Skip to content

aws cli v2 support #39

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Feb 22, 2022
Merged

aws cli v2 support #39

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
c39893d
add support for aws cli v2 and fix unit tests
renkoh Feb 21, 2022
8f7c326
add tests for aws-cli v2
renkoh Feb 21, 2022
13835df
get region from environmnet
renkoh Feb 21, 2022
aa2614b
use get-login-password for all aws-cli versions, add region specifica…
renkoh Feb 21, 2022
ed70804
Apply suggestions from code review
renkoh Feb 21, 2022
51c995c
update docs to include region
renkoh Feb 22, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 15 additions & 1 deletion hooks/lib/ecr-registry-provider.bash
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,19 @@
login() {
$(aws ecr get-login --no-include-email)
local account_id
local region

account_id=$(aws sts get-caller-identity --query Account --output text)
region=$(get_ecr_region)

aws ecr get-login-password \
--region "${region}" \
| docker login \
--username AWS \
--password-stdin "${account_id}.dkr.ecr.${region}.amazonaws.com"
}

get_ecr_region() {
echo "${BUILDKITE_PLUGIN_DOCKER_ECR_CACHE_REGION:-${AWS_DEFAULT_REGION:-eu-west-1}}"
Copy link
Contributor Author

@renkoh renkoh Feb 21, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we've used eu-west-1 for consistency across the ECR plugins

}

get_registry_url() {
Expand Down
2 changes: 2 additions & 0 deletions plugin.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,4 +31,6 @@ configuration:
type: string
registry-hostname:
type: string
region:
type: string
required: []
112 changes: 106 additions & 6 deletions tests/ecr-registry-provider.bats
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,19 +10,22 @@ load "$PWD/hooks/lib/ecr-registry-provider.bash"
pre_command_hook="$PWD/hooks/pre-command"

@test "ECR: Applies lifecycle policy to existing repositories" {
export AWS_DEFAULT_REGION="ap-southeast-2"
export BUILDKITE_ORGANIZATION_SLUG="example-org"
export BUILDKITE_PIPELINE_SLUG="example-pipeline"
local expected_repository_name="build-cache/example-org/example-pipeline"

stub aws \
"ecr get-login --no-include-email : echo docker login -u AWS -p 1234 https://1234567891012.dkr.ecr.ap-southeast-2.amazonaws.com" \
"sts get-caller-identity --query Account --output text : echo 1234567891012" \
"ecr get-login-password --region ap-southeast-2 : echo secure-ecr-password" \
"ecr describe-repositories --repository-names ${expected_repository_name} --output text --query repositories[0].registryId : echo looked up repository" \
"ecr describe-repositories --repository-names ${expected_repository_name} --output text --query repositories[0].repositoryArn : echo arn:aws:ecr:ap-southeast-2:1234567891012:repository/${expected_repository_name}" \
"ecr tag-resource * : echo tag existing resource" \
"ecr put-lifecycle-policy * : echo put lifecycle policy" \
"ecr describe-repositories --repository-names ${expected_repository_name} --output text --query repositories[0].repositoryUri : echo https://1234567891012.dkr.ecr.ap-southeast-2.amazonaws.com"
"ecr describe-repositories --repository-names ${expected_repository_name} --output text --query repositories[0].repositoryUri : echo https://1234567891012.dkr.ecr.ap-southeast-2.amazonaws.com"

stub docker \
"login -u AWS -p 1234 https://1234567891012.dkr.ecr.ap-southeast-2.amazonaws.com : echo logging in to docker" \
"login --username AWS --password-stdin 1234567891012.dkr.ecr.ap-southeast-2.amazonaws.com : echo logging in to docker" \
"pull : echo pulled image"

stub sha1sum \
Expand All @@ -46,20 +49,69 @@ pre_command_hook="$PWD/hooks/pre-command"
}

@test "ECR: Builds new images with tags" {
export AWS_DEFAULT_REGION="ap-southeast-2"
export BUILDKITE_ORGANIZATION_SLUG="example-org"
export BUILDKITE_PIPELINE_SLUG="example-pipeline"
local expected_repository_name="build-cache/example-org/example-pipeline"
local repository_uri="1234567891012.dkr.ecr.ap-southeast-2.amazonaws.com/${expected_repository_name}"

stub aws \
"ecr get-login --no-include-email : echo docker login -u AWS -p 1234 https://1234567891012.dkr.ecr.ap-southeast-2.amazonaws.com" \
"sts get-caller-identity --query Account --output text : echo 1234567891012" \
"ecr get-login-password --region ap-southeast-2 : echo secure-ecr-password" \
"ecr describe-repositories --repository-names ${expected_repository_name} --output text --query repositories[0].registryId : echo looked up repository" \
"ecr describe-repositories --repository-names ${expected_repository_name} --output text --query repositories[0].repositoryArn : echo arn:aws:ecr:ap-southeast-2:1234567891012:repository/${expected_repository_name}" \
"ecr tag-resource * : echo tag existing resource" \
"ecr put-lifecycle-policy * : echo put lifecycle policy" \
"ecr describe-repositories --repository-names ${expected_repository_name} --output text --query repositories[0].repositoryUri : echo ${repository_uri}"
"ecr describe-repositories --repository-names ${expected_repository_name} --output text --query repositories[0].repositoryUri : echo ${repository_uri}" \

stub docker \
"login --username AWS --password-stdin 1234567891012.dkr.ecr.ap-southeast-2.amazonaws.com : echo logging in to docker" \
"pull : echo not found && false" \
"build * : echo building docker image" \
"tag ${repository_uri}:deadbee ${repository_uri}:latest : echo tagged latest" \
"push ${repository_uri}:deadbee : echo pushed deadbeef" \
"push ${repository_uri}:latest : echo pushed latest"

stub sha1sum \
"Dockerfile : echo 'sha1sum(Dockerfile)'" \
": echo sha1sum" \
": echo sha1sum" \
": echo deadbeef"

run "${pre_command_hook}"

assert_success
assert_output --partial "logging in to docker"
assert_output --partial "looked up repository"
assert_output --partial "building docker image"
assert_output --partial "tag existing resource"
assert_output --partial "put lifecycle policy"
assert_output --partial "tagged latest"
assert_output --partial "pushed deadbeef"
assert_output --partial "pushed latest"

unstub aws
unstub docker
unstub sha1sum
}

@test "ECR: Uses correct region when region not specified and AWS_DEFAULT_REGION not set" {
export BUILDKITE_ORGANIZATION_SLUG="example-org"
export BUILDKITE_PIPELINE_SLUG="example-pipeline"
local expected_repository_name="build-cache/example-org/example-pipeline"
local repository_uri="1234567891012.dkr.ecr.eu-west-1.amazonaws.com/${expected_repository_name}"

stub aws \
"sts get-caller-identity --query Account --output text : echo 1234567891012" \
"ecr get-login-password --region eu-west-1 : echo secure-ecr-password" \
"ecr describe-repositories --repository-names ${expected_repository_name} --output text --query repositories[0].registryId : echo looked up repository" \
"ecr describe-repositories --repository-names ${expected_repository_name} --output text --query repositories[0].repositoryArn : echo arn:aws:ecr:eu-west-1:1234567891012:repository/${expected_repository_name}" \
"ecr tag-resource * : echo tag existing resource" \
"ecr put-lifecycle-policy * : echo put lifecycle policy" \
"ecr describe-repositories --repository-names ${expected_repository_name} --output text --query repositories[0].repositoryUri : echo ${repository_uri}" \

stub docker \
"login -u AWS -p 1234 https://1234567891012.dkr.ecr.ap-southeast-2.amazonaws.com : echo logging in to docker" \
"login --username AWS --password-stdin 1234567891012.dkr.ecr.eu-west-1.amazonaws.com : echo logging in to docker" \
"pull : echo not found && false" \
"build * : echo building docker image" \
"tag ${repository_uri}:deadbee ${repository_uri}:latest : echo tagged latest" \
Expand Down Expand Up @@ -88,3 +140,51 @@ pre_command_hook="$PWD/hooks/pre-command"
unstub docker
unstub sha1sum
}

@test "ECR: Uses correct region when region is specified" {
export AWS_DEFAULT_REGION="ap-southeast-2"
export BUILDKITE_PLUGIN_DOCKER_ECR_CACHE_REGION="ap-southeast-1"
export BUILDKITE_ORGANIZATION_SLUG="example-org"
export BUILDKITE_PIPELINE_SLUG="example-pipeline"
local expected_repository_name="build-cache/example-org/example-pipeline"
local repository_uri="1234567891012.dkr.ecr.ap-southeast-1.amazonaws.com/${expected_repository_name}"

stub aws \
"sts get-caller-identity --query Account --output text : echo 1234567891012" \
"ecr get-login-password --region ap-southeast-1 : echo secure-ecr-password" \
"ecr describe-repositories --repository-names ${expected_repository_name} --output text --query repositories[0].registryId : echo looked up repository" \
"ecr describe-repositories --repository-names ${expected_repository_name} --output text --query repositories[0].repositoryArn : echo arn:aws:ecr:ap-southeast-1:1234567891012:repository/${expected_repository_name}" \
"ecr tag-resource * : echo tag existing resource" \
"ecr put-lifecycle-policy * : echo put lifecycle policy" \
"ecr describe-repositories --repository-names ${expected_repository_name} --output text --query repositories[0].repositoryUri : echo ${repository_uri}" \

stub docker \
"login --username AWS --password-stdin 1234567891012.dkr.ecr.ap-southeast-1.amazonaws.com : echo logging in to docker" \
"pull : echo not found && false" \
"build * : echo building docker image" \
"tag ${repository_uri}:deadbee ${repository_uri}:latest : echo tagged latest" \
"push ${repository_uri}:deadbee : echo pushed deadbeef" \
"push ${repository_uri}:latest : echo pushed latest"

stub sha1sum \
"Dockerfile : echo 'sha1sum(Dockerfile)'" \
": echo sha1sum" \
": echo sha1sum" \
": echo deadbeef"

run "${pre_command_hook}"

assert_success
assert_output --partial "logging in to docker"
assert_output --partial "looked up repository"
assert_output --partial "building docker image"
assert_output --partial "tag existing resource"
assert_output --partial "put lifecycle policy"
assert_output --partial "tagged latest"
assert_output --partial "pushed deadbeef"
assert_output --partial "pushed latest"

unstub aws
unstub docker
unstub sha1sum
}