mirror of
https://github.com/docker/login-action.git
synced 2024-11-15 13:23:50 +08:00
Handle AWS credentials
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
This commit is contained in:
parent
39ef12fb7a
commit
5df5104555
BIN
.github/docker-login.png
vendored
BIN
.github/docker-login.png
vendored
Binary file not shown.
Before Width: | Height: | Size: 5.0 KiB After Width: | Height: | Size: 5.0 KiB |
31
.github/workflows/ci.yml
vendored
31
.github/workflows/ci.yml
vendored
@ -117,3 +117,34 @@ jobs:
|
||||
# if: always()
|
||||
# run: |
|
||||
# rm -f ${HOME}/.docker/config.json
|
||||
#
|
||||
# ecr-aws-creds:
|
||||
# runs-on: ${{ matrix.os }}
|
||||
# strategy:
|
||||
# fail-fast: false
|
||||
# matrix:
|
||||
# os:
|
||||
# - ubuntu-20.04
|
||||
# - ubuntu-18.04
|
||||
# - ubuntu-16.04
|
||||
# steps:
|
||||
# -
|
||||
# name: Checkout
|
||||
# uses: actions/checkout@v2.3.1
|
||||
# -
|
||||
# name: Configure AWS Credentials
|
||||
# uses: aws-actions/configure-aws-credentials@v1
|
||||
# with:
|
||||
# aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
||||
# aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
||||
# aws-region: ${{ secrets.AWS_REGION }}
|
||||
# -
|
||||
# name: Login to ECR
|
||||
# uses: ./
|
||||
# with:
|
||||
# registry: ${{ secrets.AWS_ACCOUNT_NUMBER }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com
|
||||
# -
|
||||
# name: Clear
|
||||
# if: always()
|
||||
# run: |
|
||||
# rm -f ${HOME}/.docker/config.json
|
||||
|
28
README.md
28
README.md
@ -213,6 +213,34 @@ jobs:
|
||||
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
||||
```
|
||||
|
||||
You can also use the [Configure AWS Credentials](https://github.com/aws-actions/configure-aws-credentials) action in
|
||||
combination with this action:
|
||||
|
||||
```yaml
|
||||
name: ci
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: master
|
||||
|
||||
jobs:
|
||||
login:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
-
|
||||
name: Configure AWS Credentials
|
||||
uses: aws-actions/configure-aws-credentials@v1
|
||||
with:
|
||||
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
||||
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
||||
aws-region: <region>
|
||||
-
|
||||
name: Login to ECR
|
||||
uses: docker/login-action@v1
|
||||
with:
|
||||
registry: <aws-account-number>.dkr.ecr.<region>.amazonaws.com
|
||||
```
|
||||
|
||||
> Replace `<aws-account-number>` and `<region>` with their respective values.
|
||||
|
||||
## Customizing
|
||||
|
@ -2,20 +2,7 @@ import osm = require('os');
|
||||
|
||||
import {getInputs} from '../src/context';
|
||||
|
||||
test('without username getInputs throws errors', async () => {
|
||||
expect(() => {
|
||||
getInputs();
|
||||
}).toThrowError('Input required and not supplied: username');
|
||||
});
|
||||
|
||||
test('without password getInputs throws errors', async () => {
|
||||
process.env['INPUT_USERNAME'] = 'dbowie';
|
||||
expect(() => {
|
||||
getInputs();
|
||||
}).toThrowError('Input required and not supplied: password');
|
||||
});
|
||||
|
||||
test('with password and username getInputs does not error', async () => {
|
||||
test('with password and username getInputs does not throw error', async () => {
|
||||
process.env['INPUT_USERNAME'] = 'dbowie';
|
||||
process.env['INPUT_PASSWORD'] = 'groundcontrol';
|
||||
expect(() => {
|
||||
|
@ -17,7 +17,7 @@ test('errors when not run on linux platform', async () => {
|
||||
expect(coreSpy).toHaveBeenCalledWith('Only supported on linux platform');
|
||||
});
|
||||
|
||||
test('errors without username', async () => {
|
||||
test('errors without username and password', async () => {
|
||||
const platSpy = jest.spyOn(osm, 'platform');
|
||||
platSpy.mockImplementation(() => 'linux');
|
||||
|
||||
@ -25,21 +25,7 @@ test('errors without username', async () => {
|
||||
|
||||
await run();
|
||||
|
||||
expect(coreSpy).toHaveBeenCalledWith('Input required and not supplied: username');
|
||||
});
|
||||
|
||||
test('errors without password', async () => {
|
||||
const platSpy = jest.spyOn(osm, 'platform');
|
||||
platSpy.mockImplementation(() => 'linux');
|
||||
|
||||
const coreSpy: jest.SpyInstance = jest.spyOn(core, 'setFailed');
|
||||
|
||||
const username: string = 'dbowie';
|
||||
process.env[`INPUT_USERNAME`] = username;
|
||||
|
||||
await run();
|
||||
|
||||
expect(coreSpy).toHaveBeenCalledWith('Input required and not supplied: password');
|
||||
expect(coreSpy).toHaveBeenCalledWith('Username and password required');
|
||||
});
|
||||
|
||||
test('successful with username and password', async () => {
|
||||
@ -79,7 +65,7 @@ test('calls docker login', async () => {
|
||||
const password: string = 'groundcontrol';
|
||||
process.env[`INPUT_PASSWORD`] = password;
|
||||
|
||||
const registry: string = 'https://ghcr.io';
|
||||
const registry: string = 'ghcr.io';
|
||||
process.env[`INPUT_REGISTRY`] = registry;
|
||||
|
||||
const logout: string = 'true';
|
||||
|
@ -12,10 +12,10 @@ inputs:
|
||||
required: false
|
||||
username:
|
||||
description: 'Username used to log against the Docker registry'
|
||||
required: true
|
||||
required: false
|
||||
password:
|
||||
description: 'Password or personal access token used to log against the Docker registry'
|
||||
required: true
|
||||
required: false
|
||||
logout:
|
||||
description: 'Log out from the Docker registry at the end of a job'
|
||||
default: 'true'
|
||||
|
15
dist/index.js
generated
vendored
15
dist/index.js
generated
vendored
@ -3062,10 +3062,11 @@ function logout(registry) {
|
||||
exports.logout = logout;
|
||||
function loginStandard(registry, username, password) {
|
||||
return __awaiter(this, void 0, void 0, function* () {
|
||||
let loginArgs = ['login', '--password-stdin'];
|
||||
if (username) {
|
||||
loginArgs.push('--username', username);
|
||||
if (!username || !password) {
|
||||
throw new Error('Username and password required');
|
||||
}
|
||||
let loginArgs = ['login', '--password-stdin'];
|
||||
loginArgs.push('--username', username);
|
||||
loginArgs.push(registry);
|
||||
if (registry) {
|
||||
core.info(`🔑 Logging into ${registry}...`);
|
||||
@ -3088,8 +3089,8 @@ function loginECR(registry, username, password) {
|
||||
const cliVersion = yield aws.getCLIVersion();
|
||||
const region = yield aws.getRegion(registry);
|
||||
core.info(`💡 AWS ECR detected with ${region} region`);
|
||||
process.env.AWS_ACCESS_KEY_ID = username;
|
||||
process.env.AWS_SECRET_ACCESS_KEY = password;
|
||||
process.env.AWS_ACCESS_KEY_ID = username || process.env.AWS_ACCESS_KEY_ID;
|
||||
process.env.AWS_SECRET_ACCESS_KEY = password || process.env.AWS_SECRET_ACCESS_KEY;
|
||||
core.info(`⬇️ Retrieving docker login command through AWS CLI ${cliVersion} (${cliPath})...`);
|
||||
const loginCmd = yield aws.getDockerLoginCmd(cliVersion, registry, region);
|
||||
core.info(`🔑 Logging into ${registry}...`);
|
||||
@ -3647,8 +3648,8 @@ const core = __importStar(__webpack_require__(186));
|
||||
function getInputs() {
|
||||
return {
|
||||
registry: core.getInput('registry'),
|
||||
username: core.getInput('username', { required: true }),
|
||||
password: core.getInput('password', { required: true }),
|
||||
username: core.getInput('username'),
|
||||
password: core.getInput('password'),
|
||||
logout: core.getInput('logout')
|
||||
};
|
||||
}
|
||||
|
@ -10,8 +10,8 @@ export interface Inputs {
|
||||
export function getInputs(): Inputs {
|
||||
return {
|
||||
registry: core.getInput('registry'),
|
||||
username: core.getInput('username', {required: true}),
|
||||
password: core.getInput('password', {required: true}),
|
||||
username: core.getInput('username'),
|
||||
password: core.getInput('password'),
|
||||
logout: core.getInput('logout')
|
||||
};
|
||||
}
|
||||
|
@ -19,10 +19,12 @@ export async function logout(registry: string): Promise<void> {
|
||||
}
|
||||
|
||||
export async function loginStandard(registry: string, username: string, password: string): Promise<void> {
|
||||
let loginArgs: Array<string> = ['login', '--password-stdin'];
|
||||
if (username) {
|
||||
loginArgs.push('--username', username);
|
||||
if (!username || !password) {
|
||||
throw new Error('Username and password required');
|
||||
}
|
||||
|
||||
let loginArgs: Array<string> = ['login', '--password-stdin'];
|
||||
loginArgs.push('--username', username);
|
||||
loginArgs.push(registry);
|
||||
|
||||
if (registry) {
|
||||
@ -44,8 +46,8 @@ export async function loginECR(registry: string, username: string, password: str
|
||||
const region = await aws.getRegion(registry);
|
||||
core.info(`💡 AWS ECR detected with ${region} region`);
|
||||
|
||||
process.env.AWS_ACCESS_KEY_ID = username;
|
||||
process.env.AWS_SECRET_ACCESS_KEY = password;
|
||||
process.env.AWS_ACCESS_KEY_ID = username || process.env.AWS_ACCESS_KEY_ID;
|
||||
process.env.AWS_SECRET_ACCESS_KEY = password || process.env.AWS_SECRET_ACCESS_KEY;
|
||||
|
||||
core.info(`⬇️ Retrieving docker login command through AWS CLI ${cliVersion} (${cliPath})...`);
|
||||
const loginCmd = await aws.getDockerLoginCmd(cliVersion, registry, region);
|
||||
|
Loading…
Reference in New Issue
Block a user