CTO, 2018. 07 ~
kciter / aws-ecr-action Goto Github PK
View Code? Open in Web Editor NEWThis Action allows you to create Docker images and push into a ECR repository.
License: MIT License
aws-ecr-action's Introduction
aws-ecr-action's People
Contributors
Stargazers
Watchers
Forkers
tixl barnumd nvandijk oforce theikkila scottofx lvyingde51 tpietsc1 microcred totogo frani dwight-biddle pharingee insightiv haohaowasky smitp mridang philherbert rouralberto harvard-edtech edmothershaw mehd-io fundefir-dev bvkin hoversh hokedo jpparajeles szwed hopin-team lmegviar isherraikmo rckreddy bhavika gvhuyssteen phortonssf emandry ltetzlaff okta-it davedash brian-dawn codfish felipeac leaflink scraye koslib apify cohandv innovaciongascaribe muellerzr gocomo xcpep jondavidjohn bgilbert6 pralphv pablitoc valdavasquez dovchik isimd lightbeam-mf taylorsmithgg kruegernet syllogy lanixxfielmann lekesako stjordanis adam-shub altavec argonautdev getritmo trombini77 ulankford mprenditore decash-official alexrogalskiy kristianpaynova simpligroup diogohudson eftours blockodyssey-jisung donofriov icarros alexabidri amirza-clear oncase ntnsouza wombatpm curbside-health-inc dhdtech caju-beneficios jboewer hubswitch specep1 brunofaustino rotour plentymarkets gll-sistemasaws-ecr-action's Issues
Doesn't work with public repositories
I'd like to push an image to one of my public repositories but it seems that the action "assumes" that it's a private repository and uses account_id to build the URL. There is no option to provide a registry param.
Space in comma separated tags results in incorrect tagging
Causes issue: tags: ${{ github.sha }}, ${{ github.event.release.tag_name }}
Notice the space between first and second tag.
When the tags are written like above, docker image is incorrectly tagged as
Successfully tagged v0.0.3/kheti:155ca90a37197e8db0e7fa1645635c42a13838e7 where v0.0.3 is the second tag.
When I remove the space between the tags, it works fine.
Invalid security token
== START LOGIN
An error occurred (UnrecognizedClientException) when calling the GetAuthorizationToken operation: The security token included in the request is invalid.
Getting this error when using secrets for aws account ID
Docker Hub
When I run this in a Github action it takes about 30-40s to pull all the layers. I wonder if this can be published to Docker Hub.
unable to prepare context: path "***.dkr.ecr.eu-central-1.amazonaws.com.." issue
I am getting this error not sure why
secret_access_key: ***
account_id: ***
repo: vsr-repo
region: eu-central-1
create_repo: true
tags: latest,36ca1f541dd2bd76c02c8187d30c877b05d08113
/usr/bin/docker run --name ghcriokciterawsecractionlatest_d69747 --label 8a33c1 --workdir /github/workspace --rm -e INPUT_ACCESS_KEY_ID -e INPUT_SECRET_ACCESS_KEY -e INPUT_ACCOUNT_ID -e INPUT_REPO -e INPUT_REGION -e INPUT_CREATE_REPO -e INPUT_TAGS -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RETENTION_DAYS -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e GITHUB_ACTION_REPOSITORY -e GITHUB_ACTION_REF -e GITHUB_PATH -e GITHUB_ENV -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/vsr/vsr":"/github/workspace" ghcr.io/kciter/aws-ecr-action:latest
== START LOGIN
WARNING! Using -*** the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /github/home/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
== FINISHED LOGIN
== START DOCKERIZE
unable to prepare context: path "***.dkr.ecr.eu-central-1.amazonaws.com/vsr-repo:latest" not found
Here is my yaml file
name: ECR Build and Push
on: [push]
jobs:
build-and-push:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: docker://ghcr.io/kciter/aws-ecr-action:latest
with:
access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
account_id: ${{ secrets.AWS_ACCOUNT_ID }}
repo: vsr-repo
region: eu-central-1
create_repo: true
tags: latest,${{ github.sha }}
My repo name is vsr-repo and I have already created it.
Dockerfile is in the root of the project.
The IAM user has admin acess. Not sure if I've done something wrong, help would be appreciated.
Module build failed
building 'Cython.Plex.Scanners' extension
creating build/temp.linux-x86_64-2.7
creating build/temp.linux-x86_64-2.7/tmp
creating build/temp.linux-x86_64-2.7/tmp/pip-install-jjBTYm
creating build/temp.linux-x86_64-2.7/tmp/pip-install-jjBTYm/Cython
creating build/temp.linux-x86_64-2.7/tmp/pip-install-jjBTYm/Cython/Cython
creating build/temp.linux-x86_64-2.7/tmp/pip-install-jjBTYm/Cython/Cython/Plex
gcc -fno-strict-aliasing -Os -fomit-frame-pointer -g -DNDEBUG -Os -fomit-frame-pointer -g -DTHREAD_STACK_SIZE=0x100000 -fPIC -I/usr/include/python2.7 -c /tmp/pip-install-jjBTYm/Cython/Cython/Plex/Scanners.c -o build/temp.linux-x86_64-2.7/tmp/pip-install-jjBTYm/Cython/Cython/Plex/Scanners.o
unable to execute 'gcc': No such file or directory
error: command 'gcc' failed with exit status 1
----------------------------------------
Command "/usr/bin/python2 -u -c "import setuptools, tokenize;__file__='/tmp/pip-install-jjBTYm/Cython/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" install --record /tmp/pip-record-E4EaLW/install-record.txt --single-version-externally-managed --prefix /tmp/pip-build-env-dgWVRE --compile" failed with error code 1 in /tmp/pip-install-jjBTYm/Cython/
----------------------------------------
Command "/usr/bin/python2 -m pip install --ignore-installed --no-user --prefix /tmp/pip-build-env-dgWVRE --no-warn-script-location --no-binary :none: --only-binary :none: -i https://pypi.org/simple -- setuptools wheel Cython" failed with error code 1 in None
The command '/bin/sh -c apk update && apk upgrade && apk add --no-cache --update python py-pip coreutils bash && rm -rf /var/cache/apk/* && pip install awscli && apk --purge -v del py-pip' returned a non-zero code: 1
New release v4
Missing KMS encryption
In following action there is no possibility to enable KMS encryption for repository.
--encryption-configuration encryptionType="KMS",kmsKey=$KMS_KEY_ARN
Problem with using path argument
I have a repository where the Dockerfile is not on the root directory, when I run the actions with the following settings I get an error because is ignoring the path argument:
- id: docker-push
uses: kciter/aws-ecr-action@master
with:
access_key_id: ${{ env.AWS_ACCESS_KEY_ID }}
secret_access_key: ${{ env.AWS_SECRET_ACCESS_KEY }}
account_id: ${{ env.AWS_ACCOUNT_ID }}
repo: geth/binance/full
region: ${{ env.AWS_REGION }}
tags: latest,${{ github.sha }}
path: "./node"
You can notice from the output that is not searching on that folder
Run kciter/aws-ecr-action@master
/usr/bin/docker run --name e4b6662b4b6db24bd59b0e7494f7af824c_420302 --label 5588e4 --workdir /github/workspace --rm -e SLACK_WEBHOOK_URL -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -e AWS_ACCOUNT_ID -e AWS_REGION -e INPUT_ACCESS_KEY_ID -e INPUT_SECRET_ACCESS_KEY -e INPUT_ACCOUNT_ID -e INPUT_REPO -e INPUT_REGION -e INPUT_TAGS -e INPUT_PATH -e INPUT_ASSUME_ROLE -e INPUT_CREATE_REPO -e INPUT_SET_REPO_POLICY -e INPUT_REPO_POLICY_FILE -e INPUT_DOCKERFILE -e INPUT_EXTRA_BUILD_ARGS -e INPUT_PREBUILD_SCRIPT -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RETENTION_DAYS -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e GITHUB_ACTION_REPOSITORY -e GITHUB_ACTION_REF -e GITHUB_PATH -e GITHUB_ENV -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/bsc-etl-streaming/bsc-etl-streaming":"/github/workspace" 5588e4:b6662b4b6db24bd59b0e7494f7af824c
== START LOGIN
WARNING! Using -*** the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /github/home/.docker/config.json.
Login Succeeded
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
== FINISHED LOGIN
== START DOCKERIZE
unable to prepare context: unable to evaluate symlinks in Dockerfile path: lstat /github/workspace/Dockerfile: no such file or directory
ERROR: ca-certificates-20191127-r2: BAD archive
We started seeing the following error pop up on our Action about an hour ago (this is a GitHub hosted runner):
Anyone else seeing this issue? π
no basic auth credentials
I'm attempting to use this action to build and push a docker image to AWS ECR.
after this:
== START PUSH TO ECR
The push refers to repository [***.dkr.ecr.us-east-1.amazonaws.com/my-app]
6403477052d0: Preparing
...
I'm getting no basic auth credentials. What could be the cause of that?
Feature to add lifecycle policy
Hi,
The actions plugin works quite well. It creates the repo, sets the repo policy. It will be nice if this also lets us submit a lifecycle policy file.
Thanks,
Keerti
Support for Docker buildx
Hi @kciter,
thanks for this great GH action. We've been using it and makes our life much easier. I've been thinking if you are considering adding support for new Docker buildx (https://github.com/docker/setup-buildx-action) so that users can benefit e.g. from passing secrets directly to the builds (https://docs.docker.com/develop/develop-images/build_enhancements/).
Thanks!
Simple caching with ECR
Hello there,
Thank you for making this action available to the community. I have found it to be both pleasant to use and very helpful to me.
I have one question, though: Have you considered making caching from ECR available as a top-level argument to this action? I believe I can acheive the same thing by supplying --cache-from to the extra_build_args argument; however, this results in duplicating some of the environment variables.
Thanks
Check if image already exists on ECR
First, congrats for the action. It really works, although, I have an use case that I'm strugling to make it go with.
My usual docker image has an base image that does not change as much. Then I really would like an skipIfTagExists or something like that.
Ex:
skipIfImageExists = v0.0.23
If that image tag already exists on ECR, there is no need to create the docker image or push anything. What do you think?
set-output is deprecated
The set-output command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
Action failing with multiple tags
Hi,
Action seems to work with a single tag, but failing with multiple tags with below error:
== FINISHED LOGIN
== START DOCKERIZE
"docker build" requires exactly 1 argument.
See 'docker build --help'.
Usage: docker build [OPTIONS] PATH | URL | -
Build an image from a Dockerfile
I have tried the below formats for tags attribute. Nothing seems to work.
tags: latest,${{ github.sha }}
tags: "latest,${{ github.sha }}"
tags: 'latest,${{ github.sha }}'
tags: latest,"${{ github.sha }}"
Can someone please help with this?
Thanks,
Keerti
Bad Yaml results in silent failure
During testing I was trying to figure out what was going on as the build kept wanting to push to dockerhub instead of ECR. This lead to a permissions error. The yaml itself was in correct indentation form and passed yaml linting however indentation was off to trigger the list properties for variables for this action. As a result it failed silently and continued moving on with an attempt to push to dockerhub instead of ECR.
Release Version for GitHub Actions Upgrade?
Just wondering if there are any plans to create a release version which includes the recent GitHub Action deprecation upgrades? https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
I see the fix for deprecation warnings merged in here: #46 but this is only on master at the moment and not in the last v4 release.
[PROBLEM] extra_build_args doesnt work
how can i pass build arg with this action?
I've tried a bunch of times and nothing work:
extra_build_args: "ARG=value"
extra_build_args: ARG=value
extra_build_args: |
"ARG=value"
extra_build_args: |
ARG=value
Everything goes wrong..
Using path:
To DevOps,
I am using the following:
with:
access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
account_id: ${{ secrets.AWS_ACCOUNT_ID }}
repo: docker/repo
region: us-east-1
create_repo: true
path: ./GHConApp3
And I get:
== FINISHED LOGIN
== START DOCKERIZE
"docker build" requires exactly 1 argument.
How can I see the docker build command with arguments.
Thanks,
Marc
How to pass timestamp for tags
For Tags is it possible to pass a Unix expression to take the current time stamp. Example below
tags: date +%F-%I-%M``
Fails when path is not .
Hi,
When I give a custom folder path for Dockerfile in path attribute, docker build command seems to be failing with below error:
ex path:
path: ${{ env.INPUT_PATH }}
path: ${{ env.FILE_PATH }}
== START DOCKERIZE
"docker build" requires exactly 1 argument.
See 'docker build --help'.
Usage: docker build [OPTIONS] PATH | URL | -
Build an image from a Dockerfile
I am not giving any arguments at all. Looking at entrypoint.sh, looks like the below function is missing path and $INPUT_PATH. Could that be the issue?
function main() {
sanitize "${INPUT_ACCESS_KEY_ID}" "access_key_id"
sanitize "${INPUT_SECRET_ACCESS_KEY}" "secret_access_key"
sanitize "${INPUT_REGION}" "region"
sanitize "${INPUT_ACCOUNT_ID}" "account_id"
sanitize "${INPUT_REPO}" "repo"
ACCOUNT_URL="$INPUT_ACCOUNT_ID.dkr.ecr.$INPUT_REGION.amazonaws.com"Please let me know if I am doing something wrong.
Thanks,
Keerti
Path parameter not working properly
Bug report
I'm running the action with the following parameters and folder structure. Given the specs and the CircleCI orb ref, I expected that it would grab the Dockerfile from the specified path, however it's using the one at the root level, as shown in the output.
uses: kciter/aws-ecr-action@v1
with:
account_id: ***
access_key_id: ***
secret_access_key: ***
region: ***
create_repo: true
path: ./infra/modules/ec2/docker/nginx
repo: blog-web-server/nginx
tags: latest
dockerfile: Dockerfile
βββ Dockerfile
βββ infra
| βββ modules
β | βββ ec2
β β | | βββ docker
β β β | | βββ nginx
β β β | | | βββ Dockerfile
infra/modules/ec2/docker/nginx/Dockerfile
FROM nginx:1.19
...
~/Dockerfile
FROM node:10
...
Action output:
...
== START DOCKERIZE
Sending build context to Docker daemon 14.91kB
COPY failed: no source files were specified
Step 1/5 : FROM node:10
---> e7671d9424c2
docker build unable to find Dockerfile
Hey,
I'm using your GitHub action to push my docker image to ecr, but the action fails every time complaing Dockerfile is missing.
My repo structure:
repo
|----Dockerfile
|----.github
|----workflows
|----action.yml
If i don't set the path variable in the job i get the following error:
/usr/bin/docker run --name af96b426492533e83b426ba94140811963aaa8_19dc66 --label af96b4 --workdir /github/workspace --rm -e INPUT_ACCESS_KEY_ID -e INPUT_SECRET_ACCESS_KEY -e INPUT_ACCOUNT_ID -e INPUT_REPO -e INPUT_REGION -e INPUT_TAGS -e INPUT_CREATE_REPO -e INPUT_EXTRA_BUILD_ARGS -e INPUT_DOCKERFILE -e INPUT_PATH -e HOME -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e GITHUB_ACTIONS=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/orchard-iot-service/orchard-iot-service":"/github/workspace" af96b4:26492533e83b426ba94140811963aaa8
== START LOGIN
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /github/home/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
== FINISHED LOGIN
== START DOCKERIZE
unable to prepare context: unable to evaluate symlinks in Dockerfile path: lstat /github/workspace/Dockerfile: no such file or directory
##[error]Docker run failed with exit code 1
If i set the path variable to ../../../Dockerfile
I get the following error:
/usr/bin/docker run --name af96b481857813853d401a8d317be1694475bc_d6deb8 --label af96b4 --workdir /github/workspace --rm -e INPUT_ACCESS_KEY_ID -e INPUT_SECRET_ACCESS_KEY -e INPUT_ACCOUNT_ID -e INPUT_REPO -e INPUT_REGION -e INPUT_TAGS -e INPUT_CREATE_REPO -e INPUT_EXTRA_BUILD_ARGS -e INPUT_PATH -e INPUT_DOCKERFILE -e HOME -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e GITHUB_ACTIONS=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/orchard-iot-service/orchard-iot-service":"/github/workspace" af96b4:81857813853d401a8d317be1694475bc
== START LOGIN
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /github/home/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
== FINISHED LOGIN
== START DOCKERIZE
unable to prepare context: path "../../../Dockerfile" not found
##[error]Docker run failed with exit code 1
What should the path variable be set to?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.