From 39965d338fe760dcc728f712434ab80d3b2dbf20 Mon Sep 17 00:00:00 2001 From: Jesse Kela Date: Sun, 14 Dec 2025 04:02:35 +0200 Subject: [PATCH] Lambda deployment without terraform --- .github/workflows/deploy.yml | 78 +++++++++++++++++++++++++++++++++ .github/workflows/terraform.yml | 48 +++----------------- terraform/lambda.tf | 10 +++-- terraform/variables.tf | 5 +++ 4 files changed, 96 insertions(+), 45 deletions(-) create mode 100644 .github/workflows/deploy.yml diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml new file mode 100644 index 0000000..071c36b --- /dev/null +++ b/.github/workflows/deploy.yml @@ -0,0 +1,78 @@ +name: deploy +on: + push: + branches: + - main + paths: + - "handler.py" + - "create_package.py" + - "Pipfile*" + pull_request: + branches: + - main + paths: + - "handler.py" + - "create_package.py" + - "Pipfile*" + - ".github/workflows/deploy.yml" + workflow_dispatch: +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +jobs: + package: + if: ${{ github.event_name != 'schedule' }} + runs-on: ubuntu-latest + permissions: + contents: read + steps: + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 + with: + python-version: "3.14" + architecture: "x64" + cache: "pipenv" + cache-dependency-path: Pipfile.lock + - name: Install pipenv & create dependencies + run: | + pip install --prefer-binary -r requirements.txt + pipenv install + pipenv requirements > requirements.txt + - name: Create deployment package + run: python create_package.py --output ${{ github.workspace }}/${{ vars.LAMBDA_PACKAGE }} + - name: Upload package + if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + with: + name: lambda-package + path: ${{ github.workspace}}/${{ vars.LAMBDA_PACKAGE }} + overwrite: true + retention-days: 1 + if-no-files-found: error + deploy: + runs-on: ubuntu-latest + environment: AWS + if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' + needs: package + permissions: + id-token: write + contents: read + steps: + - name: Download package + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + with: + path: ${{ github.workspace }}/package + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 + with: + aws-region: ${{ vars.AWS_REGION }} + role-to-assume: ${{ secrets.AWS_ROLE }} + - name: Deploy + uses: aws-actions/aws-lambda-deploy@29ea35c124579506cf0475e20df36198eb670d89 # v1.1.0 + with: + function-name: ${{ vars.LAMBDA_NAME }} + package-type: Zip + runtime: python3.14 + handler: handler.handler + publish: false + code-artifacts-dir: ${{ github.workspace }}/ diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 7f7ceab..f6d08e2 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -4,19 +4,12 @@ on: branches: - main paths: - - "handler.py" - - "create_package.py" - - "Pipfile*" - - "requirements.txt" - "terraform/**" - ".github/workflows/terraform.yml" push: branches: - main paths: - - "handler.py" - - "create_package.py" - - "Pipfile*" - "terraform/**" - ".github/workflows/terraform.yml" schedule: @@ -26,35 +19,7 @@ concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: - package: - if: ${{ github.event_name != 'schedule' }} - runs-on: ubuntu-latest - permissions: - contents: read - steps: - - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 - with: - python-version: "3.14" - architecture: "x64" - cache: "pipenv" - cache-dependency-path: Pipfile.lock - - name: Install pipenv & create dependencies - run: | - pip install --prefer-binary -r requirements.txt - pipenv install - pipenv requirements > requirements.txt - - name: Create deployment package - run: python create_package.py --output ${{ github.workspace }}/${{ vars.LAMBDA_PACKAGE }} - - name: Upload package - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 - with: - name: lambda-package - path: ${{ github.workspace}}/${{ vars.LAMBDA_PACKAGE }} - overwrite: true - retention-days: 1 - if-no-files-found: error - terraform-lint: + lint: runs-on: ubuntu-latest permissions: contents: read @@ -74,10 +39,10 @@ jobs: id: tflint run: tflint -f compact --minimum-failure-severity notice working-directory: ./terraform - terraform: + deploy: if: ${{ github.event_name != 'schedule' }} runs-on: ubuntu-latest - needs: [terraform-lint, package] + needs: [lint] permissions: id-token: write contents: read @@ -87,6 +52,7 @@ jobs: TF_VAR_topic_name: ${{ secrets.RSS_FEEDS_TOPIC }} TF_VAR_alarm_topic_name: ${{ secrets.RSS_FEEDS_ALARM_TOPIC }} TF_VAR_rss_feeds_urls: ${{ vars.RSS_FEEDS_URLS }} + TF_VAR_lambda_name: ${{ vars.LAMBDA_NAME }} TF_VAR_lambda_package_path: ${{ github.workspace}}/${{ vars.LAMBDA_PACKAGE }} steps: - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 @@ -95,10 +61,8 @@ jobs: with: aws-region: ${{ vars.AWS_REGION }} role-to-assume: ${{ secrets.AWS_ROLE }} - - name: Download package - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 - with: - path: ${{ github.workspace }} + - name: Create dummy package + run: zip -j ${{ vars.LAMBDA_PACKAGE }} handler.py - name: Setup Terraform uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2 - name: Terraform format diff --git a/terraform/lambda.tf b/terraform/lambda.tf index 11b417c..58cc507 100644 --- a/terraform/lambda.tf +++ b/terraform/lambda.tf @@ -1,5 +1,5 @@ resource "aws_lambda_function" "rss_handler" { - function_name = "rss-feeds-handler" + function_name = var.lambda_name role = aws_iam_role.lambda_role.arn handler = "handler.handler" runtime = "python3.14" @@ -19,10 +19,14 @@ resource "aws_lambda_function" "rss_handler" { filename = var.lambda_package_path source_code_hash = filebase64sha256(var.lambda_package_path) + + lifecycle { + ignore_changes = [filename, source_code_hash] + } } resource "aws_cloudwatch_log_group" "rss_handler_logs" { - name = "/aws/lambda/rss-feeds-handler" + name = "/aws/lambda/${var.lambda_name}" retention_in_days = 90 } @@ -89,7 +93,7 @@ resource "aws_iam_policy" "lambda_policy" { "logs:PutLogEvents" ] Resource = [ - "arn:aws:logs:${var.aws_region}:${data.aws_caller_identity.current.account_id}:log-group:/aws/lambda/rss-feeds-handler:*" + "arn:aws:logs:${var.aws_region}:${data.aws_caller_identity.current.account_id}:log-group:/aws/lambda/${var.lambda_name}:*" ] } ] diff --git a/terraform/variables.tf b/terraform/variables.tf index d66c389..00e5b21 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -24,6 +24,11 @@ variable "rss_feeds_urls" { type = string } +variable "lambda_name" { + description = "Path to the Lambda deployment package" + type = string +} + variable "lambda_package_path" { description = "Path to the Lambda deployment package" type = string