build: deploy builder lambda as zip package

.github/workflows/workflow_build.yaml

@@ -1,4 +1,4 @@
-name: Publish Docker Image to AWS ECR Private
+name: Deploy Lambda ZIP
 
 on:
   workflow_dispatch:
@@ -7,7 +7,7 @@ on:
       - main
 jobs:
   build:
-    name: Build and push Docker image
+    name: Package and deploy Lambda ZIP
     runs-on: ubuntu-latest
     environment: certified-builder-py
     steps:
@@ -22,25 +22,37 @@ jobs:
           aws-region: us-east-1
           audience: sts.amazonaws.com
 
-      - name: Login to Amazon ECR Private
-        run: aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com
-
-      - name: Build Docker image
+      - name: Prepare package directories
         run: |
-          docker build -t ${{ secrets.ECR_REPOSITORY_BUILDER }}:latest .
-          docker tag ${{ secrets.ECR_REPOSITORY_BUILDER }}:latest ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com/${{ secrets.ECR_REPOSITORY_BUILDER }}:latest
+          rm -rf dist
+          mkdir -p dist/package
 
-      - name: Push Docker image
+      - name: Build Lambda ZIP
         run: |
-          docker push ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com/${{ secrets.ECR_REPOSITORY_BUILDER }}:latest
-
-      - name: Update Lambda function
+          docker run --rm \
+            -v "$PWD:/work" \
+            -w /work \
+            python:3.13-slim \
+            bash -lc '
+              set -euo pipefail
+              apt-get update >/dev/null
+              apt-get install -y zip >/dev/null
+              python -m pip install --upgrade pip >/dev/null
+              python -m pip install --no-cache-dir -r requirements.txt -t dist/package >/dev/null
+              cp -R aws certified_builder models dist/package/
+              cp lambda_function.py config.py requirements.txt dist/package/
+              cd dist/package
+              zip -qr ../lambda.zip .
+            '
+
+      - name: Deploy Lambda ZIP
         run: |
           aws lambda update-function-code \
-            --function-name tech-floripa-certificates-api-dev \
-            --image-uri ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com/${{ secrets.ECR_REPOSITORY_BUILDER }}:latest
+            --function-name tech-floripa-certificates-builder-dev \
+            --zip-file fileb://dist/lambda.zip
+          aws lambda wait function-updated \
+            --function-name tech-floripa-certificates-builder-dev
 
       - name: Complete
         run: |
-          echo "Docker image has been pushed to AWS ECR Private and Lambda function has been updated"
-
+          echo "Lambda ZIP deployed successfully"

Dockerfile

@@ -1,36 +1,36 @@
-FROM public.ecr.aws/lambda/python:3.13
-
-# Install system dependencies
-RUN dnf update -y && \
-    dnf install -y \
-    freetype-devel \
-    libjpeg-turbo-devel \
-    zlib-devel \
-    gcc \
-    make \
-    python3-devel \
-    fontconfig && \
-    dnf clean all
-
-# Set working directory
-WORKDIR ${LAMBDA_TASK_ROOT}
-
-# Copy requirements first to leverage Docker cache
+FROM python:3.13-slim
+
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+    build-essential \
+    curl \
+    fontconfig \
+    libfreetype6-dev \
+    libjpeg62-turbo-dev \
+    zlib1g-dev && \
+    rm -rf /var/lib/apt/lists/*
+
+ENV PYTHONDONTWRITEBYTECODE=1
+ENV PYTHONUNBUFFERED=1
+ENV PYTHONPATH=/var/task
+ENV FONTCONFIG_PATH=/etc/fonts
+ENV AWS_LAMBDA_RUNTIME_API=""
+
+WORKDIR /var/task
+
 COPY requirements.txt .
 RUN pip install --no-cache-dir -r requirements.txt
+RUN pip install --no-cache-dir awslambdaric
+
+ADD https://github.com/aws/aws-lambda-runtime-interface-emulator/releases/latest/download/aws-lambda-rie /usr/local/bin/aws-lambda-rie
+RUN chmod +x /usr/local/bin/aws-lambda-rie
 
-# Copy the entire application
 COPY . .
+COPY docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
+RUN chmod +x /usr/local/bin/docker-entrypoint.sh
 
-# Create necessary directories
 RUN mkdir -p /tmp/certificates && \
     chmod 777 /tmp/certificates
 
-# Set environment variables
-ENV PYTHONPATH=${LAMBDA_TASK_ROOT}
-ENV FONTCONFIG_PATH=/etc/fonts
-ENV PYTHONDONTWRITEBYTECODE=1
-ENV PYTHONUNBUFFERED=1
-
-# Set the CMD to your handler
+ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
 CMD [ "lambda_function.lambda_handler" ]

docker-entrypoint.sh

@@ -0,0 +1,10 @@
+#!/bin/sh
+set -eu
+
+handler="${1:-lambda_function.lambda_handler}"
+
+if [ -z "${AWS_LAMBDA_RUNTIME_API:-}" ]; then
+  exec /usr/local/bin/aws-lambda-rie python -m awslambdaric "$handler"
+fi
+
+exec python -m awslambdaric "$handler"

readme.md

@@ -13,8 +13,7 @@ Sistema de geração automática de certificados para eventos usando AWS Lambda
   - Registro na blockchain Solana para autenticação
 - Processamento de mensagens SQS
 - Execução em container Docker
-- Deploy automatizado para AWS Lambda
-- Integração com AWS ECR
+- Deploy automatizado para AWS Lambda via ZIP package
 - Envio de mensagens para fila de notificação com dados do certificado
 
 ## Estrutura do Projeto
@@ -55,7 +54,6 @@ project_root/
 - qrcode (Geração de QR codes)
 - Docker
 - AWS Lambda
-- AWS ECR
 - AWS SQS
 - [Solana Blockchain (Registro de certificados)](https://github.com/p4ndabk/certificates-on-solana)
 
@@ -142,7 +140,7 @@ pip install -r requirements.txt
 
 3. Execute com Docker:
 ```bash
-docker build -t certified-builder . && docker run -p 9000:8080 certified-builder
+docker compose up --build
 ```
 
 4. Teste localmente:
@@ -155,9 +153,9 @@ curl -XPOST "http://localhost:9000/2015-03-31/functions/function/invocations" -d
 O deploy é automatizado através do GitHub Actions:
 
 1. Push para a branch main dispara o workflow
-2. Imagem Docker é construída
-3. Upload para AWS ECR
-4. Atualização da função Lambda
+2. Um pacote ZIP compatível com Lambda é gerado em ambiente Linux
+3. O workflow executa `aws lambda update-function-code`
+4. A função `tech-floripa-certificates-builder-dev` recebe o novo código
 
 ## Estrutura do Certificado Gerado
 
@@ -181,4 +179,3 @@ O deploy é automatizado através do GitHub Actions:
 ## Licença
 
 Este projeto está sob a licença MIT. Veja o arquivo `LICENSE` para mais detalhes.
-