'package' command should be able to create deterministic zip archives

[Dreamescaper]

We create zip archives for our lambdas using "dotnet lambda package" command, and then use "cdk deploy" to deploy them to our environments. Currently this has an issue - created zip archives contain timestamps, therefore those archives are different for each build, and therefore CDK deploys them each time even if nothing is changed.

As a workaround, currently we provide custom AssetHash (based on archive content), but I'd prefer to remove it.

Describe the Feature

'package' command should produce zip archives with striped timestamps and with consistent order.

Is your Feature Request related to a problem?

Slower CDK deployments.

Describe alternatives you've considered

Custom AssetHash.

Additional Context

This issue was actually solved in CDK itself: aws/aws-cdk#2931 . Probably same approach could be used.

---

This is a 🚀 Feature Request

[ashishdhingra]

Appears to be a valid feature request. May be introduce a flag to alter this behavior. Needs discussion with the team.

[lowkasen]

+1

[lowkasen]

What is the workaround for this issue?

I currently use:
source_code_hash = data.archive_file.zip_file.output_base64sha256

And this doesn't work and updates all the time when I build it

[DanielBickler]

This is a confusing issue when AWS's Lambda CDK C# documentation recommends using dotnet lambda package to build and deploy with CDK without warning that this is going to cause the Lambda to be updated every time CDK is deployed due to the package command's current behavior.

@lowkasen The workaround I found for anybody else who stumbles across this - I adapted from here which used the zip but it seemed better to me to use the file contents directly.

var lambdaCode = Code.FromAsset(pathToSourceCode,
    new Amazon.CDK.AWS.S3.Assets.AssetOptions {
        AssetHash = HashForZipContent(pathToSourceCode),
        AssetHashType = AssetHashType.CUSTOM,
        Bundling = new BundlingOptions {
            Image = Runtime.DOTNET_8.BundlingImage,
            User = "root",
            OutputType = BundlingOutput.ARCHIVED,
            Command = new[] {
                "/bin/sh",
                "-c",
                " dotnet tool install -g Amazon.Lambda.Tools" +
                " && dotnet build" +
                " && dotnet lambda package --output-package /asset-output/function.zip"
            }
        }
});

/* ... */

private static readonly string[] ValidExtensions = { ".cs", ".json", ".csproj" };
private static readonly string[] ExcludedDirs = { "bin", "obj" };

// Workaround for https://github.com/aws/aws-extensions-for-dotnet-cli/issues/195
private static string HashForZipContent(string directoryPath) {
        using var sha256 = SHA256.Create();
        using var fileHashes = new MemoryStream();
        
        var files = Directory.EnumerateFiles(directoryPath, "*.*", new EnumerationOptions 
            {
                // Could change this to parameter if some Lambdas grew in complexity to require extra directories
                RecurseSubdirectories = false,
                AttributesToSkip = FileAttributes.System
            })
            .Where(f => ValidExtensions.Contains(Path.GetExtension(f)) && 
                       !ExcludedDirs.Any(dir => 
                           f.Contains($"{Path.DirectorySeparatorChar}{dir}{Path.DirectorySeparatorChar}")))
            .OrderBy(f => f);
        
        foreach (var filePath in files)
        {
            using var fileStream = File.OpenRead(filePath);
            var fileHash = sha256.ComputeHash(fileStream);
            fileHashes.Write(fileHash, 0, fileHash.Length);
        }

        var finalHash = sha256.ComputeHash(fileHashes.ToArray());
        return Convert.ToBase64String(finalHash);
}