feat(build): publish lib as a Lambda Layer

.github/workflows/on-merge-to-main.yml

@@ -39,6 +39,9 @@ jobs:
       # the dependencies in a separate step
       working-directory: ./examples/cdk
       run: npm ci
+    - name: Install Layer publisher app
+      working-directory: ./layer-publisher
+      run: npm ci
     - name: "Setup SAM"
       # We use an ad-hoc action so we can specify the SAM CLI version
       uses: aws-actions/setup-sam@v2

.github/workflows/pr_lint_and_test.yml

@@ -31,6 +31,9 @@ jobs:
         # the dependencies in a separate step
         working-directory: ./examples/cdk
         run: npm ci
+      - name: Install Layer publisher app
+        working-directory: ./layer-publisher
+        run: npm ci
       - name: "Setup SAM"
         # We use an ad-hoc action so we can specify the SAM CLI version
         uses: aws-actions/setup-sam@v2

.github/workflows/publish_layer.yaml

@@ -0,0 +1,81 @@
+name: Deploy layer to all regions
+
+permissions:
+  id-token: write
+  contents: read
+
+on:
+  # Manual trigger
+  workflow_dispatch:
+    inputs:
+      latest_published_version:
+        description: "Latest npm published version to rebuild corresponding layer for, e.g. v1.0.2"
+        default: "v1.0.2"
+        required: true
+  # Automatic trigger after release
+  workflow_run:
+    workflows: ["release"]
+    types:
+      - completed
+
+jobs:
+  # Build layer by running cdk synth in layer-publisher directory and uploading cdk.out for deployment
+  build-layer:
+    runs-on: ubuntu-latest
+    if: ${{ (github.event.workflow_run.conclusion == 'success') || (github.event_name == 'workflow_dispatch') }}
+    defaults:
+      run:
+        working-directory: ./layer-publisher
+    steps:
+      - name: checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Setup Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: "16.12"
+      - name: Set release notes tag
+        run: |
+          RELEASE_INPUT=${{ inputs.latest_published_version }}
+          LATEST_TAG=$(git describe --tag --abbrev=0)
+          RELEASE_TAG_VERSION=${RELEASE_INPUT:-$LATEST_TAG}
+          echo "RELEASE_TAG_VERSION=${RELEASE_TAG_VERSION:1}" >> $GITHUB_ENV
+      - name: install cdk and deps
+        run: |
+          npm install -g [email protected]
+          cdk --version
+      - name: install deps
+        run: |
+          npm ci
+      - name: CDK build
+        run: cdk synth --context PowerToolsPackageVersion=$RELEASE_TAG_VERSION -o cdk.out
+      - name: zip output
+        run: zip -r cdk.out.zip cdk.out
+      - name: Archive CDK artifacts
+        uses: actions/upload-artifact@v3
+        with:
+          name: cdk-layer-artefact
+          path: layer-publisher/cdk.out.zip
+
+  # Deploy layer to all regions in beta account
+  deploy-beta:
+    needs:
+      - build-layer
+    uses: ./.github/workflows/reusable_deploy_layer_stack.yml
+    with:
+      stage: "BETA"
+      artefact-name: "cdk-layer-artefact"
+    secrets:
+      target-account-role: ${{ secrets.AWS_LAYERS_BETA_ROLE_ARN }}
+
+  # Deploy layer to all regions in prod account
+  deploy-prod:
+    needs:
+      - deploy-beta
+    uses: ./.github/workflows/reusable_deploy_layer_stack.yml
+    with:
+      stage: "PROD"
+      artefact-name: "cdk-layer-artefact"
+    secrets:
+      target-account-role: ${{ secrets.AWS_LAYERS_PROD_ROLE_ARN }}

.github/workflows/reusable_deploy_layer_stack.yml

@@ -0,0 +1,81 @@
+name: Deploy cdk stack
+
+permissions:
+  id-token: write
+  contents: read
+
+on:
+  workflow_call:
+    inputs:
+      stage:
+        required: true
+        type: string
+      artefact-name:
+        required: true
+        type: string
+    secrets:
+      target-account-role:
+        required: true
+
+jobs:
+  deploy-cdk-stack:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ./layer-publisher
+    strategy:
+      fail-fast: false
+      matrix:
+        region:
+          [
+            "af-south-1",
+            "eu-central-1",
+            "us-east-1",
+            "us-east-2",
+            "us-west-1",
+            "us-west-2",
+            "ap-east-1",
+            "ap-south-1",
+            "ap-northeast-1",
+            "ap-northeast-2",
+            "ap-southeast-1",
+            "ap-southeast-2",
+            "ca-central-1",
+            "eu-west-1",
+            "eu-west-2",
+            "eu-west-3",
+            "eu-south-1",
+            "eu-north-1",
+            "sa-east-1",
+            "ap-southeast-3",
+            "ap-northeast-3",
+            "me-south-1",
+          ]
+    steps:
+      - name: checkout
+        uses: actions/checkout@v3
+      - name: aws credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-region: ${{ matrix.region }}
+          role-to-assume: ${{ secrets.target-account-role }}
+      - name: Setup Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: "16.12"
+      - name: install cdk and deps
+        run: |
+          npm install -g [email protected]
+          cdk --version
+      - name: install deps
+        run: |
+          npm ci
+      - name: Download artifact
+        uses: actions/download-artifact@v3
+        with:
+          name: ${{ inputs.artefact-name }}
+          path: layer-publisher
+      - name: unzip artefact
+        run: unzip cdk.out.zip
+      - name: CDK Deploy Layer
+        run: cdk deploy --app cdk.out --context region=${{ matrix.region }} 'LayerPublisherStack' --require-approval never --verbose

.github/workflows/run-e2e-tests.yml

@@ -40,7 +40,7 @@ jobs:
           cd examples/cdk
           npm install ../../packages/**/dist/aws-lambda-powertools-*
           npm run test
-  e2e-tests:
+  package-e2e-tests:
     runs-on: ubuntu-latest
     permissions:
       id-token: write # needed to interact with GitHub's OIDC Token endpoint.
@@ -68,6 +68,36 @@ jobs:
         with:
           role-to-assume: ${{ secrets.AWS_ROLE_ARN_TO_ASSUME }}
           aws-region: eu-west-1
-      - name: "Run integration tests"
+      - name: "Run packages integration tests"
         run: |
           RUNTIME=nodejs${{ matrix.version }}x npm run test:e2e -w packages/${{ matrix.package }}
+  layer-e2e-tests:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write # needed to interact with GitHub's OIDC Token endpoint.
+      contents: read
+    strategy:
+      fail-fast: false
+      matrix:
+        version: [12, 14, 16]
+    steps:
+      - name: "Checkout"
+        uses: actions/checkout@v3
+      - name: "Use NodeJS 14"
+        uses: actions/setup-node@v3
+        with:
+          # Always use version 16 as we use TypeScript target es2020
+          node-version: 16
+      - name: "Install [email protected]"
+        run: npm i -g npm@next-8
+      - name: "Configure AWS credentials"
+        uses: aws-actions/[email protected]
+        with:
+          role-to-assume: ${{ secrets.AWS_ROLE_ARN_TO_ASSUME }}
+          aws-region: eu-west-1
+      - name: "Run layer integration tests"
+        run: |
+          npm ci --foreground-scripts
+          RUNTIME=nodejs${{ matrix.version }}.x npm run test:e2e
+        working-directory: layer-publisher
+

README.md

@@ -33,6 +33,18 @@ Find the complete project's [documentation here](https://awslabs.github.io/aws-l
 
 ### Installation
 
+You have 2 ways of consuming those utilities:
+* NPM modules
+* Lambda Layer
+
+#### Lambda layers
+
+The AWS Lambda Powertools for TypeScript utilities is packaged as a single [AWS Lambda Layer](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-concepts.html#gettingstarted-concepts-layer)
+
+👉 [Installation guide for the **AWS Lambda Powertools for TypeScript** layer](https://awslabs.github.io/aws-lambda-powertools-typescript/latest/#lambda-layer)
+
+#### NPM modules
+
 The AWS Lambda Powertools for TypeScript utilities follow a modular approach, similar to the official [AWS SDK v3 for JavaScript](https://github.com/aws/aws-sdk-js-v3).  
 Each TypeScript utility is installed as standalone NPM package.
 

layer-publisher/.gitignore

@@ -0,0 +1,8 @@
+*.js
+!jest.config.js
+*.d.ts
+node_modules
+
+# CDK asset staging directory
+.cdk.staging
+cdk.out

layer-publisher/.npmignore

@@ -0,0 +1,6 @@
+*.ts
+!*.d.ts
+
+# CDK asset staging directory
+.cdk.staging
+cdk.out

layer-publisher/README.md

@@ -0,0 +1,38 @@
+# Lambda Powertools for TypeScript Layer Publisher
+
+This CDK app is meant to be used to publish Powertools for TypeScript Lambda Layer. It is composed of a single stack deploying the Layer into the target account.
+
+# Usage
+
+```sh
+npm ci
+npm run cdk deploy
+```
+
+By default it will package the layer with the latest version publicly available but you can force the public version to use with `PowerToolsPackageVersion` context variable:
+   ```sh
+   npm run cdk deploy -- --context PowerToolsPackageVersion='0.9.0'
+   ```
+
+# Tests
+
+## Units
+
+```sh
+npm run test
+```
+
+## E2E
+
+This will deploy and destroy several stacks in your AWS Account
+
+```sh
+npm run test:e2e
+```
+
+PS: You can force 
+* the lambda runtime to test with the RUNTIME env variable
+* the Powertools version with VERSION env variable
+```sh 
+RUNTIME=node12.x VERSION=0.9.0 npm run test:e2e
+```

layer-publisher/bin/layer-publisher.ts

@@ -0,0 +1,13 @@
+#!/usr/bin/env node
+import 'source-map-support/register';
+import * as cdk from 'aws-cdk-lib';
+import { LayerPublisherStack } from '../src/layer-publisher-stack';
+
+const SSM_PARAM_LAYER_ARN = '/layers/powertools-layer-arn';
+
+const app = new cdk.App();
+new LayerPublisherStack(app, 'LayerPublisherStack', {
+  powerToolsPackageVersion: app.node.tryGetContext('PowerToolsPackageVersion'),
+  layerName: 'AWSLambdaPowertoolsTypeScript',
+  ssmParameterLayerArn: SSM_PARAM_LAYER_ARN,
+});

layer-publisher/cdk.json

@@ -0,0 +1,32 @@
+{
+  "app": "npx ts-node --prefer-ts-exts bin/layer-publisher.ts",
+  "watch": {
+    "include": [
+      "**"
+    ],
+    "exclude": [
+      "README.md",
+      "cdk*.json",
+      "**/*.d.ts",
+      "**/*.js",
+      "tsconfig.json",
+      "package*.json",
+      "yarn.lock",
+      "node_modules",
+      "test"
+    ]
+  },
+  "context": {
+    "@aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId": true,
+    "@aws-cdk/core:stackRelativeExports": true,
+    "@aws-cdk/aws-rds:lowercaseDbIdentifier": true,
+    "@aws-cdk/aws-lambda:recognizeVersionProps": true,
+    "@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021": true,
+    "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": true,
+    "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": true,
+    "@aws-cdk/core:target-partitions": [
+      "aws",
+      "aws-cn"
+    ]
+  }
+}

layer-publisher/jest.config.js

@@ -0,0 +1,8 @@
+module.exports = {
+  testEnvironment: 'node',
+  roots: ['<rootDir>/tests'],
+  testMatch: ['**/*.test.ts'],
+  transform: {
+    '^.+\\.tsx?$': 'ts-jest'
+  }
+};