As a follow-up to #14, we’d like to host our images on AWS ECR, but we are not able to login to ECR to pull the image from the lightsail instance.
It seems that what we need is a mechanism for

1. assigning the lightsail instance a specific IAM role
2. using aws api on the instance to get login credentials for ECR

Is this possible?

Hi,

Assigning an IAM role is not currently supported. However I've recently pushed support for private registries in the master branch of pullpreview/action. You can see how you would go about declaring a private registry (GitHub Registry Container in that case) in your workflow file in https://github.com/pullpreview/action/blob/master/.github/workflows/pullpreview.yml#L23

In the case of ECR, what I would do is have a pre-step in your GitHub workflow that generates an ECR token (GENERATED_SECRET), and then pass this to the registry URL (e.g. registries: "docker://${GENERATED_SECRET}@my.ecr.repo"). PullPreview will then automatically login to the registry before executing Docker Compose.

Don't forget to use pullpreview/action@master if you want to try it out.

Okay, thanks. I think the IAM role is more generally useful, but this makes sense, will try moving forward with this.

(I would gladly open a PR, but my ruby is pretty weak, could you give me a pointer where I’d go about doing this?)