lambda-zig/lambdabuild.zig

const std = @import("std");
const builtin = @import("builtin");

fn fileExists(file_name: []const u8) bool {
    const file = std.fs.openFileAbsolute(file_name, .{}) catch return false;
    defer file.close();
    return true;
}
fn addArgs(allocator: std.mem.Allocator, original: []const u8, args: [][]const u8) ![]const u8 {
    var rc = original;
    for (args) |arg| {
        rc = try std.mem.concat(allocator, u8, &.{ rc, " ", arg });
    }
    return rc;
}

/// lambdaBuildSteps will add four build steps to the build (if compiling
/// the code on a Linux host):
///
/// * awslambda_package:   Packages the function for deployment to Lambda
///                        (dependencies are the zip executable and a shell)
/// * awslambda_iam:       Gets an IAM role for the Lambda function, and creates it if it does not exist
///                        (dependencies are the AWS CLI, grep and a shell)
/// * awslambda_deploy:    Deploys the lambda function to a live AWS environment
///                        (dependencies are the AWS CLI, and a shell)
/// * awslambda_run:       Runs the lambda function in a live AWS environment
///                        (dependencies are the AWS CLI, and a shell)
///
/// awslambda_run depends on deploy
/// awslambda_deploy depends on iam and package
///
/// iam and package do not have any dependencies
pub fn configureBuild(b: *std.Build, exe: *std.Build.Step.Compile, function_name: []const u8) !void {
    // The rest of this function is currently reliant on the use of Linux
    // system being used to build the lambda function
    //
    // It is likely that much of this will work on other Unix-like OSs, but
    // we will work this out later
    //
    // TODO: support other host OSs
    if (builtin.os.tag != .linux) return;

    // Package step
    const package_step = b.step("awslambda_package", "Package the function");
    const function_zip = b.getInstallPath(.bin, "function.zip");

    // TODO: Avoid use of system-installed zip, maybe using something like
    // https://github.com/hdorio/hwzip.zig/blob/master/src/hwzip.zig
    const zip = if (std.mem.eql(u8, "bootstrap", exe.out_filename))
        try std.fmt.allocPrint(b.allocator,
            \\zip -qj9 {s} {s}
        , .{
            function_zip,
            b.getInstallPath(.bin, "bootstrap"),
        })
    else
        // We need to copy stuff around
        try std.fmt.allocPrint(b.allocator,
            \\cp {s} {s} && \
            \\zip -qj9 {s} {s} && \
            \\rm {s}
        , .{
            b.getInstallPath(.bin, exe.out_filename),
            b.getInstallPath(.bin, "bootstrap"),
            function_zip,
            b.getInstallPath(.bin, "bootstrap"),
            b.getInstallPath(.bin, "bootstrap"),
        });
    // std.debug.print("\nzip cmdline: {s}", .{zip});
    defer b.allocator.free(zip);
    var zip_cmd = b.addSystemCommand(&.{ "/bin/sh", "-c", zip });
    zip_cmd.step.dependOn(b.getInstallStep());
    package_step.dependOn(&zip_cmd.step);

    // Deployment
    const deploy_step = b.step("awslambda_deploy", "Deploy the function");

    const iam_role_name = b.option(
        []const u8,
        "function-role",
        "IAM role name for function (will create if it does not exist) [lambda_basic_execution]",
    ) orelse "lambda_basic_execution";
    const iam_role_arn = b.option(
        []const u8,
        "function-arn",
        "Preexisting IAM role arn for function",
    );

    const iam_step = b.step("awslambda_iam", "Create/Get IAM role for function");
    deploy_step.dependOn(iam_step); // iam_step will either be a noop or all the stuff below
    const iam_role_param: []u8 = blk: {
        if (iam_role_arn != null)
            break :blk try std.fmt.allocPrint(b.allocator, "--role {s}", .{iam_role_arn.?});

        if (iam_role_name.len == 0)
            @panic("Either function-role or function-arn must be specified. function-arn will allow deployment without creating a role");

        // Now we have an iam role name to use, but no iam role arn. Let's go hunting
        // Once this is done once, we'll have a file with the arn in "cache"
        // The iam arn will reside in an 'iam_role' file in the bin directory

        // Build system command to create the role if necessary and get the role arn
        const iam_role_file = b.getInstallPath(.bin, "iam_role");

        if (!fileExists(iam_role_file)) {
            // std.debug.print("file does not exist", .{});
            // Our cache file does not exist on disk, so we'll create/get the role
            // arn using the AWS CLI and dump to disk here
            const ifstatement_fmt =
                \\ if aws iam get-role --role-name {s} 2>&1 |grep -q NoSuchEntity; then aws iam create-role --output text --query Role.Arn --role-name {s} --assume-role-policy-document '{{
                \\ "Version": "2012-10-17",
                \\ "Statement": [
                \\   {{
                \\     "Sid": "",
                \\     "Effect": "Allow",
                \\     "Principal": {{
                \\       "Service": "lambda.amazonaws.com"
                \\     }},
                \\     "Action": "sts:AssumeRole"
                \\   }}
                \\ ]}}' > /dev/null; fi && \
                \\ aws iam attach-role-policy --policy-arn arn:aws:iam::aws:policy/AWSLambdaExecute --role-name lambda_basic_execution && \
                \\ aws iam get-role --role-name lambda_basic_execution --query Role.Arn --output text > {s}
            ;
            const ifstatement = try std.fmt.allocPrint(
                b.allocator,
                ifstatement_fmt,
                .{ iam_role_name, iam_role_name, iam_role_file },
            );
            iam_step.dependOn(&b.addSystemCommand(&.{ "/bin/sh", "-c", ifstatement }).step);
        }

        break :blk try std.fmt.allocPrint(b.allocator, "--role \"$(cat {s})\"", .{iam_role_file});
    };
    const function_name_file = b.getInstallPath(.bin, function_name);
    const ifstatement = "if [ ! -f {s} ] || [ {s} -nt {s} ]; then if aws lambda get-function --function-name {s} 2>&1 |grep -q ResourceNotFoundException; then echo not found > /dev/null; {s}; else echo found > /dev/null; {s}; fi; fi";
    // The architectures option was introduced in 2.2.43 released 2021-10-01
    // We want to use arm64 here because it is both faster and cheaper for most
    // Amazon Linux 2 is the only arm64 supported option
    // TODO: This should determine compilation target and use x86_64 if needed
    const not_found = "aws lambda create-function --architectures arm64 --runtime provided.al2 --function-name {s} --zip-file fileb://{s} --handler not_applicable {s} && touch {s}";
    const not_found_fmt = try std.fmt.allocPrint(b.allocator, not_found, .{ function_name, function_zip, iam_role_param, function_name_file });
    defer b.allocator.free(not_found_fmt);
    const found = "aws lambda update-function-code --function-name {s} --zip-file fileb://{s} && touch {s}";
    const found_fmt = try std.fmt.allocPrint(b.allocator, found, .{ function_name, function_zip, function_name_file });
    defer b.allocator.free(found_fmt);
    var found_final: []const u8 = undefined;
    var not_found_final: []const u8 = undefined;
    if (b.args) |args| {
        found_final = try addArgs(b.allocator, found_fmt, args);
        not_found_final = try addArgs(b.allocator, not_found_fmt, args);
    } else {
        found_final = found_fmt;
        not_found_final = not_found_fmt;
    }
    const cmd = try std.fmt.allocPrint(b.allocator, ifstatement, .{
        function_name_file,
        b.getInstallPath(.bin, exe.out_filename),
        function_name_file,
        function_name,
        not_found_fmt,
        found_fmt,
    });

    defer b.allocator.free(cmd);

    // std.debug.print("{s}\n", .{cmd});
    deploy_step.dependOn(package_step);
    deploy_step.dependOn(&b.addSystemCommand(&.{ "/bin/sh", "-c", cmd }).step);

    const payload = b.option([]const u8, "payload", "Lambda payload [{\"foo\":\"bar\", \"baz\": \"qux\"}]") orelse
        \\ {"foo": "bar", "baz": "qux"}"
    ;

    const run_script =
        \\ f=$(mktemp) && \
        \\ logs=$(aws lambda invoke \
        \\          --cli-binary-format raw-in-base64-out \
        \\          --invocation-type RequestResponse \
        \\          --function-name {s} \
        \\          --payload '{s}' \
        \\          --log-type Tail \
        \\          --query LogResult \
        \\          --output text "$f"  |base64 -d) && \
        \\  cat "$f" && rm "$f" && \
        \\  echo && echo && echo "$logs"
    ;
    const run_script_fmt = try std.fmt.allocPrint(b.allocator, run_script, .{ function_name, payload });
    defer b.allocator.free(run_script_fmt);
    const run_cmd = b.addSystemCommand(&.{ "/bin/sh", "-c", run_script_fmt });
    run_cmd.step.dependOn(deploy_step);
    if (b.args) |args| {
        run_cmd.addArgs(args);
    }

    const run_step = b.step("awslambda_run", "Run the app in AWS lambda");
    run_step.dependOn(&run_cmd.step);
}
move lambda build specific stuff out of build.zig 2023-08-01 22:11:21 +00:00			`const std = @import("std");`
			`const builtin = @import("builtin");`

			`fn fileExists(file_name: []const u8) bool {`
			`const file = std.fs.openFileAbsolute(file_name, .{}) catch return false;`
			`defer file.close();`
			`return true;`
			`}`
			`fn addArgs(allocator: std.mem.Allocator, original: []const u8, args: [][]const u8) ![]const u8 {`
			`var rc = original;`
			`for (args) \|arg\| {`
			`rc = try std.mem.concat(allocator, u8, &.{ rc, " ", arg });`
			`}`
			`return rc;`
			`}`

merge changes made in universal lambda (namespacing/iam refactor) 2024-05-06 18:14:24 +00:00			`/// lambdaBuildSteps will add four build steps to the build (if compiling`
move lambda build specific stuff out of build.zig 2023-08-01 22:11:21 +00:00			`/// the code on a Linux host):`
			`///`
merge changes made in universal lambda (namespacing/iam refactor) 2024-05-06 18:14:24 +00:00			`/// * awslambda_package: Packages the function for deployment to Lambda`
			`/// (dependencies are the zip executable and a shell)`
			`/// * awslambda_iam: Gets an IAM role for the Lambda function, and creates it if it does not exist`
			`/// (dependencies are the AWS CLI, grep and a shell)`
			`/// * awslambda_deploy: Deploys the lambda function to a live AWS environment`
			`/// (dependencies are the AWS CLI, and a shell)`
			`/// * awslambda_run: Runs the lambda function in a live AWS environment`
			`/// (dependencies are the AWS CLI, and a shell)`
move lambda build specific stuff out of build.zig 2023-08-01 22:11:21 +00:00			`///`
merge changes made in universal lambda (namespacing/iam refactor) 2024-05-06 18:14:24 +00:00			`/// awslambda_run depends on deploy`
			`/// awslambda_deploy depends on iam and package`
move lambda build specific stuff out of build.zig 2023-08-01 22:11:21 +00:00			`///`
			`/// iam and package do not have any dependencies`
merge changes made in universal lambda (namespacing/iam refactor) 2024-05-06 18:14:24 +00:00			`pub fn configureBuild(b: std.Build, exe: std.Build.Step.Compile, function_name: []const u8) !void {`
move lambda build specific stuff out of build.zig 2023-08-01 22:11:21 +00:00			`// The rest of this function is currently reliant on the use of Linux`
			`// system being used to build the lambda function`
			`//`
			`// It is likely that much of this will work on other Unix-like OSs, but`
			`// we will work this out later`
			`//`
			`// TODO: support other host OSs`
			`if (builtin.os.tag != .linux) return;`

			`// Package step`
merge changes made in universal lambda (namespacing/iam refactor) 2024-05-06 18:14:24 +00:00			`const package_step = b.step("awslambda_package", "Package the function");`
move lambda build specific stuff out of build.zig 2023-08-01 22:11:21 +00:00			`const function_zip = b.getInstallPath(.bin, "function.zip");`

			`// TODO: Avoid use of system-installed zip, maybe using something like`
			`// https://github.com/hdorio/hwzip.zig/blob/master/src/hwzip.zig`
			`const zip = if (std.mem.eql(u8, "bootstrap", exe.out_filename))`
			`try std.fmt.allocPrint(b.allocator,`
			`\\zip -qj9 {s} {s}`
			`, .{`
			`function_zip,`
			`b.getInstallPath(.bin, "bootstrap"),`
			`})`
			`else`
			`// We need to copy stuff around`
			`try std.fmt.allocPrint(b.allocator,`
			`\\cp {s} {s} && \`
			`\\zip -qj9 {s} {s} && \`
			`\\rm {s}`
			`, .{`
			`b.getInstallPath(.bin, exe.out_filename),`
			`b.getInstallPath(.bin, "bootstrap"),`
			`function_zip,`
			`b.getInstallPath(.bin, "bootstrap"),`
			`b.getInstallPath(.bin, "bootstrap"),`
			`});`
			`// std.debug.print("\nzip cmdline: {s}", .{zip});`
			`defer b.allocator.free(zip);`
			`var zip_cmd = b.addSystemCommand(&.{ "/bin/sh", "-c", zip });`
			`zip_cmd.step.dependOn(b.getInstallStep());`
			`package_step.dependOn(&zip_cmd.step);`

			`// Deployment`
merge changes made in universal lambda (namespacing/iam refactor) 2024-05-06 18:14:24 +00:00			`const deploy_step = b.step("awslambda_deploy", "Deploy the function");`
move lambda build specific stuff out of build.zig 2023-08-01 22:11:21 +00:00
merge changes made in universal lambda (namespacing/iam refactor) 2024-05-06 18:14:24 +00:00			`const iam_role_name = b.option(`
			`[]const u8,`
			`"function-role",`
			`"IAM role name for function (will create if it does not exist) [lambda_basic_execution]",`
			`) orelse "lambda_basic_execution";`
			`const iam_role_arn = b.option(`
			`[]const u8,`
			`"function-arn",`
			`"Preexisting IAM role arn for function",`
			`);`

			`const iam_step = b.step("awslambda_iam", "Create/Get IAM role for function");`
move lambda build specific stuff out of build.zig 2023-08-01 22:11:21 +00:00			`deploy_step.dependOn(iam_step); // iam_step will either be a noop or all the stuff below`
merge changes made in universal lambda (namespacing/iam refactor) 2024-05-06 18:14:24 +00:00			`const iam_role_param: []u8 = blk: {`
			`if (iam_role_arn != null)`
			`break :blk try std.fmt.allocPrint(b.allocator, "--role {s}", .{iam_role_arn.?});`

			`if (iam_role_name.len == 0)`
			`@panic("Either function-role or function-arn must be specified. function-arn will allow deployment without creating a role");`

			`// Now we have an iam role name to use, but no iam role arn. Let's go hunting`
			`// Once this is done once, we'll have a file with the arn in "cache"`
			`// The iam arn will reside in an 'iam_role' file in the bin directory`

			`// Build system command to create the role if necessary and get the role arn`
			`const iam_role_file = b.getInstallPath(.bin, "iam_role");`

			`if (!fileExists(iam_role_file)) {`
			`// std.debug.print("file does not exist", .{});`
			`// Our cache file does not exist on disk, so we'll create/get the role`
			`// arn using the AWS CLI and dump to disk here`
move lambda build specific stuff out of build.zig 2023-08-01 22:11:21 +00:00			`const ifstatement_fmt =`
merge changes made in universal lambda (namespacing/iam refactor) 2024-05-06 18:14:24 +00:00			`\\ if aws iam get-role --role-name {s} 2>&1 \|grep -q NoSuchEntity; then aws iam create-role --output text --query Role.Arn --role-name {s} --assume-role-policy-document '{{`
move lambda build specific stuff out of build.zig 2023-08-01 22:11:21 +00:00			`\\ "Version": "2012-10-17",`
			`\\ "Statement": [`
merge changes made in universal lambda (namespacing/iam refactor) 2024-05-06 18:14:24 +00:00			`\\ {{`
move lambda build specific stuff out of build.zig 2023-08-01 22:11:21 +00:00			`\\ "Sid": "",`
			`\\ "Effect": "Allow",`
merge changes made in universal lambda (namespacing/iam refactor) 2024-05-06 18:14:24 +00:00			`\\ "Principal": {{`
move lambda build specific stuff out of build.zig 2023-08-01 22:11:21 +00:00			`\\ "Service": "lambda.amazonaws.com"`
merge changes made in universal lambda (namespacing/iam refactor) 2024-05-06 18:14:24 +00:00			`\\ }},`
move lambda build specific stuff out of build.zig 2023-08-01 22:11:21 +00:00			`\\ "Action": "sts:AssumeRole"`
merge changes made in universal lambda (namespacing/iam refactor) 2024-05-06 18:14:24 +00:00			`\\ }}`
			`\\ ]}}' > /dev/null; fi && \`
move lambda build specific stuff out of build.zig 2023-08-01 22:11:21 +00:00			`\\ aws iam attach-role-policy --policy-arn arn:aws:iam::aws:policy/AWSLambdaExecute --role-name lambda_basic_execution && \`
merge changes made in universal lambda (namespacing/iam refactor) 2024-05-06 18:14:24 +00:00			`\\ aws iam get-role --role-name lambda_basic_execution --query Role.Arn --output text > {s}`
move lambda build specific stuff out of build.zig 2023-08-01 22:11:21 +00:00			`;`
merge changes made in universal lambda (namespacing/iam refactor) 2024-05-06 18:14:24 +00:00			`const ifstatement = try std.fmt.allocPrint(`
			`b.allocator,`
			`ifstatement_fmt,`
			`.{ iam_role_name, iam_role_name, iam_role_file },`
			`);`
move lambda build specific stuff out of build.zig 2023-08-01 22:11:21 +00:00			`iam_step.dependOn(&b.addSystemCommand(&.{ "/bin/sh", "-c", ifstatement }).step);`
			`}`
merge changes made in universal lambda (namespacing/iam refactor) 2024-05-06 18:14:24 +00:00
			`break :blk try std.fmt.allocPrint(b.allocator, "--role \"$(cat {s})\"", .{iam_role_file});`
			`};`
move lambda build specific stuff out of build.zig 2023-08-01 22:11:21 +00:00			`const function_name_file = b.getInstallPath(.bin, function_name);`
			`const ifstatement = "if [ ! -f {s} ] \|\| [ {s} -nt {s} ]; then if aws lambda get-function --function-name {s} 2>&1 \|grep -q ResourceNotFoundException; then echo not found > /dev/null; {s}; else echo found > /dev/null; {s}; fi; fi";`
			`// The architectures option was introduced in 2.2.43 released 2021-10-01`
			`// We want to use arm64 here because it is both faster and cheaper for most`
			`// Amazon Linux 2 is the only arm64 supported option`
merge changes made in universal lambda (namespacing/iam refactor) 2024-05-06 18:14:24 +00:00			`// TODO: This should determine compilation target and use x86_64 if needed`
move lambda build specific stuff out of build.zig 2023-08-01 22:11:21 +00:00			`const not_found = "aws lambda create-function --architectures arm64 --runtime provided.al2 --function-name {s} --zip-file fileb://{s} --handler not_applicable {s} && touch {s}";`
merge changes made in universal lambda (namespacing/iam refactor) 2024-05-06 18:14:24 +00:00			`const not_found_fmt = try std.fmt.allocPrint(b.allocator, not_found, .{ function_name, function_zip, iam_role_param, function_name_file });`
move lambda build specific stuff out of build.zig 2023-08-01 22:11:21 +00:00			`defer b.allocator.free(not_found_fmt);`
			`const found = "aws lambda update-function-code --function-name {s} --zip-file fileb://{s} && touch {s}";`
			`const found_fmt = try std.fmt.allocPrint(b.allocator, found, .{ function_name, function_zip, function_name_file });`
			`defer b.allocator.free(found_fmt);`
			`var found_final: []const u8 = undefined;`
			`var not_found_final: []const u8 = undefined;`
			`if (b.args) \|args\| {`
			`found_final = try addArgs(b.allocator, found_fmt, args);`
			`not_found_final = try addArgs(b.allocator, not_found_fmt, args);`
			`} else {`
			`found_final = found_fmt;`
			`not_found_final = not_found_fmt;`
			`}`
			`const cmd = try std.fmt.allocPrint(b.allocator, ifstatement, .{`
			`function_name_file,`
merge changes made in universal lambda (namespacing/iam refactor) 2024-05-06 18:14:24 +00:00			`b.getInstallPath(.bin, exe.out_filename),`
move lambda build specific stuff out of build.zig 2023-08-01 22:11:21 +00:00			`function_name_file,`
			`function_name,`
			`not_found_fmt,`
			`found_fmt,`
			`});`

			`defer b.allocator.free(cmd);`

			`// std.debug.print("{s}\n", .{cmd});`
			`deploy_step.dependOn(package_step);`
			`deploy_step.dependOn(&b.addSystemCommand(&.{ "/bin/sh", "-c", cmd }).step);`

			`const payload = b.option([]const u8, "payload", "Lambda payload [{\"foo\":\"bar\", \"baz\": \"qux\"}]") orelse`
			`\\ {"foo": "bar", "baz": "qux"}"`
			`;`

			`const run_script =`
			`\\ f=$(mktemp) && \`
			`\\ logs=$(aws lambda invoke \`
			`\\ --cli-binary-format raw-in-base64-out \`
			`\\ --invocation-type RequestResponse \`
			`\\ --function-name {s} \`
			`\\ --payload '{s}' \`
			`\\ --log-type Tail \`
			`\\ --query LogResult \`
			`\\ --output text "$f" \|base64 -d) && \`
			`\\ cat "$f" && rm "$f" && \`
			`\\ echo && echo && echo "$logs"`
			`;`
			`const run_script_fmt = try std.fmt.allocPrint(b.allocator, run_script, .{ function_name, payload });`
			`defer b.allocator.free(run_script_fmt);`
			`const run_cmd = b.addSystemCommand(&.{ "/bin/sh", "-c", run_script_fmt });`
			`run_cmd.step.dependOn(deploy_step);`
			`if (b.args) \|args\| {`
			`run_cmd.addArgs(args);`
			`}`

merge changes made in universal lambda (namespacing/iam refactor) 2024-05-06 18:14:24 +00:00			`const run_step = b.step("awslambda_run", "Run the app in AWS lambda");`
move lambda build specific stuff out of build.zig 2023-08-01 22:11:21 +00:00			`run_step.dependOn(&run_cmd.step);`
			`}`