7676jobs :
7777 build-layer :
7878 permissions :
79- # lower privilege propagated from parent workflow (release.yml)
79+ # lower privilege propagated from parent workflow (release-v3 .yml)
8080 contents : read
8181 id-token : write
8282 pages : none
8585 strategy :
8686 max-parallel : 5
8787 matrix :
88- python-version : ["3.8","3.9"]
88+ python-version : ["3.8","3.9","3.10","3.11","3.12" ]
8989 defaults :
9090 run :
9191 working-directory : ./layer_v3
@@ -156,7 +156,7 @@ jobs:
156156
157157 beta :
158158 needs : build-layer
159- # lower privilege propagated from parent workflow (release.yml)
159+ # lower privilege propagated from parent workflow (release-v3 .yml)
160160 permissions :
161161 id-token : write
162162 contents : read
@@ -170,40 +170,40 @@ jobs:
170170 source_code_artifact_name : ${{ inputs.source_code_artifact_name }}
171171 source_code_integrity_hash : ${{ inputs.source_code_integrity_hash }}
172172
173- # UNCOMMENT prod JOB
174- # prod:
175- # needs: beta
176- # lower privilege propagated from parent workflow (release.yml)
177- # permissions:
178- # id-token: write
179- # contents: read
180- # pages: write # docs will be updated with latest Layer ARNs
181- # pull-requests: write # creation-action will create a PR with Layer ARN updates
182- # uses: ./.github/workflows/reusable_deploy_v3_layer_stack.yml
183- # secrets: inherit
184- # with:
185- # stage: "PROD"
186- # environment: "layer-prod"
187- # source_code_artifact_name: ${{ inputs.source_code_artifact_name }}
188- # source_code_integrity_hash: ${{ inputs.source_code_integrity_hash }}
189-
190- sar-beta :
191- needs : beta # canaries run on Layer Beta env
173+ prod :
174+ needs : beta
175+ # lower privilege propagated from parent workflow (release-v3.yml)
192176 permissions :
193- # lower privilege propagated from parent workflow (release.yml)
194177 id-token : write
195178 contents : read
196- pull-requests : none
197- pages : none
198- uses : ./.github/workflows/reusable_deploy_v3_sar .yml
179+ pages : write # docs will be updated with latest Layer ARNs
180+ pull-requests : write # creation-action will create a PR with Layer ARN updates
181+ uses : ./.github/workflows/reusable_deploy_v3_layer_stack .yml
199182 secrets : inherit
200183 with :
201- stage : " BETA"
202- environment : " layer-beta"
203- package-version : ${{ inputs.latest_published_version }}
184+ stage : " PROD"
185+ environment : " layer-prod"
204186 source_code_artifact_name : ${{ inputs.source_code_artifact_name }}
205187 source_code_integrity_hash : ${{ inputs.source_code_integrity_hash }}
206188
189+ # UNCOMMENT sar-beta JOB
190+ # sar-beta:
191+ # needs: beta # canaries run on Layer Beta env
192+ # permissions:
193+ # lower privilege propagated from parent workflow (release.yml)
194+ # id-token: write
195+ # contents: read
196+ # pull-requests: none
197+ # pages: none
198+ # uses: ./.github/workflows/reusable_deploy_v3_sar.yml
199+ # secrets: inherit
200+ # with:
201+ # stage: "BETA"
202+ # environment: "layer-beta"
203+ # package-version: ${{ inputs.latest_published_version }}
204+ # source_code_artifact_name: ${{ inputs.source_code_artifact_name }}
205+ # source_code_integrity_hash: ${{ inputs.source_code_integrity_hash }}
206+
207207 # UNCOMMENT sar-prod JOB
208208 # sar-prod:
209209 # needs: sar-beta
@@ -232,30 +232,30 @@ jobs:
232232 # where a new release creates a new doc (2.16.0) while layers are still pointing to 2.15
233233 # because the PR has to be merged while release process is running
234234
235- # UNCOMMENT update_v3_layer_arn_docs JOB
236- # update_v3_layer_arn_docs:
237- # needs: prod
238- # outputs:
239- # temp_branch: ${{ steps.create-pr.outputs.temp_branch }}
240- # runs-on: ubuntu-latest
241- # permissions:
235+ update_v3_layer_arn_docs :
236+ needs : prod
237+ outputs :
238+ temp_branch : ${{ steps.create-pr.outputs.temp_branch }}
239+ runs-on : ubuntu-latest
240+ permissions :
242241 # lower privilege propagated from parent workflow (release.yml)
243- # contents: write
244- # pull-requests: write
245- # id-token: none
246- # pages: none
247- # steps:
248- # - name: Checkout repository # reusable workflows start clean, so we need to checkout again
249- # uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
250- # with:
251- # ref: ${{ env.RELEASE_COMMIT }}
242+ contents : write
243+ pull-requests : write
244+ id-token : none
245+ pages : none
246+ steps :
247+ - name : Checkout repository # reusable workflows start clean, so we need to checkout again
248+ uses : actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
249+ with :
250+ ref : ${{ env.RELEASE_COMMIT }}
252251
253- # - name: Restore sealed source code
254- # uses: ./.github/actions/seal-restore
255- # with:
256- # integrity_hash: ${{ inputs.source_code_integrity_hash }}
257- # artifact_name: ${{ inputs.source_code_artifact_name }}
252+ - name : Restore sealed source code
253+ uses : ./.github/actions/seal-restore
254+ with :
255+ integrity_hash : ${{ inputs.source_code_integrity_hash }}
256+ artifact_name : ${{ inputs.source_code_artifact_name }}
258257
258+ # UNCOMMENT THIS
259259 # - name: Download CDK layer artifacts
260260 # uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
261261 # with:
@@ -265,53 +265,51 @@ jobs:
265265 # - name: Replace layer versions in documentation
266266 # run: |
267267 # ls -la cdk-layer-stack/
268- # ./layer /scripts/update_layer_arn.sh cdk-layer-stack
268+ # ./layer_v3 /scripts/update_layer_arn.sh cdk-layer-stack
269269 # NOTE: It felt unnecessary creating yet another PR to update changelog w/ latest tag
270270 # since this is the only step in the release where we update docs from a temp branch
271- # - name: Update changelog with latest tag
272- # run: make changelog
273- # - name: Create PR
274- # id: create-pr
275- # uses: ./.github/actions/create-pr
276- # with:
277- # files: "docs/index.md examples CHANGELOG.md"
278- # temp_branch_prefix: "ci-layer-docs"
279- # pull_request_title: "chore(ci): layer docs update"
280- # github_token: ${{ secrets.GITHUB_TOKEN }}
271+ - name : Update changelog with latest tag
272+ run : make changelog
273+ - name : Create PR
274+ id : create-pr
275+ uses : ./.github/actions/create-pr
276+ with :
277+ files : " docs/index.md examples CHANGELOG.md"
278+ temp_branch_prefix : " ci-layer-docs"
279+ pull_request_title : " chore(ci): layer docs update"
280+ github_token : ${{ secrets.GITHUB_TOKEN }}
281281
282- # UNCOMMENT prepare_docs_alias JOB
283- # prepare_docs_alias:
284- # runs-on: ubuntu-latest
285- # permissions:
286- # # lower privilege propagated from parent workflow (release.yml)
287- # contents: read
288- # pages: none
289- # id-token: none
290- # pull-requests: none
291- # outputs:
292- # DOCS_ALIAS: ${{ steps.set-alias.outputs.DOCS_ALIAS }}
293- # steps:
294- # - name: Set docs alias
295- # id: set-alias
296- # run: |
297- # DOCS_ALIAS=latest
298- # if [[ "${{ inputs.pre_release }}" == true ]] ; then
299- # DOCS_ALIAS=alpha
300- # fi
301- # echo DOCS_ALIAS="$DOCS_ALIAS" >> "$GITHUB_OUTPUT"
282+ prepare_docs_alias :
283+ runs-on : ubuntu-latest
284+ permissions :
285+ # lower privilege propagated from parent workflow (release.yml)
286+ contents : read
287+ pages : none
288+ id-token : none
289+ pull-requests : none
290+ outputs :
291+ DOCS_ALIAS : ${{ steps.set-alias.outputs.DOCS_ALIAS }}
292+ steps :
293+ - name : Set docs alias
294+ id : set-alias
295+ run : |
296+ DOCS_ALIAS=latest
297+ if [[ "${{ inputs.pre_release }}" == true ]] ; then
298+ DOCS_ALIAS=alpha
299+ fi
300+ echo DOCS_ALIAS="$DOCS_ALIAS" >> "$GITHUB_OUTPUT"
302301
303- # UNCOMMENT release_docs JOB
304- # release_docs:
305- # needs: [update_v3_layer_arn_docs, prepare_docs_alias]
306- # permissions:
307- # # lower privilege propagated from parent workflow (release.yml)
308- # contents: write
309- # pages: write
310- # pull-requests: none
311- # id-token: write
312- # secrets: inherit
313- # uses: ./.github/workflows/reusable_publish_docs.yml
314- # with:
315- # version: ${{ inputs.latest_published_version }}
316- # alias: ${{ needs.prepare_docs_alias.outputs.DOCS_ALIAS }}
317- # git_ref: ${{ needs.update_v3_layer_arn_docs.outputs.temp_branch }}
302+ release_docs :
303+ needs : [update_v3_layer_arn_docs, prepare_docs_alias]
304+ permissions :
305+ # lower privilege propagated from parent workflow (release.yml)
306+ contents : write
307+ pages : write
308+ pull-requests : none
309+ id-token : write
310+ secrets : inherit
311+ uses : ./.github/workflows/reusable_publish_docs.yml
312+ with :
313+ version : ${{ inputs.latest_published_version }}
314+ alias : ${{ needs.prepare_docs_alias.outputs.DOCS_ALIAS }}
315+ git_ref : ${{ needs.update_v3_layer_arn_docs.outputs.temp_branch }}
0 commit comments