amazon-ecr-login icon indicating copy to clipboard operation
amazon-ecr-login copied to clipboard

Published 20 hours ago verified publisher icon aws-actions

Change docker_username and docker_password output variables for ECR private repositories

Open pascalgulikers opened this issue 11 months ago • 3 comments

Is your feature request related to a problem? Please describe. We're having a reusable workflow in which we're pulling a base image from ECR from multiple AWS accounts. Passing the credentials to another job is hard, since the output variable is dynamic depending on the account on which the calling repo is authenticated to. I.e.

job-1:
    environment: ${{ needs.Initialize.outputs.environment }}
    runs-on: ubuntu-latest
    needs: [Initialize, Setup]
    permissions:
      contents: write
      packages: write
      pull-requests: write
      # This is used to complete the identity challenge
      # with sigstore/fulcio when running outside of PRs.
      id-token: write
    outputs:
      registry: ${{ steps.login-ecr.outputs.registry }}
### The following 2 lines of code isn't working as it seems
      docker_username: steps.login-ecr.outputs.docker_username_${{ needs.Setup.outputs.accountId }}_dkr_ecr_eu_central_1_amazonaws_com
      docker_password: steps.login-ecr.outputs.docker_password_${{ needs.Setup.outputs.accountId }}_dkr_ecr_eu_central_1_amazonaws_com
    steps:
      - name: 'Configure AWS Credentials'
        uses: aws-actions/configure-aws-credentials@v2
        with:
          aws-region: ${{ inputs.region }}
          role-to-assume: arn:aws:iam::${{ needs.Setup.outputs.accountId }}:role/${{ inputs.ghaIamRolePrefix }}-${{ github.event.repository.name }}
          role-session-name: GitHubActions
      - name: Login to Amazon ECR
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v1
        
job-2:
    environment: ${{ needs.Initialize.outputs.environment }}
    runs-on: [self-hosted, X64, Linux, default ]
    needs: [Initialize, Setup, job-1]
    container: 
      image: ***.dkr.ecr.eu-central-1.amazonaws.com/our_custom_baseimage:latest
      credentials:
        username: ${{ needs.job-1.outputs.docker_username }}
        password: ${{ needs.job-1.outputs.docker_password }}

Describe the solution you'd like Change the output variables for a private ECR to docker_username_private_ecr_aws and docker_password_private_ecr_aws respectively instead of a dynamic generated output variable.

pascalgulikers avatar Jul 28 '23 10:07 pascalgulikers