-
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdeploy-aws-lambda.yml
More file actions
132 lines (115 loc) · 3.57 KB
/
deploy-aws-lambda.yml
File metadata and controls
132 lines (115 loc) · 3.57 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
name: Deploy to AWS Lambda
on:
push:
branches: [main]
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions:
id-token: write
contents: read
jobs:
deploy:
name: Deploy Lambda Function
runs-on: ubuntu-latest
environment: production
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'npm'
- name: Install dependencies
run: npm ci --production
- name: Build
run: npm run build --if-present
- name: Create deployment package
run: |
cd dist
zip -r ../function.zip .
cd ..
zip -ur function.zip node_modules
- name: Configure AWS credentials (OIDC)
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
aws-region: ${{ vars.AWS_REGION || 'us-east-1' }}
- name: Deploy to Lambda
run: |
aws lambda update-function-code \
--function-name ${{ secrets.LAMBDA_FUNCTION_NAME }} \
--zip-file fileb://function.zip
- name: Wait for update
run: |
aws lambda wait function-updated \
--function-name ${{ secrets.LAMBDA_FUNCTION_NAME }}
- name: Publish new version
id: publish
run: |
VERSION=$(aws lambda publish-version \
--function-name ${{ secrets.LAMBDA_FUNCTION_NAME }} \
--query 'Version' --output text)
echo "version=$VERSION" >> $GITHUB_OUTPUT
# Optional: Update alias to point to new version
# - name: Update alias
# run: |
# aws lambda update-alias \
# --function-name ${{ secrets.LAMBDA_FUNCTION_NAME }} \
# --name production \
# --function-version ${{ steps.publish.outputs.version }}
# Alternative: Deploy with SAM
# deploy-sam:
# name: Deploy with SAM
# runs-on: ubuntu-latest
# environment: production
# steps:
# - uses: actions/checkout@v4
# - uses: aws-actions/setup-sam@v2
# - uses: aws-actions/configure-aws-credentials@v4
# with:
# role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
# aws-region: us-east-1
# - run: sam build
# - run: sam deploy --no-confirm-changeset --no-fail-on-empty-changeset
# Alternative: Deploy with Serverless Framework
# deploy-serverless:
# name: Deploy with Serverless
# runs-on: ubuntu-latest
# environment: production
# steps:
# - uses: actions/checkout@v4
# - uses: actions/setup-node@v4
# with:
# node-version: '20'
# cache: 'npm'
# - run: npm ci
# - run: npx serverless deploy --stage production
# env:
# AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
# AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
# Required secrets:
# - AWS_ROLE_ARN: ARN of the IAM role to assume (for OIDC)
# - LAMBDA_FUNCTION_NAME: Name of the Lambda function
#
# Optional variables:
# - AWS_REGION: AWS region (defaults to us-east-1)
#
# IAM Role Permissions Policy:
# {
# "Version": "2012-10-17",
# "Statement": [
# {
# "Effect": "Allow",
# "Action": [
# "lambda:UpdateFunctionCode",
# "lambda:PublishVersion",
# "lambda:UpdateAlias",
# "lambda:GetFunction"
# ],
# "Resource": "arn:aws:lambda:REGION:ACCOUNT_ID:function:FUNCTION_NAME"
# }
# ]
# }