├── example ├── go.mod ├── main.go ├── Dockerfile └── go.sum ├── entrypoint.sh ├── images └── Amazon_ECR.png ├── Dockerfile ├── .github └── workflows │ └── ci.yml ├── LICENSE ├── action.yml └── README.md /example/go.mod: -------------------------------------------------------------------------------- 1 | module gin 2 | 3 | go 1.14 4 | 5 | require github.com/gin-gonic/gin v1.7.0 6 | -------------------------------------------------------------------------------- /entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | set -eu 4 | 5 | /usr/local/bin/dockerd-entrypoint.sh /bin/drone-ecr 6 | -------------------------------------------------------------------------------- /images/Amazon_ECR.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/appleboy/docker-ecr-action/HEAD/images/Amazon_ECR.png -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM appleboy/drone-ecr 2 | 3 | COPY entrypoint.sh /entrypoint.sh 4 | RUN chmod +x /entrypoint.sh 5 | ENTRYPOINT ["/entrypoint.sh"] 6 | -------------------------------------------------------------------------------- /example/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "net/http" 5 | 6 | "github.com/gin-gonic/gin" 7 | ) 8 | 9 | func main() { 10 | r := gin.Default() 11 | r.GET("/ping", func(c *gin.Context) { 12 | c.JSON(http.StatusOK, gin.H{ 13 | "message": "pong", 14 | }) 15 | }) 16 | r.Run() // listen and serve on 0.0.0.0:8080 (for windows "localhost:8080") 17 | } 18 | -------------------------------------------------------------------------------- /example/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM golang:1.14-alpine 2 | 3 | LABEL maintainer="Bo-Yi Wu " 4 | 5 | RUN apk add bash ca-certificates git gcc g++ libc-dev 6 | WORKDIR /app 7 | # Force the go compiler to use modules 8 | ENV GO111MODULE=on 9 | # We want to populate the module cache based on the go.{mod,sum} files. 10 | COPY go.mod . 11 | COPY go.sum . 12 | COPY main.go . 13 | 14 | ENV GOOS=linux 15 | ENV GOARCH=amd64 16 | RUN go build -o /app -tags netgo -ldflags '-w -extldflags "-static"' . 17 | 18 | CMD ["/app"] 19 | -------------------------------------------------------------------------------- /.github/workflows/ci.yml: -------------------------------------------------------------------------------- 1 | name: Docker ECR 2 | on: [push] 3 | jobs: 4 | 5 | build: 6 | name: Build 7 | runs-on: ubuntu-latest 8 | steps: 9 | - uses: actions/checkout@master 10 | - name: upload image to ECR 11 | uses: ./ 12 | with: 13 | access_key: ${{ secrets.aws_access_key_id }} 14 | secret_key: ${{ secrets.aws_secret_access_key }} 15 | registry: ${{ secrets.registry }} 16 | cache_from: ${{ secrets.cache }} 17 | repo: api-sample 18 | region: ap-northeast-1 19 | auto_tag: true 20 | daemon_off: false 21 | dockerfile: example/Dockerfile 22 | context: example 23 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 Bo-Yi Wu 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /action.yml: -------------------------------------------------------------------------------- 1 | name: 'Docker ECR' 2 | description: 'Upload Docker Image to Amazon Elastic Container Registry (ECR)' 3 | author: 'Bo-Yi Wu' 4 | inputs: 5 | access_key: 6 | description: 'amazon access key' 7 | secret_key: 8 | description: 'amazon secret access key' 9 | registry: 10 | description: 'docker registry' 11 | region: 12 | description: 'amazon region, defaults to us-east-1' 13 | default: 'us-east-1' 14 | repo: 15 | description: 'repository name for the image' 16 | lifecycle_policy: 17 | description: 'filename of ecr lifecycle json policy' 18 | repository_policy: 19 | description: 'filename of ecr repository json policy' 20 | tags: 21 | description: 'repository tag for the image, defaults to latest' 22 | default: 'latest' 23 | dockerfile: 24 | description: 'dockerfile to be used, defaults to Dockerfile' 25 | default: 'Dockerfile' 26 | auth: 27 | description: 'auth token for the registry' 28 | context: 29 | description: 'the context path to use, defaults to root of the git repo' 30 | default: '.' 31 | force_tag: 32 | description: 'replace existing matched image tags' 33 | insecure: 34 | description: 'enable insecure communication to this registry' 35 | mirror: 36 | description: 'use a mirror registry instead of pulling images directly from the central Hub' 37 | bip: 38 | description: 'use for pass bridge ip' 39 | custom_dns: 40 | description: 'set custom dns servers for the container' 41 | storage_driver: 42 | description: 'supports aufs, overlay or vfs drivers' 43 | cache_from: 44 | description: 'images to consider as cache sources' 45 | auto_tag: 46 | description: 'default build tags' 47 | daemon_off: 48 | description: 'do not start the docker daemon' 49 | 50 | runs: 51 | using: 'docker' 52 | image: 'Dockerfile' 53 | 54 | branding: 55 | icon: 'cloud' 56 | color: 'orange' 57 | -------------------------------------------------------------------------------- /example/go.sum: -------------------------------------------------------------------------------- 1 | github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 2 | github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= 3 | github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 4 | github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE= 5 | github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI= 6 | github.com/gin-gonic/gin v1.7.0 h1:jGB9xAJQ12AIGNB4HguylppmDK1Am9ppF7XnGXXJuoU= 7 | github.com/gin-gonic/gin v1.7.0/go.mod h1:jD2toBW3GZUr5UMcdrwQA10I7RuaFOl/SGeDjXkfUtY= 8 | github.com/go-playground/assert/v2 v2.0.1 h1:MsBgLAaY856+nPRTKrp3/OZK38U/wa0CcBYNjji3q3A= 9 | github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4= 10 | github.com/go-playground/locales v0.13.0 h1:HyWk6mgj5qFqCT5fjGBuRArbVDfE4hi8+e8ceBS/t7Q= 11 | github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8= 12 | github.com/go-playground/universal-translator v0.17.0 h1:icxd5fm+REJzpZx7ZfpaD876Lmtgy7VtROAbHHXk8no= 13 | github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA= 14 | github.com/go-playground/validator/v10 v10.4.1 h1:pH2c5ADXtd66mxoE0Zm9SUhxE20r7aM3F26W0hOn+GE= 15 | github.com/go-playground/validator/v10 v10.4.1/go.mod h1:nlOn6nFhuKACm19sB/8EGNn9GlaMV7XkbRSipzJ0Ii4= 16 | github.com/golang/protobuf v1.3.3 h1:gyjaxf+svBWX08ZjK86iN9geUJF0H6gp2IRKX6Nf6/I= 17 | github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= 18 | github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= 19 | github.com/json-iterator/go v1.1.9 h1:9yzud/Ht36ygwatGx56VwCZtlI/2AD15T1X2sjSuGns= 20 | github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= 21 | github.com/leodido/go-urn v1.2.0 h1:hpXL4XnriNwQ/ABnpepYM/1vCLWNDfUNts8dX3xTG6Y= 22 | github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII= 23 | github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY= 24 | github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= 25 | github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421 h1:ZqeYNhU3OHLH3mGKHDcjJRFFRrJa6eAM5H+CtDdOsPc= 26 | github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= 27 | github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742 h1:Esafd1046DLDQ0W1YjYsBW+p8U2u7vzgW2SQVmlNazg= 28 | github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= 29 | github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= 30 | github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= 31 | github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= 32 | github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= 33 | github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk= 34 | github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= 35 | github.com/ugorji/go v1.1.7 h1:/68gy2h+1mWMrwZFeD1kQialdSzAb432dtpeJ42ovdo= 36 | github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw= 37 | github.com/ugorji/go/codec v1.1.7 h1:2SvQaVZ1ouYrrKKwoSk2pzd4A9evlKJb9oTL+OaLUSs= 38 | github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY= 39 | golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= 40 | golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI= 41 | golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= 42 | golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= 43 | golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 44 | golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 45 | golang.org/x/sys v0.0.0-20200116001909-b77594299b42 h1:vEOn+mP2zCOVzKckCZy6YsCtDblrpj/w7B9nxGNELpg= 46 | golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 47 | golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= 48 | golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= 49 | golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= 50 | gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= 51 | gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= 52 | gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= 53 | gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= 54 | gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= 55 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # 🚀 Docker ECR for GitHub Actions 2 | 3 | [GitHub Action](https://developer.github.com/actions/) for uploading Docker Image to Amazon Elastic Container Registry (ECR). 4 | 5 | ![Docker ECR](https://github.com/appleboy/docker-ecr-action/workflows/Docker%20ECR/badge.svg?branch=master&event=push) 6 | 7 | ![Amazon ECR](./images/Amazon_ECR.png) 8 | 9 | ## What is ECR 10 | 11 | Amazon Elastic Container Registry (ECR) is a fully-managed Docker container registry that makes it easy for developers to store, manage, and deploy Docker container images. Amazon ECR is integrated with Amazon Elastic Container Service (ECS), simplifying your development to production workflow. Amazon ECR eliminates the need to operate your own container repositories or worry about scaling the underlying infrastructure. Amazon ECR hosts your images in a highly available and scalable architecture, allowing you to reliably deploy containers for your applications. Integration with AWS Identity and Access Management (IAM) provides resource-level control of each repository. With Amazon ECR, there are no upfront fees or commitments. You pay only for the amount of data you store in your repositories and data transferred to the Internet. See the more [detail information](https://aws.amazon.com/ecr/). 12 | 13 | ## Permissions 14 | 15 | The following minimum permissions are required for loggin, pushing and pulling images in an ECR repository: 16 | 17 | ```json 18 | { 19 | "Version":"2012-10-17", 20 | "Statement":[ 21 | { 22 | "Sid":"AllowPush", 23 | "Effect":"Allow", 24 | "Action":[ 25 | "ecr:GetDownloadUrlForLayer", 26 | "ecr:BatchGetImage", 27 | "ecr:BatchCheckLayerAvailability", 28 | "ecr:PutImage", 29 | "ecr:InitiateLayerUpload", 30 | "ecr:UploadLayerPart", 31 | "ecr:CompleteLayerUpload" 32 | ], 33 | "Resource":"arn:aws:ecr:us-east-1:123456789012:repository/my-repo" 34 | }, 35 | { 36 | "Sid":"GetAuthorizationToken", 37 | "Effect":"Allow", 38 | "Action":[ 39 | "ecr:GetAuthorizationToken" 40 | ], 41 | "Resource":"*" 42 | } 43 | ] 44 | } 45 | ``` 46 | 47 | ## Usage 48 | 49 | Upload docker image to Amazon Elastic Container Registry (ECR) 50 | 51 | ```yml 52 | - name: upload image to ECR 53 | uses: appleboy/docker-ecr-action@master 54 | with: 55 | access_key: ${{ secrets.aws_access_key_id }} 56 | secret_key: ${{ secrets.aws_secret_access_key }} 57 | registry: ${{ secrets.registry }} 58 | cache_from: ${{ secrets.cache }} 59 | repo: api-sample 60 | region: ap-northeast-1 61 | auto_tag: true 62 | daemon_off: false 63 | dockerfile: example/Dockerfile 64 | context: example 65 | ``` 66 | 67 | ## Input variables 68 | 69 | * access_key - amazon access key 70 | * secret_key - amazon secret access key 71 | * registry - amazone docker registry url 72 | * region - amazon region, defaults to us-east-1 73 | * repo - repository name for the image 74 | * lifecycle_policy - filename of ecr lifecycle json policy 75 | * repository_policy - filename of ecr repository json policy 76 | * tags - repository tag for the image, defaults to latest 77 | * dockerfile - dockerfile to be used, defaults to Dockerfile 78 | * auth - auth token for the registry 79 | * context - the context path to use, defaults to root of the git repo 80 | * force_tag - replace existing matched image tags 81 | * insecure - enable insecure communication to this registry 82 | * mirror - use a mirror registry instead of pulling images directly from the central Hub 83 | * bip - use for pass bridge ip 84 | * custom_dns - set custom dns servers for the container 85 | * storage_driver - supports aufs, overlay or vfs drivers 86 | * build_args - custom arguments passed to docker build 87 | * cache_from - images to consider as cache sources 88 | * auto_tag: default build tags 89 | * daemon_off: don't start the docker daemon 90 | 91 | ## Example 92 | 93 | The ECR plugin can be used to build and publish images to the Amazon ECR registry. The below pipeline configuration demonstrates simple usage: 94 | 95 | ```yaml 96 | - name: upload image to ECR 97 | uses: appleboy/docker-ecr-action@master 98 | with: 99 | access_key: a50d28f4dd477bc184fbd10b376de753 100 | secret_key: bc5785d3ece6a9cdefa42eb99b58986f9095ff1c 101 | repo: bar 102 | registry: .dkr.ecr.us-east-1.amazonaws.com 103 | ``` 104 | 105 | Example configuration using multiple tags: 106 | 107 | ```yaml 108 | - name: upload image to ECR 109 | uses: appleboy/docker-ecr-action@master 110 | with: 111 | repo: bar 112 | registry: .dkr.ecr.us-east-1.amazonaws.com 113 | tags: "latest,1.0.1,1.0" 114 | ``` 115 | 116 | Override the default region: 117 | 118 | ```yaml 119 | - name: upload image to ECR 120 | uses: appleboy/docker-ecr-action@master 121 | with: 122 | repo: bar 123 | registry: .dkr.ecr.us-east-1.amazonaws.com 124 | region: us-east-1 125 | ``` 126 | 127 | Override the default Dockerfile path: 128 | 129 | ```yaml 130 | - name: upload image to ECR 131 | uses: appleboy/docker-ecr-action@master 132 | with: 133 | repo: bar 134 | registry: .dkr.ecr.us-east-1.amazonaws.com 135 | dockerfile: path/to/Dockerfile 136 | ``` 137 | 138 | Example configuration using build arguments: 139 | 140 | ```yaml 141 | - name: upload image to ECR 142 | uses: appleboy/docker-ecr-action@master 143 | with: 144 | repo: bar 145 | registry: .dkr.ecr.us-east-1.amazonaws.com 146 | build_args: "HTTP_PROXY=http://yourproxy.com" 147 | ``` 148 | 149 | Example configuration using docker cache: 150 | 151 | ```yaml 152 | - name: upload image to ECR 153 | uses: appleboy/docker-ecr-action@master 154 | with: 155 | repo: bar 156 | registry: .dkr.ecr.us-east-1.amazonaws.com 157 | cache_from: .dkr.ecr.us-east-1.amazonaws.com/bar 158 | ``` 159 | --------------------------------------------------------------------------------