GitHub Action to get the needed ecr short lived (12 hrs) token so containers can be used natively from Amazon ECR.
Use an IAM user with the ability to download from ECR.
Then create and download access keys and save AWS_ACCESS_KEY_ID
and AWS_SECRET_ACCESS_KEY
as secrets
in your GitHub repo.
name: Build using Amazon ECR Container
on:
push:
branches: main
jobs:
login:
runs-on: ubuntu-latest
outputs:
token: ${{ steps.ecr.outputs.token }}
steps:
-
name: Get token to login to Amazon ECR
uses: PhutureCorp/ecr-login-token@v0.8.0
with:
registry: <aws-account-number>.dkr.ecr.<region>.amazonaws.com
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
build:
runs-on: ubuntu-latest
needs: login
container:
image: <aws-account-number>.dkr.ecr.<region>.amazonaws.com/<image>:<version>
credentials:
username: AWS
password: ${{ needs.login.outputs.token }}
steps:
- name: Check out code
uses: actions/checkout@v2
Replace
<aws-account-number>
and<region>
with their respective values.
Following inputs can be used as step.with
keys
Name | Type | Default | Description |
---|---|---|---|
registry |
String | Server address of Docker registry. If not set then will default to Docker Hub | |
username |
String | Username used to log against the Docker registry | |
password |
String | Password or personal access token used to log against the Docker registry |
Since Dependabot
has native GitHub Actions support,
to enable it on your GitHub repo all you need to do is add the .github/dependabot.yml
file:
version: 2
updates:
# Maintain dependencies for GitHub Actions
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"
None So Far