Skip to content

Split monolithic pipeline into PR, Merge, and Release workflows #642

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
bnusunny merged 1 commit into from
Feb 18, 2026
Merged

Split monolithic pipeline into PR, Merge, and Release workflows #642

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
382 changes: 382 additions & 0 deletions .github/workflows/merge.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,382 @@
name: Merge

on:
push:
branches:
- main
paths-ignore:
- "docs/**"
- "examples/**"

permissions:
id-token: write
contents: read

env:
CARGO_TERM_COLOR: always
SAM_TEMPLATE_X86_64: template-x86_64.yaml
SAM_TEMPLATE_ARM64: template-arm64.yaml
GITHUB_RUNNER_ROLE: arn:aws:iam::621808641063:role/GitHubRunnerRole
BETA_STACK_NAME: lambda-adapter-beta
BETA_PIPELINE_EXECUTION_ROLE: arn:aws:iam::477159140107:role/aws-sam-cli-managed-beta-pip-PipelineExecutionRole-13NXRWTRTHDCJ
BETA_CLOUDFORMATION_EXECUTION_ROLE: arn:aws:iam::477159140107:role/aws-sam-cli-managed-beta-CloudFormationExecutionR-132I77VBFOWQ2
BETA_ARTIFACTS_BUCKET: aws-sam-cli-managed-beta-pipeline-artifactsbucket-889nlo0z1nt0
BETA_IMAGE_REPOSITORY: 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com/aws-sam-cli-managed-beta-pipeline-resources-imagerepository-0hbn3hxi9pcm
BETA_REGION: ap-northeast-1
RUST_BACKTRACE: full

jobs:
test:
runs-on: ubuntu-24.04
steps:
- name: Checkout sources
uses: actions/checkout@v4

- name: Configure Rust cache
uses: Swatinem/rust-cache@v2

- name: Install cargo-nextest
run: curl -LsSf https://get.nexte.st/latest/linux | tar zxf - -C ${CARGO_HOME:-~/.cargo}/bin

- name: linting
run: |
cargo fmt --all -- --check
cargo clippy -- -Dwarnings

- name: run unit and integration tests
run: cargo nextest run --profile ci

build:
needs: [test]
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4

- uses: actions/setup-python@v4
with:
python-version: "3.13"

- uses: aws-actions/setup-sam@v2
with:
use-installer: true
token: ${{ secrets.GITHUB_TOKEN }}

- name: Install stable toolchain
run: |
rustup target add x86_64-unknown-linux-musl
rustup target add aarch64-unknown-linux-musl

- name: Install cargo lambda
run: pip3 install cargo-lambda

- name: Configure Rust cache
uses: Swatinem/rust-cache@v2

- name: Add cargo pkg version to env vars
run: |
echo "CARGO_PKG_VERSION=$(cargo metadata --no-deps --format-version=1 | jq -r '.packages[0].version')" >> $GITHUB_ENV

- name: Build x86_64 Layer
run: sam build --template ${SAM_TEMPLATE_X86_64} --parameter-overrides CargoPkgVersion=${CARGO_PKG_VERSION} -b build-x86_64

- name: Tar files
run: tar -cvf build-x86_64.tar build-x86_64

- uses: actions/upload-artifact@v4
with:
name: aws-sam-build-x86_64
path: build-x86_64.tar

- name: Build arm64 Layer
run: sam build --template ${SAM_TEMPLATE_ARM64} --parameter-overrides CargoPkgVersion=${CARGO_PKG_VERSION} -b build-arm64

- name: Tar files
run: tar -cvf build-arm64.tar build-arm64

- uses: actions/upload-artifact@v4
with:
name: aws-sam-build-arm64
path: build-arm64.tar

package-beta:
needs: [build]
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v4
with:
python-version: "3.13"
- uses: aws-actions/setup-sam@v2
with:
use-installer: true
token: ${{ secrets.GITHUB_TOKEN }}

- name: Assume the github runner role
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ env.BETA_REGION }}
role-to-assume: ${{ env.GITHUB_RUNNER_ROLE }}

- name: Assume the beta pipeline user role
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ env.AWS_SESSION_TOKEN }}
role-skip-session-tagging: true
aws-region: ${{ env.BETA_REGION }}
role-to-assume: ${{ env.BETA_PIPELINE_EXECUTION_ROLE }}

- uses: actions/download-artifact@v4
with:
name: aws-sam-build-x86_64

- name: extract build_x86_64
run: |
tar -xvf build-x86_64.tar

- name: Upload x86_64 layer to beta artifact buckets
run: |
sam package \
--template build-x86_64/template.yaml \
--s3-bucket ${BETA_ARTIFACTS_BUCKET} \
--image-repository ${BETA_IMAGE_REPOSITORY} \
--region ${BETA_REGION} \
--output-template-file packaged-beta-x86_64.yaml

- uses: actions/upload-artifact@v4
with:
name: packaged-beta-x86_64.yaml
path: packaged-beta-x86_64.yaml

- uses: actions/download-artifact@v4
with:
name: aws-sam-build-arm64

- name: extract build_arm64
run: |
tar -xvf build-arm64.tar

- name: Upload arm64 layer to beta artifact buckets
run: |
sam package \
--template build-arm64/template.yaml \
--s3-bucket ${BETA_ARTIFACTS_BUCKET} \
--image-repository ${BETA_IMAGE_REPOSITORY} \
--region ${BETA_REGION} \
--output-template-file packaged-beta-arm64.yaml

- uses: actions/upload-artifact@v4
with:
name: packaged-beta-arm64.yaml
path: packaged-beta-arm64.yaml

- name: Create and push the x86_64 docker image to beta ecr repo
run: |
aws ecr get-login-password --region ap-northeast-1 | docker login --username AWS --password-stdin 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com
printf 'FROM scratch\nADD build-x86_64/LambdaAdapterLayerX86/extensions/. /\n' | docker build --provenance=false --platform=linux/amd64 -t 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com/awsguru/aws-lambda-adapter:latest-x86_64 -f- .
docker push 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com/awsguru/aws-lambda-adapter:latest-x86_64

- name: Create and push the arm64 docker image to beta ecr repo
run: |
printf 'FROM scratch\nADD build-arm64/LambdaAdapterLayerArm64/extensions/. /\n' | docker build --provenance=false --platform=linux/arm64 -t 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com/awsguru/aws-lambda-adapter:latest-aarch64 -f- .
docker push 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com/awsguru/aws-lambda-adapter:latest-aarch64

- name: create and push the multi-arch manifest to beta ecr repo
run: |
docker manifest create 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com/awsguru/aws-lambda-adapter:latest \
477159140107.dkr.ecr.ap-northeast-1.amazonaws.com/awsguru/aws-lambda-adapter:latest-x86_64 \
477159140107.dkr.ecr.ap-northeast-1.amazonaws.com/awsguru/aws-lambda-adapter:latest-aarch64
docker manifest push 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com/awsguru/aws-lambda-adapter:latest

deploy-beta:
needs: [package-beta]
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v4
with:
python-version: "3.13"
- uses: aws-actions/setup-sam@v2
with:
use-installer: true
token: ${{ secrets.GITHUB_TOKEN }}

- name: Assume the github runner role
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ env.BETA_REGION }}
role-to-assume: ${{ env.GITHUB_RUNNER_ROLE }}

- name: Assume the beta pipeline user role
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ env.AWS_SESSION_TOKEN }}
role-skip-session-tagging: true
aws-region: ${{ env.BETA_REGION }}
role-to-assume: ${{ env.BETA_PIPELINE_EXECUTION_ROLE }}

- name: Add cargo pkg version to env vars
run: |
echo "CARGO_PKG_VERSION=$(cargo metadata --no-deps --format-version=1 | jq -r '.packages[0].version')" >> $GITHUB_ENV

- uses: actions/download-artifact@v4
with:
name: packaged-beta-x86_64.yaml

- name: Deploy x86_64 layer to beta account
run: |
sam deploy --stack-name ${BETA_STACK_NAME}-x86 \
--template packaged-beta-x86_64.yaml \
--parameter-overrides CargoPkgVersion=${CARGO_PKG_VERSION} \
--capabilities CAPABILITY_IAM \
--region ${BETA_REGION} \
--s3-bucket ${BETA_ARTIFACTS_BUCKET} \
--image-repository ${BETA_IMAGE_REPOSITORY} \
--no-fail-on-empty-changeset \
--role-arn ${BETA_CLOUDFORMATION_EXECUTION_ROLE}

- uses: actions/download-artifact@v4
with:
name: packaged-beta-arm64.yaml

- name: Deploy arm64 layer to beta account
run: |
sam deploy --stack-name ${BETA_STACK_NAME}-arm64 \
--template packaged-beta-arm64.yaml \
--parameter-overrides CargoPkgVersion=${CARGO_PKG_VERSION} \
--capabilities CAPABILITY_IAM \
--region ${BETA_REGION} \
--s3-bucket ${BETA_ARTIFACTS_BUCKET} \
--image-repository ${BETA_IMAGE_REPOSITORY} \
--no-fail-on-empty-changeset \
--role-arn ${BETA_CLOUDFORMATION_EXECUTION_ROLE}

e2e-test-zip:
needs: [deploy-beta]
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4

- name: Install stable toolchain
run: |
rustup target add x86_64-unknown-linux-musl

- name: Install cargo lambda
run: pip3 install cargo-lambda

- name: Configure Rust cache
uses: Swatinem/rust-cache@v2

- name: Install cargo-nextest
run: curl -LsSf https://get.nexte.st/latest/linux | tar zxf - -C ${CARGO_HOME:-~/.cargo}/bin

- uses: actions/setup-python@v4
with:
python-version: "3.13"

- uses: aws-actions/setup-sam@v2
with:
use-installer: true
token: ${{ secrets.GITHUB_TOKEN }}

- name: Assume the github runner role
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ env.BETA_REGION }}
role-to-assume: ${{ env.GITHUB_RUNNER_ROLE }}

- name: Assume the beta pipeline user role
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ env.AWS_SESSION_TOKEN }}
role-skip-session-tagging: true
aws-region: ${{ env.BETA_REGION }}
role-to-assume: ${{ env.BETA_PIPELINE_EXECUTION_ROLE }}

- name: deploy the zip x86 integration test stacks for the beta environment
working-directory: ./tests/e2e_tests/fixtures/go-httpbin-zip
run: |
sam build
sam deploy --stack-name ${BETA_STACK_NAME}-zip-x86 \
--capabilities CAPABILITY_IAM \
--region ${BETA_REGION} \
--s3-bucket ${BETA_ARTIFACTS_BUCKET} \
--image-repository ${BETA_IMAGE_REPOSITORY} \
--no-fail-on-empty-changeset \
--role-arn ${BETA_CLOUDFORMATION_EXECUTION_ROLE}

- name: run e2e tests
run: |
API_ENDPOINT=https://httpbin-rest-zip.beta.adapter.awsguru.dev/ API_AUTH_TYPE="open" cargo nextest run --run-ignored ignored-only --profile ci
API_ENDPOINT=https://httpbin-http-zip.beta.adapter.awsguru.dev/ API_AUTH_TYPE="open" cargo nextest run --run-ignored ignored-only --profile ci
API_ENDPOINT=https://httpbin-alb-zip.beta.adapter.awsguru.dev/ API_AUTH_TYPE="open" cargo nextest run --run-ignored ignored-only --profile ci
API_ENDPOINT=https://c26abn6izvm4xvbfs5baaflifm0hqvsn.lambda-url.ap-northeast-1.on.aws/ API_AUTH_TYPE="iam" cargo nextest run --run-ignored ignored-only --profile ci

e2e-test-oci:
needs: [deploy-beta]
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4

- name: Install stable toolchain
run: |
rustup target add x86_64-unknown-linux-musl

- name: Install cargo lambda
run: pip3 install cargo-lambda

- name: Configure Rust cache
uses: Swatinem/rust-cache@v2

- name: Install cargo-nextest
run: curl -LsSf https://get.nexte.st/latest/linux | tar zxf - -C ${CARGO_HOME:-~/.cargo}/bin

- uses: actions/setup-python@v4
with:
python-version: "3.13"

- uses: aws-actions/setup-sam@v2
with:
use-installer: true
token: ${{ secrets.GITHUB_TOKEN }}

- name: Assume the github runner role
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ env.BETA_REGION }}
role-to-assume: ${{ env.GITHUB_RUNNER_ROLE }}

- name: Assume the beta pipeline user role
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ env.AWS_SESSION_TOKEN }}
role-skip-session-tagging: true
aws-region: ${{ env.BETA_REGION }}
role-to-assume: ${{ env.BETA_PIPELINE_EXECUTION_ROLE }}

- name: deploy the oci x86 integration test stacks for the beta environment
working-directory: ./tests/e2e_tests/fixtures/go-httpbin
run: |
aws ecr get-login-password --region ap-northeast-1 | docker login --username AWS --password-stdin 477159140107.dkr.ecr.ap-northeast-1.amazonaws.com
sam build
sam deploy --stack-name ${BETA_STACK_NAME}-oci-x86 \
--capabilities CAPABILITY_IAM \
--region ${BETA_REGION} \
--s3-bucket ${BETA_ARTIFACTS_BUCKET} \
--image-repository ${BETA_IMAGE_REPOSITORY} \
--no-fail-on-empty-changeset \
--role-arn ${BETA_CLOUDFORMATION_EXECUTION_ROLE}

- name: run e2e tests
run: |
API_ENDPOINT=https://httpbin-rest-oci.beta.adapter.awsguru.dev/ API_AUTH_TYPE="open" cargo nextest run --run-ignored ignored-only --profile ci
API_ENDPOINT=https://httpbin-http-oci.beta.adapter.awsguru.dev/ API_AUTH_TYPE="open" cargo nextest run --run-ignored ignored-only --profile ci
API_ENDPOINT=https://httpbin-alb-oci.beta.adapter.awsguru.dev/ API_AUTH_TYPE="open" cargo nextest run --run-ignored ignored-only --profile ci
API_ENDPOINT=https://3w6rb56t3lzefztvndn4zg3xru0taszm.lambda-url.ap-northeast-1.on.aws/ API_AUTH_TYPE="iam" cargo nextest run --run-ignored ignored-only --profile ci
Loading