Cubed Lithops Runtime Builder Template

Author: tomwhite

.github/workflows/build-runtime.yml

@@ -0,0 +1,64 @@
+name: Build and Deploy Lithops Runtime
+
+on:
+  push:
+    branches: [main]
+    paths:
+      - 'requirements.txt'
+      - '.lithops/config'
+  workflow_dispatch:
+
+permissions:
+  id-token: write
+  contents: read
+
+env:
+  PYTHON_VERSION: '3.12'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Read AWS region from config
+        id: config
+        run: |
+          region=$(python3 -c "
+          import configparser
+          c = configparser.ConfigParser()
+          c.read('.lithops/config')
+          print(c['aws']['region'].strip())
+          ")
+          echo "region=$region" >> $GITHUB_OUTPUT
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
+          aws-region: ${{ steps.config.outputs.region }}
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ env.PYTHON_VERSION }}
+
+      - name: Install Lithops
+        run: pip install 'lithops[aws]'
+
+      - name: Set runtime name
+        id: runtime
+        run: |
+          name=$(echo '${{ github.event.repository.name }}' | tr '[:upper:]' '[:lower:]' | sed 's/[^a-z0-9-]/-/g')
+          echo "name=$name" >> $GITHUB_OUTPUT
+
+      - name: Copy Lithops config
+        run: |
+          mkdir -p ~/.lithops
+          cp .lithops/config ~/.lithops/config
+
+      - name: Build runtime
+        run: lithops runtime build ${{ steps.runtime.outputs.name }} -b aws_lambda
+
+      - name: Deploy runtime
+        run: lithops runtime deploy ${{ steps.runtime.outputs.name }} -b aws_lambda

.lithops/config

@@ -0,0 +1,11 @@
+[lithops]
+backend = aws_lambda
+storage = aws_s3
+
+[aws]
+region = us-east-1
+
+[aws_lambda]
+execution_role = arn:aws:iam::ACCOUNT_ID:role/ROLE_NAME
+runtime_memory = 512
+runtime_timeout = 300

README.md

@@ -0,0 +1,63 @@
+# Lithops Runtime Builder
+
+A GitHub template repository for building and deploying custom [Lithops](https://lithops-cloud.github.io/) Lambda runtimes via CI — no local Docker required.
+
+When you push changes to `requirements.txt`, GitHub Actions builds a Docker image with your dependencies and deploys it as a Lambda container runtime.
+
+## Prerequisites
+
+- An AWS account
+- A GitHub account
+
+## Setup
+
+### 1. Create this repo from the template
+
+Click **Use this template** → **Create a new repository**.
+
+### 2. Bootstrap AWS
+
+You need an IAM role that GitHub Actions can assume via OIDC. Create the GitHub OIDC identity provider in your AWS account (if not already present), then create a role with a trust policy scoped to your repo:
+
+```json
+{
+  "Effect": "Allow",
+  "Principal": { "Federated": "arn:aws:iam::ACCOUNT_ID:oidc-provider/token.actions.githubusercontent.com" },
+  "Action": "sts:AssumeRoleWithWebIdentity",
+  "Condition": {
+    "StringLike": { "token.actions.githubusercontent.com:sub": "repo:YOUR_ORG/YOUR_REPO:*" }
+  }
+}
+```
+
+The role needs permissions for ECR, Lambda, S3, and (optionally) CodeBuild.
+
+### 3. Add the secret
+
+In your repo: **Settings → Secrets and variables → Actions → New repository secret**
+
+| Name | Value |
+|------|-------|
+| `AWS_ROLE_ARN` | `arn:aws:iam::ACCOUNT_ID:role/ROLE_NAME` |
+
+### 4. Edit `.lithops/config`
+
+Replace the placeholder values:
+
+```ini
+[aws]
+region = us-east-1          # your AWS region
+
+[aws_lambda]
+execution_role = arn:aws:iam::ACCOUNT_ID:role/ROLE_NAME   # Lambda execution role
+```
+
+### 5. Add your dependencies
+
+Edit `requirements.txt` and push — the CI pipeline builds and deploys your runtime automatically.
+
+The runtime is named after your repository (lowercased).
+
+## Manual trigger
+
+You can also trigger a build manually from **Actions → Build and Deploy Lithops Runtime → Run workflow**.

requirements.txt

@@ -0,0 +1 @@
+numpy