Skip to main content

Lambda with GitHub Workflows

Deploy Lambda functions using GitHub Workflows with a code-driven approach. The build process updates S3 with assets and SSM with the new version, requiring a Terraform run for promotion. GitHub Workflows manage the entire lifecycle, from building and packaging Lambda functions to deploying them, with reusable workflows.

Overview

Lambda Deployment Lifecycle

Build and Deployment

Application repository updates S3 with build assets, then updates SSM with the new version. Each SSM update is basically a promotion, and requires a Terraform run to realize the change.

Build and Dev Promote
# .github/workflows/reusable-publish-lambda-zip.yaml
name: Publish Lambda Function
on:
workflow_call:
inputs:
function-name:
required: true
type: string
source-folder:
required: true
type: string
artifacts-bucket-and-prefix:
required: true
type: string
aws-region:
required: true
type: string
secrets:
cicd-role-arn:
required: true

permissions:
id-token: write
contents: read

jobs:
publish:
runs-on: self-hosted
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ inputs.cicd-role-arn }}
aws-region: ${{ inputs.aws-region }}
- name: Checkout
uses: actions/checkout@v4
- name: Package Lambda
run: |
cd ${{ inputs.source-folder }} && zip ${{ github.sha }}.zip *
- name: Push Lambda
run: |
aws s3 cp ${{ inputs.source-folder }}/${{ github.sha }}.zip s3://${{ inputs.artifacts-bucket-and-prefix }}/${{ inputs.function-name }}/ --sse
- name: Write tag to SSM
run: |
aws ssm put-parameter --name /lambda/${{ inputs.function-name}}/tag --type String --value ${{ github.sha }} --overwrite

Implementation

  • lambda: This component is responsible for creating the Lambda function. After promotion, the Lambda function is updated with the new version.

References