chore(ci): Add retryon429 for markdownlint (#736)

* chore(ci): Add retryon429 for markdownlint * fix: endpoint parameter when creating builder * fix: Improve error messages for public ECR push * chore: Linting and improve documentation
2025-12-18 14:56:17 -05:00 · 2025-06-04 19:51:09 +02:00 · 2025-06-04 19:51:09 +02:00 · e0eaa5e7d3
commit e0eaa5e7d3
parent ab151f9d5a
7 changed files with 35 additions and 5 deletions
--- a/.markdownlinkcheck.json
+++ b/.markdownlinkcheck.json
@ -2,5 +2,7 @@
    "ignorePatterns": [
    ],
    "replacementPatterns": [
-    ]
+    ],
+    "retryOn429": true,
+    "retryCount": 5
 }
--- a/docs/index.md
+++ b/docs/index.md
@ -68,6 +68,7 @@ connection check by setting the `disable_docker_daemon_check` argument to `true`

 Registry credentials can be provided on a per-registry basis with the `registry_auth`
 field, passing either a config file or the username/password directly.
+Please make sure, that you pass in the correct `address`. For example for ECR, the `registry_auth.address` should be of format `<id>.dkr.ecr.<zone>.amazonaws.com`. AWS ECR resource gives `ecr_url` which includes image name `<id>.dkr.ecr.<zone>.amazonaws.com/<image-name>`. So if you use ecr_url make a split `split("/", ecr_url)[0]` to be used in `registry_auth.address`.
 If you want to use an insecure http registry, please explicitly specify the `address` with the `http` protocol.

 -> **Note**
--- a/docs/resources/buildx_builder.md
+++ b/docs/resources/buildx_builder.md
@ -24,6 +24,7 @@ Manages a Docker Buildx builder instance. This resource allows you to create a
 - `docker_container` (Block List, Max: 1) Configuration block for the Docker-Container driver. (see [below for nested schema](#nestedblock--docker_container))
 - `driver` (String) The driver to use for the Buildx builder (e.g., docker-container, kubernetes).
 - `driver_options` (Map of String) Additional options for the Buildx driver in the form of `key=value,...`. These options are driver-specific.
+- `endpoint` (String) The endpoint or context to use for the Buildx builder, where context is the name of a context from docker context ls and endpoint is the address for Docker socket (eg. DOCKER_HOST value). By default, the current Docker configuration is used for determining the context/endpoint value.
 - `kubernetes` (Block List, Max: 1) Configuration block for the Kubernetes driver. (see [below for nested schema](#nestedblock--kubernetes))
 - `name` (String) The name of the Buildx builder. IF not specified, a random name will be generated.
 - `node` (String) Create/modify node with given name
--- a/internal/provider/resource_docker_buildx_builder.go
+++ b/internal/provider/resource_docker_buildx_builder.go
@ -107,6 +107,13 @@ func resourceDockerBuildxBuilder() *schema.Resource {
 				Description: "Automatically boot the builder after creation. Defaults to `false`",
 				ForceNew:    true,
 			},
+			"endpoint": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "The endpoint or context to use for the Buildx builder, where context is the name of a context from docker context ls and endpoint is the address for Docker socket (eg. DOCKER_HOST value). By default, the current Docker configuration is used for determining the context/endpoint value.",
+				Default:     "",
+				ForceNew:    true,
+			},
 			"kubernetes": {
 				Type:          schema.TypeList,
 				Optional:      true,
@ -448,6 +455,12 @@ func resourceDockerBuildxBuilderCreate(ctx context.Context, d *schema.ResourceDa
 	log.Printf("[DEBUG] Driver: %s", driver)
 	log.Printf("[DEBUG] Driver options: %s", driverOptions)

+	var ep string
+	v = d.Get("endpoint").(string)
+	if v != "" {
+		ep = v.(string)
+	}
+
 	b, err := builder.Create(ctx, txn, t, builder.CreateOpts{
 		Name:                name,
 		Driver:              driver,
@ -457,7 +470,7 @@ func resourceDockerBuildxBuilderCreate(ctx context.Context, d *schema.ResourceDa
 		BuildkitdFlags:      d.Get("buildkit_flags").(string),
 		BuildkitdConfigFile: d.Get("buildkit_config").(string),
 		Use:                 use,
-		Endpoint:            client.DaemonHost(),
+		Endpoint:            ep,
 		Append:              appendAction,
 	})

--- a/internal/provider/resource_docker_registry_image_funcs.go
+++ b/internal/provider/resource_docker_registry_image_funcs.go
@ -45,9 +45,9 @@ func resourceDockerRegistryImageCreate(ctx context.Context, d *schema.ResourceDa
 		log.Printf("[INFO] Using auth config from resource: %s", v)
 		authConfig = buildAuthConfigFromResource(v)
 	} else {
-		log.Printf("[INFO] Using auth config from provider: %s", v)
 		var err error
 		authConfig, err = getAuthConfigForRegistry(pushOpts.Registry, providerConfig)
+		log.Printf("[INFO] Using auth config from provider: %#v", authConfig)
 		if err != nil {
 			return diag.Errorf("resourceDockerRegistryImageCreate: Unable to get authConfig for registry: %s", err)
 		}
@ -245,6 +245,7 @@ func pushDockerRegistryImage(ctx context.Context, client *client.Client, pushOpt
 		pushOptions.RegistryAuth = authBase64
 	}

+	log.Printf("[DEBUG] Pushing image %s with options %#v", pushOpts.FqName, pushOptions)
 	out, err := client.ImagePush(ctx, pushOpts.FqName, pushOptions)
 	if err != nil {
 		return err
@ -265,13 +266,22 @@ func pushDockerRegistryImage(ctx context.Context, client *client.Client, pushOpt
 			return err
 		}
 		if errorMessage.Error != "" {
-			return fmt.Errorf("Error pushing image: %s", errorMessage.Error)
+			additionalMessage := createAdditionalErrorMessage(pushOpts.FqName)
+			return fmt.Errorf("Error pushing image. %s. Full error: %s", additionalMessage, errorMessage.Error)
 		}
 	}
 	log.Printf("[DEBUG] Pushed image: %s", pushOpts.FqName)
 	return nil
 }

+func createAdditionalErrorMessage(imageFqName string) string {
+	message := ""
+	if strings.HasPrefix(imageFqName, "public.ecr.aws/") {
+		message = "You are trying to push to a public ECR repository. One error cause might be that the image name does not have the correct format and registry alias: public.ecr.aws/<registry_alias>/<image>"
+	}
+	return message
+}
+
 func getAuthConfigForRegistry(
 	registryWithoutProtocol string,
 	providerConfig *ProviderConfig) (registry.AuthConfig, error) {
--- a/templates/index.md.tmpl
+++ b/templates/index.md.tmpl
@ -39,6 +39,7 @@ connection check by setting the `disable_docker_daemon_check` argument to `true`

 Registry credentials can be provided on a per-registry basis with the `registry_auth`
 field, passing either a config file or the username/password directly.
+Please make sure, that you pass in the correct `address`. For example for ECR, the `registry_auth.address` should be of format `<id>.dkr.ecr.<zone>.amazonaws.com`. AWS ECR resource gives `ecr_url` which includes image name `<id>.dkr.ecr.<zone>.amazonaws.com/<image-name>`. So if you use ecr_url make a split `split("/", ecr_url)[0]` to be used in `registry_auth.address`.
 If you want to use an insecure http registry, please explicitly specify the `address` with the `http` protocol.

 -> **Note**
--- a/testdata/resources/docker_buildx_builder/testAccDockerBuildxBuilderDockerContainer.tf
+++ b/testdata/resources/docker_buildx_builder/testAccDockerBuildxBuilderDockerContainer.tf
@ -1,6 +1,8 @@
 resource "docker_buildx_builder" "foo" {
  name = "foo"
  docker_container {
-    image = "docker:20.10.7"
+    image = "moby/buildkit:v0.22.0"
  }
+  use = true
+  bootstrap = true
 }