amazon-ecr-login icon indicating copy to clipboard operation
amazon-ecr-login copied to clipboard
verified publisher icon aws-actions

Masked ECR value after login

Open anuj-scanova opened this issue 3 years ago • 4 comments

Using as following in my actions workflow

jobs:
  build:
    name: Build Image
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-access-key-id: ${{ secrets.PROD_AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.PROD_AWS_SECRET_ACCESS_KEY }}
          aws-region: ${{ env.AWS_REGION }}

      - name: Login to Amazon ECR
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v1

      - name: Build, tag, and push image to Amazon ECR
        id: build-image
        env:
          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
          RELEASE_TAG: ${{ github.event.release.tag_name }}
          IMAGE_NAME: ${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}
        run: |
          # Build a docker container and
          # push it to ECR so that it can
          # be deployed to ECS.
          docker build -t $IMAGE_NAME:latest .
          docker tag $IMAGE_NAME:latest $IMAGE_NAME:$RELEASE_TAG
          docker push $IMAGE_NAME

But it gives error on pushing the image

Successfully built fc0461d2f287
Successfully tagged ***.dkr.ecr.us-west-2.amazonaws.com/qcg-backend:latest
Error parsing reference: "***.dkr.ecr.us-west-2.amazonaws.com/qcg-backend:" is not a valid repository/tag: invalid reference format
Error: Process completed with exit code 1.

It seems the value of ${{ steps.login-ecr.outputs.registry }} is masked ***.

anuj-scanova avatar Jun 22 '22 07:06 anuj-scanova

Is this expected? I am seeing the same thing.

xophere avatar Jul 02 '22 01:07 xophere

https://github.community/t/skip-output-aws-account-id-since-it-may-contain-secret/123791 This references the setting that causes this.

xophere avatar Jul 03 '22 14:07 xophere

@anuj-scanova, In version 1.5.1, @arjraman fixed a bug related to masking. Can you please try the latest version and let me know if this works for you? Use the following syntax in the yaml file as it automatically picks the latest version (1.X.X) uses: aws-actions/amazon-ecr-login@v1

monirul avatar Aug 08 '22 17:08 monirul

@anuj-scanova, I was able to replicate your issue. It seems like the 'RELEASE_TAG' environment variable is null. So it's not erroring on the push, but rather on the second tag.

This is what I got from my action logs when GitHub actions tried to resolve ${{ github.event.release.tag_name }}:

##[debug]Evaluating: github.event.release.tag_name
##[debug]Evaluating Index:
##[debug]..Evaluating Index:
##[debug]....Evaluating Index:
##[debug]......Evaluating github:
##[debug]......=> Object
##[debug]......Evaluating String:
##[debug]......=> 'event'
##[debug]....=> Object
##[debug]....Evaluating String:
##[debug]....=> 'release'
##[debug]..=> null
##[debug]=> null
##[debug]Result: null

arjraman avatar Aug 08 '22 18:08 arjraman