serverless-application-model icon indicating copy to clipboard operation
serverless-application-model copied to clipboard

Published 20 hours ago verified publisher icon aws

AutoPublishCodeSha256 without changing the value of CodeUri

Open tp6m4fu6250071 opened this issue 5 years ago • 6 comments

Description:

Hi this property AutoPublishCodeSha256 seems can be used when I want to deploy my code without changing CodeUri. I think it might be useful when I write my own template and upload the code bundle to s3 manually without using sam package/deploy CLI, which means I can specify my own s3 object name for my function source. However, when I updated the stack with only changing the value of "AutoPublishCodeSha256", it would encounter the error: A version for this Lambda function exists ( 1 ). Modify the function to create a new version. I think it is because a new lambda function version could not be published without changing code.

How can I update the stack with this property "AutoPublishCodeSha256" without changing the CodeUri property? Am I missing something?

Steps to reproduce the issue:

  1. This is my testing template
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Globals:
  Function:
    Timeout: 3
Resources:
  HelloWorldFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: s3://<my own bucket name>/function.zip
      Handler: app.lambdaHandler
      Runtime: nodejs12.x
      AutoPublishAlias: Blue
      #AutoPublishCodeSha256: test1 ### <--- create a stack
      AutoPublishCodeSha256: test2 ### <--- update a stack
      VersionDescription: Version A
      DeploymentPreference:
        Enabled: true
        Type: Canary10Percent5Minutes

$ sam deploy --template-file ./packaged-manually.yaml

Observed result:

The function version was created successfully while stack creating. When updating the stack, it showed:

CREATE_FAILED AWS::Lambda::Version HelloWorldFunctionVersionQLqA A version for this Lambda function exists ( 1 ). Modify the function to create a new version.
CREATE_IN_PROGRESS AWS::Lambda::Version HelloWorldFunctionVersionQLqA -

Expected result:

tp6m4fu6250071 avatar Mar 09 '20 09:03 tp6m4fu6250071

I'm using sam package/deploy, but in some instances sam would try to update the Lambda version, even though the code had not been changed, leading to the exact same error.

A version for this Lambda function exists ( 1 ). Modify the function to create a new version.

My function definition looks like this

  ResponseLambda:
    Type: AWS::Serverless::Function
    DependsOn: LambdaRole
    Properties:
      AutoPublishAlias: live
      CodeUri: edgelambda/ResponseLambda
      Handler: index.handler
      MemorySize: 128
      Role: !GetAtt LambdaRole.Arn
      Runtime: nodejs10.x
      Timeout: 5

My workaround was to add a line at the top of my node index.js file, and create a script which replaces this line with a new hash on every build

sha=`head -c 12 /dev/urandom | shasum -a 256 | cut -d ' ' -f1`
(cd sam/ResponseLambda && sed -i "1s/.*/\/\/$sha/" index.js)

This probably wont help if you have a static codeUri, but it will help you encounter this issue even when using sam package/deploy.

I'd much prefer to be able to use AutoPublishCodeSha256 for this case as well, but until that happens, this gets the job done.

dan-lind avatar Mar 24 '20 18:03 dan-lind

Im having the same issue. Any progress?

lisandrolan avatar Apr 10 '20 18:04 lisandrolan

Having the same issue, I have contacted AWS technical support on it. It will be a life-changer for our application if this thing gets resolved

kybrdbnd avatar Dec 06 '20 04:12 kybrdbnd

I'm running into the same issue as you guys and my work around was to put a description in the function properties with a unique string every deployment.

Is AutoPublishCodeSha256 only to be used when the code inside the s3 file has changed?

ecs-jnguyen avatar Feb 19 '21 02:02 ecs-jnguyen

I'm running into the same issue as you guys and my work around was to put a description in the function properties with a unique string every deployment.

Is AutoPublishCodeSha256 only to be used when the code inside the s3 file has changed?

I also used a workaround, in which I used codeURI and enabled s3 versioning, attaching CF templates and buildspec for the help help.zip

kybrdbnd avatar Feb 19 '21 16:02 kybrdbnd

This problem also manifests when AutoPublishCodeSha256 is not set for function creation, but is added for the update. Just addition of AutoPublishCodeSha256 is not considered a change by the SAM/CF.

EDIT: It seems that in my scenario changing CodeUri to another s3 path with same zip file content is also causing this version exists error.

aohotnik avatar Mar 18 '21 23:03 aohotnik

This problem also manifests when AutoPublishCodeSha256 is not set for function creation, but is added for the update. Just addition of AutoPublishCodeSha256 is not considered a change by the SAM/CF.

FWIW, when the SAM template doesn't have a AutoPublishAlias, VersionDescription, or DeploymentPreference property set (as well as AutoPublishCodeSha256) on initial stack creation, newly added AutoPublishCodeSha256 keys are also ignored when performing an update on the stack.

rstevens011 avatar Jan 04 '23 00:01 rstevens011

I can confirm that if there is no Alias and no versioning, AutoPublishCodeSha256 does not trigger a new version creation. It's by design.

Here is why. As AutoPublishCodeSha256 is SAM (not CloudFormation) field to create a new version, it should be used when function has AutoPublishAlias because only AutoPublishAlias triggers creation of AWS::Lambda::Version CloudFormation resource.

As for mentioned by @dan-lind error

A version for this Lambda function exists ( 1 ). Modify the function to create a new version. I you use AutoPublishCodeSha256 and its value doesn't change there will be no such error. SAM CLI won't try to deploy the function. Tested with SAM CLI 1.65.0

ssenchenko avatar Jan 05 '23 03:01 ssenchenko