fix artefact deployment

.github/workflows/cicd-2-publish.yaml

@@ -117,6 +117,19 @@ jobs:
           make terraform env=$ENVIRONMENT stack=api-layer tf-command=apply workspace=$WORKSPACE
         working-directory: ./infrastructure
 
+      - name: "Extract S3 bucket name from Terraform output"
+        id: tf_output
+        run: |
+          BUCKET=$(terraform output -raw lambda_artifact_bucket)
+          echo "bucket_name=$BUCKET" >> $GITHUB_OUTPUT
+        working-directory: ./infrastructure/stacks/api-layer
+
+      - name: "Upload lambda artifact to S3"
+        run: |
+          aws s3 cp ./build/lambda.zip \
+            s3://${{ steps.tf_output.outputs.bucket_name }}/artifacts/${{ needs.metadata.outputs.tag }}/lambda.zip \
+            --region eu-west-2
+
       - name: "Tag the dev deployment"
         run: |
           git config user.name "github-actions"

.github/workflows/cicd-3-test-deploy.yaml

@@ -18,6 +18,7 @@ jobs:
     outputs:
       terraform_version: ${{ steps.vars.outputs.terraform_version }}
       tag: ${{ steps.tag.outputs.name }}
+      promoted_environment: ${{ steps.promoted_env.outputs.promoted_environment }}
     steps:
       - name: "Checkout exact commit from CI/CD publish"
         uses: actions/checkout@v5
@@ -42,6 +43,62 @@ jobs:
           echo "name=$TAG" >> $GITHUB_OUTPUT
           echo "Resolved tag: $TAG"
 
+      - name: "Resolve promoted environment"
+        id: promoted_env
+        run: |
+          ENV="${{ steps.variables.outputs.environment }}"
+          if [[ "$ENV" == "test" ]]; then
+            echo "promoted_environment=dev" >> $GITHUB_OUTPUT
+          elif [[ "$ENV" == "preprod" ]]; then
+            echo "promoted_environment=test" >> $GITHUB_OUTPUT
+          elif [[ "$ENV" == "prod" ]]; then
+            echo "promoted_environment=preprod" >> $GITHUB_OUTPUT
+          else
+            echo "promoted_environment=$ENV" >> $GITHUB_OUTPUT
+          fi
+
+  download-lambda-artifact:
+    name: "Fetch the lambda artifact from previous stage"
+    runs-on: ubuntu-latest
+    needs: [ metadata ]
+    timeout-minutes: 45
+    permissions:
+      id-token: write
+      contents: write
+    environment: ${{ needs.metadata.outputs.promoted_environment }}
+    steps:
+      - name: "Checkout repository at ref"
+        uses: actions/checkout@v5
+        with:
+          ref: ${{ needs.metadata.outputs.ref }}
+          fetch-depth: 0
+
+      - name: "Configure AWS Credentials"
+        uses: aws-actions/configure-aws-credentials@v5
+        with:
+          role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/service-roles/github-actions-api-deployment-role
+          aws-region: eu-west-2
+
+      - name: "Extract S3 bucket name from Terraform output"
+        id: tf_output
+        run: |
+          BUCKET=$(terraform output -raw lambda_artifact_bucket)
+          echo "bucket_name=$BUCKET" >> $GITHUB_OUTPUT
+        working-directory: ./infrastructure/stacks/api-layer
+
+      - name: "Download lambda artifact from S3"
+        run: |
+          aws s3 cp \
+            s3://${{ steps.tf_output.outputs.bucket_name }}/artifacts/${{ needs.metadata.outputs.tag }}/lambda.zip \
+            ./build/lambda.zip \
+            --region eu-west-2
+
+      - name: "Upload lambda artifact for the current workflow"
+        uses: actions/upload-artifact@v4
+        with:
+          name: lambda-${{ needs.metadata.outputs.tag }}
+          path: ./build/lambda.zip
+
   deploy:
     name: "Deploy to TEST (approval required)"
     runs-on: ubuntu-latest
@@ -78,7 +135,6 @@ jobs:
         with:
           name: lambda-${{ needs.metadata.outputs.tag }}
           path: ./build
-          run-id: ${{ github.event.workflow_run.id }}
 
       - name: "Terraform Apply (TEST)"
         env: