Merge pull request #100 from ruby-no-kai/lambda

App Runner → Lambda

Author: sorah

.github/workflows/ci.yml

@@ -34,28 +34,25 @@ jobs:
         uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1
       - run: "echo '${{ github.sha }}' > REVISION"
       - name: 'Build Docker image'
-        uses: 'docker/build-push-action@1104d471370f9806843c095c1db02b5a90c5f8b6' # v3.3.1
-        with:
-          context: '.'
-          load: true
-          tags: "sponsor-app-test:latest,${{ steps.login-ecr.outputs.registry }}/sponsor-app:${{ github.sha }},${{ steps.login-ecr.outputs.registry }}/sponsor-app:latest"
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-      - name: 'Push Docker image'
         uses: 'docker/build-push-action@1104d471370f9806843c095c1db02b5a90c5f8b6' # v3.3.1
         with:
           context: '.'
           push: true
           tags: "${{ steps.login-ecr.outputs.registry }}/sponsor-app:${{ github.sha }},${{ steps.login-ecr.outputs.registry }}/sponsor-app:latest"
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          # prevent manifest from being pushed instead of image on the specified tags for Lambda
+          provenance: false
+          sbom: false
 
   deploy-prod:
     if: "${{ success() && github.event_name == 'push' && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main') }}"
     name: deploy-prod
-    needs: ["build"]
+    needs: ["build", "test"]
     permissions:
       contents: read
       id-token: write
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-slim
     concurrency:
       group: production
       cancel-in-progress: true
@@ -64,24 +61,20 @@ jobs:
       url: https://sponsorships.rubykaigi.org
     env:
       BUNDLE_GEMFILE: "${{ github.workspace }}/deploy/Gemfile"
+      IMAGE_URI: "${{ needs.build.outputs.image-tag }}"
     steps:
-      - run: 'false' # disable temporarily
       - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
       - uses: ruby/setup-ruby@d5126b9b3579e429dd52e51e68624dda2e05be25 # v1.267.0
         with:
-          ruby-version: '3.2'
+          ruby-version: '3.4'
           bundler-cache: true
-      - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2
       - uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1
         with:
           aws-region: "us-west-2"
           role-skip-session-tagging: true
           role-to-assume: "arn:aws:iam::005216166247:role/GhaSponsorDeploy"
           mask-aws-account-id: false
-      - name: 'Run pre-deploy task'
-        run: "bundle exec hako oneshot --tag '${{ github.sha }}' ./deploy/hako/sponsor-app-batch.jsonnet bundle exec rake db:migrate"
-      - name: "Deploy sponsor-app-worker (ECS)"
-        run: "bundle exec hako deploy --tag '${{ github.sha }}' ./deploy/hako/sponsor-app-worker.jsonnet"
-      - name: "Deploy sponsor-app (App Runner)"
-        working-directory: '${{ github.workspace }}/tf/'
-        run: "terraform init && terraform apply -target=aws_apprunner_service.prd -auto-approve"
+      - run: 'aws lambda update-function-code --function-name sponsor-app-runner-prd --image-uri "$IMAGE_URI" && aws lambda wait function-updated --function-name sponsor-app-runner-prd'
+      - run: 'bundle exec ./deploy/lambrunner.rb sponsor-app-runner-prd bundle exec rake db:migrate'
+      - run: 'aws lambda update-function-code --function-name sponsor-app-lambdakiq-prd --image-uri "$IMAGE_URI" && aws lambda wait function-updated --function-name sponsor-app-lambdakiq-prd'
+      - run: 'aws lambda update-function-code --function-name sponsor-app-web-prd --image-uri "$IMAGE_URI" && aws lambda wait function-updated --function-name sponsor-app-web-prd'

Dockerfile

@@ -27,7 +27,13 @@ WORKDIR /app
 COPY Gemfile /app/
 COPY Gemfile.lock /app/
 
-RUN bundle install --path /gems --jobs 100 --deployment --without development:test
+RUN bundle config set deployment true \
+ && bundle config set without development:test \
+ && bundle config set path /gems \
+ && true
+ENV BUNDLE_JOBS=100
+RUN bundle install
+RUN bundle binstubs bundler aws_lambda_ric --force --path /usr/local/bin
 
 ###
 
@@ -39,11 +45,16 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked --mount=type=cache,t
  && rm -rf /var/lib/apt/lists/*
 
 WORKDIR /app
+RUN ln -s /tmp/apptmp /app/tmp
 COPY --from=builder /gems /gems
 COPY --from=builder /app/.bundle /app/.bundle
+COPY --from=builder /usr/local/bin/bundle /usr/local/bin/aws_lambda_ric /usr/local/bin
 COPY --from=nodebuilder /app/public/vite /app/public/vite
 COPY . /app/
+COPY config/lambda_entrypoint.sh /lambda_entrypoint.sh
+COPY config/docker_entrypoint.sh /docker_entrypoint.sh
 
 ENV PORT 3000
 ENV LANG C.UTF-8
+ENTRYPOINT ["/docker_entrypoint.sh"]
 CMD ["bundle", "exec", "puma", "-C", "config/puma.rb"]

Gemfile

@@ -12,6 +12,7 @@ gem 'commonmarker'
 gem 'aws-sdk-core' # STS
 gem 'aws-sdk-s3'
 gem 'aws-sdk-sqs'
+gem 'aws-sdk-ssm'
 gem 'omniauth'
 gem 'omniauth-github'
 gem 'octokit'
@@ -25,6 +26,7 @@ gem 'rexml', require: false # letter-opener
 gem 'jsonnet', require: false
 
 gem 'shoryuken'
+gem 'lambdakiq'
 
 gem 'jbuilder', '~> 2.9'
 gem 'haml'
@@ -37,10 +39,13 @@ gem "sentry-ruby"
 gem "sentry-rails"
 gem 'rails_semantic_logger'
 
-gem 'puma'
+gem 'puma', require: false
+gem 'aws_lambda_ric', require: false
+gem 'apigatewayv2_rack'
+
+gem 'open3', require: false
 
 group :production do
-  gem 'barnes'
 end
 
 group :development, :test do

Gemfile.lock

@@ -77,6 +77,10 @@ GEM
       uri (>= 0.13.1)
     addressable (2.8.7)
       public_suffix (>= 2.0.2, < 7.0)
+    apigatewayv2_rack (0.4.0)
+      base64
+      rack
+      stringio
     aws-eventstream (1.4.0)
     aws-partitions (1.1182.0)
     aws-sdk-core (3.237.0)
@@ -97,11 +101,12 @@ GEM
     aws-sdk-sqs (1.106.0)
       aws-sdk-core (~> 3, >= 3.234.0)
       aws-sigv4 (~> 1.5)
+    aws-sdk-ssm (1.206.0)
+      aws-sdk-core (~> 3, >= 3.234.0)
+      aws-sigv4 (~> 1.5)
     aws-sigv4 (1.12.1)
       aws-eventstream (~> 1, >= 1.0.2)
-    barnes (0.0.9)
-      multi_json (~> 1)
-      statsd-ruby (~> 1.1)
+    aws_lambda_ric (3.1.3)
     base64 (0.3.0)
     bigdecimal (3.3.1)
     builder (3.3.0)
@@ -178,6 +183,11 @@ GEM
       mini_portile2 (>= 2.2.0)
     jwt (3.1.2)
       base64
+    lambdakiq (2.3.0)
+      activejob
+      aws-sdk-sqs
+      concurrent-ruby
+      railties
     launchy (3.1.1)
       addressable (~> 2.8)
       childprocess (~> 5.0)
@@ -206,7 +216,6 @@ GEM
     mini_mime (1.1.5)
     mini_portile2 (2.8.9)
     minitest (5.26.1)
-    multi_json (1.17.0)
     multi_xml (0.7.2)
       bigdecimal (~> 3.1)
     multipart-post (2.4.1)
@@ -246,6 +255,7 @@ GEM
     omniauth-oauth2 (1.8.0)
       oauth2 (>= 1.4, < 3)
       omniauth (~> 2.0)
+    open3 (0.2.1)
     openssl (3.3.2)
     pg (1.6.2)
     pp (0.6.3)
@@ -372,7 +382,6 @@ GEM
     snaky_hash (2.0.3)
       hashie (>= 0.1.0, < 6)
       version_gem (>= 1.1.8, < 3)
-    statsd-ruby (1.5.0)
     stringio (3.1.8)
     temple (0.10.4)
     thor (1.4.0)
@@ -404,10 +413,12 @@ PLATFORMS
 
 DEPENDENCIES
   addressable
+  apigatewayv2_rack
   aws-sdk-core
   aws-sdk-s3
   aws-sdk-sqs
-  barnes
+  aws-sdk-ssm
+  aws_lambda_ric
   commonmarker
   connection_pool
   factory_bot_rails
@@ -419,12 +430,14 @@ DEPENDENCIES
   jbuilder (~> 2.9)
   jsonnet
   jwt
+  lambdakiq
   letter_opener_web
   listen
   nokogiri
   octokit
   omniauth
   omniauth-github
+  open3
   openssl
   pg (>= 0.18, < 2.0)
   premailer-rails

config.ru

@@ -1,6 +1,9 @@
-# This file is used by Rack-based servers to start the application.
-
 require_relative "config/environment"
 
+if ENV['AWS_LAMBDA_FUNCTION_NAME']
+  use Apigatewayv2Rack::Middlewares::CloudfrontVerify, ENV['CLOUDFRONT_VERIFY'] if ENV['CLOUDFRONT_VERIFY']
+  use Apigatewayv2Rack::Middlewares::CloudfrontXff
+end
+
 run Rails.application
 Rails.application.load_server

config/application.rb

@@ -42,5 +42,23 @@ class Application < Rails::Application
     config.i18n.default_locale = :en
     config.i18n.available_locales = [:en, :ja]
     config.i18n.fallbacks = [:en]
+
+    begin
+      config.semantic_logger.application = "sponsor-app"
+      config.semantic_logger.environment = Rails.env
+      config.rails_semantic_logger.started = :info
+
+      config.log_tags = {
+        request_id: :request_id,
+        method: :request_method,
+        path: :path_info,
+        ip: :ip,
+      }
+
+      if ENV["RAILS_LOG_TO_STDOUT"].present?
+        config.rails_semantic_logger.add_file_appender = false
+        config.semantic_logger.add_appender(io: $stdout, formatter: :json)
+      end
+    end
   end
 end

config/boot.rb

@@ -1,3 +1,5 @@
 ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__)
 
 require "bundler/setup" # Set up gems listed in the Gemfile.
+
+require_relative 'lambda_boot' if ENV['AWS_LAMBDA_FUNCTION_NAME']

config/docker_entrypoint.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+mkdir -p /tmp/apptmp
+exec "$@"

config/environments/development.rb

@@ -30,11 +30,8 @@
   # Change to :null_store to avoid any caching.
   config.cache_store = :memory_store
 
-  config.active_job.queue_adapter = :inline
-  if ENV['ENABLE_SIDEKIQ']
-    config.active_job.queue_name_prefix = "sponsor_app"
-    config.active_job.queue_adapter = :sidekiq
-  end
+  # see also config/initializers/active_job.rb
+  # config.active_job.queue_adapter = :inline
 
   if ENV['MAILGUN_SMTP_PASSWORD']
     config.action_mailer.smtp_settings = {

config/environments/production.rb

@@ -75,9 +75,8 @@
     secure: true,
   )
 
-  # Use a real queuing backend for Active Job (and separate queues per environment)
-  config.active_job.queue_adapter = ENV.fetch('ENABLE_SHORYUKEN', '1') == '1' ? :shoryuken : :inline
-  # config.active_job.queue_name_prefix = "sponsor_app2_production"
+  # see also config/initializers/active_job.rb
+  # config.active_job.queue_adapter = :inline
 
   # Disable caching for Action Mailer templates even if Action Controller
   # caching is enabled.