Skip to content

Commit 1b31e75

Browse files
bchamppbchampp
committed
feat: update SAM template automatically and add execution role with required lambda permissions to template
1 parent e7ddc9b commit 1b31e75

File tree

3 files changed

+90
-2
lines changed

3 files changed

+90
-2
lines changed

.github/workflows/update-sam-template.yml

Lines changed: 50 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,50 @@
1+
name: Update SAM Template
2+
3+
on:
4+
pull_request:
5+
paths:
6+
- "examples/**"
7+
8+
permissions:
9+
contents: write
10+
11+
concurrency:
12+
group: ${{ github.head_ref }}-${{ github.run_id}}-sam-template
13+
cancel-in-progress: true
14+
15+
jobs:
16+
update-template:
17+
runs-on: ubuntu-latest
18+
steps:
19+
- uses: actions/checkout@v4
20+
with:
21+
token: ${{ secrets.GITHUB_TOKEN }}
22+
ref: ${{ github.head_ref }}
23+
24+
- name: Set up Python 3.13
25+
uses: actions/setup-python@v5
26+
with:
27+
python-version: "3.13"
28+
29+
- name: Install Hatch
30+
run: pip install hatch
31+
32+
- name: Setup SSH Agent
33+
uses: webfactory/ssh-agent@v0.9.0
34+
with:
35+
ssh-private-key: ${{ secrets.SDK_KEY }}
36+
37+
- name: Generate SAM template
38+
run: hatch run examples:generate-sam-template
39+
40+
- name: Commit and push changes
41+
run: |
42+
git config --local user.email "action@github.com"
43+
git config --local user.name "GitHub Action"
44+
git add .
45+
if git diff --staged --quiet; then
46+
echo "No changes to commit"
47+
else
48+
git commit -m "chore: update SAM template" --no-verify
49+
git push
50+
fi

examples/cli.py

Lines changed: 39 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -238,7 +238,44 @@ def generate_sam_template(*, skip_durable_config=False):
238238
"Default": "https://lambda.us-west-2.amazonaws.com",
239239
}
240240
},
241-
"Resources": {},
241+
"Resources": {
242+
"DurableFunctionRole": {
243+
"Type": "AWS::IAM::Role",
244+
"Properties": {
245+
"AssumeRolePolicyDocument": {
246+
"Version": "2012-10-17",
247+
"Statement": [
248+
{
249+
"Effect": "Allow",
250+
"Principal": {"Service": "lambda.amazonaws.com"},
251+
"Action": "sts:AssumeRole",
252+
}
253+
],
254+
},
255+
"ManagedPolicyArns": [
256+
"arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
257+
],
258+
"Policies": [
259+
{
260+
"PolicyName": "DurableExecutionPolicy",
261+
"PolicyDocument": {
262+
"Version": "2012-10-17",
263+
"Statement": [
264+
{
265+
"Effect": "Allow",
266+
"Action": [
267+
"lambda:CheckpointDurableExecution",
268+
"lambda:GetDurableExecutionState",
269+
],
270+
"Resource": "*",
271+
}
272+
],
273+
},
274+
}
275+
],
276+
},
277+
}
278+
},
242279
}
243280

244281
for example in catalog["examples"]:
@@ -251,6 +288,7 @@ def generate_sam_template(*, skip_durable_config=False):
251288
"CodeUri": "build/",
252289
"Handler": example["handler"],
253290
"Description": example["description"],
291+
"Role": {"Fn::GetAtt": ["DurableFunctionRole", "Arn"]},
254292
},
255293
}
256294

pyproject.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -74,7 +74,7 @@ dependencies = [
7474
[tool.hatch.envs.examples.scripts]
7575
cli = "python examples/cli.py {args}"
7676
bootstrap = "python examples/cli.py bootstrap"
77-
generate-sam = "python examples/cli.py sam {args}"
77+
generate-sam-template = "python examples/cli.py sam {args}"
7878
build = "python examples/cli.py build"
7979
deploy = "python examples/cli.py deploy {args}"
8080
invoke = "python examples/cli.py invoke {args}"

0 commit comments

Comments
 (0)