Package ECR Credential Helper in the Finch VM

[ollypom]

What is the problem you're trying to solve?. Finch should include the ECR credential helper binary in the Finch VM image to save a user having to either install it manually or do a finch login every 12 hours. This issue could be expanded to package all credential helpers (ECR, ACR and GCR) in the VM image if there is demand.

The current way to provide an ECR token to Finch is:

$ aws ecr get-login-password --region <region> | finch login --username AWS --password-stdin <accountid>.dkr.ecr.<region>.amazonaws.com

As a workaround, the ECR Credential Helper could be installed in the VM manually (via a Shell into the VM) or by using a lima user script. An example of using a Lima User Script is to edit /Application/Finch/os/finch.yaml and add:

<snip>
- mode: user
  script: |
    #!/bin/bash
    CREDHELPER="/usr/local/bin/docker-credential-ecr-login"
    if ! [[ -f $CREDHELPER ]]; then
      curl -C - --output docker-credential-ecr-login https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.6.0/linux-arm64/docker-credential-ecr-login
      chmod +x docker-credential-ecr-login
      sudo mv ./docker-credential-ecr-login $CREDHELPER
    fi

    [ -L $HOME/.aws ] || ln -s  $(echo "/Users/$(whoami)/.aws") $HOME/.aws
    [ -L $HOME/.docker ] || ln -s  $(echo "/Users/$(whoami)/.finch") $HOME/.docker

And the reinitialize a VM with finch vm stop, finch vm remove, finch vm init.

You also need to update your docker credential file located at /Users/<user>/.finch/config.json, there are examples in the ecr credential helper repo. My file looks like:

{
        "credsStore": "ecr-login"
}

Describe the feature you'd like The docker-credential-ecr-login package to already be in the VM, with the relevant links to the $HOME/.aws and $HOME/.docker directories.