From 9c0435e02d71b0cb13ec9fd3a78f1b375cc6a1b2 Mon Sep 17 00:00:00 2001
From: Motty Chen <motty@xirius.com>
Date: Wed, 4 Mar 2026 16:52:10 -0600
Subject: [PATCH] fix(ci): make production lambda check robust

Run Lambda state validation from the Pulumi project directory and poll until the function reaches Active with a successful update status. This prevents false failures and correctly blocks only unhealthy production deploys.

Made-with: Cursor
---
 .github/workflows/deploy-production.yml | 23 ++++++++++++++++-------
 1 file changed, 16 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/deploy-production.yml b/.github/workflows/deploy-production.yml
index 616c653..4c5e6e3 100644
--- a/.github/workflows/deploy-production.yml
+++ b/.github/workflows/deploy-production.yml
@@ -207,20 +207,29 @@ jobs:
           PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
 
       - name: Lambda Runtime State Check
+        working-directory: coaching/pulumi
         run: |
           echo "Validating Lambda runtime state..."
           LAMBDA_ARN=$(pulumi stack output lambdaArn --stack prod)
           LAMBDA_NAME=${LAMBDA_ARN##*:function:}
 
-          STATE=$(aws lambda get-function --function-name "$LAMBDA_NAME" --region us-east-1 --query "Configuration.State" --output text)
-          REASON=$(aws lambda get-function --function-name "$LAMBDA_NAME" --region us-east-1 --query "Configuration.StateReason" --output text)
+          for ATTEMPT in {1..18}; do
+            STATE=$(aws lambda get-function --function-name "$LAMBDA_NAME" --region us-east-1 --query "Configuration.State" --output text)
+            REASON=$(aws lambda get-function --function-name "$LAMBDA_NAME" --region us-east-1 --query "Configuration.StateReason" --output text)
+            UPDATE_STATUS=$(aws lambda get-function --function-name "$LAMBDA_NAME" --region us-east-1 --query "Configuration.LastUpdateStatus" --output text)
 
-          if [ "$STATE" != "Active" ]; then
-            echo "❌ Lambda is not Active (state=$STATE, reason=$REASON)"
-            exit 1
-          fi
+            echo "Attempt $ATTEMPT: state=$STATE, updateStatus=$UPDATE_STATUS, reason=$REASON"
+
+            if [ "$STATE" == "Active" ] && [ "$UPDATE_STATUS" == "Successful" ]; then
+              echo "✅ Lambda state is Active and update status is Successful"
+              exit 0
+            fi
+
+            sleep 10
+          done
 
-          echo "✅ Lambda state is Active"
+          echo "❌ Lambda did not reach Active/Successful in expected time window"
+          exit 1
         env:
           PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}