Reputation: 443
I am trying to push an image to aws ecr in one line, so no manual intervention. I thought this worked but didn't tonight. I thought this took the output from the first command and executed it as a command in its own right then when finished executes the third command.
aws ecr get-login --no-include-email --region us-west-2 | bash | docker push XXYYXXYYXXYY.dkr.ecr.us-west-2.amazonaws.com/test-sns-stack
The output from the first command is of this form:
docker login -u AWS -p eyJwYXlsb2FkIjoicldnSWpITlpFZGhWQW1BdG1hcDB4SmYxYm9QbllTL0ZrVi9USWx0cTlnVUxtc1dpOVFVeW1MT2RLNy9tZmZCZ2l0SW9WRFBSRG1EWmxLYWozOGVwRXJqMy9TTW5oQUwxVWVBSHUrZFZCcEN0ZU1wTnVoVmdaa3BjQm14aWszTWRw....
When I manually run aws ecr login..., docker login -u .... docker push... We are good.
But running a one liner it is obviously failing to log in. Looks to me (!) as if it is not waiting until the command executes.
Bash not my strong point.
Upvotes: 0
Views: 3774
Reputation: 4109
The documentation warns about using get-login
:
When you execute this docker login command, the command string can be visible to other users on your system in a process list (ps -e) display. Because the docker login command contains authentication credentials, there is a risk that other users on your system could view them this way. They could use the credentials to gain push and pull access to your repositories. If you are not on a secure system, you should use the ecr get-login-password command as described above.
The best practice would be to use get-login-password
as the same documentation says:
aws ecr get-login-password --region region | docker login --username AWS --password-stdin aws_account_id.dkr.ecr.region.amazonaws.com
Now, the docker push
command that you want to execute will only make sense if the login was successful. This can be achieved using the &&
operator. The complete line, using your example, would be:
aws ecr get-login-password --region us-west-2 | docker login --username AWS --password-stdin XXYYXXYYXXYY.dkr.ecr.us-west-2.amazonaws.com && docker push XXYYXXYYXXYY.dkr.ecr.us-west-2.amazonaws.com/test-sns-stack
You can read more about the &&
operator and others in this answer.
Upvotes: 3
Reputation: 866
I think the main issue here is with the premise around bash |
. The commands being piped actually run in parallel, which means they start at the same time, but don't necessarily finish at the same time.
Substituting the last pipe by a &&
might solve your issue:
aws ecr get-login --no-include-email --region us-west-2 | bash && docker push XXYYXXYYXXYY.dkr.ecr.us-west-2.amazonaws.com/test-sns-stack
Upvotes: 1