Add support for AWS Elastic Container Registry (ECR)

Add example for Google Container Registry (GCR)
docker · Aug 20, 2020 · f37c715 · f37c715
1 parent e6dc03b
commit f37c715
Show file tree

Hide file tree

Showing 5 changed files with 169 additions and 23 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -83,3 +83,29 @@ jobs:
         if: always()
         run: |
           rm -f ${HOME}/.docker/config.json
+
+  ecr:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        logout:
+          - true
+          - false
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v2.3.1
+      -
+        name: Login to ECR
+        uses: ./
+        with:
+          registry: ${{ secrets.AWS_ACCOUNT_NUMBER }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com
+          username: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          logout: ${{ matrix.logout }}
+      -
+        name: Clear
+        if: always()
+        run: |
+          rm -f ${HOME}/.docker/config.json
diff --git a/README.md b/README.md
@@ -18,6 +18,8 @@ ___
   * [DockerHub](#dockerhub)
   * [GitHub Package Registry](#github-package-registry)
   * [GitLab](#gitlab)
+  * [Google Container Registry (GCR)](#gitlab)
+  * [AWS Elastic Container Registry (ECR)](#gitlab)
 * [Customizing](#customizing)
   * [inputs](#inputs)
 * [Limitation](#limitation)
@@ -34,7 +36,6 @@ name: ci
 on:
   push:
     branches: master
-    tags:
 
 jobs:
   login:
@@ -59,7 +60,6 @@ name: ci
 on:
   push:
     branches: master
-    tags:
 
 jobs:
   login:
@@ -85,7 +85,6 @@ name: ci
 on:
   push:
     branches: master
-    tags:
 
 jobs:
   login:
@@ -103,6 +102,67 @@ jobs:
           password: ${{ secrets.GITLAB_PASSWORD }}
 ```
 
+### Google Container Registry (GCR)
+
+Use a service account with the ability to push to GCR and [configure access control](https://cloud.google.com/container-registry/docs/access-control).
+Then create and download the JSON key for this service account and save content of `.json` file
+[as a secret](https://docs.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets#creating-encrypted-secrets-for-a-repository)
+called `GCR_JSON_KEY` in your GitHub repo. Ensure you set the username to `_json_key`.
+
+```yaml
+name: ci
+
+on:
+  push:
+    branches: master
+
+jobs:
+  login:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v2
+      -
+        name: Login to GCR
+        uses: crazy-max/ghaction-docker-login@v1
+        with:
+          registry: gcr.io
+          username: _json_key
+          password: ${{ secrets.GCR_JSON_KEY }}
+```
+
+### AWS Elastic Container Registry (ECR)
+
+Use an IAM user with the [ability to push to ECR](https://docs.aws.amazon.com/AmazonECR/latest/userguide/ecr_managed_policies.html).
+Then create and download access keys and save `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` [as secrets](https://docs.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets#creating-encrypted-secrets-for-a-repository)
+in your GitHub repo.
+
+```yaml
+name: ci
+
+on:
+  push:
+    branches: master
+
+jobs:
+  login:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v2
+      -
+        name: Login to ECR
+        uses: crazy-max/ghaction-docker-login@v1
+        with:
+          registry: <aws-account-number>.dkr.ecr.<region>.amazonaws.com
+          username: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+```
+
+> Replace `<aws-account-number>` and `<region>` with their respective values.
+
 ## Customizing
 
 ### inputs

diff --git a/dist/index.js b/dist/index.js
diff --git a/src/ecr.ts b/src/ecr.ts
@@ -0,0 +1,7 @@
+export const isECR = async (registry: string): Promise<boolean> => {
+  return registry.includes('amazonaws');
+};
+
+export const getRegion = async (registry: string): Promise<string> => {
+  return registry.substring(registry.indexOf('ecr.') + 4, registry.indexOf('.amazonaws'));
+};
diff --git a/src/main.ts b/src/main.ts
@@ -1,5 +1,6 @@
 import * as os from 'os';
 import * as core from '@actions/core';
+import * as ecr from './ecr';
 import * as exec from './exec';
 import * as stateHelper from './state-helper';
 
@@ -17,18 +18,30 @@ async function run(): Promise<void> {
     const username: string = core.getInput('username');
     const password: string = core.getInput('password', {required: true});
 
-    let loginArgs: Array<string> = ['login', '--password', password];
-    if (username) {
-      loginArgs.push('--username', username);
-    }
-    loginArgs.push(registry);
-
-    await exec.exec('docker', loginArgs, true).then(res => {
-      if (res.stderr != '' && !res.success) {
-        throw new Error(res.stderr);
+    if (await ecr.isECR(registry)) {
+      const ecrRegion = await ecr.getRegion(registry);
+      process.env.AWS_ACCESS_KEY_ID = username;
+      process.env.AWS_SECRET_ACCESS_KEY = password;
+      await exec.exec('aws', ['ecr', 'get-login', '--region', ecrRegion, '--no-include-email'], true).then(res => {
+        if (res.stderr != '' && !res.success) {
+          throw new Error(res.stderr);
+        }
+        core.info('🎉 Login Succeeded!');
+      });
+    } else {
+      let loginArgs: Array<string> = ['login', '--password', password];
+      if (username) {
+        loginArgs.push('--username', username);
       }
-      core.info('🎉 Login Succeeded!');
-    });
+      loginArgs.push(registry);
+
+      await exec.exec('docker', loginArgs, true).then(res => {
+        if (res.stderr != '' && !res.success) {
+          throw new Error(res.stderr);
+        }
+        core.info('🎉 Login Succeeded!');
+      });
+    }
   } catch (error) {
     core.setFailed(error.message);
   }