docker_image build image even if file context and dockerfile doesn't change

[IlyesDemineExtVeolia]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and docker Provider) Version

Affected Resource(s)

• docker_image

Terraform Configuration Files

resource "docker_image" "this" {
  name = local.ecr_image_name

  build {
    context    = var.source_path
    dockerfile = var.docker_file_path
    build_args = var.build_args
    platform   = var.platform
  }
}

Debug Output

Panic Output

Expected Behaviour

Don't build and deploy if context and dockerfile doesn't change

Actual Behaviour

Build and Deploy at each terraform apply

Steps to Reproduce

1. terraform apply

Important Factoids

References

• #0000

[vnghia]

I found that the build will be retriggered if the content of (file, subfolder, etc) your context folder change, which makes sense because the provider does not know which file in the context folder will be used (e.g COPY or ADD could copy them into the image) while building the Dockerfile.

[asmisha]

In my case the build is triggered even if the content has not changed. I suspect that it's auth_config that causes the rebuild due to changing credentials.

[samuelcortinhas]

I've also come across this bug. Our use case was to build an image from a dockerfile in a folder src/example and push it to an AWS ECR repository. We wanted to only rebuild/push image when there were changes to the code in src/example. However, even with the triggers hash is the same, the docker_image is being rebuilt every time.

resource "docker_registry_image" "registry_image" {
  name = docker_image.image.name
}

resource "docker_image" "image" {
  name = "${aws_ecr_repository.repository.repository_url}:latest"

  build {
    context = "${path.module}/src/example"
  }
  triggers = {
    dir_sha1 = sha1(join("", [for f in fileset(path.module, "src/example/**") : filesha1(f)]))
  }
}

Our solution was to rollback to version 2.25.0 of kreuzwerker/docker. (note the above configuration needs changing for this version).

[pspot2]

I guess quite a few of us are currently sitting on 2.25.0 because of this.

See also #555

[5imun]

@enc In addition this issue there are also #555 and #607 all the same problem might be good to have them in one place and close duplicates...

This issue described in comment by samuelcortinhas is really annoying with CI deployments because virtual machine that runs terraform starts with clean local docker registry so docker_image resource acts like it was as remotely deleted and terraform tries to recreate it running the docker build again (even though image already exists in remote repo), if we could use docker_registry_image for building and uploading images like before it would solve this resource recreation problem on every terraform apply that happens during builds. Currently this kind of optimised behaviour is not possible to achieve after changes from version >2.25.0

[y-chen]

I opened #607.

@samuelcortinhas I had to update to v3+ becuase v2.5.0 started to throw errors out of nothing. Does it still work for you? I guess I will have to give it a try again because with this bug I am keep rebuilding stuff for nothing.

I am using AWS ECR too.

[y-chen]

Boh, I downgraded to v2.25.0 like others and now works again...

I guess we will never update it. :D

[CGarces]

That's weird, I have the opposite problem #647
The change is detected fine but the build it's not triggered.

[kiril-pcg]

I am using the terraform-aws-modules/lambda/aws module for creating lambdas and the docker-build module for creating the docker image.

I had the same problem, fixed it with downloading the docker-build module and adding it directly in my project, changing the version for "kreuzwerker/docker" to "2.25.0" and modifying the main.tf to use the docker_registry_image resource instead of the docker_image.

data "aws_region" "current" {}

data "aws_caller_identity" "this" {}

locals {
  ecr_address    = coalesce(var.ecr_address, format("%v.dkr.ecr.%v.amazonaws.com", data.aws_caller_identity.this.account_id, data.aws_region.current.name))
  ecr_repo       = var.create_ecr_repo ? aws_ecr_repository.this[0].id : var.ecr_repo
  image_tag      = var.use_image_tag ? coalesce(var.image_tag, formatdate("YYYYMMDDhhmmss", timestamp())) : null
  ecr_image_name = var.use_image_tag ? format("%v/%v:%v", local.ecr_address, local.ecr_repo, local.image_tag) : format("%v/%v", local.ecr_address, local.ecr_repo)
}

# resource "docker_image" "this" {
#   name = local.ecr_image_name

#   build {
#     context    = var.source_path
#     dockerfile = var.docker_file_path
#     build_args = var.build_args
#     platform   = var.platform
#   }

#   force_remove = var.force_remove
#   keep_locally = var.keep_locally
#   triggers     = var.triggers
# }

resource "docker_registry_image" "this" {
  name = local.ecr_image_name

  keep_remotely = var.keep_remotely

  build {
    context    = var.source_path
    dockerfile = var.docker_file_path
    build_args = var.build_args
    platform   = var.platform
  }
  
  triggers = var.triggers
}
......

And it worked perfectly.
Hope it helps someone.

[IlyesDemineExtVeolia]

@kiril-pcg @enc Thanks for your response. I will try your solution even if a permanent fix will be better