You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We are generating one-time login AWS tokens in our Actions workflow.
Theoretically, we don't need aws_access_key_id and aws_secret_access_key. We need only aws_session_token to login into ECR because it has all needed for AWS information.
In practice:
docker/login-action <1.5: it worked fine to run the action without username, just passing registry url and aws_session_token as password
docker/login-action >=1.5: the action validates presence of username param, which we don't have.
Steps to reproduce this issue
Generate aws_session_token
Pass it to docker/login-action in password param, set registry param to be ecr url.
docker/login-action <1.5: it worked fine to run the action without username
Actually, username was already required since 1.4.0 because we're using --password-stdinwhich requires --username so I don't think it worked for <1.5.
Theoretically, we don't need aws_access_key_id and aws_secret_access_key. We need only aws_session_token to login into ECR because it has all needed for AWS information.
Are you on a self hosted runner? Because I don't see how python -c 'from boto3 import Session; print(Session().get_credentials().get_frozen_credentials().token)' can return a token. But we could solved this through #20.
Can you give me your entire workflow? Do you have a link to your repo?
Actually, username was already required since 1.4.0 because we're using --password-stdin which requires --username so I don't think it worked for <1.5.
My bad about this one, login against ECR is actually handled through AWS CLI. Will be fixed through #21.
Behaviour
We are generating one-time login AWS tokens in our Actions workflow.
Theoretically, we don't need aws_access_key_id and aws_secret_access_key. We need only aws_session_token to login into ECR because it has all needed for AWS information.
In practice:
aws_session_token
as passwordSteps to reproduce this issue
docker/login-action
inpassword
param, setregistry
param to be ecr url.Expected behaviour
Actual behaviour
Configuration
The text was updated successfully, but these errors were encountered: