This repository contains source code and supporting files for a serverless Lambda container application. The application uses an AWS Lambda function to process JSON input and write it to a cloned repository. The changes are then committed and pushed to your GitHub Enterprise Server, creating a new repository with custom configurations from your template.
- AWS Lambda container image built with Packer and stored in ECR
- Infrastructure managed with Terraform
- Automated CI/CD using GitHub Actions
- Secret management using AWS Systems Manager Parameter Store
This project is split into two repositories:
-
template-automation-lambda (this repository)
- Contains the Lambda function source code
- Builds the container image with Packer
- Publishes the image to ECR
-
terraform-aws-template-automation
- Terraform module that deploys the Lambda infrastructure
- Creates and configures all required AWS resources
- Manages GitHub-specific configuration via SSM parameters
- Handles permissions, API Gateway, and other infrastructure
- AWS credentials with appropriate permissions
- GitHub Personal Access Token (PAT) stored in AWS Systems Manager Parameter Store
- Docker (for local development)
- Terraform
- Packer
- Python 3.11+
The Lambda function gets its configuration from SSM Parameter Store with the following parameters:
/template-automation/GITHUB_API- GitHub API URL/template-automation/GITHUB_ORG_NAME- GitHub organization name/template-automation/TEMPLATE_REPO_NAME- Name of the template repository/template-automation/TEMPLATE_CONFIG_FILE- Name of the config file (default: config.json)/template-automation/GITHUB_COMMIT_AUTHOR_NAME- Name for commit author/template-automation/GITHUB_COMMIT_AUTHOR_EMAIL- Email for commit author/template-automation/TEMPLATE_TOPICS- Comma-separated list of repository topics
These parameters are managed by the terraform-aws-template-automation module. When deploying
the Lambda function using the Terraform module, configure these variables in the module:
module "template_automation" {
source = "github.com/HappyPathway/terraform-aws-template-automation"
# GitHub configuration
github_api_url = "https://api.github.com"
github_org_name = "your-org"
template_repo_name = "your-template-repo"
# Other module configuration...
}-
Clone this repository:
git clone <your-github-enterprise-url>/template-automation-lambda.git cd template-automation-lambda
-
Install Python dependencies:
cd template_automation pip install -r requirements.txt -
Configure AWS credentials either through environment variables or AWS CLI profile
-
Store your GitHub PAT in AWS Systems Manager Parameter Store. The parameter name should match the value of
GITHUB_TOKEN_SECRET_NAMEineks_automation/app.py
The project uses GitHub Actions for automated deployments. On push to main:
- Creates/updates ECR repository using Terraform
- Builds Lambda container image using Packer
- Pushes image to ECR
- Tags the release
For manual deployment:
-
Initialize Terraform:
terraform init
-
Apply Terraform configuration:
terraform apply
-
Build and push container image:
packer init packer.pkr.hcl packer build -var "repository_uri=$(terraform output -raw repository_uri)" -var "tag=latest" packer.pkr.hcl
The Lambda function accepts JSON input in the following format:
{
"project_name": "string",
"template_settings": {
"attrs": {
"account_name": "my-account",
"aws_region": "us-east-1",
"team_contact": "someone@example.com",
"project_name": "my-project",
"environment": "development",
"environment_abbr": "dev",
"organization": "my-org:my-division:my-team",
"project_id": "proj_001",
"domain_name": "dev.example.com"
},
"tags": {
"slim:schedule": "8:00-17:00"
}
}
}To run the unit tests:
cd eks_automation
python -m pytest tests/ -v -m "not integration"The integration tests require real GitHub API access. To run them:
- Set up the required environment variables:
export GITHUB_TOKEN="your-github-token"
export GITHUB_API="https://api.github.com" # or your GitHub Enterprise URL
export GITHUB_ORG="your-org-name"- Run the integration tests:
cd eks_automation
python -m pytest tests/ -v -m integrationNote: Integration tests will create temporary repositories in your GitHub organization. These repositories will be archived (not deleted) after the tests complete. To implement full cleanup, the test code would need to be modified to delete repositories instead of archiving them.