New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Login doesn't support using EC2 instance credentials with ECR login #64
Comments
The environment variables are only overwritten if the username and password inputs are filled in.
Can you give me the complete output of the action please? Some logs are missing (like AWS cli version used). Also looking at the error it looks like |
I am also experiencing this issue with a self-hosted AWS EC2 running and using the AWS aws-actions/configure-aws-credentials@v1 for populating credentials. Example Configuration
Action Debug Logs
|
I've just realised that it must be using an outdated version of the AWS CLI 1.18.147 which comes pre-installed on my self-hosted running. I will try and upgrade the AWS CLI version as a workaround. UPDATE:Despite the upgrade I am still seeing this issue:
|
I'm running into the same issue.
If the self hosted running is using an IAM role then these environment variables would not be set as the EC2 should reuse the IAM role for authentication, no ? |
I did some testing to simulate what happens in the login-action Given this step below I will get the expected output (running on a self-hosted runner) - uses: actions/github-script@v5
with:
script: |
await exec.getExecOutput(await io.which('aws', true), ['sts', 'get-caller-identity'])
result-encoding: string
Where as if I added the process.env vars as the login-action does here the step fails - uses: actions/github-script@v5
with:
script: |
let username = ''
let password = ''
process.env.AWS_ACCESS_KEY_ID = username || process.env.AWS_ACCESS_KEY_ID;
process.env.AWS_SECRET_ACCESS_KEY = password || process.env.AWS_SECRET_ACCESS_KEY;
await exec.getExecOutput(await io.which('aws', true), ['sts', 'get-caller-identity'])
result-encoding: string
a simple change to how we set the env vars should resolve it - uses: actions/github-script@v5
with:
script: |
let username = ''
let password = ''
if (username) {
process.env.AWS_ACCESS_KEY_ID = username;
}
if (password) {
process.env.AWS_SECRET_ACCESS_KEY = password;
}
await exec.getExecOutput(await io.which('aws', true), ['sts', 'get-caller-identity'])
result-encoding: string Which will get me my EC2 credentials again :) Created a PR #114 |
Behaviour
I am using self-hosted runners with an IAM role attached (with ECR permissions) and the login action fails.
Steps to reproduce this issue
uses: docker/login-action@v1
Expected behaviour
The login should use the EC2 instance credentials and login to ECR.
Actual behaviour
The login action fails
IMO the action should not attempt to overwrite the env vars for AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY in this case.
I can make it work using this manual run step:
Configuration
Logs
Sorry private repo, I can't share the logs.
The text was updated successfully, but these errors were encountered: