feat: add support for bin-scripts (python only)

[kozlove-aws]

Problem

JSII is missing functionality for packing and using bin scripts from Python package.

Solution

Were extended assembly and project-info properties for bin-scripts.
Added generation scripts for each script in bin section.
Added section scripts to pyhon.py script.

Testing

Was build project with changed scripts and checked that file .jsii contains bin section.
Also was checked that without bin section in package.json empty bin section was not created in .jsii file.
Was created package and verified that scripts were created and paths to it were added to setup.py.

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[RomainMuller]

Let's tighten this one up from the start (cannot fix the older fields to readonly because... backwards-compatibility... but we can be nice with the new ones!)

Suggested change

	bin?: { [script: string]: string };
	bin?: { readonly [script: string]: string };

[RomainMuller]

I like being explicit here (JS' truthiness/falsiness is a little awkward)

Suggested change

	if (this.assembly.bin) {
	if (this.assembly.bin != null) {

[RomainMuller]

Suggested change

	const scripts = Object.keys(this.assembly.bin);
	for (const script of scripts) {
	code.line(`print('${script}: ${this.assembly.bin[script]}');`);
	}
	const scripts = Object.keys(this.assembly.bin);
	for (const [name, path] of Object.entries(this.assembly.bin)) {
	code.line(`print('${name}: ${path}');`);
	}

[RomainMuller]

Suggested change

	readonly args?: string[];
	readonly args?: readonly string[];

[RomainMuller]

It's probably going to be more efficient to use the same node runtime that is used by the Kernel process (and it's also going to be safer in Windows):

• process.execPath contains the path to the node binary that runs the current process.
• process.execArgv contains the node arguments that the current process received.

The -- indicates the end of node options and guarantees that none of your own command options are possibly interpreted by node itself.

Suggested change

	'node',
	[path.join(this._getPackageDir(req.pkgname), req.script)].concat(
	req.args ?? [],
	),
	process.execPath,
	[
	...process.execArgv,
	'--',
	path.join(this._getPackageDir(req.pkgname), req.script),
	...req.args ?? [],
	],

[RomainMuller]

I don't think this is necessary

Suggested change

sandbox.create({ fqn: 'jsii-calc.Calculator' });

[RomainMuller]

I would rather try to make sure we are consistent with how we refer to those concepts... in this case, we refer to assemblies (since the value that ought to be passed here is the same that was passed to LoadRequest.assembly).

Suggested change

	readonly pkgname: string;
	readonly assembly: string;

[RomainMuller]

I think the script value provided should not be a path, instead it should be a key from the bin map that was gathered from package.json during compilation.

You need to validate the script name was in the map, and fail if not (you don't want to allow a request to run anything from anywhere, that's kind of a bad security posture to have. Then, you need to use the value that corresponds to the bin key that was requested in order to compose the final executable path.

Maybe we shouldn't actually use node shell out here... Your NPM package's bin script might not actually be a node script (could be shell script, could be something else). On the other hand it might be tricky to make this work smooth on Windows if we skip the shell out (I guess it's a good first step?)

[RomainMuller]

This might be null if the app was killed by a signal... Might want to also pass signal though.
The contract for spawnSync guarantees that exactly one of result.status and result.signal will be non-null.

Following my suggestion for the type change above... This would be something like:

Suggested change

	status: result.status,
	status: result.status != null
	? { code: result.status }
	: { signal: result.signal! }, // <- The `!` is to signal we "know" `result.signal` cannot be `null` here

[kozlove-aws]

I do not think that it is a good idea to add as result one of property. It could be really inconvenient to parse such property.
What do you think if we add signal as additional property?

[RomainMuller]

Let's try to keep fingerprint last here, at least for now.

Suggested change

	fingerprint: '<TBD>',
	bin: this.projectInfo.bin,
	bin: this.projectInfo.bin,
	fingerprint: '<TBD>',

[RomainMuller]

I think the duplication defense here is not necessary (it also does not hurt!)

[kozlove-aws]

It does not hurt but looks strange when the same script appeared several times.

[RomainMuller]

But... it shouldn't... I mean a script can only be registered once... so if we have duplicates, it could mean something wrong happened somewhere else?

[kozlove-aws]

You are right. I have made some tests and have not found any dublicates.

[RomainMuller]

We tend to prefer this form for some reason:

Suggested change

	const scripts: string[] = [];
	const scripts = new Array<string>();

[kozlove-aws]

I just to try keep style of this file. Such structure appear 5 times in this script.

[RomainMuller]

You will probably run into issues doing that, because this flow never loads the current package's dependencies into the kernel...

Instead of re-doing this, you should import the module that actually initializes things correctly:

import ._jsii # <- And voilà, dependencies and the current module are loaded!

[kozlove-aws]

Do not really understand what do you mean here?

[RomainMuller]

So sorry - this was closed in error as the master branch was renamed to main. Apologies!

[RomainMuller]

The script might not be a node script (could be bash, etc...), so this feels a little unsafe.

Suggested change

	const result = cp.spawnSync(
	process.execPath,
	[
	...process.execArgv,
	'--',
	path.join(packageDir, scriptPath),
	...(req.args ?? []),
	],
	{ encoding: 'utf-8' },
	);
	const result = cp.spawnSync(
	path.join(packageDir, scriptPath),
	req.args ?? [],
	{
	encoding: 'utf-8',
	env: {
	...process.env,
	// Make sure the current NODE_OPTIONS are honored if we shell out to node
	NODE_OPTIONS: process.execArgv.join(' '),
	// Make sure "this" node is ahead of $PATH just in case
	PATH: `${path.dirname(process.execPath)}:${process.env.PATH}`,
	},
	shell: true,
	},
	);

[RomainMuller]

You probably should also asset the value of stderr, status and signal.

[RomainMuller]

That doesn't appear to be necessary.

[RomainMuller]

Why not scripts.push(...mod.emitBinScripts(code))?

[kozlove-aws]

I just not very familiar with typescript so had no idea about '...' operator. Your version is better.

[RomainMuller]

Might be interesting to rename bin/calc to something else to remove the "coincidence" that it matches the script's name (the key here).

For example, you could call it bin/run instead.

There's also a chance this does not test fine on Windows (because Windows is hard 🤓). In such cases you'd need to drop in a CMD entry point (I'll give you more info on this once we know this is necessary, hopefully it won't be).

[kozlove-aws]

Good idea.

[RomainMuller]

@Mergifyio update

[mergify]

Command update: success

Branch has been successfully updated

[mergify]

Thank you for contributing! ❤️ I will now look into making sure the PR is up-to-date, then proceed to try and merge it!

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildProject6AEA49D1-5lHf64IXfvmr
• Commit ID: fc2ec7c
• Result: SUCCEEDED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[mergify]

Merging (with squash)...