feat(lambda-go): allow configuration of GOPROXY (#23171)

We used to require direct Go package access, because Go proxies may be blocked by corporate network policies (and wouldn't you know it, it actually is at our particular workplace 🙃).

This produces a good bit of instability in our CI builds though, as `gopkg.in` website which is used to reference some of our transitive dependencies is regularly experiencing downtime.

Make Go proxies configurable and switch them back on in CI builds.


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

packages/@aws-cdk/aws-lambda-go/README.md

@@ -170,6 +170,19 @@ new go.GoFunction(this, 'handler', {
 });
 ```
 
+By default this construct doesn't use any Go module proxies. This is contrary to
+a standard Go installation, which would use the Google proxy by default. To
+recreate that behavior, do the following:
+
+```ts
+new go.GoFunction(this, 'GoFunction', {
+  entry: 'app/cmd/api',
+  bundling: {
+    goProxies: [go.GoFunction.GOOGLE_GOPROXY, 'direct'],
+  },
+});
+```
+
 ## Command hooks
 
 It is  possible to run additional commands by specifying the `commandHooks` prop:

packages/@aws-cdk/aws-lambda-go/lib/bundling.ts

@@ -106,14 +106,18 @@ export class Bundling implements cdk.BundlingOptions {
 
     const cgoEnabled = props.cgoEnabled ? '1' : '0';
 
-    const environment = {
+    const environment: Record<string, string> = {
       CGO_ENABLED: cgoEnabled,
       GO111MODULE: 'on',
       GOARCH: props.architecture.dockerPlatform.split('/')[1],
       GOOS: 'linux',
       ...props.environment,
     };
 
+    if (props.goProxies) {
+      environment.GOPROXY = props.goProxies.join(',');
+    }
+
     // Docker bundling
     const shouldBuildImage = props.forcedDockerBundling || !Bundling.runsLocally;
     this.image = shouldBuildImage

packages/@aws-cdk/aws-lambda-go/lib/function.ts

@@ -71,6 +71,11 @@ export interface GoFunctionProps extends lambda.FunctionOptions {
  * A Golang Lambda function
  */
 export class GoFunction extends lambda.Function {
+  /**
+   * The address of the Google Go proxy
+   */
+  public static readonly GOOGLE_GOPROXY = 'https://proxy.golang.org';
+
   constructor(scope: Construct, id: string, props: GoFunctionProps) {
     if (props.runtime && (props.runtime.family !== lambda.RuntimeFamily.GO && props.runtime.family != lambda.RuntimeFamily.OTHER)) {
       throw new Error('Only `go` and `provided` runtimes are supported.');

packages/@aws-cdk/aws-lambda-go/lib/types.ts

@@ -96,6 +96,28 @@ export interface BundlingOptions {
    * @default - false
    */
   readonly cgoEnabled?: boolean;
+
+  /**
+   * What Go proxies to use to fetch the packages involved in the build
+   *
+   * Pass a list of proxy addresses in order, and/or the string `'direct'` to
+   * attempt direct access.
+   *
+   * By default this construct uses no proxies, but a standard Go install would
+   * use the Google proxy by default. To recreate that behavior, do the following:
+   *
+   * ```ts
+   * new go.GoFunction(this, 'GoFunction', {
+   *   entry: 'app/cmd/api',
+   *   bundling: {
+   *     goProxies: [go.GoFunction.GOOGLE_GOPROXY, 'direct'],
+   *   },
+   * });
+   * ```
+   *
+   * @default - Direct access
+   */
+  readonly goProxies?: string[];
 }
 
 /**

packages/aws-cdk/test/integ/cli/sam_cdk_integ_app/lib/test-stack.js

@@ -20,6 +20,8 @@ if (process.env.PACKAGE_LAYOUT_VERSION === '1') {
   var { RetentionDays } = require('aws-cdk-lib/aws-logs');
 }
 
+const isRunningOnCodeBuild = !!process.env.CODEBUILD_BUILD_ID;
+
 class CDKSupportDemoRootStack extends Stack{
   constructor(scope, id, props) {
     super(scope, id, props);
@@ -99,6 +101,8 @@ class CDKSupportDemoRootStack extends Stack{
       entry: './src/go/GoFunctionConstruct',
       bundling: {
         forcedDockerBundling: true,
+        // Only use Google proxy in the CI tests, as it is blocked on workstations
+        goProxies: isRunningOnCodeBuild ? [GoFunction.GOOGLE_GOPROXY, 'direct'] : undefined,
       },
     });