feat: add Cloudformation template to make CodePipeline

2025-05-06 20:06:52 +09:00 · 2025-05-06 20:06:52 +09:00 · 5de667341c
commit 5de667341c
parent bba136cb12
2 changed files with 130 additions and 0 deletions
--- a/template-lambda-function.yaml
+++ b/template-lambda-function.yaml
@ -0,0 +1,88 @@
+AWSTemplateFormatVersion: '2010-09-09'
+Transform: AWS::Serverless-2016-10-31
+Parameters:
+  StageName:
+    Type: String
+    Default: Prod
+    Description: Name of the API stage.
+
+Resources:
+
+  MyLambdaRole:
+    Type: AWS::IAM::Role
+    Properties:
+      AssumeRolePolicyDocument:
+        Version: '2012-10-17'
+        Statement:
+          - Effect: Allow
+            Principal:
+              Service: 
+                - lambda.amazonaws.com
+            Action: sts:AssumeRole
+      Policies:
+        - PolicyName: LambdaS3PutObjectPolicy
+          PolicyDocument:
+            Version: '2012-10-17'
+            Statement:
+              - Effect: Allow
+                Action:
+                  - s3:PutObject
+                Resource: arn:aws:s3:::naputo-blog-source/*
+      ManagedPolicyArns:
+        - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
+
+  MyLambdaFunction:
+    Type: AWS::Serverless::Function
+    Properties:
+      PackageType: Image
+      ImageUri: 692859919890.dkr.ecr.ap-northeast-1.amazonaws.com/blog-deployment:latest
+      Timeout: 30
+      MemorySize: 256
+      Environment:
+        Variables:
+          REPO_URL: "https://git.n-daisuke897.com/nakada0907/n-daisuke897-blog.git"
+          REPO_BRANCH: "main"
+          S3_BUCKET: "naputo-blog-source"
+          S3_KEY: "source.zip"
+          WEBHOOK_SECRET: 
+            Fn::Sub:
+              - "{{resolve:secretsmanager:${SecretArn}:SecretString:secretNumber:AWSCURRENT}}"
+              - SecretArn: 
+                  Fn::ImportValue: SecretForWebhook-ARN
+      Role: !GetAtt MyLambdaRole.Arn
+      Events:
+        ForgejoWebhook:
+          Type: Api
+          Properties:
+            RestApiId: !Ref MyApi
+            Path: /forgejo-webhook
+            Method: POST
+
+  MyApi:
+    Type: AWS::Serverless::Api
+    Properties:
+      StageName: !Ref StageName
+      EndpointConfiguration: REGIONAL
+      DefinitionBody:
+        openapi: "3.0.1"
+        info:
+          title: "Forgejo Webhook API"
+          version: "1.0"
+        paths:
+          /forgejo-webhook:
+            post:
+              summary: "Trigger Lambda via Forgejo Webhook"
+              x-amazon-apigateway-integration:
+                uri:
+                  Fn::Sub: arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyLambdaFunction.Arn}/invocations
+                httpMethod: POST
+                type: aws_proxy
+              responses:
+                '200':
+                  description: "Successful response"
+                '400':
+                  description: "Bad Request - Incorrect request payload format"
+                '401':
+                  description: "Unauthorized - Signature verification failed"
+                '500':
+                  description: "Server error - Deployment process failed"