diff --git a/.dockerignore b/.dockerignore index 1d3ec08..10ac9a8 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,2 +1,2 @@ tests -.git \ No newline at end of file +.git diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml new file mode 100644 index 0000000..2b0faf5 --- /dev/null +++ b/.github/workflows/check.yml @@ -0,0 +1,23 @@ +name: Check + +on: + workflow_dispatch: + schedule: + - cron: '0 4 * * 3' + +jobs: + check: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + name: Check Rust Version + - run: make check + create_issue: + runs-on: ubuntu-latest + needs: check + if: always() && (needs.check.result == 'failure') + steps: + - run: gh issue create --title "Time to update to Rust" --body "Build update for next version of Rust" --label "enhancement" -R $GITHUB_REPOSITORY + env: + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} + \ No newline at end of file diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 958edc1..a8f7d7f 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -4,42 +4,48 @@ on: push: branches: - master - tags: - - 'v**' - pull_request: - branches: - - master jobs: + scan: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v1 + - name: Build + env: + REPO: ${{ github.repository }} + shell: bash + run: | + echo "docker_repo=${{ env.REPO }}" >> $GITHUB_ENV + make build + - name: Trivy vulnerability scanner + uses: aquasecurity/trivy-action@0.0.20 + with: + image-ref: '${{ env.docker_repo }}:latest' + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' test: runs-on: ubuntu-latest steps: - uses: actions/checkout@v1 + - name: Build + shell: bash + run: make build - name: Test run: make test - publish-docs: - needs: [test] - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v1 - - name: Update Docker hub metadata - uses: docker://mpepping/docker-hub-metadata-github-action - env: - IMAGE: ${{ github.repository }} - DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} - DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} - continue-on-error: true publish: - needs: [test] + needs: [scan, test] + if: github.repository == 'rust-serverless/lambda-rust' runs-on: ubuntu-latest steps: - uses: actions/checkout@v1 - name: Build shell: bash run: make build - - name: Publish - if: startsWith(github.ref, 'refs/tags/') + - name: Publish Latest shell: bash run: | echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_USERNAME }}" --password-stdin - make publish \ No newline at end of file + make publish diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml new file mode 100644 index 0000000..079166e --- /dev/null +++ b/.github/workflows/nightly.yml @@ -0,0 +1,38 @@ +name: Build Nightly Rust + +on: + workflow_dispatch: + schedule: + - cron: '0 2 * * 3' + +jobs: + test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - run: | + make build + make test + env: + RUST_VERSION: nightly + TAG: nightly + IMAGE: 'rustserverless/lambda-rust:nightly' + publish: + needs: [test] + if: github.repository == 'rust-serverless/lambda-rust' + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - run: make publish + env: + RUST_VERSION: nightly + TAG: nightly + create_issue: + runs-on: ubuntu-latest + needs: [publish] + if: always() && (needs.publish.result == 'failure') + steps: + - run: gh issue create --title "Nightly publication failed" --body "Nightly publication failed" --label "bug" -R $GITHUB_REPOSITORY + env: + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} + \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..fbe6d4c --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,31 @@ +name: Release publishing + +on: + release: + types: + - published + +jobs: + publish-docs: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v1 + - name: Update Docker hub metadata + uses: docker://mpepping/docker-hub-metadata-github-action + env: + IMAGE: rustserverless/lambda-rust + DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} + DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} + continue-on-error: true + publish: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v1 + - name: Build + shell: bash + run: make build + - name: Publish + shell: bash + run: | + echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_USERNAME }}" --password-stdin + make publish-tag diff --git a/.github/workflows/stable.yml b/.github/workflows/stable.yml new file mode 100644 index 0000000..ff8cb94 --- /dev/null +++ b/.github/workflows/stable.yml @@ -0,0 +1,35 @@ +name: Build Stable Rust + +on: + workflow_dispatch: + schedule: + - cron: '0 2 * * 3' + +jobs: + test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - run: | + make build + make test + env: + RUST_VERSION: stable + publish: + needs: [test] + if: github.repository == 'rust-serverless/lambda-rust' + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - run: make publish-tag + env: + RUST_VERSION: stable + create_issue: + runs-on: ubuntu-latest + needs: [publish] + if: always() && (needs.publish.result == 'failure') + steps: + - run: gh issue create --title "Stable publication failed" --body "Stable publication failed" --label "bug" -R $GITHUB_REPOSITORY + env: + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} + \ No newline at end of file diff --git a/.github/workflows/untrusted.yml b/.github/workflows/untrusted.yml new file mode 100644 index 0000000..b611376 --- /dev/null +++ b/.github/workflows/untrusted.yml @@ -0,0 +1,14 @@ +name: Untrusted workflows (PRs) + +on: + pull_request: + branches: + - master + +jobs: + test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v1 + - name: Test + run: make test \ No newline at end of file diff --git a/.gitignore b/.gitignore index 0c5b82d..cb01b5b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ tests/test-*/test-out.log target .DS_Store +.vscode diff --git a/CHANGELOG.md b/CHANGELOG.md index 50e1327..5c7e724 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,11 @@ +# 0.4.0-rust-1.55.0 + +* Upgrade to Rust [`1.55.0`](https://blog.rust-lang.org/2021/09/09/Rust-1.55.0.html) + +# 0.4.0-rust-1.54.0 + +* Upgrade to Rust [`1.54.0`](https://blog.rust-lang.org/2021/07/29/Rust-1.54.0.html) + # 0.4.0-rust-1.45.2 * **Breaking change** in avoid mixed user permissions when volume mounting cargo cache directories. This docker images now configures a cargo installation to `/cargo` directory rather than `/home/root/.cargo`. You'll also want to ensure diff --git a/Dockerfile b/Dockerfile index e5ba94a..b7ad8cf 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,11 +1,14 @@ # https://github.com/lambci/docker-lambda#documentation -FROM lambci/lambda:build-provided.al2 +FROM docker.io/lambci/lambda:build-provided.al2 -ARG RUST_VERSION=1.51.0 +ARG RUST_VERSION=1.54.0 +RUN yum -y update +RUN yum -y remove kernel-devel-4.14.203-156.332.amzn2 RUN yum install -y jq openssl-devel RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs \ | CARGO_HOME=/cargo RUSTUP_HOME=/rustup sh -s -- -y --profile minimal --default-toolchain $RUST_VERSION ADD build.sh /usr/local/bin/ +ADD latest.sh /usr/local/bin/ VOLUME ["/code"] WORKDIR /code ENTRYPOINT ["/usr/local/bin/build.sh"] diff --git a/LICENSE b/LICENSE index a28713d..4c8837e 100644 --- a/LICENSE +++ b/LICENSE @@ -1,4 +1,4 @@ -Copyright (c) 2020 Doug Tangren +Copyright (c) 2020 Doug Tangren, 2021 Alexander Zaitsev Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the diff --git a/Makefile b/Makefile index 483adf9..23eccaf 100644 --- a/Makefile +++ b/Makefile @@ -1,24 +1,32 @@ -VERSION ?= 0.4.0 -RUST_VERSION ?= 1.51.0 -REPO ?= softprops/lambda-rust -TAG ?= "$(REPO):$(VERSION)-rust-$(RUST_VERSION)" +DOCKER ?= docker +INPUT_RELEASE_VERSION ?= 0.4.0 +RUST_VERSION ?= 1.55.0 +REPO ?= rustserverless/lambda-rust +TAG ?= latest publish: build - @docker push $(TAG) - @docker push $(REPO):latest + $(DOCKER) push $(REPO):${TAG} + +publish-tag: build publish + $(DOCKER) tag $(REPO):${TAG} "$(REPO):$(INPUT_RELEASE_VERSION)-rust-$(RUST_VERSION)" + $(DOCKER) push "$(REPO):$(INPUT_RELEASE_VERSION)-rust-$(RUST_VERSION)" build: - @docker build --build-arg RUST_VERSION=$(RUST_VERSION) -t $(TAG) . - @docker tag $(TAG) $(REPO):latest + $(DOCKER) build --build-arg RUST_VERSION=$(RUST_VERSION) -t $(REPO):${TAG} . -test: build +test: @tests/test.sh debug: build - @docker run --rm -it \ + $(DOCKER) run --rm -it \ -u $(id -u):$(id -g) \ - -v ${PWD}:/code \ + -v ${PWD}:/code:Z \ -v ${HOME}/.cargo/registry:/cargo/registry \ -v ${HOME}/.cargo/git:/cargo/git \ --entrypoint=/bin/bash \ + $(REPO):$(TAG) + +check: + $(DOCKER) run --rm \ + --entrypoint=/usr/local/bin/latest.sh \ $(REPO) diff --git a/README.md b/README.md index bbf8016..9d8a02c 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# AWS Lambda [Rust](https://www.rust-lang.org/) docker builder 🐑 🦀 🐳 [![Build Status](https://github.com/softprops/lambda-rust/workflows/Main/badge.svg)](https://github.com/softprops/lambda-rust/actions) +# AWS Lambda [Rust](https://www.rust-lang.org/) docker builder 🐑 🦀 🐳 [![Build Status](https://github.com/rust-serverless/lambda-rust/workflows/Main/badge.svg)](https://github.com/rust-serverless/lambda-rust/actions) ## 🤔 about @@ -10,14 +10,14 @@ This provides a build environment, consistent with your target execution environ ## 📦 install -Tags for this docker image follow the naming convention `softprops/lambda-rust:{version}-rust-{rust-stable-version}` +Tags for this docker image follow the naming convention `rustserverless/lambda-rust:{version}-rust-{rust-stable-version}` where `{rust-stable-version}` is a stable version of rust. -You can find a list of available docker tags [here](https://hub.docker.com/r/softprops/lambda-rust/tags) +You can find a list of available docker tags [here](https://hub.docker.com/r/rustserverless/lambda-rust/tags) -> 💡 If you don't find the version you're looking for, please [open a new github issue](https://github.com/softprops/lambda-rust/issues/new?title=I%27m%20looking%20for%20version%20xxx) to publish one +> 💡 If you don't find the version you're looking for, please [open a new github issue](https://github.com/rust-serverless/lambda-rust/issues/new?title=I%27m%20looking%20for%20version%20xxx) to publish one -You can also depend directly on `softprops/lambda-rust:latest` for the most recently published version. +You can also depend directly on `rustserverless/lambda-rust:latest` for the most recently published version. ## 🤸 usage @@ -45,7 +45,7 @@ $ docker run --rm \ -v ${PWD}:/code \ -v ${HOME}/.cargo/registry:/cargo/registry \ -v ${HOME}/.cargo/git:/cargo/git \ - softprops/lambda-rust + rustserverless/lambda-rust ``` > 💡 The -v (volume mount) flags for `/cargo/{registry,git}` are optional but when supplied, provides a much faster turn around when doing iterative development @@ -68,7 +68,7 @@ $ docker run --rm \ -v ${PWD}:/code \ -v ${HOME}/.cargo/registry:/cargo/registry \ -v ${HOME}/.cargo/git:/cargo/git \ - softprops/lambda-rust + rustserverless/lambda-rust ``` For more custom codebases, the '-w' argument can be used to override the working directory. @@ -82,7 +82,7 @@ $ docker run --rm \ -v ${HOME}/.cargo/registry:/cargo/registry \ -v ${HOME}/.cargo/git:/cargo/git \ -w /code/lambdas/mylambda \ - softprops/lambda-rust + rustserverless/lambda-rust ``` ## ⚓ using hooks @@ -120,7 +120,7 @@ docker run \ -v ${PWD}:/code \ -v ${HOME}/.cargo/registry:/cargo/registry \ -v ${HOME}/.cargo/git:/cargo/git \ - softprops/lambda-rust + rustserverless/lambda-rust # start a one-off docker container replicating the "provided.al2" lambda runtime # awaiting an event to be provided via stdin @@ -197,4 +197,5 @@ $ cargo aws-lambda --help More instructions can be found [here](https://github.com/vvilhonen/cargo-aws-lambda). -Doug Tangren (softprops) 2020 +Doug Tangren ([softprops](https://github.com/softprops)) 2020, Alexander Zaitsev ([zamazan4ik](https://github.com/zamazan4ik)) 2021 + diff --git a/latest.sh b/latest.sh new file mode 100755 index 0000000..f39f922 --- /dev/null +++ b/latest.sh @@ -0,0 +1,15 @@ +#!/bin/bash -eux + +export CARGO_HOME="/cargo" +export RUSTUP_HOME="/rustup" + +# shellcheck disable=SC1091 +source /cargo/env + +rustup toolchain install stable --profile=minimal +STABLE=$(rustup check | grep stable | grep -E "[0-9]+\.[0-9]+\.[0-9]+" -o) +DEFAULT=$(rustup show | grep -m 1 default | grep -E "[0-9]+\.[0-9]+\.[0-9]+" -o) + +if [ "${STABLE}" == "${DEFAULT}" ]; then exit 0 + else exit 1 +fi diff --git a/tests/test.sh b/tests/test.sh index 51c9f6f..0a2f1ba 100755 --- a/tests/test.sh +++ b/tests/test.sh @@ -4,7 +4,7 @@ HERE="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" # Root directory of the repository DIST=$(cd "$HERE"/..; pwd) -IMAGE=${1:-softprops/lambda-rust} +: "${IMAGE:=rustserverless/lambda-rust}" source "${HERE}"/bashtest.sh