Merge pull request #21 from crazy-max/handle-aws-env

tonistiigi · web-flow · commit adb73476b6e0 · 2020-10-20T09:14:56.000-07:00
Handle AWS credentials
diff --git a/.github/docker-login.png b/.github/docker-login.png
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -117,3 +117,34 @@ jobs:
 #        if: always()
 #        run: |
 #          rm -f ${HOME}/.docker/config.json
+#
+#  ecr-aws-creds:
+#    runs-on: ${{ matrix.os }}
+#    strategy:
+#      fail-fast: false
+#      matrix:
+#        os:
+#          - ubuntu-20.04
+#          - ubuntu-18.04
+#          - ubuntu-16.04
+#    steps:
+#      -
+#        name: Checkout
+#        uses: actions/checkout@v2.3.1
+#      -
+#        name: Configure AWS Credentials
+#        uses: aws-actions/configure-aws-credentials@v1
+#        with:
+#          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+#          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+#          aws-region: ${{ secrets.AWS_REGION }}
+#      -
+#        name: Login to ECR
+#        uses: ./
+#        with:
+#          registry: ${{ secrets.AWS_ACCOUNT_NUMBER }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com
+#      -
+#        name: Clear
+#        if: always()
+#        run: |
+#          rm -f ${HOME}/.docker/config.json
diff --git a/README.md b/README.md
@@ -213,6 +213,34 @@ jobs:
           password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
 ```
 
+You can also use the [Configure AWS Credentials](https://github.com/aws-actions/configure-aws-credentials) action in
+combination with this action:
+
+```yaml
+name: ci
+
+on:
+  push:
+    branches: master
+
+jobs:
+  login:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: <region>
+      -
+        name: Login to ECR
+        uses: docker/login-action@v1
+        with:
+          registry: <aws-account-number>.dkr.ecr.<region>.amazonaws.com
+```
+
 > Replace `<aws-account-number>` and `<region>` with their respective values.
 
 ## Customizing
diff --git a/__tests__/context.test.ts b/__tests__/context.test.ts
@@ -2,20 +2,7 @@ import osm = require('os');
 
 import {getInputs} from '../src/context';
 
-test('without username getInputs throws errors', async () => {
-  expect(() => {
-    getInputs();
-  }).toThrowError('Input required and not supplied: username');
-});
-
-test('without password getInputs throws errors', async () => {
-  process.env['INPUT_USERNAME'] = 'dbowie';
-  expect(() => {
-    getInputs();
-  }).toThrowError('Input required and not supplied: password');
-});
-
-test('with password and username getInputs does not error', async () => {
+test('with password and username getInputs does not throw error', async () => {
   process.env['INPUT_USERNAME'] = 'dbowie';
   process.env['INPUT_PASSWORD'] = 'groundcontrol';
   expect(() => {
diff --git a/__tests__/main.test.ts b/__tests__/main.test.ts
@@ -17,29 +17,15 @@ test('errors when not run on linux platform', async () => {
   expect(coreSpy).toHaveBeenCalledWith('Only supported on linux platform');
 });
 
-test('errors without username', async () => {
+test('errors without username and password', async () => {
   const platSpy = jest.spyOn(osm, 'platform');
   platSpy.mockImplementation(() => 'linux');
 
   const coreSpy: jest.SpyInstance = jest.spyOn(core, 'setFailed');
 
   await run();
 
-  expect(coreSpy).toHaveBeenCalledWith('Input required and not supplied: username');
-});
-
-test('errors without password', async () => {
-  const platSpy = jest.spyOn(osm, 'platform');
-  platSpy.mockImplementation(() => 'linux');
-
-  const coreSpy: jest.SpyInstance = jest.spyOn(core, 'setFailed');
-
-  const username: string = 'dbowie';
-  process.env[`INPUT_USERNAME`] = username;
-
-  await run();
-
-  expect(coreSpy).toHaveBeenCalledWith('Input required and not supplied: password');
+  expect(coreSpy).toHaveBeenCalledWith('Username and password required');
 });
 
 test('successful with username and password', async () => {
@@ -79,7 +65,7 @@ test('calls docker login', async () => {
   const password: string = 'groundcontrol';
   process.env[`INPUT_PASSWORD`] = password;
 
-  const registry: string = 'https://ghcr.io';
+  const registry: string = 'ghcr.io';
   process.env[`INPUT_REGISTRY`] = registry;
 
   const logout: string = 'true';
diff --git a/action.yml b/action.yml
@@ -12,10 +12,10 @@ inputs:
     required: false
   username:
     description: 'Username used to log against the Docker registry'
-    required: true
+    required: false
   password:
     description: 'Password or personal access token used to log against the Docker registry'
-    required: true
+    required: false
   logout:
     description: 'Log out from the Docker registry at the end of a job'
     default: 'true'
diff --git a/dist/index.js b/dist/index.js
diff --git a/src/context.ts b/src/context.ts
@@ -10,8 +10,8 @@ export interface Inputs {
 export function getInputs(): Inputs {
   return {
     registry: core.getInput('registry'),
-    username: core.getInput('username', {required: true}),
-    password: core.getInput('password', {required: true}),
+    username: core.getInput('username'),
+    password: core.getInput('password'),
     logout: core.getInput('logout')
   };
 }
diff --git a/src/docker.ts b/src/docker.ts
@@ -19,10 +19,12 @@ export async function logout(registry: string): Promise<void> {
 }
 
 export async function loginStandard(registry: string, username: string, password: string): Promise<void> {
-  let loginArgs: Array<string> = ['login', '--password-stdin'];
-  if (username) {
-    loginArgs.push('--username', username);
+  if (!username || !password) {
+    throw new Error('Username and password required');
   }
+
+  let loginArgs: Array<string> = ['login', '--password-stdin'];
+  loginArgs.push('--username', username);
   loginArgs.push(registry);
 
   if (registry) {
@@ -44,8 +46,8 @@ export async function loginECR(registry: string, username: string, password: str
   const region = await aws.getRegion(registry);
   core.info(`💡 AWS ECR detected with ${region} region`);
 
-  process.env.AWS_ACCESS_KEY_ID = username;
-  process.env.AWS_SECRET_ACCESS_KEY = password;
+  process.env.AWS_ACCESS_KEY_ID = username || process.env.AWS_ACCESS_KEY_ID;
+  process.env.AWS_SECRET_ACCESS_KEY = password || process.env.AWS_SECRET_ACCESS_KEY;
 
   core.info(`⬇️ Retrieving docker login command through AWS CLI ${cliVersion} (${cliPath})...`);
   const loginCmd = await aws.getDockerLoginCmd(cliVersion, registry, region);
