elgohr / ecr-login-action Goto Github PK
View Code? Open in Web Editor NEWA Github Action which can be used to authenticate with AWS ECR
License: MIT License
A Github Action which can be used to authenticate with AWS ECR
License: MIT License
The registry output returns a url with http protocol prepended like https://809698098.dkr.ecr.us-east-1.amazonaws.com
If you pass this manually to docker build
it will fail:
invalid argument "https://809698098.dkr.ecr.us-east-1.amazonaws.com/crashgiants:edb1219c31a7e2a27c56dc4b0f747ba191c781a7" for "-t, --tag" flag: invalid reference format
you need to then manually strip the https://
it will pass.
Docker version 19.03.13, build 4484c46d9d
This is a feature request/ asking whether PR would be accepted for the following environment:
When running a self hosted runner inside an AWS EKS Kubernetes cluster AWS has a feature called IRSA (IAM roles for service accounts). This feature allows accessing the AWS API directly from a pod.With this feature different environment variables + different API calls are used.
See nr 3 (Web Identity Token credentials from the environment or container) in credentials precedence.
Trigger are the following two env variables:
The implementation could look as follows:
aws sts assume-web-role-identity
which will then return AWS_SECRET_KEYS & others.It will require a rewrite of these lines + making $INPUT_ACCESS_KEY & $INPUT_SECRET_ACCESS_KEY optional. But it should be backwards compatible.
How do we proceed?
In some scenarios we use a builder role in some of our org accounts that is assumable by a central "builder user". It would be nice if this could use AWS_PROFILE (setup by "aws-actions/configure-aws-credentials@v1") in addition to the keys.
Hello, suddenly we are getting this without doing any changes from our side. I noticed this repo updated a few hours ago. must be something that affects it.
Must provide --username with --password-stdin
Error: Process completed with exit code 1.
Hi,
recently I started seeing the following (I even see this on past successful builds):
Step 3/12 : LABEL "maintainer"="Lars Gohr"
---> Running in 9d77cee4d6ce
Removing intermediate container 9d77cee4d6ce
---> 9082b5a5618c
Step 4/12 : RUN apk update && apk upgrade && apk add --no-cache python py-pip bash jq && pip install awscli && apk --purge -v del py-pip
---> Running in cd99825221f7
fetch http://dl-cdn.alpinelinux.org/alpine/v3.12/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.12/community/x86_64/APKINDEX.tar.gz
v3.12.0-9-gc3ce4065bd [http://dl-cdn.alpinelinux.org/alpine/v3.12/main]
v3.12.0-5-g644078feb4 [http://dl-cdn.alpinelinux.org/alpine/v3.12/community]
OK: 12726 distinct packages available
(1/1) Upgrading alpine-baselayout (3.2.0-r6 -> 3.2.0-r7)
Executing alpine-baselayout-3.2.0-r7.pre-upgrade
Executing alpine-baselayout-3.2.0-r7.post-upgrade
Executing busybox-1.31.1-r16.trigger
OK: 6 MiB in 14 packages
fetch http://dl-cdn.alpinelinux.org/alpine/v3.12/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.12/community/x86_64/APKINDEX.tar.gz
ERROR: unsatisfiable constraints:
python (missing):
required by: world[python]
The command '/bin/sh -c apk update && apk upgrade && apk add --no-cache python py-pip bash jq && pip install awscli && apk --purge -v del py-pip' returned a non-zero code: 1
##[warning]Docker build failed with exit code 1, back off 5.959 seconds before retry.
Can someone let me know what changed or how can I fix it?
Thanks
We have a use case where we need to use an image from a private ecr repo for a service, however, we need to generate an ECR Password before we can use the image. This isn't like a normal workflow where we could just through this action before an docker pull (or push), since we are using the image in a service.
We tried to run this as a setup and output the password, however, because "set-mask" is set for the password, GithubActions will not output the password.
I fully respect the name change and understand that we must free ourselves from a nomenclature associated with the era of slavery, but in this case the effect of the change has been quite large.
This update has broken hundreds of CI-CD pipelines because the examples and documentation indicated that we should target the master
branch.
uses: elgohr/ecr-login-action@master
Can you please keep a master branch to maintain backwards compatibility?
The action is a bit slow. I suggest removing apk upgrade, reducing step count in Dockerfile, not running unit tests on every use
Hello,
I've been using your ecr-login-action
for a few weeks now. The last couple of days it has been working, but now I am getting an error:
Run elgohr/ecr-login-action@master
with:
access_key: ***
secret_access_key: ***
region: ***
/usr/bin/docker run --name bb814fd65fd11dfc42b096513427cdd5ea9a_627926 --label 04bb81 --workdir /github/workspace --rm -e INPUT_ACCESS_KEY -e INPUT_SECRET_ACCESS_KEY -e INPUT_REGION -e HOME -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/slackcat/slackcat":"/github/workspace" 04bb81:4fd65fd11dfc42b096513427cdd5ea9a
An error occurred (UnrecognizedClientException) when calling the GetAuthorizationToken operation: The security token included in the request is invalid.
##[error]Docker run failed with exit code 255
This is my code:
name: Push Slackcat to ECR
on:
push:
branches:
- master
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
- name: Build the Docker image
run: docker build . --file Dockerfile --tag slackcat
- name: Login to ECR
id: ecr
uses: elgohr/ecr-login-action@master
with:
access_key: ${{ secrets.AWS_ACCESS_KEY }}
secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
region: us-east-1
- name: Publish to ECR
uses: elgohr/Publish-Docker-Github-Action@master
with:
name: XXXXXX.dkr.ecr.us-east-1.amazonaws.com/slackcat
username: ${{ steps.ecr.outputs.username }}
password: ${{ steps.ecr.outputs.password }}
registry: ${{ steps.ecr.outputs.registry }}
snapshot: true
Not sure if something has changed in the action that require me to make changes to my code?
Also, I will be opening an issue wrt the Publish-Docker-Github-Action
as I was getting errors there as well.
Thanks!
When using this action, this warning appears in the logs:
Warning: The set-output
command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
This is generated by the use of set-output
on lines 19-23 of entrypoint.sh:
ecr-login-action/entrypoint.sh
Lines 19 to 23 in c2c29ff
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.