From 704f7fab6fbc6a1afd6e22c3ed883cff24dbb10e Mon Sep 17 00:00:00 2001 From: Sam Stephens Date: Tue, 19 Dec 2023 03:08:44 +1300 Subject: [PATCH] fix: Use Amazon Linux 2 provided runtime (#424) * Use AL2023 Lambda runtime As the Go runtime is deprecated. As part of this change, the compiled Go binary main is renamed to bootstrap, as that is the name that the AL2023 Lambda runtime expects. We now build using the standard Go Docker image, as the AWS Lambda Go image is deprecated. It's important to note that the Dockerfile in the lambda/ folder is not used as part of the runtime at all. It's only function is to produce the /asset/bootstrap binary that is then uploaded to Lambda and used with the AL2023 runtime. This was the case before this change, except it used to produce /asset/main to use with the GO runtime. * Rename _GOPROXY to GOPROXY Now we're no longer building using the AWS build image, there's no conflict with that image if we use GOPROXY. * Fix Release lambda Github step The rename from main to bootstrap was missed from this step. * Use golang:1 as the build Go image So we're tracking the latest 1.x Go version, like we were when we were using public.ecr.aws/sam/build-go1.x:latest. * Update major version Update the major version to 3, as changing the base build image is a breaking change. Run `npx projen`. * Update readme * update tasks.json --------- Co-authored-by: Parker Scanlon <69879391+scanlonp@users.noreply.github.com> --- .github/workflows/release.yml | 4 ++-- .projen/tasks.json | 2 +- .projenrc.ts | 10 +++++----- README.md | 2 +- lambda/.dockerignore | 4 ++-- lambda/Dockerfile | 24 +++++------------------- lambda/Makefile | 2 +- lambda/install.js | 4 ++-- src/index.ts | 6 +++--- test/lambda/Dockerfile | 19 ++++--------------- test/lambda/test.sh | 2 +- 11 files changed, 27 insertions(+), 52 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f1d25a8b..8799084e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -269,9 +269,9 @@ jobs: name: build-artifact path: .repo - name: Build lambda - run: docker build -t cdk-ecr-deployment-lambda --build-arg _GOPROXY="https://goproxy.io|https://goproxy.cn|direct" lambda && docker run -v $PWD/lambda:/out cdk-ecr-deployment-lambda cp /asset/main /out && echo $(sha256sum lambda/main | awk '{ print $1 }') > lambda/main.sha256 + run: docker build -t cdk-ecr-deployment-lambda --build-arg GOPROXY="https://goproxy.io|https://goproxy.cn|direct" lambda && docker run -v $PWD/lambda:/out cdk-ecr-deployment-lambda cp /asset/bootstrap /out && echo $(sha256sum lambda/bootstrap | awk '{ print $1 }') > lambda/bootstrap.sha256 - name: Release lambda env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_REPOSITORY: ${{ github.repository }} - run: "gh release upload --clobber -R $GITHUB_REPOSITORY v$(cat .repo/dist/version.txt) lambda/main lambda/main.sha256 " + run: "gh release upload --clobber -R $GITHUB_REPOSITORY v$(cat .repo/dist/version.txt) lambda/bootstrap lambda/bootstrap.sha256 " diff --git a/.projen/tasks.json b/.projen/tasks.json index dad93384..d183502b 100644 --- a/.projen/tasks.json +++ b/.projen/tasks.json @@ -269,7 +269,7 @@ "description": "Prepare a release from \"main\" branch", "env": { "RELEASE": "true", - "MAJOR": "2" + "MAJOR": "3" }, "steps": [ { diff --git a/.projenrc.ts b/.projenrc.ts index 925e9328..07183458 100644 --- a/.projenrc.ts +++ b/.projenrc.ts @@ -13,7 +13,7 @@ const project = new CdklabsConstructLibrary({ cdkVersion: '2.0.0', cdkVersionPinning: false, defaultReleaseBranch: 'main', - majorVersion: 2, + majorVersion: 3, enablePRAutoMerge: true, name: 'cdk-ecr-deployment', projenrcTs: true, @@ -75,16 +75,16 @@ project.release?.addJobs({ { name: 'Build lambda', run: [ - 'docker build -t cdk-ecr-deployment-lambda --build-arg _GOPROXY="https://goproxy.io|https://goproxy.cn|direct" lambda', - 'docker run -v $PWD/lambda:/out cdk-ecr-deployment-lambda cp /asset/main /out', - 'echo $(sha256sum lambda/main | awk \'{ print $1 }\') > lambda/main.sha256', + 'docker build -t cdk-ecr-deployment-lambda --build-arg GOPROXY="https://goproxy.io|https://goproxy.cn|direct" lambda', + 'docker run -v $PWD/lambda:/out cdk-ecr-deployment-lambda cp /asset/bootstrap /out', + 'echo $(sha256sum lambda/bootstrap | awk \'{ print $1 }\') > lambda/bootstrap.sha256', ].join(' && '), }, { name: 'Release lambda', // For some reason, need '--clobber' otherwise we always get errors that these files already exist. They're probably // uploaded elsewhere but TBH I don't know where so just add this flag to make it not fail. - run: 'gh release upload --clobber -R $GITHUB_REPOSITORY v$(cat .repo/dist/version.txt) lambda/main lambda/main.sha256 ', + run: 'gh release upload --clobber -R $GITHUB_REPOSITORY v$(cat .repo/dist/version.txt) lambda/bootstrap lambda/bootstrap.sha256 ', env: { GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}', GITHUB_REPOSITORY: '${{ github.repository }}', diff --git a/README.md b/README.md index 3f3a4dab..3e7d92cc 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,7 @@ Enable flags: `true`, `1`. e.g. `export CI=1` ⚠️ If you want to force using prebuilt lambda in CI environment to reduce build time. Try `export FORCE_PREBUILT_LAMBDA=1`. -⚠️ The above flags are only available in cdk-ecr-deployment 2.x. +⚠️ The above flags are only available in cdk-ecr-deployment 2.x and 3.x. ## Examples diff --git a/lambda/.dockerignore b/lambda/.dockerignore index 21b0a79f..1f766ca2 100644 --- a/lambda/.dockerignore +++ b/lambda/.dockerignore @@ -4,6 +4,6 @@ node_modules coverage test-reports **/*.md -main -main.sha256 +bootstrap +bootstrap.sha256 cdk.out \ No newline at end of file diff --git a/lambda/Dockerfile b/lambda/Dockerfile index ae90a5ee..1e6c581d 100644 --- a/lambda/Dockerfile +++ b/lambda/Dockerfile @@ -1,28 +1,16 @@ # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 -ARG buildImage=public.ecr.aws/sam/build-go1.x:latest - -FROM ${buildImage} +ARG buildImage=golang:1 +FROM ${buildImage} as build USER root -RUN yum -y install \ - gpgme-devel \ - btrfs-progs-devel \ - device-mapper-devel \ - libassuan-devel \ - libudev-devel - -# In https://github.com/aws/aws-sam-build-images/blob/0a39eebc0d1d462afbe155d4e6a4cbcb12888847/build-image-src/Dockerfile-go1x#L29 -# already defined GOPROXY env. -# To avoid naming conflict which will lead to weird error like https://github.com/laradock/laradock/issues/2618 -# , use the following name instead -ARG _GOPROXY +ARG GOPROXY ENV GOOS=linux \ GOARCH=amd64 \ GO111MODULE=on \ - GOPROXY="${_GOPROXY}" + GOPROXY="${GOPROXY}" WORKDIR /ws @@ -35,6 +23,4 @@ RUN go env COPY . /ws RUN mkdir -p /asset/ && \ - make OUTPUT=/asset/main && \ - file /asset/main && \ - ls -lh /asset/main + make OUTPUT=/asset/bootstrap diff --git a/lambda/Makefile b/lambda/Makefile index b9c62116..2b4f2314 100644 --- a/lambda/Makefile +++ b/lambda/Makefile @@ -18,7 +18,7 @@ ifeq ($(GOOS), linux) endif endif -BUILDTAGS := exclude_graphdriver_devicemapper exclude_graphdriver_btrfs containers_image_openpgp +BUILDTAGS := exclude_graphdriver_devicemapper exclude_graphdriver_btrfs containers_image_openpgp lambda.norpc OUTPUT ?= cdk-ecr-deployment-handler all: test lambda diff --git a/lambda/install.js b/lambda/install.js index 9e2068e4..b4bc48a2 100644 --- a/lambda/install.js +++ b/lambda/install.js @@ -52,8 +52,8 @@ async function download(url, dest, agent) { agent.https = process.env.HTTPS_PROXY ? new HttpsProxyAgent({proxy: process.env.HTTPS_PROXY}): undefined; agent.http = process.env.HTTP_PROXY ? new HttpProxyAgent({proxy: process.env.HTTP_PROXY}): undefined; - await download(`${rootUrl}/releases/download/v${version}/main`, bin, agent); - const expectedIntegrity = (await got(`${rootUrl}/releases/download/v${version}/main.sha256`, { agent })).body.trim(); + await download(`${rootUrl}/releases/download/v${version}/bootstrap`, bin, agent); + const expectedIntegrity = (await got(`${rootUrl}/releases/download/v${version}/bootstrap.sha256`, { agent })).body.trim(); const integrity = await sha256sum(bin); if (integrity !== expectedIntegrity) { diff --git a/src/index.ts b/src/index.ts index 0b208f5d..388ed888 100644 --- a/src/index.ts +++ b/src/index.ts @@ -139,9 +139,9 @@ export class ECRDeployment extends Construct { const memoryLimit = props.memoryLimit ?? 512; this.handler = new lambda.SingletonFunction(this, 'CustomResourceHandler', { uuid: this.renderSingletonUuid(memoryLimit), - code: getCode(props.buildImage ?? 'public.ecr.aws/sam/build-go1.x:latest'), - runtime: lambda.Runtime.GO_1_X, - handler: 'main', + code: getCode(props.buildImage ?? 'golang:1'), + runtime: lambda.Runtime.PROVIDED_AL2023, + handler: 'bootstrap', environment: props.environment, lambdaPurpose: 'Custom::CDKECRDeployment', timeout: Duration.minutes(15), diff --git a/test/lambda/Dockerfile b/test/lambda/Dockerfile index d0cd30e4..51fa4752 100644 --- a/test/lambda/Dockerfile +++ b/test/lambda/Dockerfile @@ -1,27 +1,16 @@ # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 - -FROM public.ecr.aws/sam/build-go1.x:latest +ARG buildImage=golang:1 +FROM ${buildImage} as build USER root -RUN yum -y install \ - gpgme-devel \ - btrfs-progs-devel \ - device-mapper-devel \ - libassuan-devel \ - libudev-devel - -# In https://github.com/aws/aws-sam-build-images/blob/0a39eebc0d1d462afbe155d4e6a4cbcb12888847/build-image-src/Dockerfile-go1x#L29 -# already defined GOPROXY env. -# To avoid naming conflict which will lead to weird error like https://github.com/laradock/laradock/issues/2618 -# , use the following name instead -ARG _GOPROXY +ARG GOPROXY ENV GOOS=linux \ GOARCH=amd64 \ GO111MODULE=on \ - GOPROXY="${_GOPROXY}" + GOPROXY="${GOPROXY}" ADD . /opt/awscli diff --git a/test/lambda/test.sh b/test/lambda/test.sh index 0a2a2238..3e557410 100755 --- a/test/lambda/test.sh +++ b/test/lambda/test.sh @@ -21,4 +21,4 @@ cp -vf ${scriptdir}/* $PWD # this will run our tests inside the right environment docker version -docker build --progress plain --build-arg _GOPROXY="https://goproxy.io|https://goproxy.cn|direct" . \ No newline at end of file +docker build --progress plain --build-arg GOPROXY="https://goproxy.io|https://goproxy.cn|direct" . \ No newline at end of file