**Nice to Have** IAMBIC Upgrade/Update and associated workflow endpoint for Lambda function apps.

[mxw-sec]

Is your feature request related to a problem? Please describe.
Not related to a problem, however with the frequency of the release schedule on Iambic in its current format, having a built in command would be helpful not only for local installs of iambic, but also to update the Lambda functions for the github app.

Adding in a workflow response for upgrade would also allow users to schedule or adhoc update their lambda function with a simple github action.

Describe the solution you'd like
iambic update or upgrade -- would be an inline execution of pip install --upgrade iambic-core promoting iambic core to the newest release. -- Potential for Beta flags in the future once iambic gets to a stable model.

Describe alternatives you've considered
scheduled task running pip install --upgrade, but that is a per machine setting.

Community Engagement
Help us prioritize this request and express your support by adding a 👍 reaction to the original issue. This will assist both the community and the maintainers in addressing this request.

Side note
If the lambda function does not currently auto update, you will need to create specific documentation on how to update existing github apps to the latest versions of iambic-core so they get the newest feature.

[datfinesoul]

I run iambic using docker run

alias iambic="docker run -it -u $(id -u):$(id -g) -v ${HOME}/.aws:/app/.aws:ro -e AWS_CONFIG_FILE=/app/.aws/config -e AWS_SHARED_CREDENTIALS_FILE=/app/.aws/credentials -e "AWS_PROFILE" -e HOME=/app -v /home/datfinesoul/github/undefined-io/iambic-templates:/templates:Z public.ecr.aws/iambic/iambic:latest"

For me running iambic upgrade would still be useful if that generated changes for the supporting infrastructure. In terms of the executable upgrading itself, would upgrade still be possible using the way I run it?

[mxw-sec]

I run iambic using docker run

alias iambic="docker run -it -u $(id -u):$(id -g) -v ${HOME}/.aws:/app/.aws:ro -e AWS_CONFIG_FILE=/app/.aws/config -e AWS_SHARED_CREDENTIALS_FILE=/app/.aws/credentials -e "AWS_PROFILE" -e HOME=/app -v /home/datfinesoul/github/undefined-io/iambic-templates:/templates:Z public.ecr.aws/iambic/iambic:latest"

For me running iambic upgrade would still be useful if that generated changes for the supporting infrastructure. In terms of the executable upgrading itself, would upgrade still be possible using the way I run it?

Potentially I see two ways of doing this.. 1: would be just repulling the updated container, or two you could bash into the container using docker exec and issue the command that way

[mxw-sec]

if you wanted there might be a way to do it as a scheduled Cron job inside the docker container to every 48 hours or so run iambic upgrade

[castrapel]

Slack conversation for reference: https://noqcommunity.slack.com/archives/C02P9E8BDK6/p1684167712633089

[smoy]

@mxw-sec For NOQ, we would do a terraform apply at https://github.com/noqdev/iambic/tree/main/deployment/github_app. (We actually have terraform monorepo for other stuffs in the company, we will have a slightly modified version like s3 states instead of local states). (Background on why we have terraform there because there is the container image pushing piece (ECR), lambda update piece. So terraform happens to be least path of resistance when I was working at the AWS deployment piece. Looking for feedback there.)

How are you deploying your lambda workflow? Knowing how you typically manage such lambda environment may lead to other solutions.

[mxw-sec]

In this case I used the provided terraform modules. But I wonder if a Cloudformation Stack wouldn't be a better long term solution once the upgrade command is added.

Mainly for the fact that not everyone has terraform in their environment, let alone the experience to actually apply tf stacks.

Could there be a built in function one day inside iambic to deploy a CF stack for the integration, same way yall create the IAM roles??

iambic integrate

But that is future state for sure.