-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Request for Comments: Design of new sam build
command
#743
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added some UX comments, additional task for sam init
to create a consistent experience and brought in some DotNet Serverless folks
+=============+========================================================================================+ | ||
| Resolve | No Op | | ||
+-------------+----------------------------------------------------------------------------------------+ | ||
| Compile | ``dotnet lambda package --configuration release --output-package $BUILD/package.zip`` | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
cc @sliedig, @blomskog and @pcolazurdo to share their DotNet experience.
I remember having a chat with @sliedig and @pcolazurdo once that dotnet lambda package
includes additional files that are not necessarily needed for Lambda to function -- Perhaps there's a flag or something well known in that space that we can include
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
feedback here would be super helpful!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
adding Mark @Ubiguchi as he also has great experience in this area for comments
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The latest version of the Amazon.Lambda.Tools creates a very slim version of the package so I would trust this. The tool creates a zip with all the required dependencies. If project has static files and they are included in the csproj definition, they will be automatically included in the zip
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would use the standard microsoft/dotnet docker image to compile. It would need to add dependencies to work with Lambda so a Dockerfile can be included that would add these dependencies on package creation. Not sure what is the model with other languages, but I think this would be a good solution.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@pcolazurdo Thanks for the review. Its great to know we are in the right direction here.
Can you elaborate on your comment about using standard microsoft/dotnet
image? With native dependencies (like C libraries), we need to compile against a close version of Amazon Linux that Lambda runs. Doesn't dotnet have a similar requirement?
Also, for dependencies, wouldn't you be adding them to your .csproj file or something? Why do you need the Dockerfile?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall, I really like this direction. Building is a pain in some languages and this helps complete the workflow for testing locally and being able to deploy to the cloud seamlessly.
|
||
#. Each Lambda function in SAM template gets built | ||
|
||
#. Produce stable builds (best effort): If the source files did not change, built artifacts should not change. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Q: Are we building when the source files did not change?
Maybe a better phrasing is, Identical sources file will produce identical build artifacts.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1. Taking a step further is how are we going to decide on that? Hashing? Hashing stored locally?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Identical sources file will produce identical build artifacts
This can be confusing for dependency updates, which you may want to include even of your source code stays the same.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See this for more details: https:/sanathkr/aws-sam-cli/blob/build-cmd-design/designs/sam_build_cmd.rst#stable-builds
In the initial release, I don't see much value in using hashing to control artifacts because most of the build process is outside of SAM CLI's control (NPM/Maven etc does the job). But it will change in future as we understand how ppl use this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Stable build should be based only on source changes. The user could run clean/build to force dependencies update
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed.. This is the intention too.
Out-of-Scope | ||
------------ | ||
#. Supports adding data files ie. files that are not referenced by the package manager (ex: images, css etc) | ||
#. Support to exclude certain files from the built artifact (ex: using .gitignore or using regex) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Assumption: Customers will be using these commands together sam build | sam package
.
Given my assumption, would this create larger packages that customers deploy? Or is this just stating arbitrary files will not be excludable?
Are there any files we will be excluding by default?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We will exclude certain files & folders by default like *.pyc
that makes sense, but we won't be able to support parsing an arbitrary .gitignore
file. So it is possible that we don't create the slimmest zip file. But this could be a fast follow feature.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
another benefit of using NPM for node, is that this is automatically handled by NPM.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is interesting. It also creates a problem where we don't have a consistent experience across different programming languages (ie. Python won't respect .gitignore but Nodejs builds will). May be that is acceptable?
+-------------+--------------------------------------+ | ||
| Action | Command | | ||
+=============+======================================+ | ||
| Resolve | ``npm install`` | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Appreciate the way you're going with this, so we (from Claudia.js) would like to ask if you'd like us to share the code from our claudia pack
command?
As just an npm install
with excluding node_modules
is not going to be enough. You will have other files, such as .eslintrc
, still present everywhere.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
YES YES YES 🔥Thank you so much for offering. This is exciting to get deeper Nodejs build support into the command. The current technical design does not support such integrations. I will rework and send an updated PR.
Broadly, here are some questions I am trying to answer:
- Can we support build actions written natively in other languages (JS/Golang/C#) etc?
- How can we auto-detect certain frameworks and invoke appropriate build actions for that framework because SAM CLI's built-in functionality is never going to be as deep and opinionated as the framework's? (ex: call
claudia pack
for ClaudiaJS apps, orzappa package
for Zappa apps) - How can I let other non-SAM CLI developers write custom build actions?
- How can we build all the custom build actions into SAM CLI so customers don't have to install a plugin?
- If the build command is a collection of 20-30 different build actions for various frameworks, does it make sense to create a separate repository and vend it as a library that SAM CLI and other tools can consume? I know we are never going to ever support all frameworks/opinions applying the 80:20 rule, what would a good 80% look like?
I might be digressing from the original intent of the build command, but seeing the community interest and going through other build/package implementations, I feel like we can all benefit from each other if we collect our efforts.
Thoughts?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@sanathkr claudia pack
will do the proper packaging for any nodejs runtime (dependency installation & rewriting for local deps and removing test resources), so it's not just for projects made with claudia. eg for video puppet, I'm using cloudformation to deploy lambdas with nodejs (not even SAM, because of nested templates not working), but I'm using claudia pack to create deployable zips.
you could use directly claudia pack
for any lambda that is marked with a nodejs runtime, or we could transfer the relevant parts of the code to a SAM sub-project. The only real dependency there is the NPM executable. Just let us know what you'd prefer.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah I didn't know claudia pack
is generic. Yes, it would be fantastic to be able to adopt that functionality into SAM CLI.
We have two options:
Option 1: Include a JS module in SAM CLI's Python source
To build Node projects, SAM CLI just invoke the JS module node pack.js
.
Pros:
- Easy to lift & shift
- Easy to use language specific libraries that can support deeper integrations in future like webpack build or running gulp scripts
- Sets precedence for other runtimes like Java which might need reflexion to create the package
- Easier to get help from JS community who is more familiar with building JS packages.
Cons:
- Vending JS files in Python package
- Might take dependency on certain version of Node. We can't enforce that customers have this version of Node on their system.
- Might have to webpack all dependencies, minify and vend one file that we just run using
node pack.js
. - Need to spawn & manage processes
- Could become a tech debt if this approach doesn't scale.
Option 2: Rewrite the claudia pack
functionality in Python
Pros:
- Native implementation.
- Implementation might create general features that can be used by build actions for other runtimes
- Faster
Cons:
- Takes a lot more work. Can't lift & shift
- Won't get to use language native features.
What do you guys think?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess we can start with Node.js (option 1), and rewrite in Python if needed later.
For Node.js version, with Claudia.js we try to fully support versions supported by Lambda, but it works in all major versions of Node. Also it’s easy to have multiple versions of Node.js with tools like nvm.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it's safe to assume that people deploying node.js lambda projects have node.js installed locally. If not, then neither of the two solutions will work, unless you want to fully rewrite NPM in python as well.
Regarding your option 2 and second con, I don't think that is relevant. if you're just thinking of packaging up lambdas, there are no language-native features required for it (apart from loading JSON, which I assume you can do with Python as well). It's just a matter of moving files around, zipping them up, and invoking NPM a few times with the right options.
How about having an install
and package
steps for language-dependent builders? install
could prepare the builder from python, by effectively creating an local executable in a runtime-specific way (for example, in case of node.js, this would run npm install
on a subdirectory where you have the packaging script, to pull the right dependencies; in case of Java it could grab the maven shade plugin...). If that step fails, SAM can complain and tell the user that the local environment needs aren't met, so it can't build the project, and potentially direct them to a URL documenting what local tools are required for building that runtime. If that step succeeds, you know that it's possible to build it correctly, and SAM would just need to invoke a system executable produced/configured by the first step.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@stojanovic Yes, let's do that. The one thing I underestimated is the level of help existing Javascript libraries will provide to package JS apps. Ex: You could just import a gulpfile as module and run actions without treating it like a CLI.
This creates an interesting state where SAM CLI's Python package will contain JS libraries, but I think that is fine.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@gojko I like your idea of splitting the install
& package
phases. I would even split the install phase into prepare
, resolve-dependencies
, copy-source
phases where we need to call NPM to simply resolve-dependencies
and for everything else we will have default Python implementations.
When we consume Claudia's pack
functionality, we can work through the details of where to draw the line for each phase. But I think it is worth keeping the pack
code in Javascript so we can add support for advanced building like running Gulpscripts or Webpack etc without re-implementing all these libraries in Python.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I added information about how this will be implemented to the design doc: https:/sanathkr/aws-sam-cli/blob/build-cmd-design/designs/sam_build_cmd.rst#implementation-of-build-actions
I have addressed all comments and updated design document to reflect the latest discussion. Can you guys approve the PR so I can start implementation? |
See below the notes from our security-focused review. Background notes
Discussion 1: protecting customersWe want to prevent customers from shooting themselves in the foot. Consider the following scenario:
Note that 3 would have also happened if the customer ran just Mitigations:
Other ideas:
Discussion 2: exec logicThe library of builders will bundle all dependencies, so that there is no post-install needed. For initial launch there should be no bundled dependencies. In the future the tenet is to assume library-specific dependencies (such as webpack) are installed and available on SAM CLI's path -- this path will be forwarded. There are two points of execution:
These are reasonable approaches. If a future pen test of SAM CLI is conducted, remember to call out these integration points to focus on. |
Created a separate Github Repository to implement each build action: https:/awslabs/aws-lambda-builders. This helps evolve the builders independent of the CLI. Contributors writing build actions need not know/use SAM CLI. |
Do you want us to start migrating |
@gojko Actually hang on for a few days. I want to prototype Python first so we have the right scaffolding before we take the JS lib. |
Security Review NotesThreats:
Recommendations:
|
Any update on this? |
@edtbl76 sam build is available today for Python Runtimes, try giving the latest version of aws-sam-cli a whirl. |
Yes, I need node runtimes for this to be useful. Is there an ETA?
…On Thu, Dec 6, 2018, 18:56 Sriram Madapusi Vasudevan < ***@***.*** wrote:
@edtbl76 <https:/edtbl76> sam build is available today for
Python Runtimes, try giving the latest version of aws-sam-cli a whirl.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#743 (comment)>,
or mute the thread
<https:/notifications/unsubscribe-auth/AC7g77cMciMOq7CyrXCuiHyKPGCLRfBSks5u2a6UgaJpZM4YC5yS>
.
|
@edtbl76 You can find other language support in our issues. Those issues will be closed after we release support. You can track progress there. Locking this issue to reduce noise and asks about language support. This was a design for sam build and will track further language supports through issues. |
💻 Rendered Design Doc is here
🗓 RFC Open for feedback until: 5 Nov, 2018
Description of changes:
Adding a design document for discussion. In this document, I explain the motivation and technical design behind a new command to create deployable artifacts for Lambda functions from source -
sam build
.Requesting comments on every aspect of the design, from user experience to implementation details. Once the discussion is closed, I will update the Task Breakdown section with actual list of tasks to implement this feature and create corresponding Github Issues.
This document is based on the design document template I added in #742
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.