perry2004.github.io/.github/workflows/build-lambda-image.yaml at main · Perry2004/perry2004.github.io · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
# Build and push the script image to ECR, which will be used by Lambda functions.
name: Build Container-Based Lambda Image and Push to ECR
on:
  push:
    branches:
      - main
    paths:
      - scripts/**
  workflow_dispatch:
jobs:
  build-and-push-lambda-to-ecr:
    runs-on: ubuntu-latest
    permissions:
      id-token: write
      contents: read
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          role-to-assume: ${{ secrets.AWS_IAM_ROLE_ARN }}
          aws-region: ${{ vars.AWS_REGION }}
      - name: Log in to Amazon ECR
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v2

      - name: Build, tag, and push image to Amazon ECR
        id: build-image
        env:
          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
          ECR_REPOSITORY: ${{ vars.ECR_REPOSITORY_LAMBDA }}
          AWS_S3_BUCKET_NAME: ${{ vars.AWS_S3_BUCKET }}
          CLOUDFRONT_DISTRIBUTION_ID: ${{ vars.CLOUDFRONT_DISTRIBUTION_ID }}
        run: |
          # Build the Docker image from the 'scripts' directory.
          # This assumes your Dockerfile is located in 'scripts/Dockerfile'.
          docker buildx build --platform linux/amd64 --provenance=false -f ./scripts/Dockerfile.script --build-arg AWS_S3_BUCKET_NAME=${AWS_S3_BUCKET_NAME} --build-arg CLOUDFRONT_DISTRIBUTION_ID=${CLOUDFRONT_DISTRIBUTION_ID} -t $ECR_REGISTRY/$ECR_REPOSITORY:latest ./scripts

          # Push the built image to ECR
          docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest

          # Output the full image URI for use in subsequent steps
          echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:latest" >> $GITHUB_OUTPUT

      - name: "Trigger Terraform Cloud Run"
        run: |
          WORKSPACE_ID="${{ vars.TFC_WORKSPACE_ID_PWP_LAMBDA }}"

          cat > payload.json <<EOF
          {
            "data": {
              "attributes": {
                "message": "Run triggered from PWP lambda update by commit ${{ github.sha }}"
              },
              "type": "runs",
              "relationships": {
                "workspace": {
                  "data": {
                    "type": "workspaces",
                    "id": "$WORKSPACE_ID"
                  }
                }
              }
            }
          }
          EOF

          curl --fail \
            --header "Authorization: Bearer ${{ secrets.TFC_API_TOKEN }}" \
            --header "Content-Type: application/vnd.api+json" \
            --request POST \
            --data @payload.json \
            https://app.terraform.io/api/v2/runs
        env:
          TF_API_TOKEN: ${{ secrets.TFC_API_TOKEN }}
          GITHUB_SHA: ${{ github.sha }}