From 4efd6f773a4ac4133947af18c6cbc227fee2af0a Mon Sep 17 00:00:00 2001
From: Dima Ryazanov <dima@gmail.com>
Date: Thu, 1 Feb 2024 14:56:15 -0800
Subject: [PATCH] wip: test zip uploads

---
 .github/workflows/deploy-lambdas.yml | 102 ++++++++++++++++++++-------
 1 file changed, 76 insertions(+), 26 deletions(-)

diff --git a/.github/workflows/deploy-lambdas.yml b/.github/workflows/deploy-lambdas.yml
index 42530c04547..7572c09d17c 100644
--- a/.github/workflows/deploy-lambdas.yml
+++ b/.github/workflows/deploy-lambdas.yml
@@ -6,23 +6,21 @@ on:
       - ci_deploy_lambdas
 
 jobs:
-  deploy-lambda:
+  deploy-lambda-s3:
     strategy:
       matrix:
         path:
           - access_counts
-          - es/indexer
-          - molecule
-          - pkgevents
-          - pkgpush
-          - pkgselect
-          - preview
-          - s3hash
-          - s3select
-          - status_reports
-          - tabular_preview
-          - thumbnail
-          - transcode
+#          - es/indexer
+#          - pkgevents
+#          - pkgpush
+#          - pkgselect
+#          - preview
+#          - s3hash
+#          - s3select
+#          - status_reports
+#          - tabular_preview
+#          - transcode
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
@@ -30,23 +28,75 @@ jobs:
         run: |
             BUILDER_IMAGE=quiltdata/lambda:build-3.8
 
-            zip_file=$(realpath "$(mktemp)")
-            function_dir=$PWD/lambdas/${{ matrix.path }}
-            shared_dir=$PWD/lambdas/shared
-            build_script=$PWD/lambdas/build_zip.sh
-
-            echo "Pulling latest $BUILDER_IMAGE from Docker Hub"
             docker pull $BUILDER_IMAGE
 
-            # require the :build tag so we can build aicsimageio, etc.
-            # see https://github.com/quiltdata/lambda/pull/2
             docker run --rm \
               --entrypoint /build_zip.sh \
-              -v "$function_dir":/lambda/function:z \
-              -v "$shared_dir":/lambda/shared:z \
-              -v "$zip_file":/out.zip:z \
-              -v "$build_script":/build_zip.sh:z \
+              -v "$PWD/lambdas/${{ matrix.path }}":/lambda/function:z \
+              -v "$PWD/lambdas/shared":/lambda/shared:z \
+              -v "$PWD/out.zip":/out.zip:z \
+              -v "$PWD/lambdas/build_zip.sh":/build_zip.sh:z \
               $BUILDER_IMAGE
+      - name: Configure AWS credentials from Prod account
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: arn:aws:iam::730278974607:role/github/GitHub-Quilt
+          aws-region: us-east-1
+      - name: Upload zips to Prod S3
+        run: |
+            regions=$(aws ec2 describe-regions --query "Regions[].{Name:RegionName}" --output text)
+
+            lambda_name=$(basename "$(pwd)")
+            s3_key="$lambda_name/${{ github.sha }}.zip"
+
+            echo "Uploading to $primary_region..."
+            aws s3 cp --acl public-read ./out.zip "s3://quilt-lambda-$primary_region/$s3_key"
+
+            for region in $regions
+            do
+                if [ "$region" != "$primary_region" ]
+                then
+                    echo "Copying to $region..."
+                    aws s3 cp --acl public-read "s3://quilt-lambda-$primary_region/$s3_key" "s3://quilt-lambda-$region/$s3_key" --region "$region" --source-region "$primary_region"
+                fi
+            done
+
+            echo "Deployed $s3_key"
+      - name: Configure AWS credentials from GovCloud account
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: arn:aws-us-gov:iam::313325871032:role/github/GitHub-Quilt
+          aws-region: us-gov-east-1
+      - name: Upload zips to GovCloud S3
+        run: |
+            regions=$(aws ec2 describe-regions --query "Regions[].{Name:RegionName}" --output text)
+
+            lambda_name=$(basename "$(pwd)")
+            s3_key="$lambda_name/${{ github.sha }}.zip"
+
+            echo "Uploading to $primary_region..."
+            aws s3 cp --acl public-read ./out.zip "s3://quilt-lambda-$primary_region/$s3_key"
 
-            echo "Done running Docker..."
+            for region in $regions
+            do
+                if [ "$region" != "$primary_region" ]
+                then
+                    echo "Copying to $region..."
+                    aws s3 cp --acl public-read "s3://quilt-lambda-$primary_region/$s3_key" "s3://quilt-lambda-$region/$s3_key" --region "$region" --source-region "$primary_region"
+                fi
+            done
 
+            echo "Deployed $s3_key"
+
+  deploy-lambda-ecr:
+    strategy:
+      matrix:
+        path:
+          - molecule
+          - thumbnail
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Build Docker image
+        run: |
+            echo TODO