Output the layer version instead of layer arn from the deploy layer workflow and added update ssm workflow to be called from the publish layer workflow

Author: sdangol

.github/scripts/update_layer_arn.sh

@@ -8,13 +8,12 @@
 # see .github/workflows/publish_layer.yml
 
 
-# Get the new layer arn from the first command-line argument
-new_layer_arn=$1
-if [ -z "$new_layer_arn" ]; then
-    echo "Usage: $0 <new_layer_arn>"
+# Get the new layer version from the first command-line argument
+new_version=$1
+if [ -z "$new_version" ]; then
+    echo "Usage: $0 <new_version>"
     exit 1
 fi
-new_version=$(echo $new_layer_arn | sed 's/.*://')
 
 # Find all files with specified extensions in ./docs and ./examples directories
 # -type f: only find files (not directories)

.github/workflows/publish_layer.yml

@@ -80,6 +80,26 @@ jobs:
     secrets:
       target-account-role: ${{ secrets.AWS_LAYERS_PROD_ROLE_ARN }}
 
+  update-ssm-beta:
+    needs: [deploy-beta]
+    uses: ./.github/workflows/update_ssm.yml
+    permissions:
+      contents: read
+    with:
+      environment: beta
+      package_version: ${{ inputs.latest_published_version }}
+      layer-version: ${{ needs.deploy-beta.outputs.layer-version }}
+
+  update-ssm-prod:
+    needs: [deploy-prod]
+    uses: ./.github/workflows/update_ssm.yml
+    permissions:
+      contents: read
+    with:
+      environment: prod
+      package_version: ${{ inputs.latest_published_version }}
+      layer-version: ${{ needs.deploy-prod.outputs.layer-version }}
+
   update_layer_arn_docs:
     needs: [deploy-prod]
     # Force Github action to run only a single job at a time (based on the group name)
@@ -98,7 +118,7 @@ jobs:
           ref: ${{ github.sha }}
       - name: Replace layer versions in documentation
         run: |
-          ./.github/scripts/update_layer_arn.sh ${{ needs.deploy-prod.outputs.layer-arn }}
+          ./.github/scripts/update_layer_arn.sh ${{ needs.deploy-prod.outputs.layer-version }}
       - name: Stage changes
         run: git add .
       - name: Create PR

.github/workflows/reusable_deploy_layer_stack.yml

@@ -16,9 +16,9 @@ on:
         required: true
         type: string
     outputs:
-      layer-arn:
-        description: "The latest deployed Layer ARN"
-        value: ${{ jobs.deploy-cdk-stack.outputs.layer-arn }}
+      layer-version:
+        description: "The latest deployed Layer version"
+        value: ${{ jobs.deploy-cdk-stack.outputs.layer-version }}
     secrets:
       target-account-role:
         required: true
@@ -70,7 +70,7 @@ jobs:
             "mx-central-1"
           ]
     outputs:
-      layer-arn: ${{ steps.store-latest-layer-arn.outputs.layer-arn }}
+      layer-version: ${{ steps.store-latest-layer-arn.outputs.layer-version }}
     steps:
       - name: checkout
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8  # v5.0.0
@@ -100,10 +100,11 @@ jobs:
         run: |
           mkdir cdk-layer-stack
           jq -r -c '.LayerPublisherStack.LatestLayerArn' layers/cdk-outputs.json > cdk-layer-stack/${{ matrix.region }}-layer-version.txt
+          layer_arn=$(cat cdk-layer-stack/${{ matrix.region }}-layer-version.txt)
+          echo "$layer_arn"
           if [ "${{ matrix.region }}" = "us-east-1" ]; then
-            echo "layer-arn=$(cat cdk-layer-stack/${{ matrix.region }}-layer-version.txt)" | tee -a "$GITHUB_OUTPUT"
-          else
-            cat cdk-layer-stack/${{ matrix.region }}-layer-version.txt
+            layer_version=$(echo $layer_arn | sed 's/.*://')
+            echo "layer-version=$layer_version" >> "$GITHUB_OUTPUT"
           fi
       - name: Save Layer ARN artifact
         if: ${{ inputs.stage == 'PROD' }}

.github/workflows/update_ssm.yml

@@ -26,8 +26,8 @@ on:
         description: Environment to deploy to
         type: choice
         options:
-          - Beta
-          - Prod
+          - beta
+          - prod
         required: true
 
       write_latest:
@@ -40,6 +40,32 @@ on:
         type: string
         required: true
 
+      layer-version:
+        description: Layer version of the published layer
+        type: string
+        required: true
+
+  workflow_call:
+    inputs:
+      environment:
+        description: Environment to deploy to
+        type: string
+        required: true
+
+      write_latest:
+        description: Write to the latest path
+        type: boolean
+        required: false
+
+      package_version:
+        description: Semantic Version of published layer
+        type: string
+        required: true
+      layer-version:
+        description: Layer version of the published layer
+        type: string
+        required: true
+
 name: SSM Parameters
 run-name: SSM Parameters - TypeScript
 
@@ -101,22 +127,15 @@ jobs:
           # Dynamic secret access is safe here - secrets are scoped per environment
           role-to-assume: ${{ secrets[format('{0}', steps.transform.outputs.CONVERTED_REGION)] }}
           mask-aws-account-id: true
-      - id: get-version
-        env:
-          prefix: ${{ inputs.environment == 'beta' && '/aws/service/powertools/beta' || '/aws/service/powertools' }}
-        run: |
-          current_layer_version=$(aws ssm get-parameter --name ${{ env.prefix }}/typescript/generic/all/${{ inputs.package_version }} --query Parameter.Value --output text --region us-east-1)
-          new_layer_version=$((current_layer_version + 1))
-          echo "new_layer_version=$new_layer_version" >> "$GITHUB_OUTPUT"
       - id: write-version
         env:
           prefix: ${{ inputs.environment == 'beta' && '/aws/service/powertools/beta' || '/aws/service/powertools' }}
         run: |
-          aws ssm put-parameter --name ${{ env.prefix }}/typescript/generic/all/${{ inputs.package_version }} --value "arn:aws:lambda:${{ matrix.region }}:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:${{ steps.get-version.outputs.new_layer_version }}" --type String --overwrite
+          aws ssm put-parameter --name ${{ env.prefix }}/typescript/generic/all/${{ inputs.package_version }} --value "arn:aws:lambda:${{ matrix.region }}:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:${{ inputs.layer-version }}" --type String --overwrite
 
       - id: write-latest
         if: inputs.write_latest == true
         env:
           prefix: ${{ inputs.environment == 'beta' && '/aws/service/powertools/beta' || '/aws/service/powertools' }}
         run: |
-          aws ssm put-parameter --name ${{ env.prefix }}/typescript/generic/all/latest --value "arn:aws:lambda:${{ matrix.region }}:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:${{ steps.get-version.outputs.new_layer_version }}" --type String --overwrite
+          aws ssm put-parameter --name ${{ env.prefix }}/typescript/generic/all/latest --value "arn:aws:lambda:${{ matrix.region }}:094274105915:layer:AWSLambdaPowertoolsTypeScriptV2:${{ inputs.layer-version }}" --type String --overwrite