cdk-assets 0.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (56) hide show
  1. package/LICENSE +202 -0
  2. package/NOTICE +2 -0
  3. package/README.md +195 -0
  4. package/bin/cdk-assets +2 -0
  5. package/bin/cdk-assets.d.ts +1 -0
  6. package/bin/cdk-assets.js +70 -0
  7. package/bin/docker-credential-cdk-assets +2 -0
  8. package/bin/docker-credential-cdk-assets.d.ts +13 -0
  9. package/bin/docker-credential-cdk-assets.js +39 -0
  10. package/bin/list.d.ts +3 -0
  11. package/bin/list.js +10 -0
  12. package/bin/logging.d.ts +4 -0
  13. package/bin/logging.js +28 -0
  14. package/bin/publish.d.ts +5 -0
  15. package/bin/publish.js +49 -0
  16. package/lib/asset-manifest.d.ts +162 -0
  17. package/lib/asset-manifest.js +245 -0
  18. package/lib/aws-types.d.ts +1660 -0
  19. package/lib/aws-types.js +138 -0
  20. package/lib/aws.d.ts +70 -0
  21. package/lib/aws.js +125 -0
  22. package/lib/index.d.ts +4 -0
  23. package/lib/index.js +21 -0
  24. package/lib/private/archive.d.ts +3 -0
  25. package/lib/private/archive.js +87 -0
  26. package/lib/private/asset-handler.d.ts +54 -0
  27. package/lib/private/asset-handler.js +3 -0
  28. package/lib/private/docker-credentials.d.ts +35 -0
  29. package/lib/private/docker-credentials.js +89 -0
  30. package/lib/private/docker.d.ts +98 -0
  31. package/lib/private/docker.js +232 -0
  32. package/lib/private/fs-extra.d.ts +3 -0
  33. package/lib/private/fs-extra.js +37 -0
  34. package/lib/private/handlers/client-options.d.ts +3 -0
  35. package/lib/private/handlers/client-options.js +12 -0
  36. package/lib/private/handlers/container-images.d.ts +22 -0
  37. package/lib/private/handlers/container-images.js +224 -0
  38. package/lib/private/handlers/files.d.ts +14 -0
  39. package/lib/private/handlers/files.js +288 -0
  40. package/lib/private/handlers/index.d.ts +3 -0
  41. package/lib/private/handlers/index.js +16 -0
  42. package/lib/private/p-limit.d.ts +10 -0
  43. package/lib/private/p-limit.js +51 -0
  44. package/lib/private/placeholders.d.ts +10 -0
  45. package/lib/private/placeholders.js +34 -0
  46. package/lib/private/shell.d.ts +24 -0
  47. package/lib/private/shell.js +131 -0
  48. package/lib/private/util.d.ts +5 -0
  49. package/lib/private/util.js +16 -0
  50. package/lib/progress.d.ts +114 -0
  51. package/lib/progress.js +104 -0
  52. package/lib/publishing.d.ts +118 -0
  53. package/lib/publishing.js +193 -0
  54. package/package.json +103 -0
  55. package/scripts/manual-test-manifest.json +12 -0
  56. package/scripts/manual-test.sh +22 -0
package/lib/index.d.ts ADDED
@@ -0,0 +1,4 @@
1
+ export * from './publishing';
2
+ export * from './asset-manifest';
3
+ export * from './aws';
4
+ export * from './progress';
package/lib/index.js ADDED
@@ -0,0 +1,21 @@
1
+ "use strict";
2
+ var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
3
+ if (k2 === undefined) k2 = k;
4
+ var desc = Object.getOwnPropertyDescriptor(m, k);
5
+ if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
6
+ desc = { enumerable: true, get: function() { return m[k]; } };
7
+ }
8
+ Object.defineProperty(o, k2, desc);
9
+ }) : (function(o, m, k, k2) {
10
+ if (k2 === undefined) k2 = k;
11
+ o[k2] = m[k];
12
+ }));
13
+ var __exportStar = (this && this.__exportStar) || function(m, exports) {
14
+ for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
15
+ };
16
+ Object.defineProperty(exports, "__esModule", { value: true });
17
+ __exportStar(require("./publishing"), exports);
18
+ __exportStar(require("./asset-manifest"), exports);
19
+ __exportStar(require("./aws"), exports);
20
+ __exportStar(require("./progress"), exports);
21
+ //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJpbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7Ozs7O0FBQUEsK0NBQTZCO0FBQzdCLG1EQUFpQztBQUNqQyx3Q0FBc0I7QUFDdEIsNkNBQTJCIiwic291cmNlc0NvbnRlbnQiOlsiZXhwb3J0ICogZnJvbSAnLi9wdWJsaXNoaW5nJztcbmV4cG9ydCAqIGZyb20gJy4vYXNzZXQtbWFuaWZlc3QnO1xuZXhwb3J0ICogZnJvbSAnLi9hd3MnO1xuZXhwb3J0ICogZnJvbSAnLi9wcm9ncmVzcyc7XG4iXX0=
package/lib/private/archive.d.ts ADDED
@@ -0,0 +1,3 @@
1
+ type EventEmitter = (x: string) => void;
2
+ export declare function zipDirectory(directory: string, outputFile: string, eventEmitter: EventEmitter): Promise<void>;
3
+ export {};
package/lib/private/archive.js ADDED
@@ -0,0 +1,87 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.zipDirectory = zipDirectory;
4
+ const fs_1 = require("fs");
5
+ const path = require("path");
6
+ const glob = require("glob");
7
+ // namespace object imports won't work in the bundle for function exports
8
+ // eslint-disable-next-line @typescript-eslint/no-require-imports
9
+ const archiver = require('archiver');
10
+ async function zipDirectory(directory, outputFile, eventEmitter) {
11
+ // We write to a temporary file and rename at the last moment. This is so that if we are
12
+ // interrupted during this process, we don't leave a half-finished file in the target location.
13
+ const temporaryOutputFile = `${outputFile}.${randomString()}._tmp`;
14
+ await writeZipFile(directory, temporaryOutputFile);
15
+ await moveIntoPlace(temporaryOutputFile, outputFile, eventEmitter);
16
+ }
17
+ function writeZipFile(directory, outputFile) {
18
+ return new Promise(async (ok, fail) => {
19
+ // The below options are needed to support following symlinks when building zip files:
20
+ // - nodir: This will prevent symlinks themselves from being copied into the zip.
21
+ // - follow: This will follow symlinks and copy the files within.
22
+ const globOptions = {
23
+ dot: true,
24
+ nodir: true,
25
+ follow: true,
26
+ cwd: directory,
27
+ };
28
+ const files = glob.sync('**', globOptions); // The output here is already sorted
29
+ const output = (0, fs_1.createWriteStream)(outputFile);
30
+ const archive = archiver('zip');
31
+ archive.on('warning', fail);
32
+ archive.on('error', fail);
33
+ // archive has been finalized and the output file descriptor has closed, resolve promise
34
+ // this has to be done before calling `finalize` since the events may fire immediately after.
35
+ // see https://www.npmjs.com/package/archiver
36
+ output.once('close', ok);
37
+ archive.pipe(output);
38
+ // Append files serially to ensure file order
39
+ for (const file of files) {
40
+ const fullPath = path.resolve(directory, file);
41
+ // There are exactly 2 promises
42
+ // eslint-disable-next-line @cdklabs/promiseall-no-unbounded-parallelism
43
+ const [data, stat] = await Promise.all([fs_1.promises.readFile(fullPath), fs_1.promises.stat(fullPath)]);
44
+ archive.append(data, {
45
+ name: file,
46
+ date: new Date('1980-01-01T00:00:00.000Z'), // reset dates to get the same hash for the same content
47
+ mode: stat.mode,
48
+ });
49
+ }
50
+ await archive.finalize();
51
+ });
52
+ }
53
+ /**
54
+ * Rename the file to the target location, taking into account:
55
+ *
56
+ * - That we may see EPERM on Windows while an Antivirus scanner still has the
57
+ * file open, so retry a couple of times.
58
+ * - This same function may be called in parallel and be interrupted at any point.
59
+ */
60
+ async function moveIntoPlace(source, target, eventEmitter) {
61
+ let delay = 100;
62
+ let attempts = 5;
63
+ while (true) {
64
+ try {
65
+ // 'rename' is guaranteed to overwrite an existing target, as long as it is a file (not a directory)
66
+ await fs_1.promises.rename(source, target);
67
+ return;
68
+ }
69
+ catch (e) {
70
+ if (e.code !== 'EPERM' || attempts-- <= 0) {
71
+ throw e;
72
+ }
73
+ eventEmitter(e.message);
74
+ await sleep(Math.floor(Math.random() * delay));
75
+ delay *= 2;
76
+ }
77
+ }
78
+ }
79
+ function sleep(ms) {
80
+ return new Promise((ok) => setTimeout(ok, ms));
81
+ }
82
+ function randomString() {
83
+ return Math.random()
84
+ .toString(36)
85
+ .replace(/[^a-z0-9]+/g, '');
86
+ }
87
+ //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXJjaGl2ZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbImFyY2hpdmUudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUFVQSxvQ0FVQztBQXBCRCwyQkFBdUQ7QUFDdkQsNkJBQTZCO0FBQzdCLDZCQUE2QjtBQUU3Qix5RUFBeUU7QUFDekUsaUVBQWlFO0FBQ2pFLE1BQU0sUUFBUSxHQUFHLE9BQU8sQ0FBQyxVQUFVLENBQUMsQ0FBQztBQUk5QixLQUFLLFVBQVUsWUFBWSxDQUNoQyxTQUFpQixFQUNqQixVQUFrQixFQUNsQixZQUEwQjtJQUUxQix3RkFBd0Y7SUFDeEYsK0ZBQStGO0lBQy9GLE1BQU0sbUJBQW1CLEdBQUcsR0FBRyxVQUFVLElBQUksWUFBWSxFQUFFLE9BQU8sQ0FBQztJQUNuRSxNQUFNLFlBQVksQ0FBQyxTQUFTLEVBQUUsbUJBQW1CLENBQUMsQ0FBQztJQUNuRCxNQUFNLGFBQWEsQ0FBQyxtQkFBbUIsRUFBRSxVQUFVLEVBQUUsWUFBWSxDQUFDLENBQUM7QUFDckUsQ0FBQztBQUVELFNBQVMsWUFBWSxDQUFDLFNBQWlCLEVBQUUsVUFBa0I7SUFDekQsT0FBTyxJQUFJLE9BQU8sQ0FBQyxLQUFLLEVBQUUsRUFBRSxFQUFFLElBQUksRUFBRSxFQUFFO1FBQ3BDLHNGQUFzRjtRQUN0RixpRkFBaUY7UUFDakYsaUVBQWlFO1FBQ2pFLE1BQU0sV0FBVyxHQUFHO1lBQ2xCLEdBQUcsRUFBRSxJQUFJO1lBQ1QsS0FBSyxFQUFFLElBQUk7WUFDWCxNQUFNLEVBQUUsSUFBSTtZQUNaLEdBQUcsRUFBRSxTQUFTO1NBQ2YsQ0FBQztRQUNGLE1BQU0sS0FBSyxHQUFHLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxFQUFFLFdBQVcsQ0FBQyxDQUFDLENBQUMsb0NBQW9DO1FBRWhGLE1BQU0sTUFBTSxHQUFHLElBQUEsc0JBQWlCLEVBQUMsVUFBVSxDQUFDLENBQUM7UUFFN0MsTUFBTSxPQUFPLEdBQUcsUUFBUSxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBQ2hDLE9BQU8sQ0FBQyxFQUFFLENBQUMsU0FBUyxFQUFFLElBQUksQ0FBQyxDQUFDO1FBQzVCLE9BQU8sQ0FBQyxFQUFFLENBQUMsT0FBTyxFQUFFLElBQUksQ0FBQyxDQUFDO1FBRTFCLHdGQUF3RjtRQUN4Riw2RkFBNkY7UUFDN0YsNkNBQTZDO1FBQzdDLE1BQU0sQ0FBQyxJQUFJLENBQUMsT0FBTyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBRXpCLE9BQU8sQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUM7UUFFckIsNkNBQTZDO1FBQzdDLEtBQUssTUFBTSxJQUFJLElBQUksS0FBSyxFQUFFLENBQUM7WUFDekIsTUFBTSxRQUFRLEdBQUcsSUFBSSxDQUFDLE9BQU8sQ0FBQyxTQUFTLEVBQUUsSUFBSSxDQUFDLENBQUM7WUFDL0MsK0JBQStCO1lBQy9CLHdFQUF3RTtZQUN4RSxNQUFNLENBQUMsSUFBSSxFQUFFLElBQUksQ0FBQyxHQUFHLE1BQU0sT0FBTyxDQUFDLEdBQUcsQ0FBQyxDQUFDLGFBQUUsQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDLEVBQUUsYUFBRSxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsQ0FBQyxDQUFDLENBQUM7WUFDbkYsT0FBTyxDQUFDLE1BQU0sQ0FBQyxJQUFJLEVBQUU7Z0JBQ25CLElBQUksRUFBRSxJQUFJO2dCQUNWLElBQUksRUFBRSxJQUFJLElBQUksQ0FBQywwQkFBMEIsQ0FBQyxFQUFFLHdEQUF3RDtnQkFDcEcsSUFBSSxFQUFFLElBQUksQ0FBQyxJQUFJO2FBQ2hCLENBQUMsQ0FBQztRQUNMLENBQUM7UUFFRCxNQUFNLE9BQU8sQ0FBQyxRQUFRLEVBQUUsQ0FBQztJQUMzQixDQUFDLENBQUMsQ0FBQztBQUNMLENBQUM7QUFFRDs7Ozs7O0dBTUc7QUFDSCxLQUFLLFVBQVUsYUFBYSxDQUFDLE1BQWMsRUFBRSxNQUFjLEVBQUUsWUFBMEI7SUFDckYsSUFBSSxLQUFLLEdBQUcsR0FBRyxDQUFDO0lBQ2hCLElBQUksUUFBUSxHQUFHLENBQUMsQ0FBQztJQUNqQixPQUFPLElBQUksRUFBRSxDQUFDO1FBQ1osSUFBSSxDQUFDO1lBQ0gsb0dBQW9HO1lBQ3BHLE1BQU0sYUFBRSxDQUFDLE1BQU0sQ0FBQyxNQUFNLEVBQUUsTUFBTSxDQUFDLENBQUM7WUFDaEMsT0FBTztRQUNULENBQUM7UUFBQyxPQUFPLENBQU0sRUFBRSxDQUFDO1lBQ2hCLElBQUksQ0FBQyxDQUFDLElBQUksS0FBSyxPQUFPLElBQUksUUFBUSxFQUFFLElBQUksQ0FBQyxFQUFFLENBQUM7Z0JBQzFDLE1BQU0sQ0FBQyxDQUFDO1lBQ1YsQ0FBQztZQUNELFlBQVksQ0FBQyxDQUFDLENBQUMsT0FBTyxDQUFDLENBQUM7WUFDeEIsTUFBTSxLQUFLLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsTUFBTSxFQUFFLEdBQUcsS0FBSyxDQUFDLENBQUMsQ0FBQztZQUMvQyxLQUFLLElBQUksQ0FBQyxDQUFDO1FBQ2IsQ0FBQztJQUNILENBQUM7QUFDSCxDQUFDO0FBRUQsU0FBUyxLQUFLLENBQUMsRUFBVTtJQUN2QixPQUFPLElBQUksT0FBTyxDQUFDLENBQUMsRUFBRSxFQUFFLEVBQUUsQ0FBQyxVQUFVLENBQUMsRUFBRSxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUM7QUFDakQsQ0FBQztBQUVELFNBQVMsWUFBWTtJQUNuQixPQUFPLElBQUksQ0FBQyxNQUFNLEVBQUU7U0FDakIsUUFBUSxDQUFDLEVBQUUsQ0FBQztTQUNaLE9BQU8sQ0FBQyxhQUFhLEVBQUUsRUFBRSxDQUFDLENBQUM7QUFDaEMsQ0FBQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IGNyZWF0ZVdyaXRlU3RyZWFtLCBwcm9taXNlcyBhcyBmcyB9IGZyb20gJ2ZzJztcbmltcG9ydCAqIGFzIHBhdGggZnJvbSAncGF0aCc7XG5pbXBvcnQgKiBhcyBnbG9iIGZyb20gJ2dsb2InO1xuXG4vLyBuYW1lc3BhY2Ugb2JqZWN0IGltcG9ydHMgd29uJ3Qgd29yayBpbiB0aGUgYnVuZGxlIGZvciBmdW5jdGlvbiBleHBvcnRzXG4vLyBlc2xpbnQtZGlzYWJsZS1uZXh0LWxpbmUgQHR5cGVzY3JpcHQtZXNsaW50L25vLXJlcXVpcmUtaW1wb3J0c1xuY29uc3QgYXJjaGl2ZXIgPSByZXF1aXJlKCdhcmNoaXZlcicpO1xuXG50eXBlIEV2ZW50RW1pdHRlciA9ICh4OiBzdHJpbmcpID0+IHZvaWQ7XG5cbmV4cG9ydCBhc3luYyBmdW5jdGlvbiB6aXBEaXJlY3RvcnkoXG4gIGRpcmVjdG9yeTogc3RyaW5nLFxuICBvdXRwdXRGaWxlOiBzdHJpbmcsXG4gIGV2ZW50RW1pdHRlcjogRXZlbnRFbWl0dGVyLFxuKTogUHJvbWlzZTx2b2lkPiB7XG4gIC8vIFdlIHdyaXRlIHRvIGEgdGVtcG9yYXJ5IGZpbGUgYW5kIHJlbmFtZSBhdCB0aGUgbGFzdCBtb21lbnQuIFRoaXMgaXMgc28gdGhhdCBpZiB3ZSBhcmVcbiAgLy8gaW50ZXJydXB0ZWQgZHVyaW5nIHRoaXMgcHJvY2Vzcywgd2UgZG9uJ3QgbGVhdmUgYSBoYWxmLWZpbmlzaGVkIGZpbGUgaW4gdGhlIHRhcmdldCBsb2NhdGlvbi5cbiAgY29uc3QgdGVtcG9yYXJ5T3V0cHV0RmlsZSA9IGAke291dHB1dEZpbGV9LiR7cmFuZG9tU3RyaW5nKCl9Ll90bXBgO1xuICBhd2FpdCB3cml0ZVppcEZpbGUoZGlyZWN0b3J5LCB0ZW1wb3JhcnlPdXRwdXRGaWxlKTtcbiAgYXdhaXQgbW92ZUludG9QbGFjZSh0ZW1wb3JhcnlPdXRwdXRGaWxlLCBvdXRwdXRGaWxlLCBldmVudEVtaXR0ZXIpO1xufVxuXG5mdW5jdGlvbiB3cml0ZVppcEZpbGUoZGlyZWN0b3J5OiBzdHJpbmcsIG91dHB1dEZpbGU6IHN0cmluZyk6IFByb21pc2U8dm9pZD4ge1xuICByZXR1cm4gbmV3IFByb21pc2UoYXN5bmMgKG9rLCBmYWlsKSA9PiB7XG4gICAgLy8gVGhlIGJlbG93IG9wdGlvbnMgYXJlIG5lZWRlZCB0byBzdXBwb3J0IGZvbGxvd2luZyBzeW1saW5rcyB3aGVuIGJ1aWxkaW5nIHppcCBmaWxlczpcbiAgICAvLyAtIG5vZGlyOiBUaGlzIHdpbGwgcHJldmVudCBzeW1saW5rcyB0aGVtc2VsdmVzIGZyb20gYmVpbmcgY29waWVkIGludG8gdGhlIHppcC5cbiAgICAvLyAtIGZvbGxvdzogVGhpcyB3aWxsIGZvbGxvdyBzeW1saW5rcyBhbmQgY29weSB0aGUgZmlsZXMgd2l0aGluLlxuICAgIGNvbnN0IGdsb2JPcHRpb25zID0ge1xuICAgICAgZG90OiB0cnVlLFxuICAgICAgbm9kaXI6IHRydWUsXG4gICAgICBmb2xsb3c6IHRydWUsXG4gICAgICBjd2Q6IGRpcmVjdG9yeSxcbiAgICB9O1xuICAgIGNvbnN0IGZpbGVzID0gZ2xvYi5zeW5jKCcqKicsIGdsb2JPcHRpb25zKTsgLy8gVGhlIG91dHB1dCBoZXJlIGlzIGFscmVhZHkgc29ydGVkXG5cbiAgICBjb25zdCBvdXRwdXQgPSBjcmVhdGVXcml0ZVN0cmVhbShvdXRwdXRGaWxlKTtcblxuICAgIGNvbnN0IGFyY2hpdmUgPSBhcmNoaXZlcignemlwJyk7XG4gICAgYXJjaGl2ZS5vbignd2FybmluZycsIGZhaWwpO1xuICAgIGFyY2hpdmUub24oJ2Vycm9yJywgZmFpbCk7XG5cbiAgICAvLyBhcmNoaXZlIGhhcyBiZWVuIGZpbmFsaXplZCBhbmQgdGhlIG91dHB1dCBmaWxlIGRlc2NyaXB0b3IgaGFzIGNsb3NlZCwgcmVzb2x2ZSBwcm9taXNlXG4gICAgLy8gdGhpcyBoYXMgdG8gYmUgZG9uZSBiZWZvcmUgY2FsbGluZyBgZmluYWxpemVgIHNpbmNlIHRoZSBldmVudHMgbWF5IGZpcmUgaW1tZWRpYXRlbHkgYWZ0ZXIuXG4gICAgLy8gc2VlIGh0dHBzOi8vd3d3Lm5wbWpzLmNvbS9wYWNrYWdlL2FyY2hpdmVyXG4gICAgb3V0cHV0Lm9uY2UoJ2Nsb3NlJywgb2spO1xuXG4gICAgYXJjaGl2ZS5waXBlKG91dHB1dCk7XG5cbiAgICAvLyBBcHBlbmQgZmlsZXMgc2VyaWFsbHkgdG8gZW5zdXJlIGZpbGUgb3JkZXJcbiAgICBmb3IgKGNvbnN0IGZpbGUgb2YgZmlsZXMpIHtcbiAgICAgIGNvbnN0IGZ1bGxQYXRoID0gcGF0aC5yZXNvbHZlKGRpcmVjdG9yeSwgZmlsZSk7XG4gICAgICAvLyBUaGVyZSBhcmUgZXhhY3RseSAyIHByb21pc2VzXG4gICAgICAvLyBlc2xpbnQtZGlzYWJsZS1uZXh0LWxpbmUgQGNka2xhYnMvcHJvbWlzZWFsbC1uby11bmJvdW5kZWQtcGFyYWxsZWxpc21cbiAgICAgIGNvbnN0IFtkYXRhLCBzdGF0XSA9IGF3YWl0IFByb21pc2UuYWxsKFtmcy5yZWFkRmlsZShmdWxsUGF0aCksIGZzLnN0YXQoZnVsbFBhdGgpXSk7XG4gICAgICBhcmNoaXZlLmFwcGVuZChkYXRhLCB7XG4gICAgICAgIG5hbWU6IGZpbGUsXG4gICAgICAgIGRhdGU6IG5ldyBEYXRlKCcxOTgwLTAxLTAxVDAwOjAwOjAwLjAwMFonKSwgLy8gcmVzZXQgZGF0ZXMgdG8gZ2V0IHRoZSBzYW1lIGhhc2ggZm9yIHRoZSBzYW1lIGNvbnRlbnRcbiAgICAgICAgbW9kZTogc3RhdC5tb2RlLFxuICAgICAgfSk7XG4gICAgfVxuXG4gICAgYXdhaXQgYXJjaGl2ZS5maW5hbGl6ZSgpO1xuICB9KTtcbn1cblxuLyoqXG4gKiBSZW5hbWUgdGhlIGZpbGUgdG8gdGhlIHRhcmdldCBsb2NhdGlvbiwgdGFraW5nIGludG8gYWNjb3VudDpcbiAqXG4gKiAtIFRoYXQgd2UgbWF5IHNlZSBFUEVSTSBvbiBXaW5kb3dzIHdoaWxlIGFuIEFudGl2aXJ1cyBzY2FubmVyIHN0aWxsIGhhcyB0aGVcbiAqICAgZmlsZSBvcGVuLCBzbyByZXRyeSBhIGNvdXBsZSBvZiB0aW1lcy5cbiAqIC0gVGhpcyBzYW1lIGZ1bmN0aW9uIG1heSBiZSBjYWxsZWQgaW4gcGFyYWxsZWwgYW5kIGJlIGludGVycnVwdGVkIGF0IGFueSBwb2ludC5cbiAqL1xuYXN5bmMgZnVuY3Rpb24gbW92ZUludG9QbGFjZShzb3VyY2U6IHN0cmluZywgdGFyZ2V0OiBzdHJpbmcsIGV2ZW50RW1pdHRlcjogRXZlbnRFbWl0dGVyKSB7XG4gIGxldCBkZWxheSA9IDEwMDtcbiAgbGV0IGF0dGVtcHRzID0gNTtcbiAgd2hpbGUgKHRydWUpIHtcbiAgICB0cnkge1xuICAgICAgLy8gJ3JlbmFtZScgaXMgZ3VhcmFudGVlZCB0byBvdmVyd3JpdGUgYW4gZXhpc3RpbmcgdGFyZ2V0LCBhcyBsb25nIGFzIGl0IGlzIGEgZmlsZSAobm90IGEgZGlyZWN0b3J5KVxuICAgICAgYXdhaXQgZnMucmVuYW1lKHNvdXJjZSwgdGFyZ2V0KTtcbiAgICAgIHJldHVybjtcbiAgICB9IGNhdGNoIChlOiBhbnkpIHtcbiAgICAgIGlmIChlLmNvZGUgIT09ICdFUEVSTScgfHwgYXR0ZW1wdHMtLSA8PSAwKSB7XG4gICAgICAgIHRocm93IGU7XG4gICAgICB9XG4gICAgICBldmVudEVtaXR0ZXIoZS5tZXNzYWdlKTtcbiAgICAgIGF3YWl0IHNsZWVwKE1hdGguZmxvb3IoTWF0aC5yYW5kb20oKSAqIGRlbGF5KSk7XG4gICAgICBkZWxheSAqPSAyO1xuICAgIH1cbiAgfVxufVxuXG5mdW5jdGlvbiBzbGVlcChtczogbnVtYmVyKSB7XG4gIHJldHVybiBuZXcgUHJvbWlzZSgob2spID0+IHNldFRpbWVvdXQob2ssIG1zKSk7XG59XG5cbmZ1bmN0aW9uIHJhbmRvbVN0cmluZygpIHtcbiAgcmV0dXJuIE1hdGgucmFuZG9tKClcbiAgICAudG9TdHJpbmcoMzYpXG4gICAgLnJlcGxhY2UoL1teYS16MC05XSsvZywgJycpO1xufVxuIl19
package/lib/private/asset-handler.d.ts ADDED
@@ -0,0 +1,54 @@
1
+ import { DockerFactory } from './docker';
2
+ import { IAws } from '../aws';
3
+ import { EventEmitter } from '../progress';
4
+ /**
5
+ * Options for publishing an asset.
6
+ */
7
+ export interface PublishOptions {
8
+ /**
9
+ * Whether or not to allow cross account publishing. That is,
10
+ * publish to a bucket belonging to a different account than the target account.
11
+ *
12
+ * @default true
13
+ */
14
+ readonly allowCrossAccount?: boolean;
15
+ }
16
+ /**
17
+ * Handler for asset building and publishing.
18
+ */
19
+ export interface IAssetHandler {
20
+ /**
21
+ * Build the asset.
22
+ */
23
+ build(): Promise<void>;
24
+ /**
25
+ * Publish the asset.
26
+ */
27
+ publish(options?: PublishOptions): Promise<void>;
28
+ /**
29
+ * Return whether the asset already exists
30
+ */
31
+ isPublished(): Promise<boolean>;
32
+ }
33
+ export interface IHandlerHost {
34
+ readonly aws: IAws;
35
+ readonly aborted: boolean;
36
+ readonly dockerFactory: DockerFactory;
37
+ emitMessage: EventEmitter;
38
+ }
39
+ export interface IHandlerOptions {
40
+ /**
41
+ * Where to send output of a subprocesses
42
+ *
43
+ * @default 'stdio'
44
+ */
45
+ readonly subprocessOutputDestination: SubprocessOutputDestination;
46
+ }
47
+ /**
48
+ * The potential destinations for subprocess output.
49
+ *
50
+ * 'stdio' will send output directly to stdout/stderr,
51
+ * 'publish' will publish the output to the {@link IPublishProgressListener},
52
+ * 'ignore' will ignore the output, and emit it nowhere.
53
+ */
54
+ export type SubprocessOutputDestination = 'stdio' | 'ignore' | 'publish';
package/lib/private/asset-handler.js ADDED
@@ -0,0 +1,3 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXNzZXQtaGFuZGxlci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbImFzc2V0LWhhbmRsZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IiIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IERvY2tlckZhY3RvcnkgfSBmcm9tICcuL2RvY2tlcic7XG5pbXBvcnQgeyBJQXdzIH0gZnJvbSAnLi4vYXdzJztcbmltcG9ydCB7IEV2ZW50RW1pdHRlciB9IGZyb20gJy4uL3Byb2dyZXNzJztcblxuLyoqXG4gKiBPcHRpb25zIGZvciBwdWJsaXNoaW5nIGFuIGFzc2V0LlxuICovXG5leHBvcnQgaW50ZXJmYWNlIFB1Ymxpc2hPcHRpb25zIHtcbiAgLyoqXG4gICAqIFdoZXRoZXIgb3Igbm90IHRvIGFsbG93IGNyb3NzIGFjY291bnQgcHVibGlzaGluZy4gVGhhdCBpcyxcbiAgICogcHVibGlzaCB0byBhIGJ1Y2tldCBiZWxvbmdpbmcgdG8gYSBkaWZmZXJlbnQgYWNjb3VudCB0aGFuIHRoZSB0YXJnZXQgYWNjb3VudC5cbiAgICpcbiAgICogQGRlZmF1bHQgdHJ1ZVxuICAgKi9cbiAgcmVhZG9ubHkgYWxsb3dDcm9zc0FjY291bnQ/OiBib29sZWFuO1xufVxuXG4vKipcbiAqIEhhbmRsZXIgZm9yIGFzc2V0IGJ1aWxkaW5nIGFuZCBwdWJsaXNoaW5nLlxuICovXG5leHBvcnQgaW50ZXJmYWNlIElBc3NldEhhbmRsZXIge1xuICAvKipcbiAgICogQnVpbGQgdGhlIGFzc2V0LlxuICAgKi9cbiAgYnVpbGQoKTogUHJvbWlzZTx2b2lkPjtcblxuICAvKipcbiAgICogUHVibGlzaCB0aGUgYXNzZXQuXG4gICAqL1xuICBwdWJsaXNoKG9wdGlvbnM/OiBQdWJsaXNoT3B0aW9ucyk6IFByb21pc2U8dm9pZD47XG5cbiAgLyoqXG4gICAqIFJldHVybiB3aGV0aGVyIHRoZSBhc3NldCBhbHJlYWR5IGV4aXN0c1xuICAgKi9cbiAgaXNQdWJsaXNoZWQoKTogUHJvbWlzZTxib29sZWFuPjtcbn1cblxuZXhwb3J0IGludGVyZmFjZSBJSGFuZGxlckhvc3Qge1xuICByZWFkb25seSBhd3M6IElBd3M7XG4gIHJlYWRvbmx5IGFib3J0ZWQ6IGJvb2xlYW47XG4gIHJlYWRvbmx5IGRvY2tlckZhY3Rvcnk6IERvY2tlckZhY3Rvcnk7XG5cbiAgZW1pdE1lc3NhZ2U6IEV2ZW50RW1pdHRlcjtcbn1cblxuZXhwb3J0IGludGVyZmFjZSBJSGFuZGxlck9wdGlvbnMge1xuICAvKipcbiAgICogV2hlcmUgdG8gc2VuZCBvdXRwdXQgb2YgYSBzdWJwcm9jZXNzZXNcbiAgICpcbiAgICogQGRlZmF1bHQgJ3N0ZGlvJ1xuICAgKi9cbiAgcmVhZG9ubHkgc3VicHJvY2Vzc091dHB1dERlc3RpbmF0aW9uOiBTdWJwcm9jZXNzT3V0cHV0RGVzdGluYXRpb247XG59XG5cbi8qKlxuICogVGhlIHBvdGVudGlhbCBkZXN0aW5hdGlvbnMgZm9yIHN1YnByb2Nlc3Mgb3V0cHV0LlxuICpcbiAqICdzdGRpbycgd2lsbCBzZW5kIG91dHB1dCBkaXJlY3RseSB0byBzdGRvdXQvc3RkZXJyLFxuICogJ3B1Ymxpc2gnIHdpbGwgcHVibGlzaCB0aGUgb3V0cHV0IHRvIHRoZSB7QGxpbmsgSVB1Ymxpc2hQcm9ncmVzc0xpc3RlbmVyfSxcbiAqICdpZ25vcmUnIHdpbGwgaWdub3JlIHRoZSBvdXRwdXQsIGFuZCBlbWl0IGl0IG5vd2hlcmUuXG4gKi9cbmV4cG9ydCB0eXBlIFN1YnByb2Nlc3NPdXRwdXREZXN0aW5hdGlvbiA9ICdzdGRpbycgfCAnaWdub3JlJyB8ICdwdWJsaXNoJztcbiJdfQ==
package/lib/private/docker-credentials.d.ts ADDED
@@ -0,0 +1,35 @@
1
+ import { IAws, IECRClient } from '../aws';
2
+ import { EventEmitter } from '../progress';
3
+ export interface DockerCredentials {
4
+ readonly Username: string;
5
+ readonly Secret: string;
6
+ }
7
+ export interface DockerCredentialsConfig {
8
+ readonly version: string;
9
+ readonly domainCredentials: Record<string, DockerDomainCredentialSource>;
10
+ }
11
+ export interface DockerDomainCredentialSource {
12
+ readonly secretsManagerSecretId?: string;
13
+ readonly secretsUsernameField?: string;
14
+ readonly secretsPasswordField?: string;
15
+ readonly ecrRepository?: boolean;
16
+ readonly assumeRoleArn?: string;
17
+ }
18
+ /** Returns the presumed location of the CDK Docker credentials config file */
19
+ export declare function cdkCredentialsConfigFile(): string;
20
+ /** Loads and parses the CDK Docker credentials configuration, if it exists. */
21
+ export declare function cdkCredentialsConfig(): DockerCredentialsConfig | undefined;
22
+ /**
23
+ * Just for testing
24
+ */
25
+ export declare function _clearCdkCredentialsConfigCache(): void;
26
+ /** Fetches login credentials from the configured source (e.g., SecretsManager, ECR) */
27
+ export declare function fetchDockerLoginCredentials(aws: IAws, config: DockerCredentialsConfig, endpoint: string): Promise<{
28
+ Username: any;
29
+ Secret: any;
30
+ }>;
31
+ export declare function obtainEcrCredentials(ecr: IECRClient, eventEmitter?: EventEmitter): Promise<{
32
+ username: string;
33
+ password: string;
34
+ endpoint: string;
35
+ }>;
package/lib/private/docker-credentials.js ADDED
@@ -0,0 +1,89 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.cdkCredentialsConfigFile = cdkCredentialsConfigFile;
4
+ exports.cdkCredentialsConfig = cdkCredentialsConfig;
5
+ exports._clearCdkCredentialsConfigCache = _clearCdkCredentialsConfigCache;
6
+ exports.fetchDockerLoginCredentials = fetchDockerLoginCredentials;
7
+ exports.obtainEcrCredentials = obtainEcrCredentials;
8
+ const fs = require("fs");
9
+ const os = require("os");
10
+ const path = require("path");
11
+ const progress_1 = require("../progress");
12
+ /** Returns the presumed location of the CDK Docker credentials config file */
13
+ function cdkCredentialsConfigFile() {
14
+ return (process.env.CDK_DOCKER_CREDS_FILE ??
15
+ path.join((os.userInfo().homedir ?? os.homedir()).trim() || '/', '.cdk', 'cdk-docker-creds.json'));
16
+ }
17
+ let _cdkCredentials;
18
+ /** Loads and parses the CDK Docker credentials configuration, if it exists. */
19
+ function cdkCredentialsConfig() {
20
+ if (!_cdkCredentials) {
21
+ try {
22
+ _cdkCredentials = JSON.parse(fs.readFileSync(cdkCredentialsConfigFile(), { encoding: 'utf-8' }));
23
+ }
24
+ catch { }
25
+ }
26
+ return _cdkCredentials;
27
+ }
28
+ /**
29
+ * Just for testing
30
+ */
31
+ function _clearCdkCredentialsConfigCache() {
32
+ _cdkCredentials = undefined;
33
+ }
34
+ /** Fetches login credentials from the configured source (e.g., SecretsManager, ECR) */
35
+ async function fetchDockerLoginCredentials(aws, config, endpoint) {
36
+ // Paranoid handling to ensure new URL() doesn't throw if the schema is missing
37
+ // For official docker registry, docker will pass https://index.docker.io/v1/
38
+ endpoint = endpoint.includes('://') ? endpoint : `https://${endpoint}`;
39
+ const domain = new URL(endpoint).hostname;
40
+ if (!Object.keys(config.domainCredentials).includes(domain) &&
41
+ !Object.keys(config.domainCredentials).includes(endpoint)) {
42
+ throw new Error(`unknown domain ${domain}`);
43
+ }
44
+ let domainConfig = config.domainCredentials[domain] ?? config.domainCredentials[endpoint];
45
+ if (domainConfig.secretsManagerSecretId) {
46
+ const sm = await aws.secretsManagerClient({ assumeRoleArn: domainConfig.assumeRoleArn });
47
+ const secretValue = await sm.getSecretValue({
48
+ SecretId: domainConfig.secretsManagerSecretId,
49
+ });
50
+ if (!secretValue.SecretString) {
51
+ throw new Error(`unable to fetch SecretString from secret: ${domainConfig.secretsManagerSecretId}`);
52
+ }
53
+ const secret = JSON.parse(secretValue.SecretString);
54
+ const usernameField = domainConfig.secretsUsernameField ?? 'username';
55
+ const secretField = domainConfig.secretsPasswordField ?? 'secret';
56
+ if (!secret[usernameField] || !secret[secretField]) {
57
+ throw new Error(`malformed secret string ("${usernameField}" or "${secretField}" field missing)`);
58
+ }
59
+ return { Username: secret[usernameField], Secret: secret[secretField] };
60
+ }
61
+ else if (domainConfig.ecrRepository) {
62
+ const ecr = await aws.ecrClient({ assumeRoleArn: domainConfig.assumeRoleArn });
63
+ const ecrAuthData = await obtainEcrCredentials(ecr);
64
+ return { Username: ecrAuthData.username, Secret: ecrAuthData.password };
65
+ }
66
+ else {
67
+ throw new Error('unknown credential type: no secret ID or ECR repo');
68
+ }
69
+ }
70
+ async function obtainEcrCredentials(ecr, eventEmitter) {
71
+ if (eventEmitter) {
72
+ eventEmitter(progress_1.EventType.DEBUG, 'Fetching ECR authorization token');
73
+ }
74
+ const authData = (await ecr.getAuthorizationToken()).authorizationData || [];
75
+ if (authData.length === 0) {
76
+ throw new Error('No authorization data received from ECR');
77
+ }
78
+ const token = Buffer.from(authData[0].authorizationToken, 'base64').toString('ascii');
79
+ const [username, password] = token.split(':');
80
+ if (!username || !password) {
81
+ throw new Error('unexpected ECR authData format');
82
+ }
83
+ return {
84
+ username,
85
+ password,
86
+ endpoint: authData[0].proxyEndpoint,
87
+ };
88
+ }
89
+ //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZG9ja2VyLWNyZWRlbnRpYWxzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiZG9ja2VyLWNyZWRlbnRpYWxzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7O0FBeUJBLDREQVNDO0FBSUQsb0RBU0M7QUFLRCwwRUFFQztBQUdELGtFQWlEQztBQUVELG9EQW9CQztBQWhJRCx5QkFBeUI7QUFDekIseUJBQXlCO0FBQ3pCLDZCQUE2QjtBQUU3QiwwQ0FBc0Q7QUFvQnRELDhFQUE4RTtBQUM5RSxTQUFnQix3QkFBd0I7SUFDdEMsT0FBTyxDQUNMLE9BQU8sQ0FBQyxHQUFHLENBQUMscUJBQXFCO1FBQ2pDLElBQUksQ0FBQyxJQUFJLENBQ1AsQ0FBQyxFQUFFLENBQUMsUUFBUSxFQUFFLENBQUMsT0FBTyxJQUFJLEVBQUUsQ0FBQyxPQUFPLEVBQUUsQ0FBQyxDQUFDLElBQUksRUFBRSxJQUFJLEdBQUcsRUFDckQsTUFBTSxFQUNOLHVCQUF1QixDQUN4QixDQUNGLENBQUM7QUFDSixDQUFDO0FBRUQsSUFBSSxlQUFvRCxDQUFDO0FBQ3pELCtFQUErRTtBQUMvRSxTQUFnQixvQkFBb0I7SUFDbEMsSUFBSSxDQUFDLGVBQWUsRUFBRSxDQUFDO1FBQ3JCLElBQUksQ0FBQztZQUNILGVBQWUsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUMxQixFQUFFLENBQUMsWUFBWSxDQUFDLHdCQUF3QixFQUFFLEVBQUUsRUFBRSxRQUFRLEVBQUUsT0FBTyxFQUFFLENBQUMsQ0FDeEMsQ0FBQztRQUMvQixDQUFDO1FBQUMsTUFBTSxDQUFDLENBQUEsQ0FBQztJQUNaLENBQUM7SUFDRCxPQUFPLGVBQWUsQ0FBQztBQUN6QixDQUFDO0FBRUQ7O0dBRUc7QUFDSCxTQUFnQiwrQkFBK0I7SUFDN0MsZUFBZSxHQUFHLFNBQVMsQ0FBQztBQUM5QixDQUFDO0FBRUQsdUZBQXVGO0FBQ2hGLEtBQUssVUFBVSwyQkFBMkIsQ0FDL0MsR0FBUyxFQUNULE1BQStCLEVBQy9CLFFBQWdCO0lBRWhCLCtFQUErRTtJQUMvRSw2RUFBNkU7SUFDN0UsUUFBUSxHQUFHLFFBQVEsQ0FBQyxRQUFRLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxDQUFDLENBQUMsV0FBVyxRQUFRLEVBQUUsQ0FBQztJQUN2RSxNQUFNLE1BQU0sR0FBRyxJQUFJLEdBQUcsQ0FBQyxRQUFRLENBQUMsQ0FBQyxRQUFRLENBQUM7SUFFMUMsSUFDRSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLGlCQUFpQixDQUFDLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQztRQUN2RCxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLGlCQUFpQixDQUFDLENBQUMsUUFBUSxDQUFDLFFBQVEsQ0FBQyxFQUN6RCxDQUFDO1FBQ0QsTUFBTSxJQUFJLEtBQUssQ0FBQyxrQkFBa0IsTUFBTSxFQUFFLENBQUMsQ0FBQztJQUM5QyxDQUFDO0lBRUQsSUFBSSxZQUFZLEdBQUcsTUFBTSxDQUFDLGlCQUFpQixDQUFDLE1BQU0sQ0FBQyxJQUFJLE1BQU0sQ0FBQyxpQkFBaUIsQ0FBQyxRQUFRLENBQUMsQ0FBQztJQUUxRixJQUFJLFlBQVksQ0FBQyxzQkFBc0IsRUFBRSxDQUFDO1FBQ3hDLE1BQU0sRUFBRSxHQUFHLE1BQU0sR0FBRyxDQUFDLG9CQUFvQixDQUFDLEVBQUUsYUFBYSxFQUFFLFlBQVksQ0FBQyxhQUFhLEVBQUUsQ0FBQyxDQUFDO1FBQ3pGLE1BQU0sV0FBVyxHQUFHLE1BQU0sRUFBRSxDQUFDLGNBQWMsQ0FBQztZQUMxQyxRQUFRLEVBQUUsWUFBWSxDQUFDLHNCQUFzQjtTQUM5QyxDQUFDLENBQUM7UUFDSCxJQUFJLENBQUMsV0FBVyxDQUFDLFlBQVksRUFBRSxDQUFDO1lBQzlCLE1BQU0sSUFBSSxLQUFLLENBQ2IsNkNBQTZDLFlBQVksQ0FBQyxzQkFBc0IsRUFBRSxDQUNuRixDQUFDO1FBQ0osQ0FBQztRQUVELE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsV0FBVyxDQUFDLFlBQVksQ0FBQyxDQUFDO1FBRXBELE1BQU0sYUFBYSxHQUFHLFlBQVksQ0FBQyxvQkFBb0IsSUFBSSxVQUFVLENBQUM7UUFDdEUsTUFBTSxXQUFXLEdBQUcsWUFBWSxDQUFDLG9CQUFvQixJQUFJLFFBQVEsQ0FBQztRQUNsRSxJQUFJLENBQUMsTUFBTSxDQUFDLGFBQWEsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLFdBQVcsQ0FBQyxFQUFFLENBQUM7WUFDbkQsTUFBTSxJQUFJLEtBQUssQ0FDYiw2QkFBNkIsYUFBYSxTQUFTLFdBQVcsa0JBQWtCLENBQ2pGLENBQUM7UUFDSixDQUFDO1FBRUQsT0FBTyxFQUFFLFFBQVEsRUFBRSxNQUFNLENBQUMsYUFBYSxDQUFDLEVBQUUsTUFBTSxFQUFFLE1BQU0sQ0FBQyxXQUFXLENBQUMsRUFBRSxDQUFDO0lBQzFFLENBQUM7U0FBTSxJQUFJLFlBQVksQ0FBQyxhQUFhLEVBQUUsQ0FBQztRQUN0QyxNQUFNLEdBQUcsR0FBRyxNQUFNLEdBQUcsQ0FBQyxTQUFTLENBQUMsRUFBRSxhQUFhLEVBQUUsWUFBWSxDQUFDLGFBQWEsRUFBRSxDQUFDLENBQUM7UUFDL0UsTUFBTSxXQUFXLEdBQUcsTUFBTSxvQkFBb0IsQ0FBQyxHQUFHLENBQUMsQ0FBQztRQUVwRCxPQUFPLEVBQUUsUUFBUSxFQUFFLFdBQVcsQ0FBQyxRQUFRLEVBQUUsTUFBTSxFQUFFLFdBQVcsQ0FBQyxRQUFRLEVBQUUsQ0FBQztJQUMxRSxDQUFDO1NBQU0sQ0FBQztRQUNOLE1BQU0sSUFBSSxLQUFLLENBQUMsbURBQW1ELENBQUMsQ0FBQztJQUN2RSxDQUFDO0FBQ0gsQ0FBQztBQUVNLEtBQUssVUFBVSxvQkFBb0IsQ0FBQyxHQUFlLEVBQUUsWUFBMkI7SUFDckYsSUFBSSxZQUFZLEVBQUUsQ0FBQztRQUNqQixZQUFZLENBQUMsb0JBQVMsQ0FBQyxLQUFLLEVBQUUsa0NBQWtDLENBQUMsQ0FBQztJQUNwRSxDQUFDO0lBRUQsTUFBTSxRQUFRLEdBQUcsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxxQkFBcUIsRUFBRSxDQUFDLENBQUMsaUJBQWlCLElBQUksRUFBRSxDQUFDO0lBQzdFLElBQUksUUFBUSxDQUFDLE1BQU0sS0FBSyxDQUFDLEVBQUUsQ0FBQztRQUMxQixNQUFNLElBQUksS0FBSyxDQUFDLHlDQUF5QyxDQUFDLENBQUM7SUFDN0QsQ0FBQztJQUNELE1BQU0sS0FBSyxHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLENBQUMsQ0FBQyxDQUFDLGtCQUFtQixFQUFFLFFBQVEsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUMsQ0FBQztJQUN2RixNQUFNLENBQUMsUUFBUSxFQUFFLFFBQVEsQ0FBQyxHQUFHLEtBQUssQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7SUFDOUMsSUFBSSxDQUFDLFFBQVEsSUFBSSxDQUFDLFFBQVEsRUFBRSxDQUFDO1FBQzNCLE1BQU0sSUFBSSxLQUFLLENBQUMsZ0NBQWdDLENBQUMsQ0FBQztJQUNwRCxDQUFDO0lBRUQsT0FBTztRQUNMLFFBQVE7UUFDUixRQUFRO1FBQ1IsUUFBUSxFQUFFLFFBQVEsQ0FBQyxDQUFDLENBQUMsQ0FBQyxhQUFjO0tBQ3JDLENBQUM7QUFDSixDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0ICogYXMgZnMgZnJvbSAnZnMnO1xuaW1wb3J0ICogYXMgb3MgZnJvbSAnb3MnO1xuaW1wb3J0ICogYXMgcGF0aCBmcm9tICdwYXRoJztcbmltcG9ydCB7IElBd3MsIElFQ1JDbGllbnQgfSBmcm9tICcuLi9hd3MnO1xuaW1wb3J0IHsgRXZlbnRFbWl0dGVyLCBFdmVudFR5cGUgfSBmcm9tICcuLi9wcm9ncmVzcyc7XG5cbmV4cG9ydCBpbnRlcmZhY2UgRG9ja2VyQ3JlZGVudGlhbHMge1xuICByZWFkb25seSBVc2VybmFtZTogc3RyaW5nO1xuICByZWFkb25seSBTZWNyZXQ6IHN0cmluZztcbn1cblxuZXhwb3J0IGludGVyZmFjZSBEb2NrZXJDcmVkZW50aWFsc0NvbmZpZyB7XG4gIHJlYWRvbmx5IHZlcnNpb246IHN0cmluZztcbiAgcmVhZG9ubHkgZG9tYWluQ3JlZGVudGlhbHM6IFJlY29yZDxzdHJpbmcsIERvY2tlckRvbWFpbkNyZWRlbnRpYWxTb3VyY2U+O1xufVxuXG5leHBvcnQgaW50ZXJmYWNlIERvY2tlckRvbWFpbkNyZWRlbnRpYWxTb3VyY2Uge1xuICByZWFkb25seSBzZWNyZXRzTWFuYWdlclNlY3JldElkPzogc3RyaW5nO1xuICByZWFkb25seSBzZWNyZXRzVXNlcm5hbWVGaWVsZD86IHN0cmluZztcbiAgcmVhZG9ubHkgc2VjcmV0c1Bhc3N3b3JkRmllbGQ/OiBzdHJpbmc7XG4gIHJlYWRvbmx5IGVjclJlcG9zaXRvcnk/OiBib29sZWFuO1xuICByZWFkb25seSBhc3N1bWVSb2xlQXJuPzogc3RyaW5nO1xufVxuXG4vKiogUmV0dXJucyB0aGUgcHJlc3VtZWQgbG9jYXRpb24gb2YgdGhlIENESyBEb2NrZXIgY3JlZGVudGlhbHMgY29uZmlnIGZpbGUgKi9cbmV4cG9ydCBmdW5jdGlvbiBjZGtDcmVkZW50aWFsc0NvbmZpZ0ZpbGUoKTogc3RyaW5nIHtcbiAgcmV0dXJuIChcbiAgICBwcm9jZXNzLmVudi5DREtfRE9DS0VSX0NSRURTX0ZJTEUgPz9cbiAgICBwYXRoLmpvaW4oXG4gICAgICAob3MudXNlckluZm8oKS5ob21lZGlyID8/IG9zLmhvbWVkaXIoKSkudHJpbSgpIHx8ICcvJyxcbiAgICAgICcuY2RrJyxcbiAgICAgICdjZGstZG9ja2VyLWNyZWRzLmpzb24nLFxuICAgIClcbiAgKTtcbn1cblxubGV0IF9jZGtDcmVkZW50aWFsczogRG9ja2VyQ3JlZGVudGlhbHNDb25maWcgfCB1bmRlZmluZWQ7XG4vKiogTG9hZHMgYW5kIHBhcnNlcyB0aGUgQ0RLIERvY2tlciBjcmVkZW50aWFscyBjb25maWd1cmF0aW9uLCBpZiBpdCBleGlzdHMuICovXG5leHBvcnQgZnVuY3Rpb24gY2RrQ3JlZGVudGlhbHNDb25maWcoKTogRG9ja2VyQ3JlZGVudGlhbHNDb25maWcgfCB1bmRlZmluZWQge1xuICBpZiAoIV9jZGtDcmVkZW50aWFscykge1xuICAgIHRyeSB7XG4gICAgICBfY2RrQ3JlZGVudGlhbHMgPSBKU09OLnBhcnNlKFxuICAgICAgICBmcy5yZWFkRmlsZVN5bmMoY2RrQ3JlZGVudGlhbHNDb25maWdGaWxlKCksIHsgZW5jb2Rpbmc6ICd1dGYtOCcgfSksXG4gICAgICApIGFzIERvY2tlckNyZWRlbnRpYWxzQ29uZmlnO1xuICAgIH0gY2F0Y2gge31cbiAgfVxuICByZXR1cm4gX2Nka0NyZWRlbnRpYWxzO1xufVxuXG4vKipcbiAqIEp1c3QgZm9yIHRlc3RpbmdcbiAqL1xuZXhwb3J0IGZ1bmN0aW9uIF9jbGVhckNka0NyZWRlbnRpYWxzQ29uZmlnQ2FjaGUoKSB7XG4gIF9jZGtDcmVkZW50aWFscyA9IHVuZGVmaW5lZDtcbn1cblxuLyoqIEZldGNoZXMgbG9naW4gY3JlZGVudGlhbHMgZnJvbSB0aGUgY29uZmlndXJlZCBzb3VyY2UgKGUuZy4sIFNlY3JldHNNYW5hZ2VyLCBFQ1IpICovXG5leHBvcnQgYXN5bmMgZnVuY3Rpb24gZmV0Y2hEb2NrZXJMb2dpbkNyZWRlbnRpYWxzKFxuICBhd3M6IElBd3MsXG4gIGNvbmZpZzogRG9ja2VyQ3JlZGVudGlhbHNDb25maWcsXG4gIGVuZHBvaW50OiBzdHJpbmcsXG4pIHtcbiAgLy8gUGFyYW5vaWQgaGFuZGxpbmcgdG8gZW5zdXJlIG5ldyBVUkwoKSBkb2Vzbid0IHRocm93IGlmIHRoZSBzY2hlbWEgaXMgbWlzc2luZ1xuICAvLyBGb3Igb2ZmaWNpYWwgZG9ja2VyIHJlZ2lzdHJ5LCBkb2NrZXIgd2lsbCBwYXNzIGh0dHBzOi8vaW5kZXguZG9ja2VyLmlvL3YxL1xuICBlbmRwb2ludCA9IGVuZHBvaW50LmluY2x1ZGVzKCc6Ly8nKSA/IGVuZHBvaW50IDogYGh0dHBzOi8vJHtlbmRwb2ludH1gO1xuICBjb25zdCBkb21haW4gPSBuZXcgVVJMKGVuZHBvaW50KS5ob3N0bmFtZTtcblxuICBpZiAoXG4gICAgIU9iamVjdC5rZXlzKGNvbmZpZy5kb21haW5DcmVkZW50aWFscykuaW5jbHVkZXMoZG9tYWluKSAmJlxuICAgICFPYmplY3Qua2V5cyhjb25maWcuZG9tYWluQ3JlZGVudGlhbHMpLmluY2x1ZGVzKGVuZHBvaW50KVxuICApIHtcbiAgICB0aHJvdyBuZXcgRXJyb3IoYHVua25vd24gZG9tYWluICR7ZG9tYWlufWApO1xuICB9XG5cbiAgbGV0IGRvbWFpbkNvbmZpZyA9IGNvbmZpZy5kb21haW5DcmVkZW50aWFsc1tkb21haW5dID8/IGNvbmZpZy5kb21haW5DcmVkZW50aWFsc1tlbmRwb2ludF07XG5cbiAgaWYgKGRvbWFpbkNvbmZpZy5zZWNyZXRzTWFuYWdlclNlY3JldElkKSB7XG4gICAgY29uc3Qgc20gPSBhd2FpdCBhd3Muc2VjcmV0c01hbmFnZXJDbGllbnQoeyBhc3N1bWVSb2xlQXJuOiBkb21haW5Db25maWcuYXNzdW1lUm9sZUFybiB9KTtcbiAgICBjb25zdCBzZWNyZXRWYWx1ZSA9IGF3YWl0IHNtLmdldFNlY3JldFZhbHVlKHtcbiAgICAgIFNlY3JldElkOiBkb21haW5Db25maWcuc2VjcmV0c01hbmFnZXJTZWNyZXRJZCxcbiAgICB9KTtcbiAgICBpZiAoIXNlY3JldFZhbHVlLlNlY3JldFN0cmluZykge1xuICAgICAgdGhyb3cgbmV3IEVycm9yKFxuICAgICAgICBgdW5hYmxlIHRvIGZldGNoIFNlY3JldFN0cmluZyBmcm9tIHNlY3JldDogJHtkb21haW5Db25maWcuc2VjcmV0c01hbmFnZXJTZWNyZXRJZH1gLFxuICAgICAgKTtcbiAgICB9XG5cbiAgICBjb25zdCBzZWNyZXQgPSBKU09OLnBhcnNlKHNlY3JldFZhbHVlLlNlY3JldFN0cmluZyk7XG5cbiAgICBjb25zdCB1c2VybmFtZUZpZWxkID0gZG9tYWluQ29uZmlnLnNlY3JldHNVc2VybmFtZUZpZWxkID8/ICd1c2VybmFtZSc7XG4gICAgY29uc3Qgc2VjcmV0RmllbGQgPSBkb21haW5Db25maWcuc2VjcmV0c1Bhc3N3b3JkRmllbGQgPz8gJ3NlY3JldCc7XG4gICAgaWYgKCFzZWNyZXRbdXNlcm5hbWVGaWVsZF0gfHwgIXNlY3JldFtzZWNyZXRGaWVsZF0pIHtcbiAgICAgIHRocm93IG5ldyBFcnJvcihcbiAgICAgICAgYG1hbGZvcm1lZCBzZWNyZXQgc3RyaW5nIChcIiR7dXNlcm5hbWVGaWVsZH1cIiBvciBcIiR7c2VjcmV0RmllbGR9XCIgZmllbGQgbWlzc2luZylgLFxuICAgICAgKTtcbiAgICB9XG5cbiAgICByZXR1cm4geyBVc2VybmFtZTogc2VjcmV0W3VzZXJuYW1lRmllbGRdLCBTZWNyZXQ6IHNlY3JldFtzZWNyZXRGaWVsZF0gfTtcbiAgfSBlbHNlIGlmIChkb21haW5Db25maWcuZWNyUmVwb3NpdG9yeSkge1xuICAgIGNvbnN0IGVjciA9IGF3YWl0IGF3cy5lY3JDbGllbnQoeyBhc3N1bWVSb2xlQXJuOiBkb21haW5Db25maWcuYXNzdW1lUm9sZUFybiB9KTtcbiAgICBjb25zdCBlY3JBdXRoRGF0YSA9IGF3YWl0IG9idGFpbkVjckNyZWRlbnRpYWxzKGVjcik7XG5cbiAgICByZXR1cm4geyBVc2VybmFtZTogZWNyQXV0aERhdGEudXNlcm5hbWUsIFNlY3JldDogZWNyQXV0aERhdGEucGFzc3dvcmQgfTtcbiAgfSBlbHNlIHtcbiAgICB0aHJvdyBuZXcgRXJyb3IoJ3Vua25vd24gY3JlZGVudGlhbCB0eXBlOiBubyBzZWNyZXQgSUQgb3IgRUNSIHJlcG8nKTtcbiAgfVxufVxuXG5leHBvcnQgYXN5bmMgZnVuY3Rpb24gb2J0YWluRWNyQ3JlZGVudGlhbHMoZWNyOiBJRUNSQ2xpZW50LCBldmVudEVtaXR0ZXI/OiBFdmVudEVtaXR0ZXIpIHtcbiAgaWYgKGV2ZW50RW1pdHRlcikge1xuICAgIGV2ZW50RW1pdHRlcihFdmVudFR5cGUuREVCVUcsICdGZXRjaGluZyBFQ1IgYXV0aG9yaXphdGlvbiB0b2tlbicpO1xuICB9XG5cbiAgY29uc3QgYXV0aERhdGEgPSAoYXdhaXQgZWNyLmdldEF1dGhvcml6YXRpb25Ub2tlbigpKS5hdXRob3JpemF0aW9uRGF0YSB8fCBbXTtcbiAgaWYgKGF1dGhEYXRhLmxlbmd0aCA9PT0gMCkge1xuICAgIHRocm93IG5ldyBFcnJvcignTm8gYXV0aG9yaXphdGlvbiBkYXRhIHJlY2VpdmVkIGZyb20gRUNSJyk7XG4gIH1cbiAgY29uc3QgdG9rZW4gPSBCdWZmZXIuZnJvbShhdXRoRGF0YVswXS5hdXRob3JpemF0aW9uVG9rZW4hLCAnYmFzZTY0JykudG9TdHJpbmcoJ2FzY2lpJyk7XG4gIGNvbnN0IFt1c2VybmFtZSwgcGFzc3dvcmRdID0gdG9rZW4uc3BsaXQoJzonKTtcbiAgaWYgKCF1c2VybmFtZSB8fCAhcGFzc3dvcmQpIHtcbiAgICB0aHJvdyBuZXcgRXJyb3IoJ3VuZXhwZWN0ZWQgRUNSIGF1dGhEYXRhIGZvcm1hdCcpO1xuICB9XG5cbiAgcmV0dXJuIHtcbiAgICB1c2VybmFtZSxcbiAgICBwYXNzd29yZCxcbiAgICBlbmRwb2ludDogYXV0aERhdGFbMF0ucHJveHlFbmRwb2ludCEsXG4gIH07XG59XG4iXX0=
package/lib/private/docker.d.ts ADDED
@@ -0,0 +1,98 @@
1
+ import { IECRClient } from '../aws';
2
+ import { SubprocessOutputDestination } from './asset-handler';
3
+ import { EventEmitter } from '../progress';
4
+ interface BuildOptions {
5
+ readonly directory: string;
6
+ /**
7
+ * Tag the image with a given repoName:tag combination
8
+ */
9
+ readonly tag: string;
10
+ readonly target?: string;
11
+ readonly file?: string;
12
+ readonly buildArgs?: Record<string, string>;
13
+ readonly buildSecrets?: Record<string, string>;
14
+ readonly buildSsh?: string;
15
+ readonly networkMode?: string;
16
+ readonly platform?: string;
17
+ readonly outputs?: string[];
18
+ readonly cacheFrom?: DockerCacheOption[];
19
+ readonly cacheTo?: DockerCacheOption;
20
+ readonly cacheDisabled?: boolean;
21
+ }
22
+ interface PushOptions {
23
+ readonly tag: string;
24
+ }
25
+ export interface DockerCredentialsConfig {
26
+ readonly version: string;
27
+ readonly domainCredentials: Record<string, DockerDomainCredentials>;
28
+ }
29
+ export interface DockerDomainCredentials {
30
+ readonly secretsManagerSecretId?: string;
31
+ readonly ecrRepository?: string;
32
+ }
33
+ export interface DockerCacheOption {
34
+ readonly type: string;
35
+ readonly params?: {
36
+ [key: string]: string;
37
+ };
38
+ }
39
+ export declare class Docker {
40
+ private readonly eventEmitter;
41
+ private readonly subprocessOutputDestination;
42
+ private configDir;
43
+ constructor(eventEmitter: EventEmitter, subprocessOutputDestination: SubprocessOutputDestination);
44
+ /**
45
+ * Whether an image with the given tag exists
46
+ */
47
+ exists(tag: string): Promise<boolean>;
48
+ build(options: BuildOptions): Promise<void>;
49
+ /**
50
+ * Get credentials from ECR and run docker login
51
+ */
52
+ login(ecr: IECRClient): Promise<void>;
53
+ tag(sourceTag: string, targetTag: string): Promise<void>;
54
+ push(options: PushOptions): Promise<void>;
55
+ /**
56
+ * If a CDK Docker Credentials file exists, creates a new Docker config directory.
57
+ * Sets up `docker-credential-cdk-assets` to be the credential helper for each domain in the CDK config.
58
+ * All future commands (e.g., `build`, `push`) will use this config.
59
+ *
60
+ * See https://docs.docker.com/engine/reference/commandline/login/#credential-helpers for more details on cred helpers.
61
+ *
62
+ * @returns true if CDK config was found and configured, false otherwise
63
+ */
64
+ configureCdkCredentials(): boolean;
65
+ /**
66
+ * Removes any configured Docker config directory.
67
+ * All future commands (e.g., `build`, `push`) will use the default config.
68
+ *
69
+ * This is useful after calling `configureCdkCredentials` to reset to default credentials.
70
+ */
71
+ resetAuthPlugins(): void;
72
+ private execute;
73
+ private cacheOptionToFlag;
74
+ }
75
+ export interface DockerFactoryOptions {
76
+ readonly repoUri: string;
77
+ readonly ecr: IECRClient;
78
+ readonly eventEmitter: EventEmitter;
79
+ readonly subprocessOutputDestination: SubprocessOutputDestination;
80
+ }
81
+ /**
82
+ * Helps get appropriately configured Docker instances during the container
83
+ * image publishing process.
84
+ */
85
+ export declare class DockerFactory {
86
+ private enterLoggedInDestinationsCriticalSection;
87
+ private loggedInDestinations;
88
+ /**
89
+ * Gets a Docker instance for building images.
90
+ */
91
+ forBuild(options: DockerFactoryOptions): Promise<Docker>;
92
+ /**
93
+ * Gets a Docker instance for pushing images to ECR.
94
+ */
95
+ forEcrPush(options: DockerFactoryOptions): Promise<Docker>;
96
+ private loginOncePerDestination;
97
+ }
98
+ export {};