Merge pull request #21 from crazy-max/handle-aws-env

Handle AWS credentials
This commit is contained in:
Tõnis Tiigi 2020-10-20 09:14:56 -07:00 committed by GitHub
commit adb73476b6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 82 additions and 47 deletions

Binary file not shown.

Before

Width:  |  Height:  |  Size: 5.0 KiB

After

Width:  |  Height:  |  Size: 5.0 KiB

@ -117,3 +117,34 @@ jobs:
# if: always() # if: always()
# run: | # run: |
# rm -f ${HOME}/.docker/config.json # rm -f ${HOME}/.docker/config.json
#
# ecr-aws-creds:
# runs-on: ${{ matrix.os }}
# strategy:
# fail-fast: false
# matrix:
# os:
# - ubuntu-20.04
# - ubuntu-18.04
# - ubuntu-16.04
# steps:
# -
# name: Checkout
# uses: actions/checkout@v2.3.1
# -
# name: Configure AWS Credentials
# uses: aws-actions/configure-aws-credentials@v1
# with:
# aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
# aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
# aws-region: ${{ secrets.AWS_REGION }}
# -
# name: Login to ECR
# uses: ./
# with:
# registry: ${{ secrets.AWS_ACCOUNT_NUMBER }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com
# -
# name: Clear
# if: always()
# run: |
# rm -f ${HOME}/.docker/config.json

@ -213,6 +213,34 @@ jobs:
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }} password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
``` ```
You can also use the [Configure AWS Credentials](https://github.com/aws-actions/configure-aws-credentials) action in
combination with this action:
```yaml
name: ci
on:
push:
branches: master
jobs:
login:
runs-on: ubuntu-latest
steps:
-
name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: <region>
-
name: Login to ECR
uses: docker/login-action@v1
with:
registry: <aws-account-number>.dkr.ecr.<region>.amazonaws.com
```
> Replace `<aws-account-number>` and `<region>` with their respective values. > Replace `<aws-account-number>` and `<region>` with their respective values.
## Customizing ## Customizing

@ -2,20 +2,7 @@ import osm = require('os');
import {getInputs} from '../src/context'; import {getInputs} from '../src/context';
test('without username getInputs throws errors', async () => { test('with password and username getInputs does not throw error', async () => {
expect(() => {
getInputs();
}).toThrowError('Input required and not supplied: username');
});
test('without password getInputs throws errors', async () => {
process.env['INPUT_USERNAME'] = 'dbowie';
expect(() => {
getInputs();
}).toThrowError('Input required and not supplied: password');
});
test('with password and username getInputs does not error', async () => {
process.env['INPUT_USERNAME'] = 'dbowie'; process.env['INPUT_USERNAME'] = 'dbowie';
process.env['INPUT_PASSWORD'] = 'groundcontrol'; process.env['INPUT_PASSWORD'] = 'groundcontrol';
expect(() => { expect(() => {

@ -17,7 +17,7 @@ test('errors when not run on linux platform', async () => {
expect(coreSpy).toHaveBeenCalledWith('Only supported on linux platform'); expect(coreSpy).toHaveBeenCalledWith('Only supported on linux platform');
}); });
test('errors without username', async () => { test('errors without username and password', async () => {
const platSpy = jest.spyOn(osm, 'platform'); const platSpy = jest.spyOn(osm, 'platform');
platSpy.mockImplementation(() => 'linux'); platSpy.mockImplementation(() => 'linux');
@ -25,21 +25,7 @@ test('errors without username', async () => {
await run(); await run();
expect(coreSpy).toHaveBeenCalledWith('Input required and not supplied: username'); expect(coreSpy).toHaveBeenCalledWith('Username and password required');
});
test('errors without password', async () => {
const platSpy = jest.spyOn(osm, 'platform');
platSpy.mockImplementation(() => 'linux');
const coreSpy: jest.SpyInstance = jest.spyOn(core, 'setFailed');
const username: string = 'dbowie';
process.env[`INPUT_USERNAME`] = username;
await run();
expect(coreSpy).toHaveBeenCalledWith('Input required and not supplied: password');
}); });
test('successful with username and password', async () => { test('successful with username and password', async () => {
@ -79,7 +65,7 @@ test('calls docker login', async () => {
const password: string = 'groundcontrol'; const password: string = 'groundcontrol';
process.env[`INPUT_PASSWORD`] = password; process.env[`INPUT_PASSWORD`] = password;
const registry: string = 'https://ghcr.io'; const registry: string = 'ghcr.io';
process.env[`INPUT_REGISTRY`] = registry; process.env[`INPUT_REGISTRY`] = registry;
const logout: string = 'true'; const logout: string = 'true';

@ -12,10 +12,10 @@ inputs:
required: false required: false
username: username:
description: 'Username used to log against the Docker registry' description: 'Username used to log against the Docker registry'
required: true required: false
password: password:
description: 'Password or personal access token used to log against the Docker registry' description: 'Password or personal access token used to log against the Docker registry'
required: true required: false
logout: logout:
description: 'Log out from the Docker registry at the end of a job' description: 'Log out from the Docker registry at the end of a job'
default: 'true' default: 'true'

15
dist/index.js generated vendored

@ -3062,10 +3062,11 @@ function logout(registry) {
exports.logout = logout; exports.logout = logout;
function loginStandard(registry, username, password) { function loginStandard(registry, username, password) {
return __awaiter(this, void 0, void 0, function* () { return __awaiter(this, void 0, void 0, function* () {
let loginArgs = ['login', '--password-stdin']; if (!username || !password) {
if (username) { throw new Error('Username and password required');
loginArgs.push('--username', username);
} }
let loginArgs = ['login', '--password-stdin'];
loginArgs.push('--username', username);
loginArgs.push(registry); loginArgs.push(registry);
if (registry) { if (registry) {
core.info(`🔑 Logging into ${registry}...`); core.info(`🔑 Logging into ${registry}...`);
@ -3088,8 +3089,8 @@ function loginECR(registry, username, password) {
const cliVersion = yield aws.getCLIVersion(); const cliVersion = yield aws.getCLIVersion();
const region = yield aws.getRegion(registry); const region = yield aws.getRegion(registry);
core.info(`💡 AWS ECR detected with ${region} region`); core.info(`💡 AWS ECR detected with ${region} region`);
process.env.AWS_ACCESS_KEY_ID = username; process.env.AWS_ACCESS_KEY_ID = username || process.env.AWS_ACCESS_KEY_ID;
process.env.AWS_SECRET_ACCESS_KEY = password; process.env.AWS_SECRET_ACCESS_KEY = password || process.env.AWS_SECRET_ACCESS_KEY;
core.info(`⬇️ Retrieving docker login command through AWS CLI ${cliVersion} (${cliPath})...`); core.info(`⬇️ Retrieving docker login command through AWS CLI ${cliVersion} (${cliPath})...`);
const loginCmd = yield aws.getDockerLoginCmd(cliVersion, registry, region); const loginCmd = yield aws.getDockerLoginCmd(cliVersion, registry, region);
core.info(`🔑 Logging into ${registry}...`); core.info(`🔑 Logging into ${registry}...`);
@ -3647,8 +3648,8 @@ const core = __importStar(__webpack_require__(186));
function getInputs() { function getInputs() {
return { return {
registry: core.getInput('registry'), registry: core.getInput('registry'),
username: core.getInput('username', { required: true }), username: core.getInput('username'),
password: core.getInput('password', { required: true }), password: core.getInput('password'),
logout: core.getInput('logout') logout: core.getInput('logout')
}; };
} }

@ -10,8 +10,8 @@ export interface Inputs {
export function getInputs(): Inputs { export function getInputs(): Inputs {
return { return {
registry: core.getInput('registry'), registry: core.getInput('registry'),
username: core.getInput('username', {required: true}), username: core.getInput('username'),
password: core.getInput('password', {required: true}), password: core.getInput('password'),
logout: core.getInput('logout') logout: core.getInput('logout')
}; };
} }

@ -19,10 +19,12 @@ export async function logout(registry: string): Promise<void> {
} }
export async function loginStandard(registry: string, username: string, password: string): Promise<void> { export async function loginStandard(registry: string, username: string, password: string): Promise<void> {
let loginArgs: Array<string> = ['login', '--password-stdin']; if (!username || !password) {
if (username) { throw new Error('Username and password required');
loginArgs.push('--username', username);
} }
let loginArgs: Array<string> = ['login', '--password-stdin'];
loginArgs.push('--username', username);
loginArgs.push(registry); loginArgs.push(registry);
if (registry) { if (registry) {
@ -44,8 +46,8 @@ export async function loginECR(registry: string, username: string, password: str
const region = await aws.getRegion(registry); const region = await aws.getRegion(registry);
core.info(`💡 AWS ECR detected with ${region} region`); core.info(`💡 AWS ECR detected with ${region} region`);
process.env.AWS_ACCESS_KEY_ID = username; process.env.AWS_ACCESS_KEY_ID = username || process.env.AWS_ACCESS_KEY_ID;
process.env.AWS_SECRET_ACCESS_KEY = password; process.env.AWS_SECRET_ACCESS_KEY = password || process.env.AWS_SECRET_ACCESS_KEY;
core.info(`⬇️ Retrieving docker login command through AWS CLI ${cliVersion} (${cliPath})...`); core.info(`⬇️ Retrieving docker login command through AWS CLI ${cliVersion} (${cliPath})...`);
const loginCmd = await aws.getDockerLoginCmd(cliVersion, registry, region); const loginCmd = await aws.getDockerLoginCmd(cliVersion, registry, region);