.github/workflows/layerpipeline.yaml

name: Layer Deployment pipeline 

permissions:
  id-token: write
  contents: read
  actions: read

on:
  push:
    tags:
      - '[0-9]+.[0-9]+.[0-9]+'
    branches:
      - main
    paths:
      - 'pyproject.toml'
      - 'poetry.lock'
      - '.github/workflows/**'

jobs:
  layer:
    name: Dependencies Publish to lambda layer
    runs-on: ubuntu-latest
    concurrency:
      group: lambda-update
      cancel-in-progress: false
    steps:

      - uses: actions/checkout@v3

      - uses: actions/setup-python@v4
        with:
          python-version: '3.10'
          cache: 'pip'

      - name: AWS login
        uses: aws-actions/configure-aws-credentials@v1
        with:
          role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
          role-session-name: gha-lambda-layer-${{ github.event.repository.name }}
          aws-region: ${{ vars.AWS_REGION }}

      - name: Download & zip dependencies
        run: |
          pip install -t python .
          zip -r layer.zip python

      - name: Upload zip to S3
        run: aws s3 cp
                layer.zip
                s3://${{ secrets.AWS_BUCKET }}/${{ github.event.repository.name }}-layer-${{ github.sha }}.zip
                --no-progress

      - name: Deploy layer for AWS Lambda
        run: aws lambda publish-layer-version
                --layer-name "${{ github.event.repository.name }}-layer"
                --description "Layer for ${{ github.event.repository.name }}"
                --content "S3Bucket=${{ secrets.AWS_BUCKET }},S3Key=${{ github.event.repository.name }}-layer-${{ github.sha }}.zip"
                --compatible-runtimes "python3.10"
                --compatible-architectures "x86_64" > layer.json

      - name: Update lambda function to match published layer
        env:
          FUNCTION_NAME: ${{ secrets.FUNCTION_NAME }}
        run: aws lambda update-function-configuration
                --function-name "${FUNCTION_NAME}"
                --layers "$(jq -r '.LayerVersionArn' layer.json)"

      - name: Wait for lambda to be updated
        env:
          FUNCTION_NAME: ${{ secrets.FUNCTION_NAME }}
        run: aws lambda wait function-updated
              --function-name $FUNCTION_NAME
              --output text