Modify GH workflow to always publish to latest

.dockerignore

@@ -1,2 +1,2 @@
 tests
-.git
+.git

.github/workflows/check.yml

@@ -0,0 +1,23 @@
+name: Check
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 4 * * 3'
+
+jobs:
+  check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+        name: Check Rust Version
+      - run: make check
+  create_issue:
+    runs-on: ubuntu-latest
+    needs: check
+    if: always() && (needs.check.result == 'failure')
+    steps:
+      - run: gh issue create --title "Time to update to Rust" --body "Build update for next version of Rust" --label "enhancement" -R $GITHUB_REPOSITORY
+        env:
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+

.github/workflows/main.yml

@@ -4,42 +4,48 @@ on:
   push:
     branches:
       - master
-    tags:
-      - 'v**'
-  pull_request:
-    branches:
-      - master
 
 jobs:
+  scan:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v1
+    - name: Build
+      env:
+        REPO: ${{ github.repository }}
+      shell: bash
+      run: |
+        echo "docker_repo=${{ env.REPO }}" >> $GITHUB_ENV
+        make build
+    - name: Trivy vulnerability scanner
+      uses: aquasecurity/[email protected]
+      with:
+        image-ref: '${{ env.docker_repo }}:latest'
+        format: 'table'
+        exit-code: '1'
+        ignore-unfixed: true
+        vuln-type: 'os,library'
+        severity: 'CRITICAL,HIGH'
   test:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v1
+      - name: Build
+        shell: bash
+        run: make build
       - name: Test
         run: make test
-  publish-docs:
-    needs: [test]
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v1
-      - name: Update Docker hub metadata
-        uses: docker://mpepping/docker-hub-metadata-github-action
-        env:
-          IMAGE: ${{ github.repository }}
-          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
-          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
-        continue-on-error: true
   publish:
-    needs: [test]
+    needs: [scan, test]
+    if: github.repository == 'rust-serverless/lambda-rust'
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v1
       - name: Build
         shell: bash
         run: make build
-      - name: Publish
-        if: startsWith(github.ref, 'refs/tags/')
+      - name: Publish Latest
         shell: bash
         run: |
           echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_USERNAME }}" --password-stdin
-          make publish
+          make publish

.github/workflows/nightly.yml

@@ -0,0 +1,38 @@
+name: Build Nightly Rust
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 2 * * 3'
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - run: |
+             make build
+             make test
+        env:
+          RUST_VERSION: nightly
+          TAG: nightly
+          IMAGE: 'rustserverless/lambda-rust:nightly'
+  publish:
+    needs: [test]
+    if: github.repository == 'rust-serverless/lambda-rust'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - run: make publish
+        env:
+          RUST_VERSION: nightly
+          TAG: nightly
+  create_issue:
+    runs-on: ubuntu-latest
+    needs: [publish]
+    if: always() && (needs.publish.result == 'failure')
+    steps:
+      - run: gh issue create --title "Nightly publication failed" --body "Nightly publication failed" --label "bug" -R $GITHUB_REPOSITORY
+        env:
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+

.github/workflows/release.yml

@@ -0,0 +1,31 @@
+name: Release publishing
+
+on:
+  release:
+    types:
+     - published
+
+jobs:
+  publish-docs:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Update Docker hub metadata
+        uses: docker://mpepping/docker-hub-metadata-github-action
+        env:
+          IMAGE: rustserverless/lambda-rust
+          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+        continue-on-error: true
+  publish:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Build
+        shell: bash
+        run: make build
+      - name: Publish
+        shell: bash
+        run: |
+          echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_USERNAME }}" --password-stdin
+          make publish-tag

.github/workflows/stable.yml

@@ -0,0 +1,35 @@
+name: Build Stable Rust
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 2 * * 3'
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - run: |
+             make build
+             make test
+        env:
+          RUST_VERSION: stable
+  publish:
+    needs: [test]
+    if: github.repository == 'rust-serverless/lambda-rust'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - run: make publish-tag
+        env:
+          RUST_VERSION: stable
+  create_issue:
+    runs-on: ubuntu-latest
+    needs: [publish]
+    if: always() && (needs.publish.result == 'failure')
+    steps:
+      - run: gh issue create --title "Stable publication failed" --body "Stable publication failed" --label "bug" -R $GITHUB_REPOSITORY
+        env:
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+

.github/workflows/untrusted.yml

@@ -0,0 +1,14 @@
+name: Untrusted workflows (PRs)
+
+on:
+  pull_request:
+    branches:
+      - master
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Test
+        run: make test

.gitignore

@@ -1,3 +1,4 @@
 tests/test-*/test-out.log
 target
 .DS_Store
+.vscode

CHANGELOG.md

@@ -1,3 +1,11 @@
+# 0.4.0-rust-1.55.0
+
+* Upgrade to Rust [`1.55.0`](https://blog.rust-lang.org/2021/09/09/Rust-1.55.0.html)
+
+# 0.4.0-rust-1.54.0
+
+* Upgrade to Rust [`1.54.0`](https://blog.rust-lang.org/2021/07/29/Rust-1.54.0.html)
+
 # 0.4.0-rust-1.45.2
 
 * **Breaking change** in avoid mixed user permissions when volume mounting cargo cache directories. This docker images now configures a cargo installation to `/cargo` directory rather than `/home/root/.cargo`. You'll also want to ensure

Dockerfile

@@ -1,11 +1,14 @@
 # https://github.com/lambci/docker-lambda#documentation
-FROM lambci/lambda:build-provided.al2
+FROM docker.io/lambci/lambda:build-provided.al2
 
-ARG RUST_VERSION=1.51.0
+ARG RUST_VERSION=1.54.0
+RUN yum -y update
+RUN yum -y remove kernel-devel-4.14.203-156.332.amzn2
 RUN yum install -y jq openssl-devel
 RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs \
     | CARGO_HOME=/cargo RUSTUP_HOME=/rustup sh -s -- -y --profile minimal --default-toolchain $RUST_VERSION
 ADD build.sh /usr/local/bin/
+ADD latest.sh /usr/local/bin/
 VOLUME ["/code"]
 WORKDIR /code
 ENTRYPOINT ["/usr/local/bin/build.sh"]

LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2020 Doug Tangren
+Copyright (c) 2020 Doug Tangren, 2021 Alexander Zaitsev
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

Makefile

@@ -1,24 +1,32 @@
-VERSION ?= 0.4.0
-RUST_VERSION ?= 1.51.0
-REPO ?= softprops/lambda-rust
-TAG ?= "$(REPO):$(VERSION)-rust-$(RUST_VERSION)"
+DOCKER ?= docker
+INPUT_RELEASE_VERSION ?= 0.4.0
+RUST_VERSION ?= 1.55.0
+REPO ?= rustserverless/lambda-rust
+TAG ?= latest
 
 publish: build
-	@docker push $(TAG)
-	@docker push $(REPO):latest
+	$(DOCKER) push $(REPO):${TAG}
+
+publish-tag: build publish
+	$(DOCKER) tag $(REPO):${TAG} "$(REPO):$(INPUT_RELEASE_VERSION)-rust-$(RUST_VERSION)"
+	$(DOCKER) push "$(REPO):$(INPUT_RELEASE_VERSION)-rust-$(RUST_VERSION)"
 
 build:
-	@docker build --build-arg RUST_VERSION=$(RUST_VERSION) -t $(TAG) .
-	@docker tag $(TAG) $(REPO):latest
+	$(DOCKER) build --build-arg RUST_VERSION=$(RUST_VERSION) -t $(REPO):${TAG} .
 
-test: build
+test:
 	@tests/test.sh
 
 debug: build
-	@docker run --rm -it \
+	$(DOCKER) run --rm -it \
 		-u $(id -u):$(id -g) \
-		-v ${PWD}:/code \
+		-v ${PWD}:/code:Z \
 		-v ${HOME}/.cargo/registry:/cargo/registry \
 		-v ${HOME}/.cargo/git:/cargo/git  \
 		--entrypoint=/bin/bash \
+		$(REPO):$(TAG)
+
+check: 
+	$(DOCKER) run --rm \
+		--entrypoint=/usr/local/bin/latest.sh \
 		$(REPO)

README.md

@@ -1,4 +1,4 @@
-# AWS Lambda [Rust](https://www.rust-lang.org/) docker builder 🐑 🦀 🐳 [![Build Status](https://github.com/softprops/lambda-rust/workflows/Main/badge.svg)](https://github.com/softprops/lambda-rust/actions)
+# AWS Lambda [Rust](https://www.rust-lang.org/) docker builder 🐑 🦀 🐳 [![Build Status](https://github.com/rust-serverless/lambda-rust/workflows/Main/badge.svg)](https://github.com/rust-serverless/lambda-rust/actions)
 
 
 ## 🤔 about
@@ -10,14 +10,14 @@ This provides a build environment, consistent with your target execution environ
 
 ## 📦 install
 
-Tags for this docker image follow the naming convention `softprops/lambda-rust:{version}-rust-{rust-stable-version}`
+Tags for this docker image follow the naming convention `rustserverless/lambda-rust:{version}-rust-{rust-stable-version}`
 where `{rust-stable-version}` is a stable version of rust.
 
-You can find a list of available docker tags [here](https://hub.docker.com/r/softprops/lambda-rust/tags)
+You can find a list of available docker tags [here](https://hub.docker.com/r/rustserverless/lambda-rust/tags)
 
-> 💡 If you don't find the version you're looking for, please [open a new github issue](https://github.com/softprops/lambda-rust/issues/new?title=I%27m%20looking%20for%20version%20xxx) to publish one
+> 💡 If you don't find the version you're looking for, please [open a new github issue](https://github.com/rust-serverless/lambda-rust/issues/new?title=I%27m%20looking%20for%20version%20xxx) to publish one
 
-You can also depend directly on `softprops/lambda-rust:latest` for the most recently published version.
+You can also depend directly on `rustserverless/lambda-rust:latest` for the most recently published version.
 
 ## 🤸 usage
 
@@ -45,7 +45,7 @@ $ docker run --rm \
     -v ${PWD}:/code \
     -v ${HOME}/.cargo/registry:/cargo/registry \
     -v ${HOME}/.cargo/git:/cargo/git \
-    softprops/lambda-rust
+    rustserverless/lambda-rust
 ```
 > 💡 The -v (volume mount) flags for `/cargo/{registry,git}` are optional but when supplied, provides a much faster turn around when doing iterative development
 
@@ -68,7 +68,7 @@ $ docker run --rm \
     -v ${PWD}:/code \
     -v ${HOME}/.cargo/registry:/cargo/registry \
     -v ${HOME}/.cargo/git:/cargo/git \
-    softprops/lambda-rust
+    rustserverless/lambda-rust
 ```
 
 For more custom codebases, the '-w' argument can be used to override the working directory.
@@ -82,7 +82,7 @@ $ docker run --rm \
     -v ${HOME}/.cargo/registry:/cargo/registry \
     -v ${HOME}/.cargo/git:/cargo/git \
     -w /code/lambdas/mylambda \
-    softprops/lambda-rust
+    rustserverless/lambda-rust
 ```
 
 ## ⚓ using hooks
@@ -120,7 +120,7 @@ docker run \
     -v ${PWD}:/code \
     -v ${HOME}/.cargo/registry:/cargo/registry \
     -v ${HOME}/.cargo/git:/cargo/git \
-    softprops/lambda-rust
+    rustserverless/lambda-rust
 
 # start a one-off docker container replicating the "provided.al2" lambda runtime
 # awaiting an event to be provided via stdin
@@ -197,4 +197,5 @@ $ cargo aws-lambda --help
 More instructions can be found [here](https://github.com/vvilhonen/cargo-aws-lambda).
 
 
-Doug Tangren (softprops) 2020
+Doug Tangren ([softprops](https://github.com/softprops)) 2020, Alexander Zaitsev ([zamazan4ik](https://github.com/zamazan4ik)) 2021
+

latest.sh

@@ -0,0 +1,15 @@
+#!/bin/bash -eux
+
+export CARGO_HOME="/cargo"
+export RUSTUP_HOME="/rustup"
+
+# shellcheck disable=SC1091
+source /cargo/env
+
+rustup toolchain install stable --profile=minimal
+STABLE=$(rustup check | grep stable | grep -E "[0-9]+\.[0-9]+\.[0-9]+" -o)
+DEFAULT=$(rustup show | grep -m 1 default | grep -E "[0-9]+\.[0-9]+\.[0-9]+" -o)
+
+if [ "${STABLE}" == "${DEFAULT}" ]; then exit 0
+    else exit 1
+fi