feat: code improvements

Adetokunbo Ige · Adetokunbo Ige · commit fa0801193572 · 2024-11-17T23:20:58.000-08:00
Signed-off-by: Adetokunbo Ige &lt;aige@tempo.io&gt;
diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
@@ -80,9 +80,9 @@ jobs:
         id: build-push-to-ecr
         with:
           context: todo-app/lambda_function
-          file: Dockerfile
+          file: todo-app/lambda_function/Dockerfile
           push: true
           tags: ${{ env.ECR_REGISTRY }}/${{ env.REPO_NAME }}:${{ steps.sha_short.outputs.sha_short }}
-          platforms: linux/amd64,linux/arm64
+          platforms: linux/amd64
           provenance: false
         continue-on-error: false
diff --git a/.github/workflows/pulumi-deploy.yml b/.github/workflows/pulumi-deploy.yml
@@ -13,29 +13,38 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
-      - name: Set up Pulumi
-        uses: pulumi/actions@v3
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4 # More information on this action can be found below in the 'AWS Credentials' section
         with:
-          command: up
-        env:
-          # Set up Pulumi credentials
-          PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
-          
-      - name: Configure AWS credentials  # Only required if deploying to AWS
-        uses: aws-actions/configure-aws-credentials@v2
-        with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: your_aws_region
+          role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
+          aws-region: ${{ secrets.AWS_REGION }}
+          role-session-name: GithubActionsSession
 
       - name: Install Dependencies
+        working-directory: todo-app
         run: |
+          pip install --upgrade pip
           pip install -r requirements.txt
 
-      - name: Run Pulumi Deployment
+      - name: Configure Pulumi
+        working-directory: todo-app
+        run: |
+          pulumi stack select igeadetokunbo/todo-app/dev --non-interactive || pulumi stack init igeadetokunbo/todo-app/dev
+        env:
+          PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
+
+      - name: Pulumi Preview
+        working-directory: todo-app
+        run: |
+          pulumi preview --stack ExitoLab/todo-app/dev --yes --non-interactive
+        env:
+          PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
+
+      - name: Pulumi Up
+        working-directory: todo-app
         run: |
-          pulumi stack select your-pulumi-stack
-          pulumi config set imageName ${{ env.REGISTRY_URL }}/${{ env.IMAGE_NAME }}:latest
-          pulumi up --yes
+          pulumi up --stack ExitoLab/todo-app/dev --yes --non-interactive
+        env:
+          PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
diff --git a/todo-app/Pulumi.dev.yaml b/todo-app/Pulumi.dev.yaml
@@ -0,0 +1,4 @@
+config:
+  todo-app:docker_image: 289940214902.dkr.ecr.us-east-1.amazonaws.com/todo_pulumi_docker_aws_lambda_api_gateway:a10b29b
+  todo-app:environment: dev
+  todo-app:region: us-east-1
diff --git a/todo-app/__main__.py b/todo-app/__main__.py
@@ -1,81 +1,140 @@
-import pulumi
+import pulumi, json
 import pulumi_aws as aws
 from pulumi_docker import Image, DockerBuild
 import pulumi_docker as docker
 
-# Step 1: Create an ECR repository
-docker_image = "289940214902.dkr.ecr.us-east-1.amazonaws.com/todo-app:v1.1"
+from pulumi import Config
+
+# Create a config object to access configuration values
+config = pulumi.Config()
+
+docker_image = config.get("docker_image")
+environment = config.get("environment")
+region = config.get("region")
+
+aws.config.region = region
+
+# First, create the DynamoDB table
+dynamodb_table = aws.dynamodb.Table(
+    f"todo-{environment}",
+    name=f"todo-{environment}",
+    hash_key="id",
+    range_key="timestamp",
+    attributes=[
+        aws.dynamodb.TableAttributeArgs(
+            name="id",
+            type="S"
+        ),
+        aws.dynamodb.TableAttributeArgs(
+            name="timestamp",
+            type="N"
+        ),
+    ],
+    billing_mode="PAY_PER_REQUEST",
+    tags={
+        "Environment": environment,
+        "Created_By": "Pulumi"
+    }
+)
 
 # Create an IAM Role for the Lambda function
-lambda_role = aws.iam.Role("lambdaExecutionRole",
-    assume_role_policy="""{
-      "Version": "2012-10-17",
-      "Statement": [
-        {
-          "Action": "sts:AssumeRole",
-          "Principal": {
-            "Service": "lambda.amazonaws.com"
-          },
-          "Effect": "Allow",
-          "Sid": ""
-        }
-      ]
-    }"""
+# Create Lambda execution role
+lambda_role = aws.iam.Role(
+    "lambdaExecutionRole",
+    assume_role_policy=json.dumps({
+        "Version": "2012-10-17",
+        "Statement": [{
+            "Action": "sts:AssumeRole",
+            "Principal": {
+                "Service": "lambda.amazonaws.com"
+            },
+            "Effect": "Allow",
+            "Sid": ""
+        }]
+    })
 )
 
-# Attach the basic execution policy to the role
-lambda_policy_attachment = aws.iam.RolePolicyAttachment("lambdaExecutionPolicy",
-    role=lambda_role.name,
-    policy_arn="arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
+# Create inline policy for the role
+dynamodb_policy = aws.iam.RolePolicy(
+    f"lambdaRolePolicy-{environment}",
+    role=lambda_role.id,
+    policy=pulumi.Output.json_dumps({
+        "Version": "2012-10-17",
+        "Statement": [
+            {
+                "Effect": "Allow",
+                "Action": [
+                    "dynamodb:Scan",
+                    "dynamodb:PutItem",
+                    "dynamodb:GetItem",
+                    "dynamodb:UpdateItem",
+                    "dynamodb:DeleteItem",
+                    "dynamodb:Query"
+                ],
+                "Resource": [
+                    dynamodb_table.arn,
+                    pulumi.Output.concat(dynamodb_table.arn, "/*")
+                ]
+            },
+            {
+                "Effect": "Allow",
+                "Action": [
+                    "logs:CreateLogGroup",
+                    "logs:CreateLogStream",
+                    "logs:PutLogEvents"
+                ],
+                "Resource": "arn:aws:logs:*:*:*"
+            }
+        ]
+    })
 )
 
 # Create a Lambda function using the Docker image
-lambda_function = aws.lambda_.Function("my-serverless-function",
-    name="my-serverless-function",
-    role=lambda_role.arn,  # Make sure you have the correct IAM role
-    package_type="Image",   # Specify that this is a Docker image
-    image_uri=docker_image,  # Use the image name from the previous step
-    memory_size=512,        # Example memory size
-    timeout=30             # Example timeout in seconds
+lambda_function = aws.lambda_.Function(
+    f"my-serverless-function-{environment}",
+    role=lambda_role.arn,
+    package_type="Image",
+    image_uri=docker_image,
+    memory_size=512,
+    timeout=30,
+    opts=pulumi.ResourceOptions(depends_on=[lambda_role])
 )
 
 # Create an API Gateway REST API
-api = aws.apigateway.RestApi("my-api",
+api = aws.apigateway.RestApi(f"my-api-{environment}",
     description="My serverless API")
 
 # Create a catch-all resource for the API
-proxy_resource = aws.apigateway.Resource("proxy-resource",
+proxy_resource = aws.apigateway.Resource(f"proxy-resource-{environment}",
     rest_api=api.id,
     parent_id=api.root_resource_id,
     path_part="{proxy+}")
 
 # Create a method for the proxy resource that allows any method
-method = aws.apigateway.Method("proxy-method",
+method = aws.apigateway.Method(f"proxy-method-{environment}",
     rest_api=api.id,
     resource_id=proxy_resource.id,
     http_method="ANY",
     authorization="NONE")
 
 # Integration of Lambda with API Gateway using AWS_PROXY
-integration = aws.apigateway.Integration("proxy-integration",
+integration = aws.apigateway.Integration(f"proxy-integration-{environment}",
     rest_api=api.id,
     resource_id=proxy_resource.id,
     http_method=method.http_method,
     integration_http_method="POST",
     type="AWS_PROXY",
     uri=lambda_function.invoke_arn)  # Ensure lambda_function is defined
 
-
-lambda_permission = aws.lambda_.Permission("api-gateway-lambda-permission",
+lambda_permission = aws.lambda_.Permission(f"api-gateway-lambda-permission-{environment}",
     action="lambda:InvokeFunction",
     function=lambda_function.name,
     principal="apigateway.amazonaws.com",
     source_arn=pulumi.Output.concat(api.execution_arn, "/*/*")
 )
 
-
 # Deployment of the API, explicitly depends on method and integration to avoid timing issues
-deployment = aws.apigateway.Deployment("api-deployment",
+deployment = aws.apigateway.Deployment(f"api-deployment-{environment}",
     rest_api=api.id,
     stage_name="dev",
     opts=pulumi.ResourceOptions(
@@ -90,8 +149,4 @@
 
 pulumi.export("api_invoke_url", api_invoke_url)
 
-
-# # Output the invoke URL of the API
-# pulumi.export("api_invoke_url", pulumi.Output.all(api.id, aws.config.region).apply(lambda values: f"https://{values[0]}.execute-api.{values[1]}.amazonaws.com/dev/{proxy_resource.path_part}"))
-
 # #How does Pulumi stores statesfile
diff --git a/todo-app/lambda_function/.env b/todo-app/lambda_function/.env
diff --git a/todo-app/lambda_function/lambda.py b/todo-app/lambda_function/lambda.py
