Build reproducible AWS Lambda packages outside Terraform, optimized for terraform-aws-lambda by serverless.tf.
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Project description
repro-lambda
Build reproducible AWS Lambda packages outside Terraform, optimized for terraform-aws-lambda by serverless.tf.
Produces byte-identical zip files across local dev (macOS) and CI (Linux),
uploads to S3 by content-hash key, and lets Terraform read s3_existing_package
instead of building during terraform plan/apply.
Install
pip install repro-lambda
Quick start
repro-lambda lock # regenerate per-arch requirement + source locks
repro-lambda build --bucket <bucket> # build all lambdas in lambdas.toml, upload to S3
repro-lambda build --verify --dry-run # two-pass byte-reproducibility check (no upload)
repro-lambda promote \
--dev-bucket <dev> --prod-bucket <prod> # copy dev -> prod by content sha (no rebuild)
--bucket (or REPRO_LAMBDA_BUCKET) is required for a real build; add
--dry-run to build without uploading. There is no init command yet (the
subcommand is currently a stub).
Documentation
What each document covers, by section:
Setup - one-time AWS provisioning (SETUP.md)
Provision the supporting infrastructure once per AWS account and environment.
- Architecture - artifact buckets, key-level immutability, the content-hash model
- Terraform - per-account bootstrap - the buckets, the GitHub OIDC builder role, and outputs
- GitHub OIDC provider - declaring the shared per-account OIDC provider
- Next steps - where to go after provisioning
Usage - day-to-day (USAGE.md)
Using repro-lambda once the infrastructure exists.
- Source-repo CI workflow - wiring the reusable build workflow into CI/CD
- Per-Lambda manifest - the
lambdas.tomlfields- Per-lambda builder overrides - per-lambda base image and file filters
- Declarative sources - pinned external artifacts via
[[lambda.source]] - Terraform consumer (
s3_existing_package) - wiringterraform-aws-modules/lambda/awsto the built artifact - Smoke test - first-build verification and the clean migration plan diff
- Troubleshooting - upload 403s,
PreconditionFailed, noisy plans - Node.js (npm) Lambdas - npm packaging support
- Lambda@Edge example -
us-east-1artifacts for CloudFront - Caveats - npm workspaces, native deps, symlinks
Example - runnable (examples/complete/)
A self-contained consumer setup: manifest, catalog, and Terraform using
terraform-aws-modules/lambda/aws.
- What this example shows - files and layout
- The build-outside-Terraform flow - build, inspect the catalog, apply
- Expected plan diff - the
s3_key-only diff to expect
License
MIT - see LICENSE.
Author
Anton Babenko - @antonbabenko on Twitter, antonbabenko on LinkedIn.
Project details
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file repro_lambda-0.7.1.tar.gz.
File metadata
- Download URL: repro_lambda-0.7.1.tar.gz
- Upload date:
- Size: 119.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d39d02cc92c379504f187e4bb18505589be5170717a1ff5aa4e73e09b0de3cf1
|
|
| MD5 |
a92ecdc80f3624d88a3a6cb890ef5b74
|
|
| BLAKE2b-256 |
3d6af38321f2fd76566f62fcc71d72a022243df3333b23d0c13df16be8de6cd3
|
Provenance
The following attestation bundles were made for repro_lambda-0.7.1.tar.gz:
Publisher:
release.yml on antonbabenko/repro-lambda
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
repro_lambda-0.7.1.tar.gz -
Subject digest:
d39d02cc92c379504f187e4bb18505589be5170717a1ff5aa4e73e09b0de3cf1 - Sigstore transparency entry: 1929620841
- Sigstore integration time:
-
Permalink:
antonbabenko/repro-lambda@dd8f708dc6d42e26b783419ae013dfa5721e66b0 -
Branch / Tag:
refs/heads/master - Owner: https://github.com/antonbabenko
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@dd8f708dc6d42e26b783419ae013dfa5721e66b0 -
Trigger Event:
push
-
Statement type:
File details
Details for the file repro_lambda-0.7.1-py3-none-any.whl.
File metadata
- Download URL: repro_lambda-0.7.1-py3-none-any.whl
- Upload date:
- Size: 37.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0cf0bdbcc7cf9c5b762cd2d80f0d1768d2ad34461e85b707db357d2af1a0ea4c
|
|
| MD5 |
43bc21f24e626ada1ff538b03d88c604
|
|
| BLAKE2b-256 |
cec208bd9c7de972bcb079e036003a9afc1be4dbb2993e7ba618d502364f9493
|
Provenance
The following attestation bundles were made for repro_lambda-0.7.1-py3-none-any.whl:
Publisher:
release.yml on antonbabenko/repro-lambda
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
repro_lambda-0.7.1-py3-none-any.whl -
Subject digest:
0cf0bdbcc7cf9c5b762cd2d80f0d1768d2ad34461e85b707db357d2af1a0ea4c - Sigstore transparency entry: 1929621293
- Sigstore integration time:
-
Permalink:
antonbabenko/repro-lambda@dd8f708dc6d42e26b783419ae013dfa5721e66b0 -
Branch / Tag:
refs/heads/master - Owner: https://github.com/antonbabenko
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@dd8f708dc6d42e26b783419ae013dfa5721e66b0 -
Trigger Event:
push
-
Statement type:
