AWSTemplateFormatVersion: '2010-09-09' Transform: AWS::Serverless-2016-10-31 Parameters: StageName: Type: String Default: Prod Description: Name of the API stage. Resources: MyLambdaRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - lambda.amazonaws.com Action: sts:AssumeRole Policies: - PolicyName: LambdaS3PutObjectPolicy PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - s3:PutObject Resource: arn:aws:s3:::naputo-blog-source/* ManagedPolicyArns: - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole MyLambdaFunction: Type: AWS::Serverless::Function Properties: PackageType: Image ImageUri: 692859919890.dkr.ecr.ap-northeast-1.amazonaws.com/blog-deployment:latest Timeout: 30 MemorySize: 256 Environment: Variables: REPO_URL: "https://git.n-daisuke897.com/nakada0907/n-daisuke897-blog.git" REPO_BRANCH: "main" S3_BUCKET: "naputo-blog-source" S3_KEY: "source.zip" WEBHOOK_SECRET: Fn::Sub: - "{{resolve:secretsmanager:${SecretArn}:SecretString:secretNumber:AWSCURRENT}}" - SecretArn: Fn::ImportValue: SecretForWebhook-ARN Role: !GetAtt MyLambdaRole.Arn Events: ForgejoWebhook: Type: Api Properties: RestApiId: !Ref MyApi Path: /forgejo-webhook Method: POST MyApi: Type: AWS::Serverless::Api Properties: StageName: !Ref StageName EndpointConfiguration: REGIONAL DefinitionBody: openapi: "3.0.1" info: title: "Forgejo Webhook API" version: "1.0" paths: /forgejo-webhook: post: summary: "Trigger Lambda via Forgejo Webhook" x-amazon-apigateway-integration: uri: Fn::Sub: arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyLambdaFunction.Arn}/invocations httpMethod: POST type: aws_proxy responses: '200': description: "Successful response" '400': description: "Bad Request - Incorrect request payload format" '401': description: "Unauthorized - Signature verification failed" '500': description: "Server error - Deployment process failed"