Skip to content

Conversation

@fabisev
Copy link
Contributor

@fabisev fabisev commented Aug 19, 2025

Issue #, if available:

Description of changes:

  • Added build, test and publish workflow that uses Codebuild
  • Added copyright headers verifier and adder
  • Added automatic changelog generation
  • Added script for local testing

Target (OCI, Managed Runtime, both):
both

Checklist

  • I have run npm install to generate the package-lock.json correctly and included it in the PR.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@@ -0,0 +1,135 @@
name: Build and Release

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see the general flow of this is different from what we did

  • We are not using npmrc
  • We are not specific scope modifier --access=public

if [[ "${{ steps.version.outputs.is_rc }}" == "true" ]]; then
npm publish aws-lambda-ric-*.tgz --tag rc
else
npm publish aws-lambda-ric-*.tgz

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We publish for 2 arch -> We cannot use 1 tar file for it

@@ -0,0 +1,113 @@
#!/usr/bin/env node

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For adding things like Copyright header the most classic tool is git diff - It's market practise - Let's reuse that and not language specific tools - Good thought of adding this as part of linting, I hat when build/automated review fail due to this:P!

@@ -0,0 +1,97 @@
#!/usr/bin/env node

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we need this if we are specifying executable before starting script

# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0

set -e

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For ease of debugging on this failing we can optionally do

set -euo pipefail
trap 'echo "Error on line $LINENO"; exit 1' ERR

local node_version=$1
echo "Running unit tests for Node.js $node_version..."
docker build -f test/unit/Dockerfile.nodejs${node_version}.x -t unit/nodejs.${node_version}x .
docker run --rm unit/nodejs.${node_version}x

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For checking failures

docker run … || { echo "Tests failed for Node.js $node_version"; exit 1; }

@@ -0,0 +1,36 @@
#!/bin/bash

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In general for formatting bash doesn't care but we need to add formatting for ease in readability

"all")
echo "Running unit tests for all Node versions..."
for version in 18 20 22; do
run_unit_tests $version

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: Consider running them concurrently like command & => Only downside logs are interleaved which will make debugging hard

@fabisev fabisev marked this pull request as draft August 20, 2025 18:25
@fabisev fabisev force-pushed the fabisev/artifact-publishing branch 7 times, most recently from 8d292b5 to 2e64bbd Compare August 20, 2025 19:52
@fabisev fabisev force-pushed the fabisev/artifact-publishing branch from d0e6613 to 523de7c Compare August 21, 2025 10:25
@fabisev fabisev force-pushed the fabisev/artifact-publishing branch from b3dfd05 to 160d714 Compare August 21, 2025 11:19
first_line=$(head -n1 "$file" 2>/dev/null || echo "")

# Create patch entry
echo "--- a/$file" >> "$patch_file"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Patch file itself could be created beforehand?

fi

# Create patch entry
echo "--- a/$file" >> "$patch_file"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same question here, we don't need to create the patch file on the fly

@fabisev fabisev force-pushed the fabisev/artifact-publishing branch from 3471e1c to 595e7e8 Compare August 21, 2025 16:23
@fabisev fabisev force-pushed the fabisev/artifact-publishing branch from a763632 to 74c3b90 Compare August 22, 2025 14:26
@fabisev fabisev force-pushed the fabisev/artifact-publishing branch 3 times, most recently from f4994c9 to 45f5f4e Compare August 25, 2025 09:51
@fabisev fabisev force-pushed the fabisev/artifact-publishing branch from 45f5f4e to 61c7c17 Compare August 25, 2025 09:57

permissions:
id-token: write
contents: read
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

let's use the latest LTS here?

- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same here, let's use latest LTS?

src/build.js Outdated
};

buildOneSet('node14.21.3');
buildOneSet('node16.20.2');
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why do we need node16 here?

"format:src": "prettier --check \"src/*.*js\" --write",
"format:test": "prettier --check \"test/**/*.*js\" --write",
"lint": "eslint --ext \".js\" src test",
"check-headers": "./scripts/check-headers.sh",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice!

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is the build failing if we have missing headers? Do we need to add this check-headers task in the build one?

```shell script
npm run add-headers
```

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks for updating the readme!

exit 1
fi
# Copy architecture-specific package.json to dist
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

so we have 2 tars, one for each architecture?
At the end are we publishing one artifact to npm or 2?

needs: [get-version, build]
strategy:
matrix:
node-version: [18, 20, 22]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that's fine for now, but we might want to have one branch per version at some point if we want to adjust the RIC to a specific feature of node


- name: Setup NPM authentication
run: |
NPM_TOKEN=$(aws secretsmanager get-secret-value --secret-id aws-lambda-runtimes/github/nodejs/npm-token --query SecretString --output text)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would add aws-lambda-runtimes/github/nodejs/npm-token as a github secret? not so secret but it would allow us to swap the secret name easily?


- name: Setup NPM authentication
run: |
NPM_TOKEN=$(aws secretsmanager get-secret-value --secret-id aws-lambda-runtimes/github/nodejs/npm-token --query SecretString --output text)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we need to make sure that this will never be triggered by untrusted PR.

So I think it would be better to split the build and release workflow. It will also simplify the checks around startsWith(github.ref, 'refs/tags/').

Maybe we can create a new workflow, manual_dispatch only with a input field which is the tag name when we want to release? WDYT? cc @godcrampy

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Creating a release is also a manual step on it's own? I'm not sure what's the value of manual_dispatch. Could you explain please how the experience would look like? Happy to chat in sync.

Agreed, splitting build and release would simplify but I'd like to understand the first point before.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sent an invite for tomorrow!

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Discussed offline, we'd like to split release and build into two stages. Release would be a manual run using: workflow_dispatch.

@fabisev fabisev force-pushed the fabisev/artifact-publishing branch 2 times, most recently from 859fd8a to cf7c532 Compare August 26, 2025 13:06
@fabisev fabisev force-pushed the fabisev/artifact-publishing branch from cf7c532 to 9e5bc37 Compare August 26, 2025 13:10
- arch: x86_64
runner: codebuild-project-awsaws-lambda-nodejs-runtime-interface-client-${{ github.run_id }}-${{ github.run_attempt }}
- arch: aarch64
runner: codebuild-project-awsaws-lambda-nodejs-runtime-interface-client-${{ github.run_id }}-${{ github.run_attempt }}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if runner is the same for both options, let's remove this from the matrix input and use it directly on line 39?

required: true
type: string

permissions: {}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you can remove this I think

matrix:
include:
- arch: x86_64
runner: codebuild-project-awsaws-lambda-nodejs-runtime-interface-client-${{ github.run_id }}-${{ github.run_attempt }}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same comment here

@fabisev fabisev marked this pull request as ready for review September 4, 2025 14:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants