token-injectable-docker-builder 1.13.4 → 2.0.0

package/lib/index.d.ts

@@ -1,261 +1,2 @@
-import { Duration } from 'aws-cdk-lib';
-import { Project } from 'aws-cdk-lib/aws-codebuild';
-import { IVpc, ISecurityGroup, SubnetSelection } from 'aws-cdk-lib/aws-ec2';
-import { Repository } from 'aws-cdk-lib/aws-ecr';
-import { ContainerImage } from 'aws-cdk-lib/aws-ecs';
-import { Key } from 'aws-cdk-lib/aws-kms';
-import { DockerImageCode } from 'aws-cdk-lib/aws-lambda';
-import { ILogGroup } from 'aws-cdk-lib/aws-logs';
-import { Construct } from 'constructs';
-/**
- * Options for creating a `TokenInjectableDockerBuilderProvider`.
- */
-export interface TokenInjectableDockerBuilderProviderProps {
-    /**
-     * How often the provider polls for build completion.
-     *
-     * @default Duration.seconds(30)
-     */
-    readonly queryInterval?: Duration;
-}
-/**
- * Shared provider for `TokenInjectableDockerBuilder` instances.
- *
- * Creates the onEvent and isComplete Lambda functions once per stack.
- * Each builder instance registers its CodeBuild project ARN so the
- * shared Lambdas have permission to start builds and read logs.
- */
-export declare class TokenInjectableDockerBuilderProvider extends Construct {
-    /**
-     * Get or create the singleton provider for this stack.
-     * All `TokenInjectableDockerBuilder` instances in the same stack
-     * share a single pair of Lambda functions.
-     */
-    static getOrCreate(scope: Construct, props?: TokenInjectableDockerBuilderProviderProps): TokenInjectableDockerBuilderProvider;
-    /** The service token used by CustomResource instances. */
-    readonly serviceToken: string;
-    private readonly onEventHandlerFunction;
-    private readonly isCompleteHandlerFunction;
-    private constructor();
-    /**
-     * Grant the shared Lambdas permission to start builds for a specific
-     * CodeBuild project and pull/push to its ECR repository.
-     */
-    registerProject(project: Project, ecrRepo: Repository, encryptionKey?: Key): void;
-}
-/**
- * Properties for the `TokenInjectableDockerBuilder` construct.
- */
-export interface TokenInjectableDockerBuilderProps {
-    /**
-     * The path to the directory containing the Dockerfile or source code.
-     */
-    readonly path: string;
-    /**
-     * Build arguments to pass to the Docker build process.
-     * These are transformed into `--build-arg KEY=VALUE` flags.
-     * @example
-     * {
-     *   TOKEN: 'my-secret-token',
-     *   ENV: 'production'
-     * }
-     */
-    readonly buildArgs?: {
-        [key: string]: string;
-    };
-    /**
-     * The ARN of the AWS Secrets Manager secret containing Docker login credentials.
-     * This secret should store a JSON object with the following structure:
-     * ```json
-     * {
-     *   "username": "my-docker-username",
-     *   "password": "my-docker-password"
-     * }
-     * ```
-     * If not provided (or not needed), the construct will skip Docker Hub login.
-     *
-     * **Note**: The secret must be in the same region as the stack.
-     *
-     * @example 'arn:aws:secretsmanager:us-east-1:123456789012:secret:DockerLoginSecret'
-     */
-    readonly dockerLoginSecretArn?: string;
-    /**
-     * The VPC in which the CodeBuild project will be deployed.
-     * If provided, the CodeBuild project will be launched within the specified VPC.
-     *
-     * @default - No VPC is attached, and the CodeBuild project will use public internet.
-     */
-    readonly vpc?: IVpc;
-    /**
-     * The security groups to attach to the CodeBuild project.
-     * These define the network access rules for the CodeBuild project.
-     *
-     * @default - No security groups are attached.
-     */
-    readonly securityGroups?: ISecurityGroup[];
-    /**
-     * The subnet selection to specify which subnets to use within the VPC.
-     * Allows the user to select private, public, or isolated subnets.
-     *
-     * @default - All subnets in the VPC are used.
-     */
-    readonly subnetSelection?: SubnetSelection;
-    /**
-     * Custom commands to run during the install phase of CodeBuild.
-     *
-     * **Example**:
-     * ```ts
-     * installCommands: [
-     *   'echo "Updating package lists..."',
-     *   'apt-get update -y',
-     *   'echo "Installing required packages..."',
-     *   'apt-get install -y curl dnsutils',
-     * ],
-     * ```
-     * @default - No additional install commands.
-     */
-    readonly installCommands?: string[];
-    /**
-     * Custom commands to run during the pre_build phase of CodeBuild.
-     *
-     * **Example**:
-     * ```ts
-     * preBuildCommands: [
-     *   'echo "Fetching configuration from private API..."',
-     *   'curl -o config.json https://api.example.com/config',
-     * ],
-     * ```
-     * @default - No additional pre-build commands.
-     */
-    readonly preBuildCommands?: string[];
-    /**
-     * Whether to enable KMS encryption for the ECR repository.
-     * If `true`, a KMS key will be created for encrypting ECR images.
-     * If `false`, the repository will use AES-256 encryption.
-     *
-     * @default - false
-     */
-    readonly kmsEncryption?: boolean;
-    /**
-     * The query interval for checking if the CodeBuild project has completed.
-     * This determines how frequently the custom resource polls for build completion.
-     *
-     * @default - Duration.seconds(30)
-     */
-    readonly completenessQueryInterval?: Duration;
-    /**
-     * A list of file paths in the Docker directory to exclude from build.
-     * Will use paths in .dockerignore file if present.
-     *
-     * @default - No file path exclusions
-     */
-    readonly exclude?: string[];
-    /**
-     * The name of the Dockerfile to use for the build.
-     * Passed as `--file` to `docker build`.
-     *
-     * @example 'Dockerfile.production'
-     * @default 'Dockerfile'
-     */
-    readonly file?: string;
-    /**
-     * When `true`, disables Docker layer caching. Every build runs from scratch.
-     * Use for debugging, corrupted cache, or major dependency changes.
-     *
-     * @default false
-     */
-    readonly cacheDisabled?: boolean;
-    /**
-     * CloudWatch log group for CodeBuild build logs.
-     * When provided with a RETAIN removal policy, build logs survive rollbacks
-     * and stack deletion for debugging.
-     *
-     * @default - CodeBuild default logging (logs are deleted on rollback)
-     */
-    readonly buildLogGroup?: ILogGroup;
-    /**
-     * Target platform for the Docker image.
-     *
-     * When set to `'linux/arm64'`, the construct uses a native ARM/Graviton
-     * CodeBuild instance for fast builds without emulation.
-     *
-     * @default 'linux/amd64'
-     */
-    readonly platform?: 'linux/amd64' | 'linux/arm64';
-    /**
-     * Shared provider for the custom resource Lambdas.
-     * Use `TokenInjectableDockerBuilderProvider.getOrCreate(this)` to create
-     * a singleton that is shared across all builders in the same stack.
-     *
-     * When omitted, each builder creates its own Lambdas (original behavior).
-     *
-     * @default - A new provider is created per builder instance
-     */
-    readonly provider?: TokenInjectableDockerBuilderProvider;
-    /**
-     * ECR pull-through cache repository prefixes to grant pull access to.
-     * Use when your Dockerfile references base images from ECR pull-through
-     * cache (e.g. docker-hub/library/node:20-slim, ghcr/org/image:tag).
-     * The CodeBuild role will be granted ecr:BatchGetImage, ecr:GetDownloadUrlForLayer,
-     * and ecr:BatchCheckLayerAvailability on repositories matching each prefix.
-     *
-     * @example ['docker-hub', 'ghcr']
-     * @default - No pull-through cache access
-     */
-    readonly ecrPullThroughCachePrefixes?: string[];
-    /**
-     * Maximum number of tagged images to retain in the ECR repository.
-     *
-     * **WARNING:** Lambda functions pin images by digest internally even when
-     * referenced by tag. Setting this can delete images that Lambda functions
-     * (and ECS tasks) are still pinned to, breaking the next configuration
-     * update with "Image ID cannot be found".
-     *
-     * Leave undefined (the default) for production use. Untagged images are
-     * always cleaned up after 30 days regardless of this setting.
-     *
-     * @default undefined - no count-based expiration; only untagged-after-30-days
-     */
-    readonly maxImageCount?: number;
-    /**
-     * When `true`, creates a CloudWatch log group outside of CloudFormation
-     * (`/docker-builder/<projectName>`) and directs CodeBuild output there.
-     * Because the log group is managed imperatively (not by CloudFormation),
-     * it survives stack rollbacks and preserves full build logs for debugging.
-     * A 7-day retention policy is applied so old logs auto-expire.
-     *
-     * Set to `false` after debugging to delete the log group and clean up.
-     *
-     * @default false
-     */
-    readonly retainBuildLogs?: boolean;
-}
-/**
- * A CDK construct to build and push Docker images to an ECR repository using
- * CodeBuild and Lambda custom resources, **then** retrieve the final image tag
- * so that ECS/Lambda references use the exact digest.
- */
-export declare class TokenInjectableDockerBuilder extends Construct {
-    /**
-     * The ECR repository that stores the resulting Docker image.
-     */
-    private readonly ecrRepository;
-    /**
-     * An ECS-compatible container image referencing the tag
-     * of the built Docker image.
-     */
-    readonly containerImage: ContainerImage;
-    /**
-     * A Lambda-compatible DockerImageCode referencing the tag
-     * of the built Docker image.
-     */
-    readonly dockerImageCode: DockerImageCode;
-    /**
-     * Creates a new `TokenInjectableDockerBuilder`.
-     *
-     * @param scope The scope in which to define this construct.
-     * @param id The scoped construct ID.
-     * @param props Configuration for building and pushing the Docker image.
-     */
-    constructor(scope: Construct, id: string, props: TokenInjectableDockerBuilderProps);
-}
+export { TokenInjectableDockerBuilder, TokenInjectableDockerBuilderProps, } from './builder';
+export { TokenInjectableDockerBuilderProvider, TokenInjectableDockerBuilderProviderProps, } from './provider';