https://pulumi.com logo
Join Slack
Powered by
This message was deleted.
# general
s
This message was deleted.
s
I can see from the plan step that the docker build is succeeding.
b
can you share your code, or a snippet? generally Pulumi will use your AWS credentials for the ecr push here
s
Here's the build snippet
Copy code
var image = awsx.ecs.Image.fromDockerBuild("WebAuthImage", {
            dockerfile: "D:/code/kaiju/deploy/Dockerfile",
            context: "D:/code/kaiju",
            args: {
                "APP_NAME": "web-auth",
                "GITHUB_TOKEN": process.env.GITHUB_TOKEN ?? "ERROR TOKEN"
            }
        });
I'm using admin credentials for now, since this is a demo account
Looking at the awsx code, it looks like it gets some token from ECR that it tries to break down into a username/password. I think that's whats failing to log in for the push
b
it doesn't look like you're specifying a repository to push to, so it's probably trying to push to whatever you've tagged the image as
s
From the comment in image.ts
Copy code
/**
     * Creates an [Image] using the detailed build instructions provided in [build].
     *
     * Either a [name] or [repository] needs to be provided where the built image will be pushed
     * to.  If [repository] is provided, it will be used as-is.  Otherwise, a new one will be
     * created on-demand, using the [name] value.
     */
In my account I can see the following ECR repo created:
Copy code
webauthimage-22f1781
The build command that pulumi is running is tagging the output as:
Copy code
d0a2603d-container
So if pulumi is trying to make that tag match the repo name, it doesn't appear to match.
I'll try building an explicit repo and using that next
b
is the built image named with the right repo name? eg 
image.ecr.foo:d0a2603d-container
s
Where does that output end up?
b
run docker images locally, it's building o your machine
s
That looks like the issue--for some reason it's picking a different repo (one that got created while I trialed cdk)
What's interesting is that during the plan, it looked like it was going to pick the correct repo, but then it still picked the wrong one. Here's the log that looks like it's going to do the right thing:
Copy code
awsx:x:ecs:FargateTaskDefinition (WebAuthService):
    debug: Building container image at '{"dockerfile":"D:/code/kaiju/deploy/Dockerfile","context":"D:/code/kaiju","args":{"APP_NAME":"web-auth","GITHUB_TOKEN":"REDACTED"}}'
    debug:     build complete: d0a2603d-container (<http://ACCOUNT.dkr.ecr.us-west-2.amazonaws.com/webauthimage-22f1781:2b0fd997c9deadf744316f3e2f0a3e5fa81790c1610b8d775a5be960e7079302|ACCOUNT.dkr.ecr.us-west-2.amazonaws.com/webauthimage-22f1781:2b0fd997c9deadf744316f3e2f0a3e5fa81790c1610b8d775a5be960e7079302>)
But then when I open up the image manifest, the repo digest is:
Copy code
<http://ACCOUNT.dkr.ecr.us-west-2.amazonaws.com/cdk-hnb659fds-container-assets-ACCOUNT-us-west-2@sha256:d7268bfc79b08ebff55959cb4455e4f90ce1d2f83aee7cef8ee382d8a615b9bd|ACCOUNT.dkr.ecr.us-west-2.amazonaws.com/cdk-hnb659fds-container-assets-ACCOUNT-us-west-2@sha256:d7268bfc79b08ebff55959cb4455e4f90ce1d2f83aee7cef8ee382d8a615b9bd>
Ok, I think I got it working now--at least the image push succeed. What ended up fixing it was to force docker to log into the correct repo on the command line. I tried a couple of things at the same time, so I'm not 100% sure which one made it work, but once I did that, the image push just worked
Yep, that all worked. Thanks for the help!
Open in Slack
PreviousNext
Powered by