Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Not worked with ECR actions

See original GitHub issue

After ECR login action, can pull and push images from ECR repository on run docker command directly. Maybe it required to support local ~/.docker/config.json But cannot pull and push on docker/build-push-action caused by no basic auth credentials error. My workflow is

  build_and_push_image:
    name: Build and push docker image to ECR.
    runs-on: ubuntu-latest
    steps:
      - name: Check out
        uses: actions/checkout@v2
      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-access-key-id: **********
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: us-east-1
      - name: Login to Amazon ECR
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v1
      - name: Pull from ECR (pull test)
        run: docker pull ${{ steps.login-ecr.outputs.registry }}/${{ secrets.REGISTRY }}:latest
      - name: Debug auth (pull test)
        run: cat ~/.docker/config.json
      - name: Build & Push
        uses: docker/build-push-action@v1
        with:
          repository: ${{ steps.login-ecr.outputs.registry }}/${{ secrets.REGISTRY }}
          add_git_labels: true
          tag_with_ref: true
      - name: Logout of Amazon ECR
        if: always()
        run: docker logout ${{ steps.login-ecr.outputs.registry }}

Successfully pull on command line: Pull from ECR (pull test)

Pull from ECR (pull test)6s
***.dkr.ecr.us-east-1.amazonaws.com/***:latest

...

18ebb058d5da: Pull complete
Digest: sha256:ac4754ea1154010603db8d7cbe07bb1a33954e59b088efab46445c69d8b0fc58
Status: Downloaded newer image for ***.dkr.ecr.us-east-1.amazonaws.com/***:latest
***.dkr.ecr.us-east-1.amazonaws.com/***:latest

Logged in to ECR: Debug auth (pull test)

Run cat ~/.docker/config.json
{
	"auths": {
		"***.dkr.ecr.us-east-1.amazonaws.com": {
			"auth": "***"
		}
	},
	"HttpHeaders": {
		"User-Agent": "Docker-Client/3.0.11+azure (linux)"
	}
}

Failed to push or pull on docker/build-push-action@v1

...

Successfully built a60891a407a2
Successfully tagged ***.dkr.ecr.us-east-1.amazonaws.com/***:topic-use_original_docker_actions
Pushing image [***.dkr.ecr.us-east-1.amazonaws.com/***:topic-use_original_docker_actions]
The push refers to repository [***.dkr.ecr.us-east-1.amazonaws.com/***]
no basic auth credentials
Error: exit status 1
Usage:
  github-actions build-push [flags]

Flags:
  -h, --help   help for build-push

exit status 1

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Reactions:16
  • Comments:23 (5 by maintainers)

github_iconTop GitHub Comments

12reactions
dfluffcommented, Feb 25, 2022

I haven’t been able to get this to work for me. I’m trying to use ECR as the cache repo of my multi-stage docker build. I’m not doing a push to the repo in this step, that happens later (…although I could change that if it makes it easier). I’ve been trying to use snippets from this thread as a guide but with no luck. I tried the following:

      - name: Login to Amazon ECR
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v1

      - name: Docker build using docker build layer cacheing
        uses: docker/build-push-action@v2
        env:
          DOCKER_BUILDKIT: 1
        with:
          registry: ${{ steps.login-ecr.outputs.registry }}
          repository: ${{ steps.login-ecr.outputs.registry }}/myproject-frontend
          context: .
          push: false
          build-args: |
            BUILD_APP_VERSION=${{ env.RELEASE_VERSION }}
          tags: |
            myproject-frontend:latest
            myproject-frontend:${{ env.RELEASE_VERSION }}
          cache-from: type=registry,ref=myproject-frontend:buildcache
          cache-to: type=registry,ref=myproject-frontend:buildcache,mode=max

This gave me the error Unexpected input(s) 'registry', 'repository', valid inputs are [<lotsofthings>] and ultimately a 401: authorization failed error.

Going by the error and since I couldn’t find mention of the registry or repository in the documentation for the docker/build-push-action@v2 action, I removed those inputs and tried moving them to the cache-to/from parameters instead, like so:

      - name: Login to Amazon ECR
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v1

      - name: Docker build using docker build layer cacheing
        uses: docker/build-push-action@v2
        env:
          DOCKER_BUILDKIT: 1
        with:
          context: .
          push: false
          build-args: |
            BUILD_APP_VERSION=${{ env.RELEASE_VERSION }}
          tags: |
            myproject-frontend:latest
            myproject-frontend:${{ env.RELEASE_VERSION }}
          cache-from: type=registry,ref=${{ steps.login-ecr.outputs.registry }}/myproject-frontend:buildcache
          cache-to: type=registry,ref=${{ steps.login-ecr.outputs.registry }}/myproject-frontend:buildcache,mode=max

This gave me a 400 bad request error: buildx failed with: error: failed to solve: error writing manifest blob: failed commit on ref "sha256:66ce855480d97b26457d6639cd3542ee6d8b0959e81d372111829f3aedd31a6e": unexpected status: 400 Bad Request

I’ve not been able to find any other documentation/examples of how to use ECR for the build cache. Can someone point me to where I’m going wrong?

9reactions
Surgocommented, May 30, 2020

It’s my temporary solution.

      - name: Login to Amazon ECR
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v1
      - name: Get ECR password (temporary)
        id: get-ecr-password
        run: echo "::set-output name=password::$(aws ecr get-login-password)"
      - name: Build & Push image
        uses: docker/build-push-action@v1
        with:
          registry: ${{ steps.login-ecr.outputs.registry }}
          repository: ${{ secrets.REGISTRY }}
          username: AWS  # temporary
          password: ${{ steps.get-ecr-password.outputs.password }}  # temporary
          add_git_labels: true
          tag_with_ref: true
Read more comments on GitHub >

github_iconTop Results From Across the Web

Troubleshooting Amazon Elastic Container Registry Identity ...
Use the following information to help you diagnose and fix common issues that you might encounter when working with Amazon ECR and IAM....
Read more >
Github actions fails when pushing docker image to ECR
I've already pushed images to the repository locally and it works, so I don't think anything is wrong on the AWS side of...
Read more >
Troubleshooting Amazon ECR identity and access
Use the following information to help you diagnose and fix common issues that you might encounter when working with Amazon ECR and IAM....
Read more >
Building and publishing a Docker image to ECR using GitHub ...
GitHub Actions allows code repositories to be part of a deployment process without additional work. GitHub Actions has several templates that ...
Read more >
AWS ECR Public Vulnerability - Lightspin Blog
Since Amazon ECR Public Gallery presents only public repository details, I would expect to see only ECR Public API actions, but that was...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Repository/image name should be lowercased automatically.

Next page

Support Windows image builds