/docker-ecr-action

Publish Docker Images to the Amazon Elastic Container Registry (ECR)

Primary LanguageDockerfileMIT LicenseMIT

🚀 Docker ECR for GitHub Actions

GitHub Action for uploading Docker Image to Amazon Elastic Container Registry (ECR).

Docker ECR

Amazon ECR

What is ECR

Amazon Elastic Container Registry (ECR) is a fully-managed Docker container registry that makes it easy for developers to store, manage, and deploy Docker container images. Amazon ECR is integrated with Amazon Elastic Container Service (ECS), simplifying your development to production workflow. Amazon ECR eliminates the need to operate your own container repositories or worry about scaling the underlying infrastructure. Amazon ECR hosts your images in a highly available and scalable architecture, allowing you to reliably deploy containers for your applications. Integration with AWS Identity and Access Management (IAM) provides resource-level control of each repository. With Amazon ECR, there are no upfront fees or commitments. You pay only for the amount of data you store in your repositories and data transferred to the Internet. See the more detail information.

Permissions

The following minimum permissions are required for loggin, pushing and pulling images in an ECR repository:

{
   "Version":"2012-10-17",
   "Statement":[
      {
         "Sid":"AllowPush",
         "Effect":"Allow",
         "Action":[
            "ecr:GetDownloadUrlForLayer",
            "ecr:BatchGetImage",
            "ecr:BatchCheckLayerAvailability",
            "ecr:PutImage",
            "ecr:InitiateLayerUpload",
            "ecr:UploadLayerPart",
            "ecr:CompleteLayerUpload"
         ],
         "Resource":"arn:aws:ecr:us-east-1:123456789012:repository/my-repo"
      },
      {
         "Sid":"GetAuthorizationToken",
         "Effect":"Allow",
         "Action":[
            "ecr:GetAuthorizationToken"
         ],
         "Resource":"*"
      }
   ]
}

Usage

Upload docker image to Amazon Elastic Container Registry (ECR)

- name: upload image to ECR
  uses: appleboy/docker-ecr-action@master
  with:
    access_key: ${{ secrets.aws_access_key_id }}
    secret_key: ${{ secrets.aws_secret_access_key }}
    registry: ${{ secrets.registry }}
    cache_from: ${{ secrets.cache }}
    repo: api-sample
    region: ap-northeast-1
    auto_tag: true
    daemon_off: false
    dockerfile: example/Dockerfile
    context: example

Input variables

  • access_key - amazon access key
  • secret_key - amazon secret access key
  • registry - amazone docker registry url
  • region - amazon region, defaults to us-east-1
  • repo - repository name for the image
  • lifecycle_policy - filename of ecr lifecycle json policy
  • repository_policy - filename of ecr repository json policy
  • tags - repository tag for the image, defaults to latest
  • dockerfile - dockerfile to be used, defaults to Dockerfile
  • auth - auth token for the registry
  • context - the context path to use, defaults to root of the git repo
  • force_tag - replace existing matched image tags
  • insecure - enable insecure communication to this registry
  • mirror - use a mirror registry instead of pulling images directly from the central Hub
  • bip - use for pass bridge ip
  • custom_dns - set custom dns servers for the container
  • storage_driver - supports aufs, overlay or vfs drivers
  • build_args - custom arguments passed to docker build
  • cache_from - images to consider as cache sources
  • auto_tag: default build tags
  • daemon_off: don't start the docker daemon

Example

The ECR plugin can be used to build and publish images to the Amazon ECR registry. The below pipeline configuration demonstrates simple usage:

- name: upload image to ECR
  uses: appleboy/docker-ecr-action@master
  with:
    access_key: a50d28f4dd477bc184fbd10b376de753
    secret_key: bc5785d3ece6a9cdefa42eb99b58986f9095ff1c
    repo: bar
    registry: <account_id>.dkr.ecr.us-east-1.amazonaws.com

Example configuration using multiple tags:

- name: upload image to ECR
  uses: appleboy/docker-ecr-action@master
  with:
    repo: bar
    registry: <account_id>.dkr.ecr.us-east-1.amazonaws.com
    tags: "latest,1.0.1,1.0"

Override the default region:

- name: upload image to ECR
  uses: appleboy/docker-ecr-action@master
  with:
    repo: bar
    registry: <account_id>.dkr.ecr.us-east-1.amazonaws.com
    region: us-east-1

Override the default Dockerfile path:

- name: upload image to ECR
  uses: appleboy/docker-ecr-action@master
  with:
    repo: bar
    registry: <account_id>.dkr.ecr.us-east-1.amazonaws.com
    dockerfile: path/to/Dockerfile

Example configuration using build arguments:

- name: upload image to ECR
  uses: appleboy/docker-ecr-action@master
  with:
    repo: bar
    registry: <account_id>.dkr.ecr.us-east-1.amazonaws.com
    build_args: "HTTP_PROXY=http://yourproxy.com"

Example configuration using docker cache:

- name: upload image to ECR
  uses: appleboy/docker-ecr-action@master
  with:
    repo: bar
    registry: <account_id>.dkr.ecr.us-east-1.amazonaws.com
    cache_from: <account_id>.dkr.ecr.us-east-1.amazonaws.com/bar