sam_oneal/pulumi-docker-build
1
0
Fork 0
Code Actions Packages Releases Wiki Activity
Files
22f27d60477e82889ecd4366a425dbca056cbff5
pulumi-docker-build/sdk/python/pulumi_docker_build/image.py
pulumi-renovate[bot] 0110626c42 Update first-party Pulumi dependencies (#819) 
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [@pulumi/pulumi](https://redirect.github.com/pulumi/pulumi)
([source](https://redirect.github.com/pulumi/pulumi/tree/HEAD/sdk/nodejs))
| dependencies | minor | [`3.231.0` ->
`3.235.0`](https://renovatebot.com/diffs/npm/@pulumi%2fpulumi/3.231.0/3.235.0)
|
|
[github.com/pulumi/providertest](https://redirect.github.com/pulumi/providertest)
| require | minor | `v0.6.0` -> `v0.7.0` |
|
[github.com/pulumi/pulumi-dotnet/pulumi-language-dotnet/v3](https://redirect.github.com/pulumi/pulumi-dotnet)
| require | minor | `v3.103.0` -> `v3.105.0` |
|
[github.com/pulumi/pulumi-go-provider](https://redirect.github.com/pulumi/pulumi-go-provider)
| require | patch | `v1.3.1` -> `v1.3.2` |
|
[github.com/pulumi/pulumi/pkg/v3](https://redirect.github.com/pulumi/pulumi)
| require | minor | `v3.230.0` -> `v3.234.0` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.

---

### Release Notes

<details>
<summary>pulumi/pulumi (@&#8203;pulumi/pulumi)</summary>

###
[`v3.235.0`](https://redirect.github.com/pulumi/pulumi/releases/tag/v3.235.0)

[Compare
Source](https://redirect.github.com/pulumi/pulumi/compare/v3.234.0...v3.235.0)

##### 3.235.0 (2026-05-05)

##### Features

-   \[cli] Add `pulumi logs decrypt` command for viewing logs
[#&#8203;22523](https://redirect.github.com/pulumi/pulumi/pull/22523)

-   \[cli] Bundle the `hcl` language host (from pulumi-labs/pulumi-hcl)
[#&#8203;22807](https://redirect.github.com/pulumi/pulumi/pull/22807)

- \[cli] Automatically install the `hcl` converter from
pulumi-labs/pulumi-hcl when running `pulumi convert --from hcl`
[#&#8203;22816](https://redirect.github.com/pulumi/pulumi/pull/22816)

- \[pcl] Add `read` blocks to PCL to read resources via ID and query
instead of registering them
[#&#8203;22641](https://redirect.github.com/pulumi/pulumi/pull/22641)

- \[cli/cloud] Add `pulumi cloud api <op-or-path>` for calling any
Pulumi Cloud API
endpoint, with `--field`/`--header`/`--input`/`--body` flag handling,
path
template binding, content negotiation via `--format`, and `--dry-run`

[#&#8203;22771](https://redirect.github.com/pulumi/pulumi/pull/22771)

- \[cli/cloud] Add `--paginate` to `pulumi cloud api`: follow
continuation cursors,
    accumulate items into a single JSON envelope, and surface progress
    events to stderr with `--emit-events` (page, complete, truncated,
    partial_failure, cancelled).

[#&#8203;22772](https://redirect.github.com/pulumi/pulumi/pull/22772)

##### Bug Fixes

- \[cli] Fix the `pulumi neo` shell tool to honor the agent-supplied
`timeout` and to terminate the whole process tree (and unblock cmd.Wait)
when the deadline fires, so commands like `kubectl logs -f` no longer
hang Neo indefinitely.
[#&#8203;22820](https://redirect.github.com/pulumi/pulumi/pull/22820)

- \[cli] Surface the error and exit when `pulumi neo` fails to create
the underlying task, instead of leaving the TUI stuck in `Thinking…`
[#&#8203;22825](https://redirect.github.com/pulumi/pulumi/pull/22825)

- \[codegen/go] Correctly generate `[]pulumi.Asset` & `[]pulumi.Archive`
[#&#8203;22827](https://redirect.github.com/pulumi/pulumi/pull/22827)

- \[cli/neo] Exit cleanly when the user presses Ctrl+C twice in `pulumi
neo` instead of hanging until a third press
[#&#8203;22821](https://redirect.github.com/pulumi/pulumi/pull/22821)

- \[engine] The engine now caches schemas at `PULUMI_HOME/schemas`, and
will cache for parameterised packages as well
[#&#8203;22812](https://redirect.github.com/pulumi/pulumi/pull/22812)

- \[sdk-python] Preserve `__`-prefixed keys (e.g. `__type`
discriminators) across RPC deserialization, matching the behavior of the
other language SDKs
[#&#8203;22834](https://redirect.github.com/pulumi/pulumi/pull/22834)

- \[programgen/{nodejs,python}] Fix programgen to emit the right
`length` check for string length
[#&#8203;22802](https://redirect.github.com/pulumi/pulumi/pull/22802)

##### Miscellaneous

- \[cli] Replace the Pulumipus mascot in the `pulumi neo` welcome banner
with new Neo-branded ASCII art.
[#&#8203;22817](https://redirect.github.com/pulumi/pulumi/pull/22817)

###
[`v3.234.0`](https://redirect.github.com/pulumi/pulumi/blob/HEAD/CHANGELOG.md#32340-2026-05-01)

[Compare
Source](https://redirect.github.com/pulumi/pulumi/compare/v3.233.0...v3.234.0)

##### Features

- \[cli/cloud] Add `pulumi cloud api describe` for inspecting the
parameters, request
    body, and response schema of any Pulumi Cloud API operation, with
    text, markdown, and JSON output

[#&#8203;22770](https://redirect.github.com/pulumi/pulumi/pull/22770)

- \[cli/cloud] Add `pulumi cloud api list` for browsing every endpoint
exposed by the Pulumi
    Cloud OpenAPI spec, with table and JSON output

[#&#8203;22769](https://redirect.github.com/pulumi/pulumi/pull/22769)

##### Bug Fixes

- \[engine] Revert changes to property path parsing that resulted in
errors for currently valid paths

###
[`v3.233.0`](https://redirect.github.com/pulumi/pulumi/blob/HEAD/CHANGELOG.md#32330-2026-04-30)

[Compare
Source](https://redirect.github.com/pulumi/pulumi/compare/v3.232.0...v3.233.0)

##### Features

- \[auto/python] Expose the auto-generated Pulumi CLI interface as
`workspace.cli_api`
[#&#8203;22638](https://redirect.github.com/pulumi/pulumi/pull/22638)

- \[cli] Add encrypted logging to ~/.pulumi/logs; use the
PULUMI_ENABLE_AUTOMATIC_LOGGING feature flag to turn it on
[#&#8203;22494](https://redirect.github.com/pulumi/pulumi/pull/22494)

- \[cli] Implement the `filesystem__grep` and
`filesystem__content_replace` local tools
for `pulumi neo`. `grep` runs a regex search across files in the project
root
with an optional `include` glob filter and returns results in
`path:lineno: line`
form. `content_replace` performs a literal multi-file search-and-replace
with a
`file_pattern` glob and `dry_run` preview mode. Both tools skip binary
files,
hidden directories, and `node_modules`, and reject paths outside the
project
    root. Their input schemas match the cloud-side tool definitions.

[#&#8203;22655](https://redirect.github.com/pulumi/pulumi/pull/22655)

- \[cli] Add `pulumi_preview` and `pulumi_up` as local tools for the
experimental `pulumi neo`
agent. The Neo TUI renders a persistent bordered block for each
operation that
streams changed resources and diagnostics as the engine runs and
finalizes with a
    summary of the op counts. Hidden behind PULUMI_EXPERIMENTAL.

[#&#8203;22697](https://redirect.github.com/pulumi/pulumi/pull/22697)

-   \[engine] Add `List` to the provider protocol and schema
[#&#8203;22693](https://redirect.github.com/pulumi/pulumi/pull/22693)

##### Bug Fixes

- \[engine] Return a clear error when two installed plugins claim the
same default provider package name (for example, a native `scaleway`
provider alongside a `terraform-provider` bridge parameterized as
`scaleway`) instead of panicking with "Should not have seen an older
plugin if sorting is correct!"
[#&#8203;22679](https://redirect.github.com/pulumi/pulumi/pull/22679)

- \[programgen] Do not wrap a `call(...)` on a method whose return type
is marked plain in an Output. Previously
PCL bound every method call's return type as `Output<T>`, which caused
downstream program-gen
to emit broken `.apply(...)`/`.ApplyT(...)` traversals against plain
struct returns (e.g.
methods with `liftSingleValueMethodReturns=true` or
`ReturnTypePlain=true`).

[#&#8203;22696](https://redirect.github.com/pulumi/pulumi/pull/22696)

- \[backend/diy] When using a backend url containing creds (e.g.
PostgreSQL conn string), mask user:pass as in lock-related error
messages
[#&#8203;22701](https://redirect.github.com/pulumi/pulumi/pull/22701)

- \[codegen/go] Generate unqualified `Provider` references for the
package's own provider resource. Previously
the Go codegen always emitted `<pkg>.Provider` even when the reference
appeared inside `<pkg>`
itself, producing identifiers that would not compile. Affects generated
code for method return
types (and other schema positions) that reference
`pulumi:providers:<pkg>`.

[#&#8203;22696](https://redirect.github.com/pulumi/pulumi/pull/22696)

- \[codegen/nodejs] Generate unqualified `Provider` references for the
package's own provider resource when emitting
TypeScript code inside that package. Previously the generator always
qualified the name as
`<pkg>.Provider`, which does not resolve when no `<pkg>` namespace
import is in scope.

[#&#8203;22696](https://redirect.github.com/pulumi/pulumi/pull/22696)

- \[codegen/nodejs] Import the correct class name for a provider
resource. Imports for `pulumi:providers:<pkg>` used
the title-cased package name instead of `Provider`, producing a phantom
identifier that clashed
    with the containing package's component/resource classes.

[#&#8203;22696](https://redirect.github.com/pulumi/pulumi/pull/22696)

- \[programgen/nodejs] Emit `await` for `call(...)` invocations of
methods whose return type is marked plain, and
force the generated program into an async `export = async () => ...`
wrapper whenever such a
call is present. The Node SDK returns `Promise<T>` for plain methods;
previously program-gen
    used the result directly, which did not match its runtime type.

[#&#8203;22696](https://redirect.github.com/pulumi/pulumi/pull/22696)

- \[codegen/python] Avoid a self-import (`import pulumi_<pkg>` inside
`pulumi_<pkg>/<module>.py`) when referencing
the package's own provider resource. Python referenced the Provider as
`pulumi_<pkg>.Provider`
    even inside that package, which caused a circular import at runtime.

[#&#8203;22696](https://redirect.github.com/pulumi/pulumi/pull/22696)

- \[sdk/python] Reduce internal `Output[T]` data to a single
`asyncio.Future`
[#&#8203;22661](https://redirect.github.com/pulumi/pulumi/pull/22661)

- \[sdkgen/{nodejs,python}] Generate optional input types that accept
undefined/None values
[#&#8203;22552](https://redirect.github.com/pulumi/pulumi/pull/22552)

##### Miscellaneous

- \[auto/go] Drop the "With" prefix from generated option helpers so
they match the naming of the existing optXxx packages
[#&#8203;22682](https://redirect.github.com/pulumi/pulumi/pull/22682)

###
[`v3.232.0`](https://redirect.github.com/pulumi/pulumi/blob/HEAD/CHANGELOG.md#32320-2026-04-22)

[Compare
Source](https://redirect.github.com/pulumi/pulumi/compare/v3.231.0...v3.232.0)

##### Features

- \[cli] Add an experimental `pulumi neo` command that creates a Pulumi
Neo agent task in CLI
tool-execution mode and runs the local tool loop. Filesystem and shell
tool calls
issued by the agent run on the user's machine in their working
directory; the
interactive chat continues to happen in the Pulumi Console at the URL
the command
    prints. Hidden behind PULUMI_EXPERIMENTAL.

[#&#8203;22473](https://redirect.github.com/pulumi/pulumi/pull/22473)

- \[cli] Add support for handling user approval requests in the `pulumi
neo` terminal UI.
When the agent requests confirmation for a sensitive action, the TUI
prompts the
user and forwards their response back to the Pulumi Console. Hidden
behind
    PULUMI_EXPERIMENTAL.

[#&#8203;22589](https://redirect.github.com/pulumi/pulumi/pull/22589)

- \[cli] Add an interactive terminal UI for `pulumi neo` built with
bubbletea, rendering
agent messages, tool calls, and streaming output in the terminal
alongside the
    Pulumi Console session. Hidden behind PULUMI_EXPERIMENTAL.

[#&#8203;22570](https://redirect.github.com/pulumi/pulumi/pull/22570)

-   \[cli] Switch logging library from glog to slog.

BREAKING: any `if logging.V(x) {` need to be changed to `if
logging.V(x).Enabled()`

[#&#8203;22548](https://redirect.github.com/pulumi/pulumi/pull/22548)

- \[cli] Add a plan-mode toggle to the `pulumi neo` TUI, bound to
Shift+Tab. When
plan mode is on, Neo explores and asks questions without writing files,
running `pulumi up`, or opening PRs, and surfaces an approved plan via a
dedicated approval gate. The toggle must be set before the first message
(plan mode is task-level on the wire); approving the proposed plan exits
    plan mode automatically.

[#&#8203;22634](https://redirect.github.com/pulumi/pulumi/pull/22634)

- \[cli] The `pulumi neo` TUI now drives its "thinking" spinner off a
single declarative
rule (the spinner stays on until a final event — final assistant
message, approval
request, cancellation, or error — lands), so the indicator no longer
flickers off
when the agent hands off tool calls to the CLI or when streaming text
arrives
between tools. Press `Esc` during a turn to ask the agent to cancel; the
label
    switches to "Cancelling..." until the backend acknowledges.

[#&#8203;22637](https://redirect.github.com/pulumi/pulumi/pull/22637)

- \[cli] `pulumi neo` now executes the `edit` filesystem tool locally,
matching the schema
and response wording of the upstream mcp-claude-code tool so the agent
sees
identical output whether the call ran on Cloud or CLI. `edit` performs
exact-string
replacement with occurrence-count validation, and creates a new file
when the
    target is missing and `old_string` is empty.

[#&#8203;22654](https://redirect.github.com/pulumi/pulumi/pull/22654)

##### Bug Fixes

- \[cli] Render user messages in the `pulumi neo` TUI as soon as they're
submitted
instead of waiting for the Pulumi Cloud event stream to echo them back.
    The initial prompt passed on the command line also appears in the
transcript at startup. Self-echoes from the server are de-duplicated;
user input that originated from another client (e.g. the web UI on the
    same task) still renders.

[#&#8203;22629](https://redirect.github.com/pulumi/pulumi/pull/22629)

- \[cli] Wrap warnings, errors, and user-message bubbles to the terminal
width in the
`pulumi neo` TUI. Previously these blocks rendered as single long lines
that
were clipped at the right edge of the viewport. On resize, all
width-dependent
transcript blocks (user messages, warnings, errors, assistant messages)
now
    reflow to the new terminal width.

[#&#8203;22635](https://redirect.github.com/pulumi/pulumi/pull/22635)

- \[cli/policy] Fix `policy ls` to use the default org name, not
username
[#&#8203;22656](https://redirect.github.com/pulumi/pulumi/pull/22656)

- \[engine] Fix provider registry race condition in parallel
delete-before-replace
[#&#8203;21487](https://redirect.github.com/pulumi/pulumi/pull/21487)

- \[engine] Signal providers to cancel before closing them during
replacement

-   \[sdkgen] Error on 'id' in state inputs
[#&#8203;22636](https://redirect.github.com/pulumi/pulumi/pull/22636)

- \[programgen/python] Add necessary casts between types in generated
programs
[#&#8203;22567](https://redirect.github.com/pulumi/pulumi/pull/22567)

- \[sdkgen/go] Fix caching of package references to be per-deployment
not per-process
[#&#8203;22170](https://redirect.github.com/pulumi/pulumi/pull/22170)

##### Miscellaneous

-   \[java] Upgrade java to v1.25.0
[#&#8203;22673](https://redirect.github.com/pulumi/pulumi/pull/22673)

- \[auto/go] Generate command methods for the Go Automation API codegen
[#&#8203;22612](https://redirect.github.com/pulumi/pulumi/pull/22612)

- \[sdk] Clarify docs on the `remote` parameter of `ComponentResource` /
`Resource` in the Node and Python SDKs
[#&#8203;22603](https://redirect.github.com/pulumi/pulumi/pull/22603)

-   \[sdk/dotnet] Upgrade dotnet to v3.103.1
[#&#8203;22676](https://redirect.github.com/pulumi/pulumi/pull/22676)

-   \[yaml] Upgrade yaml to v1.32.0
[#&#8203;22674](https://redirect.github.com/pulumi/pulumi/pull/22674)

</details>

<details>
<summary>pulumi/providertest (github.com/pulumi/providertest)</summary>

###
[`v0.7.0`](https://redirect.github.com/pulumi/providertest/releases/tag/v0.7.0)

[Compare
Source](https://redirect.github.com/pulumi/providertest/compare/v0.6.0...v0.7.0)

##### What's Changed

- Bump golang.org/x/crypto from 0.36.0 to 0.45.0 in the go_modules group
across 1 directory by
[@&#8203;dependabot](https://redirect.github.com/dependabot)\[bot]
in[https://github.com/pulumi/providertest/pull/159](https://redirect.github.com/pulumi/providertest/pull/159)9
- Fix python_gcp test by adding setuptools dependency by
[@&#8203;pose](https://redirect.github.com/pose) in
[https://github.com/pulumi/providertest/pull/167](https://redirect.github.com/pulumi/providertest/pull/167)
- Rename project to python_gcp and update description by
[@&#8203;pose](https://redirect.github.com/pose) in
[https://github.com/pulumi/providertest/pull/166](https://redirect.github.com/pulumi/providertest/pull/166)
- fix(pulumitest): start fresh providers per engine operation by
[@&#8203;rshade](https://redirect.github.com/rshade) in
[https://github.com/pulumi/providertest/pull/170](https://redirect.github.com/pulumi/providertest/pull/170)
- feat(pulumitest): log pulumi version and plugins on stack creation by
[@&#8203;rshade](https://redirect.github.com/rshade) in
[https://github.com/pulumi/providertest/pull/171](https://redirect.github.com/pulumi/providertest/pull/171)

**Full Changelog**:
https://github.com/pulumi/providertest/compare/v0.6.0...v0.7.0

</details>

<details>
<summary>pulumi/pulumi-dotnet
(github.com/pulumi/pulumi-dotnet/pulumi-language-dotnet/v3)</summary>

###
[`v3.105.0`](https://redirect.github.com/pulumi/pulumi-dotnet/blob/HEAD/CHANGELOG.md#v31050---2026-05-04)

[Compare
Source](https://redirect.github.com/pulumi/pulumi-dotnet/compare/v3.104.0...v3.105.0)

###
[`v3.104.0`](https://redirect.github.com/pulumi/pulumi-dotnet/blob/HEAD/CHANGELOG.md#v31040---2026-04-29)

[Compare
Source](https://redirect.github.com/pulumi/pulumi-dotnet/compare/v3.103.1...v3.104.0)

##### Improvements

- \[runtime] Support the `getOutput` pcl intrinsic in codegen
[#&#8203;977](https://redirect.github.com/pulumi/pulumi-dotnet/pull/977)

###
[`v3.103.1`](https://redirect.github.com/pulumi/pulumi-dotnet/blob/HEAD/CHANGELOG.md#v31031---2026-04-21)

[Compare
Source](https://redirect.github.com/pulumi/pulumi-dotnet/compare/v3.103.0...v3.103.1)

##### Bug Fixes

- \[runtime] Ensure that 'main' is always respected for selecting
projects to run
[#&#8203;55](https://redirect.github.com/pulumi/pulumi-dotnet/pull/55)

- \[runtime] Generate compilable C# for resources whose range is an
Output-typed expression such as `length(someInvoke.result)`. The loop is
now wrapped in `.Apply(rangeBody => { ... })` so the loop bound sees a
plain `int`, and `length` on an `Output<ImmutableArray<T>>` is emitted
as the extension method `.Length()` (with parentheses) rather than as a
property.
[#&#8203;969](https://redirect.github.com/pulumi/pulumi-dotnet/pull/969)

- \[runtime] Fix codegen for nested `InputMap` literals so the produced
C# compiles
([#&#8203;833](https://redirect.github.com/pulumi/pulumi-dotnet/issues/833))
[#&#8203;970](https://redirect.github.com/pulumi/pulumi-dotnet/pull/970)

</details>

<details>
<summary>pulumi/pulumi-go-provider
(github.com/pulumi/pulumi-go-provider)</summary>

###
[`v1.3.2`](https://redirect.github.com/pulumi/pulumi-go-provider/releases/tag/v1.3.2)

[Compare
Source](https://redirect.github.com/pulumi/pulumi-go-provider/compare/v1.3.1...v1.3.2)

#### What's Changed

- Update module github.com/pulumi/pulumi/pkg/v3 to v3.230.0 by
[@&#8203;pulumi-renovate](https://redirect.github.com/pulumi-renovate)\[bot]
in[https://github.com/pulumi/pulumi-go-provider/pull/509](https://redirect.github.com/pulumi/pulumi-go-provider/pull/509)9
- Correctly encode & decode `types.AssetOrArchive` by
[@&#8203;iwahbe](https://redirect.github.com/iwahbe) in
[https://github.com/pulumi/pulumi-go-provider/pull/512](https://redirect.github.com/pulumi/pulumi-go-provider/pull/512)
- Resolve framework version via runtime/debug.ReadBuildInfo by
[@&#8203;iwahbe](https://redirect.github.com/iwahbe) in
[https://github.com/pulumi/pulumi-go-provider/pull/514](https://redirect.github.com/pulumi/pulumi-go-provider/pull/514)

**Full Changelog**:
https://github.com/pulumi/pulumi-go-provider/compare/v1.3.1...v1.3.2

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - Monday through Friday ( * * * * 1-5 ) (UTC).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yNjQuMCIsInVwZGF0ZWRJblZlciI6IjM5LjI2NC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiLCJpbXBhY3Qvbm8tY2hhbmdlbG9nLXJlcXVpcmVkIl19-->

---------

Co-authored-by: pulumi-renovate[bot] <189166143+pulumi-renovate[bot]@users.noreply.github.com>
Co-authored-by: Ian Wahbe <me@iwahbe.com>
2026-05-06 16:57:43 +00:00

1809 lines
75 KiB
Python
Generated
Raw Blame History

# coding=utf-8
# *** WARNING: this file was generated by pulumi-language-python. ***
# *** Do not edit by hand unless you're certain you know what you are doing! ***
import builtins as _builtins
import warnings
import sys
import pulumi
import pulumi.runtime
from typing import Any, Mapping, Optional, Sequence, Union, overload
if sys.version_info >= (3, 11):
from typing import NotRequired, TypedDict, TypeAlias
else:
from typing_extensions import NotRequired, TypedDict, TypeAlias
from . import _utilities
from . import outputs
from ._enums import *
from ._inputs import *
__all__ = ['ImageArgs', 'Image']
@pulumi.input_type
class ImageArgs:
def __init__(__self__, *,
push: pulumi.Input[_builtins.bool],
add_hosts: pulumi.Input[Optional[Sequence[pulumi.Input[_builtins.str]]]] = None,
build_args: pulumi.Input[Optional[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
build_on_preview: pulumi.Input[Optional[_builtins.bool]] = None,
builder: pulumi.Input[Optional['BuilderConfigArgs']] = None,
cache_from: pulumi.Input[Optional[Sequence[pulumi.Input['CacheFromArgs']]]] = None,
cache_to: pulumi.Input[Optional[Sequence[pulumi.Input['CacheToArgs']]]] = None,
context: pulumi.Input[Optional['BuildContextArgs']] = None,
dockerfile: pulumi.Input[Optional['DockerfileArgs']] = None,
exec_: pulumi.Input[Optional[_builtins.bool]] = None,
exports: pulumi.Input[Optional[Sequence[pulumi.Input['ExportArgs']]]] = None,
labels: pulumi.Input[Optional[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
load: pulumi.Input[Optional[_builtins.bool]] = None,
network: pulumi.Input[Optional['NetworkMode']] = None,
no_cache: pulumi.Input[Optional[_builtins.bool]] = None,
platforms: pulumi.Input[Optional[Sequence[pulumi.Input['Platform']]]] = None,
pull: pulumi.Input[Optional[_builtins.bool]] = None,
registries: pulumi.Input[Optional[Sequence[pulumi.Input['RegistryArgs']]]] = None,
secrets: pulumi.Input[Optional[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
ssh: pulumi.Input[Optional[Sequence[pulumi.Input['SSHArgs']]]] = None,
tags: pulumi.Input[Optional[Sequence[pulumi.Input[_builtins.str]]]] = None,
target: pulumi.Input[Optional[_builtins.str]] = None):
"""
The set of arguments for constructing a Image resource.
:param pulumi.Input[_builtins.bool] push: When `true` the build will automatically include a `registry` export.
Defaults to `false`.
Equivalent to Docker's `--push` flag.
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] add_hosts: Custom `host:ip` mappings to use during the build.
Equivalent to Docker's `--add-host` flag.
:param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] build_args: `ARG` names and values to set during the build.
These variables are accessed like environment variables inside `RUN`
instructions.
Build arguments are persisted in the image, so you should use `secrets`
if these arguments are sensitive.
Equivalent to Docker's `--build-arg` flag.
:param pulumi.Input[_builtins.bool] build_on_preview: Setting this to `false` will always skip image builds during previews,
and setting it to `true` will always build images during previews.
Images built during previews are never exported to registries, however
cache manifests are still exported.
On-disk Dockerfiles are always validated for syntactic correctness
regardless of this setting.
Defaults to `true` as a safeguard against broken images merging as part
of CI pipelines.
:param pulumi.Input['BuilderConfigArgs'] builder: Builder configuration.
:param pulumi.Input[Sequence[pulumi.Input['CacheFromArgs']]] cache_from: Cache export configuration.
Equivalent to Docker's `--cache-from` flag.
:param pulumi.Input[Sequence[pulumi.Input['CacheToArgs']]] cache_to: Cache import configuration.
Equivalent to Docker's `--cache-to` flag.
:param pulumi.Input['BuildContextArgs'] context: Build context settings. Defaults to the current directory.
Equivalent to Docker's `PATH | URL | -` positional argument.
:param pulumi.Input['DockerfileArgs'] dockerfile: Dockerfile settings.
Equivalent to Docker's `--file` flag.
:param pulumi.Input[_builtins.bool] exec_: Use `exec` mode to build this image.
By default the provider embeds a v25 Docker client with v0.12 buildx
support. This helps ensure consistent behavior across environments and
is compatible with alternative build backends (e.g. `buildkitd`), but
it may not be desirable if you require a specific version of buildx.
For example you may want to run a custom `docker-buildx` binary with
support for [Docker Build
Cloud](https://docs.docker.com/build/cloud/setup/) (DBC).
When this is set to `true` the provider will instead execute the
`docker-buildx` binary directly to perform its operations. The user is
responsible for ensuring this binary exists, with correct permissions
and pre-configured builders, at a path Docker expects (e.g.
`~/.docker/cli-plugins`).
Debugging `exec` mode may be more difficult as Pulumi will not be able
to surface fine-grained errors and warnings. Additionally credentials
are temporarily written to disk in order to provide them to the
`docker-buildx` binary.
:param pulumi.Input[Sequence[pulumi.Input['ExportArgs']]] exports: Controls where images are persisted after building.
Images are only stored in the local cache unless `exports` are
explicitly configured.
Exporting to multiple destinations requires a daemon running BuildKit
0.13 or later.
Equivalent to Docker's `--output` flag.
:param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] labels: Attach arbitrary key/value metadata to the image.
Equivalent to Docker's `--label` flag.
:param pulumi.Input[_builtins.bool] load: When `true` the build will automatically include a `docker` export.
Defaults to `false`.
Equivalent to Docker's `--load` flag.
:param pulumi.Input['NetworkMode'] network: Set the network mode for `RUN` instructions. Defaults to `default`.
For custom networks, configure your builder with `--driver-opt network=...`.
Equivalent to Docker's `--network` flag.
:param pulumi.Input[_builtins.bool] no_cache: Do not import cache manifests when building the image.
Equivalent to Docker's `--no-cache` flag.
:param pulumi.Input[Sequence[pulumi.Input['Platform']]] platforms: Set target platform(s) for the build. Defaults to the host's platform.
Equivalent to Docker's `--platform` flag.
:param pulumi.Input[_builtins.bool] pull: Always pull referenced images.
Equivalent to Docker's `--pull` flag.
:param pulumi.Input[Sequence[pulumi.Input['RegistryArgs']]] registries: Registry credentials. Required if reading or exporting to private
repositories.
Credentials are kept in-memory and do not pollute pre-existing
credentials on the host.
Similar to `docker login`.
:param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] secrets: A mapping of secret names to their corresponding values.
Unlike the Docker CLI, these can be passed by value and do not need to
exist on-disk or in environment variables.
Build arguments and environment variables are persistent in the final
image, so you should use this for sensitive values.
Similar to Docker's `--secret` flag.
:param pulumi.Input[Sequence[pulumi.Input['SSHArgs']]] ssh: SSH agent socket or keys to expose to the build.
Equivalent to Docker's `--ssh` flag.
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] tags: Name and optionally a tag (format: `name:tag`).
If exporting to a registry, the name should include the fully qualified
registry address (e.g. `docker.io/pulumi/pulumi:latest`).
Equivalent to Docker's `--tag` flag.
:param pulumi.Input[_builtins.str] target: Set the target build stage(s) to build.
If not specified all targets will be built by default.
Equivalent to Docker's `--target` flag.
"""
pulumi.set(__self__, "push", push)
if add_hosts is not None:
pulumi.set(__self__, "add_hosts", add_hosts)
if build_args is not None:
pulumi.set(__self__, "build_args", build_args)
if build_on_preview is None:
build_on_preview = True
if build_on_preview is not None:
pulumi.set(__self__, "build_on_preview", build_on_preview)
if builder is not None:
pulumi.set(__self__, "builder", builder)
if cache_from is not None:
pulumi.set(__self__, "cache_from", cache_from)
if cache_to is not None:
pulumi.set(__self__, "cache_to", cache_to)
if context is not None:
pulumi.set(__self__, "context", context)
if dockerfile is not None:
pulumi.set(__self__, "dockerfile", dockerfile)
if exec_ is not None:
pulumi.set(__self__, "exec_", exec_)
if exports is not None:
pulumi.set(__self__, "exports", exports)
if labels is not None:
pulumi.set(__self__, "labels", labels)
if load is not None:
pulumi.set(__self__, "load", load)
if network is None:
network = 'default'
if network is not None:
pulumi.set(__self__, "network", network)
if no_cache is not None:
pulumi.set(__self__, "no_cache", no_cache)
if platforms is not None:
pulumi.set(__self__, "platforms", platforms)
if pull is not None:
pulumi.set(__self__, "pull", pull)
if registries is not None:
pulumi.set(__self__, "registries", registries)
if secrets is not None:
pulumi.set(__self__, "secrets", secrets)
if ssh is not None:
pulumi.set(__self__, "ssh", ssh)
if tags is not None:
pulumi.set(__self__, "tags", tags)
if target is not None:
pulumi.set(__self__, "target", target)
@_builtins.property
@pulumi.getter
def push(self) -> pulumi.Input[_builtins.bool]:
"""
When `true` the build will automatically include a `registry` export.
Defaults to `false`.
Equivalent to Docker's `--push` flag.
"""
return pulumi.get(self, "push")
@push.setter
def push(self, value: pulumi.Input[_builtins.bool]):
pulumi.set(self, "push", value)
@_builtins.property
@pulumi.getter(name="addHosts")
def add_hosts(self) -> pulumi.Input[Optional[Sequence[pulumi.Input[_builtins.str]]]]:
"""
Custom `host:ip` mappings to use during the build.
Equivalent to Docker's `--add-host` flag.
"""
return pulumi.get(self, "add_hosts")
@add_hosts.setter
def add_hosts(self, value: pulumi.Input[Optional[Sequence[pulumi.Input[_builtins.str]]]]):
pulumi.set(self, "add_hosts", value)
@_builtins.property
@pulumi.getter(name="buildArgs")
def build_args(self) -> pulumi.Input[Optional[Mapping[str, pulumi.Input[_builtins.str]]]]:
"""
`ARG` names and values to set during the build.
These variables are accessed like environment variables inside `RUN`
instructions.
Build arguments are persisted in the image, so you should use `secrets`
if these arguments are sensitive.
Equivalent to Docker's `--build-arg` flag.
"""
return pulumi.get(self, "build_args")
@build_args.setter
def build_args(self, value: pulumi.Input[Optional[Mapping[str, pulumi.Input[_builtins.str]]]]):
pulumi.set(self, "build_args", value)
@_builtins.property
@pulumi.getter(name="buildOnPreview")
def build_on_preview(self) -> pulumi.Input[Optional[_builtins.bool]]:
"""
Setting this to `false` will always skip image builds during previews,
and setting it to `true` will always build images during previews.
Images built during previews are never exported to registries, however
cache manifests are still exported.
On-disk Dockerfiles are always validated for syntactic correctness
regardless of this setting.
Defaults to `true` as a safeguard against broken images merging as part
of CI pipelines.
"""
return pulumi.get(self, "build_on_preview")
@build_on_preview.setter
def build_on_preview(self, value: pulumi.Input[Optional[_builtins.bool]]):
pulumi.set(self, "build_on_preview", value)
@_builtins.property
@pulumi.getter
def builder(self) -> pulumi.Input[Optional['BuilderConfigArgs']]:
"""
Builder configuration.
"""
return pulumi.get(self, "builder")
@builder.setter
def builder(self, value: pulumi.Input[Optional['BuilderConfigArgs']]):
pulumi.set(self, "builder", value)
@_builtins.property
@pulumi.getter(name="cacheFrom")
def cache_from(self) -> pulumi.Input[Optional[Sequence[pulumi.Input['CacheFromArgs']]]]:
"""
Cache export configuration.
Equivalent to Docker's `--cache-from` flag.
"""
return pulumi.get(self, "cache_from")
@cache_from.setter
def cache_from(self, value: pulumi.Input[Optional[Sequence[pulumi.Input['CacheFromArgs']]]]):
pulumi.set(self, "cache_from", value)
@_builtins.property
@pulumi.getter(name="cacheTo")
def cache_to(self) -> pulumi.Input[Optional[Sequence[pulumi.Input['CacheToArgs']]]]:
"""
Cache import configuration.
Equivalent to Docker's `--cache-to` flag.
"""
return pulumi.get(self, "cache_to")
@cache_to.setter
def cache_to(self, value: pulumi.Input[Optional[Sequence[pulumi.Input['CacheToArgs']]]]):
pulumi.set(self, "cache_to", value)
@_builtins.property
@pulumi.getter
def context(self) -> pulumi.Input[Optional['BuildContextArgs']]:
"""
Build context settings. Defaults to the current directory.
Equivalent to Docker's `PATH | URL | -` positional argument.
"""
return pulumi.get(self, "context")
@context.setter
def context(self, value: pulumi.Input[Optional['BuildContextArgs']]):
pulumi.set(self, "context", value)
@_builtins.property
@pulumi.getter
def dockerfile(self) -> pulumi.Input[Optional['DockerfileArgs']]:
"""
Dockerfile settings.
Equivalent to Docker's `--file` flag.
"""
return pulumi.get(self, "dockerfile")
@dockerfile.setter
def dockerfile(self, value: pulumi.Input[Optional['DockerfileArgs']]):
pulumi.set(self, "dockerfile", value)
@_builtins.property
@pulumi.getter(name="exec")
def exec_(self) -> pulumi.Input[Optional[_builtins.bool]]:
"""
Use `exec` mode to build this image.
By default the provider embeds a v25 Docker client with v0.12 buildx
support. This helps ensure consistent behavior across environments and
is compatible with alternative build backends (e.g. `buildkitd`), but
it may not be desirable if you require a specific version of buildx.
For example you may want to run a custom `docker-buildx` binary with
support for [Docker Build
Cloud](https://docs.docker.com/build/cloud/setup/) (DBC).
When this is set to `true` the provider will instead execute the
`docker-buildx` binary directly to perform its operations. The user is
responsible for ensuring this binary exists, with correct permissions
and pre-configured builders, at a path Docker expects (e.g.
`~/.docker/cli-plugins`).
Debugging `exec` mode may be more difficult as Pulumi will not be able
to surface fine-grained errors and warnings. Additionally credentials
are temporarily written to disk in order to provide them to the
`docker-buildx` binary.
"""
return pulumi.get(self, "exec_")
@exec_.setter
def exec_(self, value: pulumi.Input[Optional[_builtins.bool]]):
pulumi.set(self, "exec_", value)
@_builtins.property
@pulumi.getter
def exports(self) -> pulumi.Input[Optional[Sequence[pulumi.Input['ExportArgs']]]]:
"""
Controls where images are persisted after building.
Images are only stored in the local cache unless `exports` are
explicitly configured.
Exporting to multiple destinations requires a daemon running BuildKit
0.13 or later.
Equivalent to Docker's `--output` flag.
"""
return pulumi.get(self, "exports")
@exports.setter
def exports(self, value: pulumi.Input[Optional[Sequence[pulumi.Input['ExportArgs']]]]):
pulumi.set(self, "exports", value)
@_builtins.property
@pulumi.getter
def labels(self) -> pulumi.Input[Optional[Mapping[str, pulumi.Input[_builtins.str]]]]:
"""
Attach arbitrary key/value metadata to the image.
Equivalent to Docker's `--label` flag.
"""
return pulumi.get(self, "labels")
@labels.setter
def labels(self, value: pulumi.Input[Optional[Mapping[str, pulumi.Input[_builtins.str]]]]):
pulumi.set(self, "labels", value)
@_builtins.property
@pulumi.getter
def load(self) -> pulumi.Input[Optional[_builtins.bool]]:
"""
When `true` the build will automatically include a `docker` export.
Defaults to `false`.
Equivalent to Docker's `--load` flag.
"""
return pulumi.get(self, "load")
@load.setter
def load(self, value: pulumi.Input[Optional[_builtins.bool]]):
pulumi.set(self, "load", value)
@_builtins.property
@pulumi.getter
def network(self) -> pulumi.Input[Optional['NetworkMode']]:
"""
Set the network mode for `RUN` instructions. Defaults to `default`.
For custom networks, configure your builder with `--driver-opt network=...`.
Equivalent to Docker's `--network` flag.
"""
return pulumi.get(self, "network")
@network.setter
def network(self, value: pulumi.Input[Optional['NetworkMode']]):
pulumi.set(self, "network", value)
@_builtins.property
@pulumi.getter(name="noCache")
def no_cache(self) -> pulumi.Input[Optional[_builtins.bool]]:
"""
Do not import cache manifests when building the image.
Equivalent to Docker's `--no-cache` flag.
"""
return pulumi.get(self, "no_cache")
@no_cache.setter
def no_cache(self, value: pulumi.Input[Optional[_builtins.bool]]):
pulumi.set(self, "no_cache", value)
@_builtins.property
@pulumi.getter
def platforms(self) -> pulumi.Input[Optional[Sequence[pulumi.Input['Platform']]]]:
"""
Set target platform(s) for the build. Defaults to the host's platform.
Equivalent to Docker's `--platform` flag.
"""
return pulumi.get(self, "platforms")
@platforms.setter
def platforms(self, value: pulumi.Input[Optional[Sequence[pulumi.Input['Platform']]]]):
pulumi.set(self, "platforms", value)
@_builtins.property
@pulumi.getter
def pull(self) -> pulumi.Input[Optional[_builtins.bool]]:
"""
Always pull referenced images.
Equivalent to Docker's `--pull` flag.
"""
return pulumi.get(self, "pull")
@pull.setter
def pull(self, value: pulumi.Input[Optional[_builtins.bool]]):
pulumi.set(self, "pull", value)
@_builtins.property
@pulumi.getter
def registries(self) -> pulumi.Input[Optional[Sequence[pulumi.Input['RegistryArgs']]]]:
"""
Registry credentials. Required if reading or exporting to private
repositories.
Credentials are kept in-memory and do not pollute pre-existing
credentials on the host.
Similar to `docker login`.
"""
return pulumi.get(self, "registries")
@registries.setter
def registries(self, value: pulumi.Input[Optional[Sequence[pulumi.Input['RegistryArgs']]]]):
pulumi.set(self, "registries", value)
@_builtins.property
@pulumi.getter
def secrets(self) -> pulumi.Input[Optional[Mapping[str, pulumi.Input[_builtins.str]]]]:
"""
A mapping of secret names to their corresponding values.
Unlike the Docker CLI, these can be passed by value and do not need to
exist on-disk or in environment variables.
Build arguments and environment variables are persistent in the final
image, so you should use this for sensitive values.
Similar to Docker's `--secret` flag.
"""
return pulumi.get(self, "secrets")
@secrets.setter
def secrets(self, value: pulumi.Input[Optional[Mapping[str, pulumi.Input[_builtins.str]]]]):
pulumi.set(self, "secrets", value)
@_builtins.property
@pulumi.getter
def ssh(self) -> pulumi.Input[Optional[Sequence[pulumi.Input['SSHArgs']]]]:
"""
SSH agent socket or keys to expose to the build.
Equivalent to Docker's `--ssh` flag.
"""
return pulumi.get(self, "ssh")
@ssh.setter
def ssh(self, value: pulumi.Input[Optional[Sequence[pulumi.Input['SSHArgs']]]]):
pulumi.set(self, "ssh", value)
@_builtins.property
@pulumi.getter
def tags(self) -> pulumi.Input[Optional[Sequence[pulumi.Input[_builtins.str]]]]:
"""
Name and optionally a tag (format: `name:tag`).
If exporting to a registry, the name should include the fully qualified
registry address (e.g. `docker.io/pulumi/pulumi:latest`).
Equivalent to Docker's `--tag` flag.
"""
return pulumi.get(self, "tags")
@tags.setter
def tags(self, value: pulumi.Input[Optional[Sequence[pulumi.Input[_builtins.str]]]]):
pulumi.set(self, "tags", value)
@_builtins.property
@pulumi.getter
def target(self) -> pulumi.Input[Optional[_builtins.str]]:
"""
Set the target build stage(s) to build.
If not specified all targets will be built by default.
Equivalent to Docker's `--target` flag.
"""
return pulumi.get(self, "target")
@target.setter
def target(self, value: pulumi.Input[Optional[_builtins.str]]):
pulumi.set(self, "target", value)
@pulumi.type_token("docker-build:index:Image")
class Image(pulumi.CustomResource):
@overload
def __init__(__self__,
resource_name: str,
opts: Optional[pulumi.ResourceOptions] = None,
add_hosts: pulumi.Input[Optional[Sequence[pulumi.Input[_builtins.str]]]] = None,
build_args: pulumi.Input[Optional[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
build_on_preview: pulumi.Input[Optional[_builtins.bool]] = None,
builder: pulumi.Input[Optional[Union['BuilderConfigArgs', 'BuilderConfigArgsDict']]] = None,
cache_from: pulumi.Input[Optional[Sequence[pulumi.Input[Union['CacheFromArgs', 'CacheFromArgsDict']]]]] = None,
cache_to: pulumi.Input[Optional[Sequence[pulumi.Input[Union['CacheToArgs', 'CacheToArgsDict']]]]] = None,
context: pulumi.Input[Optional[Union['BuildContextArgs', 'BuildContextArgsDict']]] = None,
dockerfile: pulumi.Input[Optional[Union['DockerfileArgs', 'DockerfileArgsDict']]] = None,
exec_: pulumi.Input[Optional[_builtins.bool]] = None,
exports: pulumi.Input[Optional[Sequence[pulumi.Input[Union['ExportArgs', 'ExportArgsDict']]]]] = None,
labels: pulumi.Input[Optional[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
load: pulumi.Input[Optional[_builtins.bool]] = None,
network: pulumi.Input[Optional['NetworkMode']] = None,
no_cache: pulumi.Input[Optional[_builtins.bool]] = None,
platforms: pulumi.Input[Optional[Sequence[pulumi.Input['Platform']]]] = None,
pull: pulumi.Input[Optional[_builtins.bool]] = None,
push: pulumi.Input[Optional[_builtins.bool]] = None,
registries: pulumi.Input[Optional[Sequence[pulumi.Input[Union['RegistryArgs', 'RegistryArgsDict']]]]] = None,
secrets: pulumi.Input[Optional[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
ssh: pulumi.Input[Optional[Sequence[pulumi.Input[Union['SSHArgs', 'SSHArgsDict']]]]] = None,
tags: pulumi.Input[Optional[Sequence[pulumi.Input[_builtins.str]]]] = None,
target: pulumi.Input[Optional[_builtins.str]] = None,
__props__=None):
"""
A Docker image built using buildx -- Docker's interface to the improved
BuildKit backend.
## Stability
**This resource is pre-1.0 and in public preview.**
We will strive to keep APIs and behavior as stable as possible, but we
cannot guarantee stability until version 1.0.
## Migrating Pulumi Docker v3 and v4 Image resources
This provider's `Image` resource provides a superset of functionality over the `Image` resources available in versions 3 and 4 of the Pulumi Docker provider.
Existing `Image` resources can be converted to the docker-build `Image` resources with minor modifications.
### Behavioral differences
There are several key behavioral differences to keep in mind when transitioning images to the new `Image` resource.
#### Previews
Version `3.x` of the Pulumi Docker provider always builds images during preview operations.
This is helpful as a safeguard to prevent "broken" images from merging, but users found the behavior unnecessarily redundant when running previews and updates locally.
Version `4.x` changed build-on-preview behavior to be opt-in.
By default, `v4.x` `Image` resources do _not_ build during previews, but this behavior can be toggled with the `buildOnPreview` option.
Several users reported outages due to the default behavior allowing bad images to accidentally sneak through CI.
The default behavior of this provider's `Image` resource is similar to `3.x` and will build images during previews.
This behavior can be changed by specifying `buildOnPreview`.
#### Push behavior
Versions `3.x` and `4.x` of the Pulumi Docker provider attempt to push images to remote registries by default.
They expose a `skipPush: true` option to disable pushing.
This provider's `Image` resource matches the Docker CLI's behavior and does not push images anywhere by default.
To push images to a registry you can include `push: true` (equivalent to Docker's `--push` flag) or configure an `export` of type `registry` (equivalent to Docker's `--output type=registry`).
Like Docker, if an image is configured without exports you will see a warning with instructions for how to enable pushing, but the build will still proceed normally.
#### Secrets
Version `3.x` of the Pulumi Docker provider supports secrets by way of the `extraOptions` field.
Version `4.x` of the Pulumi Docker provider does not support secrets.
The `Image` resource supports secrets but does not require those secrets to exist on-disk or in environment variables.
Instead, they should be passed directly as values.
(Please be sure to familiarize yourself with Pulumi's [native secret handling](https://www.pulumi.com/docs/concepts/secrets/).)
Pulumi also provides [ESC](https://www.pulumi.com/product/esc/) to make it easier to share secrets across stacks and environments.
#### Caching
Version `3.x` of the Pulumi Docker provider exposes `cacheFrom: bool | { stages: [...] }`.
It builds targets individually and pushes them to separate images for caching.
Version `4.x` exposes a similar parameter `cacheFrom: { images: [...] }` which pushes and pulls inline caches.
Both versions 3 and 4 require specific environment variables to be set and deviate from Docker's native caching behavior.
This can result in inefficient builds due to unnecessary image pulls, repeated file transfers, etc.
The `Image` resource delegates all caching behavior to Docker.
`cacheFrom` and `cacheTo` options (equivalent to Docker's `--cache-to` and `--cache-from`) are exposed and provide additional cache targets, such as local disk, S3 storage, etc.
#### Outputs
Versions `3.x` and `4.x` of the provider exposed a `repoDigest` output which was a fully qualified tag with digest.
In `4.x` this could also be a single sha256 hash if the image wasn't pushed.
Unlike earlier providers the `Image` resource can push multiple tags.
As a convenience, it exposes a `ref` output consisting of a tag with digest as long as the image was pushed.
If multiple tags were pushed this uses one at random.
If you need more control over tag references you can use the `digest` output, which is always a single sha256 hash as long as the image was exported somewhere.
#### Tag deletion and refreshes
Versions 3 and 4 of Pulumi Docker provider do not delete tags when the `Image` resource is deleted, nor do they confirm expected tags exist during `refresh` operations.
The `buidx.Image` will query your registries during `refresh` to ensure the expected tags exist.
If any are missing a subsequent `update` will push them.
When a `Image` is deleted, it will _attempt_ to also delete any pushed tags.
Deletion of remote tags is not guaranteed because not all registries support the manifest `DELETE` API (`docker.io` in particular).
Manifests are _not_ deleted in the same way during updates -- to do so safely would require a full build to determine whether a Pulumi operation should be an update or update-replace.
Use the [`retainOnDelete: true`](https://www.pulumi.com/docs/concepts/options/retainondelete/) option if you do not want tags deleted.
### Example migration
Examples of "fully-featured" `v3` and `v4` `Image` resources are shown below, along with an example `Image` resource showing how they would look after migration.
The `v3` resource leverages `buildx` via a `DOCKER_BUILDKIT` environment variable and CLI flags passed in with `extraOption`.
After migration, the environment variable is no longer needed and CLI flags are now properties on the `Image`.
In almost all cases, properties of `Image` are named after the Docker CLI flag they correspond to.
The `v4` resource is less functional than its `v3` counterpart because it lacks the flexibility of `extraOptions`.
It it is shown with parameters similar to the `v3` example for completeness.
## Example Usage
## Example Usage
### Push to AWS ECR with caching
```python
import pulumi
import pulumi_aws as aws
import pulumi_docker_build as docker_build
ecr_repository = aws.ecr.Repository("ecr-repository")
auth_token = aws.ecr.get_authorization_token_output(registry_id=ecr_repository.registry_id)
my_image = docker_build.Image("my-image",
cache_from=[{
"registry": {
"ref": ecr_repository.repository_url.apply(lambda repository_url: f"{repository_url}:cache"),
},
}],
cache_to=[{
"registry": {
"image_manifest": True,
"oci_media_types": True,
"ref": ecr_repository.repository_url.apply(lambda repository_url: f"{repository_url}:cache"),
},
}],
context={
"location": "./app",
},
push=True,
registries=[{
"address": ecr_repository.repository_url,
"password": auth_token.password,
"username": auth_token.user_name,
}],
tags=[ecr_repository.repository_url.apply(lambda repository_url: f"{repository_url}:latest")])
pulumi.export("ref", my_image.ref)
```
### Multi-platform image
```python
import pulumi
import pulumi_docker_build as docker_build
image = docker_build.Image("image",
context={
"location": "app",
},
platforms=[
docker_build.Platform.PLAN9_AMD64,
docker_build.Platform.PLAN9_386,
],
push=False)
```
### Registry export
```python
import pulumi
import pulumi_docker_build as docker_build
image = docker_build.Image("image",
context={
"location": "app",
},
push=True,
registries=[{
"address": "docker.io",
"password": docker_hub_password,
"username": "pulumibot",
}],
tags=["docker.io/pulumi/pulumi:3.107.0"])
pulumi.export("ref", my_image["ref"])
```
### Caching
```python
import pulumi
import pulumi_docker_build as docker_build
image = docker_build.Image("image",
cache_from=[{
"local": {
"src": "tmp/cache",
},
}],
cache_to=[{
"local": {
"dest": "tmp/cache",
"mode": docker_build.CacheMode.MAX,
},
}],
context={
"location": "app",
},
push=False)
```
### Docker Build Cloud
```python
import pulumi
import pulumi_docker_build as docker_build
image = docker_build.Image("image",
builder={
"name": "cloud-builder-name",
},
context={
"location": "app",
},
exec_=True,
push=False)
```
### Build arguments
```python
import pulumi
import pulumi_docker_build as docker_build
image = docker_build.Image("image",
build_args={
"SET_ME_TO_TRUE": "true",
},
context={
"location": "app",
},
push=False)
```
### Build target
```python
import pulumi
import pulumi_docker_build as docker_build
image = docker_build.Image("image",
context={
"location": "app",
},
push=False,
target="build-me")
```
### Named contexts
```python
import pulumi
import pulumi_docker_build as docker_build
image = docker_build.Image("image",
context={
"location": "app",
"named": {
"golang:latest": {
"location": "docker-image://golang@sha256:b8e62cf593cdaff36efd90aa3a37de268e6781a2e68c6610940c48f7cdf36984",
},
},
},
push=False)
```
### Remote context
```python
import pulumi
import pulumi_docker_build as docker_build
image = docker_build.Image("image",
context={
"location": "https://raw.githubusercontent.com/pulumi/pulumi-docker/api-types/provider/testdata/Dockerfile",
},
push=False)
```
### Inline Dockerfile
```python
import pulumi
import pulumi_docker_build as docker_build
image = docker_build.Image("image",
context={
"location": "app",
},
dockerfile={
"inline": \"\"\"FROM busybox
COPY hello.c ./
\"\"\",
},
push=False)
```
### Remote context
```python
import pulumi
import pulumi_docker_build as docker_build
image = docker_build.Image("image",
context={
"location": "https://github.com/docker-library/hello-world.git",
},
dockerfile={
"location": "app/Dockerfile",
},
push=False)
```
### Local export
```python
import pulumi
import pulumi_docker_build as docker_build
image = docker_build.Image("image",
context={
"location": "app",
},
exports=[{
"docker": {
"tar": True,
},
}],
push=False)
```
:param str resource_name: The name of the resource.
:param pulumi.ResourceOptions opts: Options for the resource.
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] add_hosts: Custom `host:ip` mappings to use during the build.
Equivalent to Docker's `--add-host` flag.
:param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] build_args: `ARG` names and values to set during the build.
These variables are accessed like environment variables inside `RUN`
instructions.
Build arguments are persisted in the image, so you should use `secrets`
if these arguments are sensitive.
Equivalent to Docker's `--build-arg` flag.
:param pulumi.Input[_builtins.bool] build_on_preview: Setting this to `false` will always skip image builds during previews,
and setting it to `true` will always build images during previews.
Images built during previews are never exported to registries, however
cache manifests are still exported.
On-disk Dockerfiles are always validated for syntactic correctness
regardless of this setting.
Defaults to `true` as a safeguard against broken images merging as part
of CI pipelines.
:param pulumi.Input[Union['BuilderConfigArgs', 'BuilderConfigArgsDict']] builder: Builder configuration.
:param pulumi.Input[Sequence[pulumi.Input[Union['CacheFromArgs', 'CacheFromArgsDict']]]] cache_from: Cache export configuration.
Equivalent to Docker's `--cache-from` flag.
:param pulumi.Input[Sequence[pulumi.Input[Union['CacheToArgs', 'CacheToArgsDict']]]] cache_to: Cache import configuration.
Equivalent to Docker's `--cache-to` flag.
:param pulumi.Input[Union['BuildContextArgs', 'BuildContextArgsDict']] context: Build context settings. Defaults to the current directory.
Equivalent to Docker's `PATH | URL | -` positional argument.
:param pulumi.Input[Union['DockerfileArgs', 'DockerfileArgsDict']] dockerfile: Dockerfile settings.
Equivalent to Docker's `--file` flag.
:param pulumi.Input[_builtins.bool] exec_: Use `exec` mode to build this image.
By default the provider embeds a v25 Docker client with v0.12 buildx
support. This helps ensure consistent behavior across environments and
is compatible with alternative build backends (e.g. `buildkitd`), but
it may not be desirable if you require a specific version of buildx.
For example you may want to run a custom `docker-buildx` binary with
support for [Docker Build
Cloud](https://docs.docker.com/build/cloud/setup/) (DBC).
When this is set to `true` the provider will instead execute the
`docker-buildx` binary directly to perform its operations. The user is
responsible for ensuring this binary exists, with correct permissions
and pre-configured builders, at a path Docker expects (e.g.
`~/.docker/cli-plugins`).
Debugging `exec` mode may be more difficult as Pulumi will not be able
to surface fine-grained errors and warnings. Additionally credentials
are temporarily written to disk in order to provide them to the
`docker-buildx` binary.
:param pulumi.Input[Sequence[pulumi.Input[Union['ExportArgs', 'ExportArgsDict']]]] exports: Controls where images are persisted after building.
Images are only stored in the local cache unless `exports` are
explicitly configured.
Exporting to multiple destinations requires a daemon running BuildKit
0.13 or later.
Equivalent to Docker's `--output` flag.
:param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] labels: Attach arbitrary key/value metadata to the image.
Equivalent to Docker's `--label` flag.
:param pulumi.Input[_builtins.bool] load: When `true` the build will automatically include a `docker` export.
Defaults to `false`.
Equivalent to Docker's `--load` flag.
:param pulumi.Input['NetworkMode'] network: Set the network mode for `RUN` instructions. Defaults to `default`.
For custom networks, configure your builder with `--driver-opt network=...`.
Equivalent to Docker's `--network` flag.
:param pulumi.Input[_builtins.bool] no_cache: Do not import cache manifests when building the image.
Equivalent to Docker's `--no-cache` flag.
:param pulumi.Input[Sequence[pulumi.Input['Platform']]] platforms: Set target platform(s) for the build. Defaults to the host's platform.
Equivalent to Docker's `--platform` flag.
:param pulumi.Input[_builtins.bool] pull: Always pull referenced images.
Equivalent to Docker's `--pull` flag.
:param pulumi.Input[_builtins.bool] push: When `true` the build will automatically include a `registry` export.
Defaults to `false`.
Equivalent to Docker's `--push` flag.
:param pulumi.Input[Sequence[pulumi.Input[Union['RegistryArgs', 'RegistryArgsDict']]]] registries: Registry credentials. Required if reading or exporting to private
repositories.
Credentials are kept in-memory and do not pollute pre-existing
credentials on the host.
Similar to `docker login`.
:param pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]] secrets: A mapping of secret names to their corresponding values.
Unlike the Docker CLI, these can be passed by value and do not need to
exist on-disk or in environment variables.
Build arguments and environment variables are persistent in the final
image, so you should use this for sensitive values.
Similar to Docker's `--secret` flag.
:param pulumi.Input[Sequence[pulumi.Input[Union['SSHArgs', 'SSHArgsDict']]]] ssh: SSH agent socket or keys to expose to the build.
Equivalent to Docker's `--ssh` flag.
:param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] tags: Name and optionally a tag (format: `name:tag`).
If exporting to a registry, the name should include the fully qualified
registry address (e.g. `docker.io/pulumi/pulumi:latest`).
Equivalent to Docker's `--tag` flag.
:param pulumi.Input[_builtins.str] target: Set the target build stage(s) to build.
If not specified all targets will be built by default.
Equivalent to Docker's `--target` flag.
"""
...
@overload
def __init__(__self__,
resource_name: str,
args: ImageArgs,
opts: Optional[pulumi.ResourceOptions] = None):
"""
A Docker image built using buildx -- Docker's interface to the improved
BuildKit backend.
## Stability
**This resource is pre-1.0 and in public preview.**
We will strive to keep APIs and behavior as stable as possible, but we
cannot guarantee stability until version 1.0.
## Migrating Pulumi Docker v3 and v4 Image resources
This provider's `Image` resource provides a superset of functionality over the `Image` resources available in versions 3 and 4 of the Pulumi Docker provider.
Existing `Image` resources can be converted to the docker-build `Image` resources with minor modifications.
### Behavioral differences
There are several key behavioral differences to keep in mind when transitioning images to the new `Image` resource.
#### Previews
Version `3.x` of the Pulumi Docker provider always builds images during preview operations.
This is helpful as a safeguard to prevent "broken" images from merging, but users found the behavior unnecessarily redundant when running previews and updates locally.
Version `4.x` changed build-on-preview behavior to be opt-in.
By default, `v4.x` `Image` resources do _not_ build during previews, but this behavior can be toggled with the `buildOnPreview` option.
Several users reported outages due to the default behavior allowing bad images to accidentally sneak through CI.
The default behavior of this provider's `Image` resource is similar to `3.x` and will build images during previews.
This behavior can be changed by specifying `buildOnPreview`.
#### Push behavior
Versions `3.x` and `4.x` of the Pulumi Docker provider attempt to push images to remote registries by default.
They expose a `skipPush: true` option to disable pushing.
This provider's `Image` resource matches the Docker CLI's behavior and does not push images anywhere by default.
To push images to a registry you can include `push: true` (equivalent to Docker's `--push` flag) or configure an `export` of type `registry` (equivalent to Docker's `--output type=registry`).
Like Docker, if an image is configured without exports you will see a warning with instructions for how to enable pushing, but the build will still proceed normally.
#### Secrets
Version `3.x` of the Pulumi Docker provider supports secrets by way of the `extraOptions` field.
Version `4.x` of the Pulumi Docker provider does not support secrets.
The `Image` resource supports secrets but does not require those secrets to exist on-disk or in environment variables.
Instead, they should be passed directly as values.
(Please be sure to familiarize yourself with Pulumi's [native secret handling](https://www.pulumi.com/docs/concepts/secrets/).)
Pulumi also provides [ESC](https://www.pulumi.com/product/esc/) to make it easier to share secrets across stacks and environments.
#### Caching
Version `3.x` of the Pulumi Docker provider exposes `cacheFrom: bool | { stages: [...] }`.
It builds targets individually and pushes them to separate images for caching.
Version `4.x` exposes a similar parameter `cacheFrom: { images: [...] }` which pushes and pulls inline caches.
Both versions 3 and 4 require specific environment variables to be set and deviate from Docker's native caching behavior.
This can result in inefficient builds due to unnecessary image pulls, repeated file transfers, etc.
The `Image` resource delegates all caching behavior to Docker.
`cacheFrom` and `cacheTo` options (equivalent to Docker's `--cache-to` and `--cache-from`) are exposed and provide additional cache targets, such as local disk, S3 storage, etc.
#### Outputs
Versions `3.x` and `4.x` of the provider exposed a `repoDigest` output which was a fully qualified tag with digest.
In `4.x` this could also be a single sha256 hash if the image wasn't pushed.
Unlike earlier providers the `Image` resource can push multiple tags.
As a convenience, it exposes a `ref` output consisting of a tag with digest as long as the image was pushed.
If multiple tags were pushed this uses one at random.
If you need more control over tag references you can use the `digest` output, which is always a single sha256 hash as long as the image was exported somewhere.
#### Tag deletion and refreshes
Versions 3 and 4 of Pulumi Docker provider do not delete tags when the `Image` resource is deleted, nor do they confirm expected tags exist during `refresh` operations.
The `buidx.Image` will query your registries during `refresh` to ensure the expected tags exist.
If any are missing a subsequent `update` will push them.
When a `Image` is deleted, it will _attempt_ to also delete any pushed tags.
Deletion of remote tags is not guaranteed because not all registries support the manifest `DELETE` API (`docker.io` in particular).
Manifests are _not_ deleted in the same way during updates -- to do so safely would require a full build to determine whether a Pulumi operation should be an update or update-replace.
Use the [`retainOnDelete: true`](https://www.pulumi.com/docs/concepts/options/retainondelete/) option if you do not want tags deleted.
### Example migration
Examples of "fully-featured" `v3` and `v4` `Image` resources are shown below, along with an example `Image` resource showing how they would look after migration.
The `v3` resource leverages `buildx` via a `DOCKER_BUILDKIT` environment variable and CLI flags passed in with `extraOption`.
After migration, the environment variable is no longer needed and CLI flags are now properties on the `Image`.
In almost all cases, properties of `Image` are named after the Docker CLI flag they correspond to.
The `v4` resource is less functional than its `v3` counterpart because it lacks the flexibility of `extraOptions`.
It it is shown with parameters similar to the `v3` example for completeness.
## Example Usage
## Example Usage
### Push to AWS ECR with caching
```python
import pulumi
import pulumi_aws as aws
import pulumi_docker_build as docker_build
ecr_repository = aws.ecr.Repository("ecr-repository")
auth_token = aws.ecr.get_authorization_token_output(registry_id=ecr_repository.registry_id)
my_image = docker_build.Image("my-image",
cache_from=[{
"registry": {
"ref": ecr_repository.repository_url.apply(lambda repository_url: f"{repository_url}:cache"),
},
}],
cache_to=[{
"registry": {
"image_manifest": True,
"oci_media_types": True,
"ref": ecr_repository.repository_url.apply(lambda repository_url: f"{repository_url}:cache"),
},
}],
context={
"location": "./app",
},
push=True,
registries=[{
"address": ecr_repository.repository_url,
"password": auth_token.password,
"username": auth_token.user_name,
}],
tags=[ecr_repository.repository_url.apply(lambda repository_url: f"{repository_url}:latest")])
pulumi.export("ref", my_image.ref)
```
### Multi-platform image
```python
import pulumi
import pulumi_docker_build as docker_build
image = docker_build.Image("image",
context={
"location": "app",
},
platforms=[
docker_build.Platform.PLAN9_AMD64,
docker_build.Platform.PLAN9_386,
],
push=False)
```
### Registry export
```python
import pulumi
import pulumi_docker_build as docker_build
image = docker_build.Image("image",
context={
"location": "app",
},
push=True,
registries=[{
"address": "docker.io",
"password": docker_hub_password,
"username": "pulumibot",
}],
tags=["docker.io/pulumi/pulumi:3.107.0"])
pulumi.export("ref", my_image["ref"])
```
### Caching
```python
import pulumi
import pulumi_docker_build as docker_build
image = docker_build.Image("image",
cache_from=[{
"local": {
"src": "tmp/cache",
},
}],
cache_to=[{
"local": {
"dest": "tmp/cache",
"mode": docker_build.CacheMode.MAX,
},
}],
context={
"location": "app",
},
push=False)
```
### Docker Build Cloud
```python
import pulumi
import pulumi_docker_build as docker_build
image = docker_build.Image("image",
builder={
"name": "cloud-builder-name",
},
context={
"location": "app",
},
exec_=True,
push=False)
```
### Build arguments
```python
import pulumi
import pulumi_docker_build as docker_build
image = docker_build.Image("image",
build_args={
"SET_ME_TO_TRUE": "true",
},
context={
"location": "app",
},
push=False)
```
### Build target
```python
import pulumi
import pulumi_docker_build as docker_build
image = docker_build.Image("image",
context={
"location": "app",
},
push=False,
target="build-me")
```
### Named contexts
```python
import pulumi
import pulumi_docker_build as docker_build
image = docker_build.Image("image",
context={
"location": "app",
"named": {
"golang:latest": {
"location": "docker-image://golang@sha256:b8e62cf593cdaff36efd90aa3a37de268e6781a2e68c6610940c48f7cdf36984",
},
},
},
push=False)
```
### Remote context
```python
import pulumi
import pulumi_docker_build as docker_build
image = docker_build.Image("image",
context={
"location": "https://raw.githubusercontent.com/pulumi/pulumi-docker/api-types/provider/testdata/Dockerfile",
},
push=False)
```
### Inline Dockerfile
```python
import pulumi
import pulumi_docker_build as docker_build
image = docker_build.Image("image",
context={
"location": "app",
},
dockerfile={
"inline": \"\"\"FROM busybox
COPY hello.c ./
\"\"\",
},
push=False)
```
### Remote context
```python
import pulumi
import pulumi_docker_build as docker_build
image = docker_build.Image("image",
context={
"location": "https://github.com/docker-library/hello-world.git",
},
dockerfile={
"location": "app/Dockerfile",
},
push=False)
```
### Local export
```python
import pulumi
import pulumi_docker_build as docker_build
image = docker_build.Image("image",
context={
"location": "app",
},
exports=[{
"docker": {
"tar": True,
},
}],
push=False)
```
:param str resource_name: The name of the resource.
:param ImageArgs args: The arguments to use to populate this resource's properties.
:param pulumi.ResourceOptions opts: Options for the resource.
"""
...
def __init__(__self__, resource_name: str, *args, **kwargs):
resource_args, opts = _utilities.get_resource_args_opts(ImageArgs, pulumi.ResourceOptions, *args, **kwargs)
if resource_args is not None:
__self__._internal_init(resource_name, opts, **resource_args.__dict__)
else:
__self__._internal_init(resource_name, *args, **kwargs)
def _internal_init(__self__,
resource_name: str,
opts: Optional[pulumi.ResourceOptions] = None,
add_hosts: pulumi.Input[Optional[Sequence[pulumi.Input[_builtins.str]]]] = None,
build_args: pulumi.Input[Optional[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
build_on_preview: pulumi.Input[Optional[_builtins.bool]] = None,
builder: pulumi.Input[Optional[Union['BuilderConfigArgs', 'BuilderConfigArgsDict']]] = None,
cache_from: pulumi.Input[Optional[Sequence[pulumi.Input[Union['CacheFromArgs', 'CacheFromArgsDict']]]]] = None,
cache_to: pulumi.Input[Optional[Sequence[pulumi.Input[Union['CacheToArgs', 'CacheToArgsDict']]]]] = None,
context: pulumi.Input[Optional[Union['BuildContextArgs', 'BuildContextArgsDict']]] = None,
dockerfile: pulumi.Input[Optional[Union['DockerfileArgs', 'DockerfileArgsDict']]] = None,
exec_: pulumi.Input[Optional[_builtins.bool]] = None,
exports: pulumi.Input[Optional[Sequence[pulumi.Input[Union['ExportArgs', 'ExportArgsDict']]]]] = None,
labels: pulumi.Input[Optional[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
load: pulumi.Input[Optional[_builtins.bool]] = None,
network: pulumi.Input[Optional['NetworkMode']] = None,
no_cache: pulumi.Input[Optional[_builtins.bool]] = None,
platforms: pulumi.Input[Optional[Sequence[pulumi.Input['Platform']]]] = None,
pull: pulumi.Input[Optional[_builtins.bool]] = None,
push: pulumi.Input[Optional[_builtins.bool]] = None,
registries: pulumi.Input[Optional[Sequence[pulumi.Input[Union['RegistryArgs', 'RegistryArgsDict']]]]] = None,
secrets: pulumi.Input[Optional[Mapping[str, pulumi.Input[_builtins.str]]]] = None,
ssh: pulumi.Input[Optional[Sequence[pulumi.Input[Union['SSHArgs', 'SSHArgsDict']]]]] = None,
tags: pulumi.Input[Optional[Sequence[pulumi.Input[_builtins.str]]]] = None,
target: pulumi.Input[Optional[_builtins.str]] = None,
__props__=None):
opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
if not isinstance(opts, pulumi.ResourceOptions):
raise TypeError('Expected resource options to be a ResourceOptions instance')
if opts.id is None:
if __props__ is not None:
raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource')
__props__ = ImageArgs.__new__(ImageArgs)
__props__.__dict__["add_hosts"] = add_hosts
__props__.__dict__["build_args"] = build_args
if build_on_preview is None:
build_on_preview = True
__props__.__dict__["build_on_preview"] = build_on_preview
__props__.__dict__["builder"] = builder
__props__.__dict__["cache_from"] = cache_from
__props__.__dict__["cache_to"] = cache_to
__props__.__dict__["context"] = context
__props__.__dict__["dockerfile"] = dockerfile
__props__.__dict__["exec_"] = exec_
__props__.__dict__["exports"] = exports
__props__.__dict__["labels"] = labels
__props__.__dict__["load"] = load
if network is None:
network = 'default'
__props__.__dict__["network"] = network
__props__.__dict__["no_cache"] = no_cache
__props__.__dict__["platforms"] = platforms
__props__.__dict__["pull"] = pull
if push is None and not opts.urn:
raise TypeError("Missing required property 'push'")
__props__.__dict__["push"] = push
__props__.__dict__["registries"] = registries
__props__.__dict__["secrets"] = secrets
__props__.__dict__["ssh"] = ssh
__props__.__dict__["tags"] = tags
__props__.__dict__["target"] = target
__props__.__dict__["context_hash"] = None
__props__.__dict__["digest"] = None
__props__.__dict__["ref"] = None
super(Image, __self__).__init__(
'docker-build:index:Image',
resource_name,
__props__,
opts)
@staticmethod
def get(resource_name: str,
id: pulumi.Input[str],
opts: Optional[pulumi.ResourceOptions] = None) -> 'Image':
"""
Get an existing Image resource's state with the given name, id, and optional extra
properties used to qualify the lookup.
:param str resource_name: The unique name of the resulting resource.
:param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
:param pulumi.ResourceOptions opts: Options for the resource.
"""
opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
__props__ = ImageArgs.__new__(ImageArgs)
__props__.__dict__["add_hosts"] = None
__props__.__dict__["build_args"] = None
__props__.__dict__["build_on_preview"] = None
__props__.__dict__["builder"] = None
__props__.__dict__["cache_from"] = None
__props__.__dict__["cache_to"] = None
__props__.__dict__["context"] = None
__props__.__dict__["context_hash"] = None
__props__.__dict__["digest"] = None
__props__.__dict__["dockerfile"] = None
__props__.__dict__["exec_"] = None
__props__.__dict__["exports"] = None
__props__.__dict__["labels"] = None
__props__.__dict__["load"] = None
__props__.__dict__["network"] = None
__props__.__dict__["no_cache"] = None
__props__.__dict__["platforms"] = None
__props__.__dict__["pull"] = None
__props__.__dict__["push"] = None
__props__.__dict__["ref"] = None
__props__.__dict__["registries"] = None
__props__.__dict__["secrets"] = None
__props__.__dict__["ssh"] = None
__props__.__dict__["tags"] = None
__props__.__dict__["target"] = None
return Image(resource_name, opts=opts, __props__=__props__)
@_builtins.property
@pulumi.getter(name="addHosts")
def add_hosts(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
"""
Custom `host:ip` mappings to use during the build.
Equivalent to Docker's `--add-host` flag.
"""
return pulumi.get(self, "add_hosts")
@_builtins.property
@pulumi.getter(name="buildArgs")
def build_args(self) -> pulumi.Output[Optional[Mapping[str, _builtins.str]]]:
"""
`ARG` names and values to set during the build.
These variables are accessed like environment variables inside `RUN`
instructions.
Build arguments are persisted in the image, so you should use `secrets`
if these arguments are sensitive.
Equivalent to Docker's `--build-arg` flag.
"""
return pulumi.get(self, "build_args")
@_builtins.property
@pulumi.getter(name="buildOnPreview")
def build_on_preview(self) -> pulumi.Output[Optional[_builtins.bool]]:
"""
Setting this to `false` will always skip image builds during previews,
and setting it to `true` will always build images during previews.
Images built during previews are never exported to registries, however
cache manifests are still exported.
On-disk Dockerfiles are always validated for syntactic correctness
regardless of this setting.
Defaults to `true` as a safeguard against broken images merging as part
of CI pipelines.
"""
return pulumi.get(self, "build_on_preview")
@_builtins.property
@pulumi.getter
def builder(self) -> pulumi.Output[Optional['outputs.BuilderConfig']]:
"""
Builder configuration.
"""
return pulumi.get(self, "builder")
@_builtins.property
@pulumi.getter(name="cacheFrom")
def cache_from(self) -> pulumi.Output[Optional[Sequence['outputs.CacheFrom']]]:
"""
Cache export configuration.
Equivalent to Docker's `--cache-from` flag.
"""
return pulumi.get(self, "cache_from")
@_builtins.property
@pulumi.getter(name="cacheTo")
def cache_to(self) -> pulumi.Output[Optional[Sequence['outputs.CacheTo']]]:
"""
Cache import configuration.
Equivalent to Docker's `--cache-to` flag.
"""
return pulumi.get(self, "cache_to")
@_builtins.property
@pulumi.getter
def context(self) -> pulumi.Output[Optional['outputs.BuildContext']]:
"""
Build context settings. Defaults to the current directory.
Equivalent to Docker's `PATH | URL | -` positional argument.
"""
return pulumi.get(self, "context")
@_builtins.property
@pulumi.getter(name="contextHash")
def context_hash(self) -> pulumi.Output[_builtins.str]:
"""
A preliminary hash of the image's build context.
Pulumi uses this to determine if an image _may_ need to be re-built.
"""
return pulumi.get(self, "context_hash")
@_builtins.property
@pulumi.getter
def digest(self) -> pulumi.Output[_builtins.str]:
"""
A SHA256 digest of the image if it was exported to a registry or
elsewhere.
Empty if the image was not exported.
Registry images can be referenced precisely as `<tag>@<digest>`. The
`ref` output provides one such reference as a convenience.
"""
return pulumi.get(self, "digest")
@_builtins.property
@pulumi.getter
def dockerfile(self) -> pulumi.Output[Optional['outputs.Dockerfile']]:
"""
Dockerfile settings.
Equivalent to Docker's `--file` flag.
"""
return pulumi.get(self, "dockerfile")
@_builtins.property
@pulumi.getter(name="exec")
def exec_(self) -> pulumi.Output[Optional[_builtins.bool]]:
"""
Use `exec` mode to build this image.
By default the provider embeds a v25 Docker client with v0.12 buildx
support. This helps ensure consistent behavior across environments and
is compatible with alternative build backends (e.g. `buildkitd`), but
it may not be desirable if you require a specific version of buildx.
For example you may want to run a custom `docker-buildx` binary with
support for [Docker Build
Cloud](https://docs.docker.com/build/cloud/setup/) (DBC).
When this is set to `true` the provider will instead execute the
`docker-buildx` binary directly to perform its operations. The user is
responsible for ensuring this binary exists, with correct permissions
and pre-configured builders, at a path Docker expects (e.g.
`~/.docker/cli-plugins`).
Debugging `exec` mode may be more difficult as Pulumi will not be able
to surface fine-grained errors and warnings. Additionally credentials
are temporarily written to disk in order to provide them to the
`docker-buildx` binary.
"""
return pulumi.get(self, "exec_")
@_builtins.property
@pulumi.getter
def exports(self) -> pulumi.Output[Optional[Sequence['outputs.Export']]]:
"""
Controls where images are persisted after building.
Images are only stored in the local cache unless `exports` are
explicitly configured.
Exporting to multiple destinations requires a daemon running BuildKit
0.13 or later.
Equivalent to Docker's `--output` flag.
"""
return pulumi.get(self, "exports")
@_builtins.property
@pulumi.getter
def labels(self) -> pulumi.Output[Optional[Mapping[str, _builtins.str]]]:
"""
Attach arbitrary key/value metadata to the image.
Equivalent to Docker's `--label` flag.
"""
return pulumi.get(self, "labels")
@_builtins.property
@pulumi.getter
def load(self) -> pulumi.Output[Optional[_builtins.bool]]:
"""
When `true` the build will automatically include a `docker` export.
Defaults to `false`.
Equivalent to Docker's `--load` flag.
"""
return pulumi.get(self, "load")
@_builtins.property
@pulumi.getter
def network(self) -> pulumi.Output[Optional['NetworkMode']]:
"""
Set the network mode for `RUN` instructions. Defaults to `default`.
For custom networks, configure your builder with `--driver-opt network=...`.
Equivalent to Docker's `--network` flag.
"""
return pulumi.get(self, "network")
@_builtins.property
@pulumi.getter(name="noCache")
def no_cache(self) -> pulumi.Output[Optional[_builtins.bool]]:
"""
Do not import cache manifests when building the image.
Equivalent to Docker's `--no-cache` flag.
"""
return pulumi.get(self, "no_cache")
@_builtins.property
@pulumi.getter
def platforms(self) -> pulumi.Output[Optional[Sequence['Platform']]]:
"""
Set target platform(s) for the build. Defaults to the host's platform.
Equivalent to Docker's `--platform` flag.
"""
return pulumi.get(self, "platforms")
@_builtins.property
@pulumi.getter
def pull(self) -> pulumi.Output[Optional[_builtins.bool]]:
"""
Always pull referenced images.
Equivalent to Docker's `--pull` flag.
"""
return pulumi.get(self, "pull")
@_builtins.property
@pulumi.getter
def push(self) -> pulumi.Output[_builtins.bool]:
"""
When `true` the build will automatically include a `registry` export.
Defaults to `false`.
Equivalent to Docker's `--push` flag.
"""
return pulumi.get(self, "push")
@_builtins.property
@pulumi.getter
def ref(self) -> pulumi.Output[_builtins.str]:
"""
If the image was pushed to any registries then this will contain a
single fully-qualified tag including the build's digest.
If the image had tags but was not exported, this will take on a value
of one of those tags.
This will be empty if the image had no exports and no tags.
This is only for convenience and may not be appropriate for situations
where multiple tags or registries are involved. In those cases this
output is not guaranteed to be stable.
For more control over tags consumed by downstream resources you should
use the `digest` output.
"""
return pulumi.get(self, "ref")
@_builtins.property
@pulumi.getter
def registries(self) -> pulumi.Output[Optional[Sequence['outputs.Registry']]]:
"""
Registry credentials. Required if reading or exporting to private
repositories.
Credentials are kept in-memory and do not pollute pre-existing
credentials on the host.
Similar to `docker login`.
"""
return pulumi.get(self, "registries")
@_builtins.property
@pulumi.getter
def secrets(self) -> pulumi.Output[Optional[Mapping[str, _builtins.str]]]:
"""
A mapping of secret names to their corresponding values.
Unlike the Docker CLI, these can be passed by value and do not need to
exist on-disk or in environment variables.
Build arguments and environment variables are persistent in the final
image, so you should use this for sensitive values.
Similar to Docker's `--secret` flag.
"""
return pulumi.get(self, "secrets")
@_builtins.property
@pulumi.getter
def ssh(self) -> pulumi.Output[Optional[Sequence['outputs.SSH']]]:
"""
SSH agent socket or keys to expose to the build.
Equivalent to Docker's `--ssh` flag.
"""
return pulumi.get(self, "ssh")
@_builtins.property
@pulumi.getter
def tags(self) -> pulumi.Output[Optional[Sequence[_builtins.str]]]:
"""
Name and optionally a tag (format: `name:tag`).
If exporting to a registry, the name should include the fully qualified
registry address (e.g. `docker.io/pulumi/pulumi:latest`).
Equivalent to Docker's `--tag` flag.
"""
return pulumi.get(self, "tags")
@_builtins.property
@pulumi.getter
def target(self) -> pulumi.Output[Optional[_builtins.str]]:
"""
Set the target build stage(s) to build.
If not specified all targets will be built by default.
Equivalent to Docker's `--target` flag.
"""
return pulumi.get(self, "target")
View Git Blame Copy Permalink