ECR Image: push without build #1203
Comments
mattfysh
added
kind/enhancement
|
let me know if this is off topic, but I was looking into the implementation of If (for example) the same creds token was returned then pulumi wouldn't invoke the resource, so a new image wouldn't be built/pushed even if the (files referenced by) context or Dockerfile has changed |
|
I started working on this and created a prototype. There's still some rough edges though; this is affected by pulumi/pulumi-docker#952. I'm working on an enhancement to the docker provider to ignore changes to the volatile parts of the auth data (username & password) |
flostadler
added
the
blocked
|
This is currently blocked on pulumi/pulumi-docker#952. We'll first need to first iron out issues with the provider showing updates on every run because of the changing credentials |
mjeffryes
added
awaiting-upstream
|
We made progress on pulumi/pulumi-docker#952 and once it is resolved we can tackle this here. The one decision we have to make then is whether we want to add another shallow wrapper for the docker resources or instead provide a more user friendly function to fetch the credentials for the registry in order to configure the docker provider. Right now folks have to do the following to fetch credentials and configure the docker provider: const registryInfo = repo.registryId.apply(async id => {
const credentials = await aws.ecr.getCredentials({ registryId: id });
const decodedCredentials = Buffer.from(credentials.authorizationToken, "base64").toString();
const [username, password] = decodedCredentials.split(":");
if (!password || !username) {
throw new Error("Invalid credentials");
}
return {
address: credentials.proxyEndpoint,
username: username,
password: password,
};
});
const ecrProvider = new docker.Provider("ecr-provider", {
registryAuth: [registryInfo],
});If we had a convenience function it could look like this: const registryInfo = aws.ecr.getDockerCredentialsOutput({ registryId: repo.registryId });
const ecrProvider = new docker.Provider("ecr-provider", {
registryAuth: [registryInfo],
});IMO adding the shallow wrappers mostly has drawbacks for users compared to the convenience function. E.g. there's gonna be delays between new features in pulumi-docker trickling down to awsx. |
|
This will block providing the convenience function: pulumi/pulumi#12008. I'll see if there's a good way to work around this or we go with the wrapper resources. One possible option would be adding the function to the AWS provider itself (either muxing or patching), but that would be quite costly. For now I'll quickly add a wrapper component for the |
|
This issue has been addressed in PR #1464 and shipped in release v2.21.0. |
Hello!
Issue details
Currently the image being pushed to ECR must be also built by Pulumi, which is a rather uncommon setup in projects where the build steps are separated from the deployment steps. The schema of the resource allows for no build args to be provided, but fails when it cannot locate a Dockerfile
It would be great if there were a way to push an image to the ECR registry if it has already been built and tagged on the local host.
See pulumi/pulumi-docker#54 for a similar discussion on the docker provider. It is suggested that if no build is required, a
docker.RegistryImageshould be created instead ofdocker.ImageAffected area/feature
A possible solution is to support an
imageNameinput for the Image, and branch the internal logic based on its presence:The text was updated successfully, but these errors were encountered: