sst 2.40.1 → 2.40.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (64) hide show
  1. package/cdk/deploy-stack.js +2 -0
  2. package/cli/commands/bind.js +1 -1
  3. package/cli/commands/secrets/list.js +1 -1
  4. package/constructs/Api.d.ts +4 -4
  5. package/constructs/Api.js +1 -1
  6. package/constructs/ApiGatewayV1Api.d.ts +4 -4
  7. package/constructs/ApiGatewayV1Api.js +1 -1
  8. package/constructs/App.d.ts +2 -1
  9. package/constructs/App.js +7 -11
  10. package/constructs/AppSyncApi.d.ts +4 -4
  11. package/constructs/AppSyncApi.js +1 -1
  12. package/constructs/Auth.d.ts +2 -2
  13. package/constructs/Auth.js +3 -3
  14. package/constructs/Bucket.d.ts +5 -5
  15. package/constructs/Bucket.js +1 -1
  16. package/constructs/Cognito.d.ts +4 -3
  17. package/constructs/Cognito.js +1 -1
  18. package/constructs/Construct.d.ts +2 -2
  19. package/constructs/Cron.d.ts +3 -2
  20. package/constructs/Cron.js +1 -1
  21. package/constructs/EdgeFunction.d.ts +2 -2
  22. package/constructs/EdgeFunction.js +6 -9
  23. package/constructs/EventBus.d.ts +4 -4
  24. package/constructs/EventBus.js +1 -1
  25. package/constructs/Function.d.ts +42 -6
  26. package/constructs/Function.js +19 -14
  27. package/constructs/Job.d.ts +43 -4
  28. package/constructs/Job.js +11 -14
  29. package/constructs/KinesisStream.d.ts +4 -4
  30. package/constructs/KinesisStream.js +1 -1
  31. package/constructs/Parameter.d.ts +2 -2
  32. package/constructs/Parameter.js +1 -1
  33. package/constructs/Queue.d.ts +3 -3
  34. package/constructs/Queue.js +1 -1
  35. package/constructs/RDS.d.ts +2 -2
  36. package/constructs/RDS.js +1 -1
  37. package/constructs/Script.d.ts +3 -2
  38. package/constructs/Script.js +2 -2
  39. package/constructs/Secret.d.ts +2 -2
  40. package/constructs/Secret.js +2 -2
  41. package/constructs/Service.d.ts +43 -4
  42. package/constructs/Service.js +31 -15
  43. package/constructs/SsrFunction.d.ts +3 -2
  44. package/constructs/SsrFunction.js +7 -13
  45. package/constructs/SsrSite.d.ts +3 -3
  46. package/constructs/SsrSite.js +2 -2
  47. package/constructs/Stack.d.ts +2 -2
  48. package/constructs/StaticSite.d.ts +2 -2
  49. package/constructs/StaticSite.js +2 -2
  50. package/constructs/Table.d.ts +4 -4
  51. package/constructs/Table.js +1 -1
  52. package/constructs/Topic.d.ts +4 -4
  53. package/constructs/Topic.js +1 -1
  54. package/constructs/WebSocketApi.d.ts +4 -4
  55. package/constructs/WebSocketApi.js +1 -1
  56. package/constructs/deprecated/NextjsSite.d.ts +2 -2
  57. package/constructs/deprecated/NextjsSite.js +2 -2
  58. package/constructs/future/Auth.d.ts +2 -2
  59. package/constructs/future/Auth.js +2 -2
  60. package/constructs/util/{functionBinding.d.ts → binding.d.ts} +14 -6
  61. package/constructs/util/{functionBinding.js → binding.js} +28 -14
  62. package/package.json +2 -2
  63. package/runtime/handlers/container.js +42 -0
  64. package/runtime/handlers/rust.js +3 -2
@@ -6,9 +6,10 @@ import zlib from "zlib";
6
6
  import { Stack } from "./Stack.js";
7
7
  import { Job } from "./Job.js";
8
8
  import { Secret } from "./Config.js";
9
+ import { isSSTConstruct } from "./Construct.js";
9
10
  import { toCdkSize } from "./util/size.js";
10
11
  import { toCdkDuration } from "./util/duration.js";
11
- import { bindEnvironment, bindPermissions, getReferencedSecrets, } from "./util/functionBinding.js";
12
+ import { getBindingEnvironments, getBindingPermissions, getBindingReferencedSecrets, } from "./util/binding.js";
12
13
  import { attachPermissionsToRole } from "./util/permission.js";
13
14
  import * as functionUrlCors from "./util/functionUrlCors.js";
14
15
  import url from "url";
@@ -251,6 +252,15 @@ export class Function extends CDKFunction {
251
252
  ...(props.container?.buildArgs
252
253
  ? { buildArgs: props.container.buildArgs }
253
254
  : {}),
255
+ ...(props.container?.buildSsh
256
+ ? { buildSsh: props.container.buildSsh }
257
+ : {}),
258
+ ...(props.container?.cacheFrom
259
+ ? { cacheFrom: props.container.cacheFrom }
260
+ : {}),
261
+ ...(props.container?.cacheTo
262
+ ? { cacheTo: props.container.cacheTo }
263
+ : {}),
254
264
  exclude: [".sst/dist", ".sst/artifacts"],
255
265
  ignoreMode: IgnoreMode.GLOB,
256
266
  });
@@ -341,20 +351,14 @@ export class Function extends CDKFunction {
341
351
  bind(constructs) {
342
352
  // Get referenced secrets
343
353
  const referencedSecrets = [];
344
- constructs.forEach((c) => referencedSecrets.push(...getReferencedSecrets(c)));
345
- [...constructs, ...referencedSecrets].forEach((c) => {
354
+ constructs.forEach((r) => referencedSecrets.push(...getBindingReferencedSecrets(r)));
355
+ [...constructs, ...referencedSecrets].forEach((r) => {
346
356
  // Bind environment
347
- const env = bindEnvironment(c);
357
+ const env = getBindingEnvironments(r);
348
358
  Object.entries(env).forEach(([key, value]) => this.addEnvironment(key, value));
349
359
  // Bind permissions
350
- const permissions = bindPermissions(c);
351
- Object.entries(permissions).forEach(([action, resources]) => this.attachPermissions([
352
- new PolicyStatement({
353
- actions: [action],
354
- effect: Effect.ALLOW,
355
- resources,
356
- }),
357
- ]));
360
+ const policyStatements = getBindingPermissions(r);
361
+ this.attachPermissions(policyStatements);
358
362
  });
359
363
  this.allBindings.push(...constructs, ...referencedSecrets);
360
364
  }
@@ -389,14 +393,15 @@ export class Function extends CDKFunction {
389
393
  missingSourcemap: this.missingSourcemap === true ? true : undefined,
390
394
  localId: this.node.addr,
391
395
  secrets: this.allBindings
392
- .filter((c) => c instanceof Secret)
396
+ .map((r) => (isSSTConstruct(r) ? r : r.resource))
397
+ .filter((r) => r instanceof Secret)
393
398
  .map((c) => c.name),
394
399
  prefetchSecrets: this.props.prefetchSecrets,
395
400
  },
396
401
  };
397
402
  }
398
403
  /** @internal */
399
- getFunctionBinding() {
404
+ getBindings() {
400
405
  return {
401
406
  clientPackage: "function",
402
407
  variables: {
@@ -1,4 +1,5 @@
1
1
  import { Construct } from "constructs";
2
+ import { DockerCacheOption } from "aws-cdk-lib/core";
2
3
  import { Function as CdkFunction } from "aws-cdk-lib/aws-lambda";
3
4
  import { Project } from "aws-cdk-lib/aws-codebuild";
4
5
  import { RetentionDays } from "aws-cdk-lib/aws-logs";
@@ -6,11 +7,13 @@ import { SSTConstruct } from "./Construct.js";
6
7
  import { NodeJSProps, FunctionCopyFilesProps } from "./Function.js";
7
8
  import { Duration } from "./util/duration.js";
8
9
  import { Permissions } from "./util/permission.js";
9
- import { FunctionBindingProps } from "./util/functionBinding.js";
10
+ import { BindingResource, BindingProps } from "./util/binding.js";
10
11
  import { ISecurityGroup, IVpc, SubnetSelection } from "aws-cdk-lib/aws-ec2";
11
12
  export type JobMemorySize = "3 GB" | "7 GB" | "15 GB" | "145 GB";
12
13
  export interface JobNodeJSProps extends NodeJSProps {
13
14
  }
15
+ export interface JobContainerCacheProps extends DockerCacheOption {
16
+ }
14
17
  export interface JobContainerProps {
15
18
  /**
16
19
  * Specify or override the CMD on the Docker image.
@@ -45,6 +48,42 @@ export interface JobContainerProps {
45
48
  * ```
46
49
  */
47
50
  buildArgs?: Record<string, string>;
51
+ /**
52
+ * SSH agent socket or keys to pass to the docker build command.
53
+ * Docker BuildKit must be enabled to use the ssh flag
54
+ * @default No --ssh flag is passed to the build command
55
+ * @example
56
+ * ```js
57
+ * container: {
58
+ * buildSsh: "default"
59
+ * }
60
+ * ```
61
+ */
62
+ buildSsh?: string;
63
+ /**
64
+ * Cache from options to pass to the docker build command.
65
+ * [DockerCacheOption](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecr_assets.DockerCacheOption.html)[].
66
+ * @default No cache from options are passed to the build command
67
+ * @example
68
+ * ```js
69
+ * container: {
70
+ * cacheFrom: [{ type: 'registry', params: { ref: 'ghcr.io/myorg/myimage:cache' }}],
71
+ * }
72
+ * ```
73
+ */
74
+ cacheFrom?: JobContainerCacheProps[];
75
+ /**
76
+ * Cache to options to pass to the docker build command.
77
+ * [DockerCacheOption](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecr_assets.DockerCacheOption.html)[].
78
+ * @default No cache to options are passed to the build command
79
+ * @example
80
+ * ```js
81
+ * container: {
82
+ * cacheTo: { type: 'registry', params: { ref: 'ghcr.io/myorg/myimage:cache', mode: 'max', compression: 'zstd' }},
83
+ * }
84
+ * ```
85
+ */
86
+ cacheTo?: JobContainerCacheProps;
48
87
  }
49
88
  export interface JobProps {
50
89
  /**
@@ -180,7 +219,7 @@ export interface JobProps {
180
219
  * })
181
220
  * ```
182
221
  */
183
- bind?: SSTConstruct[];
222
+ bind?: BindingResource[];
184
223
  /**
185
224
  * Attaches the given list of permissions to the job. Configuring this property is equivalent to calling `attachPermissions()` after the job is created.
186
225
  *
@@ -292,7 +331,7 @@ export declare class Job extends Construct implements SSTConstruct {
292
331
  };
293
332
  };
294
333
  /** @internal */
295
- getFunctionBinding(): FunctionBindingProps;
334
+ getBindings(): BindingProps;
296
335
  /**
297
336
  * Binds additional resources to job.
298
337
  *
@@ -301,7 +340,7 @@ export declare class Job extends Construct implements SSTConstruct {
301
340
  * job.bind([STRIPE_KEY, bucket]);
302
341
  * ```
303
342
  */
304
- bind(constructs: SSTConstruct[]): void;
343
+ bind(constructs: BindingResource[]): void;
305
344
  /**
306
345
  * Attaches the given list of [permissions](Permissions.md) to the job. This allows the job to access other AWS resources.
307
346
  *
package/constructs/Job.js CHANGED
@@ -2,7 +2,7 @@ import url from "url";
2
2
  import path from "path";
3
3
  import fs from "fs/promises";
4
4
  import { Construct } from "constructs";
5
- import { Duration as CdkDuration, IgnoreMode } from "aws-cdk-lib/core";
5
+ import { Duration as CdkDuration, IgnoreMode, } from "aws-cdk-lib/core";
6
6
  import { Platform } from "aws-cdk-lib/aws-ecr-assets";
7
7
  import { PolicyStatement, Effect } from "aws-cdk-lib/aws-iam";
8
8
  import { AssetCode, Code, Runtime, Function as CdkFunction, } from "aws-cdk-lib/aws-lambda";
@@ -12,7 +12,7 @@ import { Stack } from "./Stack.js";
12
12
  import { Function, useFunctions, } from "./Function.js";
13
13
  import { toCdkDuration } from "./util/duration.js";
14
14
  import { attachPermissionsToRole } from "./util/permission.js";
15
- import { bindEnvironment, bindPermissions, getReferencedSecrets, } from "./util/functionBinding.js";
15
+ import { getBindingEnvironments, getBindingPermissions, getBindingReferencedSecrets, } from "./util/binding.js";
16
16
  import { useDeferredTasks } from "./deferred_task.js";
17
17
  import { useProject } from "../project.js";
18
18
  import { useRuntimeHandlers } from "../runtime/handlers.js";
@@ -83,7 +83,7 @@ export class Job extends Construct {
83
83
  };
84
84
  }
85
85
  /** @internal */
86
- getFunctionBinding() {
86
+ getBindings() {
87
87
  return {
88
88
  clientPackage: "job",
89
89
  variables: {
@@ -219,6 +219,9 @@ export class Job extends Construct {
219
219
  : Platform.custom("linux/amd64"),
220
220
  file: container?.file,
221
221
  buildArgs: container?.buildArgs,
222
+ buildSsh: container?.buildSsh,
223
+ cacheFrom: container?.cacheFrom,
224
+ cacheTo: container?.cacheTo,
222
225
  exclude: [".sst/dist", ".sst/artifacts"],
223
226
  ignoreMode: IgnoreMode.GLOB,
224
227
  });
@@ -351,20 +354,14 @@ export class Job extends Construct {
351
354
  bindForCodeBuild(constructs) {
352
355
  // Get referenced secrets
353
356
  const referencedSecrets = [];
354
- constructs.forEach((c) => referencedSecrets.push(...getReferencedSecrets(c)));
355
- [...constructs, ...referencedSecrets].forEach((c) => {
357
+ constructs.forEach((r) => referencedSecrets.push(...getBindingReferencedSecrets(r)));
358
+ [...constructs, ...referencedSecrets].forEach((r) => {
356
359
  // Bind environment
357
- const env = bindEnvironment(c);
360
+ const env = getBindingEnvironments(r);
358
361
  Object.entries(env).forEach(([key, value]) => this.addEnvironmentForCodeBuild(key, value));
359
362
  // Bind permissions
360
- const permissions = bindPermissions(c);
361
- Object.entries(permissions).forEach(([action, resources]) => this.attachPermissionsForCodeBuild([
362
- new PolicyStatement({
363
- actions: [action],
364
- effect: Effect.ALLOW,
365
- resources,
366
- }),
367
- ]));
363
+ const policyStatements = getBindingPermissions(r);
364
+ this.attachPermissionsForCodeBuild(policyStatements);
368
365
  });
369
366
  }
370
367
  attachPermissionsForCodeBuild(permissions) {
@@ -3,7 +3,7 @@ import * as kinesis from "aws-cdk-lib/aws-kinesis";
3
3
  import * as lambdaEventSources from "aws-cdk-lib/aws-lambda-event-sources";
4
4
  import { SSTConstruct } from "./Construct.js";
5
5
  import { Function as Fn, FunctionProps, FunctionInlineDefinition, FunctionDefinition } from "./Function.js";
6
- import { FunctionBindingProps } from "./util/functionBinding.js";
6
+ import { BindingResource, BindingProps } from "./util/binding.js";
7
7
  import { Permissions } from "./util/permission.js";
8
8
  /**
9
9
  * Used to define the function consumer for the stream
@@ -166,7 +166,7 @@ export declare class KinesisStream extends Construct implements SSTConstruct {
166
166
  * stream.bind([STRIPE_KEY, bucket]]);
167
167
  * ```
168
168
  */
169
- bind(constructs: SSTConstruct[]): void;
169
+ bind(constructs: BindingResource[]): void;
170
170
  /**
171
171
  * Binds the given list of resources to a specific consumer.
172
172
  *
@@ -175,7 +175,7 @@ export declare class KinesisStream extends Construct implements SSTConstruct {
175
175
  * stream.bindToConsumer("consumer1", [STRIPE_KEY, bucket]);
176
176
  * ```
177
177
  */
178
- bindToConsumer(consumerName: string, constructs: SSTConstruct[]): void;
178
+ bindToConsumer(consumerName: string, constructs: BindingResource[]): void;
179
179
  /**
180
180
  * Attaches the given list of permissions to all the consumers. This allows the functions to access other AWS resources.
181
181
  *
@@ -218,7 +218,7 @@ export declare class KinesisStream extends Construct implements SSTConstruct {
218
218
  };
219
219
  };
220
220
  /** @internal */
221
- getFunctionBinding(): FunctionBindingProps;
221
+ getBindings(): BindingProps;
222
222
  private createStream;
223
223
  private addConsumer;
224
224
  }
@@ -149,7 +149,7 @@ export class KinesisStream extends Construct {
149
149
  };
150
150
  }
151
151
  /** @internal */
152
- getFunctionBinding() {
152
+ getBindings() {
153
153
  return {
154
154
  clientPackage: "kinesis-stream",
155
155
  variables: {
@@ -1,6 +1,6 @@
1
1
  import { Construct } from "constructs";
2
2
  import { SSTConstruct } from "./Construct.js";
3
- import { FunctionBindingProps } from "./util/functionBinding.js";
3
+ import { BindingProps } from "./util/binding.js";
4
4
  export interface ParameterProps {
5
5
  /**
6
6
  * Value of the parameter
@@ -32,6 +32,6 @@ export declare class Parameter extends Construct implements SSTConstruct {
32
32
  };
33
33
  };
34
34
  /** @internal */
35
- getFunctionBinding(): FunctionBindingProps;
35
+ getBindings(): BindingProps;
36
36
  static create<T extends Record<string, any>>(scope: Construct, parameters: T): { [key in keyof T]: Parameter; };
37
37
  }
@@ -33,7 +33,7 @@ export class Parameter extends Construct {
33
33
  };
34
34
  }
35
35
  /** @internal */
36
- getFunctionBinding() {
36
+ getBindings() {
37
37
  return {
38
38
  clientPackage: "config",
39
39
  variables: {
@@ -4,7 +4,7 @@ import * as lambda from "aws-cdk-lib/aws-lambda";
4
4
  import * as lambdaEventSources from "aws-cdk-lib/aws-lambda-event-sources";
5
5
  import { SSTConstruct } from "./Construct.js";
6
6
  import { Function as Fn, FunctionInlineDefinition, FunctionDefinition } from "./Function.js";
7
- import { FunctionBindingProps } from "./util/functionBinding.js";
7
+ import { BindingResource, BindingProps } from "./util/binding.js";
8
8
  import { Permissions } from "./util/permission.js";
9
9
  /**
10
10
  * Used to define the consumer for the queue and invocation details
@@ -164,7 +164,7 @@ export declare class Queue extends Construct implements SSTConstruct {
164
164
  * queue.bind([STRIPE_KEY, bucket]);
165
165
  * ```
166
166
  */
167
- bind(constructs: SSTConstruct[]): void;
167
+ bind(constructs: BindingResource[]): void;
168
168
  /**
169
169
  * Attaches additional permissions to the consumer function
170
170
  *
@@ -189,6 +189,6 @@ export declare class Queue extends Construct implements SSTConstruct {
189
189
  };
190
190
  };
191
191
  /** @internal */
192
- getFunctionBinding(): FunctionBindingProps;
192
+ getBindings(): BindingProps;
193
193
  private createQueue;
194
194
  }
@@ -158,7 +158,7 @@ export class Queue extends Construct {
158
158
  };
159
159
  }
160
160
  /** @internal */
161
- getFunctionBinding() {
161
+ getBindings() {
162
162
  return {
163
163
  clientPackage: "queue",
164
164
  variables: {
@@ -4,7 +4,7 @@ import { AuroraCapacityUnit, Endpoint, IServerlessCluster, ServerlessCluster, Se
4
4
  import { ISecret } from "aws-cdk-lib/aws-secretsmanager";
5
5
  import { SSTConstruct } from "./Construct.js";
6
6
  import { Function as Fn } from "./Function.js";
7
- import { FunctionBindingProps } from "./util/functionBinding.js";
7
+ import { BindingProps } from "./util/binding.js";
8
8
  export interface RDSTypes {
9
9
  path: string;
10
10
  camelCase?: boolean;
@@ -204,7 +204,7 @@ export declare class RDS extends Construct implements SSTConstruct {
204
204
  };
205
205
  };
206
206
  /** @internal */
207
- getFunctionBinding(): FunctionBindingProps;
207
+ getBindings(): BindingProps;
208
208
  private validateRequiredProps;
209
209
  private validateCDKPropWhenIsConstruct;
210
210
  private validateCDKPropWhenIsClusterProps;
package/constructs/RDS.js CHANGED
@@ -116,7 +116,7 @@ export class RDS extends Construct {
116
116
  };
117
117
  }
118
118
  /** @internal */
119
- getFunctionBinding() {
119
+ getBindings() {
120
120
  return {
121
121
  clientPackage: "rds",
122
122
  variables: {
@@ -2,6 +2,7 @@ import { Construct } from "constructs";
2
2
  import { Function as Fn, FunctionProps, FunctionDefinition } from "./Function.js";
3
3
  import { SSTConstruct } from "./Construct.js";
4
4
  import { Permissions } from "./util/permission.js";
5
+ import { BindingResource } from "./util/binding.js";
5
6
  export interface ScriptProps {
6
7
  /**
7
8
  * An object of input parameters to be passed to the script. Made available in the `event` object of the function.
@@ -123,7 +124,7 @@ export declare class Script extends Construct implements SSTConstruct {
123
124
  * script.bind([STRIPE_KEY, bucket]);
124
125
  * ```
125
126
  */
126
- bind(constructs: SSTConstruct[]): void;
127
+ bind(constructs: BindingResource[]): void;
127
128
  /**
128
129
  * Grants additional permissions to the script
129
130
  *
@@ -156,5 +157,5 @@ export declare class Script extends Construct implements SSTConstruct {
156
157
  };
157
158
  };
158
159
  /** @internal */
159
- getFunctionBinding(): undefined;
160
+ getBindings(): undefined;
160
161
  }
@@ -6,7 +6,7 @@ import { PolicyStatement } from "aws-cdk-lib/aws-iam";
6
6
  import { Code, Runtime, Function as CdkFunction } from "aws-cdk-lib/aws-lambda";
7
7
  import { Stack } from "./Stack.js";
8
8
  import { Function as Fn, } from "./Function.js";
9
- import { getFunctionRef, } from "./Construct.js";
9
+ import { getFunctionRef } from "./Construct.js";
10
10
  const __dirname = path.dirname(url.fileURLToPath(import.meta.url));
11
11
  /////////////////////
12
12
  // Construct
@@ -175,7 +175,7 @@ export class Script extends Construct {
175
175
  };
176
176
  }
177
177
  /** @internal */
178
- getFunctionBinding() {
178
+ getBindings() {
179
179
  return undefined;
180
180
  }
181
181
  }
@@ -1,6 +1,6 @@
1
1
  import { Construct } from "constructs";
2
2
  import { SSTConstruct } from "./Construct.js";
3
- import { FunctionBindingProps } from "./util/functionBinding.js";
3
+ import { BindingProps } from "./util/binding.js";
4
4
  /**
5
5
  * The `Secret` construct is a higher level CDK construct that makes it easy to manage app secrets.
6
6
  *
@@ -25,6 +25,6 @@ export declare class Secret extends Construct implements SSTConstruct {
25
25
  };
26
26
  };
27
27
  /** @internal */
28
- getFunctionBinding(): FunctionBindingProps;
28
+ getBindings(): BindingProps;
29
29
  static create<T extends string[]>(scope: Construct, ...parameters: T): { [key in T[number]]: Secret; };
30
30
  }
@@ -1,6 +1,6 @@
1
1
  import { Construct } from "constructs";
2
2
  import { Stack } from "./Stack.js";
3
- import { getParameterPath, getParameterFallbackPath, } from "./util/functionBinding.js";
3
+ import { getParameterPath, getParameterFallbackPath, } from "./util/binding.js";
4
4
  /**
5
5
  * The `Secret` construct is a higher level CDK construct that makes it easy to manage app secrets.
6
6
  *
@@ -33,7 +33,7 @@ export class Secret extends Construct {
33
33
  };
34
34
  }
35
35
  /** @internal */
36
- getFunctionBinding() {
36
+ getBindings() {
37
37
  const app = this.node.root;
38
38
  const partition = Stack.of(this).partition;
39
39
  return {
@@ -1,9 +1,10 @@
1
1
  import { Construct } from "constructs";
2
+ import { DockerCacheOption } from "aws-cdk-lib/core";
2
3
  import { DistributionProps } from "aws-cdk-lib/aws-cloudfront";
3
4
  import { DistributionDomainProps } from "./Distribution.js";
4
5
  import { SSTConstruct } from "./Construct.js";
5
6
  import { Permissions } from "./util/permission.js";
6
- import { FunctionBindingProps } from "./util/functionBinding.js";
7
+ import { BindingProps, BindingResource } from "./util/binding.js";
7
8
  import { IVpc } from "aws-cdk-lib/aws-ec2";
8
9
  import { Cluster, ContainerDefinitionOptions, CpuArchitecture, FargateService, FargateTaskDefinition, FargateServiceProps } from "aws-cdk-lib/aws-ecs";
9
10
  import { RetentionDays } from "aws-cdk-lib/aws-logs";
@@ -21,6 +22,8 @@ export interface ServiceDomainProps extends DistributionDomainProps {
21
22
  }
22
23
  export interface ServiceCdkDistributionProps extends Omit<DistributionProps, "defaultBehavior"> {
23
24
  }
25
+ export interface ServiceContainerCacheProps extends DockerCacheOption {
26
+ }
24
27
  export interface ServiceProps {
25
28
  /**
26
29
  * Path to the directory where the app is located.
@@ -167,7 +170,7 @@ export interface ServiceProps {
167
170
  * }
168
171
  * ```
169
172
  */
170
- bind?: SSTConstruct[];
173
+ bind?: BindingResource[];
171
174
  /**
172
175
  * The customDomain for this service. SST supports domains that are hosted
173
176
  * either on [Route 53](https://aws.amazon.com/route53/) or externally.
@@ -255,6 +258,42 @@ export interface ServiceProps {
255
258
  * ```
256
259
  */
257
260
  buildArgs?: Record<string, string>;
261
+ /**
262
+ * SSH agent socket or keys to pass to the docker build command.
263
+ * Docker BuildKit must be enabled to use the ssh flag
264
+ * @default No --ssh flag is passed to the build command
265
+ * @example
266
+ * ```js
267
+ * container: {
268
+ * buildSsh: "default"
269
+ * }
270
+ * ```
271
+ */
272
+ buildSsh?: string;
273
+ /**
274
+ * Cache from options to pass to the docker build command.
275
+ * [DockerCacheOption](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecr_assets.DockerCacheOption.html)[].
276
+ * @default No cache from options are passed to the build command
277
+ * @example
278
+ * ```js
279
+ * container: {
280
+ * cacheFrom: [{ type: 'registry', params: { ref: 'ghcr.io/myorg/myimage:cache' }}],
281
+ * }
282
+ * ```
283
+ */
284
+ cacheFrom?: ServiceContainerCacheProps[];
285
+ /**
286
+ * Cache to options to pass to the docker build command.
287
+ * [DockerCacheOption](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ecr_assets.DockerCacheOption.html)[].
288
+ * @default No cache to options are passed to the build command
289
+ * @example
290
+ * ```js
291
+ * container: {
292
+ * cacheTo: { type: 'registry', params: { ref: 'ghcr.io/myorg/myimage:cache', mode: 'max', compression: 'zstd' }},
293
+ * }
294
+ * ```
295
+ */
296
+ cacheTo?: ServiceContainerCacheProps;
258
297
  };
259
298
  dev?: {
260
299
  /**
@@ -446,7 +485,7 @@ export declare class Service extends Construct implements SSTConstruct {
446
485
  };
447
486
  };
448
487
  /** @internal */
449
- getFunctionBinding(): FunctionBindingProps;
488
+ getBindings(): BindingProps;
450
489
  /**
451
490
  * Binds additional resources to service.
452
491
  *
@@ -455,7 +494,7 @@ export declare class Service extends Construct implements SSTConstruct {
455
494
  * service.bind([STRIPE_KEY, bucket]);
456
495
  * ```
457
496
  */
458
- bind(constructs: SSTConstruct[]): void;
497
+ bind(constructs: BindingResource[]): void;
459
498
  /**
460
499
  * Attaches the given list of permissions to allow the service
461
500
  * to access other AWS resources.
@@ -6,8 +6,8 @@ import { execAsync } from "../util/process.js";
6
6
  import { existsAsync } from "../util/fs.js";
7
7
  import { Colors } from "../cli/colors.js";
8
8
  import { Construct } from "constructs";
9
- import { Duration as CdkDuration, IgnoreMode } from "aws-cdk-lib/core";
10
- import { Role, Effect, PolicyStatement, AccountPrincipal, ServicePrincipal, CompositePrincipal, } from "aws-cdk-lib/aws-iam";
9
+ import { Duration as CdkDuration, IgnoreMode, } from "aws-cdk-lib/core";
10
+ import { Role, AccountPrincipal, ServicePrincipal, CompositePrincipal, } from "aws-cdk-lib/aws-iam";
11
11
  import { ViewerProtocolPolicy, AllowedMethods, CachedMethods, CachePolicy, CacheQueryStringBehavior, CacheHeaderBehavior, CacheCookieBehavior, OriginProtocolPolicy, OriginRequestPolicy, } from "aws-cdk-lib/aws-cloudfront";
12
12
  import { HttpOrigin } from "aws-cdk-lib/aws-cloudfront-origins";
13
13
  import { Stack } from "./Stack.js";
@@ -16,7 +16,7 @@ import { Function } from "./Function.js";
16
16
  import { Secret } from "./Secret.js";
17
17
  import { useDeferredTasks } from "./deferred_task.js";
18
18
  import { attachPermissionsToRole } from "./util/permission.js";
19
- import { bindEnvironment, bindPermissions, getParameterPath, getReferencedSecrets, } from "./util/functionBinding.js";
19
+ import { getParameterPath, getBindingEnvironments, getBindingPermissions, getBindingReferencedSecrets, } from "./util/binding.js";
20
20
  import { useProject } from "../project.js";
21
21
  import { Vpc } from "aws-cdk-lib/aws-ec2";
22
22
  import { AwsLogDriver, Cluster, ContainerImage, CpuArchitecture, FargateService, FargateTaskDefinition, } from "aws-cdk-lib/aws-ecs";
@@ -277,7 +277,7 @@ export class Service extends Construct {
277
277
  };
278
278
  }
279
279
  /** @internal */
280
- getFunctionBinding() {
280
+ getBindings() {
281
281
  const app = this.node.root;
282
282
  return this.distribution
283
283
  ? {
@@ -557,20 +557,14 @@ export class Service extends Construct {
557
557
  bindForService(constructs) {
558
558
  // Get referenced secrets
559
559
  const referencedSecrets = [];
560
- constructs.forEach((c) => referencedSecrets.push(...getReferencedSecrets(c)));
561
- [...constructs, ...referencedSecrets].forEach((c) => {
560
+ constructs.forEach((r) => referencedSecrets.push(...getBindingReferencedSecrets(r)));
561
+ [...constructs, ...referencedSecrets].forEach((r) => {
562
562
  // Bind environment
563
- const env = bindEnvironment(c);
563
+ const env = getBindingEnvironments(r);
564
564
  Object.entries(env).forEach(([key, value]) => this.addEnvironmentForService(key, value));
565
565
  // Bind permissions
566
- const permissions = bindPermissions(c);
567
- Object.entries(permissions).forEach(([action, resources]) => this.attachPermissionsForService([
568
- new PolicyStatement({
569
- actions: [action],
570
- effect: Effect.ALLOW,
571
- resources,
572
- }),
573
- ]));
566
+ const policyStatements = getBindingPermissions(r);
567
+ this.attachPermissionsForService(policyStatements);
574
568
  });
575
569
  }
576
570
  addEnvironmentForService(name, value) {
@@ -639,6 +633,25 @@ export class Service extends Construct {
639
633
  `--platform ${platform}`,
640
634
  `-f ${path.join(servicePath, dockerfile)}`,
641
635
  ...Object.entries(build?.buildArgs || {}).map(([k, v]) => `--build-arg ${k}=${v}`),
636
+ ...(build?.buildSsh ? [`--ssh ${build.buildSsh}`] : []),
637
+ ...(build?.cacheFrom || []).map((v) => "--cache-from=" +
638
+ [
639
+ `type=${v.type}`,
640
+ ...(v.params
641
+ ? Object.entries(v.params).map(([pk, pv]) => `${pk}=${pv}`)
642
+ : []),
643
+ ].join(",")),
644
+ ...(build?.cacheTo
645
+ ? [
646
+ "--cache-to " +
647
+ [
648
+ `type=${build?.cacheTo.type}`,
649
+ ...(build?.cacheTo?.params
650
+ ? Object.entries(build?.cacheTo?.params).map(([pk, pv]) => `${pk}=${pv}`)
651
+ : []).join(","),
652
+ ],
653
+ ]
654
+ : []),
642
655
  this.props.path,
643
656
  ].join(" "), {
644
657
  env: {
@@ -657,6 +670,9 @@ export class Service extends Construct {
657
670
  platform: architecture === "arm64" ? Platform.LINUX_ARM64 : Platform.LINUX_AMD64,
658
671
  file: dockerfile,
659
672
  buildArgs: build?.buildArgs,
673
+ buildSsh: build?.buildSsh,
674
+ cacheFrom: build?.cacheFrom,
675
+ cacheTo: build?.cacheTo,
660
676
  exclude: [".sst/dist", ".sst/artifacts"],
661
677
  ignoreMode: IgnoreMode.GLOB,
662
678
  });
@@ -4,6 +4,7 @@ import { RetentionDays } from "aws-cdk-lib/aws-logs";
4
4
  import { FunctionOptions, Function as CdkFunction, FunctionUrlOptions } from "aws-cdk-lib/aws-lambda";
5
5
  import { NodeJSProps, FunctionCopyFilesProps } from "./Function.js";
6
6
  import { SSTConstruct } from "./Construct.js";
7
+ import { BindingResource } from "./util/binding.js";
7
8
  import { Permissions } from "./util/permission.js";
8
9
  import { Size } from "./util/size.js";
9
10
  import { Duration } from "./util/duration.js";
@@ -15,7 +16,7 @@ export interface SsrFunctionProps extends Omit<FunctionOptions, "memorySize" | "
15
16
  memorySize?: number | Size;
16
17
  permissions?: Permissions;
17
18
  environment?: Record<string, string>;
18
- bind?: SSTConstruct[];
19
+ bind?: BindingResource[];
19
20
  nodejs?: NodeJSProps;
20
21
  copyFiles?: FunctionCopyFilesProps[];
21
22
  logRetention?: RetentionDays;
@@ -64,5 +65,5 @@ export declare class SsrFunction extends Construct implements SSTConstruct {
64
65
  };
65
66
  };
66
67
  /** @internal */
67
- getFunctionBinding(): undefined;
68
+ getBindings(): undefined;
68
69
  }