kciter / aws-ecr-action Goto Github PK
View Code? Open in Web Editor NEWThis Action allows you to create Docker images and push into a ECR repository.
License: MIT License
This Action allows you to create Docker images and push into a ECR repository.
License: MIT License
Just wondering if there are any plans to create a release version which includes the recent GitHub Action deprecation upgrades? https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
I see the fix for deprecation warnings merged in here: #46 but this is only on master at the moment and not in the last v4 release.
I have a repository where the Dockerfile is not on the root directory, when I run the actions with the following settings I get an error because is ignoring the path argument:
- id: docker-push
uses: kciter/aws-ecr-action@master
with:
access_key_id: ${{ env.AWS_ACCESS_KEY_ID }}
secret_access_key: ${{ env.AWS_SECRET_ACCESS_KEY }}
account_id: ${{ env.AWS_ACCOUNT_ID }}
repo: geth/binance/full
region: ${{ env.AWS_REGION }}
tags: latest,${{ github.sha }}
path: "./node"
You can notice from the output that is not searching on that folder
Run kciter/aws-ecr-action@master
/usr/bin/docker run --name e4b6662b4b6db24bd59b0e7494f7af824c_420302 --label 5588e4 --workdir /github/workspace --rm -e SLACK_WEBHOOK_URL -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -e AWS_ACCOUNT_ID -e AWS_REGION -e INPUT_ACCESS_KEY_ID -e INPUT_SECRET_ACCESS_KEY -e INPUT_ACCOUNT_ID -e INPUT_REPO -e INPUT_REGION -e INPUT_TAGS -e INPUT_PATH -e INPUT_ASSUME_ROLE -e INPUT_CREATE_REPO -e INPUT_SET_REPO_POLICY -e INPUT_REPO_POLICY_FILE -e INPUT_DOCKERFILE -e INPUT_EXTRA_BUILD_ARGS -e INPUT_PREBUILD_SCRIPT -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RETENTION_DAYS -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e GITHUB_ACTION_REPOSITORY -e GITHUB_ACTION_REF -e GITHUB_PATH -e GITHUB_ENV -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/bsc-etl-streaming/bsc-etl-streaming":"/github/workspace" 5588e4:b6662b4b6db24bd59b0e7494f7af824c
== START LOGIN
WARNING! Using -*** the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /github/home/.docker/config.json.
Login Succeeded
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
== FINISHED LOGIN
== START DOCKERIZE
unable to prepare context: unable to evaluate symlinks in Dockerfile path: lstat /github/workspace/Dockerfile: no such file or directory
Hi,
When I give a custom folder path for Dockerfile in path attribute, docker build
command seems to be failing with below error:
ex path:
path: ${{ env.INPUT_PATH }}
path: ${{ env.FILE_PATH }}
== START DOCKERIZE
"docker build" requires exactly 1 argument.
See 'docker build --help'.
Usage: docker build [OPTIONS] PATH | URL | -
Build an image from a Dockerfile
I am not giving any arguments at all. Looking at entrypoint.sh, looks like the below function is missing path and $INPUT_PATH. Could that be the issue?
function main() {
sanitize "${INPUT_ACCESS_KEY_ID}" "access_key_id"
sanitize "${INPUT_SECRET_ACCESS_KEY}" "secret_access_key"
sanitize "${INPUT_REGION}" "region"
sanitize "${INPUT_ACCOUNT_ID}" "account_id"
sanitize "${INPUT_REPO}" "repo"
ACCOUNT_URL="$INPUT_ACCOUNT_ID.dkr.ecr.$INPUT_REGION.amazonaws.com"
Please let me know if I am doing something wrong.
Thanks,
Keerti
I'm running the action with the following parameters and folder structure. Given the specs and the CircleCI orb ref, I expected that it would grab the Dockerfile from the specified path, however it's using the one at the root level, as shown in the output.
uses: kciter/aws-ecr-action@v1
with:
account_id: ***
access_key_id: ***
secret_access_key: ***
region: ***
create_repo: true
path: ./infra/modules/ec2/docker/nginx
repo: blog-web-server/nginx
tags: latest
dockerfile: Dockerfile
├── Dockerfile
├── infra
| ├── modules
│ | ├── ec2
│ │ | | ├── docker
│ │ │ | | ├── nginx
│ │ │ | | | ├── Dockerfile
FROM nginx:1.19
...
FROM node:10
...
...
== START DOCKERIZE
Sending build context to Docker daemon 14.91kB
COPY failed: no source files were specified
Step 1/5 : FROM node:10
---> e7671d9424c2
== START LOGIN
An error occurred (UnrecognizedClientException) when calling the GetAuthorizationToken operation: The security token included in the request is invalid.
Getting this error when using secrets for aws account ID
Hey,
I'm using your GitHub action to push my docker image to ecr, but the action fails every time complaing Dockerfile is missing.
My repo structure:
repo
|----Dockerfile
|----.github
|----workflows
|----action.yml
If i don't set the path variable in the job i get the following error:
/usr/bin/docker run --name af96b426492533e83b426ba94140811963aaa8_19dc66 --label af96b4 --workdir /github/workspace --rm -e INPUT_ACCESS_KEY_ID -e INPUT_SECRET_ACCESS_KEY -e INPUT_ACCOUNT_ID -e INPUT_REPO -e INPUT_REGION -e INPUT_TAGS -e INPUT_CREATE_REPO -e INPUT_EXTRA_BUILD_ARGS -e INPUT_DOCKERFILE -e INPUT_PATH -e HOME -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e GITHUB_ACTIONS=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/orchard-iot-service/orchard-iot-service":"/github/workspace" af96b4:26492533e83b426ba94140811963aaa8
== START LOGIN
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /github/home/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
== FINISHED LOGIN
== START DOCKERIZE
unable to prepare context: unable to evaluate symlinks in Dockerfile path: lstat /github/workspace/Dockerfile: no such file or directory
##[error]Docker run failed with exit code 1
If i set the path variable to ../../../Dockerfile
I get the following error:
/usr/bin/docker run --name af96b481857813853d401a8d317be1694475bc_d6deb8 --label af96b4 --workdir /github/workspace --rm -e INPUT_ACCESS_KEY_ID -e INPUT_SECRET_ACCESS_KEY -e INPUT_ACCOUNT_ID -e INPUT_REPO -e INPUT_REGION -e INPUT_TAGS -e INPUT_CREATE_REPO -e INPUT_EXTRA_BUILD_ARGS -e INPUT_PATH -e INPUT_DOCKERFILE -e HOME -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e GITHUB_ACTIONS=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/orchard-iot-service/orchard-iot-service":"/github/workspace" af96b4:81857813853d401a8d317be1694475bc
== START LOGIN
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /github/home/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
== FINISHED LOGIN
== START DOCKERIZE
unable to prepare context: path "../../../Dockerfile" not found
##[error]Docker run failed with exit code 1
What should the path variable be set to?
I'd like to push an image to one of my public repositories but it seems that the action "assumes" that it's a private repository and uses account_id to build the URL. There is no option to provide a registry
param.
Hello there,
Thank you for making this action available to the community. I have found it to be both pleasant to use and very helpful to me.
I have one question, though: Have you considered making caching from ECR available as a top-level argument to this action? I believe I can acheive the same thing by supplying --cache-from
to the extra_build_args
argument; however, this results in duplicating some of the environment variables.
Thanks
First, congrats for the action. It really works, although, I have an use case that I'm strugling to make it go with.
My usual docker image has an base image that does not change as much. Then I really would like an skipIfTagExists or something like that.
Ex:
skipIfImageExists = v0.0.23
If that image tag already exists on ECR, there is no need to create the docker image or push anything. What do you think?
In following action there is no possibility to enable KMS encryption for repository.
--encryption-configuration encryptionType="KMS",kmsKey=$KMS_KEY_ARN
During testing I was trying to figure out what was going on as the build kept wanting to push to dockerhub instead of ECR. This lead to a permissions error. The yaml itself was in correct indentation form and passed yaml linting however indentation was off to trigger the list properties for variables for this action. As a result it failed silently and continued moving on with an attempt to push to dockerhub instead of ECR.
The set-output
command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
Hi,
The actions plugin works quite well. It creates the repo, sets the repo policy. It will be nice if this also lets us submit a lifecycle policy file.
Thanks,
Keerti
building 'Cython.Plex.Scanners' extension
creating build/temp.linux-x86_64-2.7
creating build/temp.linux-x86_64-2.7/tmp
creating build/temp.linux-x86_64-2.7/tmp/pip-install-jjBTYm
creating build/temp.linux-x86_64-2.7/tmp/pip-install-jjBTYm/Cython
creating build/temp.linux-x86_64-2.7/tmp/pip-install-jjBTYm/Cython/Cython
creating build/temp.linux-x86_64-2.7/tmp/pip-install-jjBTYm/Cython/Cython/Plex
gcc -fno-strict-aliasing -Os -fomit-frame-pointer -g -DNDEBUG -Os -fomit-frame-pointer -g -DTHREAD_STACK_SIZE=0x100000 -fPIC -I/usr/include/python2.7 -c /tmp/pip-install-jjBTYm/Cython/Cython/Plex/Scanners.c -o build/temp.linux-x86_64-2.7/tmp/pip-install-jjBTYm/Cython/Cython/Plex/Scanners.o
unable to execute 'gcc': No such file or directory
error: command 'gcc' failed with exit status 1
----------------------------------------
Command "/usr/bin/python2 -u -c "import setuptools, tokenize;__file__='/tmp/pip-install-jjBTYm/Cython/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" install --record /tmp/pip-record-E4EaLW/install-record.txt --single-version-externally-managed --prefix /tmp/pip-build-env-dgWVRE --compile" failed with error code 1 in /tmp/pip-install-jjBTYm/Cython/
----------------------------------------
Command "/usr/bin/python2 -m pip install --ignore-installed --no-user --prefix /tmp/pip-build-env-dgWVRE --no-warn-script-location --no-binary :none: --only-binary :none: -i https://pypi.org/simple -- setuptools wheel Cython" failed with error code 1 in None
The command '/bin/sh -c apk update && apk upgrade && apk add --no-cache --update python py-pip coreutils bash && rm -rf /var/cache/apk/* && pip install awscli && apk --purge -v del py-pip' returned a non-zero code: 1
I am getting this error not sure why
secret_access_key: ***
account_id: ***
repo: vsr-repo
region: eu-central-1
create_repo: true
tags: latest,36ca1f541dd2bd76c02c8187d30c877b05d08113
/usr/bin/docker run --name ghcriokciterawsecractionlatest_d69747 --label 8a33c1 --workdir /github/workspace --rm -e INPUT_ACCESS_KEY_ID -e INPUT_SECRET_ACCESS_KEY -e INPUT_ACCOUNT_ID -e INPUT_REPO -e INPUT_REGION -e INPUT_CREATE_REPO -e INPUT_TAGS -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RETENTION_DAYS -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e GITHUB_ACTION_REPOSITORY -e GITHUB_ACTION_REF -e GITHUB_PATH -e GITHUB_ENV -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/vsr/vsr":"/github/workspace" ghcr.io/kciter/aws-ecr-action:latest
== START LOGIN
WARNING! Using -*** the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /github/home/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
== FINISHED LOGIN
== START DOCKERIZE
unable to prepare context: path "***.dkr.ecr.eu-central-1.amazonaws.com/vsr-repo:latest" not found
Here is my yaml file
name: ECR Build and Push
on: [push]
jobs:
build-and-push:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: docker://ghcr.io/kciter/aws-ecr-action:latest
with:
access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
account_id: ${{ secrets.AWS_ACCOUNT_ID }}
repo: vsr-repo
region: eu-central-1
create_repo: true
tags: latest,${{ github.sha }}
My repo name is vsr-repo and I have already created it.
Dockerfile is in the root of the project.
The IAM user has admin acess. Not sure if I've done something wrong, help would be appreciated.
To DevOps,
I am using the following:
with:
access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
account_id: ${{ secrets.AWS_ACCOUNT_ID }}
repo: docker/repo
region: us-east-1
create_repo: true
path: ./GHConApp3
And I get:
== FINISHED LOGIN
== START DOCKERIZE
"docker build" requires exactly 1 argument.
How can I see the docker build command with arguments.
Thanks,
Marc
how can i pass build arg with this action?
I've tried a bunch of times and nothing work:
extra_build_args: "ARG=value"
extra_build_args: ARG=value
extra_build_args: |
"ARG=value"
extra_build_args: |
ARG=value
Everything goes wrong..
Hi @kciter,
thanks for this great GH action. We've been using it and makes our life much easier. I've been thinking if you are considering adding support for new Docker buildx
(https://github.com/docker/setup-buildx-action) so that users can benefit e.g. from passing secrets directly to the builds (https://docs.docker.com/develop/develop-images/build_enhancements/).
Thanks!
When I run this in a Github action it takes about 30-40s to pull all the layers. I wonder if this can be published to Docker Hub.
I'm attempting to use this action to build and push a docker image to AWS ECR.
after this:
== START PUSH TO ECR
The push refers to repository [***.dkr.ecr.us-east-1.amazonaws.com/my-app]
6403477052d0: Preparing
...
I'm getting no basic auth credentials
. What could be the cause of that?
Causes issue: tags: ${{ github.sha }}, ${{ github.event.release.tag_name }}
Notice the space between first and second tag.
When the tags are written like above, docker image is incorrectly tagged as
Successfully tagged v0.0.3/kheti:155ca90a37197e8db0e7fa1645635c42a13838e7
where v0.0.3
is the second tag.
When I remove the space between the tags, it works fine.
For Tags is it possible to pass a Unix expression to take the current time stamp. Example below
tags:
date +%F-%I-%M``
Hi,
Action seems to work with a single tag, but failing with multiple tags with below error:
== FINISHED LOGIN
== START DOCKERIZE
"docker build" requires exactly 1 argument.
See 'docker build --help'.
Usage: docker build [OPTIONS] PATH | URL | -
Build an image from a Dockerfile
I have tried the below formats for tags attribute. Nothing seems to work.
tags: latest,${{ github.sha }}
tags: "latest,${{ github.sha }}"
tags: 'latest,${{ github.sha }}'
tags: latest,"${{ github.sha }}"
Can someone please help with this?
Thanks,
Keerti
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.