From 72e2752b00645324204f0a57bc5ef9f1d48a5150 Mon Sep 17 00:00:00 2001 From: Matt Moore Date: Mon, 16 Jan 2023 09:47:25 -0800 Subject: [PATCH] Feature: Add ECR presubmit testing. (#934) :gift: This leverages OIDC federation to enable presubmit testing against ECR. /kind feature --- .github/workflows/registries.yaml | 39 +++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/.github/workflows/registries.yaml b/.github/workflows/registries.yaml index 740d9cd448..c0a0a5d70c 100644 --- a/.github/workflows/registries.yaml +++ b/.github/workflows/registries.yaml @@ -5,6 +5,7 @@ on: branches: ['main'] push: branches: ['main'] + workflow_dispatch: # Allow manual runs. jobs: @@ -43,3 +44,41 @@ jobs: run: | echo ${DOCKERHUB_PASSWORD} | go run ./ login --username=${DOCKERHUB_USERNAME} --password-stdin index.docker.io go run ./ build --platform=all ./test/ --bare + + ecr: + name: Push to ECR + runs-on: ubuntu-latest + env: + # This is an AWS account that Chainguard provides to enable + # go-containerregistry and ko to test ECR support. + AWS_ACCOUNT: 479305788615 + AWS_REGION: us-west-2 + REPOSITORY: ko-ecr-e2e-testing + + permissions: + # This lets us clone the repo + contents: read + # This lets us mint identity tokens for federation with AWS. + id-token: write + + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-go@v3 + with: + go-version: 1.18 + check-latest: true + + - name: Install ko + run: go install . + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v1.7.0 + with: + role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT }}:role/federated-ecr-readwrite + aws-region: ${{ env.AWS_REGION }} + + - name: Test ko build + run: | + export KO_DOCKER_REPO=${{ env.AWS_ACCOUNT }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com/${{ env.REPOSITORY }} + + ko build --bare ./test