diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f1d25a8b..8799084e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -269,9 +269,9 @@ jobs: name: build-artifact path: .repo - name: Build lambda - run: docker build -t cdk-ecr-deployment-lambda --build-arg _GOPROXY="https://goproxy.io|https://goproxy.cn|direct" lambda && docker run -v $PWD/lambda:/out cdk-ecr-deployment-lambda cp /asset/main /out && echo $(sha256sum lambda/main | awk '{ print $1 }') > lambda/main.sha256 + run: docker build -t cdk-ecr-deployment-lambda --build-arg GOPROXY="https://goproxy.io|https://goproxy.cn|direct" lambda && docker run -v $PWD/lambda:/out cdk-ecr-deployment-lambda cp /asset/bootstrap /out && echo $(sha256sum lambda/bootstrap | awk '{ print $1 }') > lambda/bootstrap.sha256 - name: Release lambda env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_REPOSITORY: ${{ github.repository }} - run: "gh release upload --clobber -R $GITHUB_REPOSITORY v$(cat .repo/dist/version.txt) lambda/main lambda/main.sha256 " + run: "gh release upload --clobber -R $GITHUB_REPOSITORY v$(cat .repo/dist/version.txt) lambda/bootstrap lambda/bootstrap.sha256 " diff --git a/.projen/tasks.json b/.projen/tasks.json index dad93384..d183502b 100644 --- a/.projen/tasks.json +++ b/.projen/tasks.json @@ -269,7 +269,7 @@ "description": "Prepare a release from \"main\" branch", "env": { "RELEASE": "true", - "MAJOR": "2" + "MAJOR": "3" }, "steps": [ { diff --git a/.projenrc.ts b/.projenrc.ts index 925e9328..07183458 100644 --- a/.projenrc.ts +++ b/.projenrc.ts @@ -13,7 +13,7 @@ const project = new CdklabsConstructLibrary({ cdkVersion: '2.0.0', cdkVersionPinning: false, defaultReleaseBranch: 'main', - majorVersion: 2, + majorVersion: 3, enablePRAutoMerge: true, name: 'cdk-ecr-deployment', projenrcTs: true, @@ -75,16 +75,16 @@ project.release?.addJobs({ { name: 'Build lambda', run: [ - 'docker build -t cdk-ecr-deployment-lambda --build-arg _GOPROXY="https://goproxy.io|https://goproxy.cn|direct" lambda', - 'docker run -v $PWD/lambda:/out cdk-ecr-deployment-lambda cp /asset/main /out', - 'echo $(sha256sum lambda/main | awk \'{ print $1 }\') > lambda/main.sha256', + 'docker build -t cdk-ecr-deployment-lambda --build-arg GOPROXY="https://goproxy.io|https://goproxy.cn|direct" lambda', + 'docker run -v $PWD/lambda:/out cdk-ecr-deployment-lambda cp /asset/bootstrap /out', + 'echo $(sha256sum lambda/bootstrap | awk \'{ print $1 }\') > lambda/bootstrap.sha256', ].join(' && '), }, { name: 'Release lambda', // For some reason, need '--clobber' otherwise we always get errors that these files already exist. They're probably // uploaded elsewhere but TBH I don't know where so just add this flag to make it not fail. - run: 'gh release upload --clobber -R $GITHUB_REPOSITORY v$(cat .repo/dist/version.txt) lambda/main lambda/main.sha256 ', + run: 'gh release upload --clobber -R $GITHUB_REPOSITORY v$(cat .repo/dist/version.txt) lambda/bootstrap lambda/bootstrap.sha256 ', env: { GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}', GITHUB_REPOSITORY: '${{ github.repository }}', diff --git a/README.md b/README.md index 3f3a4dab..3e7d92cc 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,7 @@ Enable flags: `true`, `1`. e.g. `export CI=1` ⚠️ If you want to force using prebuilt lambda in CI environment to reduce build time. Try `export FORCE_PREBUILT_LAMBDA=1`. -⚠️ The above flags are only available in cdk-ecr-deployment 2.x. +⚠️ The above flags are only available in cdk-ecr-deployment 2.x and 3.x. ## Examples diff --git a/lambda/.dockerignore b/lambda/.dockerignore index 21b0a79f..1f766ca2 100644 --- a/lambda/.dockerignore +++ b/lambda/.dockerignore @@ -4,6 +4,6 @@ node_modules coverage test-reports **/*.md -main -main.sha256 +bootstrap +bootstrap.sha256 cdk.out \ No newline at end of file diff --git a/lambda/Dockerfile b/lambda/Dockerfile index ae90a5ee..1e6c581d 100644 --- a/lambda/Dockerfile +++ b/lambda/Dockerfile @@ -1,28 +1,16 @@ # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 -ARG buildImage=public.ecr.aws/sam/build-go1.x:latest - -FROM ${buildImage} +ARG buildImage=golang:1 +FROM ${buildImage} as build USER root -RUN yum -y install \ - gpgme-devel \ - btrfs-progs-devel \ - device-mapper-devel \ - libassuan-devel \ - libudev-devel - -# In https://github.com/aws/aws-sam-build-images/blob/0a39eebc0d1d462afbe155d4e6a4cbcb12888847/build-image-src/Dockerfile-go1x#L29 -# already defined GOPROXY env. -# To avoid naming conflict which will lead to weird error like https://github.com/laradock/laradock/issues/2618 -# , use the following name instead -ARG _GOPROXY +ARG GOPROXY ENV GOOS=linux \ GOARCH=amd64 \ GO111MODULE=on \ - GOPROXY="${_GOPROXY}" + GOPROXY="${GOPROXY}" WORKDIR /ws @@ -35,6 +23,4 @@ RUN go env COPY . /ws RUN mkdir -p /asset/ && \ - make OUTPUT=/asset/main && \ - file /asset/main && \ - ls -lh /asset/main + make OUTPUT=/asset/bootstrap diff --git a/lambda/Makefile b/lambda/Makefile index b9c62116..2b4f2314 100644 --- a/lambda/Makefile +++ b/lambda/Makefile @@ -18,7 +18,7 @@ ifeq ($(GOOS), linux) endif endif -BUILDTAGS := exclude_graphdriver_devicemapper exclude_graphdriver_btrfs containers_image_openpgp +BUILDTAGS := exclude_graphdriver_devicemapper exclude_graphdriver_btrfs containers_image_openpgp lambda.norpc OUTPUT ?= cdk-ecr-deployment-handler all: test lambda diff --git a/lambda/install.js b/lambda/install.js index 9e2068e4..b4bc48a2 100644 --- a/lambda/install.js +++ b/lambda/install.js @@ -52,8 +52,8 @@ async function download(url, dest, agent) { agent.https = process.env.HTTPS_PROXY ? new HttpsProxyAgent({proxy: process.env.HTTPS_PROXY}): undefined; agent.http = process.env.HTTP_PROXY ? new HttpProxyAgent({proxy: process.env.HTTP_PROXY}): undefined; - await download(`${rootUrl}/releases/download/v${version}/main`, bin, agent); - const expectedIntegrity = (await got(`${rootUrl}/releases/download/v${version}/main.sha256`, { agent })).body.trim(); + await download(`${rootUrl}/releases/download/v${version}/bootstrap`, bin, agent); + const expectedIntegrity = (await got(`${rootUrl}/releases/download/v${version}/bootstrap.sha256`, { agent })).body.trim(); const integrity = await sha256sum(bin); if (integrity !== expectedIntegrity) { diff --git a/src/index.ts b/src/index.ts index 0b208f5d..388ed888 100644 --- a/src/index.ts +++ b/src/index.ts @@ -139,9 +139,9 @@ export class ECRDeployment extends Construct { const memoryLimit = props.memoryLimit ?? 512; this.handler = new lambda.SingletonFunction(this, 'CustomResourceHandler', { uuid: this.renderSingletonUuid(memoryLimit), - code: getCode(props.buildImage ?? 'public.ecr.aws/sam/build-go1.x:latest'), - runtime: lambda.Runtime.GO_1_X, - handler: 'main', + code: getCode(props.buildImage ?? 'golang:1'), + runtime: lambda.Runtime.PROVIDED_AL2023, + handler: 'bootstrap', environment: props.environment, lambdaPurpose: 'Custom::CDKECRDeployment', timeout: Duration.minutes(15), diff --git a/test/lambda/Dockerfile b/test/lambda/Dockerfile index d0cd30e4..51fa4752 100644 --- a/test/lambda/Dockerfile +++ b/test/lambda/Dockerfile @@ -1,27 +1,16 @@ # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 - -FROM public.ecr.aws/sam/build-go1.x:latest +ARG buildImage=golang:1 +FROM ${buildImage} as build USER root -RUN yum -y install \ - gpgme-devel \ - btrfs-progs-devel \ - device-mapper-devel \ - libassuan-devel \ - libudev-devel - -# In https://github.com/aws/aws-sam-build-images/blob/0a39eebc0d1d462afbe155d4e6a4cbcb12888847/build-image-src/Dockerfile-go1x#L29 -# already defined GOPROXY env. -# To avoid naming conflict which will lead to weird error like https://github.com/laradock/laradock/issues/2618 -# , use the following name instead -ARG _GOPROXY +ARG GOPROXY ENV GOOS=linux \ GOARCH=amd64 \ GO111MODULE=on \ - GOPROXY="${_GOPROXY}" + GOPROXY="${GOPROXY}" ADD . /opt/awscli diff --git a/test/lambda/test.sh b/test/lambda/test.sh index 0a2a2238..3e557410 100755 --- a/test/lambda/test.sh +++ b/test/lambda/test.sh @@ -21,4 +21,4 @@ cp -vf ${scriptdir}/* $PWD # this will run our tests inside the right environment docker version -docker build --progress plain --build-arg _GOPROXY="https://goproxy.io|https://goproxy.cn|direct" . \ No newline at end of file +docker build --progress plain --build-arg GOPROXY="https://goproxy.io|https://goproxy.cn|direct" . \ No newline at end of file