Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ECR Image: push without build #1203

Open
mattfysh opened this issue Jan 11, 2024 · 4 comments
Open

ECR Image: push without build #1203

mattfysh opened this issue Jan 11, 2024 · 4 comments
Assignees
Labels
awaiting-upstream The issue cannot be resolved without action in another repository (may be owned by Pulumi). kind/enhancement Improvements or new features
Milestone

Comments

@mattfysh
Copy link

Hello!

  • Vote on this issue by adding a 👍 reaction
  • If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)

Issue details

Currently the image being pushed to ECR must be also built by Pulumi, which is a rather uncommon setup in projects where the build steps are separated from the deployment steps. The schema of the resource allows for no build args to be provided, but fails when it cannot locate a Dockerfile

It would be great if there were a way to push an image to the ECR registry if it has already been built and tagged on the local host.

See pulumi/pulumi-docker#54 for a similar discussion on the docker provider. It is suggested that if no build is required, a docker.RegistryImage should be created instead of docker.Image

Affected area/feature

A possible solution is to support an imageName input for the Image, and branch the internal logic based on its presence:

import * as awsx from "@pulumi/awsx";
const repository = new awsx.ecr.Repository("repository", {
    forceDelete: true,
});
const image = new awsx.ecr.Image("image", {
    repositoryUrl: repository.url,
    imageName: 'my-locally-built-image',
});
@mjeffryes
Copy link
Member

Thanks for this suggestion @mattfysh; we've been talking a bit about this use case in the context of some of our docker work too recently. We'll try to think about how to enable this scenario in awsx as well. cc @blampe

@mjeffryes mjeffryes removed the needs-triage Needs attention from the triage team label Jan 12, 2024
@mattfysh
Copy link
Author

mattfysh commented Jan 28, 2024

let me know if this is off topic, but I was looking into the implementation of ecr.Image and noticed that a new image is built and pushed on each program run only because aws.ecr.getCredentialsOutput will return new credentials each time.

If (for example) the same creds token was returned then pulumi wouldn't invoke the resource, so a new image wouldn't be built/pushed even if the (files referenced by) context or Dockerfile has changed

@flostadler
Copy link
Contributor

I started working on this and created a prototype. There's still some rough edges though; this is affected by pulumi/pulumi-docker#952.

I'm working on an enhancement to the docker provider to ignore changes to the volatile parts of the auth data (username & password)

@flostadler
Copy link
Contributor

This is currently blocked on pulumi/pulumi-docker#952. We'll first need to first iron out issues with the provider showing updates on every run because of the changing credentials

@mjeffryes mjeffryes added awaiting-upstream The issue cannot be resolved without action in another repository (may be owned by Pulumi). and removed blocked The issue cannot be resolved without 3rd party action. labels Jul 3, 2024
@mjeffryes mjeffryes added this to the 0.114 milestone Dec 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
awaiting-upstream The issue cannot be resolved without action in another repository (may be owned by Pulumi). kind/enhancement Improvements or new features
Projects
None yet
Development

No branches or pull requests

3 participants