cdk synth failure due to re2-wasm bundling #87
Description
I'm trying to set up a simple testing stack to play around with this framework, but I can't seem to get it to synth.
CDK app:
import * as cdk from 'aws-cdk-lib';
import { CM } from '../lib/cm';
const app = new cdk.App();
const _cmStack = new CM(app, 'CredentialStack', {
env: { account: process.env.CDK_DEFAULT_ACCOUNT, region: process.env.CDK_DEFAULT_REGION },
});Stack code:
import { CredentialManager } from '@aws/app-framework-for-github-apps-on-aws';
import * as cdk from 'aws-cdk-lib';
import type * as iam from 'aws-cdk-lib/aws-iam';
import type { Construct } from 'constructs';
export interface CMProps extends cdk.StackProps {}
export class CM extends cdk.Stack {
readonly appTokenEndpoint: string;
readonly installationAccessTokenEndpoint: string;
private credentialManager: CredentialManager;
constructor(scope: Construct, id: string, props?: CMProps) {
super(scope, id, props);
this.credentialManager = new CredentialManager(this, 'CredentialManager');
this.appTokenEndpoint = this.credentialManager.appTokenEndpoint;
this.installationAccessTokenEndpoint = this.credentialManager.installationAccessTokenEndpoint;
}
public grantPermissions(grantee: iam.IGrantable) {
this.credentialManager.grantGetAppToken(grantee);
this.credentialManager.grantGetInstallationAccessToken(grantee);
}
}Synth output:
Bundling asset CredentialStack/CredentialManager/AppTokenGenerator/handler/Code/Stage...
cdk.out/bundling-temp-1dca829e142d808f67a0e6581fddec451a2070c0cc429cdb194881981d37aaad-building/index.js 2.2mb ⚠️
cdk.out/bundling-temp-1dca829e142d808f67a0e6581fddec451a2070c0cc429cdb194881981d37aaad-building/index.js.map 3.3mb
⚡ Done in 270ms
npm error code EUSAGE
npm error
npm error `npm ci` can only install packages when your package.json and package-lock.json or npm-shrinkwrap.json are in sync. Please update your lock file with `npm install` before continuing.
npm error
npm error Missing: re2-wasm@1.0.2 from lock file
npm error
npm error Clean install a project
npm error
npm error Usage:
npm error npm ci
npm error
npm error Options:
npm error [--install-strategy <hoisted|nested|shallow|linked>] [--legacy-bundling]
npm error [--global-style] [--omit <dev|optional|peer> [--omit <dev|optional|peer> ...]]
npm error [--include <prod|dev|optional|peer> [--include <prod|dev|optional|peer> ...]]
npm error [--strict-peer-deps] [--foreground-scripts] [--ignore-scripts] [--no-audit]
npm error [--no-bin-links] [--no-fund] [--dry-run]
npm error [-w|--workspace <workspace-name> [-w|--workspace <workspace-name> ...]]
npm error [-ws|--workspaces] [--include-workspace-root] [--install-links]
npm error
npm error aliases: clean-install, ic, install-clean, isntall-clean
npm error
npm error Run "npm help ci" for more info
npm error A complete log of this run can be found in: /home/ANT.AMAZON.COM/kellertk/.npm/_logs/2025-07-11T21_53_35_798Z-debug-0.log
/home/ANT.AMAZON.COM/kellertk/devel/gh-cm-test/node_modules/aws-cdk-lib/aws-s3-assets/lib/asset.js:1
"use strict";var _a;Object.defineProperty(exports,"__esModule",{value:!0}),exports.Asset=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var path=()=>{var tmp=require("path");return path=()=>tmp,tmp},constructs_1=()=>{var tmp=require("constructs");return constructs_1=()=>tmp,tmp},compat_1=()=>{var tmp=require("./compat");return compat_1=()=>tmp,tmp},kms=()=>{var tmp=require("../../aws-kms");return kms=()=>tmp,tmp},s3=()=>{var tmp=require("../../aws-s3");return s3=()=>tmp,tmp},cdk=()=>{var tmp=require("../../core");return cdk=()=>tmp,tmp},errors_1=()=>{var tmp=require("../../core/lib/errors");return errors_1=()=>tmp,tmp},cxapi=()=>{var tmp=require("../../cx-api");return cxapi=()=>tmp,tmp};class Asset extends constructs_1().Construct{constructor(scope,id,props){super(scope,id);try{jsiiDeprecationWarnings().aws_cdk_lib_aws_s3_assets_AssetProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,Asset),error}if(!props.path)throw new(errors_1()).ValidationError("Asset path cannot be empty",this);this.isBundled=props.bundling!=null;const staging=new(cdk()).AssetStaging(this,"Stage",{...props,sourcePath:path().resolve(props.path),follow:props.followSymlinks??(0,compat_1().toSymlinkFollow)(props.follow),assetHash:props.assetHash??props.sourceHash});this.assetHash=staging.assetHash,this.sourceHash=this.assetHash;const stack=cdk().Stack.of(this);this.assetPath=staging.relativeStagedPath(stack),this.isFile=staging.packaging===cdk().FileAssetPackaging.FILE,this.isZipArchive=staging.isArchive;const location=stack.synthesizer.addFileAsset({packaging:staging.packaging,sourceHash:this.sourceHash,fileName:this.assetPath,deployTime:props.deployTime,displayName:props.displayName??cdk().Names.stackRelativeConstructPath(this)});this.s3BucketName=location.bucketName,this.s3ObjectKey=location.objectKey,this.s3ObjectUrl=location.s3ObjectUrl,this.httpUrl=location.httpUrl,this.s3Url=location.httpUrl;const kmsKey=location.kmsKeyArn?kms().Key.fromKeyArn(this,"Key",location.kmsKeyArn):void 0;this.bucket=s3().Bucket.fromBucketAttributes(this,"AssetBucket",{bucketName:this.s3BucketName,encryptionKey:kmsKey});for(const reader of props.readers??[])this.grantRead(reader)}addResourceMetadata(resource,resourceProperty){try{jsiiDeprecationWarnings().aws_cdk_lib_CfnResource(resource)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.addResourceMetadata),error}this.node.tryGetContext(cxapi().ASSET_RESOURCE_METADATA_ENABLED_CONTEXT)&&(resource.cfnOptions.metadata=resource.cfnOptions.metadata||{},resource.cfnOptions.metadata[cxapi().ASSET_RESOURCE_METADATA_PATH_KEY]=this.assetPath,resource.cfnOptions.metadata[cxapi().ASSET_RESOURCE_METADATA_IS_BUNDLED_KEY]=this.isBundled,resource.cfnOptions.metadata[cxapi().ASSET_RESOURCE_METADATA_PROPERTY_KEY]=resourceProperty)}grantRead(grantee){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_iam_IGrantable(grantee)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.grantRead),error}this.bucket.grantRead(grantee)}}exports.Asset=Asset,_a=JSII_RTTI_SYMBOL_1,Asset[_a]={fqn:"aws-cdk-lib.aws_s3_assets.Asset",version:"2.202.0"};
^
ValidationError: Failed to bundle asset CredentialStack/CredentialManager/AppTokenGenerator/handler/Code/Stage, bundle output is located at /home/ANT.AMAZON.COM/kellertk/devel/gh-cm-test/cdk.out/bundling-temp-1dca829e142d808f67a0e6581fddec451a2070c0cc429cdb194881981d37aaad-building: ValidationError: bash -c npx --no-install esbuild --bundle "/home/ANT.AMAZON.COM/kellertk/devel/gh-cm-test/node_modules/@aws/app-framework-for-github-apps-on-aws/lib/credential-manager/get-app-token/appToken.handler.js" --target=node22 --platform=node --outfile="/home/ANT.AMAZON.COM/kellertk/devel/gh-cm-test/cdk.out/bundling-temp-1dca829e142d808f67a0e6581fddec451a2070c0cc429cdb194881981d37aaad-building/index.js" --sourcemap --external:re2-wasm && echo '{"dependencies":{"re2-wasm":"^1.0.2"}}' > "/home/ANT.AMAZON.COM/kellertk/devel/gh-cm-test/cdk.out/bundling-temp-1dca829e142d808f67a0e6581fddec451a2070c0cc429cdb194881981d37aaad-building/package.json" && cp "/home/ANT.AMAZON.COM/kellertk/devel/gh-cm-test/package-lock.json" "/home/ANT.AMAZON.COM/kellertk/devel/gh-cm-test/cdk.out/bundling-temp-1dca829e142d808f67a0e6581fddec451a2070c0cc429cdb194881981d37aaad-building/package-lock.json" && cd "/home/ANT.AMAZON.COM/kellertk/devel/gh-cm-test/cdk.out/bundling-temp-1dca829e142d808f67a0e6581fddec451a2070c0cc429cdb194881981d37aaad-building" && npm ci run in directory /home/ANT.AMAZON.COM/kellertk/devel/gh-cm-test exited with status 1
at path [CredentialStack/CredentialManager/AppTokenGenerator/handler/Code/Stage] in aws-cdk-lib.AssetStaging
at new Asset (/home/ANT.AMAZON.COM/kellertk/devel/gh-cm-test/node_modules/aws-cdk-lib/aws-s3-assets/lib/asset.js:1:1252)
at AssetCode.bind (/home/ANT.AMAZON.COM/kellertk/devel/gh-cm-test/node_modules/aws-cdk-lib/aws-lambda/lib/code.js:5:4375)
at new Function2 (/home/ANT.AMAZON.COM/kellertk/devel/gh-cm-test/node_modules/aws-cdk-lib/aws-lambda/lib/function.js:1:11029)
at new Function2 (/home/ANT.AMAZON.COM/kellertk/devel/gh-cm-test/node_modules/aws-cdk-lib/core/lib/prop-injectable.js:1:488)
at new NodejsFunction (/home/ANT.AMAZON.COM/kellertk/devel/gh-cm-test/node_modules/aws-cdk-lib/aws-lambda-nodejs/lib/function.js:1:2292)
at new GitHubAppToken (/home/ANT.AMAZON.COM/kellertk/devel/gh-cm-test/node_modules/@aws/app-framework-for-github-apps-on-aws/src/credential-manager/get-app-token/appToken.ts:24:26)
at new CredentialManager (/home/ANT.AMAZON.COM/kellertk/devel/gh-cm-test/node_modules/@aws/app-framework-for-github-apps-on-aws/src/credential-manager/index.ts:103:33)
at new CM (/home/ANT.AMAZON.COM/kellertk/devel/gh-cm-test/lib/cm.ts:14:30)
at Object.<anonymous> (/home/ANT.AMAZON.COM/kellertk/devel/gh-cm-test/bin/cm-test.ts:7:18)
at Module._compile (node:internal/modules/cjs/loader:1554:14)
npx ts-node --prefer-ts-exts bin/cm-test.ts: Subprocess exited with error 1Note: this output is when using esbuild bundling, but I get similar issues if esbuild is not available and CDK falls back to docker bundling. It seems as though this is related to excluding the re2-wasm module from bundling the various lambdas. There are four files where that appears:
Replacing the nodeModules property with externalModules solves my synthesis issue - it generates some CFN anyway - but I have not deployed the stack yet to know if this actually works or not.