GitHub Action for deploying Lambda code to an existing function
Upload zip file to AWS Lambda function.
name: deploy to lambda
on: [push]
jobs:
deploy_zip:
name: deploy lambda function
runs-on: ubuntu-latest
strategy:
matrix:
go-version: [1.20.x]
steps:
- name: checkout source code
uses: actions/checkout@v3
- name: Install Go
uses: actions/setup-go@v1
with:
go-version: ${{ matrix.go-version }}
- name: Build binary
run: |
cd example && CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -v -a -o main main.go && zip deployment.zip main
- name: default deploy
uses: appleboy/[email protected]
with:
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws_region: ${{ secrets.AWS_REGION }}
function_name: gorush
zip_file: example/deployment.zip
memory_size: 128
timeout: 10
handler: foobar
role: arn:aws:iam::xxxxxxxxxxx:role/test1234
runtime: nodejs12.x
Deploy lambda function with source file
name: deploy to lambda
on: [push]
jobs:
deploy_source:
name: deploy lambda from source
runs-on: ubuntu-latest
steps:
- name: checkout source code
uses: actions/checkout@v3
- name: default deploy
uses: appleboy/[email protected]
with:
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws_region: ${{ secrets.AWS_REGION }}
function_name: gorush
source: example/index.js
Set dry run mode to validate the request parameters and access permissions without modifying the function code.
name: deploy to lambda
on: [push]
jobs:
deploy:
name: deploy lambda function
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: AWS Lambda Deploy
uses: appleboy/[email protected]
with:
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws_region: ${{ secrets.AWS_REGION }}
function_name: gorush
zip_file: output.zip
dry_run: true
Deploy from a specific branch, master
or release
.
name: deploy to lambda
on: [push]
jobs:
deploy:
name: deploy lambda function
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: AWS Lambda Deploy
if: github.ref == 'refs/heads/master'
uses: appleboy/[email protected]
with:
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws_region: ${{ secrets.AWS_REGION }}
function_name: gorush
zip_file: output.zip
dry_run: true
Add multiple environment:
name: deploy to lambda
on: [push]
jobs:
deploy:
name: deploy lambda function
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: AWS Lambda Deploy
if: github.ref == 'refs/heads/master'
uses: appleboy/[email protected]
with:
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws_region: ${{ secrets.AWS_REGION }}
function_name: gorush
zip_file: output.zip
dry_run: true
+ environment: foo=bar,author=appleboy
See action.yml for more detailed information.
- aws_region - aws region
- aws_access_key_id - aws access key id
- aws_secret_access_key - aws secret key
- zip_file - file path of zip file
- source - file list you want to zip
- s3_bucket - An Amazon S3 bucket in the same AWS Region as your function. The bucket can be in a different AWS account.
- s3_key - The Amazon S3 key of the deployment package.
- dry_run - Set to true to validate the request parameters and access permissions without modifying the function code.
- debug - Show debug message after upload the lambda successfully (default as
false
). - publish - Set to true to publish a new version of the function after updating the code. (default as
true
). - reversion_id - Only update the function if the revision ID matches the ID that is specified.
- memory_size - The amount of memory that your function has access to. Increasing the function's memory also increases its CPU allocation. The default value is 128 MB. The value must be a multiple of 64 MB.
- timeout - The amount of time that Lambda allows a function to run before stopping it. The default is 3 seconds. The maximum allowed value is 900 seconds.
- handler - The name of the method within your code that Lambda calls to execute your function.
- role - The function's execution role. Pattern:
arn:(aws[a-zA-Z-]*)?:iam::\d{12}:role/?[a-zA-Z_0-9+=,.@\-_/]+
- runtime - The identifier of the function's runtime.
nodejs | nodejs4.3 | nodejs6.10 | nodejs8.10 | nodejs10.x | nodejs12.x | nodejs14.x | nodejs16.x | java8 | java8.al2 | java11 | python2.7 | python3.6 | python3.7 | python3.8 | python3.9 | dotnetcore1.0 | dotnetcore2.0 | dotnetcore2.1 | dotnetcore3.1 | dotnet6 | nodejs4.3-edge | go1.x | ruby2.5 | ruby2.7 | provided | provided.al2 | nodejs18.x
- environment - Lambda Environment variables. example:
foo=bar,author=appleboy
- image_uri - URI of a container image in the Amazon ECR registry.
- subnets - Select the VPC subnets for Lambda to use to set up your VPC configuration.
- securitygroups - Choose the VPC security groups for Lambda to use to set up your VPC configuration.
- description - A description of the function.
- layers - A list of function layers, to add to the function's execution environment. Specify each layer by its ARN, including the version.
- tracing_mode - Set Mode to
Active
to sample and trace a subset of incoming requests with X-Ray. - max_attempts - The maximum number of times the waiter should attempt to check the resource for the target state.
See the UpdateFunctionConfiguration for detail information.
Add the following AWS policy if you want to integrate with GitHub Actions. Please change REGION
, ACCOUNT
and LAMBDA_NAME
variable to your specfic data.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"iam:ListRoles",
"lambda:UpdateFunctionCode",
"lambda:CreateFunction",
"lambda:GetFunction",
"lambda:UpdateFunctionConfiguration",
"lambda:GetFunctionConfiguration"
],
"Resource": "arn:aws:lambda:${REGION}:${ACCOUNT}:function:${LAMBDA_NAME}"
}
]
}
Our function needs permission to upload trace data to X-Ray. When you activate tracing in the Lambda console, Lambda adds the required permissions to your function's execution role. Otherwise, add the AWSXRayDaemonWriteAccess policy to the execution role.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"xray:PutTraceSegments",
"xray:PutTelemetryRecords",
"xray:GetSamplingRules",
"xray:GetSamplingTargets",
"xray:GetSamplingStatisticSummaries"
],
"Resource": [
"*"
]
}
]
}