abronin / ecr-retag-action Goto Github PK
View Code? Open in Web Editor NEW:octocat: GitHub Action to retag existing Docker image in AWS ECR
License: MIT License
:octocat: GitHub Action to retag existing Docker image in AWS ECR
License: MIT License
I have build a workflow that supports the tagging of many images within my organisation. (Using this workflow) I would find it useful to have a continue on error if the image I am trying to retag does not exist.
I have tried this but it does not work
- name: Tag web
uses: abronin/ecr-retag-action@v1
continue-on-error: ${{ inputs.continue-on-error }}
with:
aws-account-id: ${{ steps.config-aws-creds.outputs.aws-account-id }}
aws-region: ${{ inputs.aws-region }}
repository: ###
tag: ${{ inputs.tag_to_identify_containers }}
new-tags: ${{ inputs.new_tag_to_apply_to_containers }}
I initially followed the readme and used @v1 however because there is an old tag with that name it doesn't do the usual semantic versioning thing of downloading the latest i.e. v1.5.0. Maybe deleting the old tag would help this problem?
As GitHub is dropping support for Node 16, it would be great to see this updated to Node 20.
https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/
Thanks for a really useful piece of code ๐
Hi, first of all, thanks for sharing.
I was trying your action, and my use case is the following: I'm using a multi-account setup, where I have my ECR repositories in a shared-services account, and access them from environment accounts (Dev, Staging, Prod). To grant access beside the IAM Role on the environment account, I'm using a Resource Policy on ECR to allow access from the other accounts on the same AWS Organization.
I have other workflows running with this setup, but if I want to re-tag an image I was doing a push. Since you mentioned it's not necessary I wanted to try your action.
This is how I'm using your action:
- name: Adding environment tag
uses: abronin/ecr-retag-action@v1
with:
repository: ${{ secrets.SHARED_AWS_ECR_DOMAIN }}/${{ env.ECR_REPOSITORY }}
tag: ${{ github.event.inputs.imageTag }}
new-tags: ${{ env.ENVIRONMENT }}
Where:
repository: 111111111111.dkr.ecr.us-east-1.amazonaws.com/myRepositoryName
tag: v0.11.6
new-tags: staging
Assume the account id of my shared ECR is 111111111111 and the account id where I'm logging in with aws-actions/configure-aws-credentials@v1 is 222222222222.
The error I'm getting is:
User: arn:aws:sts::222222222222:assumed-role/***/deploy-application-staging is not authorized to perform: ecr:BatchGetImage on resource: arn:aws:ecr:us-east-1:222222222222:repository/***/application because no identity-based policy allows the ecr:BatchGetImage action
Which tells me that the action is trying to use the repository on the account 222222222222 instead of doing it in the 111111111111, as I specified on the repository parameter.
Let me know if you plan to support this use case.
Thanks!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.