Providing hash_extra for local_existing_package

terraform-aws-modules / terraform-aws-lambda

Terraform module, which takes care of a lot of AWS Lambda/serverless tasks (build dependencies, packages, updates, deployments) in countless combinations 🇺🇦

https://registry.terraform.io/modules/terraform-aws-modules/lambda/aws

Apache License 2.0

918 stars 685 forks source link

Providing hash_extra for local_existing_package #124

Closed andormarkus closed 3 years ago

andormarkus commented 3 years ago

Hi All,

In the current implementation hash_extra is only working when the package in created by this module. We are compiling our packages in the CI/CD pipeline and the hash of the .zip file keeps changing however the source code does not change.

It would be great if hash_extraor similarly named variable would have effect on the local_existing_package as well.

Implementation could look like this: source_code_hash = (var.hash_extra != null ? var.hash_extra : local.filename == null ? false : fileexists(local.filename)) && !local.was_missing ? filebase64sha256(local.filename) : null

Thanks, Andor

antonbabenko commented 3 years ago

Source code or timestamp is probably changing, too. If it would be the same, the produced zip archive should also be the same.

Could you please show the debug output as described here with DEBUG2 level?

andormarkus commented 3 years ago

Hi Anton

Source code does not change because I just trigger a second run on CircleCI. Timestamp is manually overwritten find . -exec touch -t 202001010000 {} \;˜

Screenshot 2021-03-08 at 14 15 03

Step 4282 and 4277 compiled the deployment package. Screenshot 2021-03-08 at 14 17 03 Screenshot 2021-03-08 at 14 18 22

As you can see the hash of the source code does not changes. However the has of the package is always changing. Im setting every time in the package as well.

Screenshot 2021-03-08 at 14 20 43

The problem is coming from when you make a pip3 install --quiet --no-deps --target . --requirement requirements.txt and the package is not pure python package. If the package contains C code like wrapt package pip will create a .so. This binary file will be always different and causing the shift of hash

This is how I generate packages Screenshot 2021-03-08 at 14 27 16

antonbabenko commented 3 years ago

Thanks a lot for the detailed reply, we will take a look at this when one of us has time.

dpeliss commented 3 years ago

It would be great if we have some var to set the source_code_hash.

Currently, I have another tool that uploads the code to s3, so I don't use the upload from this module but the s3_existing_package parameter. In this case, I need to read the hash code from another file that the same tool populates, it's a gitops based deploy.

Without the option to explicitly set the source_code_hash, the code will never be updated, since the s3 keys don't change either.

The issue is quite the opposite that @andormarkus is facing but with the same solution.

antonbabenko commented 3 years ago

@dpeliss You can set bucket, key, and version_id like in this commented block:

https://github.com/terraform-aws-modules/terraform-aws-lambda/blob/6d2acf7ad8a28b1b9b48caab0570126de57d6051/examples/complete/main.tf#L142-L146

dpeliss commented 3 years ago

I'll need to update my buckets to be versioned, but this will do the job, thank you @antonbabenko :call_me_hand:

antonbabenko commented 3 years ago

Fixed in #175. Please update the module to use v2.10.0 or newer.

github-actions[bot] commented 1 year ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.