Upgrade pulumi-aws to v6 and pulumi-docker to v4 (#1086)

* Update deps to aws 6 and docker 4

* Keep docker on v3

* Bump p-aws to v6a5 in package.json

* Use p-aws dependency from config in schema gen, correct remote schema URL

* signature of getCallerIdentity changed

* Update to alpha.7

* Upgrade aws to v6.0.2 and regenerate

* Undo aws v6 bump in awsx-classic

* Bump to latest pulumi/pulumi and resolve version conflict

* Fix some schema versioning

* Upgrade aws to v6.0.3

* Fix python aws version

* Fix root dependencies in schema.go for dotnet and python

* Regenerate dotnet SDK for up to date cdproj

* Upgrade awsx-classic to awsv6 since it shares dependencies and SDK with awsx

* Add the new dependencies in the right place

* Remove ecs.Cluster properties that were removed upstream

See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/guides/version-5-upgrade#resourceaws_ecs_cluster

* Delete legacy examples that cannot work anymore without ecs.Cluster capacity providers

* Adjust example to removal of ecs.Cluster capacity providers

* Bump p-java to latest v0.9.7

* Log better errors from package spec handling

* modernize examples/go.mod

* Bump aws of forgotten awsx-classic tests

* Rename ecs example without capacity provider

* Bump Go SDK to /v2

* Temporarily comment failing Go test so we can publish beta.2

* Uncomment Go test and update to sdk/v2

* Upgrade p/p to 3.81.0

* aws v6.0.4

* Messed up previous branch so here's where I am so far

* Added builder version as an enum

Instead of using the one from the docker package

* Update image.ts

Fixing lint issue

* Fix TestEcrSimple, path->context

* Bump examples deps

* Pass through Image build context

* Use repoDigest instead of image name to rebuild when necessary.

* Use canonical repo name for Docker on ECR

* Naming and comment cleanup

* Upgrade to latest p/p 3.85 and p/aws 6.2.1.

* Use newer Go and Node versions in CI

* Upgrade to aws v6.3

* Remove toolchain directive manually

* Bump to latest dependencies

* Remove debugging artifact

---------

Co-authored-by: Monica <[email protected]>
Co-authored-by: Piers Karsenbarg <[email protected]>

.github/workflows/cron.yml

@@ -18,10 +18,10 @@ env:
   SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
   SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
   VERSION_PREFIX: 1.0.0
-  GOVERSION: "1.19.x"
+  GOVERSION: "1.21.x"
   DOTNETVERSION: "6.x"
   PYTHONVERSION: "3.8"
-  NODEVERSION: "16.x"
+  NODEVERSION: "18.x"
   JAVAVERSION: "11"
 jobs:
   lint:

.github/workflows/master.yml

@@ -18,10 +18,10 @@ env:
   SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
   SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
   VERSION_PREFIX: 1.0.0
-  GOVERSION: "1.19.x"
+  GOVERSION: "1.21.x"
   DOTNETVERSION: "6.x"
   PYTHONVERSION: "3.8"
-  NODEVERSION: "16.x"
+  NODEVERSION: "18.x"
   JAVAVERSION: "11"
 jobs:
   lint:

.github/workflows/pre-release.yml

@@ -18,10 +18,10 @@ env:
   SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
   SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
   IS_PRERELEASE: true
-  GOVERSION: "1.19.x"
+  GOVERSION: "1.21.x"
   DOTNETVERSION: "6.x"
   PYTHONVERSION: "3.8"
-  NODEVERSION: "16.x"
+  NODEVERSION: "18.x"
   JAVAVERSION: "11"
 jobs:
   lint:

.github/workflows/release.yml

@@ -17,10 +17,10 @@ env:
   SIGNING_KEY: ${{ secrets.JAVA_SIGNING_KEY }}
   SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
   SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
-  GOVERSION: "1.19.x"
+  GOVERSION: "1.21.x"
   DOTNETVERSION: "6.x"
   PYTHONVERSION: "3.8"
-  NODEVERSION: "16.x"
+  NODEVERSION: "18.x"
   JAVAVERSION: "11"
 jobs:
   lint:

.github/workflows/run-acceptance-tests.yml

@@ -17,10 +17,10 @@ env:
   SIGNING_KEY_ID: ${{ secrets.JAVA_SIGNING_KEY_ID }}
   SIGNING_PASSWORD: ${{ secrets.JAVA_SIGNING_PASSWORD }}
   VERSION_PREFIX: 1.0.0
-  GOVERSION: "1.19.x"
+  GOVERSION: "1.21.x"
   DOTNETVERSION: "6.x"
   PYTHONVERSION: "3.8"
-  NODEVERSION: "16.x"
+  NODEVERSION: "18.x"
   JAVAVERSION: "11"
 jobs:
   comment-notification:
@@ -97,7 +97,7 @@ jobs:
       - name: Unshallow clone for tags
         run: git fetch --prune --unshallow --tags
       - name: Install Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v4
         with:
           go-version: ${{ env.GOVERSION }}
       - name: Setup Node

Makefile

@@ -11,7 +11,7 @@ GZIP_PREFIX		:= pulumi-resource-${PACK}-v${VERSION}
 BIN				:= ${PROVIDER}
 
 JAVA_GEN 		 := pulumi-java-gen
-JAVA_GEN_VERSION := v0.9.2
+JAVA_GEN_VERSION := v0.9.7
 
 AWSX_SRC 		:= $(wildcard awsx/*.*) $(wildcard awsx/*/*.ts)
 AWSX_CLASSIC_SRC:= $(wildcard awsx-classic/*.*) $(wildcard awsx-classic/*/*.ts)
@@ -116,7 +116,7 @@ sdk/go:: bin/${CODEGEN} awsx/schema.json
 	rm -rf sdk/go
 	bin/${CODEGEN} go sdk/go awsx/schema.json $(VERSION)
 	cd sdk && \
-		go get github.com/pulumi/pulumi-aws/sdk/v5@v$(AWS_VERSION) && \
+		go get github.com/pulumi/pulumi-aws/sdk/v6@v$(AWS_VERSION) && \
 		go mod tidy && \
 		go test -v ./... -check.vv
 

awsx-classic/ecr/repository.ts

@@ -13,7 +13,7 @@
 // limitations under the License.
 
 import * as aws from "@pulumi/aws";
-import * as docker from "@pulumi/docker";
+import * as docker from "docker-classic";
 import * as pulumi from "@pulumi/pulumi";
 
 import { computeImageFromAsset } from "../ecs";

awsx-classic/ecs/cluster.ts

@@ -175,17 +175,6 @@ type OverwriteShape = utils.Overwrite<aws.ecs.ClusterArgs, {
  */
 export interface ClusterArgs {
 
-    /**
-     * List of short names of one or more capacity providers to associate with the cluster.
-     * Valid values also include `FARGATE` and `FARGATE_SPOT`.
-     */
-    capacityProviders?: aws.ecs.ClusterArgs["capacityProviders"];
-
-    /**
-     * The capacity provider strategy to use by default for the cluster. Can be one or more.
-     */
-    defaultCapacityProviderStrategies?: aws.ecs.ClusterArgs["defaultCapacityProviderStrategies"];
-
     /**
      * Configuration block(s) with cluster settings. For example, this can be used to enable CloudWatch Container Insights for a cluster.
      */

awsx-classic/ecs/image.ts

@@ -13,7 +13,7 @@
 // limitations under the License.
 
 import * as aws from "@pulumi/aws";
-import * as docker from "@pulumi/docker";
+import * as docker from "docker-classic";
 import * as pulumi from "@pulumi/pulumi";
 import { ContainerImageProvider, KeyValuePair } from "./container";
 

awsx-classic/ecs/taskDefinition.ts

@@ -15,6 +15,7 @@
 import * as aws from "@pulumi/aws";
 import * as pulumi from "@pulumi/pulumi";
 import type * as awssdk from "aws-sdk";
+import * as ecssdk from "@aws-sdk/client-ecs";
 import * as ec2 from "../ec2";
 import * as lb from "../lb";
 import * as role from "../role";
@@ -48,7 +49,7 @@ export abstract class TaskDefinition extends pulumi.ComponentResource {
      */
     public readonly run: (
         params: RunTaskRequest,
-    ) => Promise<awssdk.ECS.Types.RunTaskResponse>;
+    ) => Promise<ecssdk.RunTaskCommandOutput>;
 
     constructor(type: string, name: string,
                 isFargate: boolean, args: TaskDefinitionArgs,
@@ -224,7 +225,7 @@ const _: string = utils.checkCompat<RunTaskRequestOverrideShape, RunTaskRequest>
 function createRunFunction(isFargate: boolean, taskDefArn: pulumi.Output<string>) {
     return async function run(params: RunTaskRequest) {
 
-        const ecs = new aws.sdk.ECS();
+        const ecs = new ecssdk.ECS();
 
         const cluster = params.cluster;
         const clusterArn = cluster.id.get();
@@ -248,7 +249,7 @@ function createRunFunction(isFargate: boolean, taskDefArn: pulumi.Output<string>
             },
             ...params,
             cluster: clusterArn, // Make sure to override the value of `params.cluster`
-        }).promise();
+        });
     };
 }
 

awsx-classic/package.json

@@ -13,10 +13,12 @@
         "lint": "tslint -c tslint.json -p tsconfig.json"
     },
     "dependencies": {
-        "@pulumi/aws": "5.16.2",
+        "@aws-sdk/client-ecs": "^3.405.0",
+        "@pulumi/aws": "^6.0.2",
         "@pulumi/docker": "3.6.1",
         "@pulumi/pulumi": "^3.34.0",
         "aws-lambda": "^1.0.7",
+        "aws-sdk": "^2.0.0",
         "mime": "^3.0.0"
     },
     "devDependencies": {

awsx-classic/tests/package.json

@@ -13,8 +13,8 @@
         "build": "tsc"
     },
     "dependencies": {
-        "@pulumi/pulumi": "^1.0.0",
-        "@pulumi/aws": "^1.0.0",
+        "@pulumi/pulumi": "^3.0.0",
+        "@pulumi/aws": "^5.0.0",
         "aws-sdk": "^2.0.0",
         "builtin-modules": "3.0.0",
         "mime": "^2.0.0",

awsx/cloudwatch/logGroup.ts

@@ -121,7 +121,7 @@ function makeLogGroupId(
     return pulumi.output(args.arn).apply(idFromArn);
   } else {
     return pulumi
-      .all([args.name, args.region, aws.getCallerIdentity(opts)])
+      .all([args.name, args.region, aws.getCallerIdentity({}, opts)])
       .apply(([name, region, callerIdentity]) => {
         const arn = buildArn({
           name: name,

awsx/ecr/image.ts

@@ -21,7 +21,6 @@ import * as utils from "../utils";
 export class Image extends schema.Image {
   constructor(name: string, args: schema.ImageArgs, opts: pulumi.ComponentResourceOptions = {}) {
     super(name, args, opts);
-    const { repositoryUrl, ...dockerArgs } = args;
     this.imageUri = pulumi.output(args).apply((args) => computeImageFromAsset(args, this));
   }
 }
@@ -32,73 +31,70 @@ export function computeImageFromAsset(
   parent: pulumi.Resource,
 ) {
   const { repositoryUrl, ...dockerInputs } = args ?? {};
+
   const url = new URL("https://" + repositoryUrl); // Add protocol to help it parse
   const registryId = url.hostname.split(".")[0];
 
   pulumi.log.debug(`Building container image at '${JSON.stringify(dockerInputs)}'`, parent);
 
-  const imageName = getImageName(dockerInputs);
+  const imageName = createUniqueImageName(dockerInputs);
+  // Note: the tag, if provided, is included in the image name.
+  const canonicalImageName = `${repositoryUrl}:${imageName}`;
 
   // If we haven't, build and push the local build context to the ECR repository.  Then return
   // the unique image name we pushed to.  The name will change if the image changes ensuring
   // the TaskDefinition get's replaced IFF the built image changes.
 
-  const dockerBuild: docker.DockerBuild = {
-    args: dockerInputs.args,
-    cacheFrom: dockerInputs.cacheFrom ? { stages: dockerInputs.cacheFrom } : undefined,
-    context: dockerInputs.path,
-    dockerfile: dockerInputs.dockerfile,
-    env: dockerInputs.env,
-    extraOptions: dockerInputs.extraOptions,
-    target: dockerInputs.target,
-  };
+  const ecrCredentials = aws.ecr.getCredentialsOutput(
+    { registryId: registryId },
+    { parent, async: true },
+  );
+
+  const registryCredentials = ecrCredentials.authorizationToken.apply((authorizationToken) => {
+    const decodedCredentials = Buffer.from(authorizationToken, "base64").toString();
+    const [username, password] = decodedCredentials.split(":");
+    if (!password || !username) {
+      throw new Error("Invalid credentials");
+    }
+    return {
+      registry: ecrCredentials.proxyEndpoint,
+      username: username,
+      password: password,
+    };
+  });
 
-  const uniqueImageName = docker.buildAndPushImage(
-    imageName,
-    dockerBuild,
-    repositoryUrl,
-    parent,
-    () => {
-      // Construct Docker registry auth data by getting the short-lived authorizationToken from ECR, and
-      // extracting the username/password pair after base64-decoding the token.
-      //
-      // See: http://docs.aws.amazon.com/cli/latest/reference/ecr/get-authorization-token.html
-      if (!registryId) {
-        throw new Error("Expected registry ID to be defined during push");
-      }
-
-      const credentials = aws.ecr.getCredentialsOutput(
-        { registryId: registryId },
-        { parent, async: true },
-      );
-      return credentials.authorizationToken.apply((authorizationToken) => {
-        const decodedCredentials = Buffer.from(authorizationToken, "base64").toString();
-        const [username, password] = decodedCredentials.split(":");
-        if (!password || !username) {
-          throw new Error("Invalid credentials");
-        }
-        return {
-          registry: credentials.proxyEndpoint,
-          username: username,
-          password: password,
-        };
-      });
+  const dockerImageArgs: docker.ImageArgs = {
+    imageName: canonicalImageName,
+    build: {
+      args: dockerInputs.args,
+      cacheFrom: dockerInputs.cacheFrom
+        ? {
+            images: dockerInputs.cacheFrom,
+          }
+        : undefined,
+      context: dockerInputs.context,
+      platform: dockerInputs.platform,
+      target: dockerInputs.target,
+      builderVersion: dockerInputs.builderVersion,
     },
-  );
+    registry: registryCredentials,
+  };
+
+  const image = new docker.Image(`image`, dockerImageArgs, { parent });
 
-  uniqueImageName.apply((d: any) =>
+  image.repoDigest.apply((d: any) =>
     pulumi.log.debug(`    build complete: ${imageName} (${d})`, parent),
   );
 
-  return uniqueImageName;
+  return image.repoDigest;
 }
 
-function getImageName(inputs: pulumi.Unwrap<schema.DockerBuildInputs>) {
-  const { path, dockerfile, args } = inputs ?? {};
+function createUniqueImageName(inputs: pulumi.Unwrap<schema.DockerBuildInputs>): string {
+  const { context, dockerfile, args } = inputs ?? {};
   // Produce a hash of the build context and use that for the image name.
   let buildSig: string;
 
-  buildSig = path ?? ".";
+  buildSig = context ?? ".";
   if (dockerfile) {
     buildSig += `;dockerfile=${dockerfile}`;
   }

awsx/package.json

@@ -21,10 +21,11 @@
   },
   "//": "Pulumi sub-provider dependencies must be pinned at an exact version because we extract this value to generate the correct dependency in the schema",
   "dependencies": {
-    "@pulumi/aws": "5.35.0",
-    "@pulumi/docker": "3.6.1",
-    "@pulumi/pulumi": "^3.34.0",
+    "@pulumi/aws": "6.5.0",
+    "@pulumi/docker": "4.4.3",
+    "@pulumi/pulumi": "^3.81.0",
     "@types/aws-lambda": "^8.10.23",
+    "docker-classic": "npm:@pulumi/[email protected]",
     "ip-address": "^8.1.0",
     "mime": "^3.0.0",
     "netmask": "^2.0.2"