$ npm install &&  karma start --single-run --no-auto-watch
npm WARN package.json [email protected] No repository field.
npm WARN package.json [email protected] No license field.
npm ERR! git clone --template=/tmp/lambci/home/.npm/_git-remotes/_templates --mirror https://github.com/uberVU/Sinon.JS.git /tmp/lambci/home/.npm/_git-remotes/https-github-com-uberVU-Sinon-JS-git-5ff91d4d: Cloning into bare repository '/tmp/lambci/home/.npm/_git-remotes/https-github-com-uberVU-Sinon-JS-git-5ff91d4d'...
npm ERR! git clone --template=/tmp/lambci/home/.npm/_git-remotes/_templates --mirror https://github.com/uberVU/Sinon.JS.git /tmp/lambci/home/.npm/_git-remotes/https-github-com-uberVU-Sinon-JS-git-5ff91d4d: fatal: Unable to find remote helper for 'https'
npm ERR! Linux 4.1.19-24.31.amzn1.x86_64
npm ERR! argv "/usr/local/lib64/node-v4.3.x/bin/node" "/usr/local/lib64/node-v4.3.x/bin/npm" "install"
npm ERR! node v4.3.2
npm ERR! npm  v2.14.12
npm ERR! code 128

locally everything works great, any ideas?

Especially for people who may not be in the Slack channel, it's not obvious how to find out the current state of the CI, and its history.

@mhart mentioned on Twitter that figuring out how to create that page while there may be parallel builds requires non-trivial work. An alternative is to create a page that uses the API gateway to assemble the results dynamically, but that may pose some challenges for unauthenticated users (which, to me at least, are a high value use case).

First raised in #11 (comment)

Seems that the Lambda environment has some sort of restriction (no seteuid perhaps?) that prevents the ssh client from running:

$ ssh -vT [email protected]
PRIV_END: seteuid: Operation not permitted

This also means that cloning repositories over git-ssh will fail, eg git clone [email protected]/mhart/kinesalite.git – a number of projects do this for sub-dependencies.

Not sure what we can do about this? Besides compiling a custom ssh client.

This is a rather large topic, but there are few things here that this would enable:

1. Authenticated build logs / badges
2. Admin interface
   1. view builds
   2. rebuild
   3. update config
3. Web hooks (for GitHub and other sources like BitBucket, etc)
4. REST API that other clients (like a CLI client) could talk to

Add support for multiple simultaneous sub-builds from a single push/PR, eg:

• building against multiple Node.js/whatever versions at once
• splitting up a build into multiple pieces (tests, linting, etc)

This will require a Lambda to invoke another Lambda (and will require permissions for such).

Could also tie this in with GitHub status contexts – have each sub-build be a different context (eg, continuous-integration/lambci/node4, continuous-integration/lambci/node5)

A simple way to support this would be by extending the current cmd config to support an object structure where each key becomes the context name, eg:

// current cmd config:
cmd: 'npm install && npm test'

// multiple context cmd config
cmd: {
  node4: 'nave use 4 bash -c "npm install && npm test"',
  node5: 'nave use 5 bash -c "npm install && npm test"',
  node6: 'nave use 6 bash -c "npm install && npm test"',
}

It would be nice to have the option of caching one or more directories (to s3) in order to speed up build times.

I'd envision this working mostly like it does in Travis. They even have a great doc explaining how their caching works and the rules around it. They also just push/pull to s3 for their caching.

In the lamb config, you could specify which directories you want to cache, e.g.:

{
  cache: [
    "~/.iv2",
    "~/.local"
  ]
}

Following the same rules as outlined by travis, keep a cache per branch, use the master cache if branch cache doesn't exist. Download the archives from s3.

After the build, make new archives, and figure out if you need to replace S3 artifacts (checksum/etags?)

Thinking can just use the same S3 bucket that's used for builds already...

I did a really really quick and dirty PoC as part of a build with some hardcoded paths, etc. for just ~/.ivy2 (sbt/ivy proj) and for even a really simple build (just 3 explicit dependencies), was able to drop the build time from 2 minutes to 1 minute (w/ lambda time is money! :).

pull_cache runs before build, installs awscli, pulls down cache archive

cache_deps runs after build, pushes back up.

Build before cache

Build after cache

Also, like I said, this is just pretty quick and dirty... I would expect caching the local pip stuff (awscli), and also being smarter about when we need to push back to the cache would make this even faster... This is also a pretty small project... I'd expect more gains from more dependencies to a point...

would be interested to hear your thoughts around this.

thanks.

I've set up a simple project to try out LambCI, essentially a barebones copy of mhart/test-ci-project.

The first build triggered successfully and I could view the logs in CloudWatch, albeit it was a failed build (expected) due to not finding the package.json as the project only had a README.md at the time. You can see the output of that here.

I then copied some of mhart/test-ci-project to add a simple NodeJS test, committed and pushed. I was presented with this stacktrace in CloudWatch:

2016-07-10T16:12:16.221Z    9a1541fb-46b8-11e6-bf88-f9860b5e257a    InvalidSetType: Sets can contain string, number, or binary values
 at Set.util.inherit.detectType (/var/runtime/node_modules/aws-sdk/lib/dynamodb/set.js:30:24)
 at Set.util.inherit.initialize (/var/runtime/node_modules/aws-sdk/lib/dynamodb/set.js:14:10) 
 at new Set (/var/runtime/node_modules/aws-sdk/lib/dynamodb/set.js:8:10) 
 at DocumentClient.AWS.DynamoDB.DocumentClient.AWS.util.inherit.createSet (/var/runtime/node_modules/aws-sdk/lib/dynamodb/document_client.js:451:12) 
 at /var/task/db/index.js:107:60 
 at Response.<anonymous> (/var/task/db/index.js:65:5) 
 at Request.<anonymous> (/var/runtime/node_modules/aws-sdk/lib/request.js:355:18) 
 at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:105:20) 
 at Request.emit (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:77:10) at Request.emit (/var/runtime/node_modules/aws-sdk/lib/request.js:615:14)

This points to line 107 in db/injex.js.

So I think what's happened is this:

My local git config user.email property was set to a corporate email address and not one that is linked to my Github account (obviously my fault). My commit history shows that.

Updating the user.email property locally and committing again fixed the issue.

To reproduce this:

1. Set up project and integrate with LambCI
2. Ensure builds are being triggered in response to commits
3. Update your git config user.email property to an email not linked to your Github account: git config user.email "$UNRECOGNISED_AUTHOR"
4. git commit --allow-empty -m 'Trigger another LambCI build' && git push

Completely self-serving for https://github.com/joemccann/dillinger

Would prerfer to build against LambCI instead of TravisCI

Currently the code and integration tests are very AWS-Lambda-specific – running LambCI naked on, for example, macOS™ won't work.

This is mitigated by the fact that they can be run under Docker (thanks to docker-lambda), so it's not particularly pressing, but if there's enough votes for this, it might be good to consider.

There are cases when after pushing a configuration update in .lambci.json section, the previous configuration values are being used, given that repository has been pushed and built before.

In case we re-upload the lambda function zip file, the new configuration is picked up.

Perhaps it has something to do with Lambda container reuse?

Have you ever experienced similar issues?

I'm happy to provide more information to help debug this behaviour.

running the default php command (version 5.6.25) the laravel phpunit test runner will not even begin to run the tests as memory is exhausted in the composer post install commands. Anyone run into this issue before and know how to resolve it?

Also: anyone know how to parallelize the builds, i would like to run every single test class in tis own test runnder immediately to avoid memory leak issues and take our test runner for 20 minutes to under 1 minute

here is my .lambci.json (nothing crazy)

{
  "cmd": ". ~/init/php 5.6.25 && composer install -n --prefer-dist && vendor/bin/phpunit"
}

• ECS builds do not seem to update the HTML report
• ECS builds do not seem to update the branch status badge

A number of projects rely on this being available – needs some research to see how doable this is from a non-standard location

is it possible to compile coverage reports and store them for later access when tests are being run on a specific branch?

build passing in green
build failling in red

This almost certainly depends on #8 or at least a subset of that work.

Basically, rust will install fine and a bunch of commands work out of the box (eg, cargo build seems to work for a number of projects):

export CARGO_HOME=$HOME/.cargo
export MULTIRUST_HOME=$HOME/.multirust
export RUSTUP_HOME=$HOME/.multirust/rustup

curl https://sh.rustup.rs -sSf | sh -s -- -y

export PATH=$HOME/.cargo/bin:$PATH
rustc --version
cargo --version

But when it comes to the linking stage (often happens in cargo test), then it will fail because there's no native linker (ie, no gcc/ld).

It would be great to know if there's a minimal gcc/ld setup that will work here – I know that the Windows version of rust bundles gcc with it, so it definitely should be possible.

Is the Cloudformation template only supported in the N. Virginia region? I tried running it in the Sydney region and ran into the error below but it ran fine in N. Virginia.

Error occurred while GetObject. S3 Error Code: PermanentRedirect. S3 Error Message: The bucket you are attempting to access must be addressed using the specified endpoint. Please send all future requests to this endpoint.

Unfortunately, the size of Rust is too typically large to unpack into Lambda, along with gcc and cargo and cargo dependencies.

Lambda currently only has 500MB scratch space in /tmp, and Rust is around 300MB

If we could find a Rust installation that's a third of the size, we'd have more room to play with

Hey it'd be great to get CodeCommit support. My NodeJS is terrible, but I'd be happy to help with whatever code snippets you need to help you get this in there quicker (sigV4 signature creation, etc)

It looks as though better handling of timeouts is needed. For example, this build has exceeded 5 minutes but there was no indication of the timeout getting exceeded:

https://lambci-buildresults-s0ynpdlndv0i.s3.amazonaws.com/gh/digitalsanctum/guava/builds/2/e3fb54dccc4353763d6ba981b59e6dd8.html

GCF is in alpha at the moment, and the API is still changing pretty rapidly (HTTP endpoints just changed signature completely).

Will need a fair bit of research to see if we can achieve the same sort of async model, or whether GCF will require the HTTP connection to be open for the entire build (which would pretty much be a no-go)

It'd be handy, if the ECS cluster scaled on its own. I imagine the flow like the following:

1. LambCI gets a SNS event.
2. The lambda checks if there are instances in the Auto Scaling Group.
3. If there are none, it sets the desired capacity to a configurable number.
4. Waits, lets say, a minute, checks if the number of running instances equals to the desired number. If not, it resends the event to the same topic and exit. The resend is needed to workaround the 5 minutes limit.

In addition to that, the user could make a CPU Usage Alarm to scale down the group.

We are using Terraform and Apex to do Serverless. This is an enhancement request to implement Terraform script and if supported apex.io layout. I can create a PR if accepted.

The https://github.com/lambci/lambci#security section is very helpful.

I wonder if it would be even more helpful if the implications of publishing private repo build logs was added?

GCC is a big pain to build statically, or try to install anywhere except in system directories (which we don't have permissions to do on Lambda)

Clang installs out of the box using the prebuilt CentOS6 binaries:

curl -sSL http://llvm.org/releases/3.8.0/clang+llvm-3.8.0-linux-x86_64-centos6.tar.xz | tar -C /tmp -xJ
export CC=/tmp/clang+llvm-3.8.0-linux-x86_64-centos6/bin/clang
export CXX=/tmp/clang+llvm-3.8.0-linux-x86_64-centos6/bin/clang++
export PATH=/tmp/clang+llvm-3.8.0-linux-x86_64-centos6/bin:$PATH
clang --version

But most programs still need the various system header files installed, so we need to put some time into determining what a good subset of these would be, and where they should go, and what various env variables, etc need to be set to get them to work.

This would make it easier to see which repo is building/passing/failing when glancing at slack notifications on mobile devices.

Something like:

Build #x (started|passed|failed) on user/repository

Probably not a high priority, but it would be nice to have.

Considering #14, I wondered if this might be possible!

This isn't fully-baked :), but after having to copy/paste sbt init scripts across a few projects, and thinking about the same for deployment scripts, it might be nice to have support for automatically pulling in 3rd party/external plugin/tools repos?...

I'm imagining I'd specify like github repos somewhere in my config --

"plugins": [
{ "sbt" : "https://github.com/whatetever/whatever.git" },
{ "eb-deploy" : "https://github.com/something/something.git }"
]

And then these are automatically checked out under like .plugins/ in either the current workspace or somewhere consistent, or some path in an env var before executing the build so they can be referenced in the build command?

i.e. instead of ". ~/init-sbt", I would use ". $PLUGIN_PATH/sbt/init-sbt" or ". ~/.plugins/sbt/init-sbt"

maybe they don't even need short-names and can just reference the full github path?

I guess something like this could also be solved by just using git sub-modules?...

seems like it would be nice to have an easy way to provide shared build scripts across projects....

not sure it's a real issue just wanted to throw it out there as a nice to have.

thanks!

Haven't looked at this at all, but similar to other langs, it should be totally possible.

Just a question of whether we try to support rvm (probably) or rbenv, etc.

It would be great if LambCI would support Mercurial repos

There's a chance that LambCI could build its own pipeline implementation, but it should be very simple to add support, or even just documentation, for how to integrate with this:

https://aws.amazon.com/codepipeline/

Considering that we already have a git tarball for use on Lambda, and instructions for getting other software bundles to work, it might be beneficial to the community at large to create a separate repo/project for this.

At the very least, it could document recipes for getting various software packages running on Lambda – but ideally it would become a repository, potentially all hosted on S3 for fast access, where Lambda functions could download pre-packaged binaries

Lambda comes with Java 7 and 8 JREs but no SDKs (ie, no javac)

Will need to research to see how doable this is – if there's even enough disk space to get everything on there...?

EDIT: Have gotten Java 1.8 building, just need to create a package for 1.7

Copy from:

• https://github.com/lambci/lambci/blob/master/utils/config.js#L102

hey,

may I ask how you have created this architecture diagram?

I really appreciate it,
Timo

right now when a build approaches or exceeds the amazon limit it is still marked as "running" in github and the build ui on s3. would be nice if it was marked as failed instead.

Python 2.7 is already installed on Lambda, but it would be good to explore support for Python 3 – possibly through pyenv

I would find it useful to be able to specify branch names with a wildcard, e.g.

{
  "feature/*": true
}

So I can pipe all feature/* noise into a different slack channel.

does lambci currently support PhantomJs?

I'm using version V0.9.4
this is the error in the report:

> [email protected] install /tmp/lambci/build/MyCompany/myProject/node_modules/phantomjs
> node install.js

Downloading https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-1.9.8-linux-x86_64.tar.bz2
Saving to /tmp/phantomjs/phantomjs-1.9.8-linux-x86_64.tar.bz2
Receiving...

Received 12854K total.
Extracting tar contents (via spawned process)
Removing /tmp/lambci/build/MyCompany/myProject/node_modules/phantomjs/lib/phantom
Copying extracted folder /tmp/phantomjs/phantomjs-1.9.8-linux-x86_64.tar.bz2-extract-1468393502619/phantomjs-1.9.8-linux-x86_64 -> /tmp/lambci/build/MyCompany/myProject/node_modules/phantomjs/lib/phantom
Phantom installation failed { [Error: ENOSPC: no space left on device, write] errno: -28, code: 'ENOSPC', syscall: 'write' } Error: ENOSPC: no space left on device, write
    at Error (native)
npm ERR! tar.unpack untar error /tmp/lambci/home/.npm/brace-expansion/1.1.5/package.tgz
npm ERR! tar.unpack untar error /tmp/lambci/home/.npm/log4js/0.6.37/package.tgz
npm ERR! tar.unpack untar error /tmp/lambci/home/.npm/lodash/3.10.1/package.tgz
npm ERR! tar.unpack untar error /tmp/lambci/home/.npm/ws/1.0.1/package.tgz
npm ERR! tar.unpack untar error /tmp/lambci/home/.npm/babel-runtime/6.9.2/package.tgz
npm ERR! tar.unpack untar error /tmp/lambci/home/.npm/datejs/0.0.2/package.tgz
npm ERR! tar.unpack untar error /tmp/lambci/home/.npm/negotiator/0.4.9/package.tgz
..
..
..

Ruby - 2.3.1
Bundler - 1.12.5
bundle install fails for gems like pg, bcrypt.

Failed for gems -

• pg - 0.18.4
• crypt - 3.1.11

Hello, I'm trying to use LambCI for node project. I've followed the 3-step installation instruction and managed to get the CI working. The problem is that all tests failed with ECONNRESET error code after ~3:30 build time. If it's indeed a connection problem, I think there should be at least one successful build but I got none. I did some digging found a solution: upgrade node. But that's not possible on AWS (or is it? I'm new in this kind of thing, but I read that AWS lambda only supports node v0.10.36 and v4.3.2; node v4.4 supposedly fix this issue).

Are there any other solution to this? I'm using AWS us-west-2 region and LambCI version 0.9.6.

After i update my stack with new token nothing happened, i had to delete the stack and create new one with the new token.

How could we integrate deployment to a docker registry on successful build

Currently secrets (such as the GitHub and Slack API keys) are stored as plaintext (along with the rest of the config) in DynamoDB. Only those with DynamoDB access can see these credentials, and a lot of effort is made to ensure this is not visible in public builds – but, it would be good to have the option to be able store and retrieve these secrets from KMS:

https://aws.amazon.com/kms/

This is partially, but not quite, working with GitHub Enterprise. Would love the ability to specify a GitHub Enterprise URL in the CloudFormation setup.

I'm wanting to have some build code that makes some decisions based on what files are changed, or even possibly details in the commit message.

Is there any existing way to do this? I know lambCI has these details, but I don't know if it is passed down?

It should (?) be possible to get PHP builds running – just haven't had any time to look into getting a PHP bundle on Lambda.

Questions include whether we can try to get phpenv running, and what PHP binaries/scripts we install. phpunit, Pyrus, pear, composer?

I'm trying to figure out how you execute the zip command inside of lambda. It seems that zip is not found in my lambda environment, I don't see it packaged with lambCI anywhere. I've tried executing yum to install it but this requires root access, and sudo isn't present.

I'm trying to have lambCI deploy a lambda function. Since lambCI eats it's own dogfood I'm thinking you've had to solved this.

TIA
Jesse

I feel the winds of gitlab coming, We are trying it where I work.