refactor: move action to repo root

aws-lambda-update/README.md

@@ -0,0 +1,50 @@
+# aws-lambda-update
+
+Update Lambda function alias to a new version, optionally wait for provisioned concurrency.
+
+## Inputs
+
+| Input | Required | Default | Description |
+|-------|----------|---------|-------------|
+| `function-name` | Yes | | Lambda function name |
+| `function-version` | Yes | | Lambda version number |
+| `alias-name` | Yes | | Alias name |
+| `aws-role-arn` | Yes | | IAM role via OIDC |
+| `wait-provisioned-concurrency` | No | `false` | Poll until provisioned concurrency is READY |
+| `aws-profile` | No | `default` | AWS CLI profile name |
+| `region` | No | `eu-central-1` | AWS region |
+| `lambda-alias-updates-json` | No | `""` | JSON array of `{function_name, version, alias_name}` objects for batch updates |
+
+## Usage
+
+```yaml
+- uses: schmalz/shared-actions/.github/actions/aws-lambda-update@v1
+  with:
+    function-name: my-function
+    function-version: "42"
+    alias-name: live
+    aws-role-arn: ${{ secrets.AWS_ROLE_ARN }}
+    wait-provisioned-concurrency: "true"
+```
+
+### Batch update
+
+```yaml
+- uses: schmalz/shared-actions/.github/actions/aws-lambda-update@v1
+  with:
+    function-name: unused
+    function-version: "0"
+    alias-name: unused
+    aws-role-arn: ${{ secrets.AWS_ROLE_ARN }}
+    lambda-alias-updates-json: |
+      [
+        {"function_name": "fn-a", "version": "3", "alias_name": "live"},
+        {"function_name": "fn-b", "version": "7", "alias_name": "live"}
+      ]
+```
+
+## Notes
+
+- When `lambda-alias-updates-json` is set, the single-alias inputs (`function-name`, `function-version`, `alias-name`) are ignored.
+- Provisioned concurrency polling checks every 5 seconds and fails the step if status becomes `FAILED`.
+- Uses `aws-configure` internally for OIDC authentication.

aws-lambda-update/action.yml

@@ -0,0 +1,95 @@
+name: aws-lambda-update
+description: Update Lambda function alias to a new version, optionally wait for provisioned concurrency
+
+inputs:
+  function-name:
+    description: Lambda function name
+    required: true
+  function-version:
+    description: Lambda version number
+    required: true
+  alias-name:
+    description: Alias name
+    required: true
+  wait-provisioned-concurrency:
+    description: Poll until provisioned concurrency is READY
+    required: false
+    default: "false"
+  aws-role-arn:
+    description: IAM role via OIDC
+    required: true
+  aws-profile:
+    description: AWS CLI profile name
+    required: false
+    default: default
+  region:
+    description: AWS region
+    required: false
+    default: eu-central-1
+  lambda-alias-updates-json:
+    description: JSON array of {function_name, version, alias_name} objects; when set, applies all entries instead of single alias
+    required: false
+    default: ""
+
+runs:
+  using: composite
+  steps:
+    - uses: schmalz/shared-actions/.github/actions/aws-configure@v1
+      with:
+        role-arn: ${{ inputs.aws-role-arn }}
+        aws-profile: ${{ inputs.aws-profile }}
+        region: ${{ inputs.region }}
+
+    - run: |
+        AWS_PROFILE="${{ inputs.aws-profile }}"
+        WAIT_PC="${{ inputs.wait-provisioned-concurrency }}"
+
+        update_alias() {
+          local fn="$1" ver="$2" alias="$3"
+          echo "Updating alias '$alias' on '$fn' to version $ver"
+          aws lambda update-alias \
+            --function-name "$fn" \
+            --name "$alias" \
+            --function-version "$ver" \
+            --profile "$AWS_PROFILE"
+        }
+
+        wait_provisioned_concurrency() {
+          local fn="$1" alias="$2"
+          echo "Waiting for provisioned concurrency on '$fn' alias '$alias'..."
+          while true; do
+            STATUS=$(aws lambda get-provisioned-concurrency-config \
+              --function-name "$fn" \
+              --qualifier "$alias" \
+              --profile "$AWS_PROFILE" \
+              --query 'Status' --output text 2>/dev/null || echo "NOT_FOUND")
+            echo "  Status: $STATUS"
+            if [ "$STATUS" = "READY" ]; then
+              break
+            elif [ "$STATUS" = "FAILED" ]; then
+              echo "ERROR: Provisioned concurrency failed for '$fn' alias '$alias'"
+              exit 1
+            fi
+            sleep 5
+          done
+        }
+
+        UPDATES_JSON='${{ inputs.lambda-alias-updates-json }}'
+
+        if [ -n "$UPDATES_JSON" ]; then
+          echo "$UPDATES_JSON" | jq -c '.[]' | while read -r entry; do
+            FN=$(echo "$entry" | jq -r '.function_name')
+            VER=$(echo "$entry" | jq -r '.version')
+            ALIAS=$(echo "$entry" | jq -r '.alias_name')
+            update_alias "$FN" "$VER" "$ALIAS"
+            if [ "$WAIT_PC" = "true" ]; then
+              wait_provisioned_concurrency "$FN" "$ALIAS"
+            fi
+          done
+        else
+          update_alias "${{ inputs.function-name }}" "${{ inputs.function-version }}" "${{ inputs.alias-name }}"
+          if [ "$WAIT_PC" = "true" ]; then
+            wait_provisioned_concurrency "${{ inputs.function-name }}" "${{ inputs.alias-name }}"
+          fi
+        fi
+      shell: bash