feat(lambda-python-alpha): support uv

[phuhung273]

Issue # (if applicable)

Closes #31238
Closes #32413

Description of changes

• LambdaFunction support uv.lock
• When uv.lock detected, install dependencies with uv pip sync instead of pip install for better performance. But we can further use uv for all locks since export output is always requirements.txt.
• Dockerfile install uv
• Update deprecated runtime in some integs

Description of how you validated changes

Unit + Integ

Checklist

• My code adheres to the CONTRIBUTING GUIDE and DESIGN GUIDELINES

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 83.98%. Comparing base (2dc5d70) to head (3318e85).
Report is 323 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #33880      +/-   ##
==========================================
+ Coverage   82.38%   83.98%   +1.60%     
==========================================
  Files         120      120              
  Lines        6938     6976      +38     
  Branches     1170     1178       +8     
==========================================
+ Hits         5716     5859     +143     
+ Misses       1119     1005     -114     
- Partials      103      112       +9     

Flag	Coverage Δ
suite.unit	83.98% <ø> (+1.60%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
packages/aws-cdk	∅ <ø> (∅)
packages/aws-cdk-lib/core	83.98% <ø> (+1.60%)	⬆️

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Dilski]

Hi, please could you explain the use of uv sync and pip freeze instead of uv export (like it has in the UV docs https://docs.astral.sh/uv/guides/integration/aws-lambda/)?

[phuhung273]

Thank you so much for the reference. I wasn't aware of that doc. Updated according to official guide.

[Dilski]

Is the comment about the venv still true? You may either need to add the rm command back or remove the comment

[phuhung273]

No, export command no longer create .venv. Comment removed. Thank you again 💯 I should have noticed that.

[polothy]

Random'ish feedback: not sure if having a uv.lock file within each lambda is good developer experience. I think this prevents you from being able to install the dependencies into your venv for development. Whereas, uv workspaces would allow this to happen uv sync --all-packages. I've implemented my own bundling this way and there is prior art here: https://github.com/fourTheorem/uv-python-lambda - workspaces also allows for easy upgrading of all your lambdas, layers and root deps via uv lock --upgrade.

That being said, I'm not sure if this is the absolute best way or if maybe the uv groups feature would make more sense... or both! I haven't tried groups yet though, EG: can a dependency be in multiple groups (this does work with workspaces)? Right now, leaning more towards workspaces because it's a little more obvious due to the pyproject.toml files and you can detect it during bundling via filesystem.

[phuhung273]

@polothy your feedback is valuable actually. The reason why workspace was not chosen is simply because I've never try it 😅 . Thank you for the reference.

Looking at workspaces doc, there is a section When (not) to use workspaces stating we should avoid it when codebase grows bigger. While Lambda is often small, workspace seems like a better fit.

Let me add an option for choosing workspace. Thank you again for your advice and reference repo also.

[shikha372]

Hi @phuhung273,

Thank you for your contribution to CDK through this PR. However, we're unable to accept it at this time, as we are currently evaluating the future graduation path for this module(lamba-python-alpha), along with alternative approach of using nix to provide customers with greater flexibility in adding package manager functionality and options on their end.

You can find more information about the proposed Nix-based solution in this discussion post: #33659.
We’ve also experimented with using it for the uv package manager. An example of how to handle bundling with Nix for uv is available in this repository:
https://gitlab.com/5d.cdk/issue-31238/-/blob/nix/lib/python-lambda/default.nix?ref_type=heads.

Just like with the current Dockerfile setup, we can define the package manager configuration in the Nix template (default.nix):
This configuration can then be passed when defining the function—for example, using a helper like buildWithNixContainer.

  buildPhase = ''
    echo "Building in $(pwd)"
    mkdir -p build
    cp -r $src/* ./build

    uv pip compile --no-cache $src/pyproject.toml -o ./build/requirements.txt

    echo "Installing dependencies..."
    pip3 install --target ./build -r ./build/requirements.txt
  '';

    new Function(this, 'PythonLambda', {
      runtime: Runtime.PYTHON_3_12,
      architecture: Architecture.ARM_64,
      code: buildWithNixContainer({
        expressionPath: path.join(__dirname, 'python-lambda'),
        srcPath: path.join(__dirname, 'python-lambda'),
      }),
      handler: 'handler.lambda_handler'
    })
  }

[fitz-vivodyne]

If nix is an implementation detail that the CDK team uses behind the scenes to implement uv support, awesome.

If you're expecting customers to have to interact with nix I would strongly suggest reconsidering.

As a customer I should just be able to provide a standard pyproject.toml based uv project and tell CDK to build a lambda with uv for me.

[github-actions]

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

[Abogical]

Hi @phuhung273, Thank you for your contribution!

I don't think it is necessary to wait for nix support in order for uv to be supported. We can go ahead with this feature.

There seems to be a lot of changes related to updating the python versions used in existing integ tests (for poetry and pipenv). Correct me if I'm wrong, but I do not think this is necessary. We can update those versions in a separate PR if needed.

[Abogical]

I don't think this needs to be removed.

[phuhung273]

Yes you're right. I was once told that this should be removed by the team, we also have #33331 to remove it all. But can see it is closed now so we dont need to remove app.synth

Pull request has been modified.

[Abogical]

Thanks for the patch! Just a couple of changes needed and this should be good to go.

[Abogical]

You are correct that it is redundant and it should be removed, but for now I just want to limit the PR's scope to only support uv. This is to prevent any possible merge conflicts with other PR's.

[phuhung273]

Yeah sure, thanks for your understanding. Let me remove it

Pull request has been modified.

[phuhung273]

Thanks for your review and also replying to my email @Abogical

[Abogical]

Thank you!

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
• Commit ID: 806179b
• Result: SUCCEEDED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[github-actions]

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.