Cleanup lambda image stuff

IDEA.md

@@ -55,7 +55,7 @@ Usage would look something like this:
 
 ```hcl
 module my_lambda_container {
-  source = "./modules/lambda-container"
+  source = "./modules/lambda-image-republish"
   source_lambda_repo = "123456789012.dkr.ecr.us-west-2.amazonaws.com/my-lambda"
   source_lambda_tag = "latest"
 }

PLAN.md

@@ -4,15 +4,15 @@
 
 ## Phase 0: Establish repo scaffolding
 
-- [x] Create directories: `modules/scheduled-lambda`, `modules/email-notification`, `modules/sms-notification`, `modules/lambda-container`, `examples/basic`.
+- [x] Create directories: `modules/scheduled-lambda`, `modules/email-notification`, `modules/sms-notification`, `modules/lambda-image-republish`, `examples/basic`.
 - [x] Add shared Terraform version constraints/provider stubs (`versions.tf`), ignore `.terraform.lock.hcl`, and add `.gitignore`.
 - [x] Wire `tofu fmt` via pre-commit hook.
 - [x] Add Pixi project file with toolchain (terraform/tofu, python for lambdas)
 - [x] Verify: run `terraform fmt -recursive`/`tofu fmt` and `terraform validate` at repo root; ensure pre-commit passes; ensure CI bootstrap (if added) passes locally.
 
 ## Phase 1: Lambda container image management modules
 
-### Phase 1.1: Build Lambda container republish module (`modules/lambda-container`)
+### Phase 1.1: Build Lambda container republish module (`modules/lambda-image-republish`)
 - [x] Inputs: `source_lambda_repo`, `source_lambda_tag`, optional destination repo name, KMS encryption flag.
 - [x] Resources: destination ECR repo, permissions for pull/push, data source for source image digest, replication via `null_resource`/`local-exec` or pull-through cache rule.
 - [x] Outputs: destination `lambda_image_uri` for scheduled module.
@@ -60,7 +60,7 @@ To-do:
 ## Phase 4: Build notification modules
 
 ### Phase 4.1: Notification containers and queueing infra
-- [ ] Build one container per notification channel (email, SMS, print) using shared helpers from `src/cloud_cron/notifications/`; allow build or republish via `lambda-image-build` or `lambda-container`.
+- [ ] Build one container per notification channel (email, SMS, print) using shared helpers from `src/cloud_cron/notifications/`; allow build or republish via `lambda-image-build` or `lambda-image-republish`.
 - [x] Add a minimal "print" notifier handler that renders the template and logs/prints it for easy testing.
 - [x] Terraform: reusable notification plumbing module (SNS FIFO topic -> SQS FIFO queue -> Lambda event source mapping) with SQS access policy output.
 - [ ] Terraform: per-channel container build/publish; channel modules use the plumbing module and add channel-specific IAM and config.

examples/basic/main.tf

@@ -22,7 +22,6 @@ module "lambda_image_build" {
   repository_name = var.repository_name
   image_tag       = var.image_tag
   platform        = var.platform
-  build_args      = var.build_args
   tags            = local.common_tags
 }
 
@@ -38,13 +37,12 @@ module "print_lambda_image_build" {
   repository_name = var.print_repository_name
   image_tag       = var.image_tag
   platform        = var.platform
-  build_args      = var.build_args
   tags            = local.common_tags
 }
 
 module "lambda_container_republish" {
   count  = var.enable_republish ? 1 : 0
-  source = "../../modules/lambda-container"
+  source = "../../modules/lambda-image-republish"
 
   source_lambda_repo          = var.source_lambda_repo
   source_lambda_tag           = var.source_lambda_tag

examples/basic/variables.tf

@@ -28,12 +28,6 @@ variable "platform" {
   default     = "linux/amd64"
 }
 
-variable "build_args" {
-  description = "Build arguments passed to docker buildx."
-  type        = map(string)
-  default     = {}
-}
-
 variable "enable_republish" {
   description = "Set to true to republish from an existing ECR repository instead of building locally."
   type        = bool

modules/lambda-image-build/main.tf

@@ -4,8 +4,6 @@ locals {
     "${basename(abspath(var.source_dir))}-source",
   )
   tags                = merge({ managed_by = "cloudcron" }, var.tags)
-  build_args_list     = [for k, v in var.build_args : format("--build-arg %s=%s", k, v)]
-  build_args_str      = length(local.build_args_list) == 0 ? "" : "${join(" ", local.build_args_list)} "
   dockerfile_arg      = var.dockerfile_path == null ? "" : "-f ${var.dockerfile_path} "
   build_context_paths = var.build_context_paths == null ? [var.source_dir] : var.build_context_paths
   build_context_hash = sha1(join("", [
@@ -59,7 +57,6 @@ resource "null_resource" "build_and_push" {
   triggers = {
     image_tag       = var.image_tag
     repository_url  = aws_ecr_repository.lambda_image.repository_url
-    build_args      = jsonencode(var.build_args)
     platform        = var.platform
     build_context   = local.build_context_hash
     repository_name = aws_ecr_repository.lambda_image.name
@@ -71,7 +68,7 @@ resource "null_resource" "build_and_push" {
     command     = <<-EOC
       set -euo pipefail
       aws ecr get-login-password --region ${data.aws_region.current.name} | docker login --username AWS --password-stdin ${data.aws_caller_identity.current.account_id}.dkr.ecr.${data.aws_region.current.name}.amazonaws.com
-      docker buildx build --platform ${var.platform} ${local.build_args_str}${local.dockerfile_arg}-t ${aws_ecr_repository.lambda_image.repository_url}:${var.image_tag} ${var.source_dir}
+      docker buildx build --platform ${var.platform} ${local.dockerfile_arg}-t ${aws_ecr_repository.lambda_image.repository_url}:${var.image_tag} ${var.source_dir}
       docker push ${aws_ecr_repository.lambda_image.repository_url}:${var.image_tag}
     EOC
   }

modules/lambda-image-build/variables.tf

@@ -21,12 +21,6 @@ variable "image_tag" {
   default     = "latest"
 }
 
-variable "build_args" {
-  description = "Build arguments to pass to docker buildx."
-  type        = map(string)
-  default     = {}
-}
-
 variable "build_context_paths" {
   description = "Optional list of paths to hash for detecting build context changes."
   type        = list(string)