Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ecr.RegistryImage resource for pushing existing images to ECR #1464

Merged
merged 21 commits into from
Jan 16, 2025
Merged

Add ecr.RegistryImage resource for pushing existing images to ECR #1464

merged 21 commits into from
Jan 16, 2025

Conversation

flostadler
Copy link
Contributor

@flostadler flostadler commented Jan 6, 2025
edited
Loading

The current awsx.ecr.Image resource is limited to building and pushing new images to ECR. However, many CI/CD workflows need to push pre-built images that may come from separate build processes or workflows.
This PR introduces a new awsx.ecr.RegistryImage component that enables pushing existing Docker images to ECR. The component extends the functionality of `docker.RegistryImage, automatically configures the provider with ECR credentials and detects changes to images to trigger pushes.

The component handles scenarios where the source image tag remains constant (e.g., my-image:latest) but the underlying image content has changed. Instead of relying solely on the image name for change detection, it uses the image's unique ID to determine when updates are needed. This ensures proper triggering of infrastructure updates when the source image was rebuilt.

Resolves #1203

@flostadler flostadler added do-not-merge Do Not Merge blocked The issue cannot be resolved without 3rd party action. labels Jan 6, 2025
@flostadler flostadler marked this pull request as draft January 6, 2025 18:50
@flostadler flostadler marked this pull request as ready for review January 6, 2025 21:18
@flostadler flostadler requested review from corymhall, t0yv0 and a team January 6, 2025 21:19
flostadler
flostadler commented Jan 7, 2025
View reviewed changes
awsx/ecr/registryImage.ts Outdated Show resolved Hide resolved
@flostadler flostadler self-assigned this Jan 7, 2025
corymhall
corymhall approved these changes Jan 7, 2025
View reviewed changes
Copy link
Contributor

@corymhall corymhall left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀

awsx/ecr/auth.ts Show resolved Hide resolved
@t0yv0
Copy link
Member

t0yv0 commented Jan 10, 2025

Curious about this as I don't have a good intuition on our Docker support. My one question is adding new resources creates apparent complexity for the user, no? The matrix of possibilities is:

Image source: (1) prebuilt image; (2) need to build it
Destination: (1) ECR; (2) somewhere else? (3) nowhere, just build it

Does this matrix have very different Pulumi resources involved depending on what you are doing, and does this new resource make it even more complicated?

https://www.pulumi.com/registry/packages/docker-build/#example seems to be able to push to ECR, can it push a prebuilt image to ECR? I think yes?

@flostadler
Copy link
Contributor Author

flostadler commented Jan 10, 2025
edited
Loading

Curious about this as I don't have a good intuition on our Docker support. My one question is adding new resources creates apparent complexity for the user, no? The matrix of possibilities is:

Image source: (1) prebuilt image; (2) need to build it
Destination: (1) ECR; (2) somewhere else? (3) nowhere, just build it

Does this matrix have very different Pulumi resources involved depending on what you are doing, and does this new resource make it even more complicated?

https://www.pulumi.com/registry/packages/docker-build/#example seems to be able to push to ECR, can it push a prebuilt image to ECR? I think yes?

The only resource that can push prebuilt images is docker.RegistryImage. (docker-build cannot)

Right now users would need to handle the auth bit and re-triggering the image push when the source image changes. This is what this PR addresses. Given that the feature request has 14 upvotes I’d argue that users have an appetite for this.

@flostadler flostadler removed blocked The issue cannot be resolved without 3rd party action. do-not-merge Do Not Merge labels Jan 13, 2025
@flostadler flostadler requested a review from corymhall January 13, 2025 17:51
t0yv0
t0yv0 reviewed Jan 13, 2025
View reviewed changes
awsx/ecr/auth.ts Outdated Show resolved Hide resolved
t0yv0
t0yv0 reviewed Jan 13, 2025
View reviewed changes
awsx/ecr/registryImage.ts
const creds = pulumi
.output(args.repositoryUrl)
.apply((url) => getDockerCredentials({ registryUrl: url }, { parent: this }));
const provider = new docker.Provider(name, {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is no way for the user to customize https://www.pulumi.com/registry/packages/docker/#remote-hosts or anything else about this provider. Possibly OK for now just noting.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point, I can quickly expose those. I don't think those are gonna be useful for most users (e.g. remote host) as part of pushing a local image, but it doesn't hurt to export them to support future use cases

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Users can still reach this code with transforms possibly, if really needed.

t0yv0
t0yv0 reviewed Jan 13, 2025
View reviewed changes
awsx/schema-types.ts Outdated
@@ -118,6 +119,20 @@ export interface ImageArgs {
readonly repositoryUrl: pulumi.Input<string>;
readonly target?: pulumi.Input<string>;
}
export abstract class RegistryImage<TData = any> extends (pulumi.ComponentResource)<TData> {
public image!: unknown | pulumi.Output<unknown>;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is unknown here exactly?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Uh that's interesting, good catch!
Seems like the script for generating provider internal types has a bug or cannot properly handle references to docker??

The SDK and schema look good, but I'm gonna dig into this

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!!

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, the type-gen for provider internal types was only configured to handle aws. I've added docker as well now

t0yv0
t0yv0 reviewed Jan 13, 2025
View reviewed changes
examples/ts-ecr-registry-image/README.md
@@ -0,0 +1,5 @@
# Pushing a local image to an ECR registry

This example demonstrates how to push a local image to an ECR registry using the `awsx.ecr.RegistryImage` component.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice

t0yv0
t0yv0 reviewed Jan 13, 2025
View reviewed changes
schemagen/pkg/gen/docs/ecr/registry-image.md Outdated
{{% example %}}
### Pushing an image to an ECR repository

```typescript
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could be cool to source from examples but that's for another time :)

@github-actions GitHub Actions
Copy link

Does the PR have any schema changes?

Looking good! No breaking changes found.

New resources:

  • ecr.RegistryImage

Maintainer note: consult the runbook for dealing with any breaking changes.

@codecov Codecov
Copy link

codecov bot commented Jan 15, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 0% with 76 lines in your changes missing coverage. Please review.

Project coverage is 0.00%. Comparing base (4aeca78) to head (0ff619a).
Report is 4 commits behind head on master.

Files with missing lines Patch % Lines
provider/pkg/schemagen/ecr.go 0.00% 58 Missing ⚠️
provider/pkg/schemagen/schema.go 0.00% 18 Missing ⚠️
Additional details and impacted files 
@@          Coverage Diff           @@
##           master   #1464   +/-   ##
======================================
  Coverage    0.00%   0.00%           
======================================
  Files          10      10           
  Lines        2345    2398   +53     
======================================
- Misses       2345    2398   +53

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@flostadler flostadler merged commit 8a76562 into master Jan 16, 2025
25 checks passed
@flostadler flostadler deleted the flostadler/registry-image branch January 16, 2025 13:15
@pulumi-bot
Copy link
Contributor

This PR has been shipped in release v2.21.0.

@pulumi-bot pulumi-bot mentioned this pull request Jan 16, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@t0yv0 t0yv0 t0yv0 approved these changes

@corymhall corymhall corymhall approved these changes

Assignees

@flostadler flostadler

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

ECR Image: push without build
4 participants
@flostadler @t0yv0 @pulumi-bot @corymhall