Awesome
🚀 Docker ECR for GitHub Actions
GitHub Action for uploading Docker Image to Amazon Elastic Container Registry (ECR).
What is ECR
Amazon Elastic Container Registry (ECR) is a fully-managed Docker container registry that makes it easy for developers to store, manage, and deploy Docker container images. Amazon ECR is integrated with Amazon Elastic Container Service (ECS), simplifying your development to production workflow. Amazon ECR eliminates the need to operate your own container repositories or worry about scaling the underlying infrastructure. Amazon ECR hosts your images in a highly available and scalable architecture, allowing you to reliably deploy containers for your applications. Integration with AWS Identity and Access Management (IAM) provides resource-level control of each repository. With Amazon ECR, there are no upfront fees or commitments. You pay only for the amount of data you store in your repositories and data transferred to the Internet. See the more detail information.
Permissions
The following minimum permissions are required for loggin, pushing and pulling images in an ECR repository:
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"AllowPush",
"Effect":"Allow",
"Action":[
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"ecr:BatchCheckLayerAvailability",
"ecr:PutImage",
"ecr:InitiateLayerUpload",
"ecr:UploadLayerPart",
"ecr:CompleteLayerUpload"
],
"Resource":"arn:aws:ecr:us-east-1:123456789012:repository/my-repo"
},
{
"Sid":"GetAuthorizationToken",
"Effect":"Allow",
"Action":[
"ecr:GetAuthorizationToken"
],
"Resource":"*"
}
]
}
Usage
Upload docker image to Amazon Elastic Container Registry (ECR)
- name: upload image to ECR
uses: appleboy/docker-ecr-action@master
with:
access_key: ${{ secrets.aws_access_key_id }}
secret_key: ${{ secrets.aws_secret_access_key }}
registry: ${{ secrets.registry }}
cache_from: ${{ secrets.cache }}
repo: api-sample
region: ap-northeast-1
auto_tag: true
daemon_off: false
dockerfile: example/Dockerfile
context: example
Input variables
- access_key - amazon access key
- secret_key - amazon secret access key
- registry - amazone docker registry url
- region - amazon region, defaults to us-east-1
- repo - repository name for the image
- lifecycle_policy - filename of ecr lifecycle json policy
- repository_policy - filename of ecr repository json policy
- tags - repository tag for the image, defaults to latest
- dockerfile - dockerfile to be used, defaults to Dockerfile
- auth - auth token for the registry
- context - the context path to use, defaults to root of the git repo
- force_tag - replace existing matched image tags
- insecure - enable insecure communication to this registry
- mirror - use a mirror registry instead of pulling images directly from the central Hub
- bip - use for pass bridge ip
- custom_dns - set custom dns servers for the container
- storage_driver - supports aufs, overlay or vfs drivers
- build_args - custom arguments passed to docker build
- cache_from - images to consider as cache sources
- auto_tag: default build tags
- daemon_off: don't start the docker daemon
Example
The ECR plugin can be used to build and publish images to the Amazon ECR registry. The below pipeline configuration demonstrates simple usage:
- name: upload image to ECR
uses: appleboy/docker-ecr-action@master
with:
access_key: a50d28f4dd477bc184fbd10b376de753
secret_key: bc5785d3ece6a9cdefa42eb99b58986f9095ff1c
repo: bar
registry: <account_id>.dkr.ecr.us-east-1.amazonaws.com
Example configuration using multiple tags:
- name: upload image to ECR
uses: appleboy/docker-ecr-action@master
with:
repo: bar
registry: <account_id>.dkr.ecr.us-east-1.amazonaws.com
tags: "latest,1.0.1,1.0"
Override the default region:
- name: upload image to ECR
uses: appleboy/docker-ecr-action@master
with:
repo: bar
registry: <account_id>.dkr.ecr.us-east-1.amazonaws.com
region: us-east-1
Override the default Dockerfile path:
- name: upload image to ECR
uses: appleboy/docker-ecr-action@master
with:
repo: bar
registry: <account_id>.dkr.ecr.us-east-1.amazonaws.com
dockerfile: path/to/Dockerfile
Example configuration using build arguments:
- name: upload image to ECR
uses: appleboy/docker-ecr-action@master
with:
repo: bar
registry: <account_id>.dkr.ecr.us-east-1.amazonaws.com
build_args: "HTTP_PROXY=http://yourproxy.com"
Example configuration using docker cache:
- name: upload image to ECR
uses: appleboy/docker-ecr-action@master
with:
repo: bar
registry: <account_id>.dkr.ecr.us-east-1.amazonaws.com
cache_from: <account_id>.dkr.ecr.us-east-1.amazonaws.com/bar