Removes unrequired file #133
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Lambda Deployment | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - "terraform/states/environments/aws/my-aws-account/eu-north-1/dev-stockholm-1/lambda/**" | |
| - ".github/workflows/order_retrieval_deployments.yml" | |
| workflow_dispatch: | |
| permissions: | |
| id-token: write | |
| contents: write | |
| defaults: | |
| run: | |
| shell: bash | |
| env: | |
| AWS_REGION: "eu-north-1" | |
| ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }} | |
| ECR_REPO: "order-retrieval" | |
| LAMBDA_FUNCTION_NAME: "order-retrieval" | |
| IMAGE_TAG: "latest" | |
| TG_DIR: "terraform/states/environments/aws/my-aws-account/eu-north-1/dev-stockholm-1/lambda/order-retrieval" | |
| MD5_FILE: "terraform/states/environments/aws/my-aws-account/eu-north-1/dev-stockholm-1/lambda/order-retrieval/lambda_code.md5" | |
| jobs: | |
| deploy: | |
| name: Deploy Order Retrieval | |
| runs-on: ubuntu-latest | |
| steps: | |
| # === SETUP STAGE === | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Install Terraform & Terragrunt | |
| run: | | |
| TEMP_DIR=$(mktemp -d) | |
| cd $TEMP_DIR | |
| curl -LO https://releases.hashicorp.com/terraform/1.5.5/terraform_1.5.5_linux_amd64.zip | |
| unzip -o terraform_1.5.5_linux_amd64.zip | |
| curl -LO https://github.com/gruntwork-io/terragrunt/releases/download/v0.45.12/terragrunt_linux_amd64 | |
| sudo install -o root -g root -m 0755 terraform /usr/local/bin/terraform | |
| sudo install -o root -g root -m 0755 terragrunt_linux_amd64 /usr/local/bin/terragrunt | |
| cd - | |
| rm -rf $TEMP_DIR | |
| - name: Configure AWS credentials (OIDC) | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| role-to-assume: arn:aws:iam::${{ env.ACCOUNT_ID }}:role/aidoc-devops2-ex-github-oidc-auth | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Assume `github-actions-workflows` Role | |
| id: assume-role | |
| run: | | |
| CREDENTIALS=$(aws sts assume-role \ | |
| --role-arn "arn:aws:iam::${{ env.ACCOUNT_ID }}:role/aidoc-devops2-ex-github-actions-workflows" \ | |
| --role-session-name "GitHubActionsSession") | |
| echo "AWS_ACCESS_KEY_ID=$(echo $CREDENTIALS | jq -r '.Credentials.AccessKeyId')" >> $GITHUB_ENV | |
| echo "AWS_SECRET_ACCESS_KEY=$(echo $CREDENTIALS | jq -r '.Credentials.SecretAccessKey')" >> $GITHUB_ENV | |
| echo "AWS_SESSION_TOKEN=$(echo $CREDENTIALS | jq -r '.Credentials.SessionToken')" >> $GITHUB_ENV | |
| # === CODE CHANGE DETECTION === | |
| - name: Compute MD5 Hash of Lambda Code | |
| id: compute-md5 | |
| run: | | |
| NEW_MD5=$(find ${{ env.TG_DIR }}/lambda_source_code -type f -exec md5sum {} + | sort | md5sum | awk '{ print $1 }') | |
| echo "NEW_MD5=${NEW_MD5}" >> $GITHUB_ENV | |
| if [[ -f "${{ env.MD5_FILE }}" ]]; then | |
| OLD_MD5=$(cat "${{ env.MD5_FILE }}") | |
| echo "OLD_MD5=${OLD_MD5}" >> $GITHUB_ENV | |
| else | |
| OLD_MD5="none" | |
| fi | |
| - name: Check if Code Has Changed | |
| id: check-md5 | |
| run: | | |
| if [[ "${{ env.NEW_MD5 }}" == "${{ env.OLD_MD5 }}" ]]; then | |
| echo "CODE_CHANGED=false" >> $GITHUB_ENV | |
| else | |
| echo "CODE_CHANGED=true" >> $GITHUB_ENV | |
| fi | |
| # === DOCKER BUILD & PUSH === | |
| - name: Login to Amazon ECR | |
| if: env.CODE_CHANGED == 'true' | |
| run: | | |
| aws ecr get-login-password --region ${{ env.AWS_REGION }} | \ | |
| docker login --username AWS --password-stdin ${{ env.ACCOUNT_ID }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com | |
| - name: Build and Push Docker image | |
| if: env.CODE_CHANGED == 'true' | |
| run: | | |
| docker build -t ${{ env.ECR_REPO }}:${{ env.IMAGE_TAG }} ./${{ env.TG_DIR }}/lambda_source_code | |
| docker tag ${{ env.ECR_REPO }}:${{ env.IMAGE_TAG }} ${{ env.ACCOUNT_ID }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com/${{ env.ECR_REPO }}:${{ env.IMAGE_TAG }} | |
| docker push ${{ env.ACCOUNT_ID }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com/${{ env.ECR_REPO }}:${{ env.IMAGE_TAG }} | |
| - name: Retrieve Latest ECR Image Digest | |
| if: env.CODE_CHANGED == 'true' | |
| id: get-ecr-digest | |
| run: | | |
| IMAGE_DIGEST=$(aws ecr describe-images \ | |
| --repository-name ${{ env.ECR_REPO }} \ | |
| --region ${{ env.AWS_REGION }} \ | |
| --query "sort_by(imageDetails,& imagePushedAt)[-1].imageDigest" \ | |
| --output text) | |
| echo "IMAGE_URI=${{ env.ACCOUNT_ID }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com/${{ env.ECR_REPO }}@${IMAGE_DIGEST}" >> $GITHUB_ENV | |
| # === INFRASTRUCTURE UPDATE === | |
| - name: Configure Git | |
| if: env.CODE_CHANGED == 'true' | |
| run: | | |
| git config --global user.name 'GitHub Actions Bot' | |
| git config --global user.email 'github-actions[bot]@users.noreply.github.com' | |
| - name: Save and Push MD5 Hash | |
| if: env.CODE_CHANGED == 'true' | |
| run: | | |
| git fetch origin main | |
| git pull --rebase origin main | |
| mkdir -p $(dirname ${{ env.MD5_FILE }}) | |
| echo "${{ env.NEW_MD5 }}" > ${{ env.MD5_FILE }} | |
| if git diff --quiet ${{ env.MD5_FILE }}; then | |
| echo "No changes to MD5 hash, continuing workflow" | |
| exit 0 | |
| fi | |
| git add ${{ env.MD5_FILE }} | |
| if ! git diff --cached --quiet; then | |
| git commit -m "chore: update lambda code MD5 hash [skip ci]" | |
| git push origin main || { | |
| git pull --rebase origin main | |
| git push origin main | |
| } | |
| else | |
| echo "No changes to commit, continuing workflow" | |
| fi | |
| - name: Update Terragrunt Configuration | |
| if: env.CODE_CHANGED == 'true' | |
| working-directory: ${{ env.TG_DIR }} | |
| run: | | |
| sed -i "s|image_uri = .*|image_uri = \"${{ env.IMAGE_URI }}\"|" terragrunt.hcl | |
| - name: Apply Terraform Changes with Terragrunt | |
| working-directory: ${{ env.TG_DIR }} | |
| run: | | |
| terragrunt run-all apply --terragrunt-non-interactive --auto-approve --terragrunt-include-external-dependencies |