Merge pull request #6 from chrispsheehan/deploy-stages

Deploy stages

.github/actions/terraform_action/action.yml

@@ -1,4 +1,4 @@
-name: Terraform code checks
+name: Terraform action wrapper
 
 inputs:
   aws_account_id:
@@ -13,6 +13,9 @@ inputs:
   terraform_action:
     description: 'Terraform action to preform either apply/destroy'
     required: true
+  stage:
+    description: 'Terraform workspace/environment to be assumed i.e. qa/dev etc'
+    required: true
 
 runs:
   using: composite
@@ -29,6 +32,12 @@ runs:
       with:
         fetch-depth: 0
 
+    - name: Select Workspace
+      shell: bash
+      run: |
+        cd tf
+        terraform select -or-create ${{ inputs.stage }}
+
     - name: Init
       shell: bash
       run: |
@@ -39,4 +48,4 @@ runs:
       shell: bash
       run: |
         cd tf
-        terraform ${{ inputs.terraform_action }} -auto-approve
+        terraform ${{ inputs.terraform_action }} -auto-approve -var function-stage=${{ inputs.stage }}

.github/workflows/deploy-dev.yml

@@ -10,8 +10,27 @@ env:
   aws_account_id: ${{ vars.AWS_ACCOUNT_ID }}
   aws_region: ${{ vars.AWS_REGION }}
   aws_role: ${{ vars.AWS_ROLE }}
+  stage: dev
 
 jobs:
+  terraform-select-workspace:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - name: checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Terraform Checks
+        uses: ./.github/actions/terraform_check
+        with:
+          aws_account_id: ${{ env.aws_account_id }}
+          aws_region: ${{ env.aws_region }}
+          aws_role: ${{ env.aws_role }}
+
   terraform-check:
     runs-on: ubuntu-latest
     timeout-minutes: 10

tf/data.tf

@@ -18,6 +18,6 @@ data "aws_iam_policy_document" "assume_role" {
 }
 
 resource "aws_iam_role" "iam_for_lambda" {
-  name               = "${var.function-name}-iam"
+  name               = "${local.lambda-name}-iam"
   assume_role_policy = data.aws_iam_policy_document.assume_role.json
 }

tf/main.tf

@@ -4,15 +4,15 @@ resource "aws_s3_bucket" "lambda-bucket" {
 
 resource "aws_s3_object" "lambda-zip" {
   bucket        = aws_s3_bucket.lambda-bucket.id
-  key           = var.function-name
+  key           = local.lambda-name
   source        = data.archive_file.source.output_path
   etag          = filemd5(data.archive_file.source.output_path)
   force_destroy = true
 }
 
 resource "aws_lambda_function" "lambda" {
   filename      = data.archive_file.source.output_path
-  function_name = var.function-name
+  function_name = local.lambda-name
   role          = aws_iam_role.iam_for_lambda.arn
   handler       = "app.handler"
   runtime       = local.lambda-runtime
@@ -25,15 +25,15 @@ resource "aws_lambda_function" "lambda" {
 }
 
 resource "aws_lambda_permission" "this" {
-  statement_id  = "${var.function-name}-AllowAPIGatewayInvoke"
+  statement_id  = "${local.lambda-name}-AllowAPIGatewayInvoke"
   action        = "lambda:InvokeFunction"
   function_name = aws_lambda_function.lambda.function_name
   principal     = "apigateway.amazonaws.com"
 }
 
 resource "aws_api_gateway_rest_api" "this" {
-  name        = "${var.function-name}-APIGateway"
-  description = "${var.function-name} API Gateway"
+  name        = "${local.lambda-name}-APIGateway"
+  description = "${local.lambda-name} API Gateway"
 }
 
 resource "aws_api_gateway_resource" "this" {

tf/output.tf

@@ -1,3 +1,7 @@
 output "api_gateway_url" {
-  value = "curl -X GET ${aws_api_gateway_deployment.this.invoke_url}${aws_api_gateway_stage.this.stage_name}/hello"
-}
+  value = "${aws_api_gateway_deployment.this.invoke_url}${aws_api_gateway_stage.this.stage_name}"
+}
+
+output "function_name" {
+  value = aws_lambda_function.lambda.function_name
+}