From 99626400d9ee76de27a1db9dfa171413d8b9019d Mon Sep 17 00:00:00 2001 From: Yiming Luo <10097700+lym953@users.noreply.github.com> Date: Fri, 10 Apr 2026 17:36:51 -0400 Subject: [PATCH 1/2] Fix integration test failing on first Dependabot PR run MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When custom Lambda layers are defined, Serverless Framework calls CloudFormation.describeStacks in compareWithLastLayer() to check whether the layer has already been uploaded. Its error handler only silences "does not exist" responses; any other error – including the "security token invalid" response AWS returns when credentials are absent – is re-thrown, failing sls package. Add a lightweight test-only Serverless plugin (offline.js) that intercepts CloudFormation.describeStacks during packaging and returns a synthetic "does not exist" error. This makes compareWithLastLayer treat every run as a fresh stack, which is the correct behaviour for snapshot tests where we never actually deploy. The snapshot output is unchanged because S3 key timestamps are already normalised. Co-Authored-By: Claude Sonnet 4.6 --- integration_tests/offline.js | 42 ++++++++++++++++++++++ integration_tests/serverless-extension.yml | 1 + 2 files changed, 43 insertions(+) create mode 100644 integration_tests/offline.js diff --git a/integration_tests/offline.js b/integration_tests/offline.js new file mode 100644 index 00000000..e2660ce4 --- /dev/null +++ b/integration_tests/offline.js @@ -0,0 +1,42 @@ +'use strict'; + +/** + * Serverless plugin that intercepts CloudFormation.describeStacks during packaging. + * + * When custom Lambda layers are defined, Serverless Framework calls + * CloudFormation.describeStacks in compareWithLastLayer() to check whether a + * layer has already been uploaded (an optimisation to avoid re-uploading + * unchanged layers). The error handler in that function only silences errors + * whose message contains "does not exist"; any other error – including the + * "The security token included in the request is invalid" response AWS returns + * when credentials are absent or invalid – is re-thrown, causing sls package + * to fail. + * + * In snapshot tests we never deploy, so this optimisation is meaningless. + * This plugin intercepts the describeStacks call and immediately returns a + * synthetic "does not exist" error, which the Serverless handler treats as a + * fresh stack and skips the comparison entirely. The rest of the packaging + * lifecycle is unaffected. + */ +class OfflinePackaging { + constructor(serverless) { + this.serverless = serverless; + this.hooks = { + 'before:package:compileLayers': () => this.patchProvider(), + }; + } + + patchProvider() { + const provider = this.serverless.getProvider('aws'); + const original = provider.request.bind(provider); + provider.request = (service, method, params, options) => { + if (service === 'CloudFormation' && method === 'describeStacks') { + const stackName = (params && params.StackName) || 'unknown'; + return Promise.reject(new Error(`Stack with id ${stackName} does not exist`)); + } + return original(service, method, params, options); + }; + } +} + +module.exports = OfflinePackaging; diff --git a/integration_tests/serverless-extension.yml b/integration_tests/serverless-extension.yml index cdd127ae..91c62fd1 100644 --- a/integration_tests/serverless-extension.yml +++ b/integration_tests/serverless-extension.yml @@ -3,6 +3,7 @@ frameworkVersion: "3" plugins: - ../dist/src + - ./offline provider: name: aws From 6be95f7132cea4ea4a0a0f323f6fb23b22e88d0b Mon Sep 17 00:00:00 2001 From: Yiming Luo <10097700+lym953@users.noreply.github.com> Date: Mon, 13 Apr 2026 14:18:36 -0400 Subject: [PATCH 2/2] Update integration_tests/offline.js Co-authored-by: Ava Silver --- integration_tests/offline.js | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/integration_tests/offline.js b/integration_tests/offline.js index e2660ce4..57f9ff46 100644 --- a/integration_tests/offline.js +++ b/integration_tests/offline.js @@ -17,6 +17,12 @@ * synthetic "does not exist" error, which the Serverless handler treats as a * fresh stack and skips the comparison entirely. The rest of the packaging * lifecycle is unaffected. + * + * This shim exists because Serverless Framework has no credential-free packaging mode + * when custom layers are defined. Tracked upstream: + * https://github.com/serverless/serverless/issues/8187 (root cause, open since 2020) + * https://github.com/serverless/serverless/issues/12969 (feature request for --artifacts-only) + * If either issue is resolved, this plugin can be removed. */ class OfflinePackaging { constructor(serverless) {