-
Notifications
You must be signed in to change notification settings - Fork 0
244 lines (222 loc) · 8.41 KB
/
deploy-lambda-function.yml
File metadata and controls
244 lines (222 loc) · 8.41 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
---
name: 'Deploy lambda function'
on:
workflow_call:
inputs:
environment:
description: 'The environment that this is being deployed to'
type: string
required: true
# Assets options
pattern:
description: 'A wildcard (or exact) pattern that points to the zip file to be downloaded whether that be gh release or an action artifact'
type: string
required: true
artifact-name:
description: 'If pulling from an action artifact, set this field to the name of the artifact that was created'
type: string
default: ''
release-tag:
description: 'If pulling from a github release, the release tag that should be pulled from'
type: string
default: ''
# AWS options
role-name: # shorthand
description: 'The name of the IAM role to assume to deploy the lambda function'
type: string
default: ''
# configure-aws-credentials inputs
aws-access-key-id:
description: 'The AWS access key id to log into ECR with'
type: string
default: ''
aws-secret-access-key:
description: 'The AWS secret access key to log into ECR with'
type: string
default: ''
aws-region:
description: 'The AWS region to log into if using ECR'
type: string
default: 'us-east-1'
role-to-assume:
description: 'Allows one to configure the assume role'
type: string
default: ''
role-duration-seconds:
description: 'Allows one to configure the duration of assume role'
type: number
default: 1200
# Deploy lambda function options
function-name:
description: 'The name of the function name'
type: string
required: true
function-tags:
description: |
Key value pairs to attach to the lambda function
Example:
function-tags: |
version=v1
owner=carl
type: string
default: ''
publish-version:
description: 'If true, a lambda version will be published'
type: boolean
default: true
version-description:
description: 'The description of the version being published (if publish-version is true)'
type: string
default: ${{ github.sha }}
update-alias:
description: 'If true, the alias will be updated to the new version'
type: boolean
default: false
alias-name:
description: 'The name of the alias to update. Required if update-alias is true'
type: string
default: ''
# s3 options
upload-to-s3:
description: 'If true and an s3-bucket is provided, the action will upload the asset to s3 before updating the lambda'
type: boolean
default: true
s3-bucket:
description: 'The s3 bucket to upload the artifact to'
type: string
default: ''
s3-key:
description: 'The path within the s3 bucket to upload the artifact to'
type: string
default: ''
# current version file
current-version-path:
description: 'If set, the version will be dumped into a file on s3 that indicates the current version'
type: string
default: ''
# slack options
notify-slack:
description: 'If true, sends a slack notification on start and end of the deploy'
type: boolean
default: false
application:
description: 'The name of the application; required if notify-slack is true'
type: string
required: false
slack-template:
description: 'The j2 template to pass to the notify-slack action'
type: string
required: false
version:
description: 'The version of the application being deployed; required if notify-slack is true'
type: string
default: ${{ github.sha }}
link:
description: 'The link to the application'
type: string
required: false
secrets:
aws-account-id:
description: 'The AWS account id that the ecr repository lives under'
required: true
github-token:
description: "GitHub Token used to authenticate against a repository for Git context"
required: false
slack-webhook-url:
description: 'The webhook URL to send the slack notification to; requires notify-slack to be true'
required: false
outputs:
published-version:
description: 'The version of the lambda function that was created, only if publish-version is true (incremented by 1 by aws)'
value: ${{ jobs.deploy-lambda-function.outputs.published-version }}
env:
DEPLOY_IAM_ROLE: arn:aws:iam::${{ secrets.aws-account-id }}:role/${{ inputs.role-name }}
defaults:
run:
shell: bash
jobs:
deploy-lambda-function:
name: 'Deploy lambda function'
runs-on: ubuntu-latest
environment: ${{ inputs.environment }}
outputs:
published-version: ${{ steps.deploy.outputs.version }}
steps:
- name: 'Notify slack of deployment started'
if: inputs.notify-slack == true
uses: shopsmart/github-actions/actions/notify-slack@v4
with:
application: ${{ inputs.application }}
environment: ${{ inputs.environment }}
link: ${{ inputs.link }}
status: started
type: deployment
template: ${{ inputs.slack-template }}
version: ${{ inputs.version }}
slack-webhook-url: ${{ secrets.slack-webhook-url }}
# pull release or artifact
- name: 'Download release assets'
shell: bash
run: gh -R "${{ github.repository }}" release download -p "${{ inputs.pattern }}" "${{ inputs.release-tag }}"
env:
GH_TOKEN: ${{ secrets.github-token || github.token }}
# Only if we are downloading assets from gh release
if: inputs.release-tag != ''
- name: 'Pull artifact'
uses: actions/download-artifact@v4
with:
name: ${{ inputs.artifact-name }}
# Only if we are pulling from an artifact
if: inputs.artifact-name != ''
# configure aws credentials
- name: 'Configure AWS credentials'
uses: aws-actions/configure-aws-credentials@v6
with:
aws-access-key-id: ${{ inputs.aws-access-key-id }}
aws-secret-access-key: ${{ inputs.aws-secret-access-key }}
aws-region: ${{ inputs.aws-region }}
role-to-assume: ${{ inputs.role-to-assume || env.DEPLOY_IAM_ROLE }}
role-duration-seconds: ${{ inputs.role-duration-seconds }}
# deploy
- name: 'Deploy'
id: deploy
uses: shopsmart/github-actions/actions/deploy-lambda-function@v4
with:
zip-file: ${{ inputs.pattern }}
function-name: ${{ inputs.function-name }}
function-tags: |
version=${{ inputs.version }}
${{ inputs.function-tags }}
publish-version: ${{ inputs.publish-version }}
version-description: ${{ inputs.version-description || inputs.version }}
update-alias: ${{ inputs.update-alias }}
alias-name: ${{ inputs.alias-name }}
upload-to-s3: ${{ inputs.upload-to-s3 }}
s3-bucket: ${{ inputs.s3-bucket }}
s3-key: ${{ inputs.s3-key }}
# current version file
- name: 'Create current version file'
if: inputs.current-version-path != ''
run: echo "${{ inputs.version }}" > current-version
- name: 'Upload current version file'
if: inputs.current-version-path != ''
run: |
s3_path="${{ inputs.s3-bucket }}/${{ inputs.current-version-path }}"
# Replace double slashes with single slashses
s3_path="${s3_path//\/\//\/}"
echo "[DEBUG] Uploading current-version to s3://$s3_path" >&2
aws s3 cp \
--content-type text/plain \
current-version "s3://$s3_path"
- name: 'Notify slack of deployment status'
if: always() && inputs.notify-slack == true
uses: shopsmart/github-actions/actions/notify-slack@v4
with:
application: ${{ inputs.application }}
environment: ${{ inputs.environment }}
link: ${{ inputs.link }}
status: ${{ job.status }}
type: deployment
template: ${{ inputs.slack-template }}
version: ${{ inputs.version }}
slack-webhook-url: ${{ secrets.slack-webhook-url }}