From 7246c953455b8a4d78cf02ed1b6b5380a93af24c Mon Sep 17 00:00:00 2001 From: Daniel Roth Date: Mon, 16 Feb 2026 15:05:42 +0000 Subject: [PATCH] categorisation terraform --- .github/workflows/deploy_terraform.yml | 40 +++++++++++++++++++ .../terraform/lambda/categorisation/main.tf | 27 +++++++++++++ .../lambda/categorisation/provider.tf | 16 ++++++++ .../lambda/categorisation/variables.tf | 27 +++++++++++++ infrastructure/terraform/shared/main.tf | 16 ++++++++ 5 files changed, 126 insertions(+) create mode 100644 infrastructure/terraform/lambda/categorisation/main.tf create mode 100644 infrastructure/terraform/lambda/categorisation/provider.tf create mode 100644 infrastructure/terraform/lambda/categorisation/variables.tf diff --git a/.github/workflows/deploy_terraform.yml b/.github/workflows/deploy_terraform.yml index 71e2ad9d..fca44a4c 100644 --- a/.github/workflows/deploy_terraform.yml +++ b/.github/workflows/deploy_terraform.yml @@ -189,6 +189,46 @@ jobs: ecr_repo: condition-etl-${{ needs.determine_stage.outputs.stage }} image_digest: ${{ needs.condition_etl_image.outputs.image_digest }} terraform_apply: ${{ needs.determine_stage.outputs.terraform_apply }} + secrets: + AWS_ACCESS_KEY_ID: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }} + AWS_REGION: ${{ secrets.DEV_AWS_REGION }} + + # ============================================================ + # Categorisation image and Push + # ============================================================ + categorisation_image: + needs: [determine_stage, shared_terraform] + uses: ./.github/workflows/_build_image.yml + with: + ecr_repo: categorisation-${{ needs.determine_stage.outputs.stage }} + dockerfile_path: backend/categorisation/handler/Dockerfile + build_context: . + build_args: | + DEV_DB_HOST=$DEV_DB_HOST + DEV_DB_PORT=$DEV_DB_PORT + DEV_DB_NAME=$DEV_DB_NAME + secrets: + AWS_ACCESS_KEY_ID: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }} + AWS_REGION: ${{ secrets.DEV_AWS_REGION }} + DEV_DB_HOST: ${{ secrets.DEV_DB_HOST }} + DEV_DB_PORT: ${{ secrets.DEV_DB_PORT }} + DEV_DB_NAME: ${{ secrets.DEV_DB_NAME }} + + # ============================================================ + # Deploy Categorisation Lambda + # ============================================================ + condition_etl_lambda: + needs: [categorisation_image, determine_stage] + uses: ./.github/workflows/_deploy_lambda.yml + with: + lambda_name: categorisation + lambda_path: infrastructure/terraform/lambda/categorisation + stage: ${{ needs.determine_stage.outputs.stage }} + ecr_repo: categorisation-${{ needs.determine_stage.outputs.stage }} + image_digest: ${{ needs.categorisation_image.outputs.image_digest }} + terraform_apply: ${{ needs.determine_stage.outputs.terraform_apply }} secrets: AWS_ACCESS_KEY_ID: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }} diff --git a/infrastructure/terraform/lambda/categorisation/main.tf b/infrastructure/terraform/lambda/categorisation/main.tf new file mode 100644 index 00000000..a402a386 --- /dev/null +++ b/infrastructure/terraform/lambda/categorisation/main.tf @@ -0,0 +1,27 @@ +data "terraform_remote_state" "shared" { + backend = "s3" + config = { + bucket = "assessment-model-terraform-state" + key = "env:/${var.stage}/terraform.tfstate" + region = "eu-west-2" + } +} + +module "lambda" { + source = "../modules/lambda_with_sqs" + + name = "categorisation" + stage = var.stage + + image_uri = local.image_uri + + + environment = merge( + { + STAGE = var.stage + LOG_LEVEL = "info" + DB_USERNAME = local.db_credentials.db_assessment_model_username + DB_PASSWORD = local.db_credentials.db_assessment_model_password + } + ) +} \ No newline at end of file diff --git a/infrastructure/terraform/lambda/categorisation/provider.tf b/infrastructure/terraform/lambda/categorisation/provider.tf new file mode 100644 index 00000000..37c412ce --- /dev/null +++ b/infrastructure/terraform/lambda/categorisation/provider.tf @@ -0,0 +1,16 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4.16" + } + } + + backend "s3" { + bucket = REPLACE_ME + key = "terraform.tfstate" + region = "eu-west-2" + } + + required_version = ">= 1.2.0" +} \ No newline at end of file diff --git a/infrastructure/terraform/lambda/categorisation/variables.tf b/infrastructure/terraform/lambda/categorisation/variables.tf new file mode 100644 index 00000000..e4bab243 --- /dev/null +++ b/infrastructure/terraform/lambda/categorisation/variables.tf @@ -0,0 +1,27 @@ +variable "lambda_name" { + type = string + description = "Logical name of the lambda (e.g. address2uprn)" +} + +variable "stage" { + description = "Deployment stage (e.g. dev, prod)" + type = string +} +variable "ecr_repo_url" { + type = string + description = "ECR repository URL (no tag, no digest)" +} + +variable "image_digest" { + type = string + description = "Image digest (sha256:...)" +} + + +locals { + image_uri = "${var.ecr_repo_url}@${var.image_digest}" +} + +output "resolved_image_uri" { + value = local.image_uri +} diff --git a/infrastructure/terraform/shared/main.tf b/infrastructure/terraform/shared/main.tf index acf8c281..2e009196 100644 --- a/infrastructure/terraform/shared/main.tf +++ b/infrastructure/terraform/shared/main.tf @@ -392,4 +392,20 @@ module "postcode_splitter_s3_read" { output "postcode_splitter_s3_read_arn" { value = module.postcode_splitter_s3_read.policy_arn +} + +################################################ +# Categorisation – Lambda ECR +################################################ +module "categorisation_state_bucket" { + source = "../modules/tf_state_bucket" + bucket_name = "categorisation-terraform-state" + +} + +module "categorisation_registry" { + source = "../modules/container_registry" + name = "categorisation" + stage = var.stage + } \ No newline at end of file