GitHub Action
AWS Lambda Deploy
GitHub Action for deploying Lambda code to an existing function
Upload zip file to AWS Lambda function.
name: deploy to lambda
on: [push]
jobs:
deploy_zip:
name: deploy lambda function
runs-on: ubuntu-latest
strategy:
matrix:
go-version: [1.21]
steps:
- name: checkout source code
uses: actions/checkout@v3
- name: Install Go
uses: actions/setup-go@v1
with:
go-version: ${{ matrix.go-version }}
- name: Build binary
run: |
cd example && CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -v -a -o main main.go && zip deployment.zip main
- name: default deploy
uses: appleboy/[email protected]
with:
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws_region: ${{ secrets.AWS_REGION }}
function_name: gorush
zip_file: example/deployment.zip
memory_size: 128
timeout: 10
handler: foobar
role: arn:aws:iam::xxxxxxxxxxx:role/test1234
runtime: nodejs12.x
Deploy lambda function with source file
name: deploy to lambda
on: [push]
jobs:
deploy_source:
name: deploy lambda from source
runs-on: ubuntu-latest
steps:
- name: checkout source code
uses: actions/checkout@v3
- name: default deploy
uses: appleboy/[email protected]
with:
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws_region: ${{ secrets.AWS_REGION }}
function_name: gorush
source: example/index.js
Set dry run mode to validate the request parameters and access permissions without modifying the function code.
name: deploy to lambda
on: [push]
jobs:
deploy:
name: deploy lambda function
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: AWS Lambda Deploy
uses: appleboy/[email protected]
with:
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws_region: ${{ secrets.AWS_REGION }}
function_name: gorush
zip_file: output.zip
dry_run: true
Deploy from a specific branch, master
or release
.
name: deploy to lambda
on: [push]
jobs:
deploy:
name: deploy lambda function
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: AWS Lambda Deploy
if: github.ref == 'refs/heads/master'
uses: appleboy/[email protected]
with:
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws_region: ${{ secrets.AWS_REGION }}
function_name: gorush
zip_file: output.zip
dry_run: true
Add multiple environment:
name: deploy to lambda
on: [push]
jobs:
deploy:
name: deploy lambda function
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: AWS Lambda Deploy
if: github.ref == 'refs/heads/master'
uses: appleboy/[email protected]
with:
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws_region: ${{ secrets.AWS_REGION }}
function_name: gorush
zip_file: output.zip
dry_run: true
+ environment: foo=bar,author=appleboy
See action.yml for more detailed information.
- aws_region - aws region
- aws_access_key_id - aws access key id
- aws_secret_access_key - aws secret key
- zip_file - file path of zip file
- source - file list you want to zip
- s3_bucket - An Amazon S3 bucket in the same AWS Region as your function. The bucket can be in a different AWS account.
- s3_key - The Amazon S3 key of the deployment package.
- dry_run - Set to true to validate the request parameters and access permissions without modifying the function code.
- debug - Show debug message after upload the lambda successfully (default as
false
). - publish - Set to true to publish a new version of the function after updating the code. (default as
true
). - reversion_id - Only update the function if the revision ID matches the ID that is specified.
- memory_size - The amount of memory that your function has access to. Increasing the function's memory also increases its CPU allocation. The default value is 128 MB. The value must be a multiple of 64 MB.
- timeout - The amount of time that Lambda allows a function to run before stopping it. The default is 3 seconds. The maximum allowed value is 900 seconds.
- handler - The name of the method within your code that Lambda calls to execute your function.
- role - The function's execution role. Pattern:
arn:(aws[a-zA-Z-]*)?:iam::\d{12}:role/?[a-zA-Z_0-9+=,.@\-_/]+
- runtime - The identifier of the function's runtime.
nodejs | nodejs4.3 | nodejs6.10 | nodejs8.10 | nodejs10.x | nodejs12.x | nodejs14.x | nodejs16.x | java8 | java8.al2 | java11 | python2.7 | python3.6 | python3.7 | python3.8 | python3.9 | dotnetcore1.0 | dotnetcore2.0 | dotnetcore2.1 | dotnetcore3.1 | dotnet6 | nodejs4.3-edge | go1.x | ruby2.5 | ruby2.7 | provided | provided.al2 | nodejs18.x
- environment - Lambda Environment variables. example:
foo=bar,author=appleboy
- image_uri - URI of a container image in the Amazon ECR registry.
- subnets - Select the VPC subnets for Lambda to use to set up your VPC configuration.
- securitygroups - Choose the VPC security groups for Lambda to use to set up your VPC configuration.
- description - A description of the function.
- layers - A list of function layers, to add to the function's execution environment. Specify each layer by its ARN, including the version.
- tracing_mode - Set Mode to
Active
to sample and trace a subset of incoming requests with X-Ray. - max_attempts - The maximum number of times the waiter should attempt to check the resource for the target state.
- architectures - The instruction set architecture that the function supports.
arm64 | x86_64
- ipv6_dual_stack - Enables or disables dual-stack IPv6 support in the VPC configuration
See the UpdateFunctionConfiguration for detail information.
Add the following AWS policy if you want to integrate with GitHub Actions. Please change REGION
, ACCOUNT
and LAMBDA_NAME
variable to your specfic data.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"iam:ListRoles",
"lambda:UpdateFunctionCode",
"lambda:CreateFunction",
"lambda:GetFunction",
"lambda:UpdateFunctionConfiguration",
"lambda:GetFunctionConfiguration"
],
"Resource": "arn:aws:lambda:${REGION}:${ACCOUNT}:function:${LAMBDA_NAME}"
}
]
}
Our function needs permission to upload trace data to X-Ray. When you activate tracing in the Lambda console, Lambda adds the required permissions to your function's execution role. Otherwise, add the AWSXRayDaemonWriteAccess policy to the execution role.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"xray:PutTraceSegments",
"xray:PutTelemetryRecords",
"xray:GetSamplingRules",
"xray:GetSamplingTargets",
"xray:GetSamplingStatisticSummaries"
],
"Resource": [
"*"
]
}
]
}