Automated Deployment Workflows

.github/workflows/dev-build.yml

@@ -0,0 +1,29 @@
+### This is the Terraform-generated dev-build.yml workflow for the ecr-workflow-test-dev app repository ###
+### If this is a Lambda repo, uncomment the FUNCTION line at the end of the document     ###
+### If the container requires any additional pre-build commands, uncomment and edit      ###
+### the PREBUILD line at the end of the document.                                        ###
+name: Dev Container Build and Deploy
+on:
+  workflow_dispatch:
+  pull_request:
+    branches:
+      - main
+    paths-ignore:
+      - '.github/**'
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  deploy:
+    name: Dev Container Deploy
+    uses: mitlibraries/.github/.github/workflows/ecr-multi-arch-deploy-dev.yml@multi-arch-deploy
+    secrets: inherit
+    with:
+      AWS_REGION: "us-east-1"
+      GHA_ROLE: "ecr-workflow-test-gha-dev"
+      ECR: "ecr-workflow-test-dev"
+      CPU_ARCH: "linux/arm64"
+      # FUNCTION: ""
+      # PREBUILD: 

.github/workflows/prod-promote.yml

@@ -0,0 +1,25 @@
+### This is the Terraform-generated prod-promote.yml workflow for the ecr-workflow-test-prod repository. ###
+### If this is a Lambda repo, uncomment the FUNCTION line at the end of the document.         ###
+name: Prod Container Promote
+on:
+  workflow_dispatch:
+  release:
+    types: [published]
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  deploy:
+    name: Prod Container Promote
+    uses: mitlibraries/.github/.github/workflows/ecr-multi-arch-promote-prod.yml@multi-arch-deploy
+    secrets: inherit
+    with:
+      AWS_REGION: "us-east-1"
+      GHA_ROLE_STAGE: ecr-workflow-test-gha-stage
+      GHA_ROLE_PROD: ecr-workflow-test-gha-prod
+      ECR_STAGE: "ecr-workflow-test-stage"
+      ECR_PROD: "ecr-workflow-test-prod"
+      # FUNCTION: ""
+

.github/workflows/stage-build.yml

@@ -0,0 +1,29 @@
+### This is the Terraform-generated dev-build.yml workflow for the ecr-workflow-test-stage app repository ###
+### If this is a Lambda repo, uncomment the FUNCTION line at the end of the document     ###
+### If the container requires any additional pre-build commands, uncomment and edit      ###
+### the PREBUILD line at the end of the document.                                        ###
+name: Stage Container Build and Deploy
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+    paths-ignore:
+      - '.github/**'
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  deploy:
+    name: Stage Container Deploy
+    uses: mitlibraries/.github/.github/workflows/ecr-multi-arch-deploy-stage.yml@multi-arch-deploy
+    secrets: inherit
+    with:
+      AWS_REGION: "us-east-1"
+      GHA_ROLE: "ecr-workflow-test-gha-stage"
+      ECR: "ecr-workflow-test-stage"
+      CPU_ARCH: "linux/arm64"
+      # FUNCTION: ""
+      # PREBUILD: 

Dockerfile

@@ -1,12 +1,20 @@
-FROM python:3.12-slim as build
-WORKDIR /app
-COPY . .
+FROM python:3.13-slim
+
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends git ca-certificates && \
+    rm -rf /var/lib/apt/lists/*
 
-RUN pip install --no-cache-dir --upgrade pip pipenv
+COPY --from=ghcr.io/astral-sh/uv:latest /uv /bin/uv
+ENV UV_SYSTEM_PYTHON=1
+
+WORKDIR /app
 
-RUN apt-get update && apt-get upgrade -y && apt-get install -y git
+# Copy project metadata
+COPY pyproject.toml uv.lock* ./
 
-COPY Pipfile* /
-RUN pipenv install
+COPY ecr_test ./ecr_test
+RUN uv pip install --system .
 
-ENTRYPOINT ["pipenv", "run", "ecr_test"]
+# See pyproject.toml 
+ENTRYPOINT ["my-app", "run"]
+CMD []

Makefile

@@ -1,5 +1,12 @@
 SHELL=/bin/bash
 DATETIME:=$(shell date -u +%Y%m%dT%H%M%SZ)
+### This is the Terraform-generated header for ecr-workflow-test-dev. If  ###
+###   this is a Lambda repo, uncomment the FUNCTION line below            ###
+###   and review the other commented lines in the document.               ###
+ECR_NAME_DEV:=ecr-workflow-test-dev
+ECR_URL_DEV:=222053980223.dkr.ecr.us-east-1.amazonaws.com/ecr-workflow-test-dev
+CPU_ARCH:=linux/arm64
+### End of Terraform-generated header                                     ###
 
 help: # Preview Makefile commands
 	@awk 'BEGIN { FS = ":.*#"; print "Usage:  make <target>\n\nTargets:" } \
@@ -70,4 +77,38 @@ ruff-apply: # Resolve 'fixable errors' with 'ruff'
 # CLI convenience commands
 ##############################
 my-app: # CLI without any arguments, utilizing uv script entrypoint
-	uv run my-app
+	uv run my-app
+
+
+### Terraform-generated Developer Deploy Commands for Dev environment ###
+dist-dev: ## Build docker container (intended for developer-based manual build)
+	docker buildx create --use && docker buildx build --platform $(CPU_ARCH) \
+	    -t $(ECR_URL_DEV):latest \
+		-t $(ECR_URL_DEV):$(shell git describe --always) \
+		-t $(ECR_NAME_DEV):latest .
+
+publish-dev: dist-dev ## Build, tag and push (intended for developer-based manual publish)
+	docker login -u AWS -p $$(aws ecr get-login-password --region us-east-1) $(ECR_URL_DEV)
+	docker push $(ECR_URL_DEV):latest
+	docker push $(ECR_URL_DEV):$(shell git describe --always)
+
+
+### Terraform-generated manual shortcuts for deploying to Stage. This requires  ###
+###   that ECR_NAME_STAGE, ECR_URL_STAGE, and FUNCTION_STAGE environment        ###
+###   variables are set locally by the developer and that the developer has     ###
+###   authenticated to the correct AWS Account. The values for the environment  ###
+###   variables can be found in the stage_build.yml caller workflow.            ###
+dist-stage: ## Only use in an emergency
+	docker buildx create --use && docker buildx build --platform $(CPU_ARCH) \
+	    -t $(ECR_URL_STAGE):latest \
+		-t $(ECR_URL_STAGE):$(shell git describe --always) \
+		-t $(ECR_NAME_STAGE):latest .
+
+publish-stage: ## Only use in an emergency
+	docker login -u AWS -p $$(aws ecr get-login-password --region us-east-1) $(ECR_URL_STAGE)
+	docker push $(ECR_URL_STAGE):latest
+	docker push $(ECR_URL_STAGE):$(shell git describe --always)
+
+### If this is a Lambda repo, uncomment the two lines below     ###
+# update-lambda-stage: ## Updates the lambda with whatever is the most recent image in the ecr (intended for developer-based manual update)
+#	aws lambda update-function-code --function-name $(FUNCTION_STAGE) --image-uri $(ECR_URL_STAGE):latest