From 91db4fb86c24e1a76fcdfe9af002011794644a7c Mon Sep 17 00:00:00 2001
From: Jun-te Kim <junte.kim@mealcraft.com>
Date: Tue, 11 Nov 2025 14:29:03 +0000
Subject: [PATCH] lambda

---
 .../actions/lambda-deploy/action.yml          | 86 +++++++++++++++++++
 .../actions/terraform-deploy/action.yml       | 55 ++++++++++++
 .github/workflows/lambda_main.yml             | 33 +++++++
 3 files changed, 174 insertions(+)
 create mode 100644 .github/workflows/actions/lambda-deploy/action.yml
 create mode 100644 .github/workflows/actions/terraform-deploy/action.yml
 create mode 100644 .github/workflows/lambda_main.yml

diff --git a/.github/workflows/actions/lambda-deploy/action.yml b/.github/workflows/actions/lambda-deploy/action.yml
new file mode 100644
index 00000000..3ca0fc8d
--- /dev/null
+++ b/.github/workflows/actions/lambda-deploy/action.yml
@@ -0,0 +1,86 @@
+name: "Build and Push Lambda Image to ECR"
+description: "Reusable action for building and pushing lambda Docker image to ECR"
+
+inputs:
+  ecr_name:
+    description: "Lambda name / ECR repo name"
+    required: true
+  dockerfile_path:
+    description: "Path to Dockerfile"
+    required: true
+  ecr_tf_dir:
+    description: "Path to ECR terraform directory"
+    required: true
+  lambda_tf_dir:
+    description: "Path to Lambda terraform directory"
+    required: true
+  aws-access-key-id:
+    description: "AWS access key"
+    required: true
+  aws-secret-access-key:
+    description: "AWS secret key"
+    required: true
+  aws-region:
+    description: "AWS region"
+    required: true
+  git-sha:
+    description: "Git commit SHA"
+    required: true
+  git-ref:
+    description: "Git ref name"
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - uses: actions/checkout@v4
+
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        aws-access-key-id: ${{ inputs.aws-access-key-id }}
+        aws-secret-access-key: ${{ inputs.aws-secret-access-key }}
+        aws-region: ${{ inputs.aws-region }}
+
+    - name: Log in to Amazon ECR
+      id: login-ecr
+      uses: aws-actions/amazon-ecr-login@v2
+
+    - name: Deploy ECR
+      uses: ./.github/workflows/actions/terraform-deploy
+      with:
+        working_directory: ${{ inputs.ecr_tf_dir }}
+        aws-access-key-id: ${{ inputs.aws-access-key-id }}
+        aws-secret-access-key: ${{ inputs.aws-secret-access-key }}
+        aws-region: ${{ inputs.aws-region }}
+    - name: Set Docker image tag
+      id: set_tag
+      shell: bash
+      run: |
+        SHORT_SHA=$(echo "${{ inputs.git-sha }}" | cut -c1-7)
+        BRANCH=$(echo "${{ inputs.git-ref }}" | tr '/' '-')
+        TAG="${BRANCH}-${SHORT_SHA}"
+        echo "IMAGE_TAG=${TAG}" >> $GITHUB_ENV
+        echo "tag=$TAG" >> $GITHUB_OUTPUT
+
+    - name: Build and push Docker image
+      shell: bash
+      run: |
+        IMAGE_URI=${{ steps.login-ecr.outputs.registry }}/${{ inputs.ecr_name }}:${{ steps.set_tag.outputs.tag }}
+        echo "Building Docker image for ${{ inputs.ecr_name }}..."
+        docker build -t $IMAGE_URI -f ${{ inputs.dockerfile_path }} .
+        
+        echo "Pushing to ECR..."
+        docker push $IMAGE_URI
+
+    - name: Deploy Lambda
+      uses: ./.github/workflows/actions/terraform-deploy
+      with:
+        working_directory: ${{ inputs.lambda_tf_dir }}
+        aws-access-key-id: ${{ inputs.aws-access-key-id }}
+        aws-secret-access-key: ${{ inputs.aws-secret-access-key }}
+        aws-region: ${{ inputs.aws-region }}
+        lambda-image-tag: ${{ steps.set_tag.outputs.tag }}
+
+
+
diff --git a/.github/workflows/actions/terraform-deploy/action.yml b/.github/workflows/actions/terraform-deploy/action.yml
new file mode 100644
index 00000000..56133299
--- /dev/null
+++ b/.github/workflows/actions/terraform-deploy/action.yml
@@ -0,0 +1,55 @@
+name: "Terraform Plan Shared Config"
+description: "Plans shared Terraform config for Lambdas"
+
+inputs:
+  working_directory:
+    description: "Directory containing Terraform config"
+    required: true
+  aws-access-key-id:
+    description: "AWS access key"
+    required: true
+  aws-secret-access-key:
+    description: "AWS secret key"
+    required: true
+  aws-region:
+    description: "AWS region"
+    required: true
+  lambda-image-tag:
+    description: "Tag of the Lambda image (e.g., GitHub SHA)"
+    required: false
+
+runs:
+  using: "composite"
+  steps:
+    - uses: actions/checkout@v4
+
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        aws-access-key-id: ${{ inputs.aws-access-key-id }}
+        aws-secret-access-key: ${{ inputs.aws-secret-access-key }}
+        aws-region: ${{ inputs.aws-region }}
+
+    - name: Setup Terraform
+      uses: hashicorp/setup-terraform@v3
+
+    - name: Terraform Init
+      working-directory: ${{ inputs.working_directory }}
+      shell: bash
+      run: terraform init -reconfigure
+
+    - name: Terraform Plan
+      working-directory: ${{ inputs.working_directory }}
+      shell: bash
+      run: |
+        if [ -n "${{ inputs.lambda-image-tag }}" ]; then
+          terraform plan -out=tfplan -var="lambda_image_tag=${{ inputs.lambda-image-tag }}"
+        else
+          terraform plan -out=tfplan
+        fi
+
+    - name: Terraform Apply
+      working-directory: ${{ inputs.working_directory }}
+      shell: bash
+      run: terraform apply -auto-approve tfplan
+
diff --git a/.github/workflows/lambda_main.yml b/.github/workflows/lambda_main.yml
new file mode 100644
index 00000000..73645ac5
--- /dev/null
+++ b/.github/workflows/lambda_main.yml
@@ -0,0 +1,33 @@
+# Please note, this github work flows assumes that shared-terrform is deployed in aws env
+# The shared-terraform files lives in https://github.com/Hestia-Homes/survey-extraction/tree/main/deployment/lambda/lambda_shared 
+
+name: Deploy Lambdas
+on:
+  push:
+    branches: [main, feautre/whlg_lambda]
+
+env:
+  AWS_REGION: eu-west-2
+
+jobs:
+  whlg-calc:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v4
+      - name: Build and deploy Warm Homes Local Grant Calc (whlg-calc)
+        uses: ./.github/workflows/actions/lambda-deploy
+        with:
+          ecr_name: whlg_calc_adhoc_ecr 
+          dockerfile_path: ./deployment/lambda/whlg_calculator/docker/Dockerfile
+          ecr_tf_dir: ./deployment/lambda/whlg_calculator/docker/
+          lambda_tf_dir: ./deployment/lambda/whlg_calculator/
+          aws-access-key-id: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY}}
+          aws-region: eu-west-2
+          git-sha: ${{ github.sha }}
+          git-ref: ${{ github.ref_name }}
\ No newline at end of file