Text file src/github.com/google/go-containerregistry/.github/workflows/ecr-auth.yaml

Documentation: github.com/google/go-containerregistry/.github/workflows

     1name: ECR Authentication test
     2
     3on:
     4  pull_request_target:
     5    branches: [ 'main' ]
     6
     7permissions:
     8  # This lets us clone the repo
     9  contents: read
    10  # This lets us mint identity tokens.
    11  id-token: write
    12
    13jobs:
    14  krane:
    15    runs-on: ubuntu-latest
    16    env:
    17      AWS_ACCOUNT: 479305788615
    18      AWS_REGION: us-east-2
    19
    20    steps:
    21      - uses: actions/checkout@v3
    22      - uses: actions/setup-go@v4
    23        with:
    24          go-version: 1.19
    25          check-latest: true
    26
    27      - name: Install krane
    28        working-directory: ./cmd/krane
    29        run: go install .
    30
    31      - name: Configure AWS Credentials
    32        uses: aws-actions/configure-aws-credentials@v2.0.0
    33        with:
    34          role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT }}:role/federated-ecr-readonly
    35          aws-region: ${{ env.AWS_REGION }}
    36
    37      - name: Test krane + ECR
    38        run: |
    39          # List the tags
    40          krane ls ${{ env.AWS_ACCOUNT }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com/go-containerregistry-test
    41
    42      - name: Test krane auth get + ECR
    43        shell: bash
    44        run: |
    45          CRED1=$(krane auth get ${{ env.AWS_ACCOUNT }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com)
    46          CRED2=$(krane auth get ${{ env.AWS_ACCOUNT }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com)
    47          if [[ "$CRED1" == "" ]] ; then
    48            exit 1
    49          fi
    50          if [[ "$CRED1" == "$CRED2" ]] ; then
    51            echo "credentials are cached by infrastructure"
    52          fi
    53
    54  crane-ecr-login:
    55    runs-on: ubuntu-latest
    56    env:
    57      AWS_ACCOUNT: 479305788615
    58      AWS_REGION: us-east-2
    59
    60    steps:
    61      - uses: actions/checkout@v3
    62      - uses: actions/setup-go@v4
    63        with:
    64          go-version: 1.19
    65          check-latest: true
    66
    67      - name: Install crane
    68        working-directory: ./cmd/crane
    69        run: go install .
    70
    71      - name: Configure AWS Credentials
    72        uses: aws-actions/configure-aws-credentials@v2.0.0
    73        with:
    74          role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT }}:role/federated-ecr-readonly
    75          aws-region: ${{ env.AWS_REGION }}
    76
    77      - run: |
    78          wget https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.5.0/linux-amd64/docker-credential-ecr-login
    79          chmod +x ./docker-credential-ecr-login
    80          mv docker-credential-ecr-login /usr/local/bin
    81
    82          cat > $HOME/.docker/config.json <<EOF
    83          {
    84            "credHelpers": {
    85              "${{ env.AWS_ACCOUNT }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com": "ecr-login"
    86            }
    87          }
    88          EOF
    89
    90      - name: Test crane + ECR
    91        run: |
    92          # List the tags
    93          crane ls ${{ env.AWS_ACCOUNT }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com/go-containerregistry-test

View as plain text