Logging in to public.ecr.aws stopped working on v1.11.0

[TheMacies]

Behaviour

After v.1.11.0 release our CI has started to fail when trying to log in to the ECR. Pinning action back to v.1.10.0 fixes the issue.

Steps to reproduce this issue

1. Run github action

Expected behaviour

Logging in to the ECR should succeed.

Actual behaviour

An error with following logs:

Retrieving registries data through AWS SDK...
AWS Public ECR detected with us-east-1 region
Error: The security token included in the request is invalid.

Configuration

name: Production deployment

on: [push]

jobs:
  production-job:
    name: Build and deploy the image
    runs-on: self-hosted
    container: docker

    steps:
      - name: Check out repository code
        uses: actions/checkout@master

      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-region: ${{ secrets.AWS_REGION }}
          role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
          role-external-id: ${{ secrets.AWS_EXTERNAL_ID }}
          role-duration-seconds: 1500

      - name: Install the latest AWS CLI
        run: |
          apk add --no-cache python3 py3-pip
          pip3 install --upgrade pip
          pip3 install awscli

      - name: Log in to Amazon public ECR
        uses: docker/login-action@v1
        with:
          registry: public.ecr.aws
        env:
          AWS_REGION: us-east-1

Logs

Attached

[crazy-max]

@TheMacies Thanks for your feedback. After investigation it could be linked to an issue with region. Will come back to you shortly.

[AyrtonRicardo]

Also facing this issue with private registry in eu-central-1 region.

Exactly version v1.10.0 works.

AWS ECR detected with eu-central-1 region
Error: The security token included in the request is invalid.

[crazy-max]

@AyrtonRicardo Can you post your workflow please?

[crazy-max]

@TheMacies @AyrtonRicardo Can you try with uses: docker/login-action@test?

Got it working on public.ecr.aws: https://github.com/docker/login-action/runs/4582352695?check_suite_focus=true#step:4:14

  ecr-public-aws-creds:
    runs-on: ${{ matrix.os }}
    strategy:
      fail-fast: false
      matrix:
        os:
          - ubuntu-latest
          - windows-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v2
      -
        name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: us-east-1
      -
        name: Login to ECR
        uses: docker/login-action@test
        with:
          registry: public.ecr.aws

[AyrtonRicardo]

@crazy-max sure thing I can test. Gimme few minutes.

Your example is similar to what I use here.

[AyrtonRicardo]

@crazy-max it seems to be working with @test version.

Output:

Retrieving registries data through AWS SDK...
AWS ECR detected with eu-central-1 region
Logging into {VERY_NICE_HIDDEN_REGISTRY}...
Login Succeeded!

[crazy-max]

Should be fixed with docker/login-action@v1