Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func EncodeDockerAuthHeader ¶
Types ¶
type Image ¶
type Image struct {
Name string
Dockerfile string
Args map[string]string
Context string
Version string
RepositoryUrlWithImage bool
ProviderOptions []sdk.ResourceOption
RepositoryUrl sdk.StringOutput
Registry docker.RegistryArgs
Platform *string
// CacheFrom is an optional list of registry image references to use as
// BuildKit layer cache sources (--cache-from). When set, BUILDKIT_INLINE_CACHE=1
// is injected into build args so the pushed image embeds cache metadata.
//
// SLSA L3 hermeticity note: CacheFrom pulls layers from the registry, which
// technically breaks strict build hermeticity. This is an accepted deviation —
// all post-push security operations use the immutable content digest, so the
// cache source cannot affect signing or attestation integrity.
CacheFrom sdk.StringArrayInput
}
Image describes a container image to build and push via Pulumi.
type ImageOut ¶
type ImageOut struct {
Image *docker.Image
AddOpts []sdk.ResourceOption
}
ImageOut is the result of BuildAndPushImage.
func BuildAndPushImage ¶
func BuildAndPushImage(ctx *sdk.Context, stack api.Stack, params pApi.ProvisionParams, deployParams api.StackParams, image Image) (*ImageOut, error)
BuildAndPushImage builds a Docker image, pushes it, and runs security operations (scan, sign, verify, SBOM, provenance) in parallel.
The service update (ECS task definition / K8s deployment) depends on ImageOut.AddOpts, which gates on sign+verify — not on scan. Scan runs parallel and reports findings without blocking the deploy.
type MsgCallback ¶
type MsgCallback func(message *ResponseMessage, err error) error
MsgCallback callback to be called for each message from Docker daemon
type MsgReader ¶
type MsgReader interface {
// Next synchronously reads next message from Docker daemon
Next() (*ResponseMessage, error)
// Listen allows to process messages streamed from Docker daemon
Listen(output bool, callback MsgCallback) error
}
MsgReader interface allowing to read streamed output from Docker daemon
type Pull ¶
type Pull struct {
sdk.ResourceState
Digest sdk.StringOutput `pulumi:"digest"`
}
func NewDockerPull ¶
type PullArgs ¶
type PullArgs struct {
RemoteImage sdk.StringInput `pulumi:"remoteImage"`
AuthHeader sdk.StringInput `pulumi:"authHeader"`
Platform sdk.StringInput `pulumi:"platform"`
Log logger.Logger
}
type ResponseAux ¶
type ResponseMessage ¶
type ResponseMessage struct {
Id string `json:"id"`
Status string `json:"status"`
Stream string `json:"stream"`
Aux ResponseAux `json:"aux"`
ErrorDetail struct {
Code int `json:"code"`
Message string `json:"message"`
}
ProgressDetail struct {
Current int `json:"current"`
Total int `json:"total"`
}
Progress string `json:"progress"`
Error string `json:"error"`
// contains filtered or unexported fields
}
ResponseMessage reflects typical response message from Docker daemon of V1
type ResponseMessageV2 ¶
type ResponseMessageV2 struct {
Id string `json:"id"`
Aux string `json:"aux"` // contains base64-encoded PB object
}
ResponseMessageV2 reflects typical response message from Docker daemon of V2
Source Files