check plan

This commit is contained in:
Jun-te Kim 2026-02-03 13:36:55 +00:00
parent 19872bf451
commit f6255c105b
8 changed files with 34 additions and 44 deletions

View file

@ -68,33 +68,33 @@ jobs:
# working-directory: infrastructure/terraform/shared # working-directory: infrastructure/terraform/shared
# run: terraform apply -auto-approve -var-file=${STAGE}.tfvars tfplan # run: terraform apply -auto-approve -var-file=${STAGE}.tfvars tfplan
# ============================================================ # # ============================================================
# 2⃣ Build Docker image (tag = GitHub SHA, digest resolved) # # 2⃣ Build Docker image (tag = GitHub SHA, digest resolved)
# ============================================================ # # ============================================================
address2uprn_image: # address2uprn_image:
needs: determine_stage # needs: determine_stage
uses: ./.github/workflows/_build_image.yml # uses: ./.github/workflows/_build_image.yml
with: # with:
ecr_repo: address2uprn-${{ needs.determine_stage.outputs.stage }} # ecr_repo: address2uprn-${{ needs.determine_stage.outputs.stage }}
dockerfile_path: backend/address2UPRN/Dockerfile # dockerfile_path: backend/address2UPRN/Dockerfile
build_context: backend/address2UPRN # build_context: backend/address2UPRN
secrets: # secrets:
AWS_ACCESS_KEY_ID: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }} # AWS_ACCESS_KEY_ID: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }} # AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }}
AWS_REGION: ${{ secrets.DEV_AWS_REGION }} # AWS_REGION: ${{ secrets.DEV_AWS_REGION }}
# # ============================================================ # # # ============================================================
# # 3⃣ Deploy Lambda (Terraform, immutable digest) # # # 3⃣ Deploy Lambda (Terraform, immutable digest)
# # ============================================================ # # # ============================================================
deploy_address2uprn_lambda: # deploy_address2uprn_lambda:
needs: [address2uprn_image, determine_stage] # needs: [address2uprn_image, determine_stage]
uses: ./.github/workflows/_deploy_lambda.yml # uses: ./.github/workflows/_deploy_lambda.yml
with: # with:
lambda_name: address2UPRN # lambda_name: address2UPRN
lambda_path: infrastructure/terraform/lambda/address2UPRN # lambda_path: infrastructure/terraform/lambda/address2UPRN
stage: ${{ needs.determine_stage.outputs.stage }} # stage: ${{ needs.determine_stage.outputs.stage }}
image_digest: ${{ needs.image.outputs.image_digest }} # image_digest: ${{ needs.image.outputs.image_digest }}
secrets: # secrets:
AWS_ACCESS_KEY_ID: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }} # AWS_ACCESS_KEY_ID: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }} # AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }}
AWS_REGION: ${{ secrets.DEV_AWS_REGION }} # AWS_REGION: ${{ secrets.DEV_AWS_REGION }}

View file

@ -1,8 +1,8 @@
### Checklist for a new lambda ### Checklist for a new lambda
- [ ] Copy cp -r lambda/_template lambda/<name> - [ ] Copy cp -r lambda/_template lambda/<name>
- [ ] Set `state_bucket_name`
- [ ] Add ECR repo in shared/main.tf - [ ] Add ECR repo in shared/main.tf
- [ ] Set bucket name in provider.tf
- [ ] Add shared output for repo name/url - [ ] Add shared output for repo name/url
- [ ] Push to GitHub (CI will deploy) - [ ] Push to GitHub (CI will deploy)

View file

@ -10,7 +10,7 @@ data "terraform_remote_state" "shared" {
module "lambda" { module "lambda" {
source = "../modules/lambda_with_sqs" source = "../modules/lambda_with_sqs"
name = "REPLACE_ME" name = REPLACE ME #"address2uprn" for example
stage = var.stage stage = var.stage
image_uri = "${data.terraform_remote_state.shared.outputs.REPLACE_ME_repository_url}@${var.image_digest}" image_uri = "${data.terraform_remote_state.shared.outputs.REPLACE_ME_repository_url}@${var.image_digest}"

View file

@ -7,7 +7,7 @@ terraform {
} }
backend "s3" { backend "s3" {
bucket = var.state_bucket_name bucket = REPLACE_ME
key = "terraform.tfstate" key = "terraform.tfstate"
region = "eu-west-2" region = "eu-west-2"
} }

View file

@ -9,9 +9,4 @@ variable "stage" {
variable "image_digest" { variable "image_digest" {
type = string type = string
}
variable "state_bucket_name" {
type = string
description = "S3 bucket name used for this lambda's Terraform state"
} }

View file

@ -7,7 +7,7 @@ terraform {
} }
backend "s3" { backend "s3" {
bucket = var.state_bucket_name bucket = "address2uprn-terraform-state"
key = "terraform.tfstate" key = "terraform.tfstate"
region = "eu-west-2" region = "eu-west-2"
} }

View file

@ -10,8 +10,3 @@ variable "stage" {
variable "image_digest" { variable "image_digest" {
type = string type = string
} }
variable "state_bucket_name" {
type = string
description = "S3 bucket name used for this lambda's Terraform state"
}

View file

@ -294,7 +294,7 @@ output "ses_dns_records" {
################################################ ################################################
module "address2uprn_state_bucket" { module "address2uprn_state_bucket" {
source = "../modules/tf_state_bucket" source = "../modules/tf_state_bucket"
bucket_name = "address2uprn-terraform-state-${var.stage}" bucket_name = "address2uprn-terraform-state"
} }