Reputation: 17
Github action: [error]Process completed with exit code 1. Trying to push docker image into ecr repo
I am try to do aws pipeline using githubaction and deploy to aws fargate. I can able to create my docker image but can't able to push to ECR repo with github action.
name: CI on: push: branches: [ develop ] pull_request: branches: [ develop ] jobs: build: runs-on: ubuntu-latest steps: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - uses: actions/checkout@v2
# Runs a single command using the runners shell
- name: Lint code
run: echo "Linting repository!"
# Runs a set of commands using the runners shell
- name: Run unit tests
run: |
echo "Running unit tests"
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-2
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Build, tag, and push image to Amazon ECR
id: build-image
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: cmssdemo
IMAGE_TAG: latest
run: |
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG"
- name: Download task definition
run: |
aws ecs describe-task-definition --task-definition ${{ secrets.ECS_CONTAINER_DEFINITION }} \
--query taskDefinition > task-definition.json
- name: Fill in the new image ID in the Amazon ECS task definition
id: task-def
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: task-definition.json
container-name: ${{ secrets.ECS_CONTAINER_NAME }}
image: ${{ steps.build-image.outputs.image }}
- name: Deploy Amazon ECS task definition
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: ${{ steps.task-def.outputs.task-definition }}
service: ${{ secrets.ECS_SERVICE }}
cluster: ${{ secrets.ECS_CLUSTER }}
wait-for-service-stability: true
My githubaction script
Upvotes: 1
Views: 1609
Answers (2)
Reputation: 1
Go to ECR -> Permissions -> Add Statement
- Add the Iam User in the permission
- Select the necessary Actions
You should end up with a JSON like this
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "new statement",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::xxxxxxxxx:user/ECS-User"
},
"Action": [
"ecr:BatchGetImage",
"ecr:CompleteLayerUpload",
"ecr:DescribeImages",
"ecr:GetDownloadUrlForLayer",
"ecr:GetRepositoryPolicy",
"ecr:InitiateLayerUpload",
"ecr:PutImage",
"ecr:UploadLayerPart"
]
}
]
}
Upvotes: 0
Reputation: 239
You may fix it by going into ECR -> Repositories -> Permissions then adding a new policy statement with principal:* and the following actions:
"ecr:BatchGetImage",
"ecr:BatchCheckLayerAvailability",
"ecr:CompleteLayerUpload",
"ecr:GetDownloadUrlForLayer",
"ecr:InitiateLayerUpload",
"ecr:PutImage",
"ecr:UploadLayerPart"
Be sure to add more restrictive principals.
Ref: Pushing an image to ECR, getting "Retrying in ... seconds"
Upvotes: 0
Related Questions
- Failed to register task definition in ECS with GitHub Actions
- Github actions fails when pushing docker image to ECR
- Github action error during push docker image
- Error while pulling docker image from ECR to EC2 using github actions
- denied: Not Authorized Error: Process completed with exit code 1
- Github action workflow error for the Dockerfile
- Github Actions error: Process completed with exit code 125
- Github actions: aws ecr login fails
- Github action deploy docker to AWS ECS ECR
- CannotPullContainerError: Error response from daemon: pull access denied for ECR Repo Image, repository does not exist or may require 'docker login'