Skip to content

Deploying Lambda code with drone CI to an existing function

License

Notifications You must be signed in to change notification settings

appleboy/drone-lambda

Repository files navigation

drone-lambda

GoDoc codecov Go Report Card Docker Pulls

Deploying Lambda code with drone CI to an existing function. The plugin automatically deployes a serverless function to AWS Lambda from a zip file located in an S3 bucket. This plugin does not handle creating or uploading the zip file.

cover

Build or Download a binary

The pre-compiled binaries can be downloaded from release page. Support the following OS type.

  • Windows amd64/386
  • Linux amd64/386
  • Darwin amd64/386

With Go installed

go install github.com/appleboy/drone-lambda@latest

or build the binary with the following command:

export GOOS=linux
export GOARCH=amd64
export CGO_ENABLED=0
export GO111MODULE=on

go test -cover ./...

go build -v -a -tags netgo -o release/linux/amd64/drone-lambda .

Docker

Build the docker image with the following commands:

make docker

Usage

There are three ways to send notification.

Usage from binary

Update lambda function from zip file.

$ drone-lambda --region ap-southeast-1 \
  --access-key xxxx \
  --secret-key xxxx \
  --function-name upload-s3 \
  --zip-file deployment.zip

Update lambda function from s3 object.

$ drone-lambda --region ap-southeast-1 \
  --access-key xxxx \
  --secret-key xxxx \
  --function-name upload-s3 \
  --s3-bucket some-bucket \
  --s3-key lambda-dir/lambda-project-${DRONE_BUILD_NUMBER}.zip

Usage from docker

Update lambda function from zip file.

docker run --rm \
  -e AWS_ACCESS_KEY_ID=xxxxxxx \
  -e AWS_SECRET_ACCESS_KEY=xxxxxxx \
  -e FUNCTION_NAME=upload-s3 \
  -e ZIP_FILE=deployment.zip \
  -v $(pwd):$(pwd) \
  -w $(pwd) \
  appleboy/drone-lambda

Update lambda function from s3 object.

docker run --rm \
  -e AWS_ACCESS_KEY_ID=xxxxxxx \
  -e AWS_SECRET_ACCESS_KEY=xxxxxxx \
  -e FUNCTION_NAME=upload-s3 \
  -e S3_BUCKET=some-bucket \
  -e S3_KEY=lambda-project.zip \
  appleboy/drone-lambda

Usage from drone ci

Update lambda function, execute from the working directory:

docker run --rm \
  -e AWS_ACCESS_KEY_ID=xxxxxxx \
  -e AWS_SECRET_ACCESS_KEY=xxxxxxx \
  -e FUNCTION_NAME=upload-s3 \
  -e ZIP_FILE=deployment.zip \
  -v $(pwd):$(pwd) \
  -w $(pwd) \
  appleboy/drone-lambda

Deploy with Drone

kind: pipeline
name: default

steps:
- name: build
  image: golang:1.15
  commands:
  - apt-get update && apt-get -y install zip
  - cd example && GOOS=linux go build -v -a -o main main.go && zip deployment.zip main

- name: deploy-lambda
  image: appleboy/drone-lambda
  settings:
    pull: true
    access_key:
      from_secret: AWS_ACCESS_KEY_ID
    secret_key:
      from_secret: AWS_SECRET_ACCESS_KEY
    region:
      from_secret: AWS_REGION
    function_name: gorush
    zip_file: example/deployment.zip
    debug: true

AWS Policy

Add the following AWS policy if you want to integrate with CI/CD tools like Jenkins, GitLab Ci or Drone. Your function needs permission to upload trace data to X-Ray. When you activate tracing in the Lambda console, Lambda adds the required permissions to your function's execution role. Otherwise, add the AWSXRayDaemonWriteAccess policy to the execution role.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "iam:ListRoles",
        "lambda:UpdateFunctionCode",
        "lambda:CreateFunction",
        "lambda:GetFunction",
        "lambda:GetFunctionConfiguration",
        "lambda:UpdateFunctionConfiguration"
      ],
      "Resource": "arn:aws:logs:*:*:*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "xray:PutTraceSegments",
        "xray:PutTelemetryRecords",
        "xray:GetSamplingRules",
        "xray:GetSamplingTargets",
        "xray:GetSamplingStatisticSummaries"
      ],
      "Resource": [
        "*"
      ]
    }
  ]
}