Add a --force-local-build flag to the deployment command to skip remote build

Author: myftija

packages/cli-v3/src/apiClient.ts

@@ -37,6 +37,7 @@ import {
   GetJWTRequestBody,
   GetJWTResponse,
   ApiBranchListResponseBody,
+  GenerateRegistryCredentialsResponseBody,
 } from "@trigger.dev/core/v3";
 import {
   WorkloadDebugLogRequestBody,
@@ -327,6 +328,22 @@ export class CliApiClient {
     );
   }
 
+  async generateRegistryCredentials(deploymentId: string) {
+    if (!this.accessToken) {
+      throw new Error("generateRegistryCredentials: No access token");
+    }
+
+    return wrapZodFetch(
+      GenerateRegistryCredentialsResponseBody,
+      `${this.apiURL}/api/v1/deployments/${deploymentId}/generate-registry-credentials`,
+      {
+        method: "POST",
+        headers: this.getHeaders(),
+        body: "{}",
+      }
+    );
+  }
+
   async initializeDeployment(body: InitializeDeploymentRequestBody) {
     if (!this.accessToken) {
       throw new Error("initializeDeployment: No access token");

packages/cli-v3/src/commands/deploy.ts

@@ -57,6 +57,7 @@ const DeployCommandOptions = CommonCommandOptions.extend({
   noCache: z.boolean().default(false),
   envFile: z.string().optional(),
   // Local build options
+  forceLocalBuild: z.boolean().optional(),
   network: z.enum(["default", "none", "host"]).optional(),
   push: z.boolean().optional(),
   builder: z.string().default("trigger"),
@@ -127,6 +128,7 @@ export function configureDeployCommand(program: Command) {
         ).hideHelp()
       )
       // Local build options
+      .option("--force-local-build", "Force a local build of the image")
       .addOption(new CommandOption("--push", "Push the image after local builds").hideHelp())
       .addOption(
         new CommandOption("--no-push", "Do not push the image after local builds").hideHelp()
@@ -320,7 +322,9 @@ async function _deployCommand(dir: string, options: DeployCommandOptions) {
     },
     envVars.TRIGGER_EXISTING_DEPLOYMENT_ID
   );
-  const isLocalBuild = !deployment.externalBuildData;
+  const isLocalBuild = options.forceLocalBuild || !deployment.externalBuildData;
+  // Would be best to actually store this separately in the deployment object. This is an okay proxy for now.
+  const remoteBuildExplicitlySkipped = options.forceLocalBuild && !!deployment.externalBuildData;
 
   // Fail fast if we know local builds will fail
   if (isLocalBuild) {
@@ -391,8 +395,10 @@ async function _deployCommand(dir: string, options: DeployCommandOptions) {
 
   const $spinner = spinner();
 
-  const buildSuffix = isLocalBuild ? " (local)" : "";
-  const deploySuffix = isLocalBuild ? " (local build)" : "";
+  const buildSuffix =
+    isLocalBuild && !process.env.TRIGGER_LOCAL_BUILD_LABEL_DISABLED ? " (local)" : "";
+  const deploySuffix =
+    isLocalBuild && !process.env.TRIGGER_LOCAL_BUILD_LABEL_DISABLED ? " (local build)" : "";
 
   if (isCI) {
     log.step(`Building version ${version}\n`);
@@ -420,6 +426,7 @@ async function _deployCommand(dir: string, options: DeployCommandOptions) {
     projectRef: resolvedConfig.project,
     apiUrl: projectClient.client.apiURL,
     apiKey: projectClient.client.accessToken!,
+    apiClient: projectClient.client,
     branchName: branch,
     authAccessToken: authorization.auth.accessToken,
     compilationPath: destination.path,
@@ -442,6 +449,7 @@ async function _deployCommand(dir: string, options: DeployCommandOptions) {
     network: options.network,
     builder: options.builder,
     push: options.push,
+    authenticateToRegistry: remoteBuildExplicitlySkipped,
   });
 
   logger.debug("Build result", buildResult);
@@ -525,6 +533,7 @@ async function _deployCommand(dir: string, options: DeployCommandOptions) {
     {
       imageDigest: buildResult.digest,
       skipPromotion: options.skipPromotion,
+      skipPushToRegistry: remoteBuildExplicitlySkipped,
     },
     (logMessage) => {
       if (isCI) {

packages/cli-v3/src/commands/workers/build.ts

@@ -336,6 +336,7 @@ async function _workerBuildCommand(dir: string, options: WorkersBuildCommandOpti
     projectRef: resolvedConfig.project,
     apiUrl: projectClient.client.apiURL,
     apiKey: projectClient.client.accessToken!,
+    apiClient: projectClient.client,
     branchName: branch,
     authAccessToken: authorization.auth.accessToken,
     compilationPath: destination.path,

packages/cli-v3/src/deploy/buildImage.ts

@@ -6,9 +6,12 @@ import { networkInterfaces } from "os";
 import { join } from "path";
 import { safeReadJSONFile } from "../utilities/fileSystem.js";
 import { readFileSync } from "fs";
+
 import { isLinux } from "std-env";
 import { z } from "zod";
 import { assertExhaustive } from "../utilities/assertExhaustive.js";
+import { tryCatch } from "@trigger.dev/core";
+import { CliApiClient } from "../apiClient.js";
 
 export interface BuildImageOptions {
   // Common options
@@ -19,6 +22,7 @@ export interface BuildImageOptions {
 
   // Local build options
   push?: boolean;
+  authenticateToRegistry?: boolean;
   network?: string;
   builder: string;
 
@@ -37,6 +41,7 @@ export interface BuildImageOptions {
   extraCACerts?: string;
   apiUrl: string;
   apiKey: string;
+  apiClient: CliApiClient;
   branchName?: string;
   buildEnvVars?: Record<string, string | undefined>;
   onLog?: (log: string) => void;
@@ -51,6 +56,7 @@ export async function buildImage(options: BuildImageOptions): Promise<BuildImage
     imagePlatform,
     noCache,
     push,
+    authenticateToRegistry,
     load,
     authAccessToken,
     imageTag,
@@ -66,6 +72,7 @@ export async function buildImage(options: BuildImageOptions): Promise<BuildImage
     extraCACerts,
     apiUrl,
     apiKey,
+    apiClient,
     branchName,
     buildEnvVars,
     network,
@@ -84,11 +91,13 @@ export async function buildImage(options: BuildImageOptions): Promise<BuildImage
       contentHash,
       projectRef,
       push,
+      authenticateToRegistry,
       load,
       noCache,
       extraCACerts,
       apiUrl,
       apiKey,
+      apiClient,
       branchName,
       buildEnvVars,
       network,
@@ -292,8 +301,10 @@ interface SelfHostedBuildImageOptions {
   projectRef: string;
   imagePlatform: string;
   push?: boolean;
+  authenticateToRegistry?: boolean;
   apiUrl: string;
   apiKey: string;
+  apiClient: CliApiClient;
   branchName?: string;
   noCache?: boolean;
   extraCACerts?: string;
@@ -305,7 +316,7 @@ interface SelfHostedBuildImageOptions {
 }
 
 async function localBuildImage(options: SelfHostedBuildImageOptions): Promise<BuildImageResults> {
-  const { builder, imageTag } = options;
+  const { builder, imageTag, deploymentId, apiClient } = options;
 
   // Ensure multi-platform build is supported on the local machine
   let builderExists = false;
@@ -414,6 +425,64 @@ async function localBuildImage(options: SelfHostedBuildImageOptions): Promise<Bu
 
   await ensureQemuRegistered(options.imagePlatform);
 
+  const errors: string[] = [];
+
+  let registryHost: string | undefined;
+  if (push && options.authenticateToRegistry) {
+    registryHost = process.env.TRIGGER_DOCKER_REGISTRY ?? extractRegistryHostFromImageTag(imageTag);
+
+    if (!registryHost) {
+      return {
+        ok: false as const,
+        error: "Failed to extract registry host from image tag",
+        logs: "",
+      };
+    }
+
+    const [credentialsError, credentials] = await tryCatch(
+      getDockerUsernameAndPassword(apiClient, deploymentId)
+    );
+
+    if (credentialsError) {
+      return {
+        ok: false as const,
+        error: `Failed to get docker credentials: ${credentialsError.message}`,
+        logs: "",
+      };
+    }
+
+    logger.debug(`Logging in to docker registry: ${registryHost}`);
+
+    const loginProcess = x(
+      "docker",
+      ["login", "--username", credentials.username, "--password-stdin", registryHost],
+      {
+        nodeOptions: {
+          cwd: options.cwd,
+        },
+      }
+    );
+
+    loginProcess.process?.stdin?.write(credentials.password);
+    loginProcess.process?.stdin?.end();
+
+    for await (const line of loginProcess) {
+      errors.push(line);
+      logger.debug(line);
+      options.onLog?.(line);
+    }
+
+    if (loginProcess.exitCode !== 0) {
+      return {
+        ok: false as const,
+        error: `Failed to login to registry: ${registryHost}`,
+        logs: extractLogs(errors),
+      };
+    }
+
+    options.onLog?.(`Successfully logged in to ${registryHost}`);
+  }
+
   const args = [
     "buildx",
     "build",
@@ -453,17 +522,16 @@ async function localBuildImage(options: SelfHostedBuildImageOptions): Promise<Bu
     "--progress",
     "plain",
     "-t",
-    options.imageTag,
+    imageTag,
     ".", // The build context
   ].filter(Boolean) as string[];
 
   logger.debug(`docker ${args.join(" ")}`, { cwd: options.cwd });
 
-  const errors: string[] = [];
-
-  // Build the image
   const buildProcess = x("docker", args, {
-    nodeOptions: { cwd: options.cwd },
+    nodeOptions: {
+      cwd: options.cwd,
+    },
   });
 
   for await (const line of buildProcess) {
@@ -474,6 +542,11 @@ async function localBuildImage(options: SelfHostedBuildImageOptions): Promise<Bu
   }
 
   if (buildProcess.exitCode !== 0) {
+    if (registryHost) {
+      logger.debug(`Logging out from docker registry: ${registryHost}`);
+      await x("docker", ["logout", registryHost]);
+    }
+
     return {
       ok: false as const,
       error: "Error building image",
@@ -519,6 +592,11 @@ async function localBuildImage(options: SelfHostedBuildImageOptions): Promise<Bu
     options.onLog?.(`Image size: ${(imageSizeBytes / (1024 * 1024)).toFixed(2)} MB`);
   }
 
+  if (registryHost) {
+    logger.debug(`Logging out from docker registry: ${registryHost}`);
+    await x("docker", ["logout", registryHost]);
+  }
+
   return {
     ok: true as const,
     imageSizeBytes,
@@ -840,6 +918,43 @@ function getAddHost(apiUrl: string) {
   return;
 }
 
+function extractRegistryHostFromImageTag(imageTag: string): string | undefined {
+  const host = imageTag.split("/")[0];
+
+  if (!host || !host.includes(".")) {
+    return undefined;
+  }
+
+  return host;
+}
+
+async function getDockerUsernameAndPassword(
+  apiClient: CliApiClient,
+  deploymentId: string
+): Promise<{ username: string; password: string }> {
+  if (process.env.TRIGGER_DOCKER_USERNAME && process.env.TRIGGER_DOCKER_PASSWORD) {
+    return {
+      username: process.env.TRIGGER_DOCKER_USERNAME,
+      password: process.env.TRIGGER_DOCKER_PASSWORD,
+    };
+  }
+
+  const result = await apiClient.generateRegistryCredentials(deploymentId);
+
+  if (!result.success) {
+    logger.debug("Failed to generate registry credentials", {
+      error: result.error,
+      deploymentId,
+    });
+    throw new Error("Failed to generate registry credentials");
+  }
+
+  return {
+    username: result.data.username,
+    password: result.data.password,
+  };
+}
+
 function isQemuRegistered() {
   try {
     // Check a single QEMU handler