Add docker image production workflow to repo 🔥 #4107
Conversation
The cluster isn't stabilizing. Co-authored-by: David Souther <davidsouther@gmail.com>
ford-at-aws
changed the title
* Stack for batch fargate. The cluster isn't stabilizing. * updates for working version * Delete cdk.context.json * Update batch_fargate-stack.ts * Delete package-lock.json Co-authored-by: David Souther <davidsouther@gmail.com>
ford-at-aws
changed the title
| new ecr.CfnPublicRepository(this, "{{shortname}}", { | ||
| repositoryName: "{{shortname}}", | ||
| repositoryCatalogData: { | ||
| UsageText: "This image provides a pre-built for SDK for {{language}} environment and is recommended for local testing of SDK for {{language}} example code. It is not intended for production usage. For detailed and up-to-date steps on running this image, please see https://github.com/awsdocs/aws-doc-sdk-examples/blob/main/{{shortname}}/README.md#docker-image.", |
There was a problem hiding this comment.
for SDK for {{language}} --> for the SDK for {{language}}
local testing of SDK for {{language}} --> local testing of the SDK for {{language}}
please see --> see
| UsageText: "This image provides a pre-built for SDK for {{language}} environment and is recommended for local testing of SDK for {{language}} example code. It is not intended for production usage. For detailed and up-to-date steps on running this image, please see https://github.com/awsdocs/aws-doc-sdk-examples/blob/main/{{shortname}}/README.md#docker-image.", | ||
| OperatingSystems: ["Linux"], | ||
| Architectures: ["x86", "ARM"], | ||
| RepositoryDescription: "This image provides a pre-built for SDK for {{language}} environment and is recommended for local testing of SDK for {{language}} example code." |
There was a problem hiding this comment.
for SDK for {{language}} --> for the SDK for {{language}}
of SDK for {{language}} --> of the SDK for {{language}}
|
|
||
| In the near future, this example code will be available in a container image | ||
| hosted on [Amazon Elastic Container Registry (ECR)](https://docs.aws.amazon.com/AmazonECR/latest/userguide/what-is-ecr.html). This image will be pre-loaded | ||
| with all C++ examples with dependencies pre-resolved, allowing you to explore |
There was a problem hiding this comment.
Here, and in the other READMEs with this text, recommend the following update:
allowing you to --> so that you can
| `Readme on GitHub <https://github.com/awsdocs/aws-doc-sdk-examples/blob/master/README.rst>`_. | ||
|
|
||
| Copyright and License | ||
| ============= | ||
|
|
||
| All content in this repository, unless otherwise stated, is | ||
| Copyright � Amazon Web Services, Inc. or its affiliates. All rights reserved. | ||
| Copyright © Amazon Web Services, Inc. or its affiliates. All rights reserved. |
There was a problem hiding this comment.
Was this change intentional?
| =================== | ||
|
|
||
| In the near future, this example code will be available in a container image | ||
| hosted on [Amazon Elastic Container Registry (ECR)](https://docs.aws.amazon.com/AmazonECR/latest/userguide/what-is-ecr.html). This image will be pre-loaded |
There was a problem hiding this comment.
Here, and in the other READMEs with this text, recommend the following updates:
Amazon Elastic Container Registry (ECR) --> Amazon Elastic Container Registry (Amazon ECR)
will be pre-loaded --> is preloaded
| undergoing active development. Refer to | ||
| [this GitHub issue](https://github.com/awsdocs/aws-doc-sdk-examples/issues/4133) | ||
| for more information. |
There was a problem hiding this comment.
Here, and in the other READMEs with this text, recommend the following last sentence update:
For more information, see this GitHub issue.
| with all Java v2 examples with dependencies pre-resolved, allowing you to explore | ||
| these examples in an isolated environment. | ||
|
|
||
| ⚠️ As of January 2023, the [SDK for Java v2 image](https://gallery.ecr.aws/aws-docs-sdk-examples/javav2) is available on ECR Public but is still |
There was a problem hiding this comment.
SDK for Java v2 --> SDK for Java (v2)
| with all JavaScript v3 examples with dependencies pre-resolved, allowing you to explore | ||
| these examples in an isolated environment. | ||
|
|
||
| ⚠️ As of January 2023, the [SDK for JavaScript v3 image](https://gallery.ecr.aws/aws-docs-sdk-examples/javascriptv3) is available on ECR Public but is still |
There was a problem hiding this comment.
SDK for JavaScript v3 --> SDK for JavaScript (v3)
| with all Golang examples with dependencies pre-resolved, allowing you to explore | ||
| these examples in an isolated environment. | ||
|
|
||
| ⚠️ As of January 2023, the [SDK for Go v2 image](https://gallery.ecr.aws/aws-docs-sdk-examples/dotnetv3) is available on ECR Public but is still |
There was a problem hiding this comment.
SDK for Go v2 --> SDK for Go (v2)
| with all .NET examples with dependencies pre-resolved, allowing you to explore | ||
| these examples in an isolated environment. | ||
|
|
||
| ⚠️ As of January 2023, the [SDK for .NET v3 image](https://gallery.ecr.aws/aws-docs-sdk-examples/dotnetv3) is available on ECR Public but is still |
There was a problem hiding this comment.
SDK for .NET v3 --> SDK for .NET (v3)
This PR...
Adds the following:
💣 Blast radius
This will publish Docker images to an ECR repository that is public, so there's a customer-facing aspect to this (though the images aren't currently being advertised anywhere). But this touches no existing systems or code bases.
Note on CICD configuration
This GitHub-to-ECR configuration relies on an OIDC provider token that was created using these official steps, which use
automationas the role. This config is referenced in thedocker-push.ymlfile but exists within the target AWS account (808326389482).Note on new AWS account
This PR deploys images to an ECR repository that is housed within a brand new AWS account: 808326389482. This account was created using Isengard with owner=brmur,fprior and team=aws-sdk-code-examples. I confirmed with a few team members already but everyone should have AdministratorAccess permissions (i.e. god mode). I will eventually scope these down, but for now I'm satisfied with the facts that (a) this is a NON-prod account, (b) we don't have to worry about billing, and (c) everyone's activities in this account are being logged via CloudTrail using their role name (e.g.
weathertop-fprior). So while restrictions are absent, accountability is present.Note on testing
I haven't figured out a good way to test this yet, as it's kind of a CICD project, but that's part of a hardening epic that will be undertaken in Q1 2023.
Pre-submit checklist:
Don't forget! By submitting this pull request, you confirm that your contribution is made under the terms of the Apache 2.0 license.