diff --git a/.github/workflows/ecdsa_default.yml b/.github/workflows/ecdsa_default.yml index a059e41..0c5047e 100644 --- a/.github/workflows/ecdsa_default.yml +++ b/.github/workflows/ecdsa_default.yml @@ -72,6 +72,7 @@ jobs: uses: actions/checkout@v4 - name: Set up Python 3.12 + id: setup_python uses: actions/setup-python@v5 with: python-version: '3.12' @@ -90,11 +91,17 @@ jobs: - name: Terraform initialise run: > - terraform init - -backend-config=bucket=${{ secrets.TERRAFORM_STATE_BUCKET}} - -backend-config=key=${{ secrets.TERRAFORM_STATE_KEY}} + terraform init + -backend-config=bucket=${{ secrets.TERRAFORM_STATE_BUCKET}} + -backend-config=key=${{ secrets.TERRAFORM_STATE_KEY}} -backend-config=region=${{ secrets.TERRAFORM_STATE_REGION}} + - name: cache built python modules + uses: actions/cache@v4 + with: + key: modules_terraform-aws-ca-lambda_build_${{ hashFiles('./modules/terraform-aws-ca-lambda/lambda_code/**') }}_py${{ steps.setup_python.outputs.python-version }} + path: ./modules/terraform-aws-ca-lambda/build + - name: terraform plan run: terraform plan -out tfplan @@ -135,7 +142,7 @@ jobs: - name: Delete all DynamoDB items run: | - python tests/scripts/delete_db_table_items.py + python tests/scripts/delete_db_table_items.py start_ca: name: Start CA @@ -180,7 +187,7 @@ jobs: id-token: write contents: read checks: write - + steps: - name: Checkout uses: actions/checkout@v4 diff --git a/.github/workflows/rsa_public_crl.yml b/.github/workflows/rsa_public_crl.yml index efaf556..21de751 100644 --- a/.github/workflows/rsa_public_crl.yml +++ b/.github/workflows/rsa_public_crl.yml @@ -76,6 +76,7 @@ jobs: uses: actions/checkout@v4 - name: Set up Python 3.12 + id: setup_python uses: actions/setup-python@v5 with: python-version: '3.12' @@ -94,11 +95,17 @@ jobs: - name: Terraform initialise run: > - terraform init - -backend-config=bucket=${{ secrets.RSA_TERRAFORM_STATE_BUCKET}} - -backend-config=key=${{ secrets.TERRAFORM_STATE_KEY}} + terraform init + -backend-config=bucket=${{ secrets.RSA_TERRAFORM_STATE_BUCKET}} + -backend-config=key=${{ secrets.TERRAFORM_STATE_KEY}} -backend-config=region=${{ secrets.TERRAFORM_STATE_REGION}} + - name: cache built python modules + uses: actions/cache@v4 + with: + key: modules_terraform-aws-ca-lambda_build_${{ hashFiles('./modules/terraform-aws-ca-lambda/lambda_code/**') }}_py${{ steps.setup_python.outputs.python-version }} + path: ./modules/terraform-aws-ca-lambda/build + - name: terraform plan run: terraform plan -out tfplan @@ -175,7 +182,7 @@ jobs: - name: Start CA run: | python tests/scripts/start_ca_step_function.py - + integration_tests: name: Integration Tests runs-on: ubuntu-latest @@ -184,7 +191,7 @@ jobs: id-token: write contents: read checks: write - + steps: - name: Checkout uses: actions/checkout@v4 @@ -203,7 +210,7 @@ jobs: with: role-to-assume: ${{ secrets.RSA_AWS_DEPLOY_ROLE_ARN}} aws-region: ${{ secrets.AWS_REGION }} - + - name: Integration tests run: | pytest -v tests diff --git a/modules/terraform-aws-ca-lambda/archive/.gitkeep b/modules/terraform-aws-ca-lambda/archive/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/modules/terraform-aws-ca-lambda/main.tf b/modules/terraform-aws-ca-lambda/main.tf index d71c749..303bc20 100644 --- a/modules/terraform-aws-ca-lambda/main.tf +++ b/modules/terraform-aws-ca-lambda/main.tf @@ -1,6 +1,9 @@ resource "null_resource" "install_python_dependencies" { triggers = { - always_run = timestamp() + source_archive_checksum = data.archive_file.lambda_source.output_base64sha256 + + # static value (true) if present, variable value (timestamp()) when not present. (so the 'false' state isn't static and forces a build by change of state whenever so. a static false value doesn't force change of state.) + build_already_present = fileexists("${path.module}/build/${local.file_name}/__init__.py") ? true : timestamp() } provisioner "local-exec" { @@ -19,16 +22,22 @@ resource "null_resource" "install_python_dependencies" { } } +data "archive_file" "lambda_source" { + type = "zip" + source_dir = "${path.module}/lambda_code/${local.file_name}" + output_path = "${path.module}/archive/${local.file_name}.src.zip" +} + data "archive_file" "lambda_zip" { depends_on = [null_resource.install_python_dependencies] type = "zip" source_dir = "${path.module}/build/${local.file_name}" - output_path = "${path.module}/build/${local.file_name}.zip" + output_path = "${path.module}/archive/${local.file_name}.zip" } resource "aws_lambda_function" "lambda" { - filename = "${path.module}/build/${local.file_name}.zip" - source_code_hash = sha1(join("", [for f in fileset("${path.module}/lambda_code/${local.file_name}", "*") : filesha1("${path.module}/lambda_code/${local.file_name}/${f}")])) + filename = data.archive_file.lambda_zip.output_path + source_code_hash = data.archive_file.lambda_zip.output_base64sha256 function_name = "${var.project}-${var.function_name}-${var.env}" description = "${var.project} ${var.description}" role = var.lambda_role_arn @@ -71,4 +80,4 @@ resource "aws_lambda_permission" "lambda_invoke" { action = "lambda:InvokeFunction" function_name = aws_lambda_function.lambda.function_name principal = each.value -} \ No newline at end of file +} diff --git a/modules/terraform-aws-ca-lambda/scripts/lambda-build/create-package.sh b/modules/terraform-aws-ca-lambda/scripts/lambda-build/create-package.sh old mode 100644 new mode 100755 index d5d5347..7290653 --- a/modules/terraform-aws-ca-lambda/scripts/lambda-build/create-package.sh +++ b/modules/terraform-aws-ca-lambda/scripts/lambda-build/create-package.sh @@ -37,4 +37,4 @@ cp -r $path_cwd/utils $path_cwd/build/$dir_name echo "Removing virtual environment folder..." rm -rf $path_cwd/build/env_$function_name -echo "Finished script execution!" \ No newline at end of file +echo "Finished script execution!"