chore(ci): Do not build AWS lambda layer in build step

.github/workflows/build.yml

@@ -48,6 +48,10 @@ env:
     ${{ github.workspace }}/packages/ember/*.d.ts
     ${{ github.workspace }}/packages/gatsby/*.d.ts
 
+  # Avoid '*' here: upload-artifact flattens paths after the first wildcard (drops the packages/ prefix).
+  CACHED_BUILD_LAYER_PATHS: |
+    ${{ github.workspace }}/packages/aws-serverless/build/aws
+
   BUILD_CACHE_TARBALL_KEY: tarball-${{ github.event.inputs.commit || github.sha }}
 
   # GH will use the first restore-key it finds that matches
@@ -164,6 +168,40 @@ jobs:
       changed_browser_integration:
         ${{ needs.job_get_metadata.outputs.changed_ci == 'true' || contains(steps.checkForAffected.outputs.affected,
         '@sentry-internal/browser-integration-tests') }}
+      changed_aws_serverless:
+        ${{ needs.job_get_metadata.outputs.changed_ci == 'true' || contains(steps.checkForAffected.outputs.affected,
+        '@sentry/aws-serverless') }}
+
+  job_build_layer:
+    name: Build Lambda layer
+    needs: [job_get_metadata, job_build]
+    if: needs.job_build.outputs.changed_aws_serverless == 'true' || github.event_name != 'pull_request'
+    timeout-minutes: 10
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Check out current commit (${{ needs.job_get_metadata.outputs.commit_label }})
+        uses: actions/checkout@v6
+        with:
+          ref: ${{ env.HEAD_COMMIT }}
+      - name: Set up Node
+        uses: actions/setup-node@v6
+        with:
+          node-version-file: 'package.json'
+      - name: Restore caches
+        uses: ./.github/actions/restore-cache
+        with:
+          dependency_cache_key: ${{ needs.job_build.outputs.dependency_cache_key }}
+      - name: Build Lambda layer
+        run: yarn build:layer
+
+      - name: Upload build artifacts
+        uses: actions/upload-artifact@v7
+        with:
+          name: build-layer-output
+          path: ${{ env.CACHED_BUILD_LAYER_PATHS }}
+          retention-days: 4
+          compression-level: 6
+          overwrite: true
 
   job_check_branches:
     name: Check PR branches
@@ -298,7 +336,7 @@ jobs:
 
   job_artifacts:
     name: Upload Artifacts
-    needs: [job_get_metadata, job_build]
+    needs: [job_get_metadata, job_build, job_build_layer]
     runs-on: ubuntu-24.04
     # Build artifacts are only needed for releasing workflow.
     if: needs.job_get_metadata.outputs.is_release == 'true'
@@ -316,6 +354,11 @@ jobs:
         with:
           dependency_cache_key: ${{ needs.job_build.outputs.dependency_cache_key }}
 
+      - name: Restore build layer artifacts
+        uses: actions/download-artifact@v7
+        with:
+          name: build-layer-output
+
       - name: Pack tarballs
         run: yarn build:tarball
 
@@ -902,7 +945,7 @@ jobs:
     # See: https://github.com/actions/runner/issues/2205
     if:
       always() && needs.job_e2e_prepare.result == 'success' && needs.job_e2e_prepare.outputs.matrix != '{"include":[]}'
-    needs: [job_get_metadata, job_build, job_e2e_prepare]
+    needs: [job_get_metadata, job_build, job_build_layer, job_e2e_prepare]
     runs-on: ubuntu-24.04
     timeout-minutes: 15
     env:
@@ -948,6 +991,12 @@ jobs:
         with:
           dependency_cache_key: ${{ needs.job_build.outputs.dependency_cache_key }}
 
+      - name: Restore build layer artifacts
+        uses: actions/download-artifact@v7
+        if: matrix.test-application == 'aws-serverless'
+        with:
+          name: build-layer-output
+
       - name: Restore tarball cache
         uses: actions/cache/restore@v5
         id: restore-tarball-cache
@@ -1134,6 +1183,7 @@ jobs:
         job_check_lockfile,
         job_check_format,
         job_circular_dep_check,
+        job_build_layer,
         job_size_check,
       ]
     # Always run this, even if a dependent job failed

package.json

@@ -1,8 +1,9 @@
 {
   "private": true,
   "scripts": {
-    "build": "node ./scripts/verify-packages-versions.js && nx run-many -t build:transpile build:types build:bundle build:layer",
+    "build": "node ./scripts/verify-packages-versions.js && nx run-many -t build:transpile build:types build:bundle",
     "build:bundle": "nx run-many -t build:bundle",
+    "build:layer": "nx run-many -t build:layer",
     "build:dev": "nx run-many -t build:types build:transpile",
     "build:dev:filter": "nx run-many -t build:dev -p",
     "build:transpile": "nx run-many -t build:transpile",

packages/aws-serverless/package.json

@@ -80,7 +80,7 @@
     "@vercel/nft": "^1.3.0"
   },
   "scripts": {
-    "build": "run-p build:transpile build:types build:extension && run-s build:layer",
+    "build": "run-p build:transpile build:types build:extension",
     "build:extension": "rollup -c rollup.lambda-extension.config.mjs && yarn ts-node scripts/buildLambdaExtension.ts",
     "build:layer": "rimraf build/aws && yarn ts-node scripts/buildLambdaLayer.ts",
     "build:dev": "run-p build:transpile build:types",