deploy-email-function.yml

name: Deploy email-function

on:
  push:
    branches:
      - main
    paths:
      - .github/workflows/deploy-email-function.yml
      - .github/workflows/build-email-function.yml
      - bun-packages/**
  workflow_dispatch:
    inputs:
      environment:
        description: "Target environment"
        required: true
        default: "test"
        type: choice
        options:
          - test
      git_ref:
        description: "Git ref (SHA, tag, branch, ...) to deploy (if empty, defaults to the latest commit)"
        type: string
        default: "develop"
        required: true

jobs:
  build:
    uses: ./.github/workflows/build-email-function.yml
    with:
      git_ref: ${{ github.event.inputs.git_ref || 'develop' }}

  deploy:
    runs-on: ubuntu-24.04

    # Related
    # - https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
    # - https://docs.github.com/en/rest/authentication/permissions-required-for-github-apps
    permissions:
      id-token: write # Required for aws-actions/configure-aws-credentials
      contents: read # Required for aws-actions/configure-aws-credentials

    needs: [build]

    environment: email-function-${{ inputs.environment || 'test' }}

    steps:
      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v4.0.2
        with:
          role-to-assume: ${{ vars.IAM_ROLE_ARN }}
          aws-region: eu-central-1

      - name: Retrieve email-function artifact
        uses: actions/download-artifact@v4.1.8
        with:
          name: email-function-dist
          path: bun-packages/packages/email-function/dist

      - name: Prepare ZIP
        run: zip -r ../dist.zip .
        working-directory: bun-packages/packages/email-function/dist/

      - name: Deploy
        run: aws lambda update-function-code --function-name email-function --zip-file fileb://dist.zip
        working-directory: bun-packages/packages/email-function/