├── .eslintrc.json ├── .gitattributes ├── .github ├── ISSUE_TEMPLATE │ └── config.yml ├── pull_request_template.md └── workflows │ ├── auto-approve.yml │ ├── auto-queue.yml │ ├── build.yml │ ├── pull-request-lint.yml │ ├── release.yml │ ├── security.yml │ ├── stale.yml │ ├── triage.yml │ ├── upgrade-compiler-dependencies-main.yml │ ├── upgrade-configuration-main.yml │ ├── upgrade-dev-dependencies-main.yml │ └── upgrade-runtime-dependencies-main.yml ├── .gitignore ├── .npmignore ├── .projen ├── deps.json ├── files.json └── tasks.json ├── .projenrc.js ├── API.md ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── DCO ├── LICENSE ├── README.md ├── SECURITY.md ├── git-hooks ├── README.md ├── prepare-commit-msg └── setup.sh ├── package.json ├── src ├── _shell.ts ├── image.ts └── index.ts ├── test └── image.test.ts ├── tsconfig.dev.json └── yarn.lock /.eslintrc.json: -------------------------------------------------------------------------------- 1 | // ~~ Generated by projen. To modify, edit .projenrc.js and run "npx projen". 2 | { 3 | "env": { 4 | "jest": true, 5 | "node": true 6 | }, 7 | "root": true, 8 | "plugins": [ 9 | "@typescript-eslint", 10 | "import", 11 | "@stylistic" 12 | ], 13 | "parser": "@typescript-eslint/parser", 14 | "parserOptions": { 15 | "ecmaVersion": 2018, 16 | "sourceType": "module", 17 | "project": "./tsconfig.dev.json" 18 | }, 19 | "extends": [ 20 | "plugin:import/typescript" 21 | ], 22 | "settings": { 23 | "import/parsers": { 24 | "@typescript-eslint/parser": [ 25 | ".ts", 26 | ".tsx" 27 | ] 28 | }, 29 | "import/resolver": { 30 | "node": {}, 31 | "typescript": { 32 | "project": "./tsconfig.dev.json", 33 | "alwaysTryTypes": true 34 | } 35 | } 36 | }, 37 | "ignorePatterns": [ 38 | "*.js", 39 | "*.d.ts", 40 | "node_modules/", 41 | "*.generated.ts", 42 | "coverage", 43 | "!.projenrc.js" 44 | ], 45 | "rules": { 46 | "@stylistic/indent": [ 47 | "error", 48 | 2 49 | ], 50 | "@stylistic/quotes": [ 51 | "error", 52 | "single", 53 | { 54 | "avoidEscape": true 55 | } 56 | ], 57 | "@stylistic/comma-dangle": [ 58 | "error", 59 | "always-multiline" 60 | ], 61 | "@stylistic/comma-spacing": [ 62 | "error", 63 | { 64 | "before": false, 65 | "after": true 66 | } 67 | ], 68 | "@stylistic/no-multi-spaces": [ 69 | "error", 70 | { 71 | "ignoreEOLComments": false 72 | } 73 | ], 74 | "@stylistic/array-bracket-spacing": [ 75 | "error", 76 | "never" 77 | ], 78 | "@stylistic/array-bracket-newline": [ 79 | "error", 80 | "consistent" 81 | ], 82 | "@stylistic/object-curly-spacing": [ 83 | "error", 84 | "always" 85 | ], 86 | "@stylistic/object-curly-newline": [ 87 | "error", 88 | { 89 | "multiline": true, 90 | "consistent": true 91 | } 92 | ], 93 | "@stylistic/object-property-newline": [ 94 | "error", 95 | { 96 | "allowAllPropertiesOnSameLine": true 97 | } 98 | ], 99 | "@stylistic/keyword-spacing": [ 100 | "error" 101 | ], 102 | "@stylistic/brace-style": [ 103 | "error", 104 | "1tbs", 105 | { 106 | "allowSingleLine": true 107 | } 108 | ], 109 | "@stylistic/space-before-blocks": [ 110 | "error" 111 | ], 112 | "@stylistic/member-delimiter-style": [ 113 | "error" 114 | ], 115 | "@stylistic/semi": [ 116 | "error", 117 | "always" 118 | ], 119 | "@stylistic/max-len": [ 120 | "error", 121 | { 122 | "code": 150, 123 | "ignoreUrls": true, 124 | "ignoreStrings": true, 125 | "ignoreTemplateLiterals": true, 126 | "ignoreComments": true, 127 | "ignoreRegExpLiterals": true 128 | } 129 | ], 130 | "@stylistic/quote-props": [ 131 | "error", 132 | "consistent-as-needed" 133 | ], 134 | "@stylistic/key-spacing": [ 135 | "error" 136 | ], 137 | "@stylistic/no-multiple-empty-lines": [ 138 | "error" 139 | ], 140 | "@stylistic/no-trailing-spaces": [ 141 | "error" 142 | ], 143 | "curly": [ 144 | "error", 145 | "multi-line", 146 | "consistent" 147 | ], 148 | "@typescript-eslint/no-require-imports": "error", 149 | "import/no-extraneous-dependencies": [ 150 | "error", 151 | { 152 | "devDependencies": [ 153 | "**/test/**", 154 | "**/build-tools/**" 155 | ], 156 | "optionalDependencies": false, 157 | "peerDependencies": true 158 | } 159 | ], 160 | "import/no-unresolved": [ 161 | "error" 162 | ], 163 | "import/order": [ 164 | "warn", 165 | { 166 | "groups": [ 167 | "builtin", 168 | "external" 169 | ], 170 | "alphabetize": { 171 | "order": "asc", 172 | "caseInsensitive": true 173 | } 174 | } 175 | ], 176 | "import/no-duplicates": [ 177 | "error" 178 | ], 179 | "no-shadow": [ 180 | "off" 181 | ], 182 | "@typescript-eslint/no-shadow": "error", 183 | "@typescript-eslint/no-floating-promises": "error", 184 | "no-return-await": [ 185 | "off" 186 | ], 187 | "@typescript-eslint/return-await": "error", 188 | "dot-notation": [ 189 | "error" 190 | ], 191 | "no-bitwise": [ 192 | "error" 193 | ], 194 | "@typescript-eslint/member-ordering": [ 195 | "error", 196 | { 197 | "default": [ 198 | "public-static-field", 199 | "public-static-method", 200 | "protected-static-field", 201 | "protected-static-method", 202 | "private-static-field", 203 | "private-static-method", 204 | "field", 205 | "constructor", 206 | "method" 207 | ] 208 | } 209 | ] 210 | }, 211 | "overrides": [ 212 | { 213 | "files": [ 214 | ".projenrc.js" 215 | ], 216 | "rules": { 217 | "@typescript-eslint/no-require-imports": "off", 218 | "import/no-extraneous-dependencies": "off" 219 | } 220 | } 221 | ] 222 | } 223 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | # ~~ Generated by projen. To modify, edit .projenrc.js and run "npx projen". 2 | 3 | * text=auto eol=lf 4 | *.snap linguist-generated 5 | /.eslintrc.json linguist-generated 6 | /.gitattributes linguist-generated 7 | /.github/ISSUE_TEMPLATE/config.yml linguist-generated 8 | /.github/pull_request_template.md linguist-generated 9 | /.github/workflows/auto-approve.yml linguist-generated 10 | /.github/workflows/auto-queue.yml linguist-generated 11 | /.github/workflows/build.yml linguist-generated 12 | /.github/workflows/pull-request-lint.yml linguist-generated 13 | /.github/workflows/release.yml linguist-generated 14 | /.github/workflows/security.yml linguist-generated 15 | /.github/workflows/stale.yml linguist-generated 16 | /.github/workflows/triage.yml linguist-generated 17 | /.github/workflows/upgrade-compiler-dependencies-main.yml linguist-generated 18 | /.github/workflows/upgrade-configuration-main.yml linguist-generated 19 | /.github/workflows/upgrade-dev-dependencies-main.yml linguist-generated 20 | /.github/workflows/upgrade-runtime-dependencies-main.yml linguist-generated 21 | /.gitignore linguist-generated 22 | /.npmignore linguist-generated 23 | /.projen/** linguist-generated 24 | /.projen/deps.json linguist-generated 25 | /.projen/files.json linguist-generated 26 | /.projen/tasks.json linguist-generated 27 | /API.md linguist-generated 28 | /CODE_OF_CONDUCT.md linguist-generated 29 | /DCO linguist-generated 30 | /git-hooks/prepare-commit-msg linguist-generated 31 | /git-hooks/README.md linguist-generated 32 | /git-hooks/setup.sh linguist-generated 33 | /LICENSE linguist-generated 34 | /package.json linguist-generated 35 | /SECURITY.md linguist-generated 36 | /tsconfig.dev.json linguist-generated 37 | /yarn.lock linguist-generated -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/config.yml: -------------------------------------------------------------------------------- 1 | # ~~ Generated by projen. To modify, edit .projenrc.js and run "npx projen". 2 | 3 | blank_issues_enabled: false 4 | contact_links: 5 | - name: Slack Community Support @ cdk.dev 6 | url: https://cdk-dev.slack.com/archives/C0184GCBY4X 7 | about: Please ask and answer questions here. 8 | - name: Slack Community Support @ cncf.io 9 | url: https://cloud-native.slack.com/archives/C02KCDACGTT 10 | about: Please ask and answer questions here. 11 | - name: GitHub Community Support 12 | url: https://github.com/cdk8s-team/cdk8s-image/discussions 13 | about: Please ask and answer questions here. 14 | - name: Open a cdk8s issue 15 | url: https://github.com/cdk8s-team/cdk8s/issues/new/choose 16 | about: All cdk8s issues are tracked in the cdk8s repository. 17 | -------------------------------------------------------------------------------- /.github/pull_request_template.md: -------------------------------------------------------------------------------- 1 | Fixes # -------------------------------------------------------------------------------- /.github/workflows/auto-approve.yml: -------------------------------------------------------------------------------- 1 | # ~~ Generated by projen. To modify, edit .projenrc.js and run "npx projen". 2 | 3 | name: auto-approve 4 | on: 5 | pull_request_target: 6 | types: 7 | - labeled 8 | - opened 9 | - synchronize 10 | - reopened 11 | - ready_for_review 12 | jobs: 13 | approve: 14 | runs-on: ubuntu-latest 15 | permissions: 16 | pull-requests: write 17 | if: contains(github.event.pull_request.labels.*.name, 'auto-approve') && (github.event.pull_request.user.login == 'cdk8s-automation') 18 | steps: 19 | - uses: hmarr/auto-approve-action@v2.2.1 20 | with: 21 | github-token: ${{ secrets.GITHUB_TOKEN }} 22 | -------------------------------------------------------------------------------- /.github/workflows/auto-queue.yml: -------------------------------------------------------------------------------- 1 | # ~~ Generated by projen. To modify, edit .projenrc.js and run "npx projen". 2 | 3 | name: auto-queue 4 | on: 5 | pull_request_target: 6 | types: 7 | - opened 8 | - reopened 9 | - ready_for_review 10 | jobs: 11 | enableAutoQueue: 12 | name: "Set AutoQueue on PR #${{ github.event.number }}" 13 | runs-on: ubuntu-latest 14 | permissions: 15 | pull-requests: write 16 | contents: write 17 | steps: 18 | - uses: peter-evans/enable-pull-request-automerge@v3 19 | with: 20 | token: ${{ secrets.PROJEN_GITHUB_TOKEN }} 21 | pull-request-number: ${{ github.event.number }} 22 | merge-method: squash 23 | -------------------------------------------------------------------------------- /.github/workflows/build.yml: -------------------------------------------------------------------------------- 1 | # ~~ Generated by projen. To modify, edit .projenrc.js and run "npx projen". 2 | 3 | name: build 4 | on: 5 | pull_request: {} 6 | workflow_dispatch: {} 7 | merge_group: {} 8 | jobs: 9 | build: 10 | runs-on: ubuntu-latest 11 | permissions: 12 | contents: write 13 | outputs: 14 | self_mutation_happened: ${{ steps.self_mutation.outputs.self_mutation_happened }} 15 | env: 16 | CI: "true" 17 | steps: 18 | - name: Checkout 19 | uses: actions/checkout@v4 20 | with: 21 | ref: ${{ github.event.pull_request.head.ref }} 22 | repository: ${{ github.event.pull_request.head.repo.full_name }} 23 | - name: Setup Node.js 24 | uses: actions/setup-node@v4 25 | with: 26 | node-version: lts/* 27 | - name: Install dependencies 28 | run: yarn install --check-files 29 | - name: build 30 | run: npx projen build 31 | - name: Find mutations 32 | id: self_mutation 33 | run: |- 34 | git add . 35 | git diff --staged --patch --exit-code > repo.patch || echo "self_mutation_happened=true" >> $GITHUB_OUTPUT 36 | working-directory: ./ 37 | - name: Upload patch 38 | if: steps.self_mutation.outputs.self_mutation_happened 39 | uses: actions/upload-artifact@v4.4.0 40 | with: 41 | name: repo.patch 42 | path: repo.patch 43 | overwrite: true 44 | - name: Fail build on mutation 45 | if: steps.self_mutation.outputs.self_mutation_happened 46 | run: |- 47 | echo "::error::Files were changed during build (see build log). If this was triggered from a fork, you will need to update your branch." 48 | cat repo.patch 49 | exit 1 50 | - name: Backup artifact permissions 51 | run: cd dist && getfacl -R . > permissions-backup.acl 52 | continue-on-error: true 53 | - name: Upload artifact 54 | uses: actions/upload-artifact@v4.4.0 55 | with: 56 | name: build-artifact 57 | path: dist 58 | overwrite: true 59 | self-mutation: 60 | needs: build 61 | runs-on: ubuntu-latest 62 | permissions: 63 | contents: write 64 | if: always() && needs.build.outputs.self_mutation_happened && !(github.event.pull_request.head.repo.full_name != github.repository) 65 | steps: 66 | - name: Checkout 67 | uses: actions/checkout@v4 68 | with: 69 | token: ${{ secrets.PROJEN_GITHUB_TOKEN }} 70 | ref: ${{ github.event.pull_request.head.ref }} 71 | repository: ${{ github.event.pull_request.head.repo.full_name }} 72 | - name: Download patch 73 | uses: actions/download-artifact@v4 74 | with: 75 | name: repo.patch 76 | path: ${{ runner.temp }} 77 | - name: Apply patch 78 | run: '[ -s ${{ runner.temp }}/repo.patch ] && git apply ${{ runner.temp }}/repo.patch || echo "Empty patch. Skipping."' 79 | - name: Set git identity 80 | run: |- 81 | git config user.name "github-actions" 82 | git config user.email "github-actions@github.com" 83 | - name: Push changes 84 | env: 85 | PULL_REQUEST_REF: ${{ github.event.pull_request.head.ref }} 86 | run: |- 87 | git add . 88 | git commit -s -m "chore: self mutation" 89 | git push origin HEAD:$PULL_REQUEST_REF 90 | package-js: 91 | needs: build 92 | runs-on: ubuntu-latest 93 | permissions: 94 | contents: read 95 | if: ${{ !needs.build.outputs.self_mutation_happened }} 96 | steps: 97 | - uses: actions/setup-node@v4 98 | with: 99 | node-version: lts/* 100 | - name: Download build artifacts 101 | uses: actions/download-artifact@v4 102 | with: 103 | name: build-artifact 104 | path: dist 105 | - name: Restore build artifact permissions 106 | run: cd dist && setfacl --restore=permissions-backup.acl 107 | continue-on-error: true 108 | - name: Checkout 109 | uses: actions/checkout@v4 110 | with: 111 | ref: ${{ github.event.pull_request.head.ref }} 112 | repository: ${{ github.event.pull_request.head.repo.full_name }} 113 | path: .repo 114 | - name: Install Dependencies 115 | run: cd .repo && yarn install --check-files --frozen-lockfile 116 | - name: Extract build artifact 117 | run: tar --strip-components=1 -xzvf dist/js/*.tgz -C .repo 118 | - name: Move build artifact out of the way 119 | run: mv dist dist.old 120 | - name: Create js artifact 121 | run: cd .repo && npx projen package:js 122 | - name: Collect js artifact 123 | run: mv .repo/dist dist 124 | package-java: 125 | needs: build 126 | runs-on: ubuntu-latest 127 | permissions: 128 | contents: read 129 | if: ${{ !needs.build.outputs.self_mutation_happened }} 130 | steps: 131 | - uses: actions/setup-java@v4 132 | with: 133 | distribution: corretto 134 | java-version: "11" 135 | - uses: actions/setup-node@v4 136 | with: 137 | node-version: lts/* 138 | - name: Download build artifacts 139 | uses: actions/download-artifact@v4 140 | with: 141 | name: build-artifact 142 | path: dist 143 | - name: Restore build artifact permissions 144 | run: cd dist && setfacl --restore=permissions-backup.acl 145 | continue-on-error: true 146 | - name: Checkout 147 | uses: actions/checkout@v4 148 | with: 149 | ref: ${{ github.event.pull_request.head.ref }} 150 | repository: ${{ github.event.pull_request.head.repo.full_name }} 151 | path: .repo 152 | - name: Install Dependencies 153 | run: cd .repo && yarn install --check-files --frozen-lockfile 154 | - name: Extract build artifact 155 | run: tar --strip-components=1 -xzvf dist/js/*.tgz -C .repo 156 | - name: Move build artifact out of the way 157 | run: mv dist dist.old 158 | - name: Create java artifact 159 | run: cd .repo && npx projen package:java 160 | - name: Collect java artifact 161 | run: mv .repo/dist dist 162 | package-python: 163 | needs: build 164 | runs-on: ubuntu-latest 165 | permissions: 166 | contents: read 167 | if: ${{ !needs.build.outputs.self_mutation_happened }} 168 | steps: 169 | - uses: actions/setup-node@v4 170 | with: 171 | node-version: lts/* 172 | - uses: actions/setup-python@v5 173 | with: 174 | python-version: 3.x 175 | - name: Download build artifacts 176 | uses: actions/download-artifact@v4 177 | with: 178 | name: build-artifact 179 | path: dist 180 | - name: Restore build artifact permissions 181 | run: cd dist && setfacl --restore=permissions-backup.acl 182 | continue-on-error: true 183 | - name: Checkout 184 | uses: actions/checkout@v4 185 | with: 186 | ref: ${{ github.event.pull_request.head.ref }} 187 | repository: ${{ github.event.pull_request.head.repo.full_name }} 188 | path: .repo 189 | - name: Install Dependencies 190 | run: cd .repo && yarn install --check-files --frozen-lockfile 191 | - name: Extract build artifact 192 | run: tar --strip-components=1 -xzvf dist/js/*.tgz -C .repo 193 | - name: Move build artifact out of the way 194 | run: mv dist dist.old 195 | - name: Create python artifact 196 | run: cd .repo && npx projen package:python 197 | - name: Collect python artifact 198 | run: mv .repo/dist dist 199 | package-dotnet: 200 | needs: build 201 | runs-on: ubuntu-latest 202 | permissions: 203 | contents: read 204 | if: ${{ !needs.build.outputs.self_mutation_happened }} 205 | steps: 206 | - uses: actions/setup-node@v4 207 | with: 208 | node-version: lts/* 209 | - uses: actions/setup-dotnet@v4 210 | with: 211 | dotnet-version: 6.x 212 | - name: Download build artifacts 213 | uses: actions/download-artifact@v4 214 | with: 215 | name: build-artifact 216 | path: dist 217 | - name: Restore build artifact permissions 218 | run: cd dist && setfacl --restore=permissions-backup.acl 219 | continue-on-error: true 220 | - name: Checkout 221 | uses: actions/checkout@v4 222 | with: 223 | ref: ${{ github.event.pull_request.head.ref }} 224 | repository: ${{ github.event.pull_request.head.repo.full_name }} 225 | path: .repo 226 | - name: Install Dependencies 227 | run: cd .repo && yarn install --check-files --frozen-lockfile 228 | - name: Extract build artifact 229 | run: tar --strip-components=1 -xzvf dist/js/*.tgz -C .repo 230 | - name: Move build artifact out of the way 231 | run: mv dist dist.old 232 | - name: Create dotnet artifact 233 | run: cd .repo && npx projen package:dotnet 234 | - name: Collect dotnet artifact 235 | run: mv .repo/dist dist 236 | package-go: 237 | needs: build 238 | runs-on: ubuntu-latest 239 | permissions: 240 | contents: read 241 | if: ${{ !needs.build.outputs.self_mutation_happened }} 242 | steps: 243 | - uses: actions/setup-node@v4 244 | with: 245 | node-version: lts/* 246 | - uses: actions/setup-go@v5 247 | with: 248 | go-version: ^1.18.0 249 | - name: Download build artifacts 250 | uses: actions/download-artifact@v4 251 | with: 252 | name: build-artifact 253 | path: dist 254 | - name: Restore build artifact permissions 255 | run: cd dist && setfacl --restore=permissions-backup.acl 256 | continue-on-error: true 257 | - name: Checkout 258 | uses: actions/checkout@v4 259 | with: 260 | ref: ${{ github.event.pull_request.head.ref }} 261 | repository: ${{ github.event.pull_request.head.repo.full_name }} 262 | path: .repo 263 | - name: Install Dependencies 264 | run: cd .repo && yarn install --check-files --frozen-lockfile 265 | - name: Extract build artifact 266 | run: tar --strip-components=1 -xzvf dist/js/*.tgz -C .repo 267 | - name: Move build artifact out of the way 268 | run: mv dist dist.old 269 | - name: Create go artifact 270 | run: cd .repo && npx projen package:go 271 | - name: Collect go artifact 272 | run: mv .repo/dist dist 273 | -------------------------------------------------------------------------------- /.github/workflows/pull-request-lint.yml: -------------------------------------------------------------------------------- 1 | # ~~ Generated by projen. To modify, edit .projenrc.js and run "npx projen". 2 | 3 | name: pull-request-lint 4 | on: 5 | pull_request_target: 6 | types: 7 | - labeled 8 | - opened 9 | - synchronize 10 | - reopened 11 | - ready_for_review 12 | - edited 13 | merge_group: {} 14 | jobs: 15 | validate: 16 | name: Validate PR title 17 | runs-on: ubuntu-latest 18 | permissions: 19 | pull-requests: write 20 | if: (github.event_name == 'pull_request' || github.event_name == 'pull_request_target') 21 | steps: 22 | - uses: amannn/action-semantic-pull-request@v5.4.0 23 | env: 24 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 25 | with: 26 | types: |- 27 | feat 28 | fix 29 | chore 30 | requireScope: false 31 | -------------------------------------------------------------------------------- /.github/workflows/release.yml: -------------------------------------------------------------------------------- 1 | # ~~ Generated by projen. To modify, edit .projenrc.js and run "npx projen". 2 | 3 | name: release 4 | on: 5 | push: 6 | branches: 7 | - main 8 | workflow_dispatch: {} 9 | concurrency: 10 | group: ${{ github.workflow }} 11 | cancel-in-progress: false 12 | jobs: 13 | release: 14 | runs-on: ubuntu-latest 15 | permissions: 16 | contents: write 17 | outputs: 18 | latest_commit: ${{ steps.git_remote.outputs.latest_commit }} 19 | tag_exists: ${{ steps.check_tag_exists.outputs.exists }} 20 | env: 21 | CI: "true" 22 | steps: 23 | - name: Checkout 24 | uses: actions/checkout@v4 25 | with: 26 | fetch-depth: 0 27 | - name: Set git identity 28 | run: |- 29 | git config user.name "github-actions" 30 | git config user.email "github-actions@github.com" 31 | - name: Setup Node.js 32 | uses: actions/setup-node@v4 33 | with: 34 | node-version: lts/* 35 | - name: Install dependencies 36 | run: yarn install --check-files --frozen-lockfile 37 | - name: release 38 | run: npx projen release 39 | - name: Check if version has already been tagged 40 | id: check_tag_exists 41 | run: |- 42 | TAG=$(cat dist/releasetag.txt) 43 | ([ ! -z "$TAG" ] && git ls-remote -q --exit-code --tags origin $TAG && (echo "exists=true" >> $GITHUB_OUTPUT)) || (echo "exists=false" >> $GITHUB_OUTPUT) 44 | cat $GITHUB_OUTPUT 45 | - name: Check for new commits 46 | id: git_remote 47 | run: |- 48 | echo "latest_commit=$(git ls-remote origin -h ${{ github.ref }} | cut -f1)" >> $GITHUB_OUTPUT 49 | cat $GITHUB_OUTPUT 50 | - name: Backup artifact permissions 51 | if: ${{ steps.git_remote.outputs.latest_commit == github.sha }} 52 | run: cd dist && getfacl -R . > permissions-backup.acl 53 | continue-on-error: true 54 | - name: Upload artifact 55 | if: ${{ steps.git_remote.outputs.latest_commit == github.sha }} 56 | uses: actions/upload-artifact@v4.4.0 57 | with: 58 | name: build-artifact 59 | path: dist 60 | overwrite: true 61 | release_github: 62 | name: Publish to GitHub Releases 63 | needs: 64 | - release 65 | - release_npm 66 | - release_maven 67 | - release_pypi 68 | - release_nuget 69 | - release_golang 70 | runs-on: ubuntu-latest 71 | permissions: 72 | contents: write 73 | if: needs.release.outputs.tag_exists != 'true' && needs.release.outputs.latest_commit == github.sha 74 | steps: 75 | - uses: actions/setup-node@v4 76 | with: 77 | node-version: lts/* 78 | - name: Download build artifacts 79 | uses: actions/download-artifact@v4 80 | with: 81 | name: build-artifact 82 | path: dist 83 | - name: Restore build artifact permissions 84 | run: cd dist && setfacl --restore=permissions-backup.acl 85 | continue-on-error: true 86 | - name: Release 87 | env: 88 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 89 | run: errout=$(mktemp); gh release create $(cat dist/releasetag.txt) -R $GITHUB_REPOSITORY -F dist/changelog.md -t $(cat dist/releasetag.txt) --target $GITHUB_SHA 2> $errout && true; exitcode=$?; if [ $exitcode -ne 0 ] && ! grep -q "Release.tag_name already exists" $errout; then cat $errout; exit $exitcode; fi 90 | release_npm: 91 | name: Publish to npm 92 | needs: release 93 | runs-on: ubuntu-latest 94 | permissions: 95 | id-token: write 96 | contents: read 97 | if: needs.release.outputs.tag_exists != 'true' && needs.release.outputs.latest_commit == github.sha 98 | steps: 99 | - uses: actions/setup-node@v4 100 | with: 101 | node-version: lts/* 102 | - name: Download build artifacts 103 | uses: actions/download-artifact@v4 104 | with: 105 | name: build-artifact 106 | path: dist 107 | - name: Restore build artifact permissions 108 | run: cd dist && setfacl --restore=permissions-backup.acl 109 | continue-on-error: true 110 | - name: Checkout 111 | uses: actions/checkout@v4 112 | with: 113 | path: .repo 114 | - name: Install Dependencies 115 | run: cd .repo && yarn install --check-files --frozen-lockfile 116 | - name: Extract build artifact 117 | run: tar --strip-components=1 -xzvf dist/js/*.tgz -C .repo 118 | - name: Move build artifact out of the way 119 | run: mv dist dist.old 120 | - name: Create js artifact 121 | run: cd .repo && npx projen package:js 122 | - name: Collect js artifact 123 | run: mv .repo/dist dist 124 | - name: Release 125 | env: 126 | NPM_DIST_TAG: latest 127 | NPM_REGISTRY: registry.npmjs.org 128 | NPM_CONFIG_PROVENANCE: "true" 129 | NPM_TOKEN: ${{ secrets.NPM_TOKEN }} 130 | run: npx -p publib@latest publib-npm 131 | release_maven: 132 | name: Publish to Maven Central 133 | needs: release 134 | runs-on: ubuntu-latest 135 | permissions: 136 | contents: read 137 | if: needs.release.outputs.tag_exists != 'true' && needs.release.outputs.latest_commit == github.sha 138 | steps: 139 | - uses: actions/setup-java@v4 140 | with: 141 | distribution: corretto 142 | java-version: "11" 143 | - uses: actions/setup-node@v4 144 | with: 145 | node-version: lts/* 146 | - name: Download build artifacts 147 | uses: actions/download-artifact@v4 148 | with: 149 | name: build-artifact 150 | path: dist 151 | - name: Restore build artifact permissions 152 | run: cd dist && setfacl --restore=permissions-backup.acl 153 | continue-on-error: true 154 | - name: Checkout 155 | uses: actions/checkout@v4 156 | with: 157 | path: .repo 158 | - name: Install Dependencies 159 | run: cd .repo && yarn install --check-files --frozen-lockfile 160 | - name: Extract build artifact 161 | run: tar --strip-components=1 -xzvf dist/js/*.tgz -C .repo 162 | - name: Move build artifact out of the way 163 | run: mv dist dist.old 164 | - name: Create java artifact 165 | run: cd .repo && npx projen package:java 166 | - name: Collect java artifact 167 | run: mv .repo/dist dist 168 | - name: Release 169 | env: 170 | MAVEN_SERVER_ID: central-ossrh 171 | MAVEN_GPG_PRIVATE_KEY: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} 172 | MAVEN_GPG_PRIVATE_KEY_PASSPHRASE: ${{ secrets.MAVEN_GPG_PRIVATE_KEY_PASSPHRASE }} 173 | MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} 174 | MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }} 175 | MAVEN_STAGING_PROFILE_ID: ${{ secrets.MAVEN_STAGING_PROFILE_ID }} 176 | run: npx -p publib@latest publib-maven 177 | release_pypi: 178 | name: Publish to PyPI 179 | needs: release 180 | runs-on: ubuntu-latest 181 | permissions: 182 | contents: read 183 | if: needs.release.outputs.tag_exists != 'true' && needs.release.outputs.latest_commit == github.sha 184 | steps: 185 | - uses: actions/setup-node@v4 186 | with: 187 | node-version: lts/* 188 | - uses: actions/setup-python@v5 189 | with: 190 | python-version: 3.x 191 | - name: Download build artifacts 192 | uses: actions/download-artifact@v4 193 | with: 194 | name: build-artifact 195 | path: dist 196 | - name: Restore build artifact permissions 197 | run: cd dist && setfacl --restore=permissions-backup.acl 198 | continue-on-error: true 199 | - name: Checkout 200 | uses: actions/checkout@v4 201 | with: 202 | path: .repo 203 | - name: Install Dependencies 204 | run: cd .repo && yarn install --check-files --frozen-lockfile 205 | - name: Extract build artifact 206 | run: tar --strip-components=1 -xzvf dist/js/*.tgz -C .repo 207 | - name: Move build artifact out of the way 208 | run: mv dist dist.old 209 | - name: Create python artifact 210 | run: cd .repo && npx projen package:python 211 | - name: Collect python artifact 212 | run: mv .repo/dist dist 213 | - name: Release 214 | env: 215 | TWINE_USERNAME: ${{ secrets.TWINE_USERNAME }} 216 | TWINE_PASSWORD: ${{ secrets.TWINE_PASSWORD }} 217 | run: npx -p publib@latest publib-pypi 218 | release_nuget: 219 | name: Publish to NuGet Gallery 220 | needs: release 221 | runs-on: ubuntu-latest 222 | permissions: 223 | contents: read 224 | if: needs.release.outputs.tag_exists != 'true' && needs.release.outputs.latest_commit == github.sha 225 | steps: 226 | - uses: actions/setup-node@v4 227 | with: 228 | node-version: lts/* 229 | - uses: actions/setup-dotnet@v4 230 | with: 231 | dotnet-version: 6.x 232 | - name: Download build artifacts 233 | uses: actions/download-artifact@v4 234 | with: 235 | name: build-artifact 236 | path: dist 237 | - name: Restore build artifact permissions 238 | run: cd dist && setfacl --restore=permissions-backup.acl 239 | continue-on-error: true 240 | - name: Checkout 241 | uses: actions/checkout@v4 242 | with: 243 | path: .repo 244 | - name: Install Dependencies 245 | run: cd .repo && yarn install --check-files --frozen-lockfile 246 | - name: Extract build artifact 247 | run: tar --strip-components=1 -xzvf dist/js/*.tgz -C .repo 248 | - name: Move build artifact out of the way 249 | run: mv dist dist.old 250 | - name: Create dotnet artifact 251 | run: cd .repo && npx projen package:dotnet 252 | - name: Collect dotnet artifact 253 | run: mv .repo/dist dist 254 | - name: Release 255 | env: 256 | NUGET_API_KEY: ${{ secrets.NUGET_API_KEY }} 257 | run: npx -p publib@latest publib-nuget 258 | release_golang: 259 | name: Publish to GitHub Go Module Repository 260 | needs: release 261 | runs-on: ubuntu-latest 262 | permissions: 263 | contents: read 264 | if: needs.release.outputs.tag_exists != 'true' && needs.release.outputs.latest_commit == github.sha 265 | steps: 266 | - uses: actions/setup-node@v4 267 | with: 268 | node-version: lts/* 269 | - uses: actions/setup-go@v5 270 | with: 271 | go-version: ^1.18.0 272 | - name: Download build artifacts 273 | uses: actions/download-artifact@v4 274 | with: 275 | name: build-artifact 276 | path: dist 277 | - name: Restore build artifact permissions 278 | run: cd dist && setfacl --restore=permissions-backup.acl 279 | continue-on-error: true 280 | - name: Checkout 281 | uses: actions/checkout@v4 282 | with: 283 | path: .repo 284 | - name: Install Dependencies 285 | run: cd .repo && yarn install --check-files --frozen-lockfile 286 | - name: Extract build artifact 287 | run: tar --strip-components=1 -xzvf dist/js/*.tgz -C .repo 288 | - name: Move build artifact out of the way 289 | run: mv dist dist.old 290 | - name: Create go artifact 291 | run: cd .repo && npx projen package:go 292 | - name: Collect go artifact 293 | run: mv .repo/dist dist 294 | - name: Release 295 | env: 296 | GIT_BRANCH: main 297 | GIT_USER_NAME: cdk8s-automation 298 | GIT_USER_EMAIL: cdk8s-team@amazon.com 299 | GITHUB_TOKEN: ${{ secrets.GO_GITHUB_TOKEN }} 300 | run: npx -p publib@latest publib-golang 301 | -------------------------------------------------------------------------------- /.github/workflows/security.yml: -------------------------------------------------------------------------------- 1 | # ~~ Generated by projen. To modify, edit .projenrc.js and run "npx projen". 2 | 3 | name: security 4 | on: 5 | schedule: 6 | - cron: 0 0 * * * 7 | workflow_dispatch: {} 8 | jobs: 9 | scan: 10 | runs-on: ubuntu-latest 11 | permissions: 12 | security-events: read 13 | issues: write 14 | steps: 15 | - name: scan 16 | uses: cdk8s-team/cdk8s-dependabot-security-alerts@main 17 | env: 18 | GITHUB_TOKEN: ${{ secrets.PROJEN_GITHUB_TOKEN }} 19 | REPO_ROOT: ${{ github.workspace }} 20 | REPO_NAME: ${{ github.repository }} 21 | OWNER_NAME: ${{ github.repository_owner }} 22 | -------------------------------------------------------------------------------- /.github/workflows/stale.yml: -------------------------------------------------------------------------------- 1 | # ~~ Generated by projen. To modify, edit .projenrc.js and run "npx projen". 2 | 3 | name: stale 4 | on: 5 | workflow_dispatch: {} 6 | schedule: 7 | - cron: 0 */4 * * * 8 | jobs: 9 | scan: 10 | runs-on: ubuntu-latest 11 | permissions: 12 | issues: write 13 | pull-requests: write 14 | contents: read 15 | steps: 16 | - uses: aws-actions/stale-issue-cleanup@v6 17 | with: 18 | ancient-issue-message: This issue has not received any attention in 1 year and will be closed soon. If you want to keep it open, please leave a comment below @mentioning a maintainer. 19 | stale-issue-message: This issue has not received a response in a while and will be closed soon. If you want to keep it open, please leave a comment below @mentioning a maintainer. 20 | stale-pr-message: This PR has not received a response in a while and will be closed soon. If you want to keep it open, please leave a comment below @mentioning a maintainer. 21 | stale-issue-label: closing-soon 22 | exempt-issue-labels: no-autoclose 23 | stale-pr-label: closing-soon 24 | exempt-pr-labels: no-autoclose 25 | response-requested-label: response-requested 26 | closed-for-staleness-label: closed-for-staleness 27 | days-before-stale: 30 28 | days-before-close: 7 29 | days-before-ancient: 365 30 | minimum-upvotes-to-exempt: 10 31 | repo-token: ${{ secrets.GITHUB_TOKEN }} 32 | loglevel: DEBUG 33 | dry-run: false 34 | -------------------------------------------------------------------------------- /.github/workflows/triage.yml: -------------------------------------------------------------------------------- 1 | # ~~ Generated by projen. To modify, edit .projenrc.js and run "npx projen". 2 | 3 | name: triage 4 | on: 5 | issues: 6 | types: 7 | - opened 8 | pull_request: 9 | types: 10 | - opened 11 | jobs: 12 | assign-to-project: 13 | runs-on: ubuntu-latest 14 | permissions: 15 | issues: write 16 | pull-requests: write 17 | if: (github.repository == 'cdk8s-team/cdk8s-image') && (github.event.issue || (github.event.pull_request.user.login != 'cdk8s-automation' && github.event.pull_request.head.repo.full_name == github.repository)) 18 | steps: 19 | - uses: actions/add-to-project@v0.4.0 20 | with: 21 | project-url: https://github.com/orgs/cdk8s-team/projects/12 22 | github-token: ${{ secrets.PROJEN_GITHUB_TOKEN }} 23 | -------------------------------------------------------------------------------- /.github/workflows/upgrade-compiler-dependencies-main.yml: -------------------------------------------------------------------------------- 1 | # ~~ Generated by projen. To modify, edit .projenrc.js and run "npx projen". 2 | 3 | name: upgrade-compiler-dependencies-main 4 | on: 5 | workflow_dispatch: {} 6 | schedule: 7 | - cron: 0 12 * * * 8 | jobs: 9 | upgrade: 10 | name: Upgrade 11 | runs-on: ubuntu-latest 12 | permissions: 13 | contents: read 14 | outputs: 15 | patch_created: ${{ steps.create_patch.outputs.patch_created }} 16 | steps: 17 | - name: Checkout 18 | uses: actions/checkout@v4 19 | with: 20 | ref: main 21 | - name: Setup Node.js 22 | uses: actions/setup-node@v4 23 | with: 24 | node-version: lts/* 25 | - name: Install dependencies 26 | run: yarn install --check-files --frozen-lockfile 27 | - name: Upgrade dependencies 28 | run: npx projen upgrade-compiler-dependencies 29 | - name: Find mutations 30 | id: create_patch 31 | run: |- 32 | git add . 33 | git diff --staged --patch --exit-code > repo.patch || echo "patch_created=true" >> $GITHUB_OUTPUT 34 | working-directory: ./ 35 | - name: Upload patch 36 | if: steps.create_patch.outputs.patch_created 37 | uses: actions/upload-artifact@v4.4.0 38 | with: 39 | name: repo.patch 40 | path: repo.patch 41 | overwrite: true 42 | pr: 43 | name: Create Pull Request 44 | needs: upgrade 45 | runs-on: ubuntu-latest 46 | permissions: 47 | contents: read 48 | if: ${{ needs.upgrade.outputs.patch_created }} 49 | steps: 50 | - name: Checkout 51 | uses: actions/checkout@v4 52 | with: 53 | ref: main 54 | - name: Download patch 55 | uses: actions/download-artifact@v4 56 | with: 57 | name: repo.patch 58 | path: ${{ runner.temp }} 59 | - name: Apply patch 60 | run: '[ -s ${{ runner.temp }}/repo.patch ] && git apply ${{ runner.temp }}/repo.patch || echo "Empty patch. Skipping."' 61 | - name: Set git identity 62 | run: |- 63 | git config user.name "github-actions" 64 | git config user.email "github-actions@github.com" 65 | - name: Create Pull Request 66 | id: create-pr 67 | uses: peter-evans/create-pull-request@v6 68 | with: 69 | token: ${{ secrets.PROJEN_GITHUB_TOKEN }} 70 | commit-message: |- 71 | chore(deps): upgrade compiler dependencies 72 | 73 | Upgrades project dependencies. See details in [workflow run]. 74 | 75 | [Workflow Run]: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} 76 | 77 | ------ 78 | 79 | *Automatically created by projen via the "upgrade-compiler-dependencies-main" workflow* 80 | branch: github-actions/upgrade-compiler-dependencies-main 81 | title: "chore(deps): upgrade compiler dependencies" 82 | labels: auto-approve 83 | body: |- 84 | Upgrades project dependencies. See details in [workflow run]. 85 | 86 | [Workflow Run]: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} 87 | 88 | ------ 89 | 90 | *Automatically created by projen via the "upgrade-compiler-dependencies-main" workflow* 91 | author: github-actions 92 | committer: github-actions 93 | signoff: true 94 | -------------------------------------------------------------------------------- /.github/workflows/upgrade-configuration-main.yml: -------------------------------------------------------------------------------- 1 | # ~~ Generated by projen. To modify, edit .projenrc.js and run "npx projen". 2 | 3 | name: upgrade-configuration-main 4 | on: 5 | workflow_dispatch: {} 6 | schedule: 7 | - cron: 0 15 * * * 8 | jobs: 9 | upgrade: 10 | name: Upgrade 11 | runs-on: ubuntu-latest 12 | permissions: 13 | contents: read 14 | outputs: 15 | patch_created: ${{ steps.create_patch.outputs.patch_created }} 16 | steps: 17 | - name: Checkout 18 | uses: actions/checkout@v4 19 | with: 20 | ref: main 21 | - name: Setup Node.js 22 | uses: actions/setup-node@v4 23 | with: 24 | node-version: lts/* 25 | - name: Install dependencies 26 | run: yarn install --check-files --frozen-lockfile 27 | - name: Upgrade dependencies 28 | run: npx projen upgrade-configuration 29 | - name: Find mutations 30 | id: create_patch 31 | run: |- 32 | git add . 33 | git diff --staged --patch --exit-code > repo.patch || echo "patch_created=true" >> $GITHUB_OUTPUT 34 | working-directory: ./ 35 | - name: Upload patch 36 | if: steps.create_patch.outputs.patch_created 37 | uses: actions/upload-artifact@v4.4.0 38 | with: 39 | name: repo.patch 40 | path: repo.patch 41 | overwrite: true 42 | pr: 43 | name: Create Pull Request 44 | needs: upgrade 45 | runs-on: ubuntu-latest 46 | permissions: 47 | contents: read 48 | if: ${{ needs.upgrade.outputs.patch_created }} 49 | steps: 50 | - name: Checkout 51 | uses: actions/checkout@v4 52 | with: 53 | ref: main 54 | - name: Download patch 55 | uses: actions/download-artifact@v4 56 | with: 57 | name: repo.patch 58 | path: ${{ runner.temp }} 59 | - name: Apply patch 60 | run: '[ -s ${{ runner.temp }}/repo.patch ] && git apply ${{ runner.temp }}/repo.patch || echo "Empty patch. Skipping."' 61 | - name: Set git identity 62 | run: |- 63 | git config user.name "github-actions" 64 | git config user.email "github-actions@github.com" 65 | - name: Create Pull Request 66 | id: create-pr 67 | uses: peter-evans/create-pull-request@v6 68 | with: 69 | token: ${{ secrets.PROJEN_GITHUB_TOKEN }} 70 | commit-message: |- 71 | chore(deps): upgrade configuration 72 | 73 | Upgrades project dependencies. See details in [workflow run]. 74 | 75 | [Workflow Run]: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} 76 | 77 | ------ 78 | 79 | *Automatically created by projen via the "upgrade-configuration-main" workflow* 80 | branch: github-actions/upgrade-configuration-main 81 | title: "chore(deps): upgrade configuration" 82 | labels: auto-approve 83 | body: |- 84 | Upgrades project dependencies. See details in [workflow run]. 85 | 86 | [Workflow Run]: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} 87 | 88 | ------ 89 | 90 | *Automatically created by projen via the "upgrade-configuration-main" workflow* 91 | author: github-actions 92 | committer: github-actions 93 | signoff: true 94 | -------------------------------------------------------------------------------- /.github/workflows/upgrade-dev-dependencies-main.yml: -------------------------------------------------------------------------------- 1 | # ~~ Generated by projen. To modify, edit .projenrc.js and run "npx projen". 2 | 3 | name: upgrade-dev-dependencies-main 4 | on: 5 | workflow_dispatch: {} 6 | schedule: 7 | - cron: 0 9 * * * 8 | jobs: 9 | upgrade: 10 | name: Upgrade 11 | runs-on: ubuntu-latest 12 | permissions: 13 | contents: read 14 | outputs: 15 | patch_created: ${{ steps.create_patch.outputs.patch_created }} 16 | steps: 17 | - name: Checkout 18 | uses: actions/checkout@v4 19 | with: 20 | ref: main 21 | - name: Setup Node.js 22 | uses: actions/setup-node@v4 23 | with: 24 | node-version: lts/* 25 | - name: Install dependencies 26 | run: yarn install --check-files --frozen-lockfile 27 | - name: Upgrade dependencies 28 | run: npx projen upgrade-dev-dependencies 29 | - name: Find mutations 30 | id: create_patch 31 | run: |- 32 | git add . 33 | git diff --staged --patch --exit-code > repo.patch || echo "patch_created=true" >> $GITHUB_OUTPUT 34 | working-directory: ./ 35 | - name: Upload patch 36 | if: steps.create_patch.outputs.patch_created 37 | uses: actions/upload-artifact@v4.4.0 38 | with: 39 | name: repo.patch 40 | path: repo.patch 41 | overwrite: true 42 | pr: 43 | name: Create Pull Request 44 | needs: upgrade 45 | runs-on: ubuntu-latest 46 | permissions: 47 | contents: read 48 | if: ${{ needs.upgrade.outputs.patch_created }} 49 | steps: 50 | - name: Checkout 51 | uses: actions/checkout@v4 52 | with: 53 | ref: main 54 | - name: Download patch 55 | uses: actions/download-artifact@v4 56 | with: 57 | name: repo.patch 58 | path: ${{ runner.temp }} 59 | - name: Apply patch 60 | run: '[ -s ${{ runner.temp }}/repo.patch ] && git apply ${{ runner.temp }}/repo.patch || echo "Empty patch. Skipping."' 61 | - name: Set git identity 62 | run: |- 63 | git config user.name "github-actions" 64 | git config user.email "github-actions@github.com" 65 | - name: Create Pull Request 66 | id: create-pr 67 | uses: peter-evans/create-pull-request@v6 68 | with: 69 | token: ${{ secrets.PROJEN_GITHUB_TOKEN }} 70 | commit-message: |- 71 | chore(deps): upgrade dev dependencies 72 | 73 | Upgrades project dependencies. See details in [workflow run]. 74 | 75 | [Workflow Run]: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} 76 | 77 | ------ 78 | 79 | *Automatically created by projen via the "upgrade-dev-dependencies-main" workflow* 80 | branch: github-actions/upgrade-dev-dependencies-main 81 | title: "chore(deps): upgrade dev dependencies" 82 | labels: auto-approve 83 | body: |- 84 | Upgrades project dependencies. See details in [workflow run]. 85 | 86 | [Workflow Run]: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} 87 | 88 | ------ 89 | 90 | *Automatically created by projen via the "upgrade-dev-dependencies-main" workflow* 91 | author: github-actions 92 | committer: github-actions 93 | signoff: true 94 | -------------------------------------------------------------------------------- /.github/workflows/upgrade-runtime-dependencies-main.yml: -------------------------------------------------------------------------------- 1 | # ~~ Generated by projen. To modify, edit .projenrc.js and run "npx projen". 2 | 3 | name: upgrade-runtime-dependencies-main 4 | on: 5 | workflow_dispatch: {} 6 | schedule: 7 | - cron: 0 6 * * * 8 | jobs: 9 | upgrade: 10 | name: Upgrade 11 | runs-on: ubuntu-latest 12 | permissions: 13 | contents: read 14 | outputs: 15 | patch_created: ${{ steps.create_patch.outputs.patch_created }} 16 | steps: 17 | - name: Checkout 18 | uses: actions/checkout@v4 19 | with: 20 | ref: main 21 | - name: Setup Node.js 22 | uses: actions/setup-node@v4 23 | with: 24 | node-version: lts/* 25 | - name: Install dependencies 26 | run: yarn install --check-files --frozen-lockfile 27 | - name: Upgrade dependencies 28 | run: npx projen upgrade-runtime-dependencies 29 | - name: Find mutations 30 | id: create_patch 31 | run: |- 32 | git add . 33 | git diff --staged --patch --exit-code > repo.patch || echo "patch_created=true" >> $GITHUB_OUTPUT 34 | working-directory: ./ 35 | - name: Upload patch 36 | if: steps.create_patch.outputs.patch_created 37 | uses: actions/upload-artifact@v4.4.0 38 | with: 39 | name: repo.patch 40 | path: repo.patch 41 | overwrite: true 42 | pr: 43 | name: Create Pull Request 44 | needs: upgrade 45 | runs-on: ubuntu-latest 46 | permissions: 47 | contents: read 48 | if: ${{ needs.upgrade.outputs.patch_created }} 49 | steps: 50 | - name: Checkout 51 | uses: actions/checkout@v4 52 | with: 53 | ref: main 54 | - name: Download patch 55 | uses: actions/download-artifact@v4 56 | with: 57 | name: repo.patch 58 | path: ${{ runner.temp }} 59 | - name: Apply patch 60 | run: '[ -s ${{ runner.temp }}/repo.patch ] && git apply ${{ runner.temp }}/repo.patch || echo "Empty patch. Skipping."' 61 | - name: Set git identity 62 | run: |- 63 | git config user.name "github-actions" 64 | git config user.email "github-actions@github.com" 65 | - name: Create Pull Request 66 | id: create-pr 67 | uses: peter-evans/create-pull-request@v6 68 | with: 69 | token: ${{ secrets.PROJEN_GITHUB_TOKEN }} 70 | commit-message: |- 71 | chore(deps): upgrade runtime dependencies 72 | 73 | Upgrades project dependencies. See details in [workflow run]. 74 | 75 | [Workflow Run]: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} 76 | 77 | ------ 78 | 79 | *Automatically created by projen via the "upgrade-runtime-dependencies-main" workflow* 80 | branch: github-actions/upgrade-runtime-dependencies-main 81 | title: "chore(deps): upgrade runtime dependencies" 82 | labels: auto-approve 83 | body: |- 84 | Upgrades project dependencies. See details in [workflow run]. 85 | 86 | [Workflow Run]: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} 87 | 88 | ------ 89 | 90 | *Automatically created by projen via the "upgrade-runtime-dependencies-main" workflow* 91 | author: github-actions 92 | committer: github-actions 93 | signoff: true 94 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # ~~ Generated by projen. To modify, edit .projenrc.js and run "npx projen". 2 | !/.gitattributes 3 | !/.projen/tasks.json 4 | !/.projen/deps.json 5 | !/.projen/files.json 6 | !/.github/workflows/auto-queue.yml 7 | !/.github/workflows/pull-request-lint.yml 8 | !/.github/workflows/auto-approve.yml 9 | !/package.json 10 | !/LICENSE 11 | !/.npmignore 12 | logs 13 | *.log 14 | npm-debug.log* 15 | yarn-debug.log* 16 | yarn-error.log* 17 | lerna-debug.log* 18 | report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json 19 | pids 20 | *.pid 21 | *.seed 22 | *.pid.lock 23 | lib-cov 24 | coverage 25 | *.lcov 26 | .nyc_output 27 | build/Release 28 | node_modules/ 29 | jspm_packages/ 30 | *.tsbuildinfo 31 | .eslintcache 32 | *.tgz 33 | .yarn-integrity 34 | .cache 35 | /test-reports/ 36 | junit.xml 37 | /coverage/ 38 | !/.github/workflows/build.yml 39 | /dist/changelog.md 40 | /dist/version.txt 41 | !/.github/workflows/release.yml 42 | !/.github/workflows/upgrade-runtime-dependencies-main.yml 43 | !/.github/pull_request_template.md 44 | !/test/ 45 | !/tsconfig.dev.json 46 | !/src/ 47 | /lib 48 | /dist/ 49 | !/.eslintrc.json 50 | .jsii 51 | tsconfig.json 52 | !/API.md 53 | !/CODE_OF_CONDUCT.md 54 | !/DCO 55 | !/git-hooks/prepare-commit-msg 56 | !/git-hooks/README.md 57 | !/git-hooks/setup.sh 58 | !/.github/ISSUE_TEMPLATE/config.yml 59 | !/SECURITY.md 60 | !/.github/workflows/security.yml 61 | !/.github/workflows/triage.yml 62 | !/.github/workflows/stale.yml 63 | !/.github/workflows/upgrade-configuration-main.yml 64 | !/.github/workflows/upgrade-dev-dependencies-main.yml 65 | !/.github/workflows/upgrade-compiler-dependencies-main.yml 66 | !/.projenrc.js 67 | -------------------------------------------------------------------------------- /.npmignore: -------------------------------------------------------------------------------- 1 | # ~~ Generated by projen. To modify, edit .projenrc.js and run "npx projen". 2 | /.projen/ 3 | /test-reports/ 4 | junit.xml 5 | /coverage/ 6 | permissions-backup.acl 7 | /dist/changelog.md 8 | /dist/version.txt 9 | /test/ 10 | /tsconfig.dev.json 11 | /src/ 12 | !/lib/ 13 | !/lib/**/*.js 14 | !/lib/**/*.d.ts 15 | dist 16 | /tsconfig.json 17 | /.github/ 18 | /.vscode/ 19 | /.idea/ 20 | /.projenrc.js 21 | tsconfig.tsbuildinfo 22 | /.eslintrc.json 23 | !.jsii 24 | /.gitattributes 25 | -------------------------------------------------------------------------------- /.projen/deps.json: -------------------------------------------------------------------------------- 1 | { 2 | "dependencies": [ 3 | { 4 | "name": "@cdk8s/projen-common", 5 | "type": "build" 6 | }, 7 | { 8 | "name": "@stylistic/eslint-plugin", 9 | "version": "^2", 10 | "type": "build" 11 | }, 12 | { 13 | "name": "@types/jest", 14 | "type": "build" 15 | }, 16 | { 17 | "name": "@types/node", 18 | "version": "16.18.78", 19 | "type": "build" 20 | }, 21 | { 22 | "name": "@typescript-eslint/eslint-plugin", 23 | "version": "^8", 24 | "type": "build" 25 | }, 26 | { 27 | "name": "@typescript-eslint/parser", 28 | "version": "^8", 29 | "type": "build" 30 | }, 31 | { 32 | "name": "commit-and-tag-version", 33 | "version": "^12", 34 | "type": "build" 35 | }, 36 | { 37 | "name": "constructs", 38 | "version": "^10.0.0", 39 | "type": "build" 40 | }, 41 | { 42 | "name": "eslint-import-resolver-typescript", 43 | "type": "build" 44 | }, 45 | { 46 | "name": "eslint-plugin-import", 47 | "type": "build" 48 | }, 49 | { 50 | "name": "eslint", 51 | "version": "^9", 52 | "type": "build" 53 | }, 54 | { 55 | "name": "jest", 56 | "type": "build" 57 | }, 58 | { 59 | "name": "jest-junit", 60 | "version": "^16", 61 | "type": "build" 62 | }, 63 | { 64 | "name": "jsii-diff", 65 | "type": "build" 66 | }, 67 | { 68 | "name": "jsii-docgen", 69 | "version": "^10.5.0", 70 | "type": "build" 71 | }, 72 | { 73 | "name": "jsii-pacmak", 74 | "type": "build" 75 | }, 76 | { 77 | "name": "jsii-rosetta", 78 | "version": "~5.6.0", 79 | "type": "build" 80 | }, 81 | { 82 | "name": "jsii", 83 | "version": "~5.6.0", 84 | "type": "build" 85 | }, 86 | { 87 | "name": "projen", 88 | "type": "build" 89 | }, 90 | { 91 | "name": "ts-jest", 92 | "type": "build" 93 | }, 94 | { 95 | "name": "typescript", 96 | "type": "build" 97 | }, 98 | { 99 | "name": "**/downlevel-dts/**/typescript", 100 | "version": "~5.2.2", 101 | "type": "override" 102 | }, 103 | { 104 | "name": "cdk8s", 105 | "type": "peer" 106 | }, 107 | { 108 | "name": "constructs", 109 | "type": "peer" 110 | } 111 | ], 112 | "//": "~~ Generated by projen. To modify, edit .projenrc.js and run \"npx projen\"." 113 | } 114 | -------------------------------------------------------------------------------- /.projen/files.json: -------------------------------------------------------------------------------- 1 | { 2 | "files": [ 3 | ".eslintrc.json", 4 | ".gitattributes", 5 | ".github/ISSUE_TEMPLATE/config.yml", 6 | ".github/pull_request_template.md", 7 | ".github/workflows/auto-approve.yml", 8 | ".github/workflows/auto-queue.yml", 9 | ".github/workflows/build.yml", 10 | ".github/workflows/pull-request-lint.yml", 11 | ".github/workflows/release.yml", 12 | ".github/workflows/security.yml", 13 | ".github/workflows/stale.yml", 14 | ".github/workflows/triage.yml", 15 | ".github/workflows/upgrade-compiler-dependencies-main.yml", 16 | ".github/workflows/upgrade-configuration-main.yml", 17 | ".github/workflows/upgrade-dev-dependencies-main.yml", 18 | ".github/workflows/upgrade-runtime-dependencies-main.yml", 19 | ".gitignore", 20 | ".projen/deps.json", 21 | ".projen/files.json", 22 | ".projen/tasks.json", 23 | "CODE_OF_CONDUCT.md", 24 | "DCO", 25 | "git-hooks/prepare-commit-msg", 26 | "git-hooks/README.md", 27 | "git-hooks/setup.sh", 28 | "LICENSE", 29 | "SECURITY.md", 30 | "tsconfig.dev.json" 31 | ], 32 | "//": "~~ Generated by projen. To modify, edit .projenrc.js and run \"npx projen\"." 33 | } 34 | -------------------------------------------------------------------------------- /.projen/tasks.json: -------------------------------------------------------------------------------- 1 | { 2 | "tasks": { 3 | "build": { 4 | "name": "build", 5 | "description": "Full release build", 6 | "steps": [ 7 | { 8 | "spawn": "default" 9 | }, 10 | { 11 | "spawn": "pre-compile" 12 | }, 13 | { 14 | "spawn": "compile" 15 | }, 16 | { 17 | "spawn": "post-compile" 18 | }, 19 | { 20 | "spawn": "test" 21 | }, 22 | { 23 | "spawn": "package" 24 | } 25 | ] 26 | }, 27 | "bump": { 28 | "name": "bump", 29 | "description": "Bumps version based on latest git tag and generates a changelog entry", 30 | "env": { 31 | "OUTFILE": "package.json", 32 | "CHANGELOG": "dist/changelog.md", 33 | "BUMPFILE": "dist/version.txt", 34 | "RELEASETAG": "dist/releasetag.txt", 35 | "RELEASE_TAG_PREFIX": "", 36 | "BUMP_PACKAGE": "commit-and-tag-version@^12", 37 | "RELEASABLE_COMMITS": "git log --no-merges --oneline $LATEST_TAG..HEAD -E --grep \"^(feat|fix){1}(\\([^()[:space:]]+\\))?(!)?:[[:blank:]]+.+\" --grep 'chore\\(deps\\): upgrade runtime dependencies' --grep 'chore\\(deps\\): upgrade compiler dependencies'" 38 | }, 39 | "steps": [ 40 | { 41 | "builtin": "release/bump-version" 42 | } 43 | ], 44 | "condition": "git log --oneline -1 | grep -qv \"chore(release):\"" 45 | }, 46 | "clobber": { 47 | "name": "clobber", 48 | "description": "hard resets to HEAD of origin and cleans the local repo", 49 | "env": { 50 | "BRANCH": "$(git branch --show-current)" 51 | }, 52 | "steps": [ 53 | { 54 | "exec": "git checkout -b scratch", 55 | "name": "save current HEAD in \"scratch\" branch" 56 | }, 57 | { 58 | "exec": "git checkout $BRANCH" 59 | }, 60 | { 61 | "exec": "git fetch origin", 62 | "name": "fetch latest changes from origin" 63 | }, 64 | { 65 | "exec": "git reset --hard origin/$BRANCH", 66 | "name": "hard reset to origin commit" 67 | }, 68 | { 69 | "exec": "git clean -fdx", 70 | "name": "clean all untracked files" 71 | }, 72 | { 73 | "say": "ready to rock! (unpushed commits are under the \"scratch\" branch)" 74 | } 75 | ], 76 | "condition": "git diff --exit-code > /dev/null" 77 | }, 78 | "compat": { 79 | "name": "compat", 80 | "description": "Perform API compatibility check against latest version", 81 | "steps": [ 82 | { 83 | "exec": "jsii-diff npm:$(node -p \"require('./package.json').name\") -k --ignore-file .compatignore || (echo \"\nUNEXPECTED BREAKING CHANGES: add keys such as 'removed:constructs.Node.of' to .compatignore to skip.\n\" && exit 1)" 84 | } 85 | ] 86 | }, 87 | "compile": { 88 | "name": "compile", 89 | "description": "Only compile", 90 | "steps": [ 91 | { 92 | "exec": "jsii --silence-warnings=reserved-word" 93 | } 94 | ] 95 | }, 96 | "default": { 97 | "name": "default", 98 | "description": "Synthesize project files", 99 | "steps": [ 100 | { 101 | "exec": "node .projenrc.js" 102 | } 103 | ] 104 | }, 105 | "docgen": { 106 | "name": "docgen", 107 | "description": "Generate API.md from .jsii manifest", 108 | "steps": [ 109 | { 110 | "exec": "jsii-docgen -o API.md" 111 | } 112 | ] 113 | }, 114 | "eject": { 115 | "name": "eject", 116 | "description": "Remove projen from the project", 117 | "env": { 118 | "PROJEN_EJECTING": "true" 119 | }, 120 | "steps": [ 121 | { 122 | "spawn": "default" 123 | } 124 | ] 125 | }, 126 | "eslint": { 127 | "name": "eslint", 128 | "description": "Runs eslint against the codebase", 129 | "env": { 130 | "ESLINT_USE_FLAT_CONFIG": "false" 131 | }, 132 | "steps": [ 133 | { 134 | "exec": "eslint --ext .ts,.tsx --fix --no-error-on-unmatched-pattern $@ src test build-tools .projenrc.js", 135 | "receiveArgs": true 136 | } 137 | ] 138 | }, 139 | "install": { 140 | "name": "install", 141 | "description": "Install project dependencies and update lockfile (non-frozen)", 142 | "steps": [ 143 | { 144 | "exec": "yarn install --check-files" 145 | } 146 | ] 147 | }, 148 | "install:ci": { 149 | "name": "install:ci", 150 | "description": "Install project dependencies using frozen lockfile", 151 | "steps": [ 152 | { 153 | "exec": "yarn install --check-files --frozen-lockfile" 154 | } 155 | ] 156 | }, 157 | "package": { 158 | "name": "package", 159 | "description": "Creates the distribution package", 160 | "steps": [ 161 | { 162 | "spawn": "package:js", 163 | "condition": "node -e \"if (!process.env.CI) process.exit(1)\"" 164 | }, 165 | { 166 | "spawn": "package-all", 167 | "condition": "node -e \"if (process.env.CI) process.exit(1)\"" 168 | } 169 | ] 170 | }, 171 | "package-all": { 172 | "name": "package-all", 173 | "description": "Packages artifacts for all target languages", 174 | "steps": [ 175 | { 176 | "spawn": "package:js" 177 | }, 178 | { 179 | "spawn": "package:java" 180 | }, 181 | { 182 | "spawn": "package:python" 183 | }, 184 | { 185 | "spawn": "package:dotnet" 186 | }, 187 | { 188 | "spawn": "package:go" 189 | } 190 | ] 191 | }, 192 | "package:dotnet": { 193 | "name": "package:dotnet", 194 | "description": "Create dotnet language bindings", 195 | "steps": [ 196 | { 197 | "exec": "jsii-pacmak -v --target dotnet" 198 | } 199 | ] 200 | }, 201 | "package:go": { 202 | "name": "package:go", 203 | "description": "Create go language bindings", 204 | "steps": [ 205 | { 206 | "exec": "jsii-pacmak -v --target go" 207 | } 208 | ] 209 | }, 210 | "package:java": { 211 | "name": "package:java", 212 | "description": "Create java language bindings", 213 | "steps": [ 214 | { 215 | "exec": "jsii-pacmak -v --target java" 216 | } 217 | ] 218 | }, 219 | "package:js": { 220 | "name": "package:js", 221 | "description": "Create js language bindings", 222 | "steps": [ 223 | { 224 | "exec": "jsii-pacmak -v --target js" 225 | } 226 | ] 227 | }, 228 | "package:python": { 229 | "name": "package:python", 230 | "description": "Create python language bindings", 231 | "steps": [ 232 | { 233 | "exec": "jsii-pacmak -v --target python" 234 | } 235 | ] 236 | }, 237 | "post-compile": { 238 | "name": "post-compile", 239 | "description": "Runs after successful compilation", 240 | "steps": [ 241 | { 242 | "spawn": "docgen" 243 | } 244 | ] 245 | }, 246 | "post-upgrade": { 247 | "name": "post-upgrade", 248 | "description": "Runs after upgrading dependencies" 249 | }, 250 | "pre-compile": { 251 | "name": "pre-compile", 252 | "description": "Prepare the project for compilation" 253 | }, 254 | "release": { 255 | "name": "release", 256 | "description": "Prepare a release from \"main\" branch", 257 | "env": { 258 | "RELEASE": "true" 259 | }, 260 | "steps": [ 261 | { 262 | "exec": "rm -fr dist" 263 | }, 264 | { 265 | "spawn": "bump" 266 | }, 267 | { 268 | "spawn": "build" 269 | }, 270 | { 271 | "spawn": "unbump" 272 | }, 273 | { 274 | "exec": "git diff --ignore-space-at-eol --exit-code" 275 | } 276 | ] 277 | }, 278 | "test": { 279 | "name": "test", 280 | "description": "Run tests", 281 | "steps": [ 282 | { 283 | "exec": "jest --passWithNoTests --updateSnapshot", 284 | "receiveArgs": true 285 | }, 286 | { 287 | "spawn": "eslint" 288 | } 289 | ] 290 | }, 291 | "test:watch": { 292 | "name": "test:watch", 293 | "description": "Run jest in watch mode", 294 | "steps": [ 295 | { 296 | "exec": "jest --watch" 297 | } 298 | ] 299 | }, 300 | "unbump": { 301 | "name": "unbump", 302 | "description": "Restores version to 0.0.0", 303 | "env": { 304 | "OUTFILE": "package.json", 305 | "CHANGELOG": "dist/changelog.md", 306 | "BUMPFILE": "dist/version.txt", 307 | "RELEASETAG": "dist/releasetag.txt", 308 | "RELEASE_TAG_PREFIX": "", 309 | "BUMP_PACKAGE": "commit-and-tag-version@^12", 310 | "RELEASABLE_COMMITS": "git log --no-merges --oneline $LATEST_TAG..HEAD -E --grep \"^(feat|fix){1}(\\([^()[:space:]]+\\))?(!)?:[[:blank:]]+.+\" --grep 'chore\\(deps\\): upgrade runtime dependencies' --grep 'chore\\(deps\\): upgrade compiler dependencies'" 311 | }, 312 | "steps": [ 313 | { 314 | "builtin": "release/reset-version" 315 | } 316 | ] 317 | }, 318 | "upgrade-compiler-dependencies": { 319 | "name": "upgrade-compiler-dependencies", 320 | "description": "upgrade compiler dependencies", 321 | "env": { 322 | "CI": "0" 323 | }, 324 | "steps": [ 325 | { 326 | "exec": "npx npm-check-updates@16 --upgrade --target=minor --peer --no-deprecated --dep=dev --filter=jsii,jsii-docgen,jsii-pacmak,jsii-rosetta,typescript" 327 | }, 328 | { 329 | "exec": "yarn install --check-files" 330 | }, 331 | { 332 | "exec": "yarn upgrade jsii jsii-docgen jsii-pacmak jsii-rosetta typescript" 333 | }, 334 | { 335 | "exec": "npx projen" 336 | }, 337 | { 338 | "spawn": "post-upgrade" 339 | } 340 | ] 341 | }, 342 | "upgrade-configuration": { 343 | "name": "upgrade-configuration", 344 | "description": "upgrade configuration", 345 | "env": { 346 | "CI": "0" 347 | }, 348 | "steps": [ 349 | { 350 | "exec": "npx npm-check-updates@16 --upgrade --target=minor --peer --no-deprecated --dep=dev --filter=projen,@cdk8s/projen-common" 351 | }, 352 | { 353 | "exec": "yarn install --check-files" 354 | }, 355 | { 356 | "exec": "yarn upgrade projen @cdk8s/projen-common" 357 | }, 358 | { 359 | "exec": "npx projen" 360 | }, 361 | { 362 | "spawn": "post-upgrade" 363 | } 364 | ] 365 | }, 366 | "upgrade-dev-dependencies": { 367 | "name": "upgrade-dev-dependencies", 368 | "description": "upgrade dev dependencies", 369 | "env": { 370 | "CI": "0" 371 | }, 372 | "steps": [ 373 | { 374 | "exec": "npx npm-check-updates@16 --upgrade --target=minor --peer --no-deprecated --dep=dev --filter=@types/jest,eslint-import-resolver-typescript,eslint-plugin-import,jest,jsii-diff,ts-jest" 375 | }, 376 | { 377 | "exec": "yarn install --check-files" 378 | }, 379 | { 380 | "exec": "yarn upgrade @stylistic/eslint-plugin @types/jest @types/node @typescript-eslint/eslint-plugin @typescript-eslint/parser commit-and-tag-version constructs eslint-import-resolver-typescript eslint-plugin-import eslint jest jest-junit jsii-diff ts-jest" 381 | }, 382 | { 383 | "exec": "npx projen" 384 | }, 385 | { 386 | "spawn": "post-upgrade" 387 | } 388 | ] 389 | }, 390 | "upgrade-runtime-dependencies": { 391 | "name": "upgrade-runtime-dependencies", 392 | "description": "upgrade runtime dependencies", 393 | "env": { 394 | "CI": "0" 395 | }, 396 | "steps": [ 397 | { 398 | "exec": "echo No dependencies to upgrade." 399 | } 400 | ] 401 | }, 402 | "watch": { 403 | "name": "watch", 404 | "description": "Watch & compile in the background", 405 | "steps": [ 406 | { 407 | "exec": "jsii -w --silence-warnings=reserved-word" 408 | } 409 | ] 410 | } 411 | }, 412 | "env": { 413 | "PATH": "$(npx -c \"node --print process.env.PATH\")" 414 | }, 415 | "//": "~~ Generated by projen. To modify, edit .projenrc.js and run \"npx projen\"." 416 | } 417 | -------------------------------------------------------------------------------- /.projenrc.js: -------------------------------------------------------------------------------- 1 | const { Cdk8sTeamJsiiProject } = require('@cdk8s/projen-common'); 2 | 3 | const project = new Cdk8sTeamJsiiProject({ 4 | keywords: [ 5 | 'cdk8s', 6 | 'docker', 7 | 'containers', 8 | 'kubernetes', 9 | ], 10 | peerDeps: [ 11 | 'constructs', 12 | 'cdk8s', 13 | ], 14 | devDeps: [ 15 | '@cdk8s/projen-common', 16 | ], 17 | name: 'cdk8s-image', 18 | description: 'Build & Push local docker images inside CDK8s applications', 19 | defaultReleaseBranch: 'main', 20 | projenUpgradeSecret: 'PROJEN_GITHUB_TOKEN', 21 | }); 22 | 23 | project.synth(); 24 | -------------------------------------------------------------------------------- /API.md: -------------------------------------------------------------------------------- 1 | # API Reference 2 | 3 | ## Constructs 4 | 5 | ### Image 6 | 7 | Represents a docker image built during synthesis from a context directory (`dir`) with a `Dockerfile`. 8 | 9 | The image will be built using `docker build` and then pushed through `docker 10 | push`. The URL of the pushed image can be accessed through `image.url`. 11 | 12 | If you push to a registry other than docker hub, you can specify the registry 13 | URL through the `registry` option. 14 | 15 | #### Initializers 16 | 17 | ```typescript 18 | import { Image } from 'cdk8s-image' 19 | 20 | new Image(scope: Construct, id: string, props: ImageProps) 21 | ``` 22 | 23 | | **Name** | **Type** | **Description** | 24 | | --- | --- | --- | 25 | | scope | constructs.Construct | *No description.* | 26 | | id | string | *No description.* | 27 | | props | ImageProps | *No description.* | 28 | 29 | --- 30 | 31 | ##### `scope`Required 32 | 33 | - *Type:* constructs.Construct 34 | 35 | --- 36 | 37 | ##### `id`Required 38 | 39 | - *Type:* string 40 | 41 | --- 42 | 43 | ##### `props`Required 44 | 45 | - *Type:* ImageProps 46 | 47 | --- 48 | 49 | #### Methods 50 | 51 | | **Name** | **Description** | 52 | | --- | --- | 53 | | toString | Returns a string representation of this construct. | 54 | 55 | --- 56 | 57 | ##### `toString` 58 | 59 | ```typescript 60 | public toString(): string 61 | ``` 62 | 63 | Returns a string representation of this construct. 64 | 65 | #### Static Functions 66 | 67 | | **Name** | **Description** | 68 | | --- | --- | 69 | | isConstruct | Checks if `x` is a construct. | 70 | 71 | --- 72 | 73 | ##### `isConstruct` 74 | 75 | ```typescript 76 | import { Image } from 'cdk8s-image' 77 | 78 | Image.isConstruct(x: any) 79 | ``` 80 | 81 | Checks if `x` is a construct. 82 | 83 | Use this method instead of `instanceof` to properly detect `Construct` 84 | instances, even when the construct library is symlinked. 85 | 86 | Explanation: in JavaScript, multiple copies of the `constructs` library on 87 | disk are seen as independent, completely different libraries. As a 88 | consequence, the class `Construct` in each copy of the `constructs` library 89 | is seen as a different class, and an instance of one class will not test as 90 | `instanceof` the other class. `npm install` will not create installations 91 | like this, but users may manually symlink construct libraries together or 92 | use a monorepo tool: in those cases, multiple copies of the `constructs` 93 | library can be accidentally installed, and `instanceof` will behave 94 | unpredictably. It is safest to avoid using `instanceof`, and using 95 | this type-testing method instead. 96 | 97 | ###### `x`Required 98 | 99 | - *Type:* any 100 | 101 | Any object. 102 | 103 | --- 104 | 105 | #### Properties 106 | 107 | | **Name** | **Type** | **Description** | 108 | | --- | --- | --- | 109 | | node | constructs.Node | The tree node. | 110 | | url | string | The image URL to use in order to pull this instance of the image. | 111 | 112 | --- 113 | 114 | ##### `node`Required 115 | 116 | ```typescript 117 | public readonly node: Node; 118 | ``` 119 | 120 | - *Type:* constructs.Node 121 | 122 | The tree node. 123 | 124 | --- 125 | 126 | ##### `url`Required 127 | 128 | ```typescript 129 | public readonly url: string; 130 | ``` 131 | 132 | - *Type:* string 133 | 134 | The image URL to use in order to pull this instance of the image. 135 | 136 | --- 137 | 138 | 139 | ## Structs 140 | 141 | ### BuildArg 142 | 143 | Build arg to pass to the docker build. 144 | 145 | #### Initializer 146 | 147 | ```typescript 148 | import { BuildArg } from 'cdk8s-image' 149 | 150 | const buildArg: BuildArg = { ... } 151 | ``` 152 | 153 | #### Properties 154 | 155 | | **Name** | **Type** | **Description** | 156 | | --- | --- | --- | 157 | | name | string | the name of the build arg. | 158 | | value | string | the value of the build arg. | 159 | 160 | --- 161 | 162 | ##### `name`Required 163 | 164 | ```typescript 165 | public readonly name: string; 166 | ``` 167 | 168 | - *Type:* string 169 | 170 | the name of the build arg. 171 | 172 | --- 173 | 174 | ##### `value`Required 175 | 176 | ```typescript 177 | public readonly value: string; 178 | ``` 179 | 180 | - *Type:* string 181 | 182 | the value of the build arg. 183 | 184 | --- 185 | 186 | ### ImageProps 187 | 188 | Props for `Image`. 189 | 190 | #### Initializer 191 | 192 | ```typescript 193 | import { ImageProps } from 'cdk8s-image' 194 | 195 | const imageProps: ImageProps = { ... } 196 | ``` 197 | 198 | #### Properties 199 | 200 | | **Name** | **Type** | **Description** | 201 | | --- | --- | --- | 202 | | dir | string | The docker build context directory (where `Dockerfile` is). | 203 | | buildArgs | BuildArg[] | List of build args to pass to the build action. | 204 | | file | string | Path to Dockerfile. | 205 | | name | string | Name for the image. | 206 | | platform | string | Set to specify the target platform for the build output, (for example, linux/amd64, linux/arm64, or darwin/amd64). | 207 | | registry | string | The registry URL to use. | 208 | | tag | string | Tag for the image. | 209 | 210 | --- 211 | 212 | ##### `dir`Required 213 | 214 | ```typescript 215 | public readonly dir: string; 216 | ``` 217 | 218 | - *Type:* string 219 | 220 | The docker build context directory (where `Dockerfile` is). 221 | 222 | --- 223 | 224 | ##### `buildArgs`Optional 225 | 226 | ```typescript 227 | public readonly buildArgs: BuildArg[]; 228 | ``` 229 | 230 | - *Type:* BuildArg[] 231 | 232 | List of build args to pass to the build action. 233 | 234 | --- 235 | 236 | ##### `file`Optional 237 | 238 | ```typescript 239 | public readonly file: string; 240 | ``` 241 | 242 | - *Type:* string 243 | 244 | Path to Dockerfile. 245 | 246 | --- 247 | 248 | ##### `name`Optional 249 | 250 | ```typescript 251 | public readonly name: string; 252 | ``` 253 | 254 | - *Type:* string 255 | - *Default:* auto-generated name 256 | 257 | Name for the image. 258 | 259 | Docker convention is {registry_name}/{name}:{tag} 260 | Visit https://docs.docker.com/engine/reference/commandline/tag/ for more information 261 | 262 | --- 263 | 264 | ##### `platform`Optional 265 | 266 | ```typescript 267 | public readonly platform: string; 268 | ``` 269 | 270 | - *Type:* string 271 | 272 | Set to specify the target platform for the build output, (for example, linux/amd64, linux/arm64, or darwin/amd64). 273 | 274 | --- 275 | 276 | ##### `registry`Optional 277 | 278 | ```typescript 279 | public readonly registry: string; 280 | ``` 281 | 282 | - *Type:* string 283 | - *Default:* "docker.io/library" 284 | 285 | The registry URL to use. 286 | 287 | This will be used as the prefix for the image name. 288 | 289 | For example, if you have a local registry listening on port 500, you can set this to `localhost:5000`. 290 | 291 | --- 292 | 293 | ##### `tag`Optional 294 | 295 | ```typescript 296 | public readonly tag: string; 297 | ``` 298 | 299 | - *Type:* string 300 | - *Default:* "latest" 301 | 302 | Tag for the image. 303 | 304 | Docker convention is {registry_name}/{name}:{tag} 305 | Visit https://docs.docker.com/engine/reference/commandline/tag/ for more information 306 | 307 | --- 308 | 309 | 310 | 311 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Code of Conduct 2 | 3 | The cdk8s project follows the [CNCF Community Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md). -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing Guidelines 2 | 3 | Thank you for your interest in contributing to our project. Whether it's a bug report, new feature, correction, or additional 4 | documentation, we greatly value feedback and contributions from our community. 5 | 6 | Please read through this document before submitting any issues or pull requests to ensure we have all the necessary 7 | information to effectively respond to your bug report or contribution. 8 | 9 | 10 | ## Reporting Bugs/Feature Requests 11 | 12 | We welcome you to use the GitHub issue tracker to report bugs or suggest features. 13 | 14 | When filing an issue, please check existing open, or recently closed, issues to make sure somebody else hasn't already 15 | reported the issue. Please try to include as much information as you can. Details like these are incredibly useful: 16 | 17 | * A reproducible test case or series of steps 18 | * The version of our code being used 19 | * Any modifications you've made relevant to the bug 20 | * Anything unusual about your environment or deployment 21 | 22 | 23 | ## Contributing via Pull Requests 24 | Contributions via pull requests are much appreciated. Before sending us a pull request, please ensure that: 25 | 26 | 1. You are working against the latest source on the *main* branch. 27 | 2. You check existing open, and recently merged, pull requests to make sure someone else hasn't addressed the problem already. 28 | 3. You open an issue to discuss any significant work - we would hate for your time to be wasted. 29 | 30 | To send us a pull request, please: 31 | 32 | 1. Fork the repository. 33 | 2. Modify the source; please focus on the specific change you are contributing. If you also reformat all the code, it will be hard for us to focus on your change. 34 | 3. Ensure local tests pass. 35 | 4. Commit to your fork using clear commit messages. 36 | 5. Send us a pull request, answering any default questions in the pull request interface. 37 | 6. Pay attention to any automated CI failures reported in the pull request, and stay involved in the conversation. 38 | 39 | GitHub provides additional document on [forking a repository](https://help.github.com/articles/fork-a-repo/) and 40 | [creating a pull request](https://help.github.com/articles/creating-a-pull-request/). 41 | 42 | ### Developer Certificate Of Origin (DCO) 43 | 44 | Every commit should be signed-off in compliance with the [Developer Certificate Of Origin](./DCO). 45 | You can sign your commits by using the `git commit -s` command. 46 | 47 | > To configure automatic signoff, see [git-hooks](./git-hooks/README.md). 48 | 49 | ## Finding contributions to work on 50 | Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels (enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any 'help wanted' issues is a great place to start. 51 | 52 | 53 | ## Code of Conduct 54 | This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). 55 | For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact 56 | opensource-codeofconduct@amazon.com with any additional questions or comments. 57 | 58 | 59 | ## Security issue notifications 60 | If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue. 61 | 62 | 63 | ## Licensing 64 | 65 | See the [LICENSE](LICENSE) file for our project's licensing. We will ask you to confirm the licensing of your contribution. 66 | -------------------------------------------------------------------------------- /DCO: -------------------------------------------------------------------------------- 1 | Developer Certificate of Origin 2 | Version 1.1 3 | 4 | Copyright (C) 2004, 2006 The Linux Foundation and its contributors. 5 | 6 | Everyone is permitted to copy and distribute verbatim copies of this 7 | license document, but changing it is not allowed. 8 | 9 | 10 | Developer's Certificate of Origin 1.1 11 | 12 | By making a contribution to this project, I certify that: 13 | 14 | (a) The contribution was created in whole or in part by me and I 15 | have the right to submit it under the open source license 16 | indicated in the file; or 17 | 18 | (b) The contribution is based upon previous work that, to the best 19 | of my knowledge, is covered under an appropriate open source 20 | license and I have the right under that license to submit that 21 | work with modifications, whether created in whole or in part 22 | by me, under the same open source license (unless I am 23 | permitted to submit under a different license), as indicated 24 | in the file; or 25 | 26 | (c) The contribution was provided directly to me by some other 27 | person who certified (a), (b) or (c) and I have not modified 28 | it. 29 | 30 | (d) I understand and agree that this project and the contribution 31 | are public and that a record of the contribution (including all 32 | personal information I submit with it, including my sign-off) is 33 | maintained indefinitely and may be redistributed consistent with 34 | this project or the open source license(s) involved. -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | 2 | Apache License 3 | Version 2.0, January 2004 4 | http://www.apache.org/licenses/ 5 | 6 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 7 | 8 | 1. Definitions. 9 | 10 | "License" shall mean the terms and conditions for use, reproduction, 11 | and distribution as defined by Sections 1 through 9 of this document. 12 | 13 | "Licensor" shall mean the copyright owner or entity authorized by 14 | the copyright owner that is granting the License. 15 | 16 | "Legal Entity" shall mean the union of the acting entity and all 17 | other entities that control, are controlled by, or are under common 18 | control with that entity. For the purposes of this definition, 19 | "control" means (i) the power, direct or indirect, to cause the 20 | direction or management of such entity, whether by contract or 21 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 22 | outstanding shares, or (iii) beneficial ownership of such entity. 23 | 24 | "You" (or "Your") shall mean an individual or Legal Entity 25 | exercising permissions granted by this License. 26 | 27 | "Source" form shall mean the preferred form for making modifications, 28 | including but not limited to software source code, documentation 29 | source, and configuration files. 30 | 31 | "Object" form shall mean any form resulting from mechanical 32 | transformation or translation of a Source form, including but 33 | not limited to compiled object code, generated documentation, 34 | and conversions to other media types. 35 | 36 | "Work" shall mean the work of authorship, whether in Source or 37 | Object form, made available under the License, as indicated by a 38 | copyright notice that is included in or attached to the work 39 | (an example is provided in the Appendix below). 40 | 41 | "Derivative Works" shall mean any work, whether in Source or Object 42 | form, that is based on (or derived from) the Work and for which the 43 | editorial revisions, annotations, elaborations, or other modifications 44 | represent, as a whole, an original work of authorship. For the purposes 45 | of this License, Derivative Works shall not include works that remain 46 | separable from, or merely link (or bind by name) to the interfaces of, 47 | the Work and Derivative Works thereof. 48 | 49 | "Contribution" shall mean any work of authorship, including 50 | the original version of the Work and any modifications or additions 51 | to that Work or Derivative Works thereof, that is intentionally 52 | submitted to Licensor for inclusion in the Work by the copyright owner 53 | or by an individual or Legal Entity authorized to submit on behalf of 54 | the copyright owner. For the purposes of this definition, "submitted" 55 | means any form of electronic, verbal, or written communication sent 56 | to the Licensor or its representatives, including but not limited to 57 | communication on electronic mailing lists, source code control systems, 58 | and issue tracking systems that are managed by, or on behalf of, the 59 | Licensor for the purpose of discussing and improving the Work, but 60 | excluding communication that is conspicuously marked or otherwise 61 | designated in writing by the copyright owner as "Not a Contribution." 62 | 63 | "Contributor" shall mean Licensor and any individual or Legal Entity 64 | on behalf of whom a Contribution has been received by Licensor and 65 | subsequently incorporated within the Work. 66 | 67 | 2. Grant of Copyright License. Subject to the terms and conditions of 68 | this License, each Contributor hereby grants to You a perpetual, 69 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 70 | copyright license to reproduce, prepare Derivative Works of, 71 | publicly display, publicly perform, sublicense, and distribute the 72 | Work and such Derivative Works in Source or Object form. 73 | 74 | 3. Grant of Patent License. Subject to the terms and conditions of 75 | this License, each Contributor hereby grants to You a perpetual, 76 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 77 | (except as stated in this section) patent license to make, have made, 78 | use, offer to sell, sell, import, and otherwise transfer the Work, 79 | where such license applies only to those patent claims licensable 80 | by such Contributor that are necessarily infringed by their 81 | Contribution(s) alone or by combination of their Contribution(s) 82 | with the Work to which such Contribution(s) was submitted. If You 83 | institute patent litigation against any entity (including a 84 | cross-claim or counterclaim in a lawsuit) alleging that the Work 85 | or a Contribution incorporated within the Work constitutes direct 86 | or contributory patent infringement, then any patent licenses 87 | granted to You under this License for that Work shall terminate 88 | as of the date such litigation is filed. 89 | 90 | 4. Redistribution. You may reproduce and distribute copies of the 91 | Work or Derivative Works thereof in any medium, with or without 92 | modifications, and in Source or Object form, provided that You 93 | meet the following conditions: 94 | 95 | (a) You must give any other recipients of the Work or 96 | Derivative Works a copy of this License; and 97 | 98 | (b) You must cause any modified files to carry prominent notices 99 | stating that You changed the files; and 100 | 101 | (c) You must retain, in the Source form of any Derivative Works 102 | that You distribute, all copyright, patent, trademark, and 103 | attribution notices from the Source form of the Work, 104 | excluding those notices that do not pertain to any part of 105 | the Derivative Works; and 106 | 107 | (d) If the Work includes a "NOTICE" text file as part of its 108 | distribution, then any Derivative Works that You distribute must 109 | include a readable copy of the attribution notices contained 110 | within such NOTICE file, excluding those notices that do not 111 | pertain to any part of the Derivative Works, in at least one 112 | of the following places: within a NOTICE text file distributed 113 | as part of the Derivative Works; within the Source form or 114 | documentation, if provided along with the Derivative Works; or, 115 | within a display generated by the Derivative Works, if and 116 | wherever such third-party notices normally appear. The contents 117 | of the NOTICE file are for informational purposes only and 118 | do not modify the License. You may add Your own attribution 119 | notices within Derivative Works that You distribute, alongside 120 | or as an addendum to the NOTICE text from the Work, provided 121 | that such additional attribution notices cannot be construed 122 | as modifying the License. 123 | 124 | You may add Your own copyright statement to Your modifications and 125 | may provide additional or different license terms and conditions 126 | for use, reproduction, or distribution of Your modifications, or 127 | for any such Derivative Works as a whole, provided Your use, 128 | reproduction, and distribution of the Work otherwise complies with 129 | the conditions stated in this License. 130 | 131 | 5. Submission of Contributions. Unless You explicitly state otherwise, 132 | any Contribution intentionally submitted for inclusion in the Work 133 | by You to the Licensor shall be under the terms and conditions of 134 | this License, without any additional terms or conditions. 135 | Notwithstanding the above, nothing herein shall supersede or modify 136 | the terms of any separate license agreement you may have executed 137 | with Licensor regarding such Contributions. 138 | 139 | 6. Trademarks. This License does not grant permission to use the trade 140 | names, trademarks, service marks, or product names of the Licensor, 141 | except as required for reasonable and customary use in describing the 142 | origin of the Work and reproducing the content of the NOTICE file. 143 | 144 | 7. Disclaimer of Warranty. Unless required by applicable law or 145 | agreed to in writing, Licensor provides the Work (and each 146 | Contributor provides its Contributions) on an "AS IS" BASIS, 147 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 148 | implied, including, without limitation, any warranties or conditions 149 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 150 | PARTICULAR PURPOSE. You are solely responsible for determining the 151 | appropriateness of using or redistributing the Work and assume any 152 | risks associated with Your exercise of permissions under this License. 153 | 154 | 8. Limitation of Liability. In no event and under no legal theory, 155 | whether in tort (including negligence), contract, or otherwise, 156 | unless required by applicable law (such as deliberate and grossly 157 | negligent acts) or agreed to in writing, shall any Contributor be 158 | liable to You for damages, including any direct, indirect, special, 159 | incidental, or consequential damages of any character arising as a 160 | result of this License or out of the use or inability to use the 161 | Work (including but not limited to damages for loss of goodwill, 162 | work stoppage, computer failure or malfunction, or any and all 163 | other commercial damages or losses), even if such Contributor 164 | has been advised of the possibility of such damages. 165 | 166 | 9. Accepting Warranty or Additional Liability. While redistributing 167 | the Work or Derivative Works thereof, You may choose to offer, 168 | and charge a fee for, acceptance of support, warranty, indemnity, 169 | or other liability obligations and/or rights consistent with this 170 | License. However, in accepting such obligations, You may act only 171 | on Your own behalf and on Your sole responsibility, not on behalf 172 | of any other Contributor, and only if You agree to indemnify, 173 | defend, and hold each Contributor harmless for any liability 174 | incurred by, or claims asserted against, such Contributor by reason 175 | of your accepting any such warranty or additional liability. 176 | 177 | END OF TERMS AND CONDITIONS 178 | 179 | APPENDIX: How to apply the Apache License to your work. 180 | 181 | To apply the Apache License to your work, attach the following 182 | boilerplate notice, with the fields enclosed by brackets "[]" 183 | replaced with your own identifying information. (Don't include 184 | the brackets!) The text should be enclosed in the appropriate 185 | comment syntax for the file format. We also recommend that a 186 | file or class name and description of purpose be included on the 187 | same "printed page" as the copyright notice for easier 188 | identification within third-party archives. 189 | 190 | Copyright [yyyy] [name of copyright owner] 191 | 192 | Licensed under the Apache License, Version 2.0 (the "License"); 193 | you may not use this file except in compliance with the License. 194 | You may obtain a copy of the License at 195 | 196 | http://www.apache.org/licenses/LICENSE-2.0 197 | 198 | Unless required by applicable law or agreed to in writing, software 199 | distributed under the License is distributed on an "AS IS" BASIS, 200 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 201 | See the License for the specific language governing permissions and 202 | limitations under the License. 203 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # cdk8s-image 2 | 3 | An `Image` construct which takes care of building & pushing docker images that 4 | can be used in [CDK8s](https://github.com/awslabs/cdk8s) apps. 5 | 6 | The following example will build the docker image from `Dockerfile` under the 7 | `my-app` directory, push it to a local registry and then define a Kubernetes 8 | deployment that deploys containers that run this image. 9 | 10 | ```ts 11 | const image = new Image(this, 'image', { 12 | dir: `${__dirname}/my-app`, 13 | registry: 'localhost:5000' 14 | }); 15 | 16 | new Deployment(this, 'deployment', { 17 | containers: [ new Container({ image: image.url }) ], 18 | }); 19 | ``` 20 | 21 | ## Contributions 22 | 23 | All contributions are celebrated. 24 | 25 | ## License 26 | 27 | Licensed under [Apache 2.0](./LICENSE). 28 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | # Reporting a Vulnerability 2 | 3 | If you discover a potential security issue in this project we ask that you notify the cdk8s team directly via email to cncf-cdk8s-security@lists.cncf.io. 4 | 5 | **Please do not create a public GitHub issue.** -------------------------------------------------------------------------------- /git-hooks/README.md: -------------------------------------------------------------------------------- 1 | # Git Hooks 2 | 3 | This directory contains git hooks that the core team uses for various tasks. 4 | 5 | - Commit signoff for automatic compliance of the [DCO](../CONTRIBUTING.md#developer-certificate-of-origin-dco). 6 | 7 | ## Setup 8 | 9 | To setup these git hooks, run `./git-hooks/setup.sh` from the root directory of the project. 10 | -------------------------------------------------------------------------------- /git-hooks/prepare-commit-msg: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | NAME=$(git config user.name) 4 | EMAIL=$(git config user.email) 5 | 6 | if [ -z "$NAME" ]; then 7 | echo "empty git config user.name" 8 | exit 1 9 | fi 10 | 11 | if [ -z "$EMAIL" ]; then 12 | echo "empty git config user.email" 13 | exit 1 14 | fi 15 | 16 | git interpret-trailers --if-exists doNothing --trailer \ 17 | "Signed-off-by: $NAME <$EMAIL>" \ 18 | --in-place "$1" 19 | -------------------------------------------------------------------------------- /git-hooks/setup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ############################################## 4 | # Setup shared .git hooks for this project. 5 | # 6 | 7 | hooksdir="$(cd $(dirname $0) && pwd)" 8 | 9 | git config core.hooksPath ${hooksdir} 10 | echo "Configured core.hooksPath to ${hooksdir}" 11 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "cdk8s-image", 3 | "description": "Build & Push local docker images inside CDK8s applications", 4 | "repository": { 5 | "type": "git", 6 | "url": "https://github.com/cdk8s-team/cdk8s-image.git" 7 | }, 8 | "scripts": { 9 | "build": "npx projen build", 10 | "bump": "npx projen bump", 11 | "clobber": "npx projen clobber", 12 | "compat": "npx projen compat", 13 | "compile": "npx projen compile", 14 | "default": "npx projen default", 15 | "docgen": "npx projen docgen", 16 | "eject": "npx projen eject", 17 | "eslint": "npx projen eslint", 18 | "package": "npx projen package", 19 | "package-all": "npx projen package-all", 20 | "package:dotnet": "npx projen package:dotnet", 21 | "package:go": "npx projen package:go", 22 | "package:java": "npx projen package:java", 23 | "package:js": "npx projen package:js", 24 | "package:python": "npx projen package:python", 25 | "post-compile": "npx projen post-compile", 26 | "post-upgrade": "npx projen post-upgrade", 27 | "pre-compile": "npx projen pre-compile", 28 | "release": "npx projen release", 29 | "test": "npx projen test", 30 | "test:watch": "npx projen test:watch", 31 | "unbump": "npx projen unbump", 32 | "upgrade-compiler-dependencies": "npx projen upgrade-compiler-dependencies", 33 | "upgrade-configuration": "npx projen upgrade-configuration", 34 | "upgrade-dev-dependencies": "npx projen upgrade-dev-dependencies", 35 | "upgrade-runtime-dependencies": "npx projen upgrade-runtime-dependencies", 36 | "watch": "npx projen watch", 37 | "projen": "npx projen" 38 | }, 39 | "author": { 40 | "name": "Amazon Web Services", 41 | "url": "https://aws.amazon.com", 42 | "organization": false 43 | }, 44 | "devDependencies": { 45 | "@cdk8s/projen-common": "^0.0.608", 46 | "@stylistic/eslint-plugin": "^2", 47 | "@types/jest": "^27", 48 | "@types/node": "16.18.78", 49 | "@typescript-eslint/eslint-plugin": "^8", 50 | "@typescript-eslint/parser": "^8", 51 | "cdk8s": "2.68.91", 52 | "commit-and-tag-version": "^12", 53 | "constructs": "10.3.0", 54 | "eslint": "^9", 55 | "eslint-import-resolver-typescript": "^2.7.1", 56 | "eslint-plugin-import": "^2.31.0", 57 | "jest": "^27", 58 | "jest-junit": "^16", 59 | "jsii": "~5.6.0", 60 | "jsii-diff": "^1.112.0", 61 | "jsii-docgen": "^10.5.0", 62 | "jsii-pacmak": "^1.112.0", 63 | "jsii-rosetta": "~5.6.0", 64 | "projen": "^0.92.10", 65 | "ts-jest": "^27", 66 | "typescript": "^3.9.10" 67 | }, 68 | "peerDependencies": { 69 | "cdk8s": "^2.68.91", 70 | "constructs": "^10.3.0" 71 | }, 72 | "resolutions": { 73 | "**/downlevel-dts/**/typescript": "~5.2.2" 74 | }, 75 | "keywords": [ 76 | "cdk8s", 77 | "containers", 78 | "docker", 79 | "kubernetes" 80 | ], 81 | "engines": { 82 | "node": ">= 16.20.0" 83 | }, 84 | "main": "lib/index.js", 85 | "license": "Apache-2.0", 86 | "publishConfig": { 87 | "access": "public" 88 | }, 89 | "version": "0.0.0", 90 | "jest": { 91 | "coverageProvider": "v8", 92 | "testMatch": [ 93 | "/@(src|test)/**/*(*.)@(spec|test).ts?(x)", 94 | "/@(src|test)/**/__tests__/**/*.ts?(x)" 95 | ], 96 | "clearMocks": true, 97 | "collectCoverage": true, 98 | "coverageReporters": [ 99 | "json", 100 | "lcov", 101 | "clover", 102 | "cobertura", 103 | "text" 104 | ], 105 | "coverageDirectory": "coverage", 106 | "coveragePathIgnorePatterns": [ 107 | "/node_modules/" 108 | ], 109 | "testPathIgnorePatterns": [ 110 | "/node_modules/" 111 | ], 112 | "watchPathIgnorePatterns": [ 113 | "/node_modules/" 114 | ], 115 | "reporters": [ 116 | "default", 117 | [ 118 | "jest-junit", 119 | { 120 | "outputDirectory": "test-reports" 121 | } 122 | ] 123 | ], 124 | "preset": "ts-jest", 125 | "globals": { 126 | "ts-jest": { 127 | "tsconfig": "tsconfig.dev.json" 128 | } 129 | } 130 | }, 131 | "types": "lib/index.d.ts", 132 | "stability": "stable", 133 | "jsii": { 134 | "outdir": "dist", 135 | "targets": { 136 | "java": { 137 | "package": "org.cdk8s.image", 138 | "maven": { 139 | "groupId": "org.cdk8s", 140 | "artifactId": "cdk8s-image" 141 | } 142 | }, 143 | "python": { 144 | "distName": "cdk8s-image", 145 | "module": "cdk8s_image" 146 | }, 147 | "dotnet": { 148 | "namespace": "Org.Cdk8s.Image", 149 | "packageId": "Org.Cdk8s.Image" 150 | }, 151 | "go": { 152 | "moduleName": "github.com/cdk8s-team/cdk8s-image-go" 153 | } 154 | }, 155 | "tsc": { 156 | "outDir": "lib", 157 | "rootDir": "src" 158 | } 159 | }, 160 | "//": "~~ Generated by projen. To modify, edit .projenrc.js and run \"npx projen\"." 161 | } 162 | -------------------------------------------------------------------------------- /src/_shell.ts: -------------------------------------------------------------------------------- 1 | import { spawnSync } from 'child_process'; 2 | 3 | export function shell(command: string, ...args: string[]): string { 4 | const proc = spawnSync(command, args); 5 | 6 | if (proc.error) { 7 | throw new Error(proc.error.message); 8 | } 9 | 10 | if (proc.status !== 0) { 11 | throw new Error(`non-zero exist code ${proc.status}: ${proc.stdout} ${proc.stderr}`); 12 | } 13 | 14 | return proc.stdout.toString('utf-8'); 15 | } -------------------------------------------------------------------------------- /src/image.ts: -------------------------------------------------------------------------------- 1 | import { Names } from 'cdk8s'; 2 | import { Construct } from 'constructs'; 3 | import { shell } from './_shell'; 4 | 5 | const PARSE_DIGEST = /digest:\ (sha256:[0-9a-f]+)/; 6 | 7 | /** 8 | * Build arg to pass to the docker build 9 | */ 10 | export interface BuildArg { 11 | /** 12 | * the name of the build arg 13 | */ 14 | readonly name: string; 15 | 16 | /** 17 | * the value of the build arg 18 | */ 19 | readonly value: string; 20 | } 21 | 22 | /** 23 | * Props for `Image`. 24 | */ 25 | export interface ImageProps { 26 | /** 27 | * The docker build context directory (where `Dockerfile` is). 28 | */ 29 | readonly dir: string; 30 | 31 | /** 32 | * The registry URL to use. 33 | * 34 | * This will be used as the prefix for the image name. 35 | * 36 | * For example, if you have a local registry listening on port 500, you can set this to `localhost:5000`. 37 | * 38 | * @default "docker.io/library" 39 | */ 40 | readonly registry?: string; 41 | 42 | /** 43 | * List of build args to pass to the build action 44 | */ 45 | readonly buildArgs?: BuildArg[]; 46 | 47 | /** 48 | * Path to Dockerfile 49 | */ 50 | readonly file?: string; 51 | 52 | /** 53 | * Name for the image. 54 | * Docker convention is {registry_name}/{name}:{tag} 55 | * Visit https://docs.docker.com/engine/reference/commandline/tag/ for more information 56 | * @default - auto-generated name 57 | */ 58 | readonly name?: string; 59 | 60 | /** 61 | * Tag for the image. 62 | * Docker convention is {registry_name}/{name}:{tag} 63 | * Visit https://docs.docker.com/engine/reference/commandline/tag/ for more information 64 | * @default "latest" 65 | */ 66 | readonly tag?: string; 67 | 68 | /** 69 | * Set to specify the target platform for the build output, (for example, linux/amd64, linux/arm64, or darwin/amd64). 70 | */ 71 | readonly platform?: string; 72 | } 73 | 74 | /** 75 | * Represents a docker image built during synthesis from a context directory 76 | * (`dir`) with a `Dockerfile`. 77 | * 78 | * The image will be built using `docker build` and then pushed through `docker 79 | * push`. The URL of the pushed image can be accessed through `image.url`. 80 | * 81 | * If you push to a registry other than docker hub, you can specify the registry 82 | * URL through the `registry` option. 83 | */ 84 | export class Image extends Construct { 85 | /** 86 | * The image URL to use in order to pull this instance of the image. 87 | */ 88 | public readonly url: string; 89 | 90 | constructor(scope: Construct, id: string, props: ImageProps) { 91 | super(scope, id); 92 | const registry = props.registry ?? 'docker.io/library'; 93 | const name = props.name || Names.toDnsLabel(this); 94 | const tag = props.tag || 'latest'; 95 | const fullTag = `${registry}/${name}:${tag}`; 96 | const allBuildArgs: string[] = []; 97 | props.buildArgs?.forEach((arg) => { 98 | allBuildArgs.push('--build-arg'); 99 | allBuildArgs.push(`${arg.name}=${arg.value}`); 100 | }); 101 | if (props.file) { 102 | allBuildArgs.push('-f'); 103 | allBuildArgs.push(props.file); 104 | } 105 | if (props.platform) { 106 | allBuildArgs.push(`--platform=${props.platform}`); 107 | } 108 | console.error(`building docker image ${fullTag} from ${props.file ? props.file : props.dir}`); 109 | shell('docker', 'build', '-t', fullTag, props.dir, ...allBuildArgs); 110 | console.error(`pushing docker image ${fullTag} to ${registry}`); 111 | const push = shell('docker', 'push', fullTag); 112 | 113 | const result = PARSE_DIGEST.exec(push); 114 | if (!result) { 115 | throw new Error(`unable to read image digest after push: ${push}`); 116 | } 117 | 118 | this.url = props.tag ? fullTag:`${registry}/${name}@${result[1]}`; 119 | } 120 | } 121 | -------------------------------------------------------------------------------- /src/index.ts: -------------------------------------------------------------------------------- 1 | export * from './image'; -------------------------------------------------------------------------------- /test/image.test.ts: -------------------------------------------------------------------------------- 1 | import { Testing } from 'cdk8s'; 2 | import { Image } from '../src'; 3 | import * as shell from '../src/_shell'; 4 | 5 | beforeAll(() => { 6 | // disable logs 7 | jest.spyOn(console, 'error').mockReturnValue(); 8 | }); 9 | 10 | afterAll(() => { 11 | jest.resetAllMocks(); 12 | }); 13 | 14 | test('minimal usage', () => { 15 | // GIVEN 16 | const mock = jest.spyOn(shell, 'shell').mockReturnValue('text\ntext\n\ndigest: sha256:a1b2c3\n'); 17 | const chart = Testing.chart(); 18 | 19 | // WHEN 20 | const image = new Image(chart, 'my-image', { 21 | dir: 'foobar', 22 | }); 23 | 24 | // THEN 25 | expect(image.url).toEqual('docker.io/library/test-my-image-c80f3600@sha256:a1b2c3'); 26 | expect(mock).toBeCalledTimes(2); 27 | expect(mock).toBeCalledWith('docker', 'build', '-t', 'docker.io/library/test-my-image-c80f3600:latest', 'foobar'); 28 | expect(mock).toBeCalledWith('docker', 'push', 'docker.io/library/test-my-image-c80f3600:latest'); 29 | }); 30 | 31 | test('custom registry', () => { 32 | // GIVEN 33 | const mock = jest.spyOn(shell, 'shell').mockReturnValue('text\ntext\n\ndigest: sha256:a1b2c3\n'); 34 | const chart = Testing.chart(); 35 | 36 | // WHEN 37 | const image = new Image(chart, 'my-image', { 38 | dir: 'foobar', 39 | registry: 'localhost:5000', 40 | }); 41 | 42 | // THEN 43 | expect(image.url).toEqual('localhost:5000/test-my-image-c80f3600@sha256:a1b2c3'); 44 | expect(mock).toBeCalledTimes(2); 45 | expect(mock).toBeCalledWith('docker', 'build', '-t', 'localhost:5000/test-my-image-c80f3600:latest', 'foobar'); 46 | expect(mock).toBeCalledWith('docker', 'push', 'localhost:5000/test-my-image-c80f3600:latest'); 47 | }); 48 | 49 | test('single build arg', () => { 50 | // GIVEN 51 | const mock = jest.spyOn(shell, 'shell').mockReturnValue('text\ntext\n\ndigest: sha256:a1b2c3\n'); 52 | const chart = Testing.chart(); 53 | 54 | // WHEN 55 | const image = new Image(chart, 'my-image', { 56 | dir: 'foobar', 57 | buildArgs: [{ name: 'FOO', value: 'bar' }], 58 | }); 59 | 60 | // THEN 61 | expect(image.url).toEqual('docker.io/library/test-my-image-c80f3600@sha256:a1b2c3'); 62 | expect(mock).toBeCalledTimes(2); 63 | expect(mock).toBeCalledWith('docker', 'build', '-t', 'docker.io/library/test-my-image-c80f3600:latest', 'foobar', '--build-arg', 'FOO=bar'); 64 | expect(mock).toBeCalledWith('docker', 'push', 'docker.io/library/test-my-image-c80f3600:latest'); 65 | }); 66 | 67 | test('multiple build args', () => { 68 | // GIVEN 69 | const mock = jest.spyOn(shell, 'shell').mockReturnValue('text\ntext\n\ndigest: sha256:a1b2c3\n'); 70 | const chart = Testing.chart(); 71 | 72 | // WHEN 73 | const image = new Image(chart, 'my-image', { 74 | dir: 'foobar', 75 | buildArgs: [ 76 | { name: 'FOO', value: 'bar' }, 77 | { name: 'BAR', value: 'baz' }, 78 | ], 79 | }); 80 | 81 | // THEN 82 | expect(image.url).toEqual('docker.io/library/test-my-image-c80f3600@sha256:a1b2c3'); 83 | expect(mock).toBeCalledTimes(2); 84 | expect(mock).toBeCalledWith('docker', 'build', '-t', 'docker.io/library/test-my-image-c80f3600:latest', 'foobar', '--build-arg', 'FOO=bar', '--build-arg', 'BAR=baz'); 85 | expect(mock).toBeCalledWith('docker', 'push', 'docker.io/library/test-my-image-c80f3600:latest'); 86 | }); 87 | 88 | 89 | test('dockerfile specified', () => { 90 | // GIVEN 91 | const mock = jest.spyOn(shell, 'shell').mockReturnValue('text\ntext\n\ndigest: sha256:a1b2c3\n'); 92 | const chart = Testing.chart(); 93 | 94 | // WHEN 95 | const image = new Image(chart, 'my-image', { 96 | dir: 'foobar', 97 | file: './test/Dockerfile', 98 | }); 99 | 100 | // THEN 101 | expect(image.url).toEqual('docker.io/library/test-my-image-c80f3600@sha256:a1b2c3'); 102 | expect(mock).toBeCalledTimes(2); 103 | expect(mock).toBeCalledWith('docker', 'build', '-t', 'docker.io/library/test-my-image-c80f3600:latest', 'foobar', '-f', './test/Dockerfile') ; 104 | expect(mock).toBeCalledWith('docker', 'push', 'docker.io/library/test-my-image-c80f3600:latest'); 105 | }); 106 | 107 | test('platform specified', () => { 108 | // GIVEN 109 | const mock = jest.spyOn(shell, 'shell').mockReturnValue('text\ntext\n\ndigest: sha256:a1b2c3\n'); 110 | const chart = Testing.chart(); 111 | 112 | // WHEN 113 | const image = new Image(chart, 'my-image', { 114 | dir: 'foobar', 115 | platform: 'linux/x86_64', 116 | }); 117 | 118 | // THEN 119 | expect(image.url).toEqual('docker.io/library/test-my-image-c80f3600@sha256:a1b2c3'); 120 | expect(mock).toBeCalledTimes(2); 121 | expect(mock).toBeCalledWith('docker', 'build', '-t', 'docker.io/library/test-my-image-c80f3600:latest', 'foobar', '--platform=linux/x86_64') ; 122 | expect(mock).toBeCalledWith('docker', 'push', 'docker.io/library/test-my-image-c80f3600:latest'); 123 | }); 124 | 125 | test('name specified', () => { 126 | // GIVEN 127 | const mock = jest.spyOn(shell, 'shell').mockReturnValue('text\ntext\n\ndigest: sha256:a1b2c3\n'); 128 | const chart = Testing.chart(); 129 | 130 | // WHEN 131 | const image = new Image(chart, 'my-image', { 132 | dir: 'foobar', 133 | name: 'test-different-image', 134 | }); 135 | 136 | // THEN 137 | expect(image.url).toEqual('docker.io/library/test-different-image@sha256:a1b2c3'); 138 | expect(mock).toBeCalledTimes(2); 139 | expect(mock).toBeCalledWith('docker', 'build', '-t', 'docker.io/library/test-different-image:latest', 'foobar') ; 140 | expect(mock).toBeCalledWith('docker', 'push', 'docker.io/library/test-different-image:latest'); 141 | }); 142 | 143 | 144 | test('tag specified', () => { 145 | // GIVEN 146 | const mock = jest.spyOn(shell, 'shell').mockReturnValue('text\ntext\n\ndigest: sha256:a1b2c3\n'); 147 | const chart = Testing.chart(); 148 | 149 | // WHEN 150 | const image = new Image(chart, 'my-image', { 151 | dir: 'foobar', 152 | tag: '1.0.0', 153 | }); 154 | 155 | // THEN 156 | expect(image.url).toEqual('docker.io/library/test-my-image-c80f3600:1.0.0'); 157 | expect(mock).toBeCalledTimes(2); 158 | expect(mock).toBeCalledWith('docker', 'build', '-t', 'docker.io/library/test-my-image-c80f3600:1.0.0', 'foobar') ; 159 | expect(mock).toBeCalledWith('docker', 'push', 'docker.io/library/test-my-image-c80f3600:1.0.0'); 160 | }); 161 | 162 | 163 | test('name and tag specified', () => { 164 | // GIVEN 165 | const mock = jest.spyOn(shell, 'shell').mockReturnValue('text\ntext\n\ndigest: sha256:a1b2c3\n'); 166 | const chart = Testing.chart(); 167 | 168 | // WHEN --tag 169 | const image = new Image(chart, 'my-image', { 170 | dir: 'foobar', 171 | name: 'test-different-image', 172 | tag: '1.0.0', 173 | }); 174 | 175 | // THEN 176 | expect(image.url).toEqual('docker.io/library/test-different-image:1.0.0'); 177 | expect(mock).toBeCalledTimes(2); 178 | expect(mock).toBeCalledWith('docker', 'build', '-t', 'docker.io/library/test-different-image:1.0.0', 'foobar') ; 179 | expect(mock).toBeCalledWith('docker', 'push', 'docker.io/library/test-different-image:1.0.0'); 180 | }); 181 | 182 | test('name and tag latest specified', () => { 183 | // GIVEN 184 | const mock = jest.spyOn(shell, 'shell').mockReturnValue('text\ntext\n\ndigest: sha256:a1b2c3\n'); 185 | const chart = Testing.chart(); 186 | 187 | // WHEN --tag 188 | const image = new Image(chart, 'my-image', { 189 | dir: 'foobar', 190 | name: 'test-different-image', 191 | tag: 'latest', 192 | }); 193 | 194 | // THEN 195 | expect(image.url).toEqual('docker.io/library/test-different-image:latest'); 196 | expect(mock).toBeCalledTimes(2); 197 | expect(mock).toBeCalledWith('docker', 'build', '-t', 'docker.io/library/test-different-image:latest', 'foobar') ; 198 | expect(mock).toBeCalledWith('docker', 'push', 'docker.io/library/test-different-image:latest'); 199 | }); -------------------------------------------------------------------------------- /tsconfig.dev.json: -------------------------------------------------------------------------------- 1 | // ~~ Generated by projen. To modify, edit .projenrc.js and run "npx projen". 2 | { 3 | "compilerOptions": { 4 | "alwaysStrict": true, 5 | "declaration": true, 6 | "esModuleInterop": true, 7 | "experimentalDecorators": true, 8 | "inlineSourceMap": true, 9 | "inlineSources": true, 10 | "lib": [ 11 | "es2020" 12 | ], 13 | "module": "CommonJS", 14 | "noEmitOnError": false, 15 | "noFallthroughCasesInSwitch": true, 16 | "noImplicitAny": true, 17 | "noImplicitReturns": true, 18 | "noImplicitThis": true, 19 | "noUnusedLocals": true, 20 | "noUnusedParameters": true, 21 | "resolveJsonModule": true, 22 | "strict": true, 23 | "strictNullChecks": true, 24 | "strictPropertyInitialization": true, 25 | "stripInternal": true, 26 | "target": "ES2020" 27 | }, 28 | "include": [ 29 | "src/**/*.ts", 30 | "test/**/*.ts", 31 | ".projenrc.js" 32 | ], 33 | "exclude": [ 34 | "node_modules" 35 | ] 36 | } 37 | --------------------------------------------------------------------------------