This message was deleted Pulumi Community #aws

Join Slack

This message was deleted.

# aws

sparse-intern-71089

11/08/2022, 7:51 PM

This message was deleted.

millions-furniture-75402

11/08/2022, 9:26 PM

Maybe the new version of awsx will address this, but it looks like there is an outstanding bug https://github.com/pulumi/pulumi-awsx/issues/585 For your last question, maybe you can do something with this example https://www.pulumi.com/registry/packages/docker/api-docs/image/#imageregistry

millions-furniture-75402

11/08/2022, 9:29 PM

Actually, you might be able to do something with

extraOptions

to pass

--tag

millions-furniture-75402

11/08/2022, 9:36 PM

https://docs.docker.com/engine/reference/commandline/image_build/ has a

--tag

flag https://github.com/pulumi/pulumi-awsx/blob/master/awsx-classic/ecr/repository.ts#L51 -- takes a

docker.DockerBuild

https://www.pulumi.com/registry/packages/docker/api-docs/image/#dockerbuild (untested):

Copy code

const containerRepository = new awsx.ecr.Repository(`${appName}-image`, {
  repository: new aws.ecr.Repository(`${appName}-image`, {
    imageScanningConfiguration: {
      scanOnPush: true,
    },
    imageTagMutability: "MUTABLE",
  }),
});

const applicationImage = containerRepository.buildAndPushImage({
  env: {
    DOCKER_BUILDKIT: "1",
  },
  extraOptions: ["--tag", "name:1.0.1"],
});

rapid-kite-35

11/09/2022, 8:45 AM

That sadly doesn't work, presumably because

pulumi-docker

overwrites the -t tag here: https://github.com/pulumi/pulumi-docker/blob/fa0159258e220cefa6a93d1e1f77676641721365/sdk/nodejs/docker.ts#L470 It uses the image name but if you pass in a

DockerBuild

it generates the image name of the signature with no apparent way to overwrite it ( https://github.com/pulumi/pulumi-awsx/blob/master/awsx-classic/ecs/image.ts#L169 ) But I think I can get the credentials the same way

awsx-classic

does and pass it directly to

pulumi-docker

and hopefully that works. Odd though how difficult it is to tag an image...

rapid-kite-35

11/09/2022, 10:51 AM

This is what I ended up with, seems unnecessary complex so if there are better ways I'm open to suggestions:

Copy code

const credentials = aws.ecr.getCredentialsOutput({
    registryId: repo.registryId
})

const transformCredentials = (creds: pulumi.Output<aws.ecr.GetCredentialsResult>): pulumi.Output<docker.ImageRegistry> => {
    return creds.apply(c => {
        const decodedCredentials = Buffer.from(c.authorizationToken, "base64").toString();
        const [username, password] = decodedCredentials.split(":");
        if (!password || !username) {
            throw new Error("Invalid credentials");
        }
        return {
            server: c.proxyEndpoint,
            username: username,
            password: password,
        } as docker.ImageRegistry
    })
}

const image = new docker.Image(customImage, {
  build: {
    context: '../',
    args: buildArgs
  },
  registry: transformCredentials(credentials),
  imageName: pulumi.interpolate`${imageName}:${env}`,
});

millions-furniture-75402

11/09/2022, 1:31 PM

That's pretty unfortunate how the buildArgs are constructed from the DockerBuild.

millions-furniture-75402

11/09/2022, 1:33 PM

Shouldn't extra options get added to the end of the args anyway? Since docker 1.1.0 you can pass many

--tag

flags. https://github.com/pulumi/pulumi-docker/blob/fa0159258e220cefa6a93d1e1f77676641721365/sdk/nodejs/docker.ts#L465-L467

Open in Slack

Previous Next