ci: publish to S3 on main branch only

.github/workflows/ci.yaml

@@ -8,61 +8,37 @@ permissions:
 
 env:
   YQ_VERSION: "4.25.1"
-  FORWARDER_VERSION: "v1.2.0"
+  LAMBDA_ZIP_VERSION: "v1.2.0"
+  LAMBDA_ZIP_BUCKET: "axiom-cloudformation-dev"
+  LAMBDA_ZIP_KEY: "axiom-cloudwatch-forwarder/$LAMBDA_ZIP_VERSION/forwarder.zip"
 
 jobs:
   python:
     runs-on: ubuntu-latest
-    outputs:
-      url: ${{ steps.forwarder-package.outputs.url }}
-      bucket: ${{ steps.forwarder-package.outputs.bucket }}
-      key: ${{ steps.forwarder-package.outputs.key }}
     steps:
       - uses: actions/checkout@v4
       - uses: astral-sh/ruff-action@v1
         with:
           src: "./src"
           args: "format --check"
-      - uses: actions/upload-artifact@v4
-        with:
-          name: forwarder.zip
-          path: src/*
-          retention-days: 1
-      - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          aws-region: eu-west-1
-          role-to-assume: "arn:aws:iam::887822303684:role/axiom_forwarder_github_actions20240222164306574100000002"
-          role-session-name: release_to_dev
-      - run: cd src && zip forwarder.zip *.py
-      - name: Release to Dev
-        run: aws s3 cp --acl public-read ./src/forwarder.zip s3://axiom-cloudformation-dev/axiom-cloudwatch-forwarder/$FORWARDER_VERSION/
-      - name: Set output
-        id: forwarder-package
-        run: |
-          echo "url=s3://axiom-cloudformation-dev/axiom-cloudwatch-forwarder/$FORWARDER_VERSION" >> "$GITHUB_OUTPUT"
-          echo "bucket=axiom-cloudformation-dev" >> "$GITHUB_OUTPUT"
-          echo "key=axiom-cloudwatch-forwarder/$FORWARDER_VERSION/forwarder.zip" >> "$GITHUB_OUTPUT"
   cloudformation:
     runs-on: ubuntu-latest
-    needs:
-      - python
     steps:
       - uses: actions/checkout@v4
       - run: wget https://github.com/mikefarah/yq/releases/download/v$YQ_VERSION/yq_linux_amd64.tar.gz -O - | tar xz && mv yq_linux_amd64 /usr/local/bin/yq
       - run: mkdir build
       - run:
-          yq '.Resources.ForwarderLambda.Properties.Code.S3Bucket = "${{ needs.python.outputs.bucket }}" |
-          .Resources.ForwarderLambda.Properties.Code.S3Key = "${{ needs.python.outputs.key }}"' cloudformation-stacks/forwarder.template.yaml > build/axiom-cloudwatch-forwarder-$FORWARDER_VERSION-cloudformation-stack.yaml
+          yq '.Resources.ForwarderLambda.Properties.Code.S3Bucket = "$LAMBDA_ZIP_BUCKET" |
+          .Resources.ForwarderLambda.Properties.Code.S3Key = "$LAMBDA_ZIP_KEY"' cloudformation-stacks/forwarder.template.yaml > build/axiom-cloudwatch-forwarder-$FORWARDER_VERSION-cloudformation-stack.yaml
       - run:
-          yq '.Resources.SubscriberLambda.Properties.Code.S3Bucket = "${{ needs.python.outputs.bucket }}" |
-          .Resources.SubscriberLambda.Properties.Code.S3Key = "${{ needs.python.outputs.key }}"' cloudformation-stacks/subscriber.template.yaml > build/axiom-cloudwatch-subscriber-$FORWARDER_VERSION-cloudformation-stack.yaml
+          yq '.Resources.SubscriberLambda.Properties.Code.S3Bucket = "$LAMBDA_ZIP_BUCKET" |
+          .Resources.SubscriberLambda.Properties.Code.S3Key = "$LAMBDA_ZIP_KEY"' cloudformation-stacks/subscriber.template.yaml > build/axiom-cloudwatch-subscriber-$FORWARDER_VERSION-cloudformation-stack.yaml
       - run:
-          yq '.Resources.UnsubscriberLambda.Properties.Code.S3Bucket = "${{ needs.python.outputs.bucket }}" |
-          .Resources.UnsubscriberLambda.Properties.Code.S3Key = "${{ needs.python.outputs.key }}"' cloudformation-stacks/unsubscriber.template.yaml > build/axiom-cloudwatch-unsubscriber-$FORWARDER_VERSION-cloudformation-stack.yaml
+          yq '.Resources.UnsubscriberLambda.Properties.Code.S3Bucket = "$LAMBDA_ZIP_BUCKET" |
+          .Resources.UnsubscriberLambda.Properties.Code.S3Key = "$LAMBDA_ZIP_KEY"' cloudformation-stacks/unsubscriber.template.yaml > build/axiom-cloudwatch-unsubscriber-$FORWARDER_VERSION-cloudformation-stack.yaml
       - run:
-          yq '.Resources.ListenerLambda.Properties.Code.S3Bucket = "${{ needs.python.outputs.bucket }}" |
-          .Resources.ListenerLambda.Properties.Code.S3Key = "${{ needs.python.outputs.key }}"'  cloudformation-stacks/listener.template.yaml > build/axiom-cloudwatch-listener-$FORWARDER_VERSION-cloudformation-stack.yaml
+          yq '.Resources.ListenerLambda.Properties.Code.S3Bucket = "$LAMBDA_ZIP_BUCKET" |
+          .Resources.ListenerLambda.Properties.Code.S3Key = "$LAMBDA_ZIP_KEY"'  cloudformation-stacks/listener.template.yaml > build/axiom-cloudwatch-listener-$FORWARDER_VERSION-cloudformation-stack.yaml
       - run: cat build/*
       - uses: actions/upload-artifact@v4
         with:

.github/workflows/pre-release.yaml

@@ -0,0 +1,65 @@
+name: Pre-release
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  id-token: write
+  contents: read
+
+env:
+  YQ_VERSION: "4.25.1"
+  LAMBDA_ZIP_VERSION: "${{ github.ref_name }}"
+
+jobs:
+  release_lambda_zip:
+    runs-on: ubuntu-latest
+    outputs:
+      url: ${{ steps.forwarder-package.outputs.url }}
+      bucket: ${{ steps.forwarder-package.outputs.bucket }}
+      key: ${{ steps.forwarder-package.outputs.key }}
+    steps:
+      - uses: actions/checkout@v4
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: eu-west-1
+          role-to-assume: "arn:aws:iam::887822303684:role/axiom_forwarder_github_actions20240222164306574100000002"
+          role-session-name: release_to_dev
+      - run: cd src && zip forwarder.zip *.py
+      - name: Release to Dev
+        run: aws s3 cp --acl public-read ./src/forwarder.zip s3://axiom-cloudformation-dev/axiom-cloudwatch-forwarder/$LAMBDA_ZIP_VERSION/
+      - name: Set output
+        id: forwarder-package
+        run: |
+          echo "url=s3://axiom-cloudformation-dev/axiom-cloudwatch-forwarder/$LAMBDA_ZIP_VERSION" >> "$GITHUB_OUTPUT"
+          echo "bucket=axiom-cloudformation-dev" >> "$GITHUB_OUTPUT"
+          echo "key=axiom-cloudwatch-forwarder/$LAMBDA_ZIP_VERSION/forwarder.zip" >> "$GITHUB_OUTPUT"
+  release_cloudformation_stacks:
+    runs-on: ubuntu-latest
+    needs:
+      - python
+    steps:
+      - uses: actions/checkout@v4
+      - run: wget https://github.com/mikefarah/yq/releases/download/v$YQ_VERSION/yq_linux_amd64.tar.gz -O - | tar xz && mv yq_linux_amd64 /usr/local/bin/yq
+      - run: mkdir build
+      - run:
+          yq '.Resources.ForwarderLambda.Properties.Code.S3Bucket = "${{ needs.python.outputs.bucket }}" |
+          .Resources.ForwarderLambda.Properties.Code.S3Key = "${{ needs.python.outputs.key }}"' cloudformation-stacks/forwarder.template.yaml > build/axiom-cloudwatch-forwarder-$LAMBDA_ZIP_VERSION-cloudformation-stack.yaml
+      - run:
+          yq '.Resources.SubscriberLambda.Properties.Code.S3Bucket = "${{ needs.python.outputs.bucket }}" |
+          .Resources.SubscriberLambda.Properties.Code.S3Key = "${{ needs.python.outputs.key }}"' cloudformation-stacks/subscriber.template.yaml > build/axiom-cloudwatch-subscriber-$LAMBDA_ZIP_VERSION-cloudformation-stack.yaml
+      - run:
+          yq '.Resources.UnsubscriberLambda.Properties.Code.S3Bucket = "${{ needs.python.outputs.bucket }}" |
+          .Resources.UnsubscriberLambda.Properties.Code.S3Key = "${{ needs.python.outputs.key }}"' cloudformation-stacks/unsubscriber.template.yaml > build/axiom-cloudwatch-unsubscriber-$LAMBDA_ZIP_VERSION-cloudformation-stack.yaml
+      - run:
+          yq '.Resources.ListenerLambda.Properties.Code.S3Bucket = "${{ needs.python.outputs.bucket }}" |
+          .Resources.ListenerLambda.Properties.Code.S3Key = "${{ needs.python.outputs.key }}"'  cloudformation-stacks/listener.template.yaml > build/axiom-cloudwatch-listener-$LAMBDA_ZIP_VERSION-cloudformation-stack.yaml
+      - run: cat build/*
+      - uses: actions/upload-artifact@v4
+        with:
+          name: stacks
+          path: build/*
+          retention-days: 1