Skip to content

Compile FFI from source using AWS Lambda image#153

Merged
gh-worker-dd-mergequeue-cf854d[bot] merged 1 commit into
mainfrom
appsec-61865-fix-ffi-gem-installation
May 19, 2026
Merged

Compile FFI from source using AWS Lambda image#153
gh-worker-dd-mergequeue-cf854d[bot] merged 1 commit into
mainfrom
appsec-61865-fix-ffi-gem-installation

Conversation

@Strech
Copy link
Copy Markdown
Member

@Strech Strech commented May 19, 2026
edited
Loading

What does this PR do?

Switch layer build from ruby:X.Y (Debian) to public.ecr.aws/lambda/ruby:X.Y so native extensions compile against Lambda's actual glibc/libffi.

After datadog gem install, uninstall precompiled FFI (missing Ruby 3.2 ABI) and reinstall from source. Fixes cold-start LoadError on ffi_c with DD_APPSEC_ENABLED=true on Ruby 3.2.

Also adds MAKEFLAGS parallelization and --no-document to gem installs.

Motivation

This should help with datadog gem upgrade in the future.

Testing Guidelines

Locally + CI

Additional Notes

Build time improvement

Step Before After
gem install datadog-lambda ~2 min ~2 min
gem install datadog ~6 min ~5 min
gem install ffi ~3 min ~2 min
Total ~11 min ~9 min

This PR is a compilation of #144 and #152

Types of changes

  • Bug fix
  • New feature
  • Breaking change
  • Misc (docs, refactoring, dependency upgrade, etc.)

Check all that apply

  • This PR's description is comprehensive
  • This PR contains breaking changes that are documented in the description
  • This PR introduces new APIs or parameters that are documented and unlikely to change in the foreseeable future
  • This PR impacts documentation, and it has been updated (or a ticket has been logged)
  • This PR's changes are covered by the automated tests
  • This PR collects user input/sensitive content into Datadog

@Strech
Compile FFI from source using AWS Lambda image
04d76f8 
Switch layer build from ruby:X.Y (Debian) to public.ecr.aws/lambda/ruby:X.Y
so native extensions compile against Lambda's actual glibc/libffi.

After datadog gem install, uninstall precompiled FFI (missing Ruby 3.2 ABI)
and reinstall from source. Fixes cold-start LoadError on ffi_c with
DD_APPSEC_ENABLED=true on Ruby 3.2.

Also adds MAKEFLAGS parallelization and --no-document to gem installs.
@Strech Strech requested review from a team as code owners May 19, 2026 08:24
zarirhamza
zarirhamza approved these changes May 19, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@zarirhamza zarirhamza left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM - thanks for picking this up

@gh-worker-dd-mergequeue-cf854d gh-worker-dd-mergequeue-cf854d Bot merged commit 2f51619 into main May 19, 2026
67 checks passed
@gh-worker-dd-mergequeue-cf854d gh-worker-dd-mergequeue-cf854d Bot deleted the appsec-61865-fix-ffi-gem-installation branch May 19, 2026 15:18
@zarirhamza zarirhamza mentioned this pull request May 20, 2026
Draft
10 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zarirhamza zarirhamza zarirhamza approved these changes

Assignees

No one assigned

Labels

mergequeue-status: done

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Strech @zarirhamza