Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(lambda-python): document that not using a lockfile will not allow transitive dependencies to be updated #14607

Closed
zxkane opened this issue May 10, 2021 · 2 comments · Fixed by #14847
Closed

(lambda-python): document that not using a lockfile will not allow transitive dependencies to be updated #14607

zxkane opened this issue May 10, 2021 · 2 comments · Fixed by #14847
Labels
@aws-cdk/aws-lambda-python bug This issue is a bug. effort/small Small work item – less than a day of effort p1

Comments

@zxkane
Copy link
Contributor

zxkane commented May 10, 2021
edited
Loading

Built a lambda layer for python runtime, the source is not changed. However the asset artifact is changed after rebuilding it. The cdk deploy(or cdk-assets) does not upload the newer asset file to stage bucket without any warning.

Reproduction Steps

create a python lambda layer like below,

Has a requirements.txt like below,

awswrangler == 2.4.0

Then build a python layer from above requirements.txt,

        new PythonLayerVersion(this, 'AwsDataWranglerLayer', {
          entry: path.join(__dirname, '../lambda.d/layer.d/awswrangler'),
          compatibleRuntimes: [Runtime.PYTHON_3_8],
        }),

The lambda layer might be varied when one dependency of awswrangler is updated(such as six). The lambda layer zip might be changed, but the hash still is same(the requirements.txt is not changed).

While the asset artifact is cached in stage bucket of cdk, the newer lambda layer won’t be uploaded to stage bucket again.

What did you expect to happen?

  • upload the new asset artifact if the size(hash sum) is changed

or

  • print out the warning message if the assets system finds the cached one and local one are inconsistent

What actually happened?

Environment

  • CDK CLI Version : v1.102.0
  • Framework Version:
  • Node.js Version: v12.21.0
  • OS :
  • Language (Version): ts

Other

This is 🐛 Bug Report
@zxkane zxkane added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels May 10, 2021
@github-actions github-actions bot added the @aws-cdk/assets Related to the @aws-cdk/assets package label May 10, 2021
@eladb
Copy link
Contributor

eladb commented May 24, 2021

The Python bundling system identifies a bundle based on the hash of the sources and not the hash of the artifact because pip produces a non-stable output (contains timestamps I believe). If we used artifact hashes, every build would have produced a different output, which means that assets will always be validated.

The recommended solution is commit a lock file, which will be included as part of the source hash calculation. I am not 100% sure what's the best way to do that if you just use requirements.txt, but both poetry and pipenv support lockfiles and I would recommend using them as a way to ensure you get a stable output.

I am repurposing this issue to expand about this in our documentation.

@eladb eladb changed the title (assets): newer assets is not published without warning (lambda-python): document that not using a lockfile will not allow transitive dependencies to be updated May 24, 2021
eladb pushed a commit that referenced this issue May 24, 2021
docs(lambda-python): recommend lockfiles
5852e15 
Since python bundles use source hashes (and as a general best practice), add a recommendation to use a dependency lockfile.

Fixes #14607
@eladb eladb mentioned this issue May 24, 2021
Merged
@eladb eladb removed their assignment May 24, 2021
@peterwoodworth peterwoodworth removed @aws-cdk/assets Related to the @aws-cdk/assets package needs-triage This issue or PR still needs to be triaged. labels May 27, 2021
@peterwoodworth peterwoodworth added effort/small Small work item – less than a day of effort p1 labels Jun 3, 2021
eladb pushed a commit that referenced this issue Jun 8, 2021
docs(lambda-python): recommend lockfiles (#14847)
0aea547 
Since python bundles use source hashes (and as a general best practice), add a recommendation to use a dependency lockfile.

Fixes #14607
@github-actions
Copy link

github-actions bot commented Jun 8, 2021

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

hollanddd pushed a commit to hollanddd/aws-cdk that referenced this issue Aug 26, 2021
@hollanddd
docs(lambda-python): recommend lockfiles (aws#14847)
2de8740 
Since python bundles use source hashes (and as a general best practice), add a recommendation to use a dependency lockfile.

Fixes aws#14607
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-lambda-python bug This issue is a bug. effort/small Small work item – less than a day of effort p1
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

docs(lambda-python): recommend lockfiles aws/aws-cdk
3 participants
@eladb @zxkane @peterwoodworth