mirror of
				https://github.com/docker/login-action.git
				synced 2025-10-26 04:47:37 +08:00 
			
		
		
		
	Merge pull request #114 from Flydiverny/fix-ec2-instance-credentials
fix(ecr): use ec2 instance credentials when no credentials are provided
This commit is contained in:
		
						commit
						b776a64ec0
					
				| @ -1,4 +1,5 @@ | ||||
| import {loginStandard, logout} from '../src/docker'; | ||||
| import {loginECR, loginStandard, logout} from '../src/docker'; | ||||
| import * as aws from '../src/aws'; | ||||
| 
 | ||||
| import * as path from 'path'; | ||||
| 
 | ||||
| @ -47,3 +48,78 @@ test('logout calls exec', async () => { | ||||
|     ignoreReturnCode: true | ||||
|   }); | ||||
| }); | ||||
| 
 | ||||
| test('loginECR sets AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY if username and password is set', async () => { | ||||
|   const execSpy: jest.SpyInstance = jest.spyOn(aws, 'getDockerLoginCmds'); | ||||
|   execSpy.mockImplementation(() => Promise.resolve([])); | ||||
|   jest.spyOn(aws, 'getCLI').mockImplementation(() => Promise.resolve('')); | ||||
|   jest.spyOn(aws, 'getCLIVersion').mockImplementation(() => Promise.resolve('')); | ||||
|   jest.spyOn(aws, 'getRegion').mockImplementation(() => ''); | ||||
|   jest.spyOn(aws, 'getAccountIDs').mockImplementation(() => []); | ||||
|   jest.spyOn(aws, 'isPubECR').mockImplementation(() => false); | ||||
| 
 | ||||
|   const username: string = 'dbowie'; | ||||
|   const password: string = 'groundcontrol'; | ||||
|   const registry: string = 'https://ghcr.io'; | ||||
| 
 | ||||
|   await loginECR(registry, username, password); | ||||
| 
 | ||||
|   expect(process.env.AWS_ACCESS_KEY_ID).toEqual(username); | ||||
|   expect(process.env.AWS_SECRET_ACCESS_KEY).toEqual(password); | ||||
| }); | ||||
| 
 | ||||
| test('loginECR keeps AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY if set', async () => { | ||||
|   const execSpy: jest.SpyInstance = jest.spyOn(aws, 'getDockerLoginCmds'); | ||||
|   execSpy.mockImplementation(() => Promise.resolve([])); | ||||
|   jest.spyOn(aws, 'getCLI').mockImplementation(() => Promise.resolve('')); | ||||
|   jest.spyOn(aws, 'getCLIVersion').mockImplementation(() => Promise.resolve('')); | ||||
|   jest.spyOn(aws, 'getRegion').mockImplementation(() => ''); | ||||
|   jest.spyOn(aws, 'getAccountIDs').mockImplementation(() => []); | ||||
|   jest.spyOn(aws, 'isPubECR').mockImplementation(() => false); | ||||
| 
 | ||||
|   process.env.AWS_ACCESS_KEY_ID = 'banana'; | ||||
|   process.env.AWS_SECRET_ACCESS_KEY = 'supersecret'; | ||||
| 
 | ||||
|   await loginECR('ecr.aws', '', ''); | ||||
| 
 | ||||
|   expect(process.env.AWS_ACCESS_KEY_ID).toEqual('banana'); | ||||
|   expect(process.env.AWS_SECRET_ACCESS_KEY).toEqual('supersecret'); | ||||
| }); | ||||
| 
 | ||||
| test('loginECR overrides AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY if username and password set', async () => { | ||||
|   const execSpy: jest.SpyInstance = jest.spyOn(aws, 'getDockerLoginCmds'); | ||||
|   execSpy.mockImplementation(() => Promise.resolve([])); | ||||
|   jest.spyOn(aws, 'getCLI').mockImplementation(() => Promise.resolve('')); | ||||
|   jest.spyOn(aws, 'getCLIVersion').mockImplementation(() => Promise.resolve('')); | ||||
|   jest.spyOn(aws, 'getRegion').mockImplementation(() => ''); | ||||
|   jest.spyOn(aws, 'getAccountIDs').mockImplementation(() => []); | ||||
|   jest.spyOn(aws, 'isPubECR').mockImplementation(() => false); | ||||
| 
 | ||||
|   process.env.AWS_ACCESS_KEY_ID = 'banana'; | ||||
|   process.env.AWS_SECRET_ACCESS_KEY = 'supersecret'; | ||||
|   const username = 'myotheruser'; | ||||
|   const password = 'providedpassword'; | ||||
| 
 | ||||
|   await loginECR('ecr.aws', username, password); | ||||
| 
 | ||||
|   expect(process.env.AWS_ACCESS_KEY_ID).toEqual(username); | ||||
|   expect(process.env.AWS_SECRET_ACCESS_KEY).toEqual(password); | ||||
| }); | ||||
| 
 | ||||
| test('loginECR does not set AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY if not set', async () => { | ||||
|   const execSpy: jest.SpyInstance = jest.spyOn(aws, 'getDockerLoginCmds'); | ||||
|   execSpy.mockImplementation(() => Promise.resolve([])); | ||||
|   jest.spyOn(aws, 'getCLI').mockImplementation(() => Promise.resolve('')); | ||||
|   jest.spyOn(aws, 'getCLIVersion').mockImplementation(() => Promise.resolve('')); | ||||
|   jest.spyOn(aws, 'getRegion').mockImplementation(() => ''); | ||||
|   jest.spyOn(aws, 'getAccountIDs').mockImplementation(() => []); | ||||
|   jest.spyOn(aws, 'isPubECR').mockImplementation(() => false); | ||||
| 
 | ||||
|   delete process.env.AWS_ACCESS_KEY_ID; | ||||
|   delete process.env.AWS_SECRET_ACCESS_KEY; | ||||
| 
 | ||||
|   await loginECR('ecr.aws', '', ''); | ||||
| 
 | ||||
|   expect('AWS_ACCESS_KEY_ID' in process.env).toEqual(false); | ||||
|   expect('AWS_SECRET_ACCESS_KEY' in process.env).toEqual(false); | ||||
| }); | ||||
|  | ||||
							
								
								
									
										8
									
								
								dist/index.js
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										8
									
								
								dist/index.js
									
									
									
										generated
									
									
										vendored
									
									
								
							| @ -262,8 +262,12 @@ function loginECR(registry, username, password) { | ||||
|         else { | ||||
|             core.info(`AWS ECR detected with ${region} region`); | ||||
|         } | ||||
|         process.env.AWS_ACCESS_KEY_ID = username || process.env.AWS_ACCESS_KEY_ID; | ||||
|         process.env.AWS_SECRET_ACCESS_KEY = password || process.env.AWS_SECRET_ACCESS_KEY; | ||||
|         if (username) { | ||||
|             process.env.AWS_ACCESS_KEY_ID = username; | ||||
|         } | ||||
|         if (password) { | ||||
|             process.env.AWS_SECRET_ACCESS_KEY = password; | ||||
|         } | ||||
|         core.info(`Retrieving docker login command through AWS CLI ${cliVersion} (${cliPath})...`); | ||||
|         const loginCmds = yield aws.getDockerLoginCmds(cliVersion, registry, region, accountIDs); | ||||
|         core.info(`Logging into ${registry}...`); | ||||
|  | ||||
| @ -62,8 +62,12 @@ export async function loginECR(registry: string, username: string, password: str | ||||
|     core.info(`AWS ECR detected with ${region} region`); | ||||
|   } | ||||
| 
 | ||||
|   process.env.AWS_ACCESS_KEY_ID = username || process.env.AWS_ACCESS_KEY_ID; | ||||
|   process.env.AWS_SECRET_ACCESS_KEY = password || process.env.AWS_SECRET_ACCESS_KEY; | ||||
|   if (username) { | ||||
|     process.env.AWS_ACCESS_KEY_ID = username; | ||||
|   } | ||||
|   if (password) { | ||||
|     process.env.AWS_SECRET_ACCESS_KEY = password; | ||||
|   } | ||||
| 
 | ||||
|   core.info(`Retrieving docker login command through AWS CLI ${cliVersion} (${cliPath})...`); | ||||
|   const loginCmds = await aws.getDockerLoginCmds(cliVersion, registry, region, accountIDs); | ||||
|  | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user
	 CrazyMax
						CrazyMax