Correlation runner module / lambda version

[npalm]

Problem

A common problem is that the lambda's are not updated when update the module. Since the lambda's are not part of the terraform module but referenced.

Challenge is how to figure out the lambda version.

Ideas

• Tag instances with lambda version, but how to get the version
• Log the lambda version. This requires the lambda build is setting the right version. Which is either the tag. Or for non tags (development / main) the git ref.

[jkritzen]

@npalm:

Why you don't distribute the lambda.zip files wihtin the modules?

The code to utilize the ZIP from the module is already there:

terraform-aws-github-runner/modules/webhook/direct/webhook.tf

Line 2 in 26ad5c1

lambda_zip = var.config.lambda_zip == null ? "${path.module}/../../../lambdas/functions/webhook/webhook.zip" : var.config.lambda_zip

The only missing is, that the zip file is not existing which gives an error on plan:

If you add the zip files within the module itself, you don't have to brother with the lambda versions, if you update the module, the new lambda version get's deployed.

[npalm]

I think that generated artifacts should not be in source, even if it simple javascript. Indeed it will solve the issue somehow. But I can imagine users will would to verify or rebuild the lambas form a security point of view.

I think it would be better to update the package.json of lambda as port of the release and use that data in the dist build to let the lambda log the current version.