From 77b30d7f29d07c2fd26c986c6427fbd08fcfe8d0 Mon Sep 17 00:00:00 2001 From: PrashantRaj18198 Date: Wed, 24 Nov 2021 17:43:13 +0530 Subject: [PATCH] feat: adds support to load docker image from tar (#1) * add tar image support * update user to argonautdev * add tag to last image * fix: syntax error * fix: run main * fix: trigger correct function * echo docker_image_path * fix: missing input flag * copy docker image to docker instance * copy tmp folder * test: ls all dirs * show tags and last image id * rm: let docker build action manage tags * refactor: remove unused code * docs: update readme * change to argonautdev * docs: pass docker image as tar example --- .github/workflows/release.yml | 8 ++- README.md | 123 ++++++++++++++++++++++++---------- action.yml | 14 ++-- entrypoint.sh | 18 ++++- 4 files changed, 116 insertions(+), 47 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7748c9e..4ec9e30 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -19,7 +19,9 @@ jobs: GCR_TOKEN: ${{ secrets.GCR_TOKEN }} - name: build and push latest docker image to GCR + env: + USER: "argonautdev" run: | - docker pull ghcr.io/kciter/aws-ecr-action:latest - docker build . --tag ghcr.io/kciter/aws-ecr-action:$GITHUB_SHA --cache-from ghcr.io/kciter/aws-ecr-action:latest - docker push ghcr.io/kciter/aws-ecr-action:$GITHUB_SHA + docker pull ghcr.io/$USER/aws-ecr-action:latest + docker build . --tag ghcr.io/$USER/aws-ecr-action:$GITHUB_SHA --cache-from ghcr.io/$USER/aws-ecr-action:latest + docker push ghcr.io/$USER/aws-ecr-action:$GITHUB_SHA diff --git a/README.md b/README.md index b1c8e27..adda655 100644 --- a/README.md +++ b/README.md @@ -3,56 +3,107 @@ This Action allows you to create Docker images and push into a ECR repository. ## Parameters -| Parameter | Type | Default | Description | -|-----------|------|---------|-------------| -| `access_key_id` | `string` | | Your AWS access key id | -| `secret_access_key` | `string` | | Your AWS secret access key | -| `account_id` | `string` | | Your AWS Account ID | -| `repo` | `string` | | Name of your ECR repository | -| `region` | `string` | | Your AWS region | -| `create_repo` | `boolean` | `false` | Set this to true to create the repository if it does not already exist | -| `set_repo_policy` | `boolean` | `false` | Set this to true to set a IAM policy on the repository | -| `repo_policy_file` | `string` | `repo-policy.json` | Set this to repository policy statement json file. only used if the set_repo_policy is set to true | -| `image_scanning_configuration` | `boolean` | `false` | Set this to True if you want AWS to scan your images for vulnerabilities | -| `tags` | `string` | `latest` | Comma-separated string of ECR image tags (ex latest,1.0.0,) | -| `dockerfile` | `string` | `Dockerfile` | Name of Dockerfile to use | -| `extra_build_args` | `string` | `""` | Extra flags to pass to docker build (see docs.docker.com/engine/reference/commandline/build) | -| `cache_from` | `string` | `""` | Images to use as cache for the docker build (see `--cache-from` argument docs.docker.com/engine/reference/commandline/build) | -| `path` | `string` | `.` | Path to Dockerfile, defaults to the working directory | -| `prebuild_script` | `string` | | Relative path from top-level to script to run before Docker build | -| `registry_ids` | `string` | | : A comma-delimited list of AWS account IDs that are associated with the ECR registries. If you do not specify a registry, the default ECR registry is assumed | + +| Parameter | Type | Default | Description | +| ------------------------------ | --------- | ------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `access_key_id` | `string` | | Your AWS access key id | +| `secret_access_key` | `string` | | Your AWS secret access key | +| `account_id` | `string` | | Your AWS Account ID | +| `repo` | `string` | | Name of your ECR repository | +| `region` | `string` | | Your AWS region | +| `create_repo` | `boolean` | `false` | Set this to true to create the repository if it does not already exist | +| `set_repo_policy` | `boolean` | `false` | Set this to true to set a IAM policy on the repository | +| `repo_policy_file` | `string` | `repo-policy.json` | Set this to repository policy statement json file. only used if the set_repo_policy is set to true | +| `image_scanning_configuration` | `boolean` | `false` | Set this to True if you want AWS to scan your images for vulnerabilities | +| `tags` | `string` | `latest` | Comma-separated string of ECR image tags (ex latest,1.0.0,) | +| `dockerfile` | `string` | `Dockerfile` | Name of Dockerfile to use | +| `docker_image_path` | `string` | `` | Path to the docker image if build at as a seperate step. If this path is provided docker build is skipped and passed image is uploaded. The tags must be associated with the image built. | +| `extra_build_args` | `string` | `""` | Extra flags to pass to docker build (see docs.docker.com/engine/reference/commandline/build) | +| `cache_from` | `string` | `""` | Images to use as cache for the docker build (see `--cache-from` argument docs.docker.com/engine/reference/commandline/build) | +| `path` | `string` | `.` | Path to Dockerfile, defaults to the working directory | +| `prebuild_script` | `string` | | Relative path from top-level to script to run before Docker build | +| `registry_ids` | `string` | | : A comma-delimited list of AWS account IDs that are associated with the ECR registries. If you do not specify a registry, the default ECR registry is assumed | ## Usage +### Build the docker image + ```yaml jobs: build-and-push: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - uses: docker://ghcr.io/kciter/aws-ecr-action:latest - with: - access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} - secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - account_id: ${{ secrets.AWS_ACCOUNT_ID }} - repo: docker/repo - region: ap-northeast-2 - tags: latest,${{ github.sha }} - create_repo: true - image_scanning_configuration: true - set_repo_policy: true - repo_policy_file: repo-policy.json + - uses: actions/checkout@v2 + - uses: docker://ghcr.io/argonautdev/aws-ecr-action:latest + with: + access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} + secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + account_id: ${{ secrets.AWS_ACCOUNT_ID }} + repo: docker/repo + region: ap-northeast-2 + tags: latest,${{ github.sha }} + create_repo: true + image_scanning_configuration: true + set_repo_policy: true + repo_policy_file: repo-policy.json +``` + +### Pass the specified docker image + +```yaml +jobs: + build-and-push: + runs-on: ubuntu-latest + steps: + - name: Get Short SHA + id: get_sha + run: echo ::set-output name=SHA_SHORT::$(git rev-parse --short HEAD) + - name: Build Image + uses: docker/build-push-action@v2 + id: build + with: + context: . + file: ./Dockerfile + push: false + tags: ${{ secrets. AWS_ACCOUNT_ID }}.dkr.ecr.us-east-2.amazonaws.com/docker/repo:${{ steps.get_sha.outputs.SHA_SHORT }} + outputs: type=docker,dest=/tmp/image.tar + - name: Upload artifact + uses: actions/upload-artifact@v2 + with: + name: image + path: /tmp/image.tar + + - name: Download artifact + uses: actions/download-artifact@v2 + with: + name: image + path: ./tmp + + - name: Push to ecr + uses: argonautdev/aws-ecr-action@pr-tar-image-support + id: push_to_ecr + with: + access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} + secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + account_id: ${{ secrets.AWS_ACCOUNT_ID }} + repo: docker/repo + region: us-east-2 + tags: ${{ steps.get_sha.outputs.SHA_SHORT }} + create_repo: true + image_scanning_configuration: true + docker_image_path: ./tmp/image.tar ``` If you don't want to use the latest docker image, you can point to any reference in the repo directly. ```yaml - - uses: kciter/aws-ecr-action@master - # or - - uses: kciter/aws-ecr-action@v3 - # or - - uses: kciter/aws-ecr-action@0589ad88c51a1b08fd910361ca847ee2cb708a30 +- uses: argonautdev/aws-ecr-action@master +# or +- uses: argonautdev/aws-ecr-action@v1 +# or +- uses: argonautdev/aws-ecr-action@0589ad88c51a1b08fd910361ca847ee2cb708a30 ``` ## License + The MIT License (MIT) diff --git a/action.yml b/action.yml index f0afc3c..51dcc98 100644 --- a/action.yml +++ b/action.yml @@ -17,11 +17,11 @@ inputs: registry_ids: description: A comma-delimited list of AWS account IDs that are associated with the ECR registries. If you do not specify a registry, the default ECR registry is assumed required: false - default: '' + default: "" assume_role: description: A role to assume under the account_id account. required: false - default: '' + default: "" repo: description: Name of your ECR repository required: true @@ -46,12 +46,16 @@ inputs: dockerfile: description: Name of Dockerfile to use default: Dockerfile + docker_image_path: + description: Path to the docker image if build at as a seperate step. If this path is provided docker build is skipped and passed image is uploaded. + required: false + default: "/tmp" extra_build_args: description: Extra flags to pass to docker build (see docs.docker.com/engine/reference/commandline/build) - default: '' + default: "" cache_from: description: Images to use as cache for the docker build (see `--cache-from` argument docs.docker.com/engine/reference/commandline/build) - default: '' + default: "" path: description: Path to Dockerfile, defaults to the working directory default: . @@ -60,7 +64,7 @@ inputs: required: false outputs: image: - description: 'The created image name' + description: "The created image name" runs: using: docker image: Dockerfile diff --git a/entrypoint.sh b/entrypoint.sh index 4f21f2e..e43b763 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -21,8 +21,14 @@ function main() { aws_configure assume_role login - run_pre_build_script $INPUT_PREBUILD_SCRIPT - docker_build $INPUT_TAGS $ACCOUNT_URL + if [ "$INPUT_DOCKER_IMAGE_PATH" == "/tmp" ]; then + run_pre_build_script $INPUT_PREBUILD_SCRIPT + docker_build $INPUT_TAGS $ACCOUNT_URL + elif [ "$INPUT_DOCKER_IMAGE_PATH" != "/tmp" ]; then + echo "image path $INPUT_DOCKER_IMAGE_PATH" + docker_load_from_tar $INPUT_TAGS $ACCOUNT_URL $INPUT_DOCKER_IMAGE_PATH + fi + create_ecr_repo $INPUT_CREATE_REPO set_ecr_repo_policy $INPUT_SET_REPO_POLICY put_image_scanning_configuration $INPUT_IMAGE_SCANNING_CONFIGURATION @@ -145,6 +151,12 @@ function docker_build() { echo "== FINISHED DOCKERIZE" } +function docker_load_from_tar() { + echo "== START DOCKER LOAD FROM TAR" + docker load --input $3 + echo "== FINISHED DOCKER LOAD FROM TAR" +} + function docker_push_to_ecr() { echo "== START PUSH TO ECR" local TAG=$1 @@ -156,4 +168,4 @@ function docker_push_to_ecr() { echo "== FINISHED PUSH TO ECR" } -main +main \ No newline at end of file