AmazonEC2ContainerRegistryPowerUser#259
Draft
gbr-na wants to merge 1 commit into
Draft
Conversation
…DC login
permissions:
id-token: write
contents: read
jobs:
# Assuming your 'lint' job runs first...
lint:
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v4
- name: Run Linter
run: |
echo "Running your linters here..."
# Your linting commands
# Appending the build and push steps as a separate job that depends on successful linting
build-and-push:
needs: lint
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v4
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::123456789012:role/github-actions-ecr-role # Change to your IAM Role ARN
aws-region: us-east-1 # Change to your ECR region
- name: Log in to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Build, Tag, and Push Image to Amazon ECR
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: my-ecr-repo-name # Change to your ECR repository name
IMAGE_TAG: ${{ github.sha }}
run: |
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add these permissions and steps to your lint.yml file. This pattern utilizes OIDC to connect securely without hardcoding permanent AWS access keys. [1]
Configure AWS Identity Provider: Ensure you have configured OpenID Connect (OIDC) inside your AWS IAM management console for GitHub Actions.Assign Registry Permissions: The IAM role being assumed (role-to-assume) must haveVerify the Repository: The value in ECR_REPOSITORY must match an existing private or public repository explicitly created within your Amazon ECR console. [1, 2, 3, 4, 5]