fix: Use Amazon Linux 2 provided runtime #424
Conversation
|
Thanks @SamStephens, I can try to test the changes myself this weekend |
|
Something to consider - should this change lead to a major version bump? I think it should, because it is potentially a backwards incompatible change for anyone specifying a custom |
|
I wonder if there is any use case where someone has to specify a custom base image other than edit: I think there might be actually... in case you don't want to use docker hub because of image pull rate limits |
|
I think the issue is more like if someone is currently specifying a build image other than |
|
@SamStephens I tested the changes in my local environment, using the CI flag on a test application (node js). I confirmed the lambda was deployed successfully with the new runtime. I also confirmed my application image was copied from the CDK asset repository to a custom ECR repository. If there are no other issues, I think we can proceed with the deployment. |
|
Thanks @fabiozig Before releasing this, someone should also decide if there should be a major version bump, and if so, work out what the procedure for doing a major version bump is. |
|
@SamStephens thanks for your work. I will think about the major version bump and what that would look like for our release. I am good to approve after I take one last thorough look through, but Friday will likely be the earliest that a release will happen. |
Head branch was pushed to by a user without write access
|
@scanlonp have you had a chance to look at this? We're running out of time to get this released before the end of year deprecation. Especially as we should probably try and give consumers of this package time to pick up this change before the Christmas/New Years period. |
|
I have, and I am ready to ship. Just need to configure the major version bump and we are good to go. |
Thanks @scanlonp. A thought: should we start with an RC version number or similar, something like |
I have some cycles to test this on real world scenarios via CodePipelines. |
|
@iOnline247 that'd be amazing if you could help @scanlonp . I can help if needed, but I'd prefer not to because I'm technically on leave for the rest of the year. |
I have a multitude of CDK projects that use this and have been following it closely. I'm not building from source, but a consumer. More than happy to pull in a version and kick the tires for some feedback on projects that are in production. |
|
Do you guys have any estimate when it will be deployed? We really need this ASAP as we also have lot of people on leave from next week until mid January. If you guys need any help to get this shipped please let us know! |
This is a really bad outlook. "Frankly, it appears AWS's custodianship of its open source eco-system appears to be failing; I urge you to raise this with your leadership. AWS needs to either commit more resource, or actually bite the bullet and either shut these packages down or find owners outside AWS for them. Currently these unsupported packages are a trap" This package is the recommended way to build apps!
|
As the Go runtime is deprecated. As part of this change, the compiled Go binary main is renamed to bootstrap, as that is the name that the AL2023 Lambda runtime expects. We now build using the standard Go Docker image, as the AWS Lambda Go image is deprecated. It's important to note that the Dockerfile in the lambda/ folder is not used as part of the runtime at all. It's only function is to produce the /asset/bootstrap binary that is then uploaded to Lambda and used with the AL2023 runtime. This was the case before this change, except it used to produce /asset/main to use with the GO runtime.
Now we're no longer building using the AWS build image, there's no conflict with that image if we use GOPROXY.
The rename from main to bootstrap was missed from this step.
So we're tracking the latest 1.x Go version, like we were when we were using public.ecr.aws/sam/build-go1.x:latest.
@fabiozig it's worth noting that even if you don't manage to pick these changes up until next year, you should not actually have any problems. Looking at https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#lambda-runtimes, whilst the deprecation date is Jan 8, 2024, function creation is available until Feb 8, 2024 and updates until Mar 12, 2024. According to https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtime-support-policy, "You can continue to invoke your functions indefinitely after the runtime is deprecated.". So the deprecation date is not actually a hard deadline. |
Update the major version to 3, as changing the base build image is a breaking change. Run `npx projen`.
|
@SamStephens thanks for your work on this! I think just the major version bump should be fine and we can roll forward should there be issues. |
|
@scanlonp did you see the mutation failure that showed up https://github.com/cdklabs/cdk-ecr-deployment/actions/runs/7215115085/job/19659171565?pr=424 What's happened is that when I ran I could just update |
|
@SamStephens I did see it, was trying to see why the build is not tracking the new file. Sure lets try that. Also I can take over the work on this if I am able to have push permission to your branch. If it is a branch other than main I can commit. I do not know if there are ways to give permission to a fork's main branch, but that would also work if you feel comfortable. |
|
As the end of the year is approaching, I think another alternative is https://github.com/cdklabs/cdk-docker-image-deployment |
|
@SamStephens, I got the build working. Running @fabiozig merging this now, and I will keep an eye on the release. Let me know if it works for you. @iOnline247 yes, we should update that. We are working on updating expectations of the level of maintenance of many of our cdklabs repositories. I have some ideas on what custodianship should look like, but for now we certainly need to be much clearer with our current level of support. I will make an issue so you can track it. @easydonny yes, that is another option (that I happen to be the author of 🙃)! It works for its narrow use case, but is not very flexible and has a decent bit of overhead. However, it does not depend on go / the build images that caused this particular issue. I would personally like to fully flesh it out and have it supercede this package, but I do not envision that happening in the near future. I have said some of the same thoughts & more on some of the issues Sam has kindly opened up to get our attention on these packages. |
|
@SamStephens @scanlonp
Runtime.InvalidEntrypoint error occurs when running the provided.al2 runtime because the file name is not "bootstrap". |
|
Thanks @yito-dev-tokyo @scanlonp this is exactly why I suggested we release an RC before releasing 3.0.0 - because the functionality in @yito-dev-tokyo for now you can set the |
|
We got the same problem here with the pre-built lambda :( |
|
Should be good to go now with v3.0.1. |
|
@scanlonp I just want to update you about my tests. Everything seems to be working with only one note. One of my applications had the aws-cdk-lib version locked on the yarn.lock file and the deployment was failing with the following error. In my case, there was a version conflict with the aws-cdk-lib I was using on my yarn.lock file (2.102.0)... I was able to fix the problem by removing the lock and using the latest version of the library... It seems like deployments using older versions of the aws-cdk-lib could break Thanks! |
Breaking change: builds now expect a
golangimage. This may break set ups that have specified a particular image tag.Fixes #320.
Supercedes #401.
As part of this change, the compiled Go binary main is renamed to bootstrap, as that is the name that the AL2023 Lambda runtime expects.
We now build using the standard Go Docker image, as the AWS Lambda Go image is deprecated.
It's important to note that the Dockerfile in the lambda/ folder is not used as part of the runtime at all. It's only function is to produce the /asset/bootstrap binary that is then uploaded to Lambda and used with the AL2023 runtime. This was the case before this change, except it used to produce /asset/main to use with the Go runtime.
I've tested this using the Sample application as documented in the README.md, using the steps I documented in my issue about the Sample to make it usable.
My testing steps were:
If you are going to try these tests yourself, I suggest that before you do the deploy to change the deployed asset, you test that the Lambda function is actually callable. I wasted a lot of time, because if the custom resource Lambda handler does not work, the rollback hangs for an hour before it fails. If you call the Lambda from the console with
{}as the input, you should see an error similar to{"errorMessage":"Put \"\": unsupported protocol scheme \"\"","errorType":"Error"}. This indicates execution is getting into the Lambda handler code.Note that both release packaging and the prebuilt Lambda functionality is affected by this change. I cannot think of a meaningful way to test these changes without actually releasing them.
Release packaging is impacted, because the build Go binary and it's hash are included in the release files. The release is updated to match the new naming, so we have
bootstrapandbootstrap.sha256instead ofmainandmain.sha256.These release files are then used by the prebuilt Lambda functionality. When using the prebuilt Lambda, the Lambda is downloaded from the Github release files via /lambda/install.js. This logic also had to be changed to reflect the
bootstrapnaming.As part of this change we get rid of the
_GOPROXYalias forGOPROXY, as this was only needed because of the AWS build image (as per the removed comment).