holy-lambda

Russell Whitaker 2025-02-07T23:56:33.802359Z

Good afternoon (US Pacific time.) I've got a java17 based custom Clojure Lambda image I've been running for a while in production, and have recently started moving its CI/CD concerns to self-hosted linux Github Actions. I think I'm running up against a "docker in docker" teething issue attempting bb hl:compile.

[holy-lambda] Docker is not running! Enable and run docker first before using holy-lambda!
Yet, docker is running - I can docker pull - and there's a /var/run/docker.sock I can try to volume mount with
:holy-lambda/options {:docker {;; Check 
                                ;; Network setting for future versions of HL will propagate to AWS SAM as well
                                ;; Options: "host"|"bridge"|"overlay"|"none"|nil|"macvlan"
                                :network nil
                                :volumes [{:docker "/var/run/docker.sock"
                                           :host   "/var/run/docker.sock"}]
...in bb.edn with no apparent effect. Should I maybe change the value of :network? I hope it's as simple as that (I've been struggling with this all day.) TIA, if anyone's around.

Karol Wójcik 2025-02-08T13:21:10.930909Z

Hey! Let me check :)

Karol Wójcik 2025-02-08T13:29:25.953689Z

The trick is that when in the CI environment is better to not use docker in docker. Use HL_NO_DOCKER=1. This environment variable should opt out from using docker in docker :)

Russell Whitaker 2025-02-08T14:41:09.320939Z

I should have mentioned that I tried that, but end up with an artifact which throws “entrypoint missing” errors on testing. From my reading of the use of this flag, it’s assumed that you’re then using the GraalVM builder, not the Java builder, yes?

Karol Wójcik 2025-02-08T16:33:35.055019Z

No.

Karol Wójcik 2025-02-08T16:36:56.030769Z

I need more details. How the fragment of template.yml is looking like where you bind a Lambda to Clojure function?

Karol Wójcik 2025-02-08T16:43:10.544009Z

Could you kindly check if function specified in Dockerfile is exported using h/entrypoint?

Russell Whitaker 2025-02-08T17:05:14.242659Z

It is. It’s been in production for a couple years before this task to build in the GH Actions context.

Russell Whitaker 2025-02-08T17:06:19.605509Z

I’ll get that stanza and post it (writing on mobile at the moment.)

Russell Whitaker 2025-02-08T17:27:10.589699Z

REDACTEDFunctionName:
    Type: AWS::Serverless::Function
    Properties:
      FunctionName: redacted-function-name
      Tags:
        RoleType:
          Ref: RoleType
      PackageType: Image
(h/entrypoint [#'RedactedEntrypoint]) declared in the core namespace In Dockerfile:
ENTRYPOINT ["java", "-XX:+TieredCompilation", \
            "-XX:TieredStopAtLevel=1", \
            "-Djavax.net.ssl.trustStore=/opt/java/lib/security/REDACTED", \
            "-Djavax.net.ssl.trustStorePassword=REDACTED", \
            "-Djdk.tls.client.protocols=TLSv1.2", \
            "-jar", "REDACTED-lambda.jar", \
            "com.REDACTED.REDACTED.lambda-api.core.RedactedEntrypoint"]

Russell Whitaker 2025-02-08T18:01:14.494349Z

io.github.FieryCod/holy-lambda {:mvn/version "0.6.7"}

Russell Whitaker 2025-02-08T21:03:23.325289Z

@karol.wojcik let me do some digging, I may have a cross-compilation issue (x86_64 vs arm64 architectures) to rule out. Speaking of which, what architecture(s) are the holy-lambda builder images? I suppose I could pull one down and run uname -m against to find out myself...

Karol Wójcik 2025-02-09T00:19:01.638689Z

We are having multiple architectures available. :)

Karol Wójcik 2025-02-09T00:19:19.462089Z

Default is x86

Russell Whitaker 2025-02-08T00:03:10.587049Z

@karol.wojcik I spent a couple of hours looking through public Clojurians archives, as well as GH source, FYI.