Consistently set archived file permissions

[bboe]

This pull request consistently sets archived file permissions to either 0444 or 0555 depending on whether or not the file is executable. It's likely directories may also need to be consistently set to 0555 or 0777 depending on if they need to be writable or not (or perhaps they can simply be excluded from the archive). I can make that change if desired, or we can leave it for a separate PR.

This fix should help to address #34.

[ghost]

+1

[bboe]

@findkim is there anything we might need to do to get this, or something similar in?

[borgstrom]

cc @appilon -- Can we get someone to review this please?

The issue described in #34 causes so much noise and drift since we have different team members working on macOS and Linux and this PR appears to fix things.

[appilon]

Hello all, just commented on the longstanding issue #34. Thank you for for engaging in that conversation @bboe and for attempting to develop a fix here. I think you have found a common cause for the output hashing problem users run into across OSes and when using the AWS Lambda service in particular, but my main concern is just applying an arbitrary permission to the outputted archive's files.

I think an alternative that is more explicit and we would accept on the provider is having the data source have the ability to explicitly override source file permissions. This way developers are aware they are applying a permission change to the files that live in the outputted folder.

I will give you the opportunity to potentially adapt this PR to have that if you are interested, however it's something I can try and take over and get released, our apologies for not getting back to you sooner. We appreciate your participation in the Terraform Ecosystem.

UPDATE: It appears #53 is proposing this feature, I will be linking that issue across here and #34 as the approach we can take.

[bboe]

Thanks @appilon for the update. I agree that a more generalizable approach is appropriate. I ended up writing a little tool to help solve this problem which we've implemented into our workflow:

https://github.com/bboe/deterministic_zip

I would love to see first class support in terraform, however, I unfortunately won't have the cycles to dedicate to it. Thank you for the response, and the commitment to finding a suitable solution to the problem.

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.