cdk-ecr-deployment 3.2.0 → 3.2.2

package/.jsii

@@ -3457,7 +3457,7 @@
     "stability": "stable"
   },
   "homepage": "https://github.com/cdklabs/cdk-ecr-deployment",
-  "jsiiVersion": "5.1.12 (build 0675712)",
+  "jsiiVersion": "5.7.8 (build 2bc6834)",
   "keywords": [
     "cdk"
   ],
@@ -3472,7 +3472,7 @@
   },
   "name": "cdk-ecr-deployment",
   "readme": {
-    "markdown": "# cdk-ecr-deployment\n\n[![Release](https://github.com/cdklabs/cdk-ecr-deployment/actions/workflows/release.yml/badge.svg)](https://github.com/cdklabs/cdk-ecr-deployment/actions/workflows/release.yml)\n[![npm version](https://img.shields.io/npm/v/cdk-ecr-deployment)](https://www.npmjs.com/package/cdk-ecr-deployment)\n[![PyPI](https://img.shields.io/pypi/v/cdk-ecr-deployment)](https://pypi.org/project/cdk-ecr-deployment)\n[![npm](https://img.shields.io/npm/dw/cdk-ecr-deployment?label=npm%20downloads)](https://www.npmjs.com/package/cdk-ecr-deployment)\n[![PyPI - Downloads](https://img.shields.io/pypi/dw/cdk-ecr-deployment?label=pypi%20downloads)](https://pypi.org/project/cdk-ecr-deployment)\n\nCDK construct to synchronize single docker image between docker registries.\n\n**Only use v3 of this package**\n\n⚠️ Version 2.* is no longer supported, as the Go.1.x runtime is no longer supported in AWS Lambda.\\\n⚠️ Version 1.* is no longer supported, as CDK v1 has reached the end-of-life\nstage.\n\n## Features\n\n- Copy image from ECR/external registry to (another) ECR/external registry\n- Copy an archive tarball image from s3 to ECR/external registry\n\n## Environment variables\n\nEnable flags: `true`, `1`. e.g. `export CI=1`\n\n- `CI` indicate if it's CI environment. This flag will enable building lambda from scratch.\n- `NO_PREBUILT_LAMBDA` disable using prebuilt lambda.\n- `FORCE_PREBUILT_LAMBDA` force using prebuilt lambda.\n\n⚠️ If you want to force using prebuilt lambda in CI environment to reduce build time. Try `export FORCE_PREBUILT_LAMBDA=1`.\n\n## Examples\n\n```ts\nimport { DockerImageAsset } from 'aws-cdk-lib/aws-ecr-assets';\n\nconst image = new DockerImageAsset(this, 'CDKDockerImage', {\n  directory: path.join(__dirname, 'docker'),\n});\n\n// Copy from cdk docker image asset to another ECR.\nnew ecrdeploy.ECRDeployment(this, 'DeployDockerImage1', {\n  src: new ecrdeploy.DockerImageName(image.imageUri),\n  dest: new ecrdeploy.DockerImageName(`${cdk.Aws.ACCOUNT_ID}.dkr.ecr.us-west-2.amazonaws.com/my-nginx:latest`),\n});\n\n// Copy from docker registry to ECR.\nnew ecrdeploy.ECRDeployment(this, 'DeployDockerImage2', {\n  src: new ecrdeploy.DockerImageName('nginx:latest'),\n  dest: new ecrdeploy.DockerImageName(`${cdk.Aws.ACCOUNT_ID}.dkr.ecr.us-west-2.amazonaws.com/my-nginx2:latest`),\n});\n\n// Copy from private docker registry to ECR.\n// The format of secret in aws secrets manager must be either:\n// - plain text in format <username>:<password>\n// - json in format {\"username\":\"<username>\",\"password\":\"<password>\"}\nnew ecrdeploy.ECRDeployment(this, 'DeployDockerImage3', {\n  src: new ecrdeploy.DockerImageName('javacs3/nginx:latest', 'username:password'),\n  // src: new ecrdeploy.DockerImageName('javacs3/nginx:latest', 'aws-secrets-manager-secret-name'),\n  // src: new ecrdeploy.DockerImageName('javacs3/nginx:latest', 'arn:aws:secretsmanager:us-west-2:000000000000:secret:id'),\n  dest: new ecrdeploy.DockerImageName(`${cdk.Aws.ACCOUNT_ID}.dkr.ecr.us-west-2.amazonaws.com/my-nginx3:latest`),\n}).addToPrincipalPolicy(new iam.PolicyStatement({\n  effect: iam.Effect.ALLOW,\n  actions: [\n    'secretsmanager:GetSecretValue',\n  ],\n  resources: ['*'],\n}));\n```\n\n## Sample: [test/example.ecr-deployment.ts](./test/example.ecr-deployment.ts)\n\n```shell\n# Run the following command to try the sample.\nNO_PREBUILT_LAMBDA=1 npx cdk deploy -a \"npx ts-node -P tsconfig.dev.json --prefer-ts-exts test/example.ecr-deployment.ts\"\n```\n\n## [API](./API.md)\n\n## Tech Details & Contribution\n\nThe core of this project relies on [containers/image](https://github.com/containers/image) which is used by [Skopeo](https://github.com/containers/skopeo).\nPlease take a look at those projects before contribution.\n\nTo support a new docker image source(like docker tarball in s3), you need to implement [image transport interface](https://github.com/containers/image/blob/master/types/types.go). You could take a look at [docker-archive](https://github.com/containers/image/blob/ccb87a8d0f45cf28846e307eb0ec2b9d38a458c2/docker/archive/transport.go) transport for a good start.\n\nTo test the `lambda` folder, `make test`.\n"
+    "markdown": "# cdk-ecr-deployment\n\n[![Release](https://github.com/cdklabs/cdk-ecr-deployment/actions/workflows/release.yml/badge.svg)](https://github.com/cdklabs/cdk-ecr-deployment/actions/workflows/release.yml)\n[![npm version](https://img.shields.io/npm/v/cdk-ecr-deployment)](https://www.npmjs.com/package/cdk-ecr-deployment)\n[![PyPI](https://img.shields.io/pypi/v/cdk-ecr-deployment)](https://pypi.org/project/cdk-ecr-deployment)\n[![npm](https://img.shields.io/npm/dw/cdk-ecr-deployment?label=npm%20downloads)](https://www.npmjs.com/package/cdk-ecr-deployment)\n[![PyPI - Downloads](https://img.shields.io/pypi/dw/cdk-ecr-deployment?label=pypi%20downloads)](https://pypi.org/project/cdk-ecr-deployment)\n\nCDK construct to synchronize single docker image between docker registries.\n\n**Only use v3 of this package**\n\n⚠️ Version 2.* is no longer supported, as the Go.1.x runtime is no longer supported in AWS Lambda.\\\n⚠️ Version 1.* is no longer supported, as CDK v1 has reached the end-of-life\nstage.\n\n## Features\n\n- Copy image from ECR/external registry to (another) ECR/external registry\n- Copy an archive tarball image from s3 to ECR/external registry\n\n## Environment variables\n\nEnable flags: `true`, `1`. e.g. `export CI=1`\n\n- `CI` indicate if it's CI environment. This flag will enable building lambda from scratch.\n- `NO_PREBUILT_LAMBDA` disable using prebuilt lambda.\n- `FORCE_PREBUILT_LAMBDA` force using prebuilt lambda.\n\n⚠️ If you want to force using prebuilt lambda in CI environment to reduce build time. Try `export FORCE_PREBUILT_LAMBDA=1`.\n\n## Examples\n\n```ts\nimport { DockerImageAsset } from 'aws-cdk-lib/aws-ecr-assets';\n\nconst image = new DockerImageAsset(this, 'CDKDockerImage', {\n  directory: path.join(__dirname, 'docker'),\n});\n\n// Copy from cdk docker image asset to another ECR.\nnew ecrdeploy.ECRDeployment(this, 'DeployDockerImage1', {\n  src: new ecrdeploy.DockerImageName(image.imageUri),\n  dest: new ecrdeploy.DockerImageName(`${cdk.Aws.ACCOUNT_ID}.dkr.ecr.us-west-2.amazonaws.com/my-nginx:latest`),\n});\n\n// Copy from docker registry to ECR.\nnew ecrdeploy.ECRDeployment(this, 'DeployDockerImage2', {\n  src: new ecrdeploy.DockerImageName('nginx:latest'),\n  dest: new ecrdeploy.DockerImageName(`${cdk.Aws.ACCOUNT_ID}.dkr.ecr.us-west-2.amazonaws.com/my-nginx2:latest`),\n});\n\n// Copy from private docker registry to ECR.\n// The format of secret in aws secrets manager must be either:\n// - plain text in format <username>:<password>\n// - json in format {\"username\":\"<username>\",\"password\":\"<password>\"}\nnew ecrdeploy.ECRDeployment(this, 'DeployDockerImage3', {\n  src: new ecrdeploy.DockerImageName('javacs3/nginx:latest', 'username:password'),\n  // src: new ecrdeploy.DockerImageName('javacs3/nginx:latest', 'aws-secrets-manager-secret-name'),\n  // src: new ecrdeploy.DockerImageName('javacs3/nginx:latest', 'arn:aws:secretsmanager:us-west-2:000000000000:secret:id'),\n  dest: new ecrdeploy.DockerImageName(`${cdk.Aws.ACCOUNT_ID}.dkr.ecr.us-west-2.amazonaws.com/my-nginx3:latest`),\n}).addToPrincipalPolicy(new iam.PolicyStatement({\n  effect: iam.Effect.ALLOW,\n  actions: [\n    'secretsmanager:GetSecretValue',\n  ],\n  resources: ['*'],\n}));\n```\n\n## Sample: [test/example.ecr-deployment.ts](./test/example.ecr-deployment.ts)\n\nAfter cloning the repository, install dependencies and run a full build:\n\n```console\nyarn --frozen-lockfile --check-files\nyarn build\n```\n\nThen run the example like this:\n\n```shell\n# Run the following command to try the sample.\nNO_PREBUILT_LAMBDA=1 npx cdk deploy -a \"npx ts-node -P tsconfig.dev.json --prefer-ts-exts test/example.ecr-deployment.ts\"\n```\n\nTo run the DockerHub example you will first need to setup a Secret in AWS Secrets Manager to provide DockerHub credentials.\nReplace `username:access-token` with your credentials.\n**Please note that Secrets will occur a cost.**\n\n```console\naws secretsmanager create-secret --name DockerHubCredentials --secret-string \"username:access-token\"\n```\n\nFrom the output, copy the ARN of your new secret and export it as env variable\n\n```console\nexport DOCKERHUB_SECRET_ARN=\"<ARN>\"\n```\n\nFinally run:\n\n```shell\n# Run the following command to try the sample.\nNO_PREBUILT_LAMBDA=1 npx cdk deploy -a \"npx ts-node -P tsconfig.dev.json --prefer-ts-exts test/dockerhub-example.ecr-deployment.ts\"\n```\n\nIf your Secret is encrypted, you might have to adjust the example to also grant decrypt permissions.\n\n## [API](./API.md)\n\n## Tech Details & Contribution\n\nThe core of this project relies on [containers/image](https://github.com/containers/image) which is used by [Skopeo](https://github.com/containers/skopeo).\nPlease take a look at those projects before contribution.\n\nTo support a new docker image source(like docker tarball in s3), you need to implement [image transport interface](https://github.com/containers/image/blob/master/types/types.go). You could take a look at [docker-archive](https://github.com/containers/image/blob/ccb87a8d0f45cf28846e307eb0ec2b9d38a458c2/docker/archive/transport.go) transport for a good start.\n\nTo test the `lambda` folder, `make test`.\n"
   },
   "repository": {
     "type": "git",
@@ -3515,10 +3515,13 @@
         },
         "locationInModule": {
           "filename": "src/index.ts",
-          "line": 152
+          "line": 159
         },
         "parameters": [
           {
+            "docs": {
+              "summary": "- The name of the image, e.g. retrieved from `DockerImageAsset.imageUri`."
+            },
             "name": "name",
             "type": {
               "primitive": "string"
@@ -3526,8 +3529,8 @@
           },
           {
             "docs": {
-              "remarks": "Format `user:password` or `AWS Secrets Manager secret arn` or `AWS Secrets Manager secret name`.\n\nIf specifying an AWS Secrets Manager secret, the format of the secret should be either plain text (`user:password`) or\nJSON (`{\"username\":\"<username>\",\"password\":\"<password>\"}`).\n\nFor more details on JSON format, see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/private-auth.html",
-              "summary": "The credentials of the docker image."
+              "remarks": "Format `user:password` or `AWS Secrets Manager secret arn` or `AWS Secrets Manager secret name`.\nIf specifying an AWS Secrets Manager secret, the format of the secret should be either plain text (`user:password`) or\nJSON (`{\"username\":\"<username>\",\"password\":\"<password>\"}`).\nFor more details on JSON format, see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/private-auth.html",
+              "summary": "- The credentials of the docker image."
             },
             "name": "creds",
             "optional": true,
@@ -3556,7 +3559,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/index.ts",
-            "line": 153
+            "line": 160
           },
           "name": "uri",
           "overrides": "cdk-ecr-deployment.IImageName",
@@ -3566,13 +3569,13 @@
         },
         {
           "docs": {
-            "remarks": "Format `user:password` or `AWS Secrets Manager secret arn` or `AWS Secrets Manager secret name`.\n\nIf specifying an AWS Secrets Manager secret, the format of the secret should be either plain text (`user:password`) or\nJSON (`{\"username\":\"<username>\",\"password\":\"<password>\"}`).\n\nFor more details on JSON format, see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/private-auth.html",
+            "remarks": "Format `user:password` or `AWS Secrets Manager secret arn` or `AWS Secrets Manager secret name`.\nIf specifying an AWS Secrets Manager secret, the format of the secret should be either plain text (`user:password`) or\nJSON (`{\"username\":\"<username>\",\"password\":\"<password>\"}`).\nFor more details on JSON format, see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/private-auth.html",
             "stability": "stable",
-            "summary": "The credentials of the docker image."
+            "summary": "- The credentials of the docker image."
           },
           "locationInModule": {
             "filename": "src/index.ts",
-            "line": 152
+            "line": 159
           },
           "name": "creds",
           "optional": true,
@@ -3597,7 +3600,7 @@
         },
         "locationInModule": {
           "filename": "src/index.ts",
-          "line": 170
+          "line": 186
         },
         "parameters": [
           {
@@ -3623,7 +3626,7 @@
       "kind": "class",
       "locationInModule": {
         "filename": "src/index.ts",
-        "line": 167
+        "line": 183
       },
       "methods": [
         {
@@ -3632,7 +3635,7 @@
           },
           "locationInModule": {
             "filename": "src/index.ts",
-            "line": 239
+            "line": 255
           },
           "name": "addToPrincipalPolicy",
           "parameters": [
@@ -3963,16 +3966,22 @@
         },
         "locationInModule": {
           "filename": "src/index.ts",
-          "line": 158
+          "line": 174
         },
         "parameters": [
           {
+            "docs": {
+              "summary": "- the S3 bucket name and path of the archive (a S3 URI without the s3://)."
+            },
             "name": "p",
             "type": {
               "primitive": "string"
             }
           },
           {
+            "docs": {
+              "summary": "- appended to the end of the name with a `:`, e.g. `:latest`."
+            },
             "name": "ref",
             "optional": true,
             "type": {
@@ -3981,8 +3990,8 @@
           },
           {
             "docs": {
-              "remarks": "Format `user:password` or `AWS Secrets Manager secret arn` or `AWS Secrets Manager secret name`.\n\nIf specifying an AWS Secrets Manager secret, the format of the secret should be either plain text (`user:password`) or\nJSON (`{\"username\":\"<username>\",\"password\":\"<password>\"}`).\n\nFor more details on JSON format, see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/private-auth.html",
-              "summary": "The credentials of the docker image."
+              "remarks": "Format `user:password` or `AWS Secrets Manager secret arn` or `AWS Secrets Manager secret name`.\nIf specifying an AWS Secrets Manager secret, the format of the secret should be either plain text (`user:password`) or\nJSON (`{\"username\":\"<username>\",\"password\":\"<password>\"}`).\nFor more details on JSON format, see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/private-auth.html",
+              "summary": "- The credentials of the docker image."
             },
             "name": "creds",
             "optional": true,
@@ -3998,7 +4007,7 @@
       "kind": "class",
       "locationInModule": {
         "filename": "src/index.ts",
-        "line": 156
+        "line": 163
       },
       "name": "S3ArchiveName",
       "properties": [
@@ -4011,7 +4020,7 @@
           "immutable": true,
           "locationInModule": {
             "filename": "src/index.ts",
-            "line": 164
+            "line": 180
           },
           "name": "uri",
           "overrides": "cdk-ecr-deployment.IImageName",
@@ -4021,13 +4030,13 @@
         },
         {
           "docs": {
-            "remarks": "Format `user:password` or `AWS Secrets Manager secret arn` or `AWS Secrets Manager secret name`.\n\nIf specifying an AWS Secrets Manager secret, the format of the secret should be either plain text (`user:password`) or\nJSON (`{\"username\":\"<username>\",\"password\":\"<password>\"}`).\n\nFor more details on JSON format, see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/private-auth.html",
+            "remarks": "Format `user:password` or `AWS Secrets Manager secret arn` or `AWS Secrets Manager secret name`.\nIf specifying an AWS Secrets Manager secret, the format of the secret should be either plain text (`user:password`) or\nJSON (`{\"username\":\"<username>\",\"password\":\"<password>\"}`).\nFor more details on JSON format, see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/private-auth.html",
             "stability": "stable",
-            "summary": "The credentials of the docker image."
+            "summary": "- The credentials of the docker image."
           },
           "locationInModule": {
             "filename": "src/index.ts",
-            "line": 158
+            "line": 174
           },
           "name": "creds",
           "optional": true,
@@ -4040,6 +4049,6 @@
       "symbolId": "src/index:S3ArchiveName"
     }
   },
-  "version": "3.2.0",
-  "fingerprint": "sP/9bDEdGaiX/bqf/ZZ1m6x1Rs6kyOAOQtIcleJ5uvo="
+  "version": "3.2.2",
+  "fingerprint": "QOhoeQIxu0qsn9rbZoulqw9Cpt/J49fk6y86SJ5dm+8="
 }

package/API.md

@@ -331,8 +331,8 @@ new DockerImageName(name: string, creds?: string)
 
 | **Name** | **Type** | **Description** |
 | --- | --- | --- |
-| <code><a href="#cdk-ecr-deployment.DockerImageName.Initializer.parameter.name">name</a></code> | <code>string</code> | *No description.* |
-| <code><a href="#cdk-ecr-deployment.DockerImageName.Initializer.parameter.creds">creds</a></code> | <code>string</code> | The credentials of the docker image. |
+| <code><a href="#cdk-ecr-deployment.DockerImageName.Initializer.parameter.name">name</a></code> | <code>string</code> | - The name of the image, e.g. retrieved from `DockerImageAsset.imageUri`. |
+| <code><a href="#cdk-ecr-deployment.DockerImageName.Initializer.parameter.creds">creds</a></code> | <code>string</code> | - The credentials of the docker image. |
 
 ---
 
@@ -340,6 +340,8 @@ new DockerImageName(name: string, creds?: string)
 
 - *Type:* string
 
+The name of the image, e.g. retrieved from `DockerImageAsset.imageUri`.
+
 ---
 
 ##### `creds`<sup>Optional</sup> <a name="creds" id="cdk-ecr-deployment.DockerImageName.Initializer.parameter.creds"></a>
@@ -349,10 +351,8 @@ new DockerImageName(name: string, creds?: string)
 The credentials of the docker image.
 
 Format `user:password` or `AWS Secrets Manager secret arn` or `AWS Secrets Manager secret name`.
-
 If specifying an AWS Secrets Manager secret, the format of the secret should be either plain text (`user:password`) or
 JSON (`{"username":"<username>","password":"<password>"}`).
-
 For more details on JSON format, see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/private-auth.html
 
 ---
@@ -364,7 +364,7 @@ For more details on JSON format, see https://docs.aws.amazon.com/AmazonECS/lates
 | **Name** | **Type** | **Description** |
 | --- | --- | --- |
 | <code><a href="#cdk-ecr-deployment.DockerImageName.property.uri">uri</a></code> | <code>string</code> | The uri of the docker image. |
-| <code><a href="#cdk-ecr-deployment.DockerImageName.property.creds">creds</a></code> | <code>string</code> | The credentials of the docker image. |
+| <code><a href="#cdk-ecr-deployment.DockerImageName.property.creds">creds</a></code> | <code>string</code> | - The credentials of the docker image. |
 
 ---
 
@@ -393,10 +393,8 @@ public readonly creds: string;
 The credentials of the docker image.
 
 Format `user:password` or `AWS Secrets Manager secret arn` or `AWS Secrets Manager secret name`.
-
 If specifying an AWS Secrets Manager secret, the format of the secret should be either plain text (`user:password`) or
 JSON (`{"username":"<username>","password":"<password>"}`).
-
 For more details on JSON format, see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/private-auth.html
 
 ---
@@ -416,9 +414,9 @@ new S3ArchiveName(p: string, ref?: string, creds?: string)
 
 | **Name** | **Type** | **Description** |
 | --- | --- | --- |
-| <code><a href="#cdk-ecr-deployment.S3ArchiveName.Initializer.parameter.p">p</a></code> | <code>string</code> | *No description.* |
-| <code><a href="#cdk-ecr-deployment.S3ArchiveName.Initializer.parameter.ref">ref</a></code> | <code>string</code> | *No description.* |
-| <code><a href="#cdk-ecr-deployment.S3ArchiveName.Initializer.parameter.creds">creds</a></code> | <code>string</code> | The credentials of the docker image. |
+| <code><a href="#cdk-ecr-deployment.S3ArchiveName.Initializer.parameter.p">p</a></code> | <code>string</code> | - the S3 bucket name and path of the archive (a S3 URI without the s3://). |
+| <code><a href="#cdk-ecr-deployment.S3ArchiveName.Initializer.parameter.ref">ref</a></code> | <code>string</code> | - appended to the end of the name with a `:`, e.g. `:latest`. |
+| <code><a href="#cdk-ecr-deployment.S3ArchiveName.Initializer.parameter.creds">creds</a></code> | <code>string</code> | - The credentials of the docker image. |
 
 ---
 
@@ -426,12 +424,16 @@ new S3ArchiveName(p: string, ref?: string, creds?: string)
 
 - *Type:* string
 
+the S3 bucket name and path of the archive (a S3 URI without the s3://).
+
 ---
 
 ##### `ref`<sup>Optional</sup> <a name="ref" id="cdk-ecr-deployment.S3ArchiveName.Initializer.parameter.ref"></a>
 
 - *Type:* string
 
+appended to the end of the name with a `:`, e.g. `:latest`.
+
 ---
 
 ##### `creds`<sup>Optional</sup> <a name="creds" id="cdk-ecr-deployment.S3ArchiveName.Initializer.parameter.creds"></a>
@@ -441,10 +443,8 @@ new S3ArchiveName(p: string, ref?: string, creds?: string)
 The credentials of the docker image.
 
 Format `user:password` or `AWS Secrets Manager secret arn` or `AWS Secrets Manager secret name`.
-
 If specifying an AWS Secrets Manager secret, the format of the secret should be either plain text (`user:password`) or
 JSON (`{"username":"<username>","password":"<password>"}`).
-
 For more details on JSON format, see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/private-auth.html
 
 ---
@@ -456,7 +456,7 @@ For more details on JSON format, see https://docs.aws.amazon.com/AmazonECS/lates
 | **Name** | **Type** | **Description** |
 | --- | --- | --- |
 | <code><a href="#cdk-ecr-deployment.S3ArchiveName.property.uri">uri</a></code> | <code>string</code> | The uri of the docker image. |
-| <code><a href="#cdk-ecr-deployment.S3ArchiveName.property.creds">creds</a></code> | <code>string</code> | The credentials of the docker image. |
+| <code><a href="#cdk-ecr-deployment.S3ArchiveName.property.creds">creds</a></code> | <code>string</code> | - The credentials of the docker image. |
 
 ---
 
@@ -485,10 +485,8 @@ public readonly creds: string;
 The credentials of the docker image.
 
 Format `user:password` or `AWS Secrets Manager secret arn` or `AWS Secrets Manager secret name`.
-
 If specifying an AWS Secrets Manager secret, the format of the secret should be either plain text (`user:password`) or
 JSON (`{"username":"<username>","password":"<password>"}`).
-
 For more details on JSON format, see https://docs.aws.amazon.com/AmazonECS/latest/developerguide/private-auth.html
 
 ---

package/README.md

@@ -70,11 +70,43 @@ new ecrdeploy.ECRDeployment(this, 'DeployDockerImage3', {
 
 ## Sample: [test/example.ecr-deployment.ts](./test/example.ecr-deployment.ts)
 
+After cloning the repository, install dependencies and run a full build:
+
+```console
+yarn --frozen-lockfile --check-files
+yarn build
+```
+
+Then run the example like this:
+
 ```shell
 # Run the following command to try the sample.
 NO_PREBUILT_LAMBDA=1 npx cdk deploy -a "npx ts-node -P tsconfig.dev.json --prefer-ts-exts test/example.ecr-deployment.ts"
 ```
 
+To run the DockerHub example you will first need to setup a Secret in AWS Secrets Manager to provide DockerHub credentials.
+Replace `username:access-token` with your credentials.
+**Please note that Secrets will occur a cost.**
+
+```console
+aws secretsmanager create-secret --name DockerHubCredentials --secret-string "username:access-token"
+```
+
+From the output, copy the ARN of your new secret and export it as env variable
+
+```console
+export DOCKERHUB_SECRET_ARN="<ARN>"
+```
+
+Finally run:
+
+```shell
+# Run the following command to try the sample.
+NO_PREBUILT_LAMBDA=1 npx cdk deploy -a "npx ts-node -P tsconfig.dev.json --prefer-ts-exts test/dockerhub-example.ecr-deployment.ts"
+```
+
+If your Secret is encrypted, you might have to adjust the example to also grant decrypt permissions.
+
 ## [API](./API.md)
 
 ## Tech Details & Contribution

package/lambda/go.mod

@@ -1,19 +1,136 @@
 module cdk-ecr-deployment-handler
 
-go 1.15
+go 1.24.1
 
 require (
-	github.com/aws/aws-lambda-go v1.29.0
-	github.com/aws/aws-sdk-go-v2 v1.21.0
-	github.com/aws/aws-sdk-go-v2/config v1.18.37
-	github.com/aws/aws-sdk-go-v2/service/ecr v1.17.3
-	github.com/aws/aws-sdk-go-v2/service/s3 v1.35.0
-	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.19.10
-	github.com/containers/image/v5 v5.29.3
-	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da
+	github.com/aws/aws-lambda-go v1.47.0
+	github.com/aws/aws-sdk-go-v2 v1.36.3
+	github.com/aws/aws-sdk-go-v2/config v1.29.9
+	github.com/aws/aws-sdk-go-v2/service/ecr v1.43.0
+	github.com/aws/aws-sdk-go-v2/service/s3 v1.78.2
+	github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.35.2
+	github.com/containers/image/v5 v5.34.2
+	github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8
 	github.com/opencontainers/go-digest v1.0.0
 	github.com/pkg/errors v0.9.1
 	github.com/sirupsen/logrus v1.9.3
-	github.com/stretchr/testify v1.8.4
-	github.com/tchap/go-patricia v2.3.0+incompatible // indirect
+	github.com/stretchr/testify v1.10.0
+)
+
+require (
+	dario.cat/mergo v1.0.1 // indirect
+	github.com/BurntSushi/toml v1.4.0 // indirect
+	github.com/Microsoft/go-winio v0.6.2 // indirect
+	github.com/Microsoft/hcsshim v0.12.9 // indirect
+	github.com/VividCortex/ewma v1.2.0 // indirect
+	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect
+	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
+	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.10 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.62 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.34 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.34 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.34 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.7.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.15 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.25.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.29.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.33.17 // indirect
+	github.com/aws/smithy-go v1.22.2 // indirect
+	github.com/containerd/cgroups/v3 v3.0.3 // indirect
+	github.com/containerd/errdefs v0.3.0 // indirect
+	github.com/containerd/errdefs/pkg v0.3.0 // indirect
+	github.com/containerd/stargz-snapshotter/estargz v0.16.3 // indirect
+	github.com/containerd/typeurl/v2 v2.2.3 // indirect
+	github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 // indirect
+	github.com/containers/ocicrypt v1.2.1 // indirect
+	github.com/containers/storage v1.57.2 // indirect
+	github.com/cyberphone/json-canonicalization v0.0.0-20231217050601-ba74d44ecf5f // indirect
+	github.com/cyphar/filepath-securejoin v0.3.6 // indirect
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+	github.com/distribution/reference v0.6.0 // indirect
+	github.com/docker/distribution v2.8.3+incompatible // indirect
+	github.com/docker/docker v27.5.1+incompatible // indirect
+	github.com/docker/docker-credential-helpers v0.8.2 // indirect
+	github.com/docker/go-connections v0.5.0 // indirect
+	github.com/docker/go-units v0.5.0 // indirect
+	github.com/felixge/httpsnoop v1.0.4 // indirect
+	github.com/go-jose/go-jose/v4 v4.0.5 // indirect
+	github.com/go-logr/logr v1.4.2 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/go-openapi/analysis v0.23.0 // indirect
+	github.com/go-openapi/errors v0.22.0 // indirect
+	github.com/go-openapi/jsonpointer v0.21.0 // indirect
+	github.com/go-openapi/jsonreference v0.21.0 // indirect
+	github.com/go-openapi/loads v0.22.0 // indirect
+	github.com/go-openapi/runtime v0.28.0 // indirect
+	github.com/go-openapi/spec v0.21.0 // indirect
+	github.com/go-openapi/strfmt v0.23.0 // indirect
+	github.com/go-openapi/swag v0.23.0 // indirect
+	github.com/go-openapi/validate v0.24.0 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/google/go-containerregistry v0.20.2 // indirect
+	github.com/google/go-intervals v0.0.2 // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/gorilla/mux v1.8.1 // indirect
+	github.com/hashicorp/errwrap v1.1.0 // indirect
+	github.com/hashicorp/go-multierror v1.1.1 // indirect
+	github.com/josharian/intern v1.0.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/klauspost/compress v1.17.11 // indirect
+	github.com/klauspost/pgzip v1.2.6 // indirect
+	github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec // indirect
+	github.com/mailru/easyjson v0.7.7 // indirect
+	github.com/mattn/go-runewidth v0.0.16 // indirect
+	github.com/mattn/go-sqlite3 v1.14.24 // indirect
+	github.com/miekg/pkcs11 v1.1.1 // indirect
+	github.com/mistifyio/go-zfs/v3 v3.0.1 // indirect
+	github.com/mitchellh/mapstructure v1.5.0 // indirect
+	github.com/moby/docker-image-spec v1.3.1 // indirect
+	github.com/moby/sys/capability v0.4.0 // indirect
+	github.com/moby/sys/mountinfo v0.7.2 // indirect
+	github.com/moby/sys/user v0.3.0 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/oklog/ulid v1.3.1 // indirect
+	github.com/opencontainers/image-spec v1.1.0 // indirect
+	github.com/opencontainers/runtime-spec v1.2.0 // indirect
+	github.com/opencontainers/selinux v1.11.1 // indirect
+	github.com/ostreedev/ostree-go v0.0.0-20210805093236-719684c64e4f // indirect
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
+	github.com/proglottis/gpgme v0.1.4 // indirect
+	github.com/rivo/uniseg v0.4.7 // indirect
+	github.com/secure-systems-lab/go-securesystemslib v0.9.0 // indirect
+	github.com/sigstore/fulcio v1.6.4 // indirect
+	github.com/sigstore/rekor v1.3.8 // indirect
+	github.com/sigstore/sigstore v1.8.12 // indirect
+	github.com/smallstep/pkcs7 v0.1.1 // indirect
+	github.com/stefanberger/go-pkcs11uri v0.0.0-20230803200340-78284954bff6 // indirect
+	github.com/sylabs/sif/v2 v2.20.2 // indirect
+	github.com/tchap/go-patricia/v2 v2.3.2 // indirect
+	github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
+	github.com/ulikunitz/xz v0.5.12 // indirect
+	github.com/vbatts/tar-split v0.11.7 // indirect
+	github.com/vbauerster/mpb/v8 v8.9.1 // indirect
+	go.mongodb.org/mongo-driver v1.14.0 // indirect
+	go.opencensus.io v0.24.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 // indirect
+	go.opentelemetry.io/otel v1.31.0 // indirect
+	go.opentelemetry.io/otel/metric v1.31.0 // indirect
+	go.opentelemetry.io/otel/trace v1.31.0 // indirect
+	golang.org/x/crypto v0.35.0 // indirect
+	golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67 // indirect
+	golang.org/x/net v0.36.0 // indirect
+	golang.org/x/sync v0.11.0 // indirect
+	golang.org/x/sys v0.30.0 // indirect
+	golang.org/x/term v0.29.0 // indirect
+	golang.org/x/text v0.22.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20250102185135-69823020774d // indirect
+	google.golang.org/grpc v1.69.4 // indirect
+	google.golang.org/protobuf v1.36.2 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
 )