From 845ae2a86b8ee4db8c8037b8c29b49d510ffd448 Mon Sep 17 00:00:00 2001 From: Fabiana Severin Date: Mon, 29 Jun 2026 12:11:22 +0100 Subject: [PATCH 1/6] Add end-to-end integration tests --- .github/workflows/build-integration-test.yml | 56 ++++++++++ .github/workflows/run-integration-test.yml | 102 +++++++++++++++++ .../log4j2-test-function/pom.xml | 77 +++++++++++++ .../main/java/integ/Log4j2TestHandler.java | 30 +++++ .../src/main/resources/log4j2.xml | 17 +++ lambda-integration-tests/run-tests.sh | 103 ++++++++++++++++++ lambda-integration-tests/samconfig.toml | 24 ++++ lambda-integration-tests/template.yaml | 34 ++++++ 8 files changed, 443 insertions(+) create mode 100644 .github/workflows/build-integration-test.yml create mode 100644 .github/workflows/run-integration-test.yml create mode 100644 lambda-integration-tests/log4j2-test-function/pom.xml create mode 100644 lambda-integration-tests/log4j2-test-function/src/main/java/integ/Log4j2TestHandler.java create mode 100644 lambda-integration-tests/log4j2-test-function/src/main/resources/log4j2.xml create mode 100755 lambda-integration-tests/run-tests.sh create mode 100644 lambda-integration-tests/samconfig.toml create mode 100644 lambda-integration-tests/template.yaml diff --git a/.github/workflows/build-integration-test.yml b/.github/workflows/build-integration-test.yml new file mode 100644 index 00000000..5f5e82d1 --- /dev/null +++ b/.github/workflows/build-integration-test.yml @@ -0,0 +1,56 @@ +# this workflow verifies that the integration test Lambda function builds successfully. +# it does NOT deploy or run the tests (that requires AWS credentials and is done in +# run-integration-test.yml). + +name: Build integration tests + +on: + push: + branches: [ main ] + paths: + - 'aws-lambda-java-log4j2/**' + - 'aws-lambda-java-core/**' + - 'lambda-integration-tests/**' + pull_request: + branches: [ '*' ] + paths: + - 'aws-lambda-java-log4j2/**' + - 'aws-lambda-java-core/**' + - 'lambda-integration-tests/**' + - '.github/workflows/build-integration-test.yml' + +permissions: + contents: read + +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v6 + + - name: Set up JDK + uses: actions/setup-java@v5 + with: + java-version: | + 8 + 21 + distribution: corretto + cache: maven + + - name: Install core with Maven + run: | + export JAVA_HOME=$JAVA_HOME_8_X64 + mvn -B install --file aws-lambda-java-core/pom.xml + + - name: Install log4j2 with Maven + run: | + export JAVA_HOME=$JAVA_HOME_8_X64 + mvn -B install --file aws-lambda-java-log4j2/pom.xml + + # build the integration test function + # this verifies that the function compiles and packages correctly. + # the tests will run in run-integration-test.yml which deploys to AWS. + - name: Package integration test function + run: | + export JAVA_HOME=$JAVA_HOME_21_X64 + mvn -B package --file lambda-integration-tests/log4j2-test-function/pom.xml diff --git a/.github/workflows/run-integration-test.yml b/.github/workflows/run-integration-test.yml new file mode 100644 index 00000000..667e76d9 --- /dev/null +++ b/.github/workflows/run-integration-test.yml @@ -0,0 +1,102 @@ +# this workflow deploys a Lambda function that uses aws-lambda-java-log4j2, +# invokes it, and verifies that logs arrive in CloudWatch. + +name: Run integration tests + +permissions: + id-token: write + contents: read + +on: + workflow_dispatch: + push: + branches: [ main ] + paths: + - 'aws-lambda-java-log4j2/**' + - 'aws-lambda-java-core/**' + - 'lambda-integration-tests/**' + +jobs: + run-integration-tests: + # Only run on the main repo, not forks + if: ${{ github.repository_owner == 'aws' }} + runs-on: ubuntu-latest + concurrency: + group: integration-test + cancel-in-progress: false + steps: + - uses: actions/checkout@v6 + + - name: Set up JDK + uses: actions/setup-java@v5 + with: + java-version: | + 8 + 21 + distribution: corretto + cache: maven + + - name: Install SAM CLI + uses: aws-actions/setup-sam@v2 + with: + use-installer: true + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v6.0.0 + with: + role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} + role-session-name: ${{ secrets.ROLE_SESSION_NAME }} + aws-region: ${{ secrets.AWS_REGION }} + + - name: Install core with Maven + run: | + export JAVA_HOME=$JAVA_HOME_8_X64 + mvn -B install --file aws-lambda-java-core/pom.xml + + - name: Install log4j2 with Maven + run: | + export JAVA_HOME=$JAVA_HOME_8_X64 + mvn -B install --file aws-lambda-java-log4j2/pom.xml + + - name: Build SAM stack + run: | + export JAVA_HOME=$JAVA_HOME_21_X64 + cd lambda-integration-tests && sam build + + - name: Validate SAM stack + run: cd lambda-integration-tests && sam validate --lint + + - name: Deploy stack + id: deploy_stack + env: + AWS_REGION: ${{ secrets.AWS_REGION }} + run: | + cd lambda-integration-tests + stackName="aws-lambda-java-log4j2-integ-test-$GITHUB_RUN_ID" + echo "STACK_NAME=$stackName" >> "$GITHUB_OUTPUT" + echo "Stack name = $stackName" + sam deploy \ + --stack-name "${stackName}" \ + --parameter-overrides "ParameterKey=LambdaRole,ParameterValue=${{ secrets.AWS_LAMBDA_ROLE }}" \ + --no-confirm-changeset \ + --no-progressbar \ + --resolve-s3 \ + --capabilities CAPABILITY_IAM \ + 2>&1 | tee /tmp/sam-deploy.log | tail -n 20 + LOG4J2_TEST_FUNCTION=$(sam list stack-outputs --stack-name "${stackName}" --output json | jq -r '.[] | select(.OutputKey=="Log4j2TestFunction") | .OutputValue') + echo "LOG4J2_TEST_FUNCTION=$LOG4J2_TEST_FUNCTION" >> "$GITHUB_OUTPUT" + echo "Function name: $LOG4J2_TEST_FUNCTION" + + - name: Run integration test + env: + LOG4J2_TEST_FUNCTION: ${{ steps.deploy_stack.outputs.LOG4J2_TEST_FUNCTION }} + AWS_REGION: ${{ secrets.AWS_REGION }} + run: ./lambda-integration-tests/run-tests.sh + + - name: Cleanup + if: always() && steps.deploy_stack.outputs.STACK_NAME + env: + AWS_REGION: ${{ secrets.AWS_REGION }} + STACK_NAME: ${{ steps.deploy_stack.outputs.STACK_NAME }} + run: | + sam delete --stack-name "${STACK_NAME}" --no-prompts --region "${AWS_REGION}" diff --git a/lambda-integration-tests/log4j2-test-function/pom.xml b/lambda-integration-tests/log4j2-test-function/pom.xml new file mode 100644 index 00000000..b036d1de --- /dev/null +++ b/lambda-integration-tests/log4j2-test-function/pom.xml @@ -0,0 +1,77 @@ + + 4.0.0 + + com.amazonaws + log4j2-integration-test-function + 1.0.0 + jar + + Log4j2 Integration Test Function + + Lambda function used to verify that aws-lambda-java-log4j2 correctly emits logs to CloudWatch. + + + + 21 + 21 + UTF-8 + 2.25.4 + + + + + com.amazonaws + aws-lambda-java-core + 1.4.0 + + + com.amazonaws + aws-lambda-java-log4j2 + 1.6.4 + + + org.apache.logging.log4j + log4j-core + ${log4j.version} + + + org.apache.logging.log4j + log4j-api + ${log4j.version} + + + + + + + org.apache.maven.plugins + maven-shade-plugin + 3.6.1 + + + package + + shade + + + + + + + + + + + + com.github.edwgiz + maven-shade-plugin.log4j2-cachefile-transformer + 2.8.1 + + + + + + diff --git a/lambda-integration-tests/log4j2-test-function/src/main/java/integ/Log4j2TestHandler.java b/lambda-integration-tests/log4j2-test-function/src/main/java/integ/Log4j2TestHandler.java new file mode 100644 index 00000000..d81a3fa2 --- /dev/null +++ b/lambda-integration-tests/log4j2-test-function/src/main/java/integ/Log4j2TestHandler.java @@ -0,0 +1,30 @@ +package integ; + +import com.amazonaws.services.lambda.runtime.Context; +import com.amazonaws.services.lambda.runtime.RequestHandler; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.util.Map; + +/** + * integration test handler that logs a marker string using Log4j2 with the LambdaAppender. + * the test verifies that the marker appears in CloudWatch Logs, confirming end-to-end + * log delivery through the aws-lambda-java-log4j2 library. + */ +public class Log4j2TestHandler implements RequestHandler, String> { + + private static final Logger logger = LogManager.getLogger(Log4j2TestHandler.class); + + @Override + public String handleRequest(Map event, Context context) { + String marker = event.getOrDefault("marker", "NO_MARKER_PROVIDED"); + + logger.info("INTEG_TEST_MARKER: {}", marker); + logger.debug("Debug level message with marker: {}", marker); + logger.warn("Warning level message with marker: {}", marker); + logger.error("Error level message with marker: {}", marker); + + return "OK:" + marker; + } +} diff --git a/lambda-integration-tests/log4j2-test-function/src/main/resources/log4j2.xml b/lambda-integration-tests/log4j2-test-function/src/main/resources/log4j2.xml new file mode 100644 index 00000000..1cbc36bd --- /dev/null +++ b/lambda-integration-tests/log4j2-test-function/src/main/resources/log4j2.xml @@ -0,0 +1,17 @@ + + + + + + + %d{yyyy-MM-dd HH:mm:ss} %X{AWSRequestId} %-5p %c{1}:%L - %m%n + + + + + + + + + + diff --git a/lambda-integration-tests/run-tests.sh b/lambda-integration-tests/run-tests.sh new file mode 100755 index 00000000..844cc565 --- /dev/null +++ b/lambda-integration-tests/run-tests.sh @@ -0,0 +1,103 @@ +# integration test script for aws-lambda-java-log4j2. +# invokes the deployed lambda function and verifies logs appear in CloudWatch. + +set -euo pipefail + +FUNCTION_NAME="${LOG4J2_TEST_FUNCTION:?LOG4J2_TEST_FUNCTION env var is required}" +REGION="${AWS_REGION:?AWS_REGION env var is required}" +MARKER="integ-test-$(date +%s)-${RANDOM}" + +echo "=== Log4j2 Integration Test ===" +echo "Function: ${FUNCTION_NAME}" +echo "Region: ${REGION}" +echo "Marker: ${MARKER}" +echo "" + +# invoke the lambda function +echo ">>> Invoking Lambda function..." +INVOKE_OUTPUT=$(aws lambda invoke \ + --function-name "${FUNCTION_NAME}" \ + --region "${REGION}" \ + --payload "{\"marker\": \"${MARKER}\"}" \ + --cli-binary-format raw-in-base64-out \ + --output json \ + /tmp/integ-test-response.json) || { + echo "FAIL: aws lambda invoke command failed with exit code $?" + echo "Output: ${INVOKE_OUTPUT:-}" + exit 1 +} + +echo "Invoke output: ${INVOKE_OUTPUT}" +RESPONSE=$(cat /tmp/integ-test-response.json) +echo "Response payload: ${RESPONSE}" + +# check for lambda execution errors +FUNCTION_ERROR=$(echo "${INVOKE_OUTPUT}" | jq -r '.FunctionError // empty') +if [ -n "${FUNCTION_ERROR}" ]; then + echo "FAIL: Lambda function returned an execution error (FunctionError: ${FUNCTION_ERROR})" + echo "Error response: ${RESPONSE}" + exit 1 +fi + +# verify the function executed successfully +if echo "${RESPONSE}" | grep -q "OK:${MARKER}"; then + echo ">>> Function invocation successful." +else + echo "FAIL: Unexpected response from Lambda function." + echo "Expected response containing: OK:${MARKER}" + echo "Got: ${RESPONSE}" + exit 1 +fi + +# query CloudWatch logs for the marker +LOG_GROUP="/aws/lambda/${FUNCTION_NAME}" +echo "" +echo ">>> Querying CloudWatch Logs group: ${LOG_GROUP}" + +MAX_ATTEMPTS=5 +WAIT_SECONDS=10 +FOUND=false + +for attempt in $(seq 1 $MAX_ATTEMPTS); do + echo ">>> Attempt ${attempt}/${MAX_ATTEMPTS}: waiting ${WAIT_SECONDS}s for log propagation..." + sleep "${WAIT_SECONDS}" + + LOGS_OUTPUT=$(aws logs filter-log-events \ + --log-group-name "${LOG_GROUP}" \ + --region "${REGION}" \ + --filter-pattern "\"INTEG_TEST_MARKER\" \"${MARKER}\"" \ + --start-time $(($(date +%s) * 1000 - 120000)) \ + --output json 2>&1) + + if echo "${LOGS_OUTPUT}" | grep -q "INTEG_TEST_MARKER: ${MARKER}"; then + FOUND=true + break + fi + + echo " Marker not found yet." + WAIT_SECONDS=$((WAIT_SECONDS * 2)) +done + +# verify the marker was found +if [ "${FOUND}" = true ]; then + echo "" + echo "=== PASS: Log4j2 integration test succeeded ===" + echo "The marker '${MARKER}' was found in CloudWatch Logs (attempt ${attempt})." + echo "This confirms that the LambdaAppender plugin was discovered by Log4j2" + echo "and logs are being delivered to CloudWatch correctly." +else + echo "" + echo "=== FAIL: Log4j2 integration test failed ===" + echo "The marker '${MARKER}' was NOT found in CloudWatch Logs after ${MAX_ATTEMPTS} attempts." + echo "This indicates that the LambdaAppender was not discovered by Log4j2," + echo "likely due to a missing Log4j2Plugins.dat in the packaged JAR." + echo "" + echo "Dumping all recent log events for debugging:" + aws logs filter-log-events \ + --log-group-name "${LOG_GROUP}" \ + --region "${REGION}" \ + --start-time $(($(date +%s) * 1000 - 120000)) \ + --limit 50 \ + --output text 2>&1 || true + exit 1 +fi diff --git a/lambda-integration-tests/samconfig.toml b/lambda-integration-tests/samconfig.toml new file mode 100644 index 00000000..5e659786 --- /dev/null +++ b/lambda-integration-tests/samconfig.toml @@ -0,0 +1,24 @@ +version = 0.1 + +[default] +[default.build.parameters] +cached = true +parallel = true +build_in_source = true + +[default.validate.parameters] +lint = true + +[default.deploy.parameters] +capabilities = "CAPABILITY_IAM" +confirm_changeset = true +resolve_s3 = true + +[default.sync.parameters] +watch = true + +[default.local_start_api.parameters] +warm_containers = "EAGER" + +[default.local_start_lambda.parameters] +warm_containers = "EAGER" diff --git a/lambda-integration-tests/template.yaml b/lambda-integration-tests/template.yaml new file mode 100644 index 00000000..101e586e --- /dev/null +++ b/lambda-integration-tests/template.yaml @@ -0,0 +1,34 @@ +AWSTemplateFormatVersion: '2010-09-09' +Transform: AWS::Serverless-2016-10-31 +Description: aws-lambda-java-log4j2 integration tests + +Parameters: + LambdaRole: + Type: String + +Globals: + Function: + Timeout: 30 + MemorySize: 512 + +Resources: + Log4j2TestFunction: + Type: AWS::Serverless::Function + Metadata: + BuildMethod: java21 + Properties: + CodeUri: log4j2-test-function/ + Handler: integ.Log4j2TestHandler::handleRequest + Runtime: java21 + Role: !Ref LambdaRole + Environment: + Variables: + AWS_LAMBDA_LOG_FORMAT: TEXT + +Outputs: + Log4j2TestFunction: + Description: "Log4j2 integration test function name" + Value: !Ref Log4j2TestFunction + Log4j2TestFunctionArn: + Description: "Log4j2 integration test function ARN" + Value: !GetAtt Log4j2TestFunction.Arn From 76ec4ed320237b95fdc6f391d9003dd63f505a63 Mon Sep 17 00:00:00 2001 From: Fabiana Severin Date: Tue, 30 Jun 2026 15:48:49 +0100 Subject: [PATCH 2/6] Pin GitHub Actions to commit SHAs --- .github/workflows/build-integration-test.yml | 4 ++-- .github/workflows/run-integration-test.yml | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build-integration-test.yml b/.github/workflows/build-integration-test.yml index 5f5e82d1..748e0e1e 100644 --- a/.github/workflows/build-integration-test.yml +++ b/.github/workflows/build-integration-test.yml @@ -26,10 +26,10 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Set up JDK - uses: actions/setup-java@v5 + uses: actions/setup-java@1bcf9fb12cf4aa7d266a90ae39939e61372fe520 # v5.4.0 with: java-version: | 8 diff --git a/.github/workflows/run-integration-test.yml b/.github/workflows/run-integration-test.yml index 667e76d9..bd77684e 100644 --- a/.github/workflows/run-integration-test.yml +++ b/.github/workflows/run-integration-test.yml @@ -25,10 +25,10 @@ jobs: group: integration-test cancel-in-progress: false steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - name: Set up JDK - uses: actions/setup-java@v5 + uses: actions/setup-java@1bcf9fb12cf4aa7d266a90ae39939e61372fe520 # v5.4.0 with: java-version: | 8 @@ -37,12 +37,12 @@ jobs: cache: maven - name: Install SAM CLI - uses: aws-actions/setup-sam@v2 + uses: aws-actions/setup-sam@f84ec7d548307efafe33230528756de3c5841a17 # v2 with: use-installer: true - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v6.0.0 + uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0 with: role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} role-session-name: ${{ secrets.ROLE_SESSION_NAME }} From 9610b52294854aa895872a61d5aeb34cdd65af5d Mon Sep 17 00:00:00 2001 From: Fabiana Severin Date: Wed, 1 Jul 2026 10:59:28 +0100 Subject: [PATCH 3/6] fix: run integ test on both architectures --- .github/test-matrix.json | 14 ++++++++++ .github/workflows/build-integration-test.yml | 20 +++++++++++++- .github/workflows/run-integration-test.yml | 28 ++++++++++++++++---- lambda-integration-tests/template.yaml | 8 ++++++ 4 files changed, 64 insertions(+), 6 deletions(-) create mode 100644 .github/test-matrix.json diff --git a/.github/test-matrix.json b/.github/test-matrix.json new file mode 100644 index 00000000..ef6ea1b9 --- /dev/null +++ b/.github/test-matrix.json @@ -0,0 +1,14 @@ +{ + "arch": [ + { + "runner": "ubuntu-latest", + "label": "x64", + "sam_arch": "x86_64" + }, + { + "runner": "ubuntu-24.04-arm", + "label": "arm64", + "sam_arch": "arm64" + } + ] +} diff --git a/.github/workflows/build-integration-test.yml b/.github/workflows/build-integration-test.yml index 748e0e1e..e9e5a3ad 100644 --- a/.github/workflows/build-integration-test.yml +++ b/.github/workflows/build-integration-test.yml @@ -23,8 +23,26 @@ permissions: contents: read jobs: - build: + load-matrix: runs-on: ubuntu-latest + outputs: + matrix: ${{ steps.set.outputs.matrix }} + steps: + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + + - name: Load test matrix + id: set + run: | + MATRIX=$(jq -c '.' .github/test-matrix.json) + echo "matrix=${MATRIX}" >> "$GITHUB_OUTPUT" + + build: + needs: load-matrix + runs-on: ${{ matrix.arch.runner }} + strategy: + fail-fast: false + matrix: ${{ fromJson(needs.load-matrix.outputs.matrix) }} + name: "build (${{ matrix.arch.label }})" steps: - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 diff --git a/.github/workflows/run-integration-test.yml b/.github/workflows/run-integration-test.yml index bd77684e..a43bd211 100644 --- a/.github/workflows/run-integration-test.yml +++ b/.github/workflows/run-integration-test.yml @@ -17,12 +17,30 @@ on: - 'lambda-integration-tests/**' jobs: + load-matrix: + runs-on: ubuntu-latest + outputs: + matrix: ${{ steps.set.outputs.matrix }} + steps: + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + + - name: Load test matrix + id: set + run: | + MATRIX=$(jq -c '.' .github/test-matrix.json) + echo "matrix=${MATRIX}" >> "$GITHUB_OUTPUT" + run-integration-tests: - # Only run on the main repo, not forks + needs: load-matrix + # Only run on the main repo, not forks if: ${{ github.repository_owner == 'aws' }} - runs-on: ubuntu-latest + runs-on: ${{ matrix.arch.runner }} + strategy: + fail-fast: false + matrix: ${{ fromJson(needs.load-matrix.outputs.matrix) }} + name: "integration-test (${{ matrix.arch.label }})" concurrency: - group: integration-test + group: integration-test-${{ matrix.arch.label }} cancel-in-progress: false steps: - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 @@ -72,12 +90,12 @@ jobs: AWS_REGION: ${{ secrets.AWS_REGION }} run: | cd lambda-integration-tests - stackName="aws-lambda-java-log4j2-integ-test-$GITHUB_RUN_ID" + stackName="aws-lambda-java-log4j2-integ-test-${{ matrix.arch.label }}-$GITHUB_RUN_ID" echo "STACK_NAME=$stackName" >> "$GITHUB_OUTPUT" echo "Stack name = $stackName" sam deploy \ --stack-name "${stackName}" \ - --parameter-overrides "ParameterKey=LambdaRole,ParameterValue=${{ secrets.AWS_LAMBDA_ROLE }}" \ + --parameter-overrides "ParameterKey=LambdaRole,ParameterValue=${{ secrets.AWS_LAMBDA_ROLE }} ParameterKey=Architecture,ParameterValue=${{ matrix.arch.sam_arch }}" \ --no-confirm-changeset \ --no-progressbar \ --resolve-s3 \ diff --git a/lambda-integration-tests/template.yaml b/lambda-integration-tests/template.yaml index 101e586e..01a10a70 100644 --- a/lambda-integration-tests/template.yaml +++ b/lambda-integration-tests/template.yaml @@ -5,6 +5,12 @@ Description: aws-lambda-java-log4j2 integration tests Parameters: LambdaRole: Type: String + Architecture: + Type: String + Default: x86_64 + AllowedValues: + - x86_64 + - arm64 Globals: Function: @@ -20,6 +26,8 @@ Resources: CodeUri: log4j2-test-function/ Handler: integ.Log4j2TestHandler::handleRequest Runtime: java21 + Architectures: + - !Ref Architecture Role: !Ref LambdaRole Environment: Variables: From 0e35558c79d389ab4d31a6bb33270f8264e2faf8 Mon Sep 17 00:00:00 2001 From: Fabiana Severin Date: Wed, 1 Jul 2026 11:34:09 +0100 Subject: [PATCH 4/6] fix: changing to precreated bucket --- .github/workflows/build-integration-test.yml | 14 +++++++++++++- .github/workflows/run-integration-test.yml | 2 +- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-integration-test.yml b/.github/workflows/build-integration-test.yml index e9e5a3ad..8a77db7d 100644 --- a/.github/workflows/build-integration-test.yml +++ b/.github/workflows/build-integration-test.yml @@ -36,7 +36,7 @@ jobs: MATRIX=$(jq -c '.' .github/test-matrix.json) echo "matrix=${MATRIX}" >> "$GITHUB_OUTPUT" - build: + build-arch: needs: load-matrix runs-on: ${{ matrix.arch.runner }} strategy: @@ -72,3 +72,15 @@ jobs: run: | export JAVA_HOME=$JAVA_HOME_21_X64 mvn -B package --file lambda-integration-tests/log4j2-test-function/pom.xml + + build: + needs: build-arch + if: always() + runs-on: ubuntu-latest + steps: + - name: Check build results + run: | + if [ "${{ needs.build-arch.result }}" != "success" ]; then + echo "Build failed on one or more architectures" + exit 1 + fi diff --git a/.github/workflows/run-integration-test.yml b/.github/workflows/run-integration-test.yml index a43bd211..6115dd52 100644 --- a/.github/workflows/run-integration-test.yml +++ b/.github/workflows/run-integration-test.yml @@ -98,7 +98,7 @@ jobs: --parameter-overrides "ParameterKey=LambdaRole,ParameterValue=${{ secrets.AWS_LAMBDA_ROLE }} ParameterKey=Architecture,ParameterValue=${{ matrix.arch.sam_arch }}" \ --no-confirm-changeset \ --no-progressbar \ - --resolve-s3 \ + --s3-bucket "${{ secrets.S3_BUCKET }}" \ --capabilities CAPABILITY_IAM \ 2>&1 | tee /tmp/sam-deploy.log | tail -n 20 LOG4J2_TEST_FUNCTION=$(sam list stack-outputs --stack-name "${stackName}" --output json | jq -r '.[] | select(.OutputKey=="Log4j2TestFunction") | .OutputValue') From cb9c4f6d70a19a7e9f7e1d3e5d2e69cd3c7062c1 Mon Sep 17 00:00:00 2001 From: Fabiana Severin Date: Wed, 1 Jul 2026 15:19:18 +0100 Subject: [PATCH 5/6] fix: renaming secrets --- .github/workflows/run-integration-test.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/run-integration-test.yml b/.github/workflows/run-integration-test.yml index 6115dd52..75a2f11c 100644 --- a/.github/workflows/run-integration-test.yml +++ b/.github/workflows/run-integration-test.yml @@ -62,9 +62,9 @@ jobs: - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0 with: - role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} - role-session-name: ${{ secrets.ROLE_SESSION_NAME }} - aws-region: ${{ secrets.AWS_REGION }} + role-to-assume: ${{ secrets.AWS_ROLE_LOG4J2_INTEG_TEST }} + role-session-name: GitHubActionsLog4j2IntegTest + aws-region: ${{ secrets.AWS_REGION_LOG4J2_INTEG_TEST }} - name: Install core with Maven run: | @@ -87,7 +87,7 @@ jobs: - name: Deploy stack id: deploy_stack env: - AWS_REGION: ${{ secrets.AWS_REGION }} + AWS_REGION: ${{ secrets.AWS_REGION_LOG4J2_INTEG_TEST }} run: | cd lambda-integration-tests stackName="aws-lambda-java-log4j2-integ-test-${{ matrix.arch.label }}-$GITHUB_RUN_ID" @@ -95,10 +95,10 @@ jobs: echo "Stack name = $stackName" sam deploy \ --stack-name "${stackName}" \ - --parameter-overrides "ParameterKey=LambdaRole,ParameterValue=${{ secrets.AWS_LAMBDA_ROLE }} ParameterKey=Architecture,ParameterValue=${{ matrix.arch.sam_arch }}" \ + --parameter-overrides "ParameterKey=LambdaRole,ParameterValue=${{ secrets.AWS_LAMBDA_ROLE_LOG4J2_INTEG_TEST }} ParameterKey=Architecture,ParameterValue=${{ matrix.arch.sam_arch }}" \ --no-confirm-changeset \ --no-progressbar \ - --s3-bucket "${{ secrets.S3_BUCKET }}" \ + --s3-bucket "${{ secrets.S3_BUCKET_LOG4J2_INTEG_TEST }}" \ --capabilities CAPABILITY_IAM \ 2>&1 | tee /tmp/sam-deploy.log | tail -n 20 LOG4J2_TEST_FUNCTION=$(sam list stack-outputs --stack-name "${stackName}" --output json | jq -r '.[] | select(.OutputKey=="Log4j2TestFunction") | .OutputValue') @@ -108,13 +108,13 @@ jobs: - name: Run integration test env: LOG4J2_TEST_FUNCTION: ${{ steps.deploy_stack.outputs.LOG4J2_TEST_FUNCTION }} - AWS_REGION: ${{ secrets.AWS_REGION }} + AWS_REGION: ${{ secrets.AWS_REGION_LOG4J2_INTEG_TEST }} run: ./lambda-integration-tests/run-tests.sh - name: Cleanup if: always() && steps.deploy_stack.outputs.STACK_NAME env: - AWS_REGION: ${{ secrets.AWS_REGION }} + AWS_REGION: ${{ secrets.AWS_REGION_LOG4J2_INTEG_TEST }} STACK_NAME: ${{ steps.deploy_stack.outputs.STACK_NAME }} run: | sam delete --stack-name "${STACK_NAME}" --no-prompts --region "${AWS_REGION}" From 361bbfcc17ddc1b122956f52dccb956e56004c7e Mon Sep 17 00:00:00 2001 From: Fabiana Severin Date: Thu, 2 Jul 2026 14:48:24 +0100 Subject: [PATCH 6/6] fix: use architecture-aware JAVA_HOME on matrix runners --- .github/test-matrix.json | 6 ++++-- .github/workflows/build-integration-test.yml | 6 +++--- .github/workflows/run-integration-test.yml | 6 +++--- 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/.github/test-matrix.json b/.github/test-matrix.json index ef6ea1b9..7e6539cb 100644 --- a/.github/test-matrix.json +++ b/.github/test-matrix.json @@ -3,12 +3,14 @@ { "runner": "ubuntu-latest", "label": "x64", - "sam_arch": "x86_64" + "sam_arch": "x86_64", + "java_suffix": "X64" }, { "runner": "ubuntu-24.04-arm", "label": "arm64", - "sam_arch": "arm64" + "sam_arch": "arm64", + "java_suffix": "ARM64" } ] } diff --git a/.github/workflows/build-integration-test.yml b/.github/workflows/build-integration-test.yml index 8a77db7d..2a6bb30c 100644 --- a/.github/workflows/build-integration-test.yml +++ b/.github/workflows/build-integration-test.yml @@ -57,12 +57,12 @@ jobs: - name: Install core with Maven run: | - export JAVA_HOME=$JAVA_HOME_8_X64 + export JAVA_HOME=$JAVA_HOME_8_${{ matrix.arch.java_suffix }} mvn -B install --file aws-lambda-java-core/pom.xml - name: Install log4j2 with Maven run: | - export JAVA_HOME=$JAVA_HOME_8_X64 + export JAVA_HOME=$JAVA_HOME_8_${{ matrix.arch.java_suffix }} mvn -B install --file aws-lambda-java-log4j2/pom.xml # build the integration test function @@ -70,7 +70,7 @@ jobs: # the tests will run in run-integration-test.yml which deploys to AWS. - name: Package integration test function run: | - export JAVA_HOME=$JAVA_HOME_21_X64 + export JAVA_HOME=$JAVA_HOME_21_${{ matrix.arch.java_suffix }} mvn -B package --file lambda-integration-tests/log4j2-test-function/pom.xml build: diff --git a/.github/workflows/run-integration-test.yml b/.github/workflows/run-integration-test.yml index 75a2f11c..1b857f45 100644 --- a/.github/workflows/run-integration-test.yml +++ b/.github/workflows/run-integration-test.yml @@ -68,17 +68,17 @@ jobs: - name: Install core with Maven run: | - export JAVA_HOME=$JAVA_HOME_8_X64 + export JAVA_HOME=$JAVA_HOME_8_${{ matrix.arch.java_suffix }} mvn -B install --file aws-lambda-java-core/pom.xml - name: Install log4j2 with Maven run: | - export JAVA_HOME=$JAVA_HOME_8_X64 + export JAVA_HOME=$JAVA_HOME_8_${{ matrix.arch.java_suffix }} mvn -B install --file aws-lambda-java-log4j2/pom.xml - name: Build SAM stack run: | - export JAVA_HOME=$JAVA_HOME_21_X64 + export JAVA_HOME=$JAVA_HOME_21_${{ matrix.arch.java_suffix }} cd lambda-integration-tests && sam build - name: Validate SAM stack