Skip to content

Commit

Permalink
feat: adds support to load docker image from tar (#1)
Browse files Browse the repository at this point in the history 
* add tar image support

* update user to argonautdev

* add tag to last image

* fix: syntax error

* fix: run main

* fix: trigger correct function

* echo docker_image_path

* fix: missing input flag

* copy docker image to docker instance

* copy tmp folder

* test:  ls all dirs

* show tags and last image id

* rm: let docker build action manage tags

* refactor: remove unused code

* docs: update readme

* change to argonautdev

* docs: pass docker image as tar example
  • Loading branch information
@PrashantRaj18198
PrashantRaj18198 authored Nov 24, 2021
1 parent 2c61e60 commit 77b30d7
Show file tree
Hide file tree
Showing 4 changed files with 116 additions and 47 deletions.
8 changes: 5 additions & 3 deletions .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,9 @@ jobs:
GCR_TOKEN: ${{ secrets.GCR_TOKEN }}

- name: build and push latest docker image to GCR
env:
USER: "argonautdev"
run: |
docker pull ghcr.io/kciter/aws-ecr-action:latest
docker build . --tag ghcr.io/kciter/aws-ecr-action:$GITHUB_SHA --cache-from ghcr.io/kciter/aws-ecr-action:latest
docker push ghcr.io/kciter/aws-ecr-action:$GITHUB_SHA
docker pull ghcr.io/$USER/aws-ecr-action:latest
docker build . --tag ghcr.io/$USER/aws-ecr-action:$GITHUB_SHA --cache-from ghcr.io/$USER/aws-ecr-action:latest
docker push ghcr.io/$USER/aws-ecr-action:$GITHUB_SHA
123 changes: 87 additions & 36 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,56 +3,107 @@
This Action allows you to create Docker images and push into a ECR repository.

## Parameters
| Parameter | Type | Default | Description |
|-----------|------|---------|-------------|
| `access_key_id` | `string` | | Your AWS access key id |
| `secret_access_key` | `string` | | Your AWS secret access key |
| `account_id` | `string` | | Your AWS Account ID |
| `repo` | `string` | | Name of your ECR repository |
| `region` | `string` | | Your AWS region |
| `create_repo` | `boolean` | `false` | Set this to true to create the repository if it does not already exist |
| `set_repo_policy` | `boolean` | `false` | Set this to true to set a IAM policy on the repository |
| `repo_policy_file` | `string` | `repo-policy.json` | Set this to repository policy statement json file. only used if the set_repo_policy is set to true |
| `image_scanning_configuration` | `boolean` | `false` | Set this to True if you want AWS to scan your images for vulnerabilities |
| `tags` | `string` | `latest` | Comma-separated string of ECR image tags (ex latest,1.0.0,) |
| `dockerfile` | `string` | `Dockerfile` | Name of Dockerfile to use |
| `extra_build_args` | `string` | `""` | Extra flags to pass to docker build (see docs.docker.com/engine/reference/commandline/build) |
| `cache_from` | `string` | `""` | Images to use as cache for the docker build (see `--cache-from` argument docs.docker.com/engine/reference/commandline/build) |
| `path` | `string` | `.` | Path to Dockerfile, defaults to the working directory |
| `prebuild_script` | `string` | | Relative path from top-level to script to run before Docker build |
| `registry_ids` | `string` | | : A comma-delimited list of AWS account IDs that are associated with the ECR registries. If you do not specify a registry, the default ECR registry is assumed |

| Parameter | Type | Default | Description |
| ------------------------------ | --------- | ------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `access_key_id` | `string` | | Your AWS access key id |
| `secret_access_key` | `string` | | Your AWS secret access key |
| `account_id` | `string` | | Your AWS Account ID |
| `repo` | `string` | | Name of your ECR repository |
| `region` | `string` | | Your AWS region |
| `create_repo` | `boolean` | `false` | Set this to true to create the repository if it does not already exist |
| `set_repo_policy` | `boolean` | `false` | Set this to true to set a IAM policy on the repository |
| `repo_policy_file` | `string` | `repo-policy.json` | Set this to repository policy statement json file. only used if the set_repo_policy is set to true |
| `image_scanning_configuration` | `boolean` | `false` | Set this to True if you want AWS to scan your images for vulnerabilities |
| `tags` | `string` | `latest` | Comma-separated string of ECR image tags (ex latest,1.0.0,) |
| `dockerfile` | `string` | `Dockerfile` | Name of Dockerfile to use |
| `docker_image_path` | `string` | `` | Path to the docker image if build at as a seperate step. If this path is provided docker build is skipped and passed image is uploaded. The tags must be associated with the image built. |
| `extra_build_args` | `string` | `""` | Extra flags to pass to docker build (see docs.docker.com/engine/reference/commandline/build) |
| `cache_from` | `string` | `""` | Images to use as cache for the docker build (see `--cache-from` argument docs.docker.com/engine/reference/commandline/build) |
| `path` | `string` | `.` | Path to Dockerfile, defaults to the working directory |
| `prebuild_script` | `string` | | Relative path from top-level to script to run before Docker build |
| `registry_ids` | `string` | | : A comma-delimited list of AWS account IDs that are associated with the ECR registries. If you do not specify a registry, the default ECR registry is assumed |

## Usage

### Build the docker image

```yaml
jobs:
build-and-push:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: docker://ghcr.io/kciter/aws-ecr-action:latest
with:
access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
account_id: ${{ secrets.AWS_ACCOUNT_ID }}
repo: docker/repo
region: ap-northeast-2
tags: latest,${{ github.sha }}
create_repo: true
image_scanning_configuration: true
set_repo_policy: true
repo_policy_file: repo-policy.json
- uses: actions/checkout@v2
- uses: docker://ghcr.io/argonautdev/aws-ecr-action:latest
with:
access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
account_id: ${{ secrets.AWS_ACCOUNT_ID }}
repo: docker/repo
region: ap-northeast-2
tags: latest,${{ github.sha }}
create_repo: true
image_scanning_configuration: true
set_repo_policy: true
repo_policy_file: repo-policy.json
```
### Pass the specified docker image
```yaml
jobs:
build-and-push:
runs-on: ubuntu-latest
steps:
- name: Get Short SHA
id: get_sha
run: echo ::set-output name=SHA_SHORT::$(git rev-parse --short HEAD)
- name: Build Image
uses: docker/build-push-action@v2
id: build
with:
context: .
file: ./Dockerfile
push: false
tags: ${{ secrets. AWS_ACCOUNT_ID }}.dkr.ecr.us-east-2.amazonaws.com/docker/repo:${{ steps.get_sha.outputs.SHA_SHORT }}
outputs: type=docker,dest=/tmp/image.tar
- name: Upload artifact
uses: actions/upload-artifact@v2
with:
name: image
path: /tmp/image.tar

- name: Download artifact
uses: actions/download-artifact@v2
with:
name: image
path: ./tmp

- name: Push to ecr
uses: argonautdev/aws-ecr-action@pr-tar-image-support
id: push_to_ecr
with:
access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
account_id: ${{ secrets.AWS_ACCOUNT_ID }}
repo: docker/repo
region: us-east-2
tags: ${{ steps.get_sha.outputs.SHA_SHORT }}
create_repo: true
image_scanning_configuration: true
docker_image_path: ./tmp/image.tar
```
If you don't want to use the latest docker image, you can point to any reference in the repo directly.
```yaml
- uses: kciter/aws-ecr-action@master
# or
- uses: kciter/aws-ecr-action@v3
# or
- uses: kciter/aws-ecr-action@0589ad88c51a1b08fd910361ca847ee2cb708a30
- uses: argonautdev/aws-ecr-action@master
# or
- uses: argonautdev/aws-ecr-action@v1
# or
- uses: argonautdev/aws-ecr-action@0589ad88c51a1b08fd910361ca847ee2cb708a30
```
## License
The MIT License (MIT)
14 changes: 9 additions & 5 deletions action.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,11 +17,11 @@ inputs:
registry_ids:
description: A comma-delimited list of AWS account IDs that are associated with the ECR registries. If you do not specify a registry, the default ECR registry is assumed
required: false
default: ''
default: ""
assume_role:
description: A role to assume under the account_id account.
required: false
default: ''
default: ""
repo:
description: Name of your ECR repository
required: true
Expand All @@ -46,12 +46,16 @@ inputs:
dockerfile:
description: Name of Dockerfile to use
default: Dockerfile
docker_image_path:
description: Path to the docker image if build at as a seperate step. If this path is provided docker build is skipped and passed image is uploaded.
required: false
default: "/tmp"
extra_build_args:
description: Extra flags to pass to docker build (see docs.docker.com/engine/reference/commandline/build)
default: ''
default: ""
cache_from:
description: Images to use as cache for the docker build (see `--cache-from` argument docs.docker.com/engine/reference/commandline/build)
default: ''
default: ""
path:
description: Path to Dockerfile, defaults to the working directory
default: .
Expand All @@ -60,7 +64,7 @@ inputs:
required: false
outputs:
image:
description: 'The created image name'
description: "The created image name"
runs:
using: docker
image: Dockerfile
18 changes: 15 additions & 3 deletions entrypoint.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,14 @@ function main() {
aws_configure
assume_role
login
run_pre_build_script $INPUT_PREBUILD_SCRIPT
docker_build $INPUT_TAGS $ACCOUNT_URL
if [ "$INPUT_DOCKER_IMAGE_PATH" == "/tmp" ]; then
run_pre_build_script $INPUT_PREBUILD_SCRIPT
docker_build $INPUT_TAGS $ACCOUNT_URL
elif [ "$INPUT_DOCKER_IMAGE_PATH" != "/tmp" ]; then
echo "image path $INPUT_DOCKER_IMAGE_PATH"
docker_load_from_tar $INPUT_TAGS $ACCOUNT_URL $INPUT_DOCKER_IMAGE_PATH
fi

create_ecr_repo $INPUT_CREATE_REPO
set_ecr_repo_policy $INPUT_SET_REPO_POLICY
put_image_scanning_configuration $INPUT_IMAGE_SCANNING_CONFIGURATION
Expand Down Expand Up @@ -145,6 +151,12 @@ function docker_build() {
echo "== FINISHED DOCKERIZE"
}

function docker_load_from_tar() {
echo "== START DOCKER LOAD FROM TAR"
docker load --input $3
echo "== FINISHED DOCKER LOAD FROM TAR"
}

function docker_push_to_ecr() {
echo "== START PUSH TO ECR"
local TAG=$1
Expand All @@ -156,4 +168,4 @@ function docker_push_to_ecr() {
echo "== FINISHED PUSH TO ECR"
}

main
main

0 comments on commit 77b30d7

Please sign in to comment.