From 26c05fcb8d85ef071045334fb32144f677811adf Mon Sep 17 00:00:00 2001
From: Markus Siebert <markus.siebert@deutschebahn.com>
Date: Wed, 13 Sep 2023 20:00:55 +0200
Subject: [PATCH] feat: update to AL2 Runtime (#830)

* update to AL2 Runtime
---------

Signed-off-by: github-actions <github-actions@github.com>
Co-authored-by: github-actions <github-actions@github.com>
---
 .github/workflows/build.yml                        |  2 +-
 .github/workflows/release.yml                      |  2 +-
 .projenrc.js                                       |  2 +-
 README.md                                          |  2 +-
 scripts/lambda-build.sh                            | 14 +++++++-------
 scripts/lambda-zip.sh                              | 10 +++++-----
 src/index.ts                                       |  4 ++--
 .../SecretIntegrationAsset.assets.json             | 10 +++++-----
 .../SecretIntegrationAsset.template.json           |  6 +++---
 .../SecretIntegrationInline.assets.json            | 10 +++++-----
 .../SecretIntegrationInline.template.json          |  6 +++---
 11 files changed, 34 insertions(+), 34 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 039b340b..6bc41aa4 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -201,7 +201,7 @@ jobs:
         uses: actions/upload-artifact@v2.1.1
         with:
           name: gobuild
-          path: lambda/cdk-sops-secrets
+          path: lambda/bootstrap
     container:
       image: golang:1.18.0-buster
   zipper:
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 81f982ae..211a7f60 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -85,7 +85,7 @@ jobs:
         uses: actions/upload-artifact@v2.1.1
         with:
           name: gobuild
-          path: lambda/cdk-sops-secrets
+          path: lambda/bootstrap
     container:
       image: golang:1.18.0-buster
   zipper:
diff --git a/.projenrc.js b/.projenrc.js
index b8b2c6eb..3cb3bf2d 100644
--- a/.projenrc.js
+++ b/.projenrc.js
@@ -182,7 +182,7 @@ fixme.forEach((wf) => {
         uses: 'actions/upload-artifact@v2.1.1',
         with: {
           name: 'gobuild',
-          path: 'lambda/cdk-sops-secrets',
+          path: 'lambda/bootstrap',
         },
       },
     ],
diff --git a/README.md b/README.md
index 752fdec1..6d94c9c7 100644
--- a/README.md
+++ b/README.md
@@ -11,7 +11,7 @@
 [![pypi downloads](https://img.shields.io/pypi/dw/cdk-sops-secrets)](https://pypi.org/project/cdk-sops-secrets)<br>
 
 [![codecov](https://codecov.io/gh/markussiebert/cdk-sops-secrets/branch/main/graph/badge.svg?token=OT7P7HQHXB)](https://codecov.io/gh/markussiebert/cdk-sops-secrets)&nbsp;&nbsp;
-[![security-vulnerabilities](https://img.shields.io/github/issues-search/markussiebert/cdk-sops-secrets?color=%23ff0000&label=security-vulnerabilities&query=is%3Aissue%20is%3Aopen%20label%3A%22security%20vulnerability%22)](https://github.com/markussiebert/cdk-sops-secrets/issues?q=is%3Aissue+is%3Aopen+label%3A%22security+vulnerability%22)&nbsp;
+[![security-vulnerabilities](https://img.shields.io/github/issues-search/markussiebert/cdk-sops-secrets?color=%23ff0000&label=security-vulnerabilities&query=is%3Aissue%20is%3Aopen%20label%3A%22Mend%3A%20dependency%20security%20vulnerability%22)](https://github.com/markussiebert/cdk-sops-secrets/issues?q=is%3Aissue+is%3Aopen+label%3A%22security+vulnerability%22)&nbsp;
 
 ## Introduction
 
diff --git a/scripts/lambda-build.sh b/scripts/lambda-build.sh
index eb5e9a87..7f46f771 100755
--- a/scripts/lambda-build.sh
+++ b/scripts/lambda-build.sh
@@ -6,10 +6,10 @@ export GOOS=linux
 export GOARCH=amd64
 export GOPROXY=https://proxy.golang.org,direct
 export CGO_ENABLED=0
-go build -trimpath -buildvcs=false -ldflags="-s -w -buildid="
-ls -la cdk-sops-secrets
-shasum cdk-sops-secrets
-touch -t 202002020000 cdk-sops-secrets
-chmod 755 cdk-sops-secrets
-ls -la cdk-sops-secrets
-shasum cdk-sops-secrets
+go build -trimpath -buildvcs=false -tags lambda.norpc -o bootstrap -ldflags="-s -w -buildid="
+ls -la bootstrap
+shasum bootstrap
+touch -t 202002020000 bootstrap
+chmod 755 bootstrap
+ls -la bootstrap
+shasum bootstrap
diff --git a/scripts/lambda-zip.sh b/scripts/lambda-zip.sh
index 59f620de..47711a0c 100755
--- a/scripts/lambda-zip.sh
+++ b/scripts/lambda-zip.sh
@@ -3,10 +3,10 @@
 BASEPATH=$(git rev-parse --show-toplevel)
 mkdir -p "$BASEPATH/assets"
 cd "$BASEPATH/lambda"
-touch -t 202002020000 cdk-sops-secrets
-chmod 755 cdk-sops-secrets
-ls -la cdk-sops-secrets
-sha1sum cdk-sops-secrets
-zip -X9om "$BASEPATH/assets/cdk-sops-lambda.zip" cdk-sops-secrets
+touch -t 202002020000 bootstrap
+chmod 755 bootstrap
+ls -la bootstrap
+sha1sum bootstrap
+zip -X9om "$BASEPATH/assets/cdk-sops-lambda.zip" bootstrap
 sha1sum "$BASEPATH/assets/cdk-sops-lambda.zip"
 ls -la "$BASEPATH/assets/cdk-sops-lambda.zip"
\ No newline at end of file
diff --git a/src/index.ts b/src/index.ts
index ae7ea4de..13880309 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -278,8 +278,8 @@ export class SopsSyncProvider extends SingletonFunction implements IGrantable {
         scope.node.tryGetContext('sops_sync_provider_asset_path') ||
           path.join(__dirname, '../assets/cdk-sops-lambda.zip'),
       ),
-      runtime: Runtime.GO_1_X,
-      handler: 'cdk-sops-secrets',
+      runtime: Runtime.PROVIDED_AL2,
+      handler: 'bootstrap',
       uuid: 'SopsSyncProvider',
       timeout: Duration.seconds(60),
       environment: {
diff --git a/test/secret-asset.integ.snapshot/SecretIntegrationAsset.assets.json b/test/secret-asset.integ.snapshot/SecretIntegrationAsset.assets.json
index 05653ece..a4f67db8 100644
--- a/test/secret-asset.integ.snapshot/SecretIntegrationAsset.assets.json
+++ b/test/secret-asset.integ.snapshot/SecretIntegrationAsset.assets.json
@@ -1,20 +1,20 @@
 {
   "version": "15.0.0",
   "files": {
-    "b75822c8c495b7a5b099b6e6134bb78f07198685bacf3c34d3b2bdcdde0dedf1": {
+    "3a08d1d1b68c7c6d8c3a7c5fbedd1621513532693ab62f35b54596e351c1a256": {
       "source": {
-        "path": "asset.b75822c8c495b7a5b099b6e6134bb78f07198685bacf3c34d3b2bdcdde0dedf1.zip",
+        "path": "asset.3a08d1d1b68c7c6d8c3a7c5fbedd1621513532693ab62f35b54596e351c1a256.zip",
         "packaging": "file"
       },
       "destinations": {
         "current_account-current_region": {
           "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
-          "objectKey": "b75822c8c495b7a5b099b6e6134bb78f07198685bacf3c34d3b2bdcdde0dedf1.zip",
+          "objectKey": "3a08d1d1b68c7c6d8c3a7c5fbedd1621513532693ab62f35b54596e351c1a256.zip",
           "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
         }
       }
     },
-    "57f9c7c2120dcf38a07108ffaeb8d5f9fceb772393939332dbd61bd4e738da16": {
+    "2ed3c6af0c33ee1b70e92c54b70afd7993ac159979bcca22c592b18511e323c1": {
       "source": {
         "path": "SecretIntegrationAsset.template.json",
         "packaging": "file"
@@ -22,7 +22,7 @@
       "destinations": {
         "current_account-current_region": {
           "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
-          "objectKey": "57f9c7c2120dcf38a07108ffaeb8d5f9fceb772393939332dbd61bd4e738da16.json",
+          "objectKey": "2ed3c6af0c33ee1b70e92c54b70afd7993ac159979bcca22c592b18511e323c1.json",
           "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
         }
       }
diff --git a/test/secret-asset.integ.snapshot/SecretIntegrationAsset.template.json b/test/secret-asset.integ.snapshot/SecretIntegrationAsset.template.json
index 766f5c9c..0897f0da 100644
--- a/test/secret-asset.integ.snapshot/SecretIntegrationAsset.template.json
+++ b/test/secret-asset.integ.snapshot/SecretIntegrationAsset.template.json
@@ -176,7 +176,7 @@
           "S3Bucket": {
             "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
           },
-          "S3Key": "b75822c8c495b7a5b099b6e6134bb78f07198685bacf3c34d3b2bdcdde0dedf1.zip"
+          "S3Key": "3a08d1d1b68c7c6d8c3a7c5fbedd1621513532693ab62f35b54596e351c1a256.zip"
         },
         "Role": {
           "Fn::GetAtt": [
@@ -189,8 +189,8 @@
             "SOPS_AGE_KEY": "AGE-SECRET-KEY-1EFUWJ0G2XJTJFWTAM2DGMA4VCK3R05W58FSMHZP3MZQ0ZTAQEAFQC6T7T3"
           }
         },
-        "Handler": "cdk-sops-secrets",
-        "Runtime": "go1.x",
+        "Handler": "bootstrap",
+        "Runtime": "provided.al2",
         "Timeout": 60
       },
       "DependsOn": [
diff --git a/test/secret-inline.integ.snapshot/SecretIntegrationInline.assets.json b/test/secret-inline.integ.snapshot/SecretIntegrationInline.assets.json
index 67acf7b5..2c77a169 100644
--- a/test/secret-inline.integ.snapshot/SecretIntegrationInline.assets.json
+++ b/test/secret-inline.integ.snapshot/SecretIntegrationInline.assets.json
@@ -1,20 +1,20 @@
 {
   "version": "15.0.0",
   "files": {
-    "b75822c8c495b7a5b099b6e6134bb78f07198685bacf3c34d3b2bdcdde0dedf1": {
+    "3a08d1d1b68c7c6d8c3a7c5fbedd1621513532693ab62f35b54596e351c1a256": {
       "source": {
-        "path": "asset.b75822c8c495b7a5b099b6e6134bb78f07198685bacf3c34d3b2bdcdde0dedf1.zip",
+        "path": "asset.3a08d1d1b68c7c6d8c3a7c5fbedd1621513532693ab62f35b54596e351c1a256.zip",
         "packaging": "file"
       },
       "destinations": {
         "current_account-current_region": {
           "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
-          "objectKey": "b75822c8c495b7a5b099b6e6134bb78f07198685bacf3c34d3b2bdcdde0dedf1.zip",
+          "objectKey": "3a08d1d1b68c7c6d8c3a7c5fbedd1621513532693ab62f35b54596e351c1a256.zip",
           "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
         }
       }
     },
-    "57f9c7c2120dcf38a07108ffaeb8d5f9fceb772393939332dbd61bd4e738da16": {
+    "2ed3c6af0c33ee1b70e92c54b70afd7993ac159979bcca22c592b18511e323c1": {
       "source": {
         "path": "SecretIntegrationInline.template.json",
         "packaging": "file"
@@ -22,7 +22,7 @@
       "destinations": {
         "current_account-current_region": {
           "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
-          "objectKey": "57f9c7c2120dcf38a07108ffaeb8d5f9fceb772393939332dbd61bd4e738da16.json",
+          "objectKey": "2ed3c6af0c33ee1b70e92c54b70afd7993ac159979bcca22c592b18511e323c1.json",
           "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
         }
       }
diff --git a/test/secret-inline.integ.snapshot/SecretIntegrationInline.template.json b/test/secret-inline.integ.snapshot/SecretIntegrationInline.template.json
index 766f5c9c..0897f0da 100644
--- a/test/secret-inline.integ.snapshot/SecretIntegrationInline.template.json
+++ b/test/secret-inline.integ.snapshot/SecretIntegrationInline.template.json
@@ -176,7 +176,7 @@
           "S3Bucket": {
             "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
           },
-          "S3Key": "b75822c8c495b7a5b099b6e6134bb78f07198685bacf3c34d3b2bdcdde0dedf1.zip"
+          "S3Key": "3a08d1d1b68c7c6d8c3a7c5fbedd1621513532693ab62f35b54596e351c1a256.zip"
         },
         "Role": {
           "Fn::GetAtt": [
@@ -189,8 +189,8 @@
             "SOPS_AGE_KEY": "AGE-SECRET-KEY-1EFUWJ0G2XJTJFWTAM2DGMA4VCK3R05W58FSMHZP3MZQ0ZTAQEAFQC6T7T3"
           }
         },
-        "Handler": "cdk-sops-secrets",
-        "Runtime": "go1.x",
+        "Handler": "bootstrap",
+        "Runtime": "provided.al2",
         "Timeout": 60
       },
       "DependsOn": [