upload artifacts to s3 for reuse

Karthikeyannhs · Karthikeyannhs · commit 1e1f85cfb23f · 2025-09-30T13:04:02.000+01:00
diff --git a/.github/workflows/cicd-3-test-deploy.yaml b/.github/workflows/cicd-3-test-deploy.yaml
@@ -103,6 +103,19 @@ jobs:
           make terraform env=$ENVIRONMENT stack=api-layer tf-command=apply workspace=$WORKSPACE
         working-directory: ./infrastructure
 
+      - name: "Extract S3 bucket name from Terraform output"
+        id: tf_output
+        run: |
+          BUCKET=$(terraform output -raw lambda_artifact_bucket)
+          echo "bucket_name=$BUCKET" >> $GITHUB_OUTPUT
+        working-directory: ./infrastructure/stacks/api-layer
+
+      - name: "Upload lambda artifact to S3"
+        run: |
+          aws s3 cp ./build/lambda.zip \
+            s3://${{ steps.tf_output.outputs.bucket_name }}/artifacts/${{ needs.metadata.outputs.version }}/lambda.zip \
+            --region eu-west-2
+
   regression-tests:
     name: "Regression Tests"
     needs: deploy
diff --git a/infrastructure/stacks/api-layer/s3_buckets.tf b/infrastructure/stacks/api-layer/s3_buckets.tf
@@ -25,3 +25,16 @@ module "s3_firehose_backup_bucket" {
   stack_name   = local.stack_name
   workspace    = terraform.workspace
 }
+
+module "s3_lambda_artifact_bucket" {
+  source       = "../../modules/s3"
+  bucket_name  = "eli-artifacts"
+  environment  = var.environment
+  project_name = var.project_name
+  stack_name   = local.stack_name
+  workspace    = terraform.workspace
+}
+
+output "lambda_artifact_bucket" {
+  value = module.s3_lambda_artifact_bucket.storage_bucket_name
+}
diff --git a/infrastructure/stacks/iams-developer-roles/github_actions_policies.tf b/infrastructure/stacks/iams-developer-roles/github_actions_policies.tf
@@ -195,7 +195,11 @@ resource "aws_iam_policy" "s3_management" {
           "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-splunk",
           "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-splunk/*",
           "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-splunk-access-logs",
-          "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-splunk-access-logs/*"
+          "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-splunk-access-logs/*",
+          "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-artifacts",
+          "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-artifacts/*",
+          "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-artifacts-access-logs",
+          "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-artifacts-access-logs/*",
         ]
       }
     ]

Original file line number	Diff line number	Diff line change
`@@ -195,7 +195,11 @@ resource "aws_iam_policy" "s3_management" {`
`195`	`195`	`"arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-splunk",`
`196`	`196`	`"arn:aws:s3:::eligibility-signposting-api-${var.environment}-eli-splunk/",`
`197`	`197`	`"arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-splunk-access-logs",`
`198`		`- "arn:aws:s3:::eligibility-signposting-api-${var.environment}-eli-splunk-access-logs/"`
	`198`	`+ "arn:aws:s3:::eligibility-signposting-api-${var.environment}-eli-splunk-access-logs/",`
	`199`	`+ "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-artifacts",`
	`200`	`+ "arn:aws:s3:::eligibility-signposting-api-${var.environment}-eli-artifacts/",`
	`201`	`+ "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-eli-artifacts-access-logs",`
	`202`	`+ "arn:aws:s3:::eligibility-signposting-api-${var.environment}-eli-artifacts-access-logs/",`
`199`	`203`	`]`
`200`	`204`	`}`
`201`	`205`	`]`