diff --git a/.github/workflows/cicd-2-publish.yaml b/.github/workflows/cicd-2-publish.yaml index b35f7c76..716d1b4e 100644 --- a/.github/workflows/cicd-2-publish.yaml +++ b/.github/workflows/cicd-2-publish.yaml @@ -117,6 +117,19 @@ jobs: make terraform env=$ENVIRONMENT stack=api-layer tf-command=apply workspace=$WORKSPACE working-directory: ./infrastructure + - name: "Extract S3 bucket name from Terraform output" + id: tf_output + run: | + BUCKET=$(terraform output -raw lambda_artifact_bucket) + echo "bucket_name=$BUCKET" >> $GITHUB_OUTPUT + working-directory: ./infrastructure/stacks/api-layer + + - name: "Upload lambda artifact to S3" + run: | + aws s3 cp ./build/lambda.zip \ + s3://${{ steps.tf_output.outputs.bucket_name }}/artifacts/${{ needs.metadata.outputs.tag }}/lambda.zip \ + --region eu-west-2 + - name: "Tag the dev deployment" run: | git config user.name "github-actions" diff --git a/.github/workflows/cicd-3-test-deploy.yaml b/.github/workflows/cicd-3-test-deploy.yaml index c386c969..746ef638 100644 --- a/.github/workflows/cicd-3-test-deploy.yaml +++ b/.github/workflows/cicd-3-test-deploy.yaml @@ -18,6 +18,7 @@ jobs: outputs: terraform_version: ${{ steps.vars.outputs.terraform_version }} tag: ${{ steps.tag.outputs.name }} + promoted_environment: ${{ steps.promoted_env.outputs.promoted_environment }} steps: - name: "Checkout exact commit from CI/CD publish" uses: actions/checkout@v5 @@ -42,6 +43,62 @@ jobs: echo "name=$TAG" >> $GITHUB_OUTPUT echo "Resolved tag: $TAG" + - name: "Resolve promoted environment" + id: promoted_env + run: | + ENV="${{ steps.variables.outputs.environment }}" + if [[ "$ENV" == "test" ]]; then + echo "promoted_environment=dev" >> $GITHUB_OUTPUT + elif [[ "$ENV" == "preprod" ]]; then + echo "promoted_environment=test" >> $GITHUB_OUTPUT + elif [[ "$ENV" == "prod" ]]; then + echo "promoted_environment=preprod" >> $GITHUB_OUTPUT + else + echo "promoted_environment=$ENV" >> $GITHUB_OUTPUT + fi + + download-lambda-artifact: + name: "Fetch the lambda artifact from previous stage" + runs-on: ubuntu-latest + needs: [ metadata ] + timeout-minutes: 45 + permissions: + id-token: write + contents: write + environment: ${{ needs.metadata.outputs.promoted_environment }} + steps: + - name: "Checkout repository at ref" + uses: actions/checkout@v5 + with: + ref: ${{ needs.metadata.outputs.ref }} + fetch-depth: 0 + + - name: "Configure AWS Credentials" + uses: aws-actions/configure-aws-credentials@v5 + with: + role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/service-roles/github-actions-api-deployment-role + aws-region: eu-west-2 + + - name: "Extract S3 bucket name from Terraform output" + id: tf_output + run: | + BUCKET=$(terraform output -raw lambda_artifact_bucket) + echo "bucket_name=$BUCKET" >> $GITHUB_OUTPUT + working-directory: ./infrastructure/stacks/api-layer + + - name: "Download lambda artifact from S3" + run: | + aws s3 cp \ + s3://${{ steps.tf_output.outputs.bucket_name }}/artifacts/${{ needs.metadata.outputs.tag }}/lambda.zip \ + ./build/lambda.zip \ + --region eu-west-2 + + - name: "Upload lambda artifact for the current workflow" + uses: actions/upload-artifact@v4 + with: + name: lambda-${{ needs.metadata.outputs.tag }} + path: ./build/lambda.zip + deploy: name: "Deploy to TEST (approval required)" runs-on: ubuntu-latest @@ -78,7 +135,6 @@ jobs: with: name: lambda-${{ needs.metadata.outputs.tag }} path: ./build - run-id: ${{ github.event.workflow_run.id }} - name: "Terraform Apply (TEST)" env: