Skip to content

v0.15.2

Choose a tag to compare

View all tags
@github-actions github-actions released this 27 May 04:36
· 369 commits to main since this release
v0.15.2
4aaa029
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Highlights

Native Kubernetes backend for Lambda execution (#1234). When fakecloud runs inside Kubernetes (CI pipelines, dev clusters), set FAKECLOUD_LAMBDA_BACKEND=k8s and Lambda functions now spawn as native Pods instead of requiring docker-in-docker. Privileged-pod requirement gone, real resource requests/limits per function, debuggable via kubectl logs/describe.

Docs + setup yaml: https://fakecloud.dev/docs/guides/kubernetes-backend/

Lambda Kubernetes backend

Each Lambda invocation that isn't already warm spawns a Pod with:

  • AWS Runtime Interface Emulator image as the main container (public.ecr.aws/lambda/<runtime>:<version> for zip functions, the user's image for PackageType=Image).
  • A busybox init container that downloads the function's code zip + attached layers from bearer-token-protected internal endpoints and unpacks them into shared emptyDir volumes at /var/task and /opt.
  • Memory requests/limits sized from MemorySize; /tmp as emptyDir { medium: Memory, sizeLimit: EphemeralStorage.Size }.
  • restartPolicy: Never matching today's Docker container semantics.
  • Per-process bearer token (regenerated each fakecloud start, never persisted/logged).
  • Startup reaper deletes orphan Pods labeled with a foreign fakecloud-instance.

Same warm-pool semantics as the Docker backend: one Pod handles N invocations until idle TTL evicts it. PRs: #1534 (trait extraction), #1535 (backend), #1536 (kind integration tests + CI).

Out of scope for this release: ECS, RDS, ElastiCache runtimes still shell out to Docker — folding those into the same trait pattern is planned but not yet scheduled. Lambda alone covers the most common CI use case.

CI / release infrastructure

  • npm publishing now uses OIDC Trusted Publishing (#1541, #1543). The NPM_TOKEN secret is gone; GitHub's OIDC token is exchanged for a short-lived publish credential per release run. Each tarball now ships with a sigstore-signed provenance attestation visible as the "Provenance" badge on npmjs.
  • Manual npm publish escape hatch added to release.yml via workflow_dispatch with a tag input. Recovers from registry hiccups at tag time without forcing every other job to re-publish (Maven Central rejects re-publish; Go/PHP tags already exist; etc.).

Bug fixes

  • Website build unblocked (#1537). website/content/docs/operations/_index.md declared template = "docs-page.html" but that template references page.title — it's a section, not a page. Every zola build had been failing for ~2 days; all /docs/... URLs returned 404. Switched to docs.html (the section template).

Notes for npm consumers

fakecloud@0.15.1 was not published to npm — the original release run failed at the npm-publish step due to an expired NPM_TOKEN, and by the time OIDC was wired in, npm provenance validation found the missing repository.url field in package.json. fakecloud@0.15.2 is the first 0.15.x publish on npm and includes everything from 0.15.1. Use npm install fakecloud@0.15.2.

All other registries (crates.io, PyPI, Maven Central, Packagist, Go) have both 0.15.1 and 0.15.2.

Full changelog

v0.15.0...v0.15.2

Assets 10
Loading