Merge pull request #139 from ruby-no-kai/lambda

app runner -> lambda

Author: sorah

.github/workflows/ci.yml

@@ -17,7 +17,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: ruby/setup-ruby@v1
         with:
-          ruby-version: '3.2'
+          ruby-version: '3.4'
           bundler-cache: true
       - uses: aws-actions/configure-aws-credentials@v4
         with:
@@ -57,8 +57,10 @@ jobs:
           context: '.'
           push: true
           tags: "${{ steps.login-ecr.outputs.registry }}/rko-router:${{ github.sha }},${{ steps.login-ecr.outputs.registry }}/rko-router:latest"
-  deploy:
-    name: deploy
+
+  deploy-apprunner:
+    name: deploy-apprunner
+    if: "github.ref == 'refs/heads/master'"
     environment:
       name: apprunner-prod
       url: https://rko-router.rubykaigi.org
@@ -88,3 +90,27 @@ jobs:
           memory: '0.5' # GB
           port: "8080"
 
+  deploy-lambda:
+    name: deploy-lambda
+    if: "github.ref == 'refs/heads/master'"
+    environment:
+      name: lambda-prod
+      url: https://rko-router.rubykaigi.org
+    concurrency:
+      group: lambda-prod
+    permissions:
+      contents: read
+      id-token: write
+    runs-on: ubuntu-slim
+    needs:
+      - ci
+    steps:
+      - uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: "us-west-2"
+          role-skip-session-tagging: true
+          role-to-assume: "arn:aws:iam::005216166247:role/GhaRkoRouterDeploy"
+          mask-aws-account-id: 'false' # only string works
+      - run: 'aws lambda update-function-code --function-name rko-router --image-uri "$IMAGE_URI"'
+        env:
+          IMAGE_URI: "${{needs.ci.outputs.image-tag}}"

Dockerfile

@@ -1,11 +1,36 @@
-FROM public.ecr.aws/nginx/nginx:1.23
-RUN apt-get update \
-  && apt-get install -y --no-install-recommends ruby \
-  && rm -rf /var/lib/apt/lists/*
-COPY docker-entrypoint.d.sh /docker-entrypoint.d/rko-router.sh
-COPY config/nginx.conf.erb /etc/nginx/nginx.conf.erb
-COPY config/force_https.conf /etc/nginx/force_https.conf
-RUN /docker-entrypoint.d/rko-router.sh
-RUN nginx -c /etc/nginx/nginx.conf
+FROM public.ecr.aws/nginx/nginx:1.29
+
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
+    --mount=type=cache,target=/var/lib/apt,sharing=locked \
+     apt-get update \
+  && apt-get install -y --no-install-recommends ruby
+
+COPY --from=public.ecr.aws/awsguru/aws-lambda-adapter:0.9.1 /lambda-adapter /opt/extensions/lambda-adapter
+
+# Replace /etc/nginx with a temporary directory for Lambda, where /etc/nginx is read-only
+# /run is for /run/nginx.pid
+RUN mv /etc/nginx /etc/nginx.base \
+ && rm -rf /run && ln -s /tmp/run /run \
+ && ln -s /tmp/run/etc-nginx /etc/nginx \
+ && rm -rf /etc/nginx.base/conf.d/default.conf \
+ && rm -v /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh # We don't use conf.d/default.conf
+
+COPY config/nginx.conf.erb /etc/nginx.base/nginx.conf.erb
+COPY config/github_pages.conf /etc/nginx.base/github_pages.conf
+COPY config/force_https.conf /etc/nginx.base/force_https.conf
+
+COPY docker/entrypoint.d/00-rk-tmp-etc-nginx.sh /docker-entrypoint.d/
+COPY docker/entrypoint.d/90-rko-router.sh /docker-entrypoint.d/
+
+ENV AWS_LWA_PORT 8080
+ENV AWS_LWA_READINESS_CHECK_PATH /healthz
+ENV AWS_LWA_PASS_THROUGH_PATH /_events
+
 ENV PRIMARY_HOST rko-router.rubykaigi.org
+
+RUN --mount=type=tmpfs,target=/tmp/run \
+    /docker-entrypoint.d/00-rk-tmp-etc-nginx.sh \
+ && /docker-entrypoint.d/90-rko-router.sh \
+ && nginx -c /etc/nginx/nginx.conf
+
 EXPOSE 8080

config/github_pages.conf

@@ -0,0 +1,13 @@
+proxy_hide_header age;
+proxy_hide_header via;
+proxy_hide_header x-cache-hits;
+proxy_hide_header x-cache;
+proxy_hide_header x-proxy-cache;
+proxy_hide_header x-timer;
+proxy_hide_header x-fastly-request-id;
+proxy_hide_header x-github-request-id;
+proxy_hide_header x-served-by;
+
+add_header via "1.1 rko-router.rubykaigi.org";
+add_header x-rk-ghp "fi=\"$upstream_http_x_fastly_request_id\",fs=\"$upstream_http_x_served_by\",ghi=\"$upstream_http_x_github_request_id\",cache=\"$upstream_http_x_cache\",cache-hits=\"$upstream_http_x_cache_hits\"";
+add_header server-timing "rko-router;dur=$upstream_response_time,$fastly_timer_as_server_timing";