From 74fadf3fbd07ab8503e5fc35799740058f87d40c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Dec 2023 14:45:40 +0000 Subject: [PATCH 01/14] gh-action: bump the all group with 1 update Bumps the all group with 1 update: [actions/setup-java](https://github.com/actions/setup-java). - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](https://github.com/actions/setup-java/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/setup-java dependency-type: direct:production update-type: version-update:semver-major dependency-group: all ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/tests.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 972b373..b32794f 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -28,7 +28,7 @@ jobs: fetch-depth: 1 - name: Set up JDK - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: java-version: '20' distribution: 'zulu' diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0a95098..2138f2b 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -27,7 +27,7 @@ jobs: sed -i 's/${AWS::AccountId}/${{ secrets.AWS_ACCOUNT_ID }}/' infra/role/template.yml - name: Set up JDK - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: java-version: '20' distribution: 'zulu' diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 07070ca..d0c009f 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -18,7 +18,7 @@ jobs: uses: actions/checkout@v4 - name: Set up JDK - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: java-version: '20' distribution: 'zulu' From 88d51824d6ac95325f892043074737b9bc92a5ed Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Dec 2023 14:53:00 +0000 Subject: [PATCH 02/14] maven: bump the minor group with 6 updates Bumps the minor group with 6 updates: | Package | From | To | | --- | --- | --- | | org.apache.logging.log4j:log4j-api | `2.21.0` | `2.22.0` | | org.apache.logging.log4j:log4j-core | `2.21.0` | `2.22.0` | | [com.amazonaws:aws-lambda-java-log4j2](https://github.com/aws/aws-lambda-java-libs) | `1.5.1` | `1.6.0` | | [org.junit.jupiter:junit-jupiter-engine](https://github.com/junit-team/junit5) | `5.10.0` | `5.10.1` | | [org.mockito:mockito-core](https://github.com/mockito/mockito) | `5.6.0` | `5.8.0` | | [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) | `3.1.2` | `3.2.2` | Updates `org.apache.logging.log4j:log4j-api` from 2.21.0 to 2.22.0 Updates `org.apache.logging.log4j:log4j-core` from 2.21.0 to 2.22.0 Updates `com.amazonaws:aws-lambda-java-log4j2` from 1.5.1 to 1.6.0 - [Commits](https://github.com/aws/aws-lambda-java-libs/commits) Updates `org.junit.jupiter:junit-jupiter-engine` from 5.10.0 to 5.10.1 - [Release notes](https://github.com/junit-team/junit5/releases) - [Commits](https://github.com/junit-team/junit5/compare/r5.10.0...r5.10.1) Updates `org.mockito:mockito-core` from 5.6.0 to 5.8.0 - [Release notes](https://github.com/mockito/mockito/releases) - [Commits](https://github.com/mockito/mockito/compare/v5.6.0...v5.8.0) Updates `org.apache.maven.plugins:maven-surefire-plugin` from 3.1.2 to 3.2.2 - [Release notes](https://github.com/apache/maven-surefire/releases) - [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.1.2...surefire-3.2.2) --- updated-dependencies: - dependency-name: org.apache.logging.log4j:log4j-api dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: org.apache.logging.log4j:log4j-core dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: com.amazonaws:aws-lambda-java-log4j2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: org.junit.jupiter:junit-jupiter-engine dependency-type: direct:development update-type: version-update:semver-patch dependency-group: minor - dependency-name: org.mockito:mockito-core dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minor - dependency-name: org.apache.maven.plugins:maven-surefire-plugin dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor ... Signed-off-by: dependabot[bot] --- pom.xml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/pom.xml b/pom.xml index 624109e..7440f00 100644 --- a/pom.xml +++ b/pom.xml @@ -25,17 +25,17 @@ org.apache.logging.log4j log4j-api - 2.21.0 + 2.22.0 org.apache.logging.log4j log4j-core - 2.21.0 + 2.22.0 com.amazonaws aws-lambda-java-log4j2 - 1.5.1 + 1.6.0 org.slf4j @@ -50,13 +50,13 @@ org.junit.jupiter junit-jupiter-engine - 5.10.0 + 5.10.1 test org.mockito mockito-core - 5.6.0 + 5.8.0 test @@ -85,7 +85,7 @@ org.apache.maven.plugins maven-surefire-plugin - 3.1.2 + 3.2.2 From 9d8bc0d29b159813f646b5171455f13190ad7077 Mon Sep 17 00:00:00 2001 From: Mike Audi Date: Tue, 12 Dec 2023 13:45:36 -0600 Subject: [PATCH 03/14] fix: remove SAR --- .github/workflows/release.yml | 20 +++++++++++++++----- README.md | 1 - infra/{sar => function}/samconfig.toml | 4 ++-- infra/{sar => function}/template.yml | 15 +-------------- infra/role/samconfig.toml | 4 ++-- infra/role/template.yml | 14 ++------------ 6 files changed, 22 insertions(+), 36 deletions(-) delete mode 100644 README.md rename infra/{sar => function}/samconfig.toml (75%) rename infra/{sar => function}/template.yml (85%) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0a95098..8be1f2d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -41,7 +41,9 @@ jobs: ref: ${{ vars.UTILS_VERSION }} - name: Maven Install Utils - run: cd utils && mvn clean package install + run: | + cd utils + mvn clean package install - name: Install xmlstarlet run: sudo apt-get update && sudo apt-get install -y xmlstarlet @@ -54,17 +56,25 @@ jobs: aws-region: ${{ vars.AWS_REGION }} - name: SAM Deploy GitHub - run: cd infra/role && sam build && sam package && sam deploy + run: | + cd infra/role + sam build + sam package + sam deploy - name: AWS Credentials uses: aws-actions/configure-aws-credentials@v4 with: - role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/GitHubDeployCoreIcebergMetadata + role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/GitHubDeployCoreOceanMetadata role-session-name: ${{ vars.SESSION_NAME }} aws-region: ${{ vars.AWS_REGION }} - - name: SAM Publish - run: cd infra/sar && sam build && sam package --output-template-file packaged.yaml && sam publish --template packaged.yaml + - name: SAM Deploy Function + run: | + cd infra/sar + sam build + sam package + sam deploy - name: Get Version id: version diff --git a/README.md b/README.md deleted file mode 100644 index 795c523..0000000 --- a/README.md +++ /dev/null @@ -1 +0,0 @@ -🐡 diff --git a/infra/sar/samconfig.toml b/infra/function/samconfig.toml similarity index 75% rename from infra/sar/samconfig.toml rename to infra/function/samconfig.toml index 274e4b9..4ec83b4 100644 --- a/infra/sar/samconfig.toml +++ b/infra/function/samconfig.toml @@ -1,9 +1,9 @@ version = 0.1 [default.global.parameters] -stack_name = "core-iceberg-metadata-sar" +stack_name = "core-ocean-metadata-function" s3_bucket = "mytiki-sam-deploy" -s3_prefix = "core/iceberg/metadata/sar" +s3_prefix = "core/ocean/metadata/function" region = "us-east-2" [default.deploy.parameters] diff --git a/infra/sar/template.yml b/infra/function/template.yml similarity index 85% rename from infra/sar/template.yml rename to infra/function/template.yml index 1971c7c..9903ec9 100644 --- a/infra/sar/template.yml +++ b/infra/function/template.yml @@ -1,6 +1,6 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: AWS::Serverless-2016-10-31 -Description: Core Iceberg Metadata SAR +Description: Core Ocean Iceberg Metadata Function Parameters: QueueName: @@ -20,19 +20,6 @@ Parameters: Type: Number Description: Enter the version number of the utils layer. -Metadata: - AWS::ServerlessRepo::Application: - Name: core-iceberg-metadata - Description: Iceberg Metadata - Author: tiki - SpdxLicenseId: MIT - LicenseUrl: ../../LICENSE - ReadmeUrl: ../../README.md - Labels: [ 'iceberg' ] - HomePageUrl: https://github.com/tiki/core-iceberg-metadata - SemanticVersion: 0.1.9 - SourceCodeUrl: https://github.com/tiki/core-iceberg-metadata - Resources: Queue: Type: AWS::SQS::Queue diff --git a/infra/role/samconfig.toml b/infra/role/samconfig.toml index 40a956c..eb537e0 100644 --- a/infra/role/samconfig.toml +++ b/infra/role/samconfig.toml @@ -1,9 +1,9 @@ version = 0.1 [default.global.parameters] -stack_name = "core-iceberg-metadata-role" +stack_name = "core-ocean-metadata-role" s3_bucket = "mytiki-sam-deploy" -s3_prefix = "core/iceberg/metadata/role" +s3_prefix = "core/ocean/metadata/role" region = "us-east-2" [default.deploy.parameters] diff --git a/infra/role/template.yml b/infra/role/template.yml index 6074082..d0f02d2 100644 --- a/infra/role/template.yml +++ b/infra/role/template.yml @@ -6,7 +6,7 @@ Parameters: RoleName: Description: Name of the IAM Role for the deployment Type: String - Default: "GitHubDeployCoreIcebergMetadata" + Default: "GitHubDeployCoreOceanMetadata" Resources: Role: @@ -17,7 +17,7 @@ Resources: SemanticVersion: 0.0.3 Parameters: GitHubOrg: tiki - RepositoryName: core-iceberg-metadata + RepositoryName: core-ocean-metadata RoleName: !Ref RoleName Policy: @@ -29,16 +29,6 @@ Resources: PolicyDocument: Version: '2012-10-17' Statement: - - Effect: Allow - Action: - - serverlessrepo:ListApplications - - serverlessrepo:CreateApplication - - serverlessrepo:SearchApplications - Resource: "*" - - Effect: Allow - Action: - - serverlessrepo:* - Resource: !Sub arn:aws:serverlessrepo:${AWS::Region}:${AWS::AccountId}:applications/core-iceberg-metadata - Effect: Allow Action: - s3:PutObject From 000dccdbf47d6e6a85423d0f94bc85366c2b717c Mon Sep 17 00:00:00 2001 From: Mike Audi Date: Tue, 12 Dec 2023 13:47:41 -0600 Subject: [PATCH 04/14] fix: add ocean defaults --- infra/function/template.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/infra/function/template.yml b/infra/function/template.yml index 9903ec9..0019bda 100644 --- a/infra/function/template.yml +++ b/infra/function/template.yml @@ -6,19 +6,23 @@ Parameters: QueueName: Type: String Description: The name of the FIFO Queue. + Default: ocean-metadata BucketName: Description: The S3 bucket name for the lake Type: String + Default: mytiki-ocean DatabaseName: Description: The Glue database name Type: String + Default: ocean UtilsName: Type: String - Default: core-iceberg-utils + Default: core-ocean-iceberg-utils Description: Enter the name of the utils layer. UtilsVersion: Type: Number Description: Enter the version number of the utils layer. + Default: 16 Resources: Queue: From 2693af0c645d56ef53b7baebf1302aad03e7ff07 Mon Sep 17 00:00:00 2001 From: Mike Audi Date: Tue, 12 Dec 2023 13:50:44 -0600 Subject: [PATCH 05/14] fix: lakeformation permission for func. --- infra/function/template.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/infra/function/template.yml b/infra/function/template.yml index 0019bda..1eb6dd6 100644 --- a/infra/function/template.yml +++ b/infra/function/template.yml @@ -79,6 +79,10 @@ Resources: - xray:PutTraceSegments - xray:PutTelemetryRecords Resource: "*" + - Effect: Allow + Action: + - lakeformation:GetDataAccess + Resource: "*" Layers: - !Sub "arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:layer:${UtilsName}:${UtilsVersion}" - !Sub "arn:aws:lambda:${AWS::Region}:901920570463:layer:aws-otel-java-wrapper-amd64-ver-1-30-0:1" From 9e3bd2067994cec76c693561cb23d4104d727ccb Mon Sep 17 00:00:00 2001 From: Mike Audi Date: Wed, 13 Dec 2023 01:45:48 -0600 Subject: [PATCH 06/14] fix: test release --- .github/workflows/release.yml | 6 +++--- infra/function/template.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a514cb7..ba4e25d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -4,8 +4,8 @@ on: pull_request: branches: - main - types: - - closed +# types: +# - closed concurrency: group: ${{ github.ref }}-${{ github.workflow }} @@ -13,7 +13,7 @@ concurrency: jobs: Deploy: - if: github.event.pull_request.merged == true && startsWith(github.head_ref, 'release/') +# if: github.event.pull_request.merged == true && startsWith(github.head_ref, 'release/') runs-on: ubuntu-latest environment: Production permissions: diff --git a/infra/function/template.yml b/infra/function/template.yml index 1eb6dd6..c9bbd51 100644 --- a/infra/function/template.yml +++ b/infra/function/template.yml @@ -22,7 +22,7 @@ Parameters: UtilsVersion: Type: Number Description: Enter the version number of the utils layer. - Default: 16 + Default: 1 Resources: Queue: From 25b46c8e25ae3fc2f65fbdb0c82afe895cbaff77 Mon Sep 17 00:00:00 2001 From: Mike Audi Date: Wed, 13 Dec 2023 01:53:24 -0600 Subject: [PATCH 07/14] fix: update actions --- .github/workflows/release.yml | 4 +-- .github/workflows/tests.yml | 10 +++++-- .github/workflows/version.yml | 6 ++-- infra/role/template.yml | 54 +++++++++++++++++++++++++++++++++++ 4 files changed, 66 insertions(+), 8 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ba4e25d..2819c24 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -35,7 +35,7 @@ jobs: - name: Check out utils uses: actions/checkout@v4 with: - repository: tiki/core-iceberg-utils + repository: tiki/core-ocean-iceberg-utils token: ${{ github.token }} path: utils ref: ${{ vars.UTILS_VERSION }} @@ -71,7 +71,7 @@ jobs: - name: SAM Deploy Function run: | - cd infra/sar + cd infra/function sam build sam package sam deploy diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index d0c009f..a1cb454 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -30,7 +30,7 @@ jobs: - name: Check out utils uses: actions/checkout@v4 with: - repository: tiki/core-iceberg-utils + repository: tiki/core-ocean-iceberg-utils token: ${{ github.token }} path: utils ref: ${{ vars.UTILS_VERSION }} @@ -49,7 +49,11 @@ jobs: path: target/surefire-reports/**/*.xml - name: Validate AWS Template - run: cd infra/sar && sam validate + run: | + cd infra/function + sam validate --lint - name: Build AWS Template - run: cd infra/sar && sam build + run: | + cd infra/function + sam build diff --git a/.github/workflows/version.yml b/.github/workflows/version.yml index 458b0b6..b1f000b 100644 --- a/.github/workflows/version.yml +++ b/.github/workflows/version.yml @@ -41,9 +41,9 @@ jobs: - name: Update POM Version run: xmlstarlet ed -L -u "_:project/_:version" -v "${{ steps.semver.outputs.nextStrict }}" pom.xml - - name: Update SAR Version + - name: Update Function Version run: | - sed -i 's/SemanticVersion: .*/SemanticVersion: ${{ steps.semver.outputs.nextStrict }}/' infra/sar/template.yml + sed -i 's/SemanticVersion: .*/SemanticVersion: ${{ steps.semver.outputs.nextStrict }}/' infra/function/template.yml - name: Commit Changes continue-on-error: true @@ -53,7 +53,7 @@ jobs: git config --global user.email "action@github.com" git config --global user.name "GH Action" git add pom.xml - git add infra/sar/template.yml + git add infra/function/template.yml git commit -m 'version bump' git push diff --git a/infra/role/template.yml b/infra/role/template.yml index d0f02d2..c9be18d 100644 --- a/infra/role/template.yml +++ b/infra/role/template.yml @@ -34,3 +34,57 @@ Resources: - s3:PutObject - s3:GetObject Resource: !Sub arn:aws:s3:::mytiki-sam-deploy/* + - Effect: Allow + Action: cloudformation:* + Resource: + - !Sub arn:aws:cloudformation:${AWS::Region}:${AWS::AccountId}:stack/core-ocean-metadata-function/* + - !Sub arn:aws:cloudformation:${AWS::Region}:aws:transform/Serverless-2016-10-31 + - Effect: Allow + Action: cloudformation:ListStacks + Resource: "*" + - Effect: Allow + Action: iam:PassRole + Resource: !Sub arn:aws:iam::${AWS::AccountId}:role/${RoleName} + Condition: + StringEquals: + iam:PassedToService: lambda.amazonaws.com + - Effect: Allow + Action: + - lambda:CreateFunction + - lambda:TagResource + - lambda:GetFunction + - lambda:UpdateFunctionCode + - lambda:ListTags + - lambda:UpdateFunctionConfiguration + Resource: !Sub arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:* + - Effect: Allow + Action: + - lambda:CreateEventSourceMapping + - lambda:GetEventSourceMapping + - lambda:UpdateEventSourceMapping + Resource: "*" + - Effect: Allow + Action: + - sqs:CreateQueue + - sqs:GetQueueAttributes + - sqs:SetQueueAttributes + - sqs:TagQueue + Resource: !Sub arn:aws:sqs:${AWS::Region}:${AWS::AccountId}:* + - Effect: Allow + Action: lambda:GetLayerVersion + Resource: + - !Sub arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:layer:core-ocean-iceberg-utils:* + - !Sub arn:aws:lambda:${AWS::Region}:901920570463:layer:aws-otel-java-wrapper-* + - Effect: Allow + Action: + - iam:CreateRole + - iam:GetRole + - iam:UpdateRole + - iam:DeleteRole + - iam:TagRole + - iam:GetRolePolicy + - iam:PutRolePolicy + - iam:DeleteRolePolicy + - iam:AttachRolePolicy + - iam:DetachRolePolicy + Resource: !Sub arn:aws:iam::${AWS::AccountId}:role/core-ocean-metadata-function* From f9ab6e9045f7893b3da50a7f3574b7c60ff538fd Mon Sep 17 00:00:00 2001 From: GH Action Date: Wed, 13 Dec 2023 07:53:50 +0000 Subject: [PATCH 08/14] version bump --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 7440f00..7b88bc4 100644 --- a/pom.xml +++ b/pom.xml @@ -7,7 +7,7 @@ 4.0.0 com.mytiki core-iceberg-metadata - 0.1.9 + 0.1.10 jar Iceberg Metadata From 7df9df3d74b415d01f0da967adc697072652204c Mon Sep 17 00:00:00 2001 From: Mike Audi Date: Wed, 13 Dec 2023 01:53:53 -0600 Subject: [PATCH 09/14] fix: codeql --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index b32794f..a765f72 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -36,7 +36,7 @@ jobs: - name: Check out utils uses: actions/checkout@v4 with: - repository: tiki/core-iceberg-utils + repository: tiki/core-ocean-iceberg-utils token: ${{ github.token }} path: utils ref: ${{ vars.UTILS_VERSION }} From e5e7eb3e80bb245a1c130e2790205c34ea8854ad Mon Sep 17 00:00:00 2001 From: Mike Audi Date: Wed, 13 Dec 2023 01:54:50 -0600 Subject: [PATCH 10/14] fix: no more version in sar --- .github/workflows/version.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/version.yml b/.github/workflows/version.yml index b1f000b..6cf8e64 100644 --- a/.github/workflows/version.yml +++ b/.github/workflows/version.yml @@ -41,10 +41,6 @@ jobs: - name: Update POM Version run: xmlstarlet ed -L -u "_:project/_:version" -v "${{ steps.semver.outputs.nextStrict }}" pom.xml - - name: Update Function Version - run: | - sed -i 's/SemanticVersion: .*/SemanticVersion: ${{ steps.semver.outputs.nextStrict }}/' infra/function/template.yml - - name: Commit Changes continue-on-error: true env: @@ -53,7 +49,6 @@ jobs: git config --global user.email "action@github.com" git config --global user.name "GH Action" git add pom.xml - git add infra/function/template.yml git commit -m 'version bump' git push From 85e93e08bdf56f83563b14553a2ca3036eab3b03 Mon Sep 17 00:00:00 2001 From: Mike Audi Date: Wed, 13 Dec 2023 01:59:09 -0600 Subject: [PATCH 11/14] fix: utils version 2.7 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 7b88bc4..91ea729 100644 --- a/pom.xml +++ b/pom.xml @@ -19,7 +19,7 @@ com.mytiki core-iceberg-utils - 0.2.6 + 0.2.7 provided From 2a7b2c3bbbe9eaac5d855614e1c7415a90fdddeb Mon Sep 17 00:00:00 2001 From: Mike Audi Date: Wed, 13 Dec 2023 02:10:11 -0600 Subject: [PATCH 12/14] fix: perm issues --- .github/workflows/tests.yml | 2 +- infra/role/template.yml | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index a1cb454..73a53fb 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -51,7 +51,7 @@ jobs: - name: Validate AWS Template run: | cd infra/function - sam validate --lint + sam validate - name: Build AWS Template run: | diff --git a/infra/role/template.yml b/infra/role/template.yml index c9be18d..170ae2a 100644 --- a/infra/role/template.yml +++ b/infra/role/template.yml @@ -44,7 +44,9 @@ Resources: Resource: "*" - Effect: Allow Action: iam:PassRole - Resource: !Sub arn:aws:iam::${AWS::AccountId}:role/${RoleName} + Resource: + - !Sub arn:aws:iam::${AWS::AccountId}:role/${RoleName} + - !Sub arn:aws:iam::${AWS::AccountId}:role/core-ocean-metadata-function-* Condition: StringEquals: iam:PassedToService: lambda.amazonaws.com @@ -87,4 +89,4 @@ Resources: - iam:DeleteRolePolicy - iam:AttachRolePolicy - iam:DetachRolePolicy - Resource: !Sub arn:aws:iam::${AWS::AccountId}:role/core-ocean-metadata-function* + Resource: !Sub arn:aws:iam::${AWS::AccountId}:role/core-ocean-metadata-function-* From cecfa8d0490e4042cd7b89dd96e45dd14ab84eee Mon Sep 17 00:00:00 2001 From: Mike Audi Date: Wed, 13 Dec 2023 02:19:25 -0600 Subject: [PATCH 13/14] fix: prepare release --- .github/workflows/release.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2819c24..5aee3bd 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -4,8 +4,8 @@ on: pull_request: branches: - main -# types: -# - closed + types: + - closed concurrency: group: ${{ github.ref }}-${{ github.workflow }} @@ -13,7 +13,7 @@ concurrency: jobs: Deploy: -# if: github.event.pull_request.merged == true && startsWith(github.head_ref, 'release/') + if: github.event.pull_request.merged == true && startsWith(github.head_ref, 'release/') runs-on: ubuntu-latest environment: Production permissions: From 75cd13f8024c27ad6836743add5f91e336b050cd Mon Sep 17 00:00:00 2001 From: GH Action Date: Wed, 13 Dec 2023 08:19:56 +0000 Subject: [PATCH 14/14] version bump --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 91ea729..497fc8d 100644 --- a/pom.xml +++ b/pom.xml @@ -7,7 +7,7 @@ 4.0.0 com.mytiki core-iceberg-metadata - 0.1.10 + 0.1.11 jar Iceberg Metadata