Merge pull request #2 from rhythmictech/shasum

shasum

Author: Scott Miller

.github/workflows/lambda_zip.yaml

@@ -1,4 +1,4 @@
-name: Create a zipped lambda func for deployment
+name: release
 
 on:
   release:
@@ -16,13 +16,43 @@ jobs:
       - name: Build Lambda Function
         run: |
           zip lambda.zip rolling-restart.py
+          ls
 
-      - name: Upload lambda to assets
-        uses: actions/upload-release-asset@v1.0.2
+      - name: upload zip artifact
+        uses: actions/upload-artifact@v2
+        with:
+          name: lambda.zip
+          path: ${{ github.workspace }}/lambda.zip
+          if-no-files-found: error
+
+      - name: get checksum
+        run: cat lambda.zip | openssl dgst -binary -sha256 | base64 > lambda.sha256base64
+
+      - name: upload shasum artifact
+        uses: actions/upload-artifact@v2
+        with:
+          name: lambda.sha256base64
+          path: ${{ github.workspace }}/lambda.zip
+          if-no-files-found: error
+
+      - name: Upload zip
+        id: upload-zip
+        uses: actions/upload-release-asset@v1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
           upload_url: ${{ github.event.release.upload_url }}
           asset_path: ./lambda.zip
           asset_name: lambda.zip
           asset_content_type: application/zip
+
+      - name: Upload shasum
+        id: upload-shasum
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ github.event.release.upload_url }}
+          asset_path: ./lambda.sha256base64
+          asset_name: lambda.sha256base64
+          asset_content_type: text/plain

getsha.sh

@@ -0,0 +1,3 @@
+#! /usr/bin/env bash
+ARGS=($(jq -r --unbuffered '.repo_full_name,.tag'))
+curl -Ls "https://github.com/${ARGS[0]}/releases/download/${ARGS[1]}/lambda.sha256base64" | jq -cR '{"sha": .}'

main.tf

@@ -1,7 +1,8 @@
 module "tags" {
-  source = "git::https://github.com/rhythmictech/terraform-terraform-tags.git?ref=v0.0.2"
+  source = "rhythmictech/tags/terraform"
+  version = "~> 1.1"
   tags   = var.tags
-  
+
   names = [
     var.name,
     "rolling-restart",
@@ -15,7 +16,7 @@ module "lambda_version" {
 
   repo_name          = local.repo_name
   repo_owner         = local.repo_owner
-  version_constraint = "~1.0.1-rc5"
+  version_constraint = var.lambda_version_constraint
 }
 
 locals {
@@ -29,10 +30,20 @@ resource "null_resource" "lambda_zip" {
   }
 
   provisioner "local-exec" {
-    command = "curl -Lso ${path.module}/lambda.zip https://github.com/${local.repo_full_name}/releases/download/${local.lambda_version_tag}/lambda.zip"
+    command = "curl -Lso lambda-${local.lambda_version}.zip https://github.com/${local.repo_full_name}/releases/download/${local.lambda_version_tag}/lambda.zip"
   }
 }
 
+data "external" "sha" {
+  program = [
+    "${path.module}/getsha.sh"
+  ]
+
+  query = {
+    repo_full_name = local.repo_full_name
+    tag            = local.lambda_version_tag
+  }
+}
 
 data "aws_iam_policy_document" "lambda_assume_role_policy" {
   statement {
@@ -82,7 +93,6 @@ data "aws_iam_policy_document" "lambda_policy_doc" {
       "*"
     ]
   }
-
 }
 
 resource "aws_iam_role_policy" "this" {
@@ -98,26 +108,28 @@ resource "aws_iam_role_policy_attachment" "lambda-execution-role-attach" {
 
 resource "random_uuid" "lambda_uuid" {}
 
-
 resource "aws_lambda_function" "this" {
-  filename         = "${path.module}/lambda.zip"
+  filename         = "lambda-${local.lambda_version}.zip"
   function_name    = "${module.tags.name32}_${substr(random_uuid.lambda_uuid.result, 0, 31)}"
   role             = aws_iam_role.this.arn
   handler          = "rolling-restart.handler"
   runtime          = "python3.6"
   timeout          = 600
-  source_code_hash = data.archive_file.this.output_base64sha256
+  source_code_hash = data.external.sha.result.sha
   tags             = module.tags.tags
+
   environment {
     variables = {
       ASG_NAME = var.asg_name
       LOGLEVEL = var.loglevel
     }
   }
+
   lifecycle {
     ignore_changes = [
-      filename,
-      last_modified,
+      last_modified
     ]
   }
+
+  depends_on = [null_resource.lambda_zip]
 }

variables.tf

@@ -10,6 +10,12 @@ locals {
   repo_name      = "terraform-aws-asg-rolling-restart-lambda"
 }
 
+variable "lambda_version_constraint" {
+  default     = "~1.0.1-rc9"
+  description = "NPM style version constraint to apply when looking for the correct version of the lambda code"
+  type        = string
+}
+
 variable "loglevel" {
   type        = string
   default     = "INFO"