search

aws-actions / amazon-ecr-login

Logs into Amazon ECR with the local Docker client.
MIT License
918 stars 175 forks source link

Single registry entry fails #27

Closed rbellamy closed 4 years ago

rbellamy commented 4 years ago

When working with a single registryId:

- name: Login to Amazon ECR
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v1
        with:
          registries: 012346789012

I get Invalid parameter at 'registryIds' failed to satisfy constraint: 'Member must satisfy constraint: [Member must satisfy regular expression pattern: [0-9]{12}]'. Yes, the registryId is twelve numeric digits.

When I remove the entry and rely on the default registry, it works.

clareliguori commented 4 years ago

Interesting, I was not able to reproduce that behavior in the " Login to Amazon ECR using explicit registry ID" step here: https://github.com/aws-actions/amazon-ecr-login/runs/453675212?check_suite_focus=true

Was there possibly extra whitespace around the registry ID in your workflow file? If you have CloudTrail turned on in your account, it would also be great to know what value the GetAuthorizationToken is actually receiving.

rbellamy commented 4 years ago

Good questions. There may have been a space in the ID. Also, I'm running in a self-hosted runner, and that runner is using an Instance Profile, so I'm not using the configure-aws-credentials action, therefore, am entering the registryId directly.

As for CloudTrail - the only events I see are from the successful push, which leads me to believe the action is targeting an invalid endpoint.

clareliguori commented 4 years ago

It looks like the Actions core library trims all inputs anyway, so I don't think an extra space would be the problem. https://github.com/actions/toolkit/blob/master/packages/core/src/core.ts#L74

It also looks like GetAuthorizationToken calls with invalid parameters don't actually get logged in CloudTrail. When I do aws ecr get-authorization-token --registry-ids 123456 --region us-west-2 manually, the call does not get logged, only successful calls.

Anyway, I added some debugging statements on the master branch to print out the actual registry IDs used in the call. In order to see them, you can set the secret ACTIONS_STEP_DEBUG to true in your repository and use aws-actions/amazon-ecr-login@master in your workflow file.

clareliguori commented 4 years ago

The debugging change has been deployed to the v1 tag

vdksystem commented 1 year ago

my account ID starts with 0 and in debug mode I see that 0 was removed