Skip to content

Commit

Permalink
Feature: Add ECR presubmit testing.
Browse files Browse the repository at this point in the history
🎁 This leverages OIDC federation to enable presubmit testing against ECR.

/kind feature
  • Loading branch information
mattmoor committed Jan 16, 2023
1 parent 76f46cc commit 0015198
Showing 1 changed file with 42 additions and 1 deletion.
43 changes: 42 additions & 1 deletion .github/workflows/registries.yaml
Original file line number Diff line number Diff line change
@@ -1,10 +1,13 @@
name: Push to registries

on:
pull_request_target:
# DO NOT SUBMIT
# Switch to pull_request_target
pull_request:
branches: ['main']
push:
branches: ['main']

workflow_dispatch: # Allow manual runs.

jobs:
Expand Down Expand Up @@ -43,3 +46,41 @@ jobs:
run: |
echo ${DOCKERHUB_PASSWORD} | go run ./ login --username=${DOCKERHUB_USERNAME} --password-stdin index.docker.io
go run ./ build --platform=all ./test/ --bare
ecr:
name: Push to ECR
runs-on: ubuntu-latest
env:
# This is an AWS account that Chainguard provides to enable
# go-containerregistry and ko to test ECR support.
AWS_ACCOUNT: 479305788615
AWS_REGION: us-west-2
REPOSITORY: ko-ecr-e2e-testing

permissions:
# This lets us clone the repo
contents: read
# This lets us mint identity tokens for federation with AWS.
id-token: write

steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: 1.18
check-latest: true

- name: Install ko
run: go install .

- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1.7.0
with:
role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT }}:role/federated-ecr-readwrite
aws-region: ${{ env.AWS_REGION }}

- name: Test ko build
run: |
export KO_DOCKER_REPO=${{ env.AWS_ACCOUNT }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com/${{ env.REPOSITORY }}
ko build --bare ./test

0 comments on commit 0015198

Please sign in to comment.