From b3284c1abe9927c34161cc9b1ad87019a240647c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Th=C3=A9riault?= Date: Wed, 10 Jun 2026 11:57:41 -0400 Subject: [PATCH 1/4] release workflow and dependabot --- .github/dependabot.yaml | 14 +++ .github/workflows/release.yaml | 172 +++++++++++++++++++++++++++++++++ 2 files changed, 186 insertions(+) create mode 100644 .github/dependabot.yaml create mode 100644 .github/workflows/release.yaml diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml new file mode 100644 index 0000000..6a072f0 --- /dev/null +++ b/.github/dependabot.yaml @@ -0,0 +1,14 @@ +version: 2 +open-pull-requests-limit: 8 + +updates: + - package-ecosystem: github-actions + directory: "/" + schedule: + interval: weekly + + - package-ecosystem: cargo + directory: "/" + versioning-strategy: increase + schedule: + interval: weekly diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 0000000..876f34d --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,172 @@ +name: Release +on: + workflow_dispatch: + +jobs: + build: + strategy: + matrix: + arch: [x86_64, aarch64] + outputs: + version: ${{ steps.version.outputs.VERSION }} + major: ${{ steps.version.outputs.MAJOR }} + minor: ${{ steps.version.outputs.MINOR }} + patch: ${{ steps.version.outputs.PATCH }} + + runs-on: ${{ matrix.arch == 'x86_64' && 'ubuntu-24.04' || 'ubuntu-24.04-arm' }} + container: amazonlinux:2023 + + permissions: + contents: read + + steps: + - run: dnf update -y && dnf install -y git tar awk gcc pkg-config openssl-devel + + - uses: actions/checkout@v6 + - uses: actions-rust-lang/setup-rust-toolchain@v1 + + - run: cargo build --release + - run: mkdir -p target/opt/extensions + - run: cp target/release/diet-lambda target/opt/extensions/diet-lambda + + - uses: actions/upload-artifact@v7 + with: + name: diet-lambda-${{ matrix.arch }} + path: target/opt + + - name: Extract version + id: version + run: | + cargo pkgid + VERSION=$(awk '{ n = split($0, a, "#"); print a[n] }') + echo "VERSION=$VERSION" >> $GITHUB_OUTPUT + MAJOR=$(echo $VERSION | awk -F. '{ print $1 }') + MINOR=$(echo $VERSION | awk -F. '{ print $2 }') + PATCH=$(echo $VERSION | awk -F. '{ print $3 }') + echo "MAJOR=$MAJOR" >> $GITHUB_OUTPUT + echo "MINOR=$MINOR" >> $GITHUB_OUTPUT + echo "PATCH=$PATCH" >> $GITHUB_OUTPUT + + prod: + needs: build + runs-on: ubuntu-latest + strategy: + matrix: + arch: [x86_64, aarch64] + region: + - ap-northeast-1 + - ap-northeast-2 + - ap-south-1 + - ap-southeast-1 + - ap-southeast-2 + - ca-central-1 + - eu-central-1 + - eu-north-1 + - eu-west-1 + - eu-west-2 + - eu-west-3 + - sa-east-1 + - us-east-1 + - us-east-2 + - us-west-1 + - us-west-2 + + permissions: + contents: read + id-token: write + + steps: + - uses: aws-actions/configure-aws-credentials@v6 + with: + role-to-assume: ${{ secrets.LAMBDA_PROD_PUBLISHER_ARN }} + aws-region: ${{ matrix.region }} + + - uses: actions/download-artifact@v8 + id: download + with: + name: diet-lambda-${{ matrix.arch }} + skip-decompress: true + + - name: Publish layer + env: + SUFFIX: -${{ needs.build.outputs.major }}_${{ needs.build.outputs.minor }}_${{ needs.build.outputs.patch }} + run: | + LAYER_ARN=$( + aws lambda publish-layer-version \ + --layer-name diet-lambda-${{ matrix.arch }}$SUFFIX \ + --license-info "Apache 2.0" \ + --compatible-architectures ${{ matrix.arch == 'x86_64' && 'x86_64' || 'arm64' }} \ + --zip-file fileb://${{ steps.download.outputs.download-path }}/diet-lambda-${{ matrix.arch }}.zip \ + --query 'LayerVersionArn' \ + --output text + ) + echo "::notice::$LAYER_ARN" + + docker: + needs: build + if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' + strategy: + matrix: + arch: [x86_64, aarch64] + + runs-on: ${{ matrix.arch == 'x86_64' && 'ubuntu-24.04' || 'ubuntu-24.04-arm' }} + + permissions: + contents: read + id-token: write + packages: write + + steps: + - uses: actions/checkout@v6 + - uses: docker/setup-buildx-action@v4 + - uses: docker/login-action@v4 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - uses: actions/download-artifact@v8 + with: + name: diet-lambda-${{ matrix.arch }} + + - uses: docker/build-push-action@v7 + env: + SUFFIX: -${{ needs.build.outputs.version }} + with: + context: . + push: true + tags: ghcr.io/${{ github.repository }}:${{ matrix.arch }}${{ env.SUFFIX }} + + multiarch: + needs: + - build + - docker + runs-on: ubuntu-latest + if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' + + permissions: + contents: read + id-token: write + packages: write + + steps: + - uses: docker/setup-buildx-action@v4 + - uses: docker/login-action@v4 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Create multi-arch manifests + env: + SUFFIX: -${{ needs.build.outputs.version }} + MAJOR: ${{ needs.build.outputs.major }} + MINOR: ${{ needs.build.outputs.major }}.${{ needs.build.outputs.minor }} + PATCH: ${{ needs.build.outputs.major }}.${{ needs.build.outputs.minor }}.${{ needs.build.outputs.patch }} + run: | + docker buildx imagetools create \ + --tag ghcr.io/${{ github.repository }}:$MAJOR \ + --tag ghcr.io/${{ github.repository }}:$MINOR \ + --tag ghcr.io/${{ github.repository }}:$PATCH \ + ghcr.io/${{ github.repository }}:x86_64$SUFFIX \ + ghcr.io/${{ github.repository }}:aarch64$SUFFIX From 19861141fdf1ec782c3c70431753b9f746c13df5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Th=C3=A9riault?= <113933910+raphael-theriault-swi@users.noreply.github.com> Date: Wed, 10 Jun 2026 12:24:36 -0400 Subject: [PATCH 2/4] Fix awk commands Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- .github/workflows/release.yaml | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 876f34d..5c9a237 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -37,15 +37,14 @@ jobs: - name: Extract version id: version run: | - cargo pkgid - VERSION=$(awk '{ n = split($0, a, "#"); print a[n] }') - echo "VERSION=$VERSION" >> $GITHUB_OUTPUT - MAJOR=$(echo $VERSION | awk -F. '{ print $1 }') - MINOR=$(echo $VERSION | awk -F. '{ print $2 }') - PATCH=$(echo $VERSION | awk -F. '{ print $3 }') - echo "MAJOR=$MAJOR" >> $GITHUB_OUTPUT - echo "MINOR=$MINOR" >> $GITHUB_OUTPUT - echo "PATCH=$PATCH" >> $GITHUB_OUTPUT + VERSION="$(cargo pkgid | awk -F'#' '{print $NF}')" + echo "VERSION=$VERSION" >> "$GITHUB_OUTPUT" + MAJOR="$(echo "$VERSION" | awk -F. '{ print $1 }')" + MINOR="$(echo "$VERSION" | awk -F. '{ print $2 }')" + PATCH="$(echo "$VERSION" | awk -F. '{ print $3 }')" + echo "MAJOR=$MAJOR" >> "$GITHUB_OUTPUT" + echo "MINOR=$MINOR" >> "$GITHUB_OUTPUT" + echo "PATCH=$PATCH" >> "$GITHUB_OUTPUT" prod: needs: build From 5b94d457ffbd04fb7d6bdbaa2993e6113ae69cca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Th=C3=A9riault?= <113933910+raphael-theriault-swi@users.noreply.github.com> Date: Wed, 10 Jun 2026 12:24:55 -0400 Subject: [PATCH 3/4] Fix step-level env variable expansion Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- .github/workflows/release.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 5c9a237..3611331 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -129,12 +129,10 @@ jobs: name: diet-lambda-${{ matrix.arch }} - uses: docker/build-push-action@v7 - env: - SUFFIX: -${{ needs.build.outputs.version }} with: context: . push: true - tags: ghcr.io/${{ github.repository }}:${{ matrix.arch }}${{ env.SUFFIX }} + tags: ghcr.io/${{ github.repository }}:${{ matrix.arch }}-${{ needs.build.outputs.version }} multiarch: needs: From 46010175eee0d1a6c5b517bd2d68a82ffa7aa85e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Th=C3=A9riault?= Date: Wed, 10 Jun 2026 13:44:39 -0400 Subject: [PATCH 4/4] update readme --- README.md | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 115bd2f..915c4c1 100644 --- a/README.md +++ b/README.md @@ -13,16 +13,12 @@ This collector uses the same `SW_APM_API_TOKEN` and `SW_APM_DATA_CENTER` environ - APM collector endpoint - `SW_APM_COLLECTOR` -> `SW_APM_DATA_CENTER` - OTLP exporter endpoints - `SW_EXPORTER_OTLP_$signal_ENDPOINT` -> `SW_EXPORTER_OTLP_ENDPOINT` -> `SW_APM_COLLECTOR` -> `SW_APM_DATA_CENTER` -## Docker Images +## Production ARNs -These are also updated on new commits to main. The collector is built on Amazon Linux and expects OpenSSL to be available in the image. +These are published on release. -```dockerfile -FROM ghcr.io/solarwinds/diet-lambda AS collector -# ... -COPY --from=collector /opt/extensions/diet-lambda /opt/extensions/diet-lambda -# ... -``` +- `arn:aws:lambda::851060098468:layer:diet-lambda-x86_64-x_y_z` +- `arn:aws:lambda::851060098468:layer:diet-lambda-aarch64-x_y_z` ## Staging ARNs @@ -31,6 +27,17 @@ These are updated on new commits to `main`, or manually by triggering CI workflo - `arn:aws:lambda:us-east-1:858939916050:layer:diet-lambda-x86_64` - `arn:aws:lambda:us-east-1:858939916050:layer:diet-lambda-aarch64` +## Docker Images + +The `latest` tag tracks changes to `main`, and the `x`, `x.y` and `x.y.z` tags track point releases. The collector is built on Amazon Linux and expects OpenSSL to be available in the image. + +```dockerfile +FROM ghcr.io/solarwinds/diet-lambda:x.y.z AS collector +# ... +COPY --from=collector /opt/extensions/diet-lambda /opt/extensions/diet-lambda +# ... +``` + ## Developing The collector requires a nightly Rust toolchain in order to build the standard library while optimizing for a small binary size. It uses the standard Cargo workflow, just run `cargo build`. `rustfmt` and `clippy` are run in CI, which will fail if there are any warnings.