safetly do not deploy

2026-06-08 11:17:27 +00:00 · 2026-02-10 16:45:51 +00:00 · 2026-02-10 16:45:51 +00:00 · f6f5f5cd9b
commit f6f5f5cd9b
parent 8774aea00f
3 changed files with 44 additions and 8 deletions
--- a/.github/workflows/_build_image.yml
+++ b/.github/workflows/_build_image.yml
@ -104,4 +104,4 @@ jobs:
            --image-ids imageTag=${GITHUB_SHA} \
            --query 'imageDetails[0].imageDigest' \
            --output text)
-          echo "image_digest=$DIGEST" >> "$GITHUB_OUTPUT"
+          echo "image_digest=$DIGEST" >> "$GITHUB_OUTPUT"
--- a/.github/workflows/_deploy_lambda.yml
+++ b/.github/workflows/_deploy_lambda.yml
@ -23,6 +23,18 @@ on:
        required: true
        type: string

+      terraform_apply:
+        required: false
+        type: string
+        default: 'false'
+        # can only be 'true' or 'false'
+
+      terraform_destroy:
+        required: false
+        type: string
+        default: 'false'
+        # can only be 'true' or 'false'
+
    secrets:
      AWS_ACCESS_KEY_ID:
        required: true
@ -87,5 +99,11 @@ jobs:
            -out=lambdaplan

      - name: Terraform Apply
+        if: (inputs.terraform_apply == 'true' || github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main') && inputs.terraform_destroy != 'true'
        working-directory: ${{ inputs.lambda_path }}
        run: terraform apply -auto-approve lambdaplan
+
+      - name: Terraform Destroy
+        if: inputs.terraform_destroy == 'true'
+        working-directory: ${{ inputs.lambda_path }}
+        run: terraform destroy -auto-approve
--- a/.github/workflows/deploy_terraform.yml
+++ b/.github/workflows/deploy_terraform.yml
@ -4,27 +4,39 @@ on:
  push:
    branches:
      - "**"
+    paths:
+      - 'infrastructure/terraform/**'
+      - '.github/workflows/deploy_terraform.yml'
+      - '.github/workflows/_build_image.yml'
+      - '.github/workflows/_deploy_lambda.yml'

 jobs:
  determine_stage:
    runs-on: ubuntu-latest
+
    outputs:
      stage: ${{ steps.set-stage.outputs.stage }}

+    env:
+      AWS_ACCESS_KEY_ID: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }}
+      AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }}
+      AWS_REGION: ${{ secrets.DEV_AWS_REGION }}
+      DEV_DB_HOST: ${{ secrets.DEV_DB_HOST }}
+
    steps:
      - name: Determine stage from branch
        id: set-stage
        shell: bash
        run: |
-          env
+          echo "AWS_ACCESS_KEY_ID is set? ${AWS_ACCESS_KEY_ID:+yes}"
+          echo "AWS_SECRET_ACCESS_KEY is set? ${AWS_SECRET_ACCESS_KEY:+yes}"
+          echo "AWS_REGION=$AWS_REGION"
+          echo "DEV_DB_HOST=$DEV_DB_HOST"
+
          BRANCH="${GITHUB_REF_NAME}"

          if [[ "$BRANCH" == "prod" ]]; then
            echo "stage=prod" >> "$GITHUB_OUTPUT"
-
-          elif [[ "$BRANCH" == "dev" ]]; then
-            echo "stage=dev" >> "$GITHUB_OUTPUT"
-
          else
            echo "stage=dev" >> "$GITHUB_OUTPUT"
          fi
@ -109,10 +121,17 @@ jobs:
      ecr_repo: postcode_splitter-${{ needs.determine_stage.outputs.stage }}
      dockerfile_path: backend/postcode_splitter/handler/Dockerfile
      build_context: .
+      build_args: |
+        DEV_DB_HOST=$DEV_DB_HOST
+        DEV_DB_PORT=$DEV_DB_PORT
+        DEV_DB_NAME=$DEV_DB_NAME
    secrets:
      AWS_ACCESS_KEY_ID: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }}
      AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }}
      AWS_REGION: ${{ secrets.DEV_AWS_REGION }}
+      DEV_DB_HOST: ${{ secrets.DEV_DB_HOST }}
+      DEV_DB_PORT: ${{ secrets.DEV_DB_PORT }}
+      DEV_DB_NAME: ${{ secrets.DEV_DB_NAME }}

  # ============================================================
  # 3️⃣ Deploy Postcode Splitter Lambda
@ -168,5 +187,4 @@ jobs:
    secrets:
      AWS_ACCESS_KEY_ID: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }}
      AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }}
-      AWS_REGION: ${{ secrets.DEV_AWS_REGION }}
-
+      AWS_REGION: ${{ secrets.DEV_AWS_REGION }}