11name : Update Lambda Permissions
2- run-name : Updating permissions on ${{ inputs.environment }} using ${{ inputs.branch_name }} by ${{ github.actor }}
2+ run-name : Updating permissions on ${{ inputs.stack_name }} using ${{ inputs.branch_name }} by ${{ github.actor }}
33
44on :
55 workflow_dispatch :
1111 type : environment
1212
1313 stack_name :
14- description : Name of stack to apply permissions to
14+ description : Stack to update
1515 required : true
1616 type : string
1717
1818 branch_name :
1919 description : Branch to deploy
2020 required : true
2121
22+ strict_versioning :
23+ description : Use strict versioning (recommended)
24+ required : true
25+ type : boolean
26+ default : true
27+
2228permissions :
2329 id-token : write
2430 contents : read
@@ -69,18 +75,23 @@ jobs:
6975
7076name : Check deployed version matches build version
7177 run : |
72- this_version="$(./scripts/get-current-info.sh) | jq -r .version)"
78+ this_version="$(./scripts/get-current-info.sh | jq -r .version)"
7379 deployed_version="$(terraform -chdir=terraform/infrastructure output --raw version)"
7480
75- if [ "${deployed_version}" != "${this_version}" ]; then
76- echo "Deployed version is ${deployed_version}, not ${this_version}"
77- exit 1
78- fi
81+ echo "code-version=${this_version} deployed-version=${deployed_version}"
7982
80- echo "Deployed version matches this version: ${deployed_version}"
83+ if [ "${deployed_version}" != "${this_version}" ]
84+ then
85+ echo "${this_version} does not match deployed version: ${deployed_version}" 1>&2
86+
87+ if [ "${{ inputs.strict_versioning }}" == "true" ]; then
88+ echo "Strict version checking failed, cancelling workflow" 1>&2
89+ exit 1
90+ fi
91+ fi
8192
8293build-permissions :
83- name : Build permissions for ${{ inputs.environment }}
94+ name : Build permissions
8495 runs-on : [self-hosted, ci]
8596 environment : ${{ inputs.environment }}
8697
@@ -130,7 +141,7 @@ jobs:
130141 path : dist/nrlf_permissions.zip
131142
132143 pull-deployed-lambdas :
133- name : Pull deployed lambdas from ${{ inputs.stack_name }}
144+ name : Pull deployed lambdas
134145 runs-on : [self-hosted, ci]
135146 environment : ${{ inputs.environment }}
136147
@@ -169,7 +180,7 @@ jobs:
169180 path : dist/*.zip
170181
171182 terraform-plan :
172- name : Plan changes to ${{ inputs.stack_name }} for ${{ inputs.environment }}
183+ name : Plan changes
173184 runs-on : [self-hosted, ci]
174185 environment : ${{ inputs.environment }}
175186
@@ -181,11 +192,30 @@ jobs:
181192 with :
182193 ref : ${{ github.ref }}
183194
195+ - name : Setup asdf cache
196+ uses : actions/cache@v4
197+ with :
198+ path : ~/.asdf
199+ key : ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }}
200+ restore-keys : |
201+ ${{ runner.os }}-asdf-
202+
203+ name : Install asdf
204+ uses :
asdf-vm/actions/[email protected] 205+
206+ - name : Install zip
207+ run : sudo apt-get install zip
208+
209+ - name : Setup Python environment
210+ run : |
211+ poetry install --no-root
212+ source $(poetry env info --path)/bin/activate
213+
184214name : Restore pulled lambda artifacts
185215 uses : actions/cache/restore@v4
186216 with :
187217 key : ${{ github.run_id }}-pulled-lambda-artifacts
188- path : ./ dist
218+ path : dist/*.zip
189219 fail-on-cache-miss : true
190220
191221 - name : Restore NRLF permissions cache
@@ -223,7 +253,7 @@ jobs:
223253 aws s3 cp terraform/infrastructure/tfplan.txt s3://nhsd-nrlf--mgmt--github-ci-logging/${{ inputs.environment }}/${{ github.run_id }}/tfplan.txt
224254
225255terraform-apply :
226- name : Apply permissions to ${{ inputs.stack_name }} for ${{ inputs.environment }}
256+ name : Apply permissions
227257 runs-on : [self-hosted, ci]
228258 environment : ${{ inputs.environment }}
229259
@@ -239,7 +269,7 @@ jobs:
239269 uses : actions/cache/restore@v4
240270 with :
241271 key : ${{ github.run_id }}-pulled-lambda-artifacts
242- path : ./ dist
272+ path : dist/*.zip
243273 fail-on-cache-miss : true
244274
245275 - name : Restore NRLF permissions cache
0 commit comments