Bug fix: check for matching layer version, instead of relying on cloudformation version

[smundro]

The intent of this plug-in is to prevent recreation of layers when no updates have occurred (by performing the layer creation outside of the CloudFormation stack). The current logic will rely on the current version of the layer in the CloudFormation stack, when there are no changes in the deployment bucket. However, this can result in the use of the wrong layer version if the the deployment bucket is updated separately from the CloudFormation stack (either via a package command, or a failed stack deployment).

This update uses the layer description as a "tag" to identify a layer that matches the current dependencies file checksum (and customHash) to ensure that a compatible layer is selected, if available.

Notes:

• This can, theoretically, lead to multiple layer versions with the same description/"version key" as "different from deployment bucket" is the main trigger for re-buliding a layer. Reusing a matching layer when the deployment bucket changes is a potential optimization (i.e. find matching checksum if deployment bundle has changed) but a "version key" + retainVersions should be a good start. Alternately, only using the most-recent layer if the deployment bucket matches may be an appropriate condition for some scenarios.
• Ideally this would be doing a checksum on the yarn.lock/package-lock.json file to ensure that the installed package versions (not just the dependency list) are identical, which is another potential optimization.

[bart]

When will it get merged?

[agutoli]

New release: serverless-layers@2.8.5

[agutoli]

I appreciate your PR, @smundro. Thanks a lot.