From f6f5f5cd9b922fa6b7b4903a846e6598088d0fdc Mon Sep 17 00:00:00 2001 From: Jun-te Kim Date: Tue, 10 Feb 2026 16:45:51 +0000 Subject: [PATCH] safetly do not deploy --- .github/workflows/_build_image.yml | 2 +- .github/workflows/_deploy_lambda.yml | 18 +++++++++++++++ .github/workflows/deploy_terraform.yml | 32 ++++++++++++++++++++------ 3 files changed, 44 insertions(+), 8 deletions(-) diff --git a/.github/workflows/_build_image.yml b/.github/workflows/_build_image.yml index 408c0319..641e31f9 100644 --- a/.github/workflows/_build_image.yml +++ b/.github/workflows/_build_image.yml @@ -104,4 +104,4 @@ jobs: --image-ids imageTag=${GITHUB_SHA} \ --query 'imageDetails[0].imageDigest' \ --output text) - echo "image_digest=$DIGEST" >> "$GITHUB_OUTPUT" + echo "image_digest=$DIGEST" >> "$GITHUB_OUTPUT" \ No newline at end of file diff --git a/.github/workflows/_deploy_lambda.yml b/.github/workflows/_deploy_lambda.yml index bff106c5..8424f0d5 100644 --- a/.github/workflows/_deploy_lambda.yml +++ b/.github/workflows/_deploy_lambda.yml @@ -23,6 +23,18 @@ on: required: true type: string + terraform_apply: + required: false + type: string + default: 'false' + # can only be 'true' or 'false' + + terraform_destroy: + required: false + type: string + default: 'false' + # can only be 'true' or 'false' + secrets: AWS_ACCESS_KEY_ID: required: true @@ -87,5 +99,11 @@ jobs: -out=lambdaplan - name: Terraform Apply + if: (inputs.terraform_apply == 'true' || github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main') && inputs.terraform_destroy != 'true' working-directory: ${{ inputs.lambda_path }} run: terraform apply -auto-approve lambdaplan + + - name: Terraform Destroy + if: inputs.terraform_destroy == 'true' + working-directory: ${{ inputs.lambda_path }} + run: terraform destroy -auto-approve \ No newline at end of file diff --git a/.github/workflows/deploy_terraform.yml b/.github/workflows/deploy_terraform.yml index 4ac08e41..6fc38976 100644 --- a/.github/workflows/deploy_terraform.yml +++ b/.github/workflows/deploy_terraform.yml @@ -4,27 +4,39 @@ on: push: branches: - "**" + paths: + - 'infrastructure/terraform/**' + - '.github/workflows/deploy_terraform.yml' + - '.github/workflows/_build_image.yml' + - '.github/workflows/_deploy_lambda.yml' jobs: determine_stage: runs-on: ubuntu-latest + outputs: stage: ${{ steps.set-stage.outputs.stage }} + env: + AWS_ACCESS_KEY_ID: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }} + AWS_REGION: ${{ secrets.DEV_AWS_REGION }} + DEV_DB_HOST: ${{ secrets.DEV_DB_HOST }} + steps: - name: Determine stage from branch id: set-stage shell: bash run: | - env + echo "AWS_ACCESS_KEY_ID is set? ${AWS_ACCESS_KEY_ID:+yes}" + echo "AWS_SECRET_ACCESS_KEY is set? ${AWS_SECRET_ACCESS_KEY:+yes}" + echo "AWS_REGION=$AWS_REGION" + echo "DEV_DB_HOST=$DEV_DB_HOST" + BRANCH="${GITHUB_REF_NAME}" if [[ "$BRANCH" == "prod" ]]; then echo "stage=prod" >> "$GITHUB_OUTPUT" - - elif [[ "$BRANCH" == "dev" ]]; then - echo "stage=dev" >> "$GITHUB_OUTPUT" - else echo "stage=dev" >> "$GITHUB_OUTPUT" fi @@ -109,10 +121,17 @@ jobs: ecr_repo: postcode_splitter-${{ needs.determine_stage.outputs.stage }} dockerfile_path: backend/postcode_splitter/handler/Dockerfile build_context: . + build_args: | + DEV_DB_HOST=$DEV_DB_HOST + DEV_DB_PORT=$DEV_DB_PORT + DEV_DB_NAME=$DEV_DB_NAME secrets: AWS_ACCESS_KEY_ID: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }} AWS_REGION: ${{ secrets.DEV_AWS_REGION }} + DEV_DB_HOST: ${{ secrets.DEV_DB_HOST }} + DEV_DB_PORT: ${{ secrets.DEV_DB_PORT }} + DEV_DB_NAME: ${{ secrets.DEV_DB_NAME }} # ============================================================ # 3️⃣ Deploy Postcode Splitter Lambda @@ -168,5 +187,4 @@ jobs: secrets: AWS_ACCESS_KEY_ID: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }} - AWS_REGION: ${{ secrets.DEV_AWS_REGION }} - + AWS_REGION: ${{ secrets.DEV_AWS_REGION }} \ No newline at end of file