PyPI - repro-lambda - Versions diffs - 0.4.0__tar.gz → 0.4.2__tar.gz - Mend

repro-lambda 0.4.0tar.gz → 0.4.2tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (60) hide show

repro_lambda-0.4.2/.github/workflows/move-major-tag.yml ADDED Viewed

@@ -0,0 +1,28 @@
+name: move-major-tag
+# On every semver release tag (vX.Y.Z), force-move the sliding MAJOR tag vX to it,
+# so consumers can pin `@v0` (or `@v1` once 1.x ships) and always get the latest
+# backward-compatible reusable workflows. While the project is 0.x the major is `v0`.
+#
+# Safe by construction: publish.yml triggers on `v*.*.*` only, so moving a non-semver
+# tag (v0) never loop-triggers a publish; and a tag pushed by GITHUB_TOKEN does not
+# retrigger any workflow.
+on:
+  push:
+    tags: ["v*.*.*"]
+permissions:
+  contents: write
+jobs:
+  move:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v7
+      - name: Force-move sliding major tag
+        env:
+          TAG: ${{ github.ref_name }}
+        run: |
+          MAJOR="${TAG%%.*}"   # v0.4.1 -> v0
+          git tag -f "$MAJOR" "$TAG"
+          git push -f origin "refs/tags/$MAJOR"

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/CHANGELOG.md RENAMED Viewed

@@ -1,5 +1,15 @@
 # Changelog
+## v0.4.2 - 2026-06-21
+### Added
+- Per-lambda builder overrides: any `[[lambda]]` may now set `base_image_python`, `include_patterns`, or `exclude_patterns` to override the `[builder]` defaults for itself. An override fully REPLACES the matching default (lists are not merged); an unset field inherits `[builder]`. A per-lambda `base_image_python` must still be digest-pinned (validated at manifest load). This lets one lambda build on its own base image or filter its source more tightly than the others - e.g. a lambda that bundles a large prebuilt tree can narrow `include_patterns` to just its runtime modules so unrelated file changes no longer re-key its artifact. The resolved per-lambda builder (base-image digest + include/exclude lists + builder version) folds into the content hash, so changing an override re-keys only that lambda. Manifests with no per-lambda overrides resolve to the `[builder]` defaults unchanged. The builder version bump re-keys all content hashes, as expected.
+## v0.4.1 - 2026-06-21
+### Fixed
+- Lower the pip `--platform` floor from `manylinux_2_28` to `manylinux_2_17` (manylinux2014) for both arches. pip's explicit `--platform` does not expand a higher manylinux tag down to lower-baseline wheels, so with `--only-binary=:all:` a `2_28` floor failed to find compiled wheels that ship only `manylinux_2_17` for a given Python/arch (e.g. `pydantic-core`). `manylinux_2_17` is the broadest baseline the AWS Lambda base images (Amazon Linux 2023, glibc 2.34) still run, and it matches `2_17` wheels plus any lower baseline. Pure-Python lambdas are unaffected (their `py3-none-any` wheels never depended on the platform). The builder version bump re-keys all content hashes, as expected.
 ## v0.4.0 - 2026-06-21
 ### Added
@@ -16,7 +26,7 @@
       jobs:
         promote:
-          uses: antonbabenko/repro-lambda/.github/workflows/promote.yml@v1
+          uses: antonbabenko/repro-lambda/.github/workflows/promote.yml@v0
           with:
             source_sha: ${{ inputs.source_sha }}
             promoter_role_arn: arn:aws:iam::<account>:role/<promoter-role>

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: repro-lambda
-Version: 0.4.0
+Version: 0.4.2
 Summary: Build reproducible AWS Lambda packages outside Terraform, optimized for terraform-aws-lambda by serverless.tf.
 Project-URL: Homepage, https://github.com/antonbabenko/repro-lambda
 Project-URL: Repository, https://github.com/antonbabenko/repro-lambda

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/SETUP.md RENAMED Viewed

@@ -260,20 +260,21 @@ on:
 jobs:
   build:
-    uses: antonbabenko/repro-lambda/.github/workflows/build.yml@v0.2.1
+    uses: antonbabenko/repro-lambda/.github/workflows/build.yml@v0
     with:
       manifest_path: lambdas.toml
-      repro_lambda_version: "0.2.1"
-    secrets:
-      aws-dev-role-arn: ${{ secrets.AWS_DEV_ROLE_ARN }}
-      aws-prod-role-arn: ${{ secrets.AWS_PROD_ROLE_ARN }}
+      aws_dev_role_arn: arn:aws:iam::<dev-account-id>:role/gha-lambda-builder-dev
+      dev_bucket: <env>-lambda-artifacts
+      # Optional - master-push upload to a prod bucket:
+      # aws_prod_role_arn: arn:aws:iam::<prod-account-id>:role/gha-lambda-builder-prod
+      # prod_bucket: <env>-lambda-artifacts
 ```
-Store the role ARNs (from the Terraform outputs above) as repo or organization
-secrets:
-- `AWS_DEV_ROLE_ARN` — `gha-lambda-builder-dev` role from the dev account
-- `AWS_PROD_ROLE_ARN` — `gha-lambda-builder-prod` role from the prod account
+Pin the reusable workflow with the sliding major tag `@v0` - it auto-moves to the
+latest backward-compatible 0.x release on every tag (switch to `@v1` once repro-lambda
+ships 1.0). The role ARNs are not secrets: the boundary is the OIDC trust policy plus
+the key-level bucket immutability, so they are plain inputs (only the account IDs,
+which are public), not stored secrets.
 ## Per-Lambda manifest
@@ -302,6 +303,33 @@ Pin the `base_image_python` to a specific digest with `docker pull <image> &&
 docker inspect --format='{{index .RepoDigests 0}}' <image>` — never use a
 floating tag in production.
+### Per-lambda builder overrides
+`[builder]` sets the defaults for every lambda. Any `[[lambda]]` may override
+`base_image_python`, `include_patterns`, or `exclude_patterns` for itself. An
+override REPLACES the default for that field (lists are not merged); an unset
+field inherits `[builder]`. Use this when one lambda needs a different base image
+or a tighter file filter (so it re-hashes only on changes that affect it):
+```toml
+[[lambda]]
+logical_name      = "worker"
+source_dir        = "src/worker"
+requirements_lock = "src/worker/requirements.${arch}.lock"
+runtime           = "python3.13"
+arch              = "arm64"
+handler           = "worker.handler"
+# Override: only this lambda's runtime modules trigger a rebuild, and it builds
+# on its own pinned base image. base_image_python must still be digest-pinned.
+base_image_python = "public.ecr.aws/lambda/python:3.13@sha256:<other-digest>"
+include_patterns  = ["worker/**/*.py", "worker/**/*.json"]
+exclude_patterns  = ["**/tests/**"]
+```
+The resolved per-lambda builder (base-image digest + include/exclude lists +
+builder version) folds into the content hash, so changing an override re-keys
+that lambda's artifact while leaving the others untouched.
 ## Terraform consumer — `s3_existing_package`
 In the Terraform that creates your Lambda function, point at the artifact in

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/pyproject.toml RENAMED Viewed

@@ -1,6 +1,6 @@
 [project]
 name = "repro-lambda"
-version = "0.4.0"
+version = "0.4.2"
 description = "Build reproducible AWS Lambda packages outside Terraform, optimized for terraform-aws-lambda by serverless.tf."
 readme = "README.md"
 requires-python = ">=3.11"

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/src/repro_lambda/__init__.py RENAMED Viewed

@@ -1,3 +1,3 @@
 """repro-lambda — reproducible AWS Lambda packaging outside Terraform."""
-__version__ = "0.4.0"
+__version__ = "0.4.2"

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/src/repro_lambda/build.py RENAMED Viewed

@@ -12,7 +12,7 @@ from repro_lambda import __version__
 from repro_lambda.catalog import Catalog, CatalogEntry
 from repro_lambda.docker_runner import build_nodejs_lambda, build_python_lambda
 from repro_lambda.hasher import compute_content_hash
-from repro_lambda.manifest import BuilderConfig, LambdaSpec
+from repro_lambda.manifest import BuilderConfig, LambdaSpec, resolve_builder
 from repro_lambda.s3_uploader import S3Uploader, UploadResult
 from repro_lambda.source_stager import stage_source
@@ -61,6 +61,7 @@ def compute_sha_for(
     builder: BuilderConfig,
 ) -> str:
     """Stage source and compute the content hash; tempdir disposed on exit."""
+    builder = resolve_builder(builder, spec)
     with tempfile.TemporaryDirectory(prefix="repro-lambda-") as td:
         stage_dir = Path(td)
         lock_path = repo_root / spec.resolved_requirements_lock
@@ -85,6 +86,8 @@ def compute_sha_for(
             builder_version=__version__,
             extra_files=extras,
             payload_exec=[(ef.dest, ef.executable) for ef in spec.extra_files],
+            include_patterns=builder.include_patterns,
+            exclude_patterns=builder.exclude_patterns,
         )
@@ -99,6 +102,7 @@ def build_one(
     dry_run: bool = False,
 ) -> BuildOutcome:
     """Build one lambda end-to-end. Returns BuildOutcome with sha + cache verdict."""
+    builder = resolve_builder(builder, spec)
     target_bucket = _bucket_for(spec, bucket)
     with tempfile.TemporaryDirectory(prefix="repro-lambda-") as td:
@@ -126,6 +130,8 @@ def build_one(
             builder_version=__version__,
             extra_files=extras,
             payload_exec=[(ef.dest, ef.executable) for ef in spec.extra_files],
+            include_patterns=builder.include_patterns,
+            exclude_patterns=builder.exclude_patterns,
         )
         bucket_key = f"lambdas/{spec.logical_name}/{sha}.zip"

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/src/repro_lambda/docker_runner.py RENAMED Viewed

@@ -12,9 +12,15 @@ ARCH_TO_DOCKER_PLATFORM: dict[str, str] = {
     "x86_64": "linux/amd64",
 }
+# manylinux_2_17 (== manylinux2014) is the broadest baseline the AWS Lambda base
+# images (Amazon Linux 2023, glibc 2.34) still run, and pip's explicit --platform does
+# NOT expand a higher tag (e.g. 2_28) down to lower-baseline wheels. Many compiled
+# wheels (e.g. pydantic-core) ship only manylinux_2_17 for a given Python/arch, so a
+# 2_28 floor misses them with --only-binary=:all:. 2_17 matches 2_17 wheels and, via
+# pip's tag expansion, any lower baseline too.
 ARCH_TO_PIP_PLATFORM: dict[str, str] = {
-    "arm64": "manylinux_2_28_aarch64",
-    "x86_64": "manylinux_2_28_x86_64",
+    "arm64": "manylinux_2_17_aarch64",
+    "x86_64": "manylinux_2_17_x86_64",
 }
 ARCH_TO_NPM_CPU: dict[str, str] = {

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/src/repro_lambda/hasher.py RENAMED Viewed

@@ -25,11 +25,14 @@ def compute_content_hash(
     *,
     extra_files: list[tuple[Path, str]] | None = None,
     payload_exec: list[tuple[str, bool]] | None = None,
+    include_patterns: list[str] | None = None,
+    exclude_patterns: list[str] | None = None,
 ) -> str:
     """
     sha256 over: sorted (relative-path, sha256(content)) tuples for the staged tree
     + sha256(requirements_lock) + spec scalars + base_image + builder_version
-    + optional extra_files keyed by destination relname (e.g. "package.json").
+    + optional resolved include/exclude filter lists + optional extra_files keyed by
+    destination relname (e.g. "package.json").
     Inputs are concatenated with newline separators in a fixed order, then hashed.
@@ -37,6 +40,12 @@ def compute_content_hash(
     (dest_relname, file_bytes) only - not the host path - so the hash is
     host-path-independent. Callers with no extras produce byte-identical hashes
     to v0.1 (the extras section is omitted entirely when extra_files is falsy).
+    include_patterns / exclude_patterns are the RESOLVED per-lambda filter lists.
+    They are folded sorted (membership is order-independent, so a pure reorder does
+    not re-key) and only when not None, so an explicit empty list (replace-with-empty)
+    hashes differently from an unset/None filter. Callers passing None omit the
+    section entirely, preserving hashes for code paths that do not resolve a builder.
     """
     h = hashlib.sha256()
@@ -62,6 +71,17 @@ def compute_content_hash(
     h.update(f"base_image={base_image}\n".encode())
     h.update(f"builder_version={builder_version}\n".encode())
+    if include_patterns is not None:
+        h.update(b"---include---\n")
+        for pat in sorted(include_patterns):
+            h.update(pat.encode("utf-8"))
+            h.update(b"\n")
+    if exclude_patterns is not None:
+        h.update(b"---exclude---\n")
+        for pat in sorted(exclude_patterns):
+            h.update(pat.encode("utf-8"))
+            h.update(b"\n")
     if extra_files:
         h.update(b"---extras---\n")
         # Sort by relname so staging order does not perturb the hash.

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/src/repro_lambda/manifest.py RENAMED Viewed

@@ -49,6 +49,11 @@ class LambdaSpec:
     hash_extra: str = ""
     package_json: str = ""
     extra_files: tuple[ExtraFile, ...] = ()
+    # Per-lambda builder overrides (REPLACE-once-set; None = inherit the [builder]
+    # default). base_image_python must stay digest-pinned. Resolved via resolve_builder().
+    base_image_python: str | None = None
+    include_patterns: list[str] | None = None
+    exclude_patterns: list[str] | None = None
     @property
     def resolved_requirements_lock(self) -> str:
@@ -82,6 +87,26 @@ class Manifest:
     builder: BuilderConfig
+def resolve_builder(default: BuilderConfig, spec: LambdaSpec) -> BuilderConfig:
+    """Resolve the effective builder for one lambda (REPLACE-once-set overrides).
+    Each per-lambda override fully REPLACES the matching [builder] default when set;
+    an unset override (None) inherits the default. An explicitly empty list replaces
+    with empty (stages/filters nothing) - the caller's choice, distinct from unset.
+    base_image_nodejs has no per-lambda override yet (add when a node lambda needs it).
+    """
+    return BuilderConfig(
+        base_image_python=spec.base_image_python or default.base_image_python,
+        base_image_nodejs=default.base_image_nodejs,
+        include_patterns=(
+            default.include_patterns if spec.include_patterns is None else spec.include_patterns
+        ),
+        exclude_patterns=(
+            default.exclude_patterns if spec.exclude_patterns is None else spec.exclude_patterns
+        ),
+    )
 def _parse_extra_files(path: Path, entry: dict) -> tuple[ExtraFile, ...]:
     """Parse + validate a lambda's optional [[lambda.extra_files]] entries."""
     parsed: list[ExtraFile] = []
@@ -160,6 +185,26 @@ def load_manifest(path: Path) -> Manifest:
         extra_files = _parse_extra_files(path, entry)
+        override_base_image = entry.get("base_image_python")
+        if override_base_image is not None and "@sha256:" not in override_base_image:
+            raise ValueError(
+                f"{path}: lambda {entry.get('logical_name')!r} base_image_python override must be "
+                f"pinned by digest (got {override_base_image!r}; need image@sha256:<digest>)"
+            )
+        override_include = entry.get("include_patterns")
+        override_exclude = entry.get("exclude_patterns")
+        for fname, fval in (
+            ("include_patterns", override_include),
+            ("exclude_patterns", override_exclude),
+        ):
+            if fval is not None and (
+                not isinstance(fval, list) or not all(isinstance(x, str) for x in fval)
+            ):
+                raise ValueError(
+                    f"{path}: lambda {entry.get('logical_name')!r} {fname} override "
+                    f"must be a list of strings (got {fval!r})"
+                )
         lambdas.append(
             LambdaSpec(
                 logical_name=entry["logical_name"],
@@ -174,6 +219,9 @@ def load_manifest(path: Path) -> Manifest:
                 lambda_at_edge=bool(entry.get("lambda_at_edge", False)),
                 hash_extra=entry.get("hash_extra", ""),
                 extra_files=extra_files,
+                base_image_python=override_base_image,
+                include_patterns=list(override_include) if override_include is not None else None,
+                exclude_patterns=list(override_exclude) if override_exclude is not None else None,
             )
         )

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/src/repro_lambda/verify.py RENAMED Viewed

@@ -7,7 +7,7 @@ import tempfile
 from pathlib import Path
 from repro_lambda.docker_runner import build_nodejs_lambda, build_python_lambda
-from repro_lambda.manifest import BuilderConfig, LambdaSpec
+from repro_lambda.manifest import BuilderConfig, LambdaSpec, resolve_builder
 from repro_lambda.source_stager import stage_source
@@ -45,6 +45,7 @@ def verify_reproducible(
     Returns (sha_build_1, sha_build_2) on match. Raises ReproducibilityError on mismatch.
     """
+    builder = resolve_builder(builder, spec)
     lock_path = repo_root / spec.resolved_requirements_lock
     extras = _extras_for(spec, lock_path, repo_root)

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/tests/test_docker_runner.py RENAMED Viewed

@@ -20,8 +20,8 @@ def test_arch_mapping_tables_are_complete():
 def test_arch_mapping_values():
     assert ARCH_TO_DOCKER_PLATFORM["arm64"] == "linux/arm64"
     assert ARCH_TO_DOCKER_PLATFORM["x86_64"] == "linux/amd64"
-    assert ARCH_TO_PIP_PLATFORM["arm64"] == "manylinux_2_28_aarch64"
-    assert ARCH_TO_PIP_PLATFORM["x86_64"] == "manylinux_2_28_x86_64"
+    assert ARCH_TO_PIP_PLATFORM["arm64"] == "manylinux_2_17_aarch64"
+    assert ARCH_TO_PIP_PLATFORM["x86_64"] == "manylinux_2_17_x86_64"
 def test_build_python_lambda_raises_on_unknown_arch(tmp_path: Path):

repro_lambda-0.4.2/tests/test_per_lambda_builder.py ADDED Viewed

@@ -0,0 +1,231 @@
+"""Per-lambda builder overrides (base image / include / exclude), REPLACE-once-set."""
+import subprocess
+from pathlib import Path
+import pytest
+from repro_lambda.build import compute_sha_for
+from repro_lambda.hasher import compute_content_hash
+from repro_lambda.manifest import (
+    BuilderConfig,
+    LambdaSpec,
+    load_manifest,
+    resolve_builder,
+)
+PINNED_IMAGE = "public.ecr.aws/lambda/python:3.13@sha256:" + "0" * 64
+OTHER_IMAGE = "public.ecr.aws/lambda/python:3.13@sha256:" + "1" * 64
+def _spec(**kw) -> LambdaSpec:
+    base = dict(
+        logical_name="app",
+        source_dir="handler",
+        requirements_lock="handler/requirements.${arch}.lock",
+        runtime="python3.13",
+        arch="arm64",
+        handler="app.lambda_handler",
+    )
+    base.update(kw)
+    return LambdaSpec(**base)
+def _default_builder() -> BuilderConfig:
+    return BuilderConfig(
+        base_image_python=PINNED_IMAGE,
+        include_patterns=["**/*.py", "**/*.json"],
+        exclude_patterns=["tests/**"],
+    )
+# --- manifest parse / validate --------------------------------------------
+def _write_manifest(tmp_path: Path, lambda_overrides_toml: str) -> Path:
+    p = tmp_path / "lambdas.toml"
+    p.write_text(
+        "[[lambda]]\n"
+        'logical_name      = "app"\n'
+        'source_dir        = "handler"\n'
+        'requirements_lock = "handler/requirements.${arch}.lock"\n'
+        'runtime           = "python3.13"\n'
+        'arch              = "arm64"\n'
+        'handler           = "app.lambda_handler"\n'
+        f"{lambda_overrides_toml}"
+        "\n[builder]\n"
+        f'base_image_python = "{PINNED_IMAGE}"\n'
+    )
+    return p
+def test_manifest_parses_per_lambda_builder_overrides(tmp_path: Path):
+    manifest = _write_manifest(
+        tmp_path,
+        f'base_image_python = "{OTHER_IMAGE}"\n'
+        'include_patterns  = ["**/*.py"]\n'
+        'exclude_patterns  = ["tests/**", "docs/**"]\n',
+    )
+    spec = load_manifest(manifest).lambdas[0]
+    assert spec.base_image_python == OTHER_IMAGE
+    assert spec.include_patterns == ["**/*.py"]
+    assert spec.exclude_patterns == ["tests/**", "docs/**"]
+def test_manifest_overrides_default_to_none(tmp_path: Path):
+    spec = load_manifest(_write_manifest(tmp_path, "")).lambdas[0]
+    assert spec.base_image_python is None
+    assert spec.include_patterns is None
+    assert spec.exclude_patterns is None
+def test_manifest_explicit_empty_include_is_empty_list_not_none(tmp_path: Path):
+    spec = load_manifest(_write_manifest(tmp_path, "include_patterns = []\n")).lambdas[0]
+    assert spec.include_patterns == []  # explicit empty != unset
+def test_manifest_rejects_unpinned_override_base_image(tmp_path: Path):
+    manifest = _write_manifest(
+        tmp_path, 'base_image_python = "public.ecr.aws/lambda/python:3.13"\n'
+    )
+    with pytest.raises(ValueError, match="must be pinned by digest"):
+        load_manifest(manifest)
+def test_manifest_rejects_non_list_include(tmp_path: Path):
+    manifest = _write_manifest(tmp_path, 'include_patterns = "**/*.py"\n')
+    with pytest.raises(ValueError, match="must be a list of strings"):
+        load_manifest(manifest)
+def test_manifest_rejects_non_string_in_exclude(tmp_path: Path):
+    manifest = _write_manifest(tmp_path, "exclude_patterns = [1, 2]\n")
+    with pytest.raises(ValueError, match="must be a list of strings"):
+        load_manifest(manifest)
+# --- resolve_builder (REPLACE-once-set) ------------------------------------
+def test_resolve_inherits_default_when_unset():
+    default = _default_builder()
+    resolved = resolve_builder(default, _spec())
+    assert resolved.base_image_python == PINNED_IMAGE
+    assert resolved.include_patterns == ["**/*.py", "**/*.json"]
+    assert resolved.exclude_patterns == ["tests/**"]
+def test_resolve_replaces_each_set_field():
+    default = _default_builder()
+    spec = _spec(
+        base_image_python=OTHER_IMAGE,
+        include_patterns=["src/**/*.py"],
+        exclude_patterns=["docs/**"],
+    )
+    resolved = resolve_builder(default, spec)
+    assert resolved.base_image_python == OTHER_IMAGE
+    assert resolved.include_patterns == ["src/**/*.py"]
+    assert resolved.exclude_patterns == ["docs/**"]
+def test_resolve_empty_list_replaces_with_empty():
+    default = _default_builder()
+    resolved = resolve_builder(default, _spec(exclude_patterns=[]))
+    assert resolved.exclude_patterns == []  # replace, not inherit
+def test_resolve_preserves_default_nodejs_image():
+    default = BuilderConfig(base_image_python=PINNED_IMAGE, base_image_nodejs="node@sha256:abc")
+    resolved = resolve_builder(default, _spec(base_image_python=OTHER_IMAGE))
+    assert resolved.base_image_nodejs == "node@sha256:abc"
+# --- hash folds resolved include/exclude -----------------------------------
+def _staged_tree(tmp_path: Path) -> tuple[Path, Path]:
+    root = tmp_path / "source"
+    root.mkdir(parents=True)
+    (root / "app.py").write_text("x = 1\n")
+    lock = tmp_path / "requirements.lock"
+    lock.write_text("")
+    return root, lock
+def _hash(root: Path, lock: Path, **kw) -> str:
+    return compute_content_hash(
+        staged_source_root=root,
+        requirements_lock=lock,
+        spec=_spec(),
+        base_image=PINNED_IMAGE,
+        builder_version="0.4.2",
+        **kw,
+    )
+def test_hash_none_filters_is_stable(tmp_path: Path):
+    root, lock = _staged_tree(tmp_path)
+    assert _hash(root, lock) == _hash(root, lock, include_patterns=None, exclude_patterns=None)
+def test_hash_rekeys_when_exclude_differs(tmp_path: Path):
+    root, lock = _staged_tree(tmp_path)
+    a = _hash(root, lock, include_patterns=["**/*.py"], exclude_patterns=["tests/**"])
+    b = _hash(root, lock, include_patterns=["**/*.py"], exclude_patterns=["tests/**", "docs/**"])
+    assert a != b
+def test_hash_none_differs_from_explicit_empty(tmp_path: Path):
+    root, lock = _staged_tree(tmp_path)
+    unset = _hash(root, lock, include_patterns=None)
+    empty = _hash(root, lock, include_patterns=[])
+    assert unset != empty  # unset omits the section; [] emits an empty section marker
+def test_hash_pattern_reorder_does_not_rekey(tmp_path: Path):
+    root, lock = _staged_tree(tmp_path)
+    a = _hash(root, lock, exclude_patterns=["a/**", "b/**"])
+    b = _hash(root, lock, exclude_patterns=["b/**", "a/**"])
+    assert a == b  # membership is order-independent -> sorted fold
+# --- compute_sha_for integration (git-backed) ------------------------------
+def _git_repo(tmp_path: Path) -> Path:
+    repo = tmp_path / "repo"
+    (repo / "handler" / "tests").mkdir(parents=True)
+    (repo / "handler" / "app.py").write_text("def lambda_handler(e, c): return 200\n")
+    (repo / "handler" / "tests" / "test_app.py").write_text("def test_x(): pass\n")
+    (repo / "handler" / "requirements.arm64.lock").write_text("")
+    subprocess.run(["git", "init", "-q"], cwd=repo, check=True)
+    subprocess.run(["git", "config", "user.email", "t@t"], cwd=repo, check=True)
+    subprocess.run(["git", "config", "user.name", "t"], cwd=repo, check=True)
+    subprocess.run(["git", "add", "."], cwd=repo, check=True)
+    subprocess.run(["git", "commit", "-qm", "init"], cwd=repo, check=True)
+    return repo
+def test_compute_sha_for_rekeys_on_per_lambda_exclude(tmp_path: Path):
+    repo = _git_repo(tmp_path)
+    default = BuilderConfig(
+        base_image_python=PINNED_IMAGE,
+        include_patterns=["**/*.py"],
+        exclude_patterns=[],
+    )
+    # Lambda A keeps tests; lambda B excludes them -> different staged tree -> different sha.
+    spec_keep = _spec()
+    spec_drop = _spec(exclude_patterns=["**/tests/**"])
+    sha_keep = compute_sha_for(repo_root=repo, spec=spec_keep, builder=default)
+    sha_drop = compute_sha_for(repo_root=repo, spec=spec_drop, builder=default)
+    assert sha_keep != sha_drop
+def test_compute_sha_for_rekeys_on_per_lambda_base_image(tmp_path: Path):
+    repo = _git_repo(tmp_path)
+    default = BuilderConfig(base_image_python=PINNED_IMAGE, include_patterns=["**/*.py"])
+    sha_default = compute_sha_for(repo_root=repo, spec=_spec(), builder=default)
+    sha_override = compute_sha_for(
+        repo_root=repo, spec=_spec(base_image_python=OTHER_IMAGE), builder=default
+    )
+    assert sha_default != sha_override

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/uv.lock RENAMED Viewed

@@ -646,7 +646,7 @@ wheels = [
 [[package]]
 name = "repro-lambda"
-version = "0.4.0"
+version = "0.4.2"
 source = { editable = "." }
 dependencies = [
     { name = "boto3" },

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/.github/workflows/build.yml RENAMED Viewed

File without changes

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/.github/workflows/ci.yml RENAMED Viewed

File without changes

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/.github/workflows/promote.yml RENAMED Viewed

File without changes

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/.github/workflows/publish.yml RENAMED Viewed

File without changes

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/.gitignore RENAMED Viewed

File without changes

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/.pre-commit-config.yaml RENAMED Viewed

File without changes

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/LICENSE RENAMED Viewed

File without changes

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/README.md RENAMED Viewed

File without changes

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/src/repro_lambda/__main__.py RENAMED Viewed

File without changes

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/src/repro_lambda/catalog.py RENAMED Viewed

File without changes

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/src/repro_lambda/cli.py RENAMED Viewed

File without changes

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/src/repro_lambda/git_guard.py RENAMED Viewed

File without changes

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/src/repro_lambda/promote.py RENAMED Viewed

File without changes

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/src/repro_lambda/s3_uploader.py RENAMED Viewed

File without changes

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/src/repro_lambda/source_stager.py RENAMED Viewed

File without changes

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/src/repro_lambda/zip_packager.py RENAMED Viewed

File without changes

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/tests/__init__.py RENAMED Viewed

File without changes

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/tests/conftest.py RENAMED Viewed

File without changes

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/tests/fixtures/sample_nodejs_lambda/handler/index.js RENAMED Viewed

File without changes

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/tests/fixtures/sample_nodejs_lambda/handler/package-lock.json RENAMED Viewed

File without changes

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/tests/fixtures/sample_nodejs_lambda/handler/package.json RENAMED Viewed

File without changes

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/tests/fixtures/sample_nodejs_lambda/lambdas.toml RENAMED Viewed

File without changes

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/tests/fixtures/sample_python_lambda/handler/app.py RENAMED Viewed

File without changes

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/tests/fixtures/sample_python_lambda/handler/requirements.arm64.lock RENAMED Viewed

File without changes

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/tests/fixtures/sample_python_lambda/handler/requirements.in RENAMED Viewed

File without changes

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/tests/fixtures/sample_python_lambda/lambdas.toml RENAMED Viewed

File without changes

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/tests/test_build_integration.py RENAMED Viewed

File without changes

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/tests/test_build_nodejs.py RENAMED Viewed

File without changes

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/tests/test_catalog.py RENAMED Viewed

File without changes

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/tests/test_cli_build.py RENAMED Viewed

File without changes

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/tests/test_cli_lock.py RENAMED Viewed

File without changes

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/tests/test_cli_smoke.py RENAMED Viewed

File without changes

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/tests/test_docker_runner_nodejs.py RENAMED Viewed

File without changes

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/tests/test_e2e_nodejs_lambda.py RENAMED Viewed

File without changes

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/tests/test_e2e_python_lambda.py RENAMED Viewed

File without changes

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/tests/test_extra_files.py RENAMED Viewed

File without changes

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/tests/test_git_guard.py RENAMED Viewed

File without changes

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/tests/test_hasher.py RENAMED Viewed

File without changes

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/tests/test_manifest.py RENAMED Viewed

File without changes

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/tests/test_promote.py RENAMED Viewed

File without changes

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/tests/test_python_byte_compat_regression.py RENAMED Viewed

File without changes

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/tests/test_s3_uploader.py RENAMED Viewed

File without changes

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/tests/test_source_stager.py RENAMED Viewed

File without changes

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/tests/test_verify.py RENAMED Viewed

File without changes

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/tests/test_zip_excludes.py RENAMED Viewed

File without changes

{repro_lambda-0.4.0 → repro_lambda-0.4.2}/tests/test_zip_packager.py RENAMED Viewed

File without changes

repro-lambda 0.4.0__tar.gz → 0.4.2__tar.gz

repro-lambda 0.4.0tar.gz → 0.4.2tar.gz