Add support for AWS Elastic Container Registry (ECR)
Add example for Google Container Registry (GCR)
This commit is contained in:
parent
e6dc03b339
commit
f37c715508
|
@ -83,3 +83,29 @@ jobs:
|
|||
if: always()
|
||||
run: |
|
||||
rm -f ${HOME}/.docker/config.json
|
||||
|
||||
ecr:
|
||||
runs-on: ubuntu-latest
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
logout:
|
||||
- true
|
||||
- false
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
uses: actions/checkout@v2.3.1
|
||||
-
|
||||
name: Login to ECR
|
||||
uses: ./
|
||||
with:
|
||||
registry: ${{ secrets.AWS_ACCOUNT_NUMBER }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com
|
||||
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
||||
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
||||
logout: ${{ matrix.logout }}
|
||||
-
|
||||
name: Clear
|
||||
if: always()
|
||||
run: |
|
||||
rm -f ${HOME}/.docker/config.json
|
||||
|
|
66
README.md
66
README.md
|
@ -18,6 +18,8 @@ ___
|
|||
* [DockerHub](#dockerhub)
|
||||
* [GitHub Package Registry](#github-package-registry)
|
||||
* [GitLab](#gitlab)
|
||||
* [Google Container Registry (GCR)](#gitlab)
|
||||
* [AWS Elastic Container Registry (ECR)](#gitlab)
|
||||
* [Customizing](#customizing)
|
||||
* [inputs](#inputs)
|
||||
* [Limitation](#limitation)
|
||||
|
@ -34,7 +36,6 @@ name: ci
|
|||
on:
|
||||
push:
|
||||
branches: master
|
||||
tags:
|
||||
|
||||
jobs:
|
||||
login:
|
||||
|
@ -59,7 +60,6 @@ name: ci
|
|||
on:
|
||||
push:
|
||||
branches: master
|
||||
tags:
|
||||
|
||||
jobs:
|
||||
login:
|
||||
|
@ -85,7 +85,6 @@ name: ci
|
|||
on:
|
||||
push:
|
||||
branches: master
|
||||
tags:
|
||||
|
||||
jobs:
|
||||
login:
|
||||
|
@ -103,6 +102,67 @@ jobs:
|
|||
password: ${{ secrets.GITLAB_PASSWORD }}
|
||||
```
|
||||
|
||||
### Google Container Registry (GCR)
|
||||
|
||||
Use a service account with the ability to push to GCR and [configure access control](https://cloud.google.com/container-registry/docs/access-control).
|
||||
Then create and download the JSON key for this service account and save content of `.json` file
|
||||
[as a secret](https://docs.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets#creating-encrypted-secrets-for-a-repository)
|
||||
called `GCR_JSON_KEY` in your GitHub repo. Ensure you set the username to `_json_key`.
|
||||
|
||||
```yaml
|
||||
name: ci
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: master
|
||||
|
||||
jobs:
|
||||
login:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
uses: actions/checkout@v2
|
||||
-
|
||||
name: Login to GCR
|
||||
uses: crazy-max/ghaction-docker-login@v1
|
||||
with:
|
||||
registry: gcr.io
|
||||
username: _json_key
|
||||
password: ${{ secrets.GCR_JSON_KEY }}
|
||||
```
|
||||
|
||||
### AWS Elastic Container Registry (ECR)
|
||||
|
||||
Use an IAM user with the [ability to push to ECR](https://docs.aws.amazon.com/AmazonECR/latest/userguide/ecr_managed_policies.html).
|
||||
Then create and download access keys and save `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` [as secrets](https://docs.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets#creating-encrypted-secrets-for-a-repository)
|
||||
in your GitHub repo.
|
||||
|
||||
```yaml
|
||||
name: ci
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: master
|
||||
|
||||
jobs:
|
||||
login:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
-
|
||||
name: Checkout
|
||||
uses: actions/checkout@v2
|
||||
-
|
||||
name: Login to ECR
|
||||
uses: crazy-max/ghaction-docker-login@v1
|
||||
with:
|
||||
registry: <aws-account-number>.dkr.ecr.<region>.amazonaws.com
|
||||
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
||||
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
||||
```
|
||||
|
||||
> Replace `<aws-account-number>` and `<region>` with their respective values.
|
||||
|
||||
## Customizing
|
||||
|
||||
### inputs
|
||||
|
|
|
@ -953,6 +953,32 @@ class ExecState extends events.EventEmitter {
|
|||
|
||||
/***/ }),
|
||||
|
||||
/***/ 34:
|
||||
/***/ (function(__unusedmodule, exports) {
|
||||
|
||||
"use strict";
|
||||
|
||||
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
||||
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
||||
return new (P || (P = Promise))(function (resolve, reject) {
|
||||
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
||||
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
||||
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
||||
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
||||
});
|
||||
};
|
||||
Object.defineProperty(exports, "__esModule", { value: true });
|
||||
exports.getRegion = exports.isECR = void 0;
|
||||
exports.isECR = (registry) => __awaiter(void 0, void 0, void 0, function* () {
|
||||
return registry.includes('amazonaws');
|
||||
});
|
||||
exports.getRegion = (registry) => __awaiter(void 0, void 0, void 0, function* () {
|
||||
return registry.substring(registry.indexOf('ecr.') + 4, registry.indexOf('.amazonaws'));
|
||||
});
|
||||
//# sourceMappingURL=ecr.js.map
|
||||
|
||||
/***/ }),
|
||||
|
||||
/***/ 87:
|
||||
/***/ (function(module) {
|
||||
|
||||
|
@ -1048,6 +1074,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|||
Object.defineProperty(exports, "__esModule", { value: true });
|
||||
const os = __importStar(__webpack_require__(87));
|
||||
const core = __importStar(__webpack_require__(470));
|
||||
const ecr = __importStar(__webpack_require__(34));
|
||||
const exec = __importStar(__webpack_require__(807));
|
||||
const stateHelper = __importStar(__webpack_require__(153));
|
||||
function run() {
|
||||
|
@ -1062,17 +1089,30 @@ function run() {
|
|||
stateHelper.setLogout(core.getInput('logout'));
|
||||
const username = core.getInput('username');
|
||||
const password = core.getInput('password', { required: true });
|
||||
let loginArgs = ['login', '--password', password];
|
||||
if (username) {
|
||||
loginArgs.push('--username', username);
|
||||
if (yield ecr.isECR(registry)) {
|
||||
const ecrRegion = yield ecr.getRegion(registry);
|
||||
process.env.AWS_ACCESS_KEY_ID = username;
|
||||
process.env.AWS_SECRET_ACCESS_KEY = password;
|
||||
yield exec.exec('aws', ['ecr', 'get-login', '--region', ecrRegion, '--no-include-email'], true).then(res => {
|
||||
if (res.stderr != '' && !res.success) {
|
||||
throw new Error(res.stderr);
|
||||
}
|
||||
core.info('🎉 Login Succeeded!');
|
||||
});
|
||||
}
|
||||
loginArgs.push(registry);
|
||||
yield exec.exec('docker', loginArgs, true).then(res => {
|
||||
if (res.stderr != '' && !res.success) {
|
||||
throw new Error(res.stderr);
|
||||
else {
|
||||
let loginArgs = ['login', '--password', password];
|
||||
if (username) {
|
||||
loginArgs.push('--username', username);
|
||||
}
|
||||
core.info('🎉 Login Succeeded!');
|
||||
});
|
||||
loginArgs.push(registry);
|
||||
yield exec.exec('docker', loginArgs, true).then(res => {
|
||||
if (res.stderr != '' && !res.success) {
|
||||
throw new Error(res.stderr);
|
||||
}
|
||||
core.info('🎉 Login Succeeded!');
|
||||
});
|
||||
}
|
||||
}
|
||||
catch (error) {
|
||||
core.setFailed(error.message);
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
export const isECR = async (registry: string): Promise<boolean> => {
|
||||
return registry.includes('amazonaws');
|
||||
};
|
||||
|
||||
export const getRegion = async (registry: string): Promise<string> => {
|
||||
return registry.substring(registry.indexOf('ecr.') + 4, registry.indexOf('.amazonaws'));
|
||||
};
|
35
src/main.ts
35
src/main.ts
|
@ -1,5 +1,6 @@
|
|||
import * as os from 'os';
|
||||
import * as core from '@actions/core';
|
||||
import * as ecr from './ecr';
|
||||
import * as exec from './exec';
|
||||
import * as stateHelper from './state-helper';
|
||||
|
||||
|
@ -17,18 +18,30 @@ async function run(): Promise<void> {
|
|||
const username: string = core.getInput('username');
|
||||
const password: string = core.getInput('password', {required: true});
|
||||
|
||||
let loginArgs: Array<string> = ['login', '--password', password];
|
||||
if (username) {
|
||||
loginArgs.push('--username', username);
|
||||
}
|
||||
loginArgs.push(registry);
|
||||
|
||||
await exec.exec('docker', loginArgs, true).then(res => {
|
||||
if (res.stderr != '' && !res.success) {
|
||||
throw new Error(res.stderr);
|
||||
if (await ecr.isECR(registry)) {
|
||||
const ecrRegion = await ecr.getRegion(registry);
|
||||
process.env.AWS_ACCESS_KEY_ID = username;
|
||||
process.env.AWS_SECRET_ACCESS_KEY = password;
|
||||
await exec.exec('aws', ['ecr', 'get-login', '--region', ecrRegion, '--no-include-email'], true).then(res => {
|
||||
if (res.stderr != '' && !res.success) {
|
||||
throw new Error(res.stderr);
|
||||
}
|
||||
core.info('🎉 Login Succeeded!');
|
||||
});
|
||||
} else {
|
||||
let loginArgs: Array<string> = ['login', '--password', password];
|
||||
if (username) {
|
||||
loginArgs.push('--username', username);
|
||||
}
|
||||
core.info('🎉 Login Succeeded!');
|
||||
});
|
||||
loginArgs.push(registry);
|
||||
|
||||
await exec.exec('docker', loginArgs, true).then(res => {
|
||||
if (res.stderr != '' && !res.success) {
|
||||
throw new Error(res.stderr);
|
||||
}
|
||||
core.info('🎉 Login Succeeded!');
|
||||
});
|
||||
}
|
||||
} catch (error) {
|
||||
core.setFailed(error.message);
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue