我正在尝试通过推送到 github 将我的 AWS ECR 连接到 AWS codebuild。但是,每次我推送构建时,登录 ECR 时都会出错。我已进入代码构建的 IAM 角色以允许更大的权限,但无论我做什么,我都看到该区域未定义。
这是我的 buildspec.yml 文件
version: 0.2
phases:
install:
runtime-versions:
docker: 18
pre_build:
commands:
- echo Logging in to Amazon ECR...
- aws --version
- aws ecr get-login-password --region us-east-2 | docker login --username AWS --password-stdin ****.dkr.ecr.us-east-2.amazonaws.com
- REPOSITORY_URI=****.dkr.ecr.us-east-2.amazonaws.com/****
- COMMIT_HASH=$(echo $CODEBUILD_RESOLVED_SOURCE_VERSION | cut -c 1-7)
- IMAGE_TAG=${COMMIT_HASH:=latest}
build:
commands:
- echo Build started on `date`
- echo Building the Docker image...
- docker build -t $REPOSITORY_URI:latest .
- docker tag $REPOSITORY_URI:latest $REPOSITORY_URI:$IMAGE_TAG
post_build:
commands:
- echo Build completed on `date`
- echo Pushing the Docker images...
- docker push $REPOSITORY_URI:latest
- docker push $REPOSITORY_URI:$IMAGE_TAG
- echo Writing image definitions file...
- printf '[{"name”:"****","imageUri":"%s"}]' $REPOSITORY_URI:$IMAGE_TAG > imagedefinitions.json
artifacts:
files: imagedefinitions.json
您已将 CodeBuild (buildspec.yaml) 文件而不是 Github Actions (.github/workflows/yourWorflowFile.yml) 放在您的问题中。
假设您已经设置了 Github Actions 文件(根据您的屏幕截图,似乎是这样),只需在推送之前登录 ECR 即可。
像这样:
push:
runs-on: ubunbu-latest
steps:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Push Docker Image
if: success()
run: |
IMAGE_TAG=${{ github.sha }}
REPOSITORY_URI=${{ secrets.ECR_REGISTRY }}/${{ secrets.ECR_REPOSITORY }}
docker push $REPOSITORY_URI:$IMAGE_TAG
env:
AWS_REGION: ${{ secrets.AWS_REGION }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}