Production deployment (#696)

**Only merge using a merge commit!**
simonknittel · May 17, 2024 · e898798 · e898798
2 parents d044643 + 0563efe
commit e898798
Show file tree

Hide file tree

Showing 26 changed files with 76 additions and 338 deletions.
diff --git a/.github/workflows/build-email-function.yml b/.github/workflows/build-email-function.yml
@@ -12,7 +12,7 @@ jobs:
 
       - uses: oven-sh/setup-bun@v1.2.1
         with:
-          bun-version: 1.0.29
+          bun-version: 1.1.8
 
       - uses: actions/cache@v4.0.2
         id: node-modules-cache
@@ -26,7 +26,7 @@ jobs:
         if: steps.node-modules-cache.outputs.cache-hit != 'true'
 
       - name: Build
-        run: bun run build
+        run: bun run build --define:process.env.COMMIT_SHA=\\\"${{ github.sha }}\\\"'
         working-directory: bun-packages/packages/email-function
 
       - name: Store artifact

diff --git a/.github/workflows/deploy-email-function.yml b/.github/workflows/deploy-email-function.yml
@@ -0,0 +1,47 @@
+name: Deploy email-function
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - .github/workflows/deploy-email-function.yml
+      - .github/workflows/build-email-function.yml
+      - bun-packages/**
+
+jobs:
+  build:
+    uses: ./.github/workflows/build-email-function.yml
+
+  deploy:
+    runs-on: ubuntu-22.04
+
+    # Related
+    # - https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
+    # - https://docs.github.com/en/rest/authentication/permissions-required-for-github-apps
+    permissions:
+      id-token: write # Required for aws-actions/configure-aws-credentials
+      contents: read # Required for aws-actions/configure-aws-credentials
+
+    needs: [build]
+
+    steps:
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4.0.2
+        with:
+          role-to-assume: arn:aws:iam::197170241226:role/github-actions
+          aws-region: eu-central-1
+
+      - name: Retrieve email-function artifact
+        uses: actions/download-artifact@v4.1.6
+        with:
+          name: email-function-dist
+          path: bun-packages/packages/email-function/dist
+
+      - name: Prepare ZIP
+        run: zip --recurse-paths dist.zip dist
+        working-directory: bun-packages/packages/email-function/
+
+      - name: Deploy
+        run: aws lambda update-function-code --function-name email-function --zip-file fileb://dist.zip
+        working-directory: bun-packages/packages/email-function/
diff --git a/.github/workflows/terraform-apply.yml b/.github/workflows/terraform-apply.yml
@@ -51,12 +51,6 @@ jobs:
           role-to-assume: ${{ vars.IAM_ROLE_ARN }}
           aws-region: eu-central-1
 
-      - name: Retrieve email-function artifact
-        uses: actions/download-artifact@v4.1.6
-        with:
-          name: email-function-dist
-          path: bun-packages/packages/email-function/dist
-
       - name: Retrieve tfplan artifact
         uses: actions/download-artifact@v4.1.6
         with:
@@ -74,4 +68,3 @@ jobs:
           TF_VAR_cloudflare_api_token: ${{ secrets.CLOUDFLARE_API_TOKEN }}
           TF_VAR_api_subdomain: ${{ vars.API_SUBDOMAIN }}
           TF_VAR_email_function_parameters: ${{ secrets.EMAIL_FUNCTION_PARAMETERS }}
-          GITHUB_HEAD_SHA: ${{ github.event.pull_request.head.sha }}
diff --git a/.github/workflows/terraform-plan.yml b/.github/workflows/terraform-plan.yml
@@ -7,9 +7,7 @@ on:
       - develop
     paths:
       - .github/workflows/terraform-plan.yml
-      - .github/workflows/build-email-function.yml
       - terraform/**
-      - bun-packages/**
       - cloudformation/**
   workflow_dispatch:
     inputs:
@@ -34,9 +32,6 @@ on:
         type: boolean
 
 jobs:
-  build_email_function:
-    uses: ./.github/workflows/build-email-function.yml
-
   plan:
     runs-on: ubuntu-22.04
 
@@ -48,8 +43,6 @@ jobs:
       contents: read # Required for aws-actions/configure-aws-credentials
       pull-requests: write # Required for actions/github-script
 
-    needs: [build_email_function]
-
     environment: terraform-${{ inputs.environment || 'test' }}
 
     steps:
@@ -70,12 +63,6 @@ jobs:
           role-to-assume: ${{ vars.IAM_ROLE_ARN }}
           aws-region: eu-central-1
 
-      - name: Retrieve email-function artifact
-        uses: actions/download-artifact@v4.1.6
-        with:
-          name: email-function-dist
-          path: bun-packages/packages/email-function/dist
-
       - name: terraform init
         run: terraform init -backend-config=${{ inputs.environment || 'test' }}.s3.tfbackend
         working-directory: terraform
@@ -89,7 +76,6 @@ jobs:
           TF_VAR_cloudflare_api_token: ${{ secrets.CLOUDFLARE_API_TOKEN }}
           TF_VAR_api_subdomain: ${{ vars.API_SUBDOMAIN }}
           TF_VAR_email_function_parameters: ${{ secrets.EMAIL_FUNCTION_PARAMETERS }}
-          GITHUB_HEAD_SHA: ${{ github.event.pull_request.head.sha }}
 
       - uses: actions/github-script@v7.0.1
         if: github.event_name == 'pull_request'

diff --git a/bun-packages/packages/email-function/package.json b/bun-packages/packages/email-function/package.json
@@ -4,7 +4,7 @@
 	"private": true,
 	"type": "module",
 	"scripts": {
-		"build": "rm -rf dist && esbuild src/lambda.ts --bundle --outfile=dist/lambda.js --platform=node --target=node20 --minify --metafile=meta.json"
+		"build": "rm -rf dist && esbuild src/index.ts --bundle --outfile=dist/index.js --platform=node --target=node20 --minify --metafile=meta.json"
 	},
 	"devDependencies": {
 		"esbuild": "0.20.1",

diff --git a/bun-packages/packages/email-function/src/_lib/logging/console.ts b/bun-packages/packages/email-function/src/_lib/logging/console.ts
@@ -1,32 +1,15 @@
 import { type LogOutput } from "./types";
 
 export const logToConsole: LogOutput = (logEntry) => {
-	const { timestamp, ...rest } = logEntry;
-
 	switch (logEntry.level) {
 		case "info":
-			console.info(
-				JSON.stringify({
-					timestamp: timestamp.toISOString(),
-					...rest,
-				}),
-			);
+			console.info(JSON.stringify(logEntry));
 			break;
 		case "warn":
-			console.warn(
-				JSON.stringify({
-					timestamp: timestamp.toISOString(),
-					...rest,
-				}),
-			);
+			console.warn(JSON.stringify(logEntry));
 			break;
 		case "error":
-			console.error(
-				JSON.stringify({
-					timestamp: timestamp.toISOString(),
-					...rest,
-				}),
-			);
+			console.error(JSON.stringify(logEntry));
 			break;
 	}
 };
diff --git a/bun-packages/packages/email-function/src/_lib/logging/index.ts b/bun-packages/packages/email-function/src/_lib/logging/index.ts
@@ -3,40 +3,37 @@ import { type LogEntry } from "./types";
 
 const info = (message: string, args: Record<string, unknown> = {}) => {
 	const logEntry: LogEntry = {
-		timestamp: new Date(),
+		timestamp: new Date().toISOString(),
 		level: "info",
 		message,
+		...(process.env.COMMIT_SHA && { commitSha: process.env.COMMIT_SHA }),
 		...args,
 	};
 
-	if (process.env.COMMIT_SHA) logEntry.commitSha = process.env.COMMIT_SHA;
-
 	logToConsole(logEntry);
 };
 
 const warn = (message: string, args: Record<string, unknown> = {}) => {
 	const logEntry: LogEntry = {
-		timestamp: new Date(),
+		timestamp: new Date().toISOString(),
 		level: "warn",
 		message,
+		...(process.env.COMMIT_SHA && { commitSha: process.env.COMMIT_SHA }),
 		...args,
 	};
 
-	if (process.env.COMMIT_SHA) logEntry.commitSha = process.env.COMMIT_SHA;
-
 	logToConsole(logEntry);
 };
 
 const error = (message: string, args: Record<string, unknown> = {}) => {
 	const logEntry: LogEntry = {
-		timestamp: new Date(),
+		timestamp: new Date().toISOString(),
 		level: "error",
 		message,
+		...(process.env.COMMIT_SHA && { commitSha: process.env.COMMIT_SHA }),
 		...args,
 	};
 
-	if (process.env.COMMIT_SHA) logEntry.commitSha = process.env.COMMIT_SHA;
-
 	logToConsole(logEntry);
 };
 

diff --git a/bun-packages/packages/email-function/src/_lib/logging/types.ts b/bun-packages/packages/email-function/src/_lib/logging/types.ts
@@ -1,9 +1,9 @@
 export interface LogEntry {
-	timestamp: Date;
+	timestamp: string;
 	level: "info" | "warn" | "error";
 	message: string;
 	commitSha?: string;
-	[key: string]: unknown;
+	[key: string]: string | number | boolean | undefined;
 }
 
 export type LogOutput = (logEntry: LogEntry) => void;
diff --git a/...ges/packages/email-function/src/lambda.ts → ...ages/packages/email-function/src/index.ts b/...ges/packages/email-function/src/lambda.ts → ...ages/packages/email-function/src/index.ts
diff --git a/docs/setup-test-and-production.md b/docs/setup-test-and-production.md
@@ -114,8 +114,7 @@
 ## 7. Set up Terraform
 
 1. Create and populate `test.s3.tfbackend`, `prod.s3.tfbackend`, `test.tfvars` and `prod.tfvars`
-2. `cd bun-packages/ && bun install --frozen-lockfile && cd packages/email-function/ && bun run build`
-3. Create Terraform resources
+2. Create Terraform resources
 
    1. `AWS_PROFILE=sinister-incorporated-test aws sso login`
    2. `AWS_PROFILE=sinister-incorporated-test terraform init -backend-config=test.s3.tfbackend`

diff --git a/terraform/email-function.tf b/terraform/email-function.tf
@@ -64,7 +64,6 @@ module "email_function" {
   source = "./modules/eventbridge-sqs-lambda"
 
   function_name                  = "email-function"
-  source_dir                     = "../bun-packages/packages/email-function/dist"
   reserved_concurrent_executions = 1
   account_id                     = data.aws_caller_identity.current.account_id
   timeout                        = 15

diff --git a/terraform/modules/api-gateway-lambda/.gitignore b/terraform/modules/api-gateway-lambda/.gitignore
diff --git a/terraform/modules/api-gateway-lambda/api-gateway.tf b/terraform/modules/api-gateway-lambda/api-gateway.tf
diff --git a/terraform/modules/api-gateway-lambda/function.tf b/terraform/modules/api-gateway-lambda/function.tf
diff --git a/terraform/modules/api-gateway-lambda/iam.tf b/terraform/modules/api-gateway-lambda/iam.tf