categorisation terraform

2026-06-08 11:17:27 +00:00 · 2026-02-16 15:05:42 +00:00 · 2026-02-16 15:05:42 +00:00 · 7246c95345
commit 7246c95345
parent 8cf2d9d95a
5 changed files with 126 additions and 0 deletions
--- a/.github/workflows/deploy_terraform.yml
+++ b/.github/workflows/deploy_terraform.yml
@ -189,6 +189,46 @@ jobs:
      ecr_repo: condition-etl-${{ needs.determine_stage.outputs.stage }}
      image_digest: ${{ needs.condition_etl_image.outputs.image_digest }}
      terraform_apply: ${{ needs.determine_stage.outputs.terraform_apply }}
+    secrets:
+      AWS_ACCESS_KEY_ID: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }}
+      AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }}
+      AWS_REGION: ${{ secrets.DEV_AWS_REGION }}
+
+  # ============================================================
+  # Categorisation image and Push
+  # ============================================================
+  categorisation_image:
+    needs: [determine_stage, shared_terraform]
+    uses: ./.github/workflows/_build_image.yml
+    with:
+      ecr_repo: categorisation-${{ needs.determine_stage.outputs.stage }}
+      dockerfile_path: backend/categorisation/handler/Dockerfile
+      build_context: .
+      build_args: |
+        DEV_DB_HOST=$DEV_DB_HOST
+        DEV_DB_PORT=$DEV_DB_PORT
+        DEV_DB_NAME=$DEV_DB_NAME
+    secrets:
+      AWS_ACCESS_KEY_ID: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }}
+      AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }}
+      AWS_REGION: ${{ secrets.DEV_AWS_REGION }}
+      DEV_DB_HOST: ${{ secrets.DEV_DB_HOST }}
+      DEV_DB_PORT: ${{ secrets.DEV_DB_PORT }}
+      DEV_DB_NAME: ${{ secrets.DEV_DB_NAME }}
+
+  # ============================================================
+  # Deploy Categorisation Lambda
+  # ============================================================
+  condition_etl_lambda:
+    needs: [categorisation_image, determine_stage]
+    uses: ./.github/workflows/_deploy_lambda.yml
+    with:
+      lambda_name: categorisation
+      lambda_path: infrastructure/terraform/lambda/categorisation
+      stage: ${{ needs.determine_stage.outputs.stage }}
+      ecr_repo: categorisation-${{ needs.determine_stage.outputs.stage }}
+      image_digest: ${{ needs.categorisation_image.outputs.image_digest }}
+      terraform_apply: ${{ needs.determine_stage.outputs.terraform_apply }}
    secrets:
      AWS_ACCESS_KEY_ID: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }}
      AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }}
--- a/infrastructure/terraform/lambda/categorisation/main.tf
+++ b/infrastructure/terraform/lambda/categorisation/main.tf
@ -0,0 +1,27 @@
+data "terraform_remote_state" "shared" {
+  backend = "s3"
+  config = {
+    bucket = "assessment-model-terraform-state"
+    key = "env:/${var.stage}/terraform.tfstate"
+    region = "eu-west-2"
+  }
+}
+
+module "lambda" {
+  source = "../modules/lambda_with_sqs"
+
+  name  = "categorisation"
+  stage = var.stage
+
+  image_uri = local.image_uri
+
+
+  environment = merge(
+    {
+      STAGE = var.stage
+      LOG_LEVEL = "info"
+      DB_USERNAME = local.db_credentials.db_assessment_model_username
+      DB_PASSWORD = local.db_credentials.db_assessment_model_password
+    }
+  )
+}
--- a/infrastructure/terraform/lambda/categorisation/provider.tf
+++ b/infrastructure/terraform/lambda/categorisation/provider.tf
@ -0,0 +1,16 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4.16"
+    }
+  }
+
+  backend "s3" {
+    bucket = REPLACE_ME
+    key    = "terraform.tfstate"
+    region = "eu-west-2"
+  }
+
+  required_version = ">= 1.2.0"
+}
--- a/infrastructure/terraform/lambda/categorisation/variables.tf
+++ b/infrastructure/terraform/lambda/categorisation/variables.tf
@ -0,0 +1,27 @@
+variable "lambda_name" {
+  type        = string
+  description = "Logical name of the lambda (e.g. address2uprn)"
+}
+
+variable "stage" {
+  description = "Deployment stage (e.g. dev, prod)"
+  type        = string
+}
+variable "ecr_repo_url" {
+  type        = string
+  description = "ECR repository URL (no tag, no digest)"
+}
+
+variable "image_digest" {
+  type        = string
+  description = "Image digest (sha256:...)"
+}
+
+
+locals {
+  image_uri = "${var.ecr_repo_url}@${var.image_digest}"
+}
+
+output "resolved_image_uri" {
+  value = local.image_uri
+}
--- a/infrastructure/terraform/shared/main.tf
+++ b/infrastructure/terraform/shared/main.tf
@ -392,4 +392,20 @@ module "postcode_splitter_s3_read" {

 output "postcode_splitter_s3_read_arn" {
  value = module.postcode_splitter_s3_read.policy_arn
+}
+
+################################################
+# Categorisation – Lambda ECR
+################################################
+module "categorisation_state_bucket" {
+  source      = "../modules/tf_state_bucket"
+  bucket_name = "categorisation-terraform-state"
+
+}
+
+module "categorisation_registry" {
+  source = "../modules/container_registry"
+  name   = "categorisation"
+  stage = var.stage
+
 }