https://pulumi.com logo
Title
w

wide-whale-78548

11/28/2021, 5:58 PM
Hi everyone, Does anyone know if it is possible to manually tag an image before pushing to ECR? Something like this for instance, but unfortunately the 
tag
 option does not exist in 
buildAndPushImage
 method:
const repo = new awsx.ecr.Repository(....);       

        const img = repo.buildAndPushImage( {
            context: "path/to/app",
            tag: "some-app/v.some-version",
        });
When I check the command it generates, it adds an auto generated tag, so then I cannot overwrite it even using
extraOptions
if I use
DockerBuild
in it. I want to use the hash value of a folder as the value of the tag, so then I can check if anything in it that folder has actually changed before building a new image and pushing it again to ECR and then making ECS to go through it’s lengthy life-cycle even for non relevant pushes 😄 I can build the Docker image locally in the pipeline and push the image, but I’m looking for a way to do it all in Pulumi, also without having to manually provide repository details/credentials using
docker.Image(…)
 🤔
s

steep-sunset-89396

11/28/2021, 11:32 PM
Hey Pooyan, yes it should be possible to do that.
If you use
docker.buildAndPushImage()
to biuld the image before pushing to the registry, the first parameter is your image name
This is a function I wrote in TS
private computeImageFromAsset(appPath: string, repositoryUrl: string, registryId: string, parent: pulumi.Resource): pulumi.Output<string> {

        let imageName = this.args.imageName;

        let dockerBuildArgs: any = {};

        let _dockerBuild: docker.DockerBuild = {
            args: dockerBuildArgs,
            context: appPath,
            dockerfile: `${appPath}/Dockerfile`,
            cacheFrom: {},
        };

        const uniqueImageName = docker.buildAndPushImage(imageName, _dockerBuild, repositoryUrl, parent, async () => {

            let credentials = await aws.ecr.getCredentials({
                registryId: registryId
            }, {
                parent, async: true
            });

            let decodedCredentials = Buffer.from(credentials.authorizationToken, "base64").toString();
            let [username, password] = decodedCredentials.split(":");
            if (!password || !username) {
                throw new Error("Invalid credentials");
            }

            return {
                registry: credentials.proxyEndpoint,
                username: username,
                password: password,
            };
        });

        uniqueImageName.apply(d => pulumi.log.debug(`    build complete: ${imageName} (${d})`, parent));
        return uniqueImageName;
    }
❤️ 1
w

wide-whale-78548

11/29/2021, 8:44 AM
Thanks @steep-sunset-89396 I was not aware that
aws.ecr.getCredentials
method exits and that was very helpful.
s

steep-sunset-89396

11/29/2021, 8:51 AM
Glad to hear. Have you seen our repo full of examples? That's how I found this function.
❤️ 1
w

wide-whale-78548

11/29/2021, 8:58 AM
Yes, the Pulumi example repository is great :)
👍 1