hedge/serverless-versait.yml at master · rollthecloudinc/hedge · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
service: goclassifieds-versait-api
frameworkVersion: '3'
plugins:
  - serverless-prune-plugin
  - serverless-custom-packaging-plugin
custom:
  githubToken: ${file(./private.${opt:stage, 'dev'}.json):githubToken}
  versaitUsername: ${file(./private.${opt:stage, 'dev'}.json):versaitUsername}
  webhookSecret: ${file(./private.${opt:stage, 'dev'}.json):webhookSecret}
  openAiApiKey: ${file(./private.${opt:stage, 'dev'}.json):openAiApiKey}
provider:
  name: aws
  runtime: provided.al2023
  memorySize: 512
  timeout: 45
  #logs:
    #websocket: true
  httpApi:
    payload: '1.0'
    cors: true
package:
  individually: true
resources:
  Resources:
    VersaitRole:
      Type: AWS::IAM::Role
      Properties:
        Path: "/"
        RoleName: verait-${opt:region, 'us-east-1'}-lambdaRole
        AssumeRolePolicyDocument:
          Version: '2012-10-17'
          Statement:
            - Effect: Allow
              Principal:
                Service:
                  - lambda.amazonaws.com
                  - apigateway.amazonaws.com
              Action: sts:AssumeRole
        ManagedPolicyArns:
          - arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole
        Policies:
          - PolicyName: goclassifieds-versait-api-lambda
            PolicyDocument:
              Version: '2012-10-17'
              Statement:
                - Effect: Allow
                  Action:
                    - logs:CreateLogGroup
                    - logs:CreateLogStream
                    - logs:PutLogEvents
                    - logs:DescribeLogGroups
                    - logs:DescribeLogStreams
                    - logs:GetLogEvents
                    - logs:FilterLogEvents
                  Resource:
                    - 'Fn::Join':
                      - ':'
                      -
                        - 'arn:aws:logs'
                        - Ref: 'AWS::Region'
                        - Ref: 'AWS::AccountId'
                        - 'log-group:/aws/lambda/*:*:*'
                - Effect: "Allow"
                  Action:
                    - "lambda:InvokeFunction"
                  Resource: "*"
                - Effect: "Allow"
                  Action:
                    - "execute-api:Invoke"
                    - "execute-api:ManageConnections"
                  Resource: "*"
functions:
  VersaitApi:
    handler: bootstrap
    role: VersaitRole
    package:
      path: bazel-bin/api/versait
      artifact: .serverless/VersaitApi.zip
      libs: api/entity
      include_globs:
        - "**/bootstrap"
        - "**/*.json.tmpl"
        - "**/*.pem"
    environment:
      GITHUB_TOKEN: ${self:custom.githubToken}
      VERSAIT_USERNAME: ${self:custom.versaitUsername}
      OPENAI_API_KEY: ${self:custom.openAiApiKey}
      #WEBHOOK_SECRET: ${self:custom.webhookSecret}
      STAGE: ${opt:stage, 'dev'}
    events:
      - httpApi:
          path: /versait/{proxy+}
          method: POST