delint

.mise.toml

@@ -1,5 +1,5 @@
 [tools]
-pre-commit = "4.2.0"
 zig = "0.15.2"
 zls = "0.15.1"
 "ubi:DonIsaac/zlint" = "0.7.6"
+prek = "0.3.1"

build.zig

@@ -1,5 +1,4 @@
 const std = @import("std");
-const builtin = @import("builtin");
 
 // Although this function looks imperative, note that its job is to
 // declaratively construct a build graph that will be executed by an external

src/lambda.zig

@@ -1,5 +1,4 @@
 const std = @import("std");
-const builtin = @import("builtin");
 
 pub const HandlerFn = *const fn (std.mem.Allocator, []const u8) anyerror![]const u8;
 
@@ -64,11 +63,11 @@ pub fn run(allocator: ?std.mem.Allocator, event_handler: HandlerFn) !void { // T
         const event = ev.?;
         defer ev.?.deinit();
         const event_response = event_handler(req_allocator, event.event_data) catch |err| {
-            event.reportError(@errorReturnTrace(), err, lambda_runtime_uri) catch unreachable;
+            event.reportError(@errorReturnTrace(), err, lambda_runtime_uri) catch @panic("Error reporting error");
             continue;
         };
         event.postResponse(lambda_runtime_uri, event_response) catch |err| {
-            event.reportError(@errorReturnTrace(), err, lambda_runtime_uri) catch unreachable;
+            event.reportError(@errorReturnTrace(), err, lambda_runtime_uri) catch @panic("Error reporting error");
             continue;
         };
     }

tools/build/build.zig.zon

@@ -4,8 +4,8 @@
     .fingerprint = 0x6e61de08e7e51114,
     .dependencies = .{
         .aws = .{
-            .url = "git+https://git.lerch.org/lobo/aws-sdk-for-zig#c1df6ef3a6f4eb4eb75608c3cc6488cffc300793",
-            .hash = "aws-0.0.1-SbsFcC47CgCWY3bwHxku5J4BAohk-6UJZEUX1B0azJ_D",
+            .url = "git+https://git.lerch.org/lobo/aws-sdk-for-zig#5c7aed071f6251d53a1627080a21d604ff58f0a5",
+            .hash = "aws-0.0.1-SbsFcFE7CgDBilPa15i4gIB6Qr5ozBz328O63abDQDDk",
         },
     },
     .paths = .{

tools/build/src/deploy.zig

@@ -148,6 +148,7 @@ fn loadEnvFile(
     defer file.close();
 
     // Read entire file (env files are typically small)
+    // SAFETY: set on read
     var read_buffer: [4096]u8 = undefined;
     var file_reader = file.reader(&read_buffer);
     const content = file_reader.interface.allocRemaining(allocator, std.Io.Limit.limited(64 * 1024)) catch |err| {
@@ -244,6 +245,7 @@ fn deployFunction(deploy_opts: DeployOptions, options: RunOptions) !void {
     // Read the zip file and encode as base64
     const zip_file = try std.fs.cwd().openFile(deploy_opts.zip_file, .{});
     defer zip_file.close();
+    // SAFETY: set on read
     var read_buffer: [4096]u8 = undefined;
     var file_reader = zip_file.reader(&read_buffer);
     const zip_data = try file_reader.interface.allocRemaining(options.allocator, std.Io.Limit.limited(50 * 1024 * 1024));
@@ -278,7 +280,9 @@ fn deployFunction(deploy_opts: DeployOptions, options: RunOptions) !void {
     std.log.info("Attempting to create function: {s}", .{deploy_opts.function_name});
 
     var create_diagnostics = aws.Diagnostics{
-        .http_code = undefined,
+        // SAFETY: set by sdk on error
+        .response_status = undefined,
+        // SAFETY: set by sdk on error
         .response_body = undefined,
         .allocator = options.allocator,
     };
@@ -302,10 +306,9 @@ fn deployFunction(deploy_opts: DeployOptions, options: RunOptions) !void {
         .environment = if (env_variables) |vars| .{ .variables = vars } else null,
     }, create_options) catch |err| {
         defer create_diagnostics.deinit();
-        std.log.info("CreateFunction returned: error={}, HTTP code={}", .{ err, create_diagnostics.http_code });
 
         // Function already exists (409 Conflict) - update it instead
-        if (create_diagnostics.http_code == 409) {
+        if (create_diagnostics.response_status == .conflict) {
             std.log.info("Function already exists, updating: {s}", .{deploy_opts.function_name});
 
             const update_result = try aws.Request(services.lambda.update_function_code).call(.{
@@ -342,8 +345,10 @@ fn deployFunction(deploy_opts: DeployOptions, options: RunOptions) !void {
 
             return;
         }
-
-        std.log.err("Lambda CreateFunction failed: {} (HTTP {})", .{ err, create_diagnostics.http_code });
+        std.log.err(
+            "Lambda CreateFunction failed: {} (HTTP Response code {})",
+            .{ err, create_diagnostics.response_status },
+        );
         return error.LambdaCreateFunctionFailed;
     };
     defer create_result.deinit();
@@ -463,6 +468,7 @@ fn addPermission(
     const services = aws.Services(.{.lambda}){};
 
     // Generate statement ID from principal: "alexa-appkit.amazon.com" -> "allow-alexa-appkit-amazon-com"
+    // SAFETY: set on write
     var statement_id_buf: [128]u8 = undefined;
     var statement_id_len: usize = 0;
 
@@ -483,7 +489,9 @@ fn addPermission(
     std.log.info("Adding invoke permission for principal: {s}", .{principal});
 
     var diagnostics = aws.Diagnostics{
-        .http_code = undefined,
+        // SAFETY: set by sdk on error
+        .response_status = undefined,
+        // SAFETY: set by sdk on error
         .response_body = undefined,
         .allocator = options.allocator,
     };
@@ -500,14 +508,17 @@ fn addPermission(
         defer diagnostics.deinit();
 
         // 409 Conflict means permission already exists - that's fine
-        if (diagnostics.http_code == 409) {
+        if (diagnostics.response_status == .conflict) {
             std.log.info("Permission already exists for: {s}", .{principal});
             try options.stdout.print("Permission already exists for: {s}\n", .{principal});
             try options.stdout.flush();
             return;
         }
 
-        std.log.err("AddPermission failed: {} (HTTP {})", .{ err, diagnostics.http_code });
+        std.log.err(
+            "AddPermission failed: {} (HTTP Response code {})",
+            .{ err, diagnostics.response_status },
+        );
         return error.AddPermissionFailed;
     };
     defer result.deinit();
@@ -538,6 +549,7 @@ fn writeDeployOutput(
     const file = try std.fs.cwd().createFile(output_path, .{});
     defer file.close();
 
+    // SAFETY: set on write
     var write_buffer: [4096]u8 = undefined;
     var buffered = file.writer(&write_buffer);
     const writer = &buffered.interface;

tools/build/src/iam.zig

@@ -61,7 +61,9 @@ pub fn getOrCreateRole(role_name: []const u8, options: RunOptions) ![]const u8 {
     const services = aws.Services(.{.iam}){};
 
     var diagnostics = aws.Diagnostics{
-        .http_code = undefined,
+        // SAFETY: set by sdk on error
+        .response_status = undefined,
+        // SAFETY: set by sdk on error
         .response_body = undefined,
         .allocator = options.allocator,
     };
@@ -74,11 +76,14 @@ pub fn getOrCreateRole(role_name: []const u8, options: RunOptions) ![]const u8 {
         .role_name = role_name,
     }, aws_options) catch |err| {
         defer diagnostics.deinit();
-        if (diagnostics.http_code == 404) {
+        if (diagnostics.response_status == .not_found) {
             // Role doesn't exist, create it
             return try createRole(role_name, options);
         }
-        std.log.err("IAM GetRole failed: {} (HTTP {})", .{ err, diagnostics.http_code });
+        std.log.err(
+            "IAM GetRole failed: {} (HTTP Response code {})",
+            .{ err, diagnostics.response_status },
+        );
         return error.IamGetRoleFailed;
     };
     defer get_result.deinit();

tools/build/src/main.zig

@@ -38,7 +38,7 @@ pub fn main() !u8 {
 
     run(allocator, &stdout_writer.interface, &stderr_writer.interface) catch |err| {
         stderr_writer.interface.print("Error: {}\n", .{err}) catch {};
-        stderr_writer.interface.flush() catch {};
+        try stderr_writer.interface.flush();
         return 1;
     };
     try stderr_writer.interface.flush();