Merge pull request #17 from nathanielvarona/improvements/lambda-docke…

…r-image-and-sam-template-patch Docker Image for Lambda Function and SAM Template Patch
nathanielvarona · May 22, 2023 · 0bf0b77 · 0bf0b77
2 parents 87767fa + c56f81c
commit 0bf0b77
Show file tree

Hide file tree

Showing 4 changed files with 261 additions and 6 deletions.
diff --git a/lambda-function.Dockerfile b/lambda-function.Dockerfile
@@ -0,0 +1,92 @@
+ARG RUNTIME_VERSION=3.10.7
+ARG DISTRO_VERSION=slim-buster
+ARG FUNCTION_DIR=/function
+
+#
+# Stage: build
+#
+FROM python:${RUNTIME_VERSION}-${DISTRO_VERSION} as build-image
+
+ARG POETRY_VERSION=1.4.2
+ARG APP_NAME=pritunl_slack_app
+ARG APP_PATH=/opt/${APP_NAME}
+ARG FUNCTION_DIR
+
+ENV \
+    PYTHONDONTWRITEBYTECODE=1 \
+    PYTHONUNBUFFERED=1 \
+    PYTHONFAULTHANDLER=1
+
+ENV \
+    POETRY_VERSION=${POETRY_VERSION} \
+    POETRY_HOME="/opt/poetry" \
+    POETRY_VIRTUALENVS_IN_PROJECT=true \
+    POETRY_NO_INTERACTION=1
+
+ENV \
+    PIP_NO_CACHE_DIR=off \
+    PIP_DISABLE_PIP_VERSION_CHECK=on \
+    PIP_DEFAULT_TIMEOUT=100
+
+ARG \
+    AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION:-"us-east-1"} \
+    AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID:-""} \
+    AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY:-""}
+
+ENV \
+    AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION} \
+    AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} \
+    AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
+
+RUN apt-get update && \
+    apt-get install -y \
+    curl \
+    unzip
+
+RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" && \
+    unzip awscliv2.zip && \
+    ./aws/install
+
+RUN curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/install-poetry.py | python
+ENV PATH="$POETRY_HOME/bin:$PATH"
+
+WORKDIR ${APP_PATH}
+COPY ./poetry.lock ./pyproject.toml ./README.md ./
+COPY ./${APP_NAME} ./${APP_NAME}
+
+RUN poetry build --format wheel
+RUN poetry export --extras aws \
+    --without-hashes \
+    --format requirements.txt \
+    --output constraints.txt
+
+RUN mkdir -p ${FUNCTION_DIR}
+
+RUN curl \
+    $(aws lambda get-layer-version-by-arn --arn arn:aws:lambda:us-east-1:177933569100:layer:AWS-Parameters-and-Secrets-Lambda-Extension:4 --query 'Content.Location' --output text) \
+    --output layer.zip && \
+    unzip layer.zip -d /opt && \
+    rm layer.zip
+
+RUN python -m pip install \
+    awslambdaric \
+    --target ${FUNCTION_DIR}
+
+RUN python -m pip install --find-links=dist/ pritunl_slack_app[aws] \
+    --constraint constraints.txt \
+    --target ${FUNCTION_DIR}
+
+#
+# Stage: production
+#
+FROM python:${RUNTIME_VERSION}-${DISTRO_VERSION}
+
+ARG FUNCTION_DIR
+
+WORKDIR ${FUNCTION_DIR}
+
+COPY --from=build-image /opt/extensions /opt/extensions
+COPY --from=build-image ${FUNCTION_DIR} ${FUNCTION_DIR}
+
+ENTRYPOINT [ "/usr/local/bin/python", "-m", "awslambdaric" ]
+CMD [ "pritunl_slack_app.function.pritunl_slack_app.function_handler.handler" ]
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -14,9 +14,11 @@ slack-bolt = "~1.18.0"
 flask = {version = "~2.3.1", optional = true}
 gunicorn = {version = "~20.1.0", optional = true}
 flask-healthz = {version = "^0.0.3", optional = true}
+boto3 = {version = "^1.26.137", optional = true}
 
 [tool.poetry.extras]
-flask =  ["flask", "gunicorn", "flask-healthz"]
+flask = ["flask", "gunicorn", "flask-healthz"]
+aws = ["boto3"]
 
 [build-system]
 requires = ["poetry-core"]

diff --git a/template.yaml.docker-image.patch b/template.yaml.docker-image.patch
@@ -0,0 +1,63 @@
+--- a/template.yaml
++++ b/template.yaml
+@@ -55,12 +55,25 @@
+     Description: Salck Signing Token
+     NoEcho: true
+
+-Mappings:
+-  RegionToLayerArnMap:
+-    us-east-1:
+-      "LayerArn": "arn:aws:lambda:us-east-1:177933569100:layer:AWS-Parameters-and-Secrets-Lambda-Extension:4"
+-    us-east-2:
+-      "LayerArn": "arn:aws:lambda:us-east-2:590474943231:layer:AWS-Parameters-and-Secrets-Lambda-Extension:4"
++  ###
++  # Parameters used only for `sam build`
++  ###
++  AwsAccessKeyId:
++    Type: String
++    Description: AWS_ACCESS_KEY_ID
++    NoEcho: true
++    Default: ''
++
++  AwsSecretAccessKey:
++    Type: String
++    Description: AWS_SECRET_ACCESS_KEY
++    NoEcho: true
++    Default: ''
++
++  Tag:
++    Type: String
++    Default: latest
++    Description: Docker tag to build and deploy.
+
+ Globals:
+   Function:
+@@ -71,10 +84,7 @@
+   PritunlSlackFunction:
+     Type: AWS::Serverless::Function
+     Properties:
+-      CodeUri: pritunl_slack_app/function
+-      Handler: pritunl_slack_app.function_handler.handler
+-      Runtime: python3.10
+-      PackageType: Zip
++      PackageType: Image
+       Architectures:
+         - x86_64
+       Environment:
+@@ -109,8 +119,14 @@
+                 - "lambda:InvokeAsync"
+               Resource:
+                 - "*"
+-      Layers:
+-        - !FindInMap [RegionToLayerArnMap, !Ref "AWS::Region", LayerArn]
++    Metadata:
++      Dockerfile: lambda-function.Dockerfile
++      DockerContext: .
++      DockerTag: !Ref Tag
++
++      DockerBuildArgs:
++        AWS_ACCESS_KEY_ID: !Ref AwsAccessKeyId
++        AWS_SECRET_ACCESS_KEY: !Ref AwsSecretAccessKey
+
+   PritunlSlackUrlFunctionPermissions:
+     Type: AWS::Lambda::Permission