fix(lambda): adding in lambda building

Pocket · Aug 15, 2024 · 0eccee4 · 0eccee4
1 parent f5f82da
commit 0eccee4
Show file tree

Hide file tree

Showing 8 changed files with 264 additions and 17 deletions.
diff --git a/.github/actions/build-lambda/action.yml b/.github/actions/build-lambda/action.yml
@@ -0,0 +1,79 @@
+name: 'Re-usable Lambda Build and Upload Flow'
+description: 'Used to setup and build a docker image'
+inputs:
+  scope:
+    description: 'Turbo Repo scope to run the build for'
+    required: true
+  sentry-org:
+    description: 'The org name used in sentry. Used to upload source maps'
+    required: false
+    default: pocket
+  sentry-project:
+    description: 'The project name used in sentry. Used to upload source maps'
+    required: false
+    default: ''
+  sentry-token:
+    description: 'The token used for sentry. Used to upload source maps'
+    required: true
+  s3-bucket:
+    description: 'The s3 bucket to upload to'
+    required: false
+    default: ''
+  s3-key:
+    description: 'The s3 bucket key to upload to'
+    required: false
+    default: ''
+runs:
+  using: 'composite'
+  steps:
+    - name: Install pnpm & node
+      uses: ./.github/actions/install-pnpm-and-node
+      with:
+        scope: ${{ inputs['scope'] }}
+    # Theres a really annoying bug in PNPM deploy command that will try and create a folder at /home/pruned which we are not allowed to do, 
+    # so we move it under 1 directory to let it do its thing.
+    # https://github.com/pnpm/pnpm/issues/5086
+    - name: Build lambda
+      shell: bash
+      run: |
+        pnpm run build --filter=${{inputs.scope}}...
+        mkdir -p ~/bug/project
+        cp -R . ~/bug/project/
+        cd ~/bug/project/
+        pnpm deploy --filter=${{inputs.scope}} --prod pruned
+    - name: Upload Sentry Source maps
+      if: inputs.sentry-project != ''
+      shell: bash
+      run: |
+        cd ~/bug/project/
+        pnpx @sentry/cli sourcemaps inject pruned/dist
+        pnpx @sentry/cli sourcemaps upload pruned/dist --release ${{ github.sha }} --auth-token ${{ inputs.sentry-token }} --org ${{ inputs.sentry-org }} --project ${{ inputs.sentry-project }}
+    - name: Package Lambda
+      shell: bash
+      run: |
+        cd ~/bug/project/pruned
+        cp -r package.json dist/
+        cp -r node_modules/ dist/node_modules/
+
+        cd dist
+        zip --symlinks -r9 ~/project/${{ github.sha }}.zip .
+        mkdir -p /tmp
+        mkdir -p /tmp/artifacts
+        cp ~/project/${{ github.sha }}.zip /tmp/artifacts/
+        cd ..
+        maxFileSize=256000 # Get the size of the directory in kilobytes
+        export dirSize=$(du -s dist | cut -f1) 
+        echo "Size is: $dirSize"
+        if ((dirSize > maxFileSize)); then
+          echo "Directory size is equal to or larger than $maxFileSize KB. which is the lambda limit"
+          exit 1
+        fi 
+    - name: Upload to S3
+      if: inputs.s3-bucket != ''
+      shell: bash
+      run: |
+        s3Key="${{inputs.s3-key}}"
+        if [[ -z $s3Key ]]; then
+            s3Key="${{ github.sha }}.zip"
+        fi
+        aws s3 cp ${{ github.sha }}.zip s3://${{inputs.s3-bucket}}/${s3Key}
diff --git a/.github/workflows/account-data-deleter.yml b/.github/workflows/account-data-deleter.yml
@@ -0,0 +1,79 @@
+name: Account Data Deleter
+on:
+  # Only run the tests for this service when any of the following file paths change
+  pull_request:
+    paths:
+      - 'infrastructure/account-data-deleter/**'
+      - 'packages/**'
+      - 'servers/account-data-deleter/**'
+      - 'lambdas/account-data-deleter-batch-delete/**'
+      - 'lambdas/account-data-deleter-events/**'
+      - 'pnpm-lock.yaml'
+      - '.github/actions/**'
+      - '.github/workflows/account-data-deleter.yml'
+      - '.github/workflows/reuse-*.yml'
+  push:
+    branches:
+      - main
+      - dev
+
+jobs:
+  # Let's test the service against some real life and mocked docker services.
+  test-integrations:
+    # Only run this job on a pull request event
+    if: github.event_name == 'pull_request'
+    # Use our re-usable test integrations workflow which will use our docker compose file
+    uses: ./.github/workflows/reuse-test-integrations.yml
+    with:
+      # Only run the tests for our service
+      scope: 'account-data-deleter'
+    # Ensure the re-usable workflow is allowed to access the secrets
+    secrets: inherit
+
+  # It's infrastructure time, run the infrastructure update commands
+  infrastructure:
+    uses: ./.github/workflows/reuse-infrastructure.yml
+    with:
+      scope: account-data-deleter-api-cdk
+      stack-output-path: infrastructure/user-api/cdktf.out/stacks/user-api
+    # Ensure the re-usable workflow is allowed to access the secrets
+    secrets: inherit
+
+  # Let's try building and conidtionally pushing our docker image to the necessary account.
+  build-and-push-image:
+    uses: ./.github/workflows/reuse-build-and-push-image.yml
+    #needs: [infrastructure]
+    with:
+      scope: account-data-deleter
+      app-path: servers/account-data-deleter
+      app-port: 4015
+      sentry-project: account-data-deleter
+      docker-repo-name-short-hand: accountdatadeleter
+    # Ensure the re-usable workflow is allowed to access the secrets
+    secrets: inherit
+
+  build-and-push-lambda-events:
+    uses: ./.github/workflows/reuse-build-and-push-lambda.yml
+    #needs: [infrastructure]
+    with:
+      scope: account-data-deleter-events
+      sentry-project: account-data-deleter
+      s3-bucket-pattern: pocket-accountdatadeleter-<<environment>>-sqs-event-consumer
+    # Ensure the re-usable workflow is allowed to access the secrets
+    secrets: inherit
+
+  build-and-push-lambda-batch-delete:
+    uses: ./.github/workflows/reuse-build-and-push-lambda.yml
+    #needs: [infrastructure]
+    with:
+      scope: account-data-deleter-batch-delete
+      sentry-project: account-data-deleter
+      s3-bucket-pattern: pocket-accountdatadeleter-<<environment>>-batchdeletelambda
+    # Ensure the re-usable workflow is allowed to access the secrets
+    secrets: inherit
+
+  # deploy:
+  #  needs: [infrastructure]
+  #   with:
+  #      terraform-output: ${{ needs.infrastructure.outputs.terraform-output }}
+
diff --git a/.github/workflows/list-api.yml b/.github/workflows/list-api.yml
@@ -9,14 +9,15 @@ on:
       - 'pnpm-lock.yaml'
       - '.github/actions/**'
       - '.github/workflows/list-api.yml'
+      - '.github/workflows/reuse-*.yml'
 
 jobs:
   # Let's test the service against some real life and mocked docker services.
   test-integrations:
     # Only run this job on a pull request event
     if: github.event_name == 'pull_request'
     # Use our re-usable test integrations workflow which will use our docker compose file
-    uses: ./.github/workflows/test-integrations.yml
+    uses: ./.github/workflows/reuse-test-integrations.yml
     with:
       # Only run the tests for our service
       scope: 'list-api'
@@ -25,7 +26,7 @@ jobs:
 
   # Let's test the service against some real life and mocked docker services.
   build-and-push-image:
-    uses: ./.github/workflows/build-and-push-image.yml
+    uses: ./.github/workflows/reuse-build-and-push-image.yml
     with:
       scope: list-api
       app-path: servers/list-api
@@ -37,7 +38,7 @@ jobs:
 
   # It's infrastructure time, run the infrastructure update commands
   infrastructure:
-    uses: ./.github/workflows/infrastructure.yml
+    uses: ./.github/workflows/reuse-infrastructure.yml
     with:
       scope: list-api-cdk
       stack-output-path: infrastructure/list-api/cdktf.out/stacks/list-api

diff --git a/.github/workflows/build-and-push-image.yml → .../workflows/reuse-build-and-push-image.yml b/.github/workflows/build-and-push-image.yml → .../workflows/reuse-build-and-push-image.yml
@@ -35,7 +35,11 @@ on:
         description: 'The project name used in sentry. Used to upload source maps'
         required: true
         type: string
-
+
+permissions:
+  contents: read  # This is required for actions/checkout
+  id-token: write  # Access the Github JWT for AWS access        
+
 jobs:
     # Let's build the image on every pull request just like we would on production
     pull-request:
@@ -46,7 +50,6 @@ jobs:
         - name: Checkout
           uses: actions/checkout@v4
         - name: Build Docker Image
-          # Use our re-usable containerize action
           uses: ./.github/actions/containerize
           with:
             docker-repo-name: ${{inputs['development-aws-registry']}}/${{inputs['docker-repo-name-short-hand']}}-prod-app
@@ -59,16 +62,21 @@ jobs:
             dockerhub-token: ${{secrets.DOCKERHUB_TOKEN}}
             scope: ${{inputs['scope']}}
 
-# TODO: These need to request AWS ECR Credentials to push the Docker Image
+
     development:
       if: github.ref == 'refs/heads/dev'
       runs-on: ubuntu-latest
       steps:        
         - name: Checkout
           uses: actions/checkout@v4
-
+        # Get the AWS credentials
+        - name: AWS Credentials
+          uses: aws-actions/configure-aws-credentials@v4
+          with:
+            aws-region: us-east-1
+            # TODO: Change this to the right roles when setup
+            role-to-assume: arn:aws:iam::410318598490:role/GithubTesting-Daniel
         - name: Build and Push Development Docker Image
-          # Use our re-usable containerize action
           uses: ./.github/actions/containerize
           with:
             docker-repo-name: ${{inputs['development-aws-registry']}}/${{inputs['docker-repo-name-short-hand']}}-dev-app
@@ -89,10 +97,14 @@ jobs:
       steps:
         - name: Checkout
           uses: actions/checkout@v4
-
-        # While we wait for docker compose to be healthy we install node and needed packages for this service
+        # Get the AWS credentials
+        - name: AWS Credentials
+          uses: aws-actions/configure-aws-credentials@v4
+          with:
+            aws-region: us-east-1
+            # TODO: Change this to the right roles when setup
+            role-to-assume: arn:aws:iam::410318598490:role/GithubTesting-Daniel
         - name: Build and Push Production Docker Image
-          # Use our re-usable containerize action
           uses: ./.github/actions/containerize
           with:
             docker-repo-name: ${{inputs['development-aws-registry']}}/${{inputs['docker-repo-name-short-hand']}}-prod-app
@@ -104,4 +116,3 @@ jobs:
             dockerhub-username: ${{secrets.DOCKERHUB_USERNAME}}
             dockerhub-token: ${{secrets.DOCKERHUB_TOKEN}}
             scope: ${{inputs['scope']}}
-          # Ensure the re-usable workflow is allowed to access the secrets
diff --git a/.github/workflows/reuse-build-and-push-lambda.yml b/.github/workflows/reuse-build-and-push-lambda.yml
@@ -0,0 +1,76 @@
+name: 'Re-usable Lambda Build Flow'
+on:
+  workflow_call:
+    inputs:
+      scope:
+        description: 'Turbo Repo scope to run the build for'
+        required: true
+        type: string
+      s3-bucket-pattern:
+        description: 'Lambda S3 bucket pattern to use'
+        required: true
+        type: string
+      sentry-org:
+        description: 'The org name used in sentry. Used to upload source maps'
+        required: false
+        type: string
+        default: pocket
+      sentry-project:
+        description: 'The project name used in sentry. Used to upload source maps'
+        required: true
+        type: string
+
+permissions:
+  contents: read  # This is required for actions/checkout
+  id-token: write  # Access the Github JWT for AWS access
+
+
+jobs:
+    # Let's build the image on every pull request just like we would on production
+    pull-request:
+      # Only run this job on a pull request event
+      if: github.event_name == 'pull_request'
+      runs-on: ubuntu-latest
+      steps:
+        - name: Checkout
+          uses: actions/checkout@v4
+
+        - name: Build Lambda
+          uses: ./.github/actions/build-lambda
+          with:
+            sentry-project: ${{inputs['sentry-project']}}
+            sentry-org: ${{inputs['sentry-org']}}
+            sentry-token: ${{secrets.SENTRY_BEARER}}
+            scope: ${{inputs['scope']}}
+
+# TODO: These need to request AWS ECR Credentials to push the Docker Image
+    development:
+      if: github.ref == 'refs/heads/dev'
+      runs-on: ubuntu-latest
+      steps:        
+        - name: Checkout
+          uses: actions/checkout@v4
+
+        - name: Build Lambda
+          uses: ./.github/actions/build-lambda
+          with:
+            sentry-project: ${{inputs['sentry-project']}}
+            sentry-org: ${{inputs['sentry-org']}}
+            sentry-token: ${{secrets.SENTRY_BEARER}}
+            scope: ${{inputs['scope']}}
+
+
+    production:
+      if: github.ref == 'refs/heads/main'
+      runs-on: ubuntu-latest
+      steps:
+        - name: Checkout
+          uses: actions/checkout@v4
+
+        - name: Build Lambda
+          uses: ./.github/actions/build-lambda
+          with:
+            sentry-project: ${{inputs['sentry-project']}}
+            sentry-org: ${{inputs['sentry-org']}}
+            sentry-token: ${{secrets.SENTRY_BEARER}}
+            scope: ${{inputs['scope']}}
diff --git a/.github/workflows/infrastructure.yml → .github/workflows/reuse-infrastructure.yml b/.github/workflows/infrastructure.yml → .github/workflows/reuse-infrastructure.yml
@@ -27,7 +27,7 @@ permissions:
 
 jobs:
 
-    pull-request:
+    plan:
       # Only run this job on a pull request event
       if: github.event_name == 'pull_request'
       runs-on: ubuntu-latest

diff --git a/.github/workflows/test-integrations.yml → ...hub/workflows/reuse-test-integrations.yml b/.github/workflows/test-integrations.yml → ...hub/workflows/reuse-test-integrations.yml
diff --git a/.github/workflows/user-api.yml b/.github/workflows/user-api.yml
@@ -8,7 +8,8 @@ on:
       - 'servers/user-api/**'
       - 'pnpm-lock.yaml'
       - '.github/actions/**'
-      - '.github/workflows/user_api.yml'
+      - '.github/workflows/user-api.yml'
+      - '.github/workflows/reuse-*.yml'
   push:
     branches:
       - main
@@ -20,7 +21,7 @@ jobs:
     # Only run this job on a pull request event
     if: github.event_name == 'pull_request'
     # Use our re-usable test integrations workflow which will use our docker compose file
-    uses: ./.github/workflows/test-integrations.yml
+    uses: ./.github/workflows/reuse-test-integrations.yml
     with:
       # Only run the tests for our service
       scope: 'user-api'
@@ -29,7 +30,7 @@ jobs:
 
   # It's infrastructure time, run the infrastructure update commands
   infrastructure:
-    uses: ./.github/workflows/infrastructure.yml
+    uses: ./.github/workflows/reuse-infrastructure.yml
     with:
       scope: user-api-cdk
       stack-output-path: infrastructure/user-api/cdktf.out/stacks/user-api
@@ -38,7 +39,7 @@ jobs:
 
   # Let's try building and conidtionally pushing our docker image to the necessary account.
   build-and-push-image:
-    uses: ./.github/workflows/build-and-push-image.yml
+    uses: ./.github/workflows/reuse-build-and-push-image.yml
     #needs: [infrastructure]
     with:
       scope: user-api