feat: micro runtime image uses awscurl instead of aws-cli

Author: skunxicat

.github/workflows/release.yml

@@ -35,8 +35,9 @@ jobs:
           echo "${{ secrets.GHCR_PAT }}" > github_token
           export DOCKER_BUILDKIT=1
           docker buildx build --builder default --platform linux/arm64 --output type=docker --progress=plain --secret id=github_token,src=github_token -t lambda-shell-runtime:tiny -f tiny.Dockerfile .
-          docker buildx build --builder default --platform linux/arm64 --output type=docker --progress=plain --secret id=github_token,src=github_token -t lambda-shell-runtime:slim -f slim.Dockerfile .
-          docker buildx build --builder default --platform linux/arm64 --output type=docker --progress=plain --secret id=github_token,src=github_token -t lambda-shell-runtime:full -f Dockerfile .
+          docker buildx build --builder default --platform linux/arm64 --output type=docker --progress=plain --secret id=github_token,src=github_token -t lambda-shell-runtime:micro -f micro.Dockerfile .
+          # docker buildx build --builder default --platform linux/arm64 --output type=docker --progress=plain --secret id=github_token,src=github_token -t lambda-shell-runtime:slim -f slim.Dockerfile .
+          # docker buildx build --builder default --platform linux/arm64 --output type=docker --progress=plain --secret id=github_token,src=github_token -t lambda-shell-runtime:full -f Dockerfile .
         shell: bash
       - name: Log in to GHCR
         run: echo "${{ secrets.GHCR_PAT }}" | docker login ghcr.io -u skunxicat --password-stdin

Dockerfile

@@ -24,14 +24,18 @@ RUN --mount=type=secret,id=github_token \
 FROM public.ecr.aws/lambda/provided:al2023
 
 # Install only runtime dependencies
-RUN dnf install -y jq && \
+RUN dnf install -y jq python3 python3-libs  && \
     dnf clean all && \
     rm -rf /var/cache/dnf
 
 # Copy AWS CLI binaries only
 COPY --from=builder /aws-cli-bin/aws /usr/local/bin/aws
 COPY --from=builder /aws-cli /usr/local/aws-cli
 
+# Fix Python shared library path for AWS CLI v2
+RUN find /usr -name "libpython3*.so*" -exec cp {} /usr/local/bin/ \; 2>/dev/null || true
+
+
 # Copy http-cli
 COPY --from=builder /http-cli-bin/http-cli /var/task/bin/http-cli
 

build

@@ -7,7 +7,8 @@ set -e
 PLATFORM="linux/arm64"
 MODE="--load"
 TAG="lambda-shell-runtime"
-VARIANTS="tiny slim full"
+# VARIANTS="tiny slim full"
+VARIANTS="tiny micro"
 
 
 # Parse arguments

micro.Dockerfile

@@ -0,0 +1,53 @@
+FROM public.ecr.aws/lambda/provided:al2023 AS builder
+
+RUN dnf install -y unzip python3-pip  findutils && \
+    dnf clean all
+
+# Download http-cli
+RUN --mount=type=secret,id=github_token \
+    curl -H "Authorization: token $(cat /run/secrets/github_token)" \
+    -L https://github.com/ql4b/http-cli/archive/refs/heads/develop.zip \
+    -o http-cli.zip && \
+    unzip http-cli.zip && \
+    mkdir -p /http-cli-bin && \
+    mv http-cli-develop/http-cli /http-cli-bin/ && \
+    chmod +x /http-cli-bin/http-cli && \
+    rm -rf http-cli.zip http-cli-develop
+
+RUN pip3 install --no-cache-dir --target /tmp/awscurl awscurl && \
+    find /tmp/awscurl -type d -name '__pycache__' -exec rm -rf {} + && \
+    find /tmp/awscurl -type f -name '*.pyc' -delete && \
+    find /tmp/awscurl -type d -name '*.dist-info' -exec rm -rf {} +
+
+# Stage 2: Runtime stage
+FROM public.ecr.aws/lambda/provided:al2023
+
+# Install only runtime dependencies
+RUN dnf install -y jq python3 && \
+    dnf clean all && \
+    rm -rf /var/cache/dnf
+
+# Copy only what's needed
+COPY --from=builder /tmp/awscurl /var/task/aws
+# Clean up Python cache and metadata
+RUN rm -rf \
+  /var/task/aws/__pycache__ \
+  /var/task/aws/*.dist-info \
+  /var/task/aws/**/__pycache__
+
+ENV PYTHONPATH="/var/task/aws"
+
+RUN mkdir -p /var/task/bin && \
+    printf '#!/bin/sh\nexport PYTHONPATH=/var/task/aws\nexec python3 -m awscurl.awscurl "$@"\n' > /var/task/bin/awscurl && \
+    chmod +x /var/task/bin/awscurl
+
+# Copy http-cli
+COPY --from=builder /http-cli-bin/http-cli /var/task/bin/http-cli
+ENV PATH="/var/task/bin:${PATH}"
+
+COPY runtime/bootstrap /var/runtime/bootstrap
+RUN chmod +x /var/runtime/bootstrap
+
+WORKDIR /var/task
+
+COPY functions/handler.sh handler.sh

test/run

@@ -18,6 +18,31 @@ docker run \
     lambda-shell-runtime:debug-tiny \
     /var/runtime/bootstrap
 
+docker run \
+    -p 9000:8080 \
+    --platform linux/arm64 \
+    -v ~/.aws:/root/.aws:ro \
+    --env AWS_PROFILE=${AWS_PROFILE} \
+    --env AWS_REGION=${AWS_REGION} \
+    --volume ~/.aws-lambda-rie:/aws-lambda \
+    --entrypoint /aws-lambda/aws-lambda-rie \
+    --env HANDLER="handler.hello" \
+    lambda-shell-runtime:debug-tiny \
+    /var/runtime/bootstrap
+
+
+docker run -d --rm \
+    -p 9000:8080 \
+    --platform linux/arm64 \
+    -v ~/.aws:/root/.aws:ro \
+    --volume ~/.aws-lambda-rie:/aws-lambda \
+    --entrypoint /aws-lambda/aws-lambda-rie \
+    --env HANDLER="handler.hello" \
+    lambda-shell-runtime:micro \
+    /var/runtime/bootstrap
+
+
+
 # Invoke test: basic curl request
 curl -XPOST \
     "http://localhost:9000/2015-03-31/functions/function/invocations" \