feat: add use_cache_from_previous_image variable

Author: IlyesDemineExtVeolia

examples/container-image/main.tf

@@ -129,6 +129,7 @@ module "docker_build_from_ecr" {
   }
 
   cache_from = ["${module.ecr.repository_url}:latest"]
+  use_cache_from_previous_image = true
 }
 
 module "ecr" {

modules/docker-build/README.md

@@ -88,28 +88,29 @@ No modules.
 
 ## Inputs
 
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_build_args"></a> [build\_args](#input\_build\_args) | A map of Docker build arguments. | `map(string)` | `{}` | no |
-| <a name="input_cache_from"></a> [cache\_from](#input\_cache\_from) | List of images to consider as cache sources when building the image. | `list(string)` | `[]` | no |
-| <a name="input_create_ecr_repo"></a> [create\_ecr\_repo](#input\_create\_ecr\_repo) | Controls whether ECR repository for Lambda image should be created | `bool` | `false` | no |
-| <a name="input_create_sam_metadata"></a> [create\_sam\_metadata](#input\_create\_sam\_metadata) | Controls whether the SAM metadata null resource should be created | `bool` | `false` | no |
-| <a name="input_docker_file_path"></a> [docker\_file\_path](#input\_docker\_file\_path) | Path to Dockerfile in source package | `string` | `"Dockerfile"` | no |
-| <a name="input_ecr_address"></a> [ecr\_address](#input\_ecr\_address) | Address of ECR repository for cross-account container image pulling (optional). Option `create_ecr_repo` must be `false` | `string` | `null` | no |
-| <a name="input_ecr_force_delete"></a> [ecr\_force\_delete](#input\_ecr\_force\_delete) | If true, will delete the repository even if it contains images. | `bool` | `true` | no |
-| <a name="input_ecr_repo"></a> [ecr\_repo](#input\_ecr\_repo) | Name of ECR repository to use or to create | `string` | `null` | no |
-| <a name="input_ecr_repo_lifecycle_policy"></a> [ecr\_repo\_lifecycle\_policy](#input\_ecr\_repo\_lifecycle\_policy) | A JSON formatted ECR lifecycle policy to automate the cleaning up of unused images. | `string` | `null` | no |
-| <a name="input_ecr_repo_tags"></a> [ecr\_repo\_tags](#input\_ecr\_repo\_tags) | A map of tags to assign to ECR repository | `map(string)` | `{}` | no |
-| <a name="input_force_remove"></a> [force\_remove](#input\_force\_remove) | Whether to remove image forcibly when the resource is destroyed. | `bool` | `false` | no |
-| <a name="input_image_tag"></a> [image\_tag](#input\_image\_tag) | Image tag to use. If not specified current timestamp in format 'YYYYMMDDhhmmss' will be used. This can lead to unnecessary rebuilds. | `string` | `null` | no |
-| <a name="input_image_tag_mutability"></a> [image\_tag\_mutability](#input\_image\_tag\_mutability) | The tag mutability setting for the repository. Must be one of: `MUTABLE` or `IMMUTABLE` | `string` | `"MUTABLE"` | no |
-| <a name="input_keep_locally"></a> [keep\_locally](#input\_keep\_locally) | Whether to delete the Docker image locally on destroy operation. | `bool` | `false` | no |
-| <a name="input_keep_remotely"></a> [keep\_remotely](#input\_keep\_remotely) | Whether to keep Docker image in the remote registry on destroy operation. | `bool` | `false` | no |
-| <a name="input_platform"></a> [platform](#input\_platform) | The target architecture platform to build the image for. | `string` | `null` | no |
-| <a name="input_scan_on_push"></a> [scan\_on\_push](#input\_scan\_on\_push) | Indicates whether images are scanned after being pushed to the repository | `bool` | `false` | no |
-| <a name="input_source_path"></a> [source\_path](#input\_source\_path) | Path to folder containing application code | `string` | `null` | no |
-| <a name="input_triggers"></a> [triggers](#input\_triggers) | A map of arbitrary strings that, when changed, will force the docker\_image resource to be replaced. This can be used to rebuild an image when contents of source code folders change | `map(string)` | `{}` | no |
-| <a name="input_use_image_tag"></a> [use\_image\_tag](#input\_use\_image\_tag) | Controls whether to use image tag in ECR repository URI or not. Disable this to deploy latest image using ID (sha256:...) | `bool` | `true` | no |
+| Name                                                                                                                | Description                                                                                                                                                                           | Type           | Default        | Required |
+|---------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------|----------------|:--------:|
+| <a name="input_build_args"></a> [build\_args](#input\_build\_args)                                                  | A map of Docker build arguments.                                                                                                                                                      | `map(string)`  | `{}`           | no |
+| <a name="input_cache_from"></a> [cache\_from](#input\_cache\_from)                                                  | List of images to consider as cache sources when building the image.                                                                                                                  | `list(string)` | `[]`           | no |
+| <a name="input_cache_from"></a> [use\_cache\_from\_previous\_image](#input\_cache\_from)                            | Use cache from previous build. Option `create_ecr_repo` must be `false`                                                                                                               | `bool`         | `false`        | no |
+| <a name="input_create_ecr_repo"></a> [create\_ecr\_repo](#input\_create\_ecr\_repo)                                 | Controls whether ECR repository for Lambda image should be created                                                                                                                    | `bool`         | `false`        | no |
+| <a name="input_create_sam_metadata"></a> [create\_sam\_metadata](#input\_create\_sam\_metadata)                     | Controls whether the SAM metadata null resource should be created                                                                                                                     | `bool`         | `false`        | no |
+| <a name="input_docker_file_path"></a> [docker\_file\_path](#input\_docker\_file\_path)                              | Path to Dockerfile in source package                                                                                                                                                  | `string`       | `"Dockerfile"` | no |
+| <a name="input_ecr_address"></a> [ecr\_address](#input\_ecr\_address)                                               | Address of ECR repository for cross-account container image pulling (optional). Option `create_ecr_repo` must be `false`                                                              | `string`       | `null`         | no |
+| <a name="input_ecr_force_delete"></a> [ecr\_force\_delete](#input\_ecr\_force\_delete)                              | If true, will delete the repository even if it contains images.                                                                                                                       | `bool`         | `true`         | no |
+| <a name="input_ecr_repo"></a> [ecr\_repo](#input\_ecr\_repo)                                                        | Name of ECR repository to use or to create                                                                                                                                            | `string`       | `null`         | no |
+| <a name="input_ecr_repo_lifecycle_policy"></a> [ecr\_repo\_lifecycle\_policy](#input\_ecr\_repo\_lifecycle\_policy) | A JSON formatted ECR lifecycle policy to automate the cleaning up of unused images.                                                                                                   | `string`       | `null`         | no |
+| <a name="input_ecr_repo_tags"></a> [ecr\_repo\_tags](#input\_ecr\_repo\_tags)                                       | A map of tags to assign to ECR repository                                                                                                                                             | `map(string)`  | `{}`           | no |
+| <a name="input_force_remove"></a> [force\_remove](#input\_force\_remove)                                            | Whether to remove image forcibly when the resource is destroyed.                                                                                                                      | `bool`         | `false`        | no |
+| <a name="input_image_tag"></a> [image\_tag](#input\_image\_tag)                                                     | Image tag to use. If not specified current timestamp in format 'YYYYMMDDhhmmss' will be used. This can lead to unnecessary rebuilds.                                                  | `string`       | `null`         | no |
+| <a name="input_image_tag_mutability"></a> [image\_tag\_mutability](#input\_image\_tag\_mutability)                  | The tag mutability setting for the repository. Must be one of: `MUTABLE` or `IMMUTABLE`                                                                                               | `string`       | `"MUTABLE"`    | no |
+| <a name="input_keep_locally"></a> [keep\_locally](#input\_keep\_locally)                                            | Whether to delete the Docker image locally on destroy operation.                                                                                                                      | `bool`         | `false`        | no |
+| <a name="input_keep_remotely"></a> [keep\_remotely](#input\_keep\_remotely)                                         | Whether to keep Docker image in the remote registry on destroy operation.                                                                                                             | `bool`         | `false`        | no |
+| <a name="input_platform"></a> [platform](#input\_platform)                                                          | The target architecture platform to build the image for.                                                                                                                              | `string`       | `null`         | no |
+| <a name="input_scan_on_push"></a> [scan\_on\_push](#input\_scan\_on\_push)                                          | Indicates whether images are scanned after being pushed to the repository                                                                                                             | `bool`         | `false`        | no |
+| <a name="input_source_path"></a> [source\_path](#input\_source\_path)                                               | Path to folder containing application code                                                                                                                                            | `string`       | `null`         | no |
+| <a name="input_triggers"></a> [triggers](#input\_triggers)                                                          | A map of arbitrary strings that, when changed, will force the docker\_image resource to be replaced. This can be used to rebuild an image when contents of source code folders change | `map(string)`  | `{}`           | no |
+| <a name="input_use_image_tag"></a> [use\_image\_tag](#input\_use\_image\_tag)                                       | Controls whether to use image tag in ECR repository URI or not. Disable this to deploy latest image using ID (sha256:...)                                                             | `bool`         | `true`         | no |
 
 ## Outputs
 

modules/docker-build/main.tf

@@ -7,6 +7,15 @@ locals {
   ecr_repo       = var.create_ecr_repo ? aws_ecr_repository.this[0].id : var.ecr_repo
   image_tag      = var.use_image_tag ? coalesce(var.image_tag, formatdate("YYYYMMDDhhmmss", timestamp())) : null
   ecr_image_name = var.use_image_tag ? format("%v/%v:%v", local.ecr_address, local.ecr_repo, local.image_tag) : format("%v/%v", local.ecr_address, local.ecr_repo)
+
+  previous_image_from_ecr = try(data.external.latest_ecr_image[0].result.image_uri, "")
+
+  previous_image_list = (
+  var.use_cache_from_previous_image && local.previous_image_from_ecr != ""
+  ) ? [local.previous_image_from_ecr] : []
+
+  cache_from_effective = concat(var.cache_from, local.previous_image_list)
+
 }
 
 resource "docker_image" "this" {
@@ -17,7 +26,7 @@ resource "docker_image" "this" {
     dockerfile = var.docker_file_path
     build_args = var.build_args
     platform   = var.platform
-    cache_from = var.cache_from
+    cache_from = local.cache_from_effective
   }
 
   force_remove = var.force_remove
@@ -33,6 +42,17 @@ resource "docker_registry_image" "this" {
   triggers = length(var.triggers) == 0 ? { image_id = docker_image.this.image_id } : var.triggers
 }
 
+data "external" "latest_ecr_image" {
+  count = var.use_cache_from_previous_image ? 1 : 0
+
+  program = ["bash", "${path.module}/scripts/get-latest-ecr-image.sh"]
+
+  query = {
+    repository = var.ecr_repo
+    region     = data.aws_region.current.name
+  }
+}
+
 resource "aws_ecr_repository" "this" {
   count = var.create_ecr_repo ? 1 : 0
 

modules/docker-build/scripts/get-latest-ecr-image.sh

@@ -0,0 +1,38 @@
+#!/bin/bash
+
+# Lecture de l'entrée JSON
+read -r INPUT
+REPO=$(echo "$INPUT" | jq -r '.repository // empty')
+REGION=$(echo "$INPUT" | jq -r '.region // empty')
+
+if [[ -z "$REPO" || -z "$REGION" ]]; then
+  echo '{"image_uri": ""}'
+  exit 0
+fi
+
+# Check if repo exists
+if ! aws ecr describe-repositories --repository-names "$REPO" --region "$REGION" >/dev/null 2>&1; then
+  echo 'no{"image_uri": ""}'
+  exit 0
+fi
+
+# Get latest image tag
+IMAGE=$(aws ecr describe-images \
+  --repository-name "$REPO" \
+  --region "$REGION" \
+  --query 'reverse(sort_by(imageDetails, &imagePushedAt))[?imageTags]|[0].imageTags[0]' \
+  --output text 2>/dev/null || echo "")
+
+if [ -z "$IMAGE" ] || [ "$IMAGE" == "None" ]; then
+  echo '{"image_uri": ""}'
+  exit 0
+fi
+
+# Get full image URI
+URI=$(aws ecr describe-repositories \
+  --repository-names "$REPO" \
+  --region "$REGION" \
+  --query 'repositories[0].repositoryUri' \
+  --output text)
+
+echo "{\"image_uri\": \"${URI}:${IMAGE}\"}"

modules/docker-build/variables.tf

@@ -118,3 +118,10 @@ variable "cache_from" {
   type        = list(string)
   default     = []
 }
+
+variable "use_cache_from_previous_image" {
+  description = "If true, use the most recently pushed image in ECR as Docker cache source (cache_from). Requires an existing ECR repo."
+  type        = bool
+  default     = false
+}
+

modules/docker-build/versions.tf

@@ -14,5 +14,9 @@ terraform {
       source  = "hashicorp/null"
       version = ">= 2.0"
     }
+    external = {
+      source  = "hashicorp/external"
+      version = ">= 2.3"
+    }
   }
 }

wrappers/docker-build/main.tf

@@ -3,24 +3,25 @@ module "wrapper" {
 
   for_each = var.items
 
-  build_args                = try(each.value.build_args, var.defaults.build_args, {})
-  cache_from                = try(each.value.cache_from, var.defaults.cache_from, [])
-  create_ecr_repo           = try(each.value.create_ecr_repo, var.defaults.create_ecr_repo, false)
-  create_sam_metadata       = try(each.value.create_sam_metadata, var.defaults.create_sam_metadata, false)
-  docker_file_path          = try(each.value.docker_file_path, var.defaults.docker_file_path, "Dockerfile")
-  ecr_address               = try(each.value.ecr_address, var.defaults.ecr_address, null)
-  ecr_force_delete          = try(each.value.ecr_force_delete, var.defaults.ecr_force_delete, true)
-  ecr_repo                  = try(each.value.ecr_repo, var.defaults.ecr_repo, null)
-  ecr_repo_lifecycle_policy = try(each.value.ecr_repo_lifecycle_policy, var.defaults.ecr_repo_lifecycle_policy, null)
-  ecr_repo_tags             = try(each.value.ecr_repo_tags, var.defaults.ecr_repo_tags, {})
-  force_remove              = try(each.value.force_remove, var.defaults.force_remove, false)
-  image_tag                 = try(each.value.image_tag, var.defaults.image_tag, null)
-  image_tag_mutability      = try(each.value.image_tag_mutability, var.defaults.image_tag_mutability, "MUTABLE")
-  keep_locally              = try(each.value.keep_locally, var.defaults.keep_locally, false)
-  keep_remotely             = try(each.value.keep_remotely, var.defaults.keep_remotely, false)
-  platform                  = try(each.value.platform, var.defaults.platform, null)
-  scan_on_push              = try(each.value.scan_on_push, var.defaults.scan_on_push, false)
-  source_path               = try(each.value.source_path, var.defaults.source_path, null)
-  triggers                  = try(each.value.triggers, var.defaults.triggers, {})
-  use_image_tag             = try(each.value.use_image_tag, var.defaults.use_image_tag, true)
+  build_args                    = try(each.value.build_args, var.defaults.build_args, {})
+  use_cache_from_previous_image = try(each.value.use_cache_from_previous_image, var.defaults.use_cache_from_previous_image, false)
+  cache_from                    = try(each.value.cache_from, var.defaults.cache_from, [])
+  create_ecr_repo               = try(each.value.create_ecr_repo, var.defaults.create_ecr_repo, false)
+  create_sam_metadata           = try(each.value.create_sam_metadata, var.defaults.create_sam_metadata, false)
+  docker_file_path              = try(each.value.docker_file_path, var.defaults.docker_file_path, "Dockerfile")
+  ecr_address                   = try(each.value.ecr_address, var.defaults.ecr_address, null)
+  ecr_force_delete              = try(each.value.ecr_force_delete, var.defaults.ecr_force_delete, true)
+  ecr_repo                      = try(each.value.ecr_repo, var.defaults.ecr_repo, null)
+  ecr_repo_lifecycle_policy     = try(each.value.ecr_repo_lifecycle_policy, var.defaults.ecr_repo_lifecycle_policy, null)
+  ecr_repo_tags                 = try(each.value.ecr_repo_tags, var.defaults.ecr_repo_tags, {})
+  force_remove                  = try(each.value.force_remove, var.defaults.force_remove, false)
+  image_tag                     = try(each.value.image_tag, var.defaults.image_tag, null)
+  image_tag_mutability          = try(each.value.image_tag_mutability, var.defaults.image_tag_mutability, "MUTABLE")
+  keep_locally                  = try(each.value.keep_locally, var.defaults.keep_locally, false)
+  keep_remotely                 = try(each.value.keep_remotely, var.defaults.keep_remotely, false)
+  platform                      = try(each.value.platform, var.defaults.platform, null)
+  scan_on_push                  = try(each.value.scan_on_push, var.defaults.scan_on_push, false)
+  source_path                   = try(each.value.source_path, var.defaults.source_path, null)
+  triggers                      = try(each.value.triggers, var.defaults.triggers, {})
+  use_image_tag                 = try(each.value.use_image_tag, var.defaults.use_image_tag, true)
 }