Skip to content

feat: repo creation flags + AWS ECR asset provider#4

Open
fedemaleh wants to merge 8 commits into
mainfrom
feature/repo-flags-and-ecr
Open

feat: repo creation flags + AWS ECR asset provider#4
fedemaleh wants to merge 8 commits into
mainfrom
feature/repo-flags-and-ecr

Conversation

@fedemaleh

Copy link
Copy Markdown
Collaborator

Summary

Adds two capabilities to application-lifecycle-manager:

  1. Toggle flags to enable/disable code- and asset-repository creation independently.
  2. AWS ECR asset-repository provider, alongside the existing Docker Server one.

Also migrates asset persistence off the deprecated np nrn patch mechanism.

What changed

Toggle flags (env vars, default ON)

  • CREATE_CODE_REPOSITORY and CREATE_ASSET_REPOSITORY. Only the literal value false (case-insensitive) disables; unset/empty/any-other value keeps the current behavior (backward compatible).
  • Implemented as return 0 guards at the top of each dispatcher (scripts/code-repo/create_code_repository, scripts/asset-repo/create_asset_repository) — placed before any np call, so a disabled feature performs no platform reads/writes. return (not exit) because workflow steps are sourced into a shared shell; exit would abort the whole workflow.

AWS ECR asset provider (scripts/asset-repo/ecr/)

  • Selected with ASSET_REPOSITORY_PROVIDER=ecr. Config is env-var driven; only AWS_REGION is required. ECR_REPOSITORY_PATH and ECR_USE_NAMESPACE are optional (naming mirrors the docker-server provider).
  • AWS auth is ambient (IRSA); requires the aws CLI and IAM ecr:CreateRepository + ecr:DescribeRepositories.
  • The repository URI and ARN are read from the AWS API response (repositoryUri / repositoryArn), never hand-built — survives partition/DNS changes.
  • Idempotent: on RepositoryAlreadyExistsException it falls back to aws ecr describe-repositories; other AWS failures and empty/null URI/ARN abort with exit 1.

Persistence migration (deprecated → current)

  • docker-server and ECR now persist via np application patch --id "$APPLICATION_ID" with settings.asset.docker_server.uri / settings.asset.ecr.{uri,arn} respectively, replacing the deprecated np nrn patch (docker.repository_uri).
  • JSON bodies are built with jq -n --arg (the repo's own pattern in entrypoint), not raw string interpolation.

Docs

  • README: ECR section (env vars, prerequisites, name rules) + a "Toggling repository creation" section. CHANGELOG [Unreleased] entry.

Test plan

  • ECR happy path: set ASSET_REPOSITORY_PROVIDER=ecr and AWS_REGION on the agent (IRSA role with ecr:CreateRepository/ecr:DescribeRepositories), create an application, confirm the ECR repo is created and settings.asset.ecr.{uri,arn} is populated.
  • ECR idempotency: re-run against an app whose ECR repo already exists; confirm it resolves URI/ARN via describe-repositories and succeeds.
  • Flag off (code): CREATE_CODE_REPOSITORY=false → code repo skipped, asset repo still created.
  • Flag off (asset): CREATE_ASSET_REPOSITORY=false → asset repo skipped, code repo still created.
  • docker-server regression: default provider still creates the repo and persists settings.asset.docker_server.uri.

Notes

  • Workflow steps are sourced into a shared shell — hence return 0 (skip) vs exit 1 (abort) throughout.
  • ShellCheck runs in CI on this PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant