASE_PRIVATE_REGISTRY: 020628701572.dkr.ecr.us-west-2.amazonaws.com PACKAGE_NAME: aws-opentelemetry-distro ARTIFACT_NAME: aws_opentelemetry_distro-${{ github.event.inputs.version }}-py3-none-any.whl + # Legacy list of commercial regions to deploy to. New regions should NOT be added here, and instead should be added to the `aws_region` default input to the workflow. + LEGACY_COMMERCIAL_REGIONS: us-east-1, us-east-2, us-west-1, us-west-2, ap-south-1, ap-northeast-3, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-northeast-1, ca-central-1, eu-central-1, eu-west-1, eu-west-2, eu-west-3, eu-north-1, sa-east-1 + LAYER_NAME: AWSOpenTelemetryDistroPython permissions: id-token: write contents: write jobs: - build: + build-sdk: environment: Release runs-on: ubuntu-latest steps: @@ -60,6 +67,54 @@ jobs: # release the artifacts. adot java for reference: # https://github.com/aws-observability/aws-otel-java-instrumentation/tree/93870a550ac30988fbdd5d3bf1e8f9f1b37916f5/smoke-tests + - name: Upload SDK artifact + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.2 + with: + name: ${{ env.ARTIFACT_NAME }} + path: dist/${{ env.ARTIFACT_NAME }} + + build-layer: + needs: build-sdk + runs-on: ubuntu-latest + outputs: + aws_regions_json: ${{ steps.set-matrix.outputs.aws_regions_json }} + steps: + - name: Set up regions matrix + id: set-matrix + run: | + IFS=',' read -ra REGIONS <<< "${{ github.event.inputs.aws_region }}" + MATRIX="[" + for region in "${REGIONS[@]}"; do + trimmed_region=$(echo "$region" | xargs) + MATRIX+="\"$trimmed_region\"," + done + MATRIX="${MATRIX%,}]" + echo ${MATRIX} + echo "aws_regions_json=${MATRIX}" >> $GITHUB_OUTPUT + - name: Checkout Repo @ SHA - ${{ github.sha }} + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 + - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c #v6.0.0 + with: + python-version: '3.x' + - name: Build layers + working-directory: lambda-layer/src + run: | + ./build-lambda-layer.sh + pip install tox + tox + - name: upload layer + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.2 + with: + name: layer.zip + path: lambda-layer/src/build/aws-opentelemetry-python-layer.zip + + publish-sdk: + needs: [build-sdk, build-layer] + runs-on: ubuntu-latest + steps: + - name: Checkout Repo @ SHA - ${{ github.sha }} + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 + - name: Configure AWS credentials for PyPI secrets uses: aws-actions/configure-aws-credentials@v4 with: @@ -102,12 +157,17 @@ jobs: - name: Install twine run: pip install twine + - name: Download SDK artifact + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 #v5.0.0 + with: + name: ${{ env.ARTIFACT_NAME }} + - name: Publish to TestPyPI env: TWINE_USERNAME: '__token__' TWINE_PASSWORD: ${{ env.TEST_PYPI_TOKEN_API_TOKEN }} run: | - twine upload --repository testpypi --skip-existing --verbose dist/${{ env.ARTIFACT_NAME }} + twine upload --repository testpypi --skip-existing --verbose ${{ env.ARTIFACT_NAME }} # Publish to prod PyPI - name: Publish to PyPI @@ -115,7 +175,7 @@ jobs: TWINE_USERNAME: '__token__' TWINE_PASSWORD: ${{ env.PROD_PYPI_TOKEN_API_TOKEN }} run: | - twine upload --skip-existing --verbose dist/${{ env.ARTIFACT_NAME }} + twine upload --skip-existing --verbose ${{ env.ARTIFACT_NAME }} # Publish to public ECR - name: Build and push public ECR image @@ -138,29 +198,230 @@ jobs: platforms: linux/amd64,linux/arm64 tags: | ${{ env.RELEASE_PRIVATE_REPOSITORY }}:v${{ github.event.inputs.version }} + + publish-layer-prod: + runs-on: ubuntu-latest + needs: [build-layer, publish-sdk] + strategy: + matrix: + aws_region: ${{ fromJson(needs.build-layer.outputs.aws_regions_json) }} + steps: + - name: role arn + env: + LEGACY_COMMERCIAL_REGIONS: ${{ env.LEGACY_COMMERCIAL_REGIONS }} + run: | + LEGACY_COMMERCIAL_REGIONS_ARRAY=(${LEGACY_COMMERCIAL_REGIONS//,/ }) + FOUND=false + for REGION in "${LEGACY_COMMERCIAL_REGIONS_ARRAY[@]}"; do + if [[ "$REGION" == "${{ matrix.aws_region }}" ]]; then + FOUND=true + break + fi + done + if [ "$FOUND" = true ]; then + echo "Found ${{ matrix.aws_region }} in LEGACY_COMMERCIAL_REGIONS" + SECRET_KEY="LAMBDA_LAYER_RELEASE" + else + echo "Not found ${{ matrix.aws_region }} in LEGACY_COMMERCIAL_REGIONS" + SECRET_KEY="${{ matrix.aws_region }}_LAMBDA_LAYER_RELEASE" + fi + SECRET_KEY=${SECRET_KEY//-/_} + echo "SECRET_KEY=${SECRET_KEY}" >> $GITHUB_ENV + - uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 #v5.0.0 + with: + role-to-assume: ${{ secrets[env.SECRET_KEY] }} + role-duration-seconds: 1200 + aws-region: ${{ matrix.aws_region }} + - name: Get s3 bucket name for release + run: | + echo BUCKET_NAME=python-lambda-layer-${{ github.run_id }}-${{ matrix.aws_region }} | tee --append $GITHUB_ENV + - name: download layer.zip + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 #v5.0.0 + with: + name: layer.zip + - name: publish + run: | + aws s3 mb s3://${{ env.BUCKET_NAME }} + aws s3 cp aws-opentelemetry-python-layer.zip s3://${{ env.BUCKET_NAME }} + layerARN=$( + aws lambda publish-layer-version \ + --layer-name ${{ env.LAYER_NAME }} \ + --content S3Bucket=${{ env.BUCKET_NAME }},S3Key=aws-opentelemetry-python-layer.zip \ + --compatible-runtimes python3.10 python3.11 python3.12 python3.13 \ + --compatible-architectures "arm64" "x86_64" \ + --license-info "Apache-2.0" \ + --description "AWS Distro of OpenTelemetry Lambda Layer for Python Runtime" \ + --query 'LayerVersionArn' \ + --output text + ) + echo $layerARN + echo "LAYER_ARN=${layerARN}" >> $GITHUB_ENV + mkdir ${{ env.LAYER_NAME }} + echo $layerARN > ${{ env.LAYER_NAME }}/${{ matrix.aws_region }} + cat ${{ env.LAYER_NAME }}/${{ matrix.aws_region }} + - name: public layer + run: | + layerVersion=$( + aws lambda list-layer-versions \ + --layer-name ${{ env.LAYER_NAME }} \ + --query 'max_by(LayerVersions, &Version).Version' + ) + aws lambda add-layer-version-permission \ + --layer-name ${{ env.LAYER_NAME }} \ + --version-number $layerVersion \ + --principal "*" \ + --statement-id publish \ + --action lambda:GetLayerVersion + - name: upload layer arn artifact + if: ${{ success() }} + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 #v4.6.2 + with: + name: ${{ env.LAYER_NAME }}-${{ matrix.aws_region }} + path: ${{ env.LAYER_NAME }}/${{ matrix.aws_region }} + - name: clean s3 + if: always() + run: | + aws s3 rb --force s3://${{ env.BUCKET_NAME }} + + generate-lambda-release-note: + runs-on: ubuntu-latest + needs: publish-layer-prod + outputs: + layer-note: ${{ steps.layer-note.outputs.layer-note }} + steps: + - name: Checkout Repo @ SHA - ${{ github.sha }} + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 + - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd #v3.1.2 + - name: download layerARNs + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 #v5.0.0 + with: + pattern: ${{ env.LAYER_NAME }}-* + path: ${{ env.LAYER_NAME }} + merge-multiple: true + - name: show layerARNs + run: | + for file in ${{ env.LAYER_NAME }}/* + do + echo $file + cat $file + done + - name: generate layer-note + id: layer-note + working-directory: ${{ env.LAYER_NAME }} + run: | + echo "| Region | Layer ARN |" >> ../layer-note + echo "| ---- | ---- |" >> ../layer-note + for file in * + do + read arn < $file + echo "| " $file " | " $arn " |" >> ../layer-note + done + cd .. + { + echo "layer-note<> $GITHUB_OUTPUT + cat layer-note + - name: generate tf layer + working-directory: ${{ env.LAYER_NAME }} + run: | + echo "locals {" >> ../layer_arns.tf + echo " sdk_layer_arns = {" >> ../layer_arns.tf + for file in * + do + read arn < $file + echo " \""$file"\" = \""$arn"\"" >> ../layer_arns.tf + done + cd .. + echo " }" >> layer_arns.tf + echo "}" >> layer_arns.tf + terraform fmt layer_arns.tf + cat layer_arns.tf + - name: generate layer ARN constants for CDK + working-directory: ${{ env.LAYER_NAME }} + run: | + echo "{" > ../layer_cdk + for file in *; do + read arn < "$file" + echo " \"$file\": \"$arn\"," >> ../layer_cdk + done + echo "}" >> ../layer_cdk + cat ../layer_cdk + + publish-github: + needs: generate-lambda-release-note + runs-on: ubuntu-latest + steps: + - name: Checkout Repo @ SHA - ${{ github.sha }} + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 + + - name: Download SDK artifact + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 #v5.0.0 + with: + name: ${{ env.ARTIFACT_NAME }} + + - name: Download layer.zip artifact + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 #v5.0.0 + with: + name: layer.zip - - name: Get SHA256 checksum of wheel file - id: get_sha256 + - name: Rename layer file run: | - shasum -a 256 dist/${{ env.ARTIFACT_NAME }} | sed "s|dist/||" > ${{ env.ARTIFACT_NAME }}.sha256 + cp aws-opentelemetry-python-layer.zip layer.zip # Publish to GitHub releases - name: Create GH release id: create_release env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - # Download layer.zip from existing latest tagged SDK release note - LATEST_SDK_VERSION=$(gh release list --repo "aws-observability/aws-otel-python-instrumentation" --json tagName,isLatest -q 'map(select(.isLatest==true)) | .[0].tagName') - mkdir -p layer_artifact - gh release download "$LATEST_SDK_VERSION" --repo "aws-observability/aws-otel-python-instrumentation" --pattern "layer.zip" --dir layer_artifact - shasum -a 256 layer_artifact/layer.zip > layer_artifact/layer.zip.sha256 + # Extract all dependencies from pyproject.toml + DEPS=$(python3 -c " + import re + with open('aws-opentelemetry-distro/pyproject.toml', 'r') as f: + content = f.read() + deps_match = re.search(r'dependencies\s*=\s*\[(.*?)\]', content, re.DOTALL) + if deps_match: + deps_content = deps_match.group(1) + dep_lines = re.findall(r'\"([^\"]+)\"', deps_content) + formatted_deps = [] + for dep_line in dep_lines: + if ' == ' in dep_line: + package, version = dep_line.split(' == ', 1) + formatted_deps.append(f'- \`{package}\` - {version}') + else: + formatted_deps.append(f'- \`{dep_line}\`') + print('\n'.join(formatted_deps)) + ") + + # Create release notes + cat > release_notes.md << EOF + This release contains the following upstream components: + + $DEPS + + This release also publishes to public ECR and PyPi. + * See ADOT Python auto-instrumentation Docker image v${{ github.event.inputs.version }} in our public ECR repository: + https://gallery.ecr.aws/aws-observability/adot-autoinstrumentation-python + * See version ${{ github.event.inputs.version }} in our PyPi repository: + https://pypi.org/project/aws-opentelemetry-distro/ + + This release also includes the AWS OpenTelemetry Lambda Layer for Python version ${{ github.event.inputs.version }}-$(echo $GITHUB_SHA | cut -c1-7). + + Lambda Layer ARNs: + ${{ needs.generate-lambda-release-note.outputs.layer-note }} + EOF + + shasum -a 256 ${{ env.ARTIFACT_NAME }} > ${{ env.ARTIFACT_NAME }}.sha256 + shasum -a 256 layer.zip > layer.zip.sha256 gh release create --target "$GITHUB_REF_NAME" \ --title "Release v${{ github.event.inputs.version }}" \ + --notes-file release_notes.md \ --draft \ "v${{ github.event.inputs.version }}" \ - dist/${{ env.ARTIFACT_NAME }} \ + ${{ env.ARTIFACT_NAME }} \ ${{ env.ARTIFACT_NAME }}.sha256 \ - layer_artifact/layer.zip \ - layer_artifact/layer.zip.sha256 + layer.zip \ + layer.zip.sha256 \ No newline at end of file diff --git a/.github/workflows/release-lambda.yml b/.github/workflows/release-lambda.yml deleted file mode 100644 index e887d1d1e..000000000 --- a/.github/workflows/release-lambda.yml +++ /dev/null @@ -1,239 +0,0 @@ -name: Release Lambda layer - -on: - workflow_dispatch: - inputs: - version: - description: The version to tag the lambda release with (should be the same as the ADOT SDK version, e.g., 0.8.0) - required: true - aws_region: - description: 'Deploy to aws regions' - required: true - default: 'us-east-1, us-east-2, us-west-1, us-west-2, ap-south-1, ap-northeast-3, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-northeast-1, ca-central-1, eu-central-1, eu-west-1, eu-west-2, eu-west-3, eu-north-1, sa-east-1, af-south-1, ap-east-1, ap-south-2, ap-southeast-3, ap-southeast-4, eu-central-2, eu-south-1, eu-south-2, il-central-1, me-central-1, me-south-1, ap-southeast-5, ap-southeast-7, mx-central-1, ca-west-1, cn-north-1, cn-northwest-1' - -env: - # Legacy list of commercial regions to deploy to. New regions should NOT be added here, and instead should be added to the `aws_region` default input to the workflow. - LEGACY_COMMERCIAL_REGIONS: us-east-1, us-east-2, us-west-1, us-west-2, ap-south-1, ap-northeast-3, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-northeast-1, ca-central-1, eu-central-1, eu-west-1, eu-west-2, eu-west-3, eu-north-1, sa-east-1 - LAYER_NAME: AWSOpenTelemetryDistroPython - -permissions: - id-token: write - contents: write - -jobs: - build-layer: - environment: Release - runs-on: ubuntu-latest - outputs: - aws_regions_json: ${{ steps.set-matrix.outputs.aws_regions_json }} - steps: - - name: Set up regions matrix - id: set-matrix - run: | - IFS=',' read -ra REGIONS <<< "${{ github.event.inputs.aws_region }}" - MATRIX="[" - for region in "${REGIONS[@]}"; do - trimmed_region=$(echo "$region" | xargs) - MATRIX+="\"$trimmed_region\"," - done - MATRIX="${MATRIX%,}]" - echo ${MATRIX} - echo "aws_regions_json=${MATRIX}" >> $GITHUB_OUTPUT - - name: Checkout Repo @ SHA - ${{ github.sha }} - uses: actions/checkout@v4 - - uses: actions/setup-python@v5 - with: - python-version: '3.x' - - name: Build layers - working-directory: lambda-layer/src - run: | - ./build-lambda-layer.sh - pip install tox - tox - - name: upload layer - uses: actions/upload-artifact@v4 - with: - name: layer.zip - path: lambda-layer/src/build/aws-opentelemetry-python-layer.zip - publish-prod: - runs-on: ubuntu-latest - needs: build-layer - strategy: - matrix: - aws_region: ${{ fromJson(needs.build-layer.outputs.aws_regions_json) }} - steps: - - name: role arn - env: - LEGACY_COMMERCIAL_REGIONS: ${{ env.LEGACY_COMMERCIAL_REGIONS }} - run: | - LEGACY_COMMERCIAL_REGIONS_ARRAY=(${LEGACY_COMMERCIAL_REGIONS//,/ }) - FOUND=false - for REGION in "${LEGACY_COMMERCIAL_REGIONS_ARRAY[@]}"; do - if [[ "$REGION" == "${{ matrix.aws_region }}" ]]; then - FOUND=true - break - fi - done - if [ "$FOUND" = true ]; then - echo "Found ${{ matrix.aws_region }} in LEGACY_COMMERCIAL_REGIONS" - SECRET_KEY="LAMBDA_LAYER_RELEASE" - else - echo "Not found ${{ matrix.aws_region }} in LEGACY_COMMERCIAL_REGIONS" - SECRET_KEY="${{ matrix.aws_region }}_LAMBDA_LAYER_RELEASE" - fi - SECRET_KEY=${SECRET_KEY//-/_} - echo "SECRET_KEY=${SECRET_KEY}" >> $GITHUB_ENV - - uses: aws-actions/configure-aws-credentials@v4.0.2 - with: - role-to-assume: ${{ secrets[env.SECRET_KEY] }} - role-duration-seconds: 1200 - aws-region: ${{ matrix.aws_region }} - - name: Get s3 bucket name for release - run: | - echo BUCKET_NAME=python-lambda-layer-${{ github.run_id }}-${{ matrix.aws_region }} | tee --append $GITHUB_ENV - - name: download layer.zip - uses: actions/download-artifact@v4 - with: - name: layer.zip - - name: publish - run: | - aws s3 mb s3://${{ env.BUCKET_NAME }} - aws s3 cp aws-opentelemetry-python-layer.zip s3://${{ env.BUCKET_NAME }} - layerARN=$( - aws lambda publish-layer-version \ - --layer-name ${{ env.LAYER_NAME }} \ - --content S3Bucket=${{ env.BUCKET_NAME }},S3Key=aws-opentelemetry-python-layer.zip \ - --compatible-runtimes python3.10 python3.11 python3.12 python3.13 \ - --compatible-architectures "arm64" "x86_64" \ - --license-info "Apache-2.0" \ - --description "AWS Distro of OpenTelemetry Lambda Layer for Python Runtime" \ - --query 'LayerVersionArn' \ - --output text - ) - echo $layerARN - echo "LAYER_ARN=${layerARN}" >> $GITHUB_ENV - mkdir ${{ env.LAYER_NAME }} - echo $layerARN > ${{ env.LAYER_NAME }}/${{ matrix.aws_region }} - cat ${{ env.LAYER_NAME }}/${{ matrix.aws_region }} - - name: public layer - run: | - layerVersion=$( - aws lambda list-layer-versions \ - --layer-name ${{ env.LAYER_NAME }} \ - --query 'max_by(LayerVersions, &Version).Version' - ) - aws lambda add-layer-version-permission \ - --layer-name ${{ env.LAYER_NAME }} \ - --version-number $layerVersion \ - --principal "*" \ - --statement-id publish \ - --action lambda:GetLayerVersion - - name: upload layer arn artifact - if: ${{ success() }} - uses: actions/upload-artifact@v4 - with: - name: ${{ env.LAYER_NAME }}-${{ matrix.aws_region }} - path: ${{ env.LAYER_NAME }}/${{ matrix.aws_region }} - - name: clean s3 - if: always() - run: | - aws s3 rb --force s3://${{ env.BUCKET_NAME }} - generate-release-note: - runs-on: ubuntu-latest - needs: publish-prod - steps: - - name: Checkout Repo @ SHA - ${{ github.sha }} - uses: actions/checkout@v4 - - uses: hashicorp/setup-terraform@v2 - - name: download layerARNs - uses: actions/download-artifact@v4 - with: - pattern: ${{ env.LAYER_NAME }}-* - path: ${{ env.LAYER_NAME }} - merge-multiple: true - - name: show layerARNs - run: | - for file in ${{ env.LAYER_NAME }}/* - do - echo $file - cat $file - done - - name: generate layer-note - working-directory: ${{ env.LAYER_NAME }} - run: | - echo "| Region | Layer ARN |" >> ../layer-note - echo "| ---- | ---- |" >> ../layer-note - for file in * - do - read arn < $file - echo "| " $file " | " $arn " |" >> ../layer-note - done - cat ../layer-note - - name: generate tf layer - working-directory: ${{ env.LAYER_NAME }} - run: | - echo "locals {" >> ../layer_arns.tf - echo " sdk_layer_arns = {" >> ../layer_arns.tf - for file in * - do - read arn < $file - echo " \""$file"\" = \""$arn"\"" >> ../layer_arns.tf - done - cd .. - echo " }" >> layer_arns.tf - echo "}" >> layer_arns.tf - terraform fmt layer_arns.tf - cat layer_arns.tf - - name: generate layer ARN constants for CDK - working-directory: ${{ env.LAYER_NAME }} - run: | - echo "{" > ../layer_cdk - for file in *; do - read arn < "$file" - echo " \"$file\": \"$arn\"," >> ../layer_cdk - done - echo "}" >> ../layer_cdk - cat ../layer_cdk - - name: download layer.zip - uses: actions/download-artifact@v4 - with: - name: layer.zip - - name: Rename layer file - run: | - cp aws-opentelemetry-python-layer.zip layer.zip - - name: Get commit hash - id: commit - run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT - - name: Create Release Notes - run: | - echo "AWS OpenTelemetry Lambda Layer for Python version ${{ github.event.inputs.version }}-${{ steps.commit.outputs.sha_short }}" > release_notes.md - echo "" >> release_notes.md - echo "" >> release_notes.md - echo "See new Lambda Layer ARNs:" >> release_notes.md - echo "" >> release_notes.md - cat layer-note >> release_notes.md - echo "" >> release_notes.md - echo "Notes:" >> release_notes.md - - name: Create GH release - id: create_release - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token - run: | - gh release create --target "$GITHUB_REF_NAME" \ - --title "Release lambda-v${{ github.event.inputs.version }}-${{ steps.commit.outputs.sha_short }}" \ - --notes-file release_notes.md \ - --draft \ - "lambda-v${{ github.event.inputs.version }}-${{ steps.commit.outputs.sha_short }}" \ - layer_arns.tf layer.zip - echo Removing release_notes.md ... - rm -f release_notes.md - - name: Upload layer.zip and SHA-256 checksum to SDK Release Notes (tagged with latest) - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - LATEST_SDK_VERSION=$(gh release list --repo "aws-observability/aws-otel-python-instrumentation" --json tagName,isLatest -q 'map(select(.isLatest==true)) | .[0].tagName') - # Generate SHA-256 checksum for layer.zip - shasum -a 256 layer.zip > layer.zip.sha256 - # Upload layer.zip and its checksum to the latest SDK release note - gh release upload "$LATEST_SDK_VERSION" layer.zip layer.zip.sha256 --repo "aws-observability/aws-otel-python-instrumentation" --clobber - echo "✅ layer.zip successfully uploaded to $LATEST_SDK_VERSION in the upstream repo!" From fec1e605e38e3c5157b4c183d87d10f3e1d4e9b4 Mon Sep 17 00:00:00 2001 From: Eric Zhang Date: Wed, 22 Oct 2025 12:14:03 -0700 Subject: [PATCH 2/2] Enhance Github release notes (#487) *Issue #, if available:* *Description of changes:* DO NOT MERGE until https://github.com/aws-observability/aws-otel-python-instrumentation/pull/461 has been merged. Add CHANGELOG entries to Github release notes and use headers to separate new changes, upstream components, release artifacts, and Lambda layer ARNs. Tested in my own repo: https://github.com/ezhang6811/release-workflow-test/actions/runs/18236310430/job/51930597871 Mock release created: https://github.com/ezhang6811/release-workflow-test/releases/tag/v2.0.1 By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice. --------- Co-authored-by: Thomas Pierce --- .github/workflows/release-build.yml | 69 +++++++++++++++++++---------- 1 file changed, 46 insertions(+), 23 deletions(-) diff --git a/.github/workflows/release-build.yml b/.github/workflows/release-build.yml index 209b6d5b1..5adb796cb 100644 --- a/.github/workflows/release-build.yml +++ b/.github/workflows/release-build.yml @@ -81,8 +81,10 @@ jobs: steps: - name: Set up regions matrix id: set-matrix + env: + AWS_REGIONS: ${{ github.event.inputs.aws_region }} run: | - IFS=',' read -ra REGIONS <<< "${{ github.event.inputs.aws_region }}" + IFS=',' read -ra REGIONS <<< "$AWS_REGIONS" MATRIX="[" for region in "${REGIONS[@]}"; do trimmed_region=$(echo "$region" | xargs) @@ -375,39 +377,60 @@ jobs: id: create_release env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + VERSION: ${{ github.event.inputs.version }} run: | # Extract all dependencies from pyproject.toml DEPS=$(python3 -c " - import re - with open('aws-opentelemetry-distro/pyproject.toml', 'r') as f: - content = f.read() - deps_match = re.search(r'dependencies\s*=\s*\[(.*?)\]', content, re.DOTALL) - if deps_match: - deps_content = deps_match.group(1) - dep_lines = re.findall(r'\"([^\"]+)\"', deps_content) - formatted_deps = [] - for dep_line in dep_lines: - if ' == ' in dep_line: - package, version = dep_line.split(' == ', 1) - formatted_deps.append(f'- \`{package}\` - {version}') - else: - formatted_deps.append(f'- \`{dep_line}\`') - print('\n'.join(formatted_deps)) + import re + with open('aws-opentelemetry-distro/pyproject.toml', 'r') as f: + content = f.read() + deps_match = re.search(r'dependencies\s*=\s*\[(.*?)\]', content, re.DOTALL) + if deps_match: + deps_content = deps_match.group(1) + dep_lines = re.findall(r'\"([^\"]+)\"', deps_content) + formatted_deps = [] + for dep_line in dep_lines: + if ' == ' in dep_line: + package, version = dep_line.split(' == ', 1) + formatted_deps.append(f'- \`{package}\` - {version}') + else: + formatted_deps.append(f'- \`{dep_line}\`') + print('\n'.join(formatted_deps)) + ") + + # Extract CHANGELOG entries for this version + CHANGELOG_ENTRIES=$(python3 -c " + import re, os + version = os.environ['VERSION'] + with open('CHANGELOG.md', 'r') as f: + content = f.read() + version_pattern = rf'## v{re.escape(version)}.*?\n(.*?)(?=\n## |\Z)' + version_match = re.search(version_pattern, content, re.DOTALL) + if version_match: + entries = version_match.group(1).strip() + if entries: + print(entries) ") # Create release notes cat > release_notes.md << EOF - This release contains the following upstream components: + $(if [ -n "$CHANGELOG_ENTRIES" ]; then echo "## What's Changed"; echo "$CHANGELOG_ENTRIES"; echo ""; fi) + + ## Upstream Components $DEPS - This release also publishes to public ECR and PyPi. - * See ADOT Python auto-instrumentation Docker image v${{ github.event.inputs.version }} in our public ECR repository: + ## Release Artifacts + + This release publishes to public ECR and PyPi. + * See ADOT Python auto-instrumentation Docker image v$VERSION in our public ECR repository: https://gallery.ecr.aws/aws-observability/adot-autoinstrumentation-python - * See version ${{ github.event.inputs.version }} in our PyPi repository: + * See version $VERSION in our PyPi repository: https://pypi.org/project/aws-opentelemetry-distro/ - This release also includes the AWS OpenTelemetry Lambda Layer for Python version ${{ github.event.inputs.version }}-$(echo $GITHUB_SHA | cut -c1-7). + ## Lambda Layer + + This release includes the AWS OpenTelemetry Lambda Layer for Python version $VERSION-$(echo $GITHUB_SHA | cut -c1-7). Lambda Layer ARNs: ${{ needs.generate-lambda-release-note.outputs.layer-note }} @@ -417,10 +440,10 @@ jobs: shasum -a 256 layer.zip > layer.zip.sha256 gh release create --target "$GITHUB_REF_NAME" \ - --title "Release v${{ github.event.inputs.version }}" \ + --title "Release v$VERSION" \ --notes-file release_notes.md \ --draft \ - "v${{ github.event.inputs.version }}" \ + "v$VERSION" \ ${{ env.ARTIFACT_NAME }} \ ${{ env.ARTIFACT_NAME }}.sha256 \ layer.zip \