build image

2026-06-08 11:17:27 +00:00 · 2026-02-03 12:03:32 +00:00 · 2026-02-03 12:03:32 +00:00 · 7b1ebca790
commit 7b1ebca790
parent c6a33f3015
1 changed files with 34 additions and 15 deletions
--- a/.github/workflows/deploy_terraform.yml
+++ b/.github/workflows/deploy_terraform.yml
@ -5,18 +5,37 @@ on:
    branches:
      - "**"

-env:
-  AWS_REGION: eu-west-2
-
-  # Temporary until we have more environemnts. You'll just need export STAGE dynamically in the future
-  STAGE: dev

 jobs:
+  determine_stage:
+    runs-on: ubuntu-latest
+    outputs:
+      stage: ${{ steps.set-stage.outputs.stage }}
+
+    steps:
+      - name: Determine stage from branch
+        id: set-stage
+        shell: bash
+        run: |
+          BRANCH="${GITHUB_REF_NAME}"
+
+          if [[ "$BRANCH" == "prod" ]]; then
+            echo "stage=prod" >> "$GITHUB_OUTPUT"
+          elif [[ "$BRANCH" == "dev" ]]; then
+            echo "stage=dev" >> "$GITHUB_OUTPUT"
+          else
+            echo "stage=dev" >> "$GITHUB_OUTPUT"
+          fi
+
+          echo "Resolved STAGE=$BRANCH → $(cat $GITHUB_OUTPUT)"
  # ============================================================
  # 1️⃣ Shared Terraform (plan only for now)
  # ============================================================
  shared_terraform:
+    needs: determine_stage
    runs-on: ubuntu-latest
+    env:
+      STAGE: ${{ needs.determine_stage.outputs.stage }}

    steps:
      - name: Checkout
@ -28,7 +47,7 @@ jobs:
          # This will need to be changed to env imports when we have different env to dynamically allocate prod, staging etc
          aws-access-key-id: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }}
-          aws-region: ${{ env.AWS_REGION }}
+          aws-region: ${{ secrets.DEV_AWS_REGION }}

      - name: Setup Terraform
        uses: hashicorp/setup-terraform@v3
@ -53,11 +72,11 @@ jobs:
  # 2️⃣ Build Docker image (tag = GitHub SHA, digest resolved)
  # ============================================================
  image:
+    needs: determine_stage
    uses: ./.github/workflows/_build_docker_image.yml
    with:
-      # ecr_repo will need to changed to dynamic env in the future
-      ecr_repo: address2uprn-dev
-      aws_region: ${{ env.AWS_REGION }}
+      ecr_repo: address2uprn-${{ needs.determine_stage.outputs.stage }}
+      aws_region: ${{ secrets.DEV_AWS_REGION }}
      dockerfile_path: backend/address2UPRN/Dockerfile
      build_context: backend/address2UPRN
    secrets:
@ -65,17 +84,17 @@ jobs:
      AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }}
      AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}

-  # # ============================================================
-  # # 3️⃣ Deploy Lambda (Terraform, immutable digest)
-  # # ============================================================
+  # # # ============================================================
+  # # # 3️⃣ Deploy Lambda (Terraform, immutable digest)
+  # # # ============================================================
  # deploy_lambda:
-  #   needs: image
+  #   needs: [image, determine_stage]
  #   uses: ./.github/workflows/_deploy_lambda.yml
  #   with:
  #     lambda_name: address2uprn
  #     lambda_path: infrastructure/terraform/lambda/address2uprn
-  #     stage: ${{ env.STAGE }}
-  #     aws_region: ${{ env.AWS_REGION }}
+  #     stage: ${{ needs.determine_stage.outputs.stage }}
+  #     aws_region: ${{ secrets.DEV_AWS_REGION }}
  #     image_digest: ${{ needs.image.outputs.image_digest }}
  #   secrets:
  #     AWS_ACCESS_KEY_ID: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }}