coderbirju
diff --git a/‎.github/workflows/samcli-vm.yaml‎
Lines changed: 222 additions & 0 deletions b/‎.github/workflows/samcli-vm.yaml‎
Lines changed: 222 additions & 0 deletions
diff --git a/‎scripts/samcli-vm/invoke-teardown.patch‎
Lines changed: 16 additions & 0 deletions b/‎scripts/samcli-vm/invoke-teardown.patch‎
Lines changed: 16 additions & 0 deletions
diff --git a/‎scripts/samcli-vm/run-invoke-tests.sh‎
Lines changed: 65 additions & 0 deletions b/‎scripts/samcli-vm/run-invoke-tests.sh‎
Lines changed: 65 additions & 0 deletions
diff --git a/‎scripts/samcli-vm/run-package-tests.sh‎
Lines changed: 58 additions & 0 deletions b/‎scripts/samcli-vm/run-package-tests.sh‎
Lines changed: 58 additions & 0 deletions
@@ -0,0 +1,222 @@
+name: samcli-vm
+
+on:
+  pull_request:
+    branches:
+      - main
+  schedule:
+    - cron: '0 8 * * *'
+  workflow_dispatch:
+
+env:
+  GO_VERSION: '1.24.x'
+  PYTHON_VERSION: '3.11'
+  PYTHON_BINARY: 'python3.11'
+  AWS_DEFAULT_REGION: "${{ secrets.REGION }}"
+  BY_CANARY: true # allows full testing
+  SAM_CLI_DEV: 1
+  SAM_CLI_TELEMETRY: 0
+  DOCKER_HOST: unix:///Applications/Finch/lima/data/finch/sock/finch.sock
+  DOCKER_CONFIG: /Users/ec2-user/.finch
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  samcli-vm-test:
+    runs-on: codebuild-finch-daemon-arm64-2-instance-${{ github.run_id }}-${{ github.run_attempt }}
+    steps:
+
+      - name: Clean macOS runner workspace
+        run: |
+          rm -rf ${{ github.workspace }}/*
+
+      - name: Configure Git for ec2-user
+        run: |
+          git config --global --add safe.directory "*"
+        shell: bash
+
+      - name: Set up Go
+        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+        with:
+          go-version: ${{ env.GO_VERSION }}
+          cache: false
+
+      - name: Configure Go for ec2-user
+        run: |
+          chown -R ec2-user:staff $GOPATH || true
+          chown -R ec2-user:staff $RUNNER_TOOL_CACHE/go || true
+
+      - name: Install Rosetta 2
+        run: su ec2-user -c 'echo "A" | /usr/sbin/softwareupdate --install-rosetta --agree-to-license || true'
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ env.PYTHON_VERSION }}
+
+      - name: Configure Python for ec2-user
+        run: |
+          # Make Python accessible to ec2-user
+          chown -R ec2-user:staff $(${{ env.PYTHON_BINARY }} -c "import site; print(site.USER_BASE)") || true
+          # Or symlink to ec2-user's PATH
+          ln -sf $(which ${{ env.PYTHON_BINARY }}) /usr/local/bin/${{ env.PYTHON_BINARY }} || true
+
+      - name: Configure Homebrew for ec2-user
+        run: |
+          echo "Creating .brewrc file for ec2-user..."
+          cat > /Users/ec2-user/.brewrc << 'EOF'
+          # Homebrew environment setup
+          export PATH="/opt/homebrew/bin:/opt/homebrew/sbin:$PATH"
+          export HOMEBREW_PREFIX="/opt/homebrew"
+          export HOMEBREW_CELLAR="/opt/homebrew/Cellar"
+          export HOMEBREW_REPOSITORY="/opt/homebrew"
+          export HOMEBREW_NO_AUTO_UPDATE=1
+          EOF
+          chown ec2-user:staff /Users/ec2-user/.brewrc
+
+          # Fix Homebrew permissions
+          echo "Setting permissions for Homebrew directories..."
+          mkdir -p /opt/homebrew/Cellar
+          chown -R ec2-user:staff /opt/homebrew
+        shell: bash
+
+      - name: Install dependencies
+        run: |
+          echo "Installing dependencies as ec2-user..."
+          su ec2-user -c 'source /Users/ec2-user/.brewrc && brew install lz4 automake autoconf libtool yq'
+        shell: bash
+
+      - name: Checkout finch-daemon repo
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
+          persist-credentials: false
+          submodules: recursive
+
+      - name: Configure workspace for ec2-user
+        run: |
+          chown -R ec2-user:staff ${{ github.workspace }}
+
+      - name: Install Finch
+        run: |
+          echo "Installing Finch as ec2-user..."
+          su ec2-user -c 'source /Users/ec2-user/.brewrc && brew install finch --cask'
+          su ec2-user -c 'source /Users/ec2-user/.brewrc && brew list | grep finch || echo "finch not installed"'
+          mkdir -p /private/var/run/finch-lima
+          cat /etc/passwd
+          chown ec2-user:daemon /private/var/run/finch-lima
+        shell: bash
+
+      - name: Build binaries
+        run: |
+          echo "Building cross architecture binaries..."
+          su ec2-user -c 'cd ${{ github.workspace }} && STATIC=1 GOPROXY=direct GOOS=linux GOARCH=arm64 make'
+          su ec2-user -c 'finch vm remove -f' || true
+          cp -f ${{ github.workspace }}/bin/finch-daemon /Applications/Finch/finch-daemon/finch-daemon
+          # Restart finch-daemon with new binary
+          su ec2-user -c 'finch vm stop' || true
+          su ec2-user -c 'finch vm start' || true
+        shell: bash
+
+      - name: Check Finch version
+        run: |
+          echo "Initializing VM and checking version..."
+          # Clean up any leftover network state
+          sudo pkill -f socket_vmnet || true
+          sudo rm -f /private/var/run/finch-lima/*.sock || true
+          su ec2-user -c 'finch vm init'
+          sleep 5  # Wait for services to be ready
+          echo "Checking Finch version..."
+          su ec2-user -c 'LIMA_HOME=/Applications/Finch/lima/data /Applications/Finch/lima/bin/limactl shell finch curl --unix-socket /var/run/finch.sock -X GET http:/v1.43/version'
+        shell: bash
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4.2.1
+        with:
+          role-to-assume: ${{ secrets.SAMCLI_VM_ROLE_SYNC }}
+          role-session-name: samcli-finch-vm-sequential-tests
+          aws-region: ${{ secrets.REGION }}
+
+      - name: Install Docker CLI for SAM CLI compatibility
+        run: |
+          echo "Checking Docker CLI installation..."
+          if ! su ec2-user -c 'which docker' > /dev/null 2>&1; then
+            echo "Installing Docker CLI..."
+            su ec2-user -c 'source /Users/ec2-user/.brewrc && brew install --formula docker'
+          else
+            echo "Docker CLI already installed"
+          fi
+        shell: bash
+
+      - name: Checkout SAM CLI
+        uses: actions/checkout@v4
+        with:
+          repository: aws/aws-sam-cli
+          submodules: recursive
+          path: aws-sam-cli
+
+      - name: Set up SAM CLI from source
+        run: |
+          # Move to ec2-user home and change ownership
+          sudo rm -rf /Users/ec2-user/aws-sam-cli || true
+          sudo mv aws-sam-cli /Users/ec2-user/aws-sam-cli
+          sudo chown -R ec2-user:staff /Users/ec2-user/aws-sam-cli
+
+          # Install and setup (use full path)
+          su ec2-user -c 'cd /Users/ec2-user/aws-sam-cli && ${{ env.PYTHON_BINARY }} -m pip install --upgrade pip --user'
+          su ec2-user -c 'cd /Users/ec2-user/aws-sam-cli && SAM_CLI_DEV=1 ${{ env.PYTHON_BINARY }} -m pip install -e ".[dev]" --user'
+          su ec2-user -c 'cd /Users/ec2-user/aws-sam-cli && export PATH="/Users/ec2-user/Library/Python/${{ env.PYTHON_VERSION }}/bin:$PATH" && samdev --version'
+        shell: bash
+
+      - name: Run unit tests
+        continue-on-error: true
+        run: ./scripts/samcli-vm/run-unit-tests.sh
+
+      - name: Run sync tests
+        continue-on-error: true
+        run: ./scripts/samcli-vm/run-sync-tests.sh
+
+      - name: Run package tests
+        continue-on-error: true
+        run: ./scripts/samcli-vm/run-package-tests.sh
+
+      - name: Run start-api tests
+        continue-on-error: true
+        run: ./scripts/samcli-vm/run-start-api-tests.sh
+
+      - name: Run start-lambda tests
+        continue-on-error: true
+        run: ./scripts/samcli-vm/run-start-lambda-tests.sh
+
+      - name: Patch SAM CLI for Docker image cleanup
+        continue-on-error: true
+        run: |
+          # Apply git patch to handle ImageNotFound exceptions for all Docker tests
+          su ec2-user -c 'cd /Users/ec2-user/aws-sam-cli && git apply ${{ github.workspace }}/scripts/samcli-vm/invoke-teardown.patch'
+        shell: bash
+
+      - name: Run invoke tests
+        continue-on-error: true
+        run: ./scripts/samcli-vm/run-invoke-tests.sh
+
+  # ensuring resources are clean post-test
+  cleanup:
+    runs-on: ubuntu-latest
+    needs: samcli-vm-test
+    if: always()
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df
+        with:
+          role-to-assume: ${{ secrets.SAMCLI_VM_ROLE_SYNC }}
+          role-session-name: cleanup
+          aws-region: ${{ secrets.REGION }}
+
+      - name: Comprehensive AWS resource cleanup
+        timeout-minutes: 10
+        run: ./scripts/cleanup-aws-resources.sh
@@ -0,0 +1,16 @@
+--- a/tests/integration/local/invoke/test_integrations_cli.py
++++ b/tests/integration/local/invoke/test_integrations_cli.py
+@@ -754,6 +754,11 @@
+         docker_client = docker.from_env()
+         samcli_images = docker_client.images.list(name="samcli/lambda")
+         for image in samcli_images:
+-            docker_client.images.remove(image.id)
++            try:
++                docker_client.images.remove(image.id, force=True)
++            except docker.errors.ImageNotFound:
++                print(f"Image {image.id} was not found. It may have been removed already.")
++            except Exception as e:
++                print(f"An error occurred while trying to remove image {image.id}: {str(e)}")
+ 
+         shutil.rmtree(str(self.layer_cache), ignore_errors=True)
++
@@ -0,0 +1,65 @@
+#!/bin/bash
+set -e
+
+echo "=== INVOKE TESTS - Started at $(date) ==="
+touch /tmp/invoke_output.txt
+chown ec2-user:staff /tmp/invoke_output.txt
+
+su ec2-user -c "
+  cd /Users/ec2-user/aws-sam-cli && \
+  export PATH='/Users/ec2-user/Library/Python/$PYTHON_VERSION/bin:$PATH' && \
+  export DOCKER_HOST='$DOCKER_HOST' && \
+  AWS_DEFAULT_REGION='$AWS_DEFAULT_REGION' \
+  BY_CANARY='$BY_CANARY' \
+  SAM_CLI_DEV='$SAM_CLI_DEV' \
+  SAM_CLI_TELEMETRY='$SAM_CLI_TELEMETRY' \
+  '$PYTHON_BINARY' -m pytest tests/integration/local/invoke -k 'not Terraform' -v --tb=short
+" 2>&1 | tee /tmp/invoke_output.txt || true
+
+echo ""
+echo "=== PASSES ==="
+grep "PASSED" /tmp/invoke_output.txt || echo "No passes found"
+
+echo ""
+echo "=== FAILURES ==="
+grep "FAILED" /tmp/invoke_output.txt || echo "No failures found"
+
+# test_invoke_with_error_during_image_build: Build error message differs from expected.
+# test_invoke_with_timeout_set_X_TimeoutFunction: Returns timeout message instead of empty string,
+#         but matches actual Lambda service behavior.
+# test_building_new_rapid_image_removes_old_rapid_images: Cannot remove images with same digest,
+#         Docker creates different IDs for each.
+# test_caching_two_layers and test_caching_two_layers_with_layer_cache_env_set: error due to sequential
+#         test runs within invoke. Work when run in isolation and locally.
+# test_successful_invoke: Related to symlink mount errors due to permissions. Works locally.
+cat > expected_invoke_failures.txt << 'EOF'
+test_invoke_with_error_during_image_build
+test_invoke_with_timeout_set_0_TimeoutFunction
+test_invoke_with_timeout_set_1_TimeoutFunctionWithParameter
+test_invoke_with_timeout_set_2_TimeoutFunctionWithStringParameter
+test_building_new_rapid_image_removes_old_rapid_images
+test_caching_two_layers
+test_caching_two_layers_with_layer_cache_env_set
+test_successful_invoke
+EOF
+
+# Extract actual failures
+grep "FAILED" /tmp/invoke_output.txt | grep -o "test_[^[:space:]]*" > actual_invoke_failures.txt || true
+
+# Find unexpected failures
+UNEXPECTED=$(grep -v -f expected_invoke_failures.txt actual_invoke_failures.txt 2>/dev/null || true)
+
+if [ -n "$UNEXPECTED" ]; then
+  echo "❌ Unexpected failures found:"
+  echo "$UNEXPECTED"
+  echo ""
+  echo "=== FULL OUTPUT FOR DEBUGGING ==="
+  cat /tmp/invoke_output.txt
+  exit 1
+else
+  echo "✅ All failures were expected"
+fi
+
+echo ""
+echo "=== PYTEST SUMMARY ==="
+grep -E "=+ .*(failed|passed|skipped|deselected).* =+$" /tmp/invoke_output.txt | tail -1 || echo "No pytest summary found"
@@ -0,0 +1,58 @@
+#!/bin/bash
+set -e
+
+echo "=== PACKAGE TESTS - Started at $(date) ==="
+touch /tmp/package_output.txt
+chown ec2-user:staff /tmp/package_output.txt
+su ec2-user -c "
+  cd /Users/ec2-user/aws-sam-cli && \
+  export PATH='/Users/ec2-user/Library/Python/$PYTHON_VERSION/bin:$PATH' && \
+  export DOCKER_HOST='$DOCKER_HOST' && \
+  AWS_DEFAULT_REGION='$AWS_DEFAULT_REGION' \
+  BY_CANARY='$BY_CANARY' \
+  SAM_CLI_DEV='$SAM_CLI_DEV' \
+  SAM_CLI_TELEMETRY='$SAM_CLI_TELEMETRY' \
+  '$PYTHON_BINARY' -m pytest tests/integration/package/test_package_command_image.py -v --tb=short
+" > /tmp/package_output.txt 2>&1 || true
+
+echo ""
+echo "=== PASSES ==="
+grep "PASSED" /tmp/package_output.txt || echo "No passes found"
+
+echo ""
+echo "=== FAILURES ==="
+grep "FAILED" /tmp/package_output.txt || echo "No failures found"
+
+# test_package_with_deep_nested_template_image: Expects Docker-specific push stream pattern.
+# test_package_template_with_image_repositories_nested_stack_x: Push API stream differs from Docker.
+# test_package_with_loadable_image_archive_0_template_image_load_yaml: Docker imports by digest,
+#         Finch imports as "overlayfs:" tag causing image info lookup to fail.
+cat > expected_package_failures.txt << 'EOF'
+test_package_with_deep_nested_template_image
+test_package_template_with_image_repositories_nested_stack
+test_package_with_loadable_image_archive_0_template_image_load_yaml
+EOF
+
+# Extract actual failures
+grep "FAILED" /tmp/package_output.txt | grep -o "test_[^[:space:]]*" > actual_package_failures.txt || true
+
+# Also check for nested stack failures (pattern match)
+grep "FAILED.*test_package_template_with_image_repositories_nested_stack" /tmp/package_output.txt >> actual_package_failures.txt || true
+
+# Find unexpected failures (exclude nested stack pattern)
+UNEXPECTED=$(grep -v -f expected_package_failures.txt actual_package_failures.txt | grep -v "test_package_template_with_image_repositories_nested_stack" || true)
+
+if [ -n "$UNEXPECTED" ]; then
+  echo "❌ Unexpected failures found:"
+  echo "$UNEXPECTED"
+  echo ""
+  echo "=== FULL OUTPUT FOR DEBUGGING ==="
+  cat /tmp/package_output.txt
+  exit 1
+else
+  echo "✅ All failures were expected"
+fi
+
+echo ""
+echo "=== PYTEST SUMMARY ==="
+grep -E "=+ .*(failed|passed|skipped|deselected).* =+$" /tmp/package_output.txt | tail -1 || echo "No pytest summary found"