This is an example GitHub Actions workflow to continuously deploy a Lambda function.

example-lambda-gha.yml

name: example CICD

on:
  push:
    branches:
      - master
    paths:
      # only commits containing changes under these paths will trigger this workflow
      - 'services/example/**'
      - 'lib/example/**'
      - '.github/workflows/example.yml'
  pull_request:
    branches:
      - '*'
    paths:
      - 'services/example/**'
      - 'lib/example/**'
      - '.github/workflows/example.yml'

env:
  TF_IN_AUTOMATION: 'true'
  AWS_DEFAULT_REGION: 'us-east-1'
  TF_VAR_upload_key: lambda_uploads/example-${{ github.sha }}.zip
  TF_VAR_upload_bucket: YOUR_BUCKET

jobs:
  format:
    runs-on: ubuntu-latest
    name: Terraform Linting
    steps:
      - uses: actions/checkout@v2

      - name: Install tfenv
        run: |
          git clone https://github.com/tfutils/tfenv.git ~/.tfenv
          echo "$HOME/.tfenv/bin" >> $GITHUB_PATH

      - name: Install Terraform
        working-directory: services/example
        run: |
          tfenv install
          terraform --version

      - name: Linting
        working-directory: services/example
        run: |
          terraform fmt -no-color -check -list -recursive

  build:
    runs-on: ubuntu-latest
    name: Build
    env:
      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
    steps:
      - uses: actions/checkout@v2

      - name: Install python 3.7
        uses: actions/setup-python@v1
        with:
          python-version: '3.7.x'
          architecture: 'x64'

      - name: Requirements & Package
        working-directory: services/example
        run: |
          make venv
          . venv/bin/activate
          make package
          ls -la

      - name: Upload artifact to S3
        working-directory: services/example
        run: |
          # Upload to S3
          aws s3 cp lambda.zip s3://${TF_VAR_upload_bucket}/${TF_VAR_upload_key}
          # Apply a tag on the object, opting it into a lifecycle
          aws s3api put-object-tagging \
            --bucket ${TF_VAR_upload_bucket} \
            --key ${TF_VAR_upload_key} \
            --tagging '{"TagSet": [{"Key": "Lifecycle", "Value": "cicd_cleanup"}]}'

  terraform:
    needs: ['format', 'build']
    runs-on: ubuntu-latest
    name: Deploy
    env:
      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
      TF_WORKSPACE: 'dev'

    steps:
      - uses: actions/checkout@v2

      - name: Install tfenv
        run: |
          git clone https://github.com/tfutils/tfenv.git ~/.tfenv
          echo "$HOME/.tfenv/bin" >> $GITHUB_PATH

      - name: Install Terraform
        working-directory: services/example
        run: |
          tfenv install
          terraform --version

      - name: Init
        working-directory: services/example
        run: |
          terraform init -no-color -input=false
          terraform validate -no-color

      - name: Plan & Apply (Dev)
        if: github.event_name == 'pull_request'
        working-directory: services/example
        run: |
          terraform plan -no-color -input=false
          terraform apply -no-color -auto-approve -input=false

      - name: Plan & Apply (Prod)
        if: github.event_name == 'push'
        working-directory: services/example
        env:
          TF_WORKSPACE: 'prod'
        run: |
          terraform plan -no-color -input=false
          terraform apply -no-color -input=false -auto-approve

It should be noted that terraform is the main requirement here, the terraform apply step on 117/126 actually alter the running code.