diff --git a/.github/workflows/workflow_build.yaml b/.github/workflows/workflow_build.yaml index c54ad01..bee0603 100644 --- a/.github/workflows/workflow_build.yaml +++ b/.github/workflows/workflow_build.yaml @@ -1,4 +1,4 @@ -name: Publish Docker Image to AWS ECR Private +name: Deploy Lambda ZIP on: workflow_dispatch: @@ -7,7 +7,7 @@ on: - main jobs: build: - name: Build and push Docker image + name: Package and deploy Lambda ZIP runs-on: ubuntu-latest environment: certified-builder-py steps: @@ -22,25 +22,37 @@ jobs: aws-region: us-east-1 audience: sts.amazonaws.com - - name: Login to Amazon ECR Private - run: aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com - - - name: Build Docker image + - name: Prepare package directories run: | - docker build -t ${{ secrets.ECR_REPOSITORY_BUILDER }}:latest . - docker tag ${{ secrets.ECR_REPOSITORY_BUILDER }}:latest ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com/${{ secrets.ECR_REPOSITORY_BUILDER }}:latest + rm -rf dist + mkdir -p dist/package - - name: Push Docker image + - name: Build Lambda ZIP run: | - docker push ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com/${{ secrets.ECR_REPOSITORY_BUILDER }}:latest - - - name: Update Lambda function + docker run --rm \ + -v "$PWD:/work" \ + -w /work \ + python:3.13-slim \ + bash -lc ' + set -euo pipefail + apt-get update >/dev/null + apt-get install -y zip >/dev/null + python -m pip install --upgrade pip >/dev/null + python -m pip install --no-cache-dir -r requirements.txt -t dist/package >/dev/null + cp -R aws certified_builder models dist/package/ + cp lambda_function.py config.py requirements.txt dist/package/ + cd dist/package + zip -qr ../lambda.zip . + ' + + - name: Deploy Lambda ZIP run: | aws lambda update-function-code \ - --function-name tech-floripa-certificates-api-dev \ - --image-uri ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com/${{ secrets.ECR_REPOSITORY_BUILDER }}:latest + --function-name tech-floripa-certificates-builder-dev \ + --zip-file fileb://dist/lambda.zip + aws lambda wait function-updated \ + --function-name tech-floripa-certificates-builder-dev - name: Complete run: | - echo "Docker image has been pushed to AWS ECR Private and Lambda function has been updated" - + echo "Lambda ZIP deployed successfully" diff --git a/Dockerfile b/Dockerfile index 30a1384..623b62d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,36 +1,36 @@ -FROM public.ecr.aws/lambda/python:3.13 - -# Install system dependencies -RUN dnf update -y && \ - dnf install -y \ - freetype-devel \ - libjpeg-turbo-devel \ - zlib-devel \ - gcc \ - make \ - python3-devel \ - fontconfig && \ - dnf clean all - -# Set working directory -WORKDIR ${LAMBDA_TASK_ROOT} - -# Copy requirements first to leverage Docker cache +FROM python:3.13-slim + +RUN apt-get update && \ + apt-get install -y --no-install-recommends \ + build-essential \ + curl \ + fontconfig \ + libfreetype6-dev \ + libjpeg62-turbo-dev \ + zlib1g-dev && \ + rm -rf /var/lib/apt/lists/* + +ENV PYTHONDONTWRITEBYTECODE=1 +ENV PYTHONUNBUFFERED=1 +ENV PYTHONPATH=/var/task +ENV FONTCONFIG_PATH=/etc/fonts +ENV AWS_LAMBDA_RUNTIME_API="" + +WORKDIR /var/task + COPY requirements.txt . RUN pip install --no-cache-dir -r requirements.txt +RUN pip install --no-cache-dir awslambdaric + +ADD https://github.com/aws/aws-lambda-runtime-interface-emulator/releases/latest/download/aws-lambda-rie /usr/local/bin/aws-lambda-rie +RUN chmod +x /usr/local/bin/aws-lambda-rie -# Copy the entire application COPY . . +COPY docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh +RUN chmod +x /usr/local/bin/docker-entrypoint.sh -# Create necessary directories RUN mkdir -p /tmp/certificates && \ chmod 777 /tmp/certificates -# Set environment variables -ENV PYTHONPATH=${LAMBDA_TASK_ROOT} -ENV FONTCONFIG_PATH=/etc/fonts -ENV PYTHONDONTWRITEBYTECODE=1 -ENV PYTHONUNBUFFERED=1 - -# Set the CMD to your handler +ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"] CMD [ "lambda_function.lambda_handler" ] diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh new file mode 100644 index 0000000..6f87689 --- /dev/null +++ b/docker-entrypoint.sh @@ -0,0 +1,10 @@ +#!/bin/sh +set -eu + +handler="${1:-lambda_function.lambda_handler}" + +if [ -z "${AWS_LAMBDA_RUNTIME_API:-}" ]; then + exec /usr/local/bin/aws-lambda-rie python -m awslambdaric "$handler" +fi + +exec python -m awslambdaric "$handler" diff --git a/readme.md b/readme.md index f989139..1954a3d 100644 --- a/readme.md +++ b/readme.md @@ -13,8 +13,7 @@ Sistema de geração automática de certificados para eventos usando AWS Lambda - Registro na blockchain Solana para autenticação - Processamento de mensagens SQS - Execução em container Docker -- Deploy automatizado para AWS Lambda -- Integração com AWS ECR +- Deploy automatizado para AWS Lambda via ZIP package - Envio de mensagens para fila de notificação com dados do certificado ## Estrutura do Projeto @@ -55,7 +54,6 @@ project_root/ - qrcode (Geração de QR codes) - Docker - AWS Lambda -- AWS ECR - AWS SQS - [Solana Blockchain (Registro de certificados)](https://github.com/p4ndabk/certificates-on-solana) @@ -142,7 +140,7 @@ pip install -r requirements.txt 3. Execute com Docker: ```bash -docker build -t certified-builder . && docker run -p 9000:8080 certified-builder +docker compose up --build ``` 4. Teste localmente: @@ -155,9 +153,9 @@ curl -XPOST "http://localhost:9000/2015-03-31/functions/function/invocations" -d O deploy é automatizado através do GitHub Actions: 1. Push para a branch main dispara o workflow -2. Imagem Docker é construída -3. Upload para AWS ECR -4. Atualização da função Lambda +2. Um pacote ZIP compatível com Lambda é gerado em ambiente Linux +3. O workflow executa `aws lambda update-function-code` +4. A função `tech-floripa-certificates-builder-dev` recebe o novo código ## Estrutura do Certificado Gerado @@ -181,4 +179,3 @@ O deploy é automatizado através do GitHub Actions: ## Licença Este projeto está sob a licença MIT. Veja o arquivo `LICENSE` para mais detalhes. -