2021-12-20 10:43:09 +01:00
|
|
|
import * as core from '@actions/core';
|
|
|
|
import * as aws from 'aws-sdk';
|
2020-08-21 14:45:16 +02:00
|
|
|
|
2020-12-17 20:21:48 +01:00
|
|
|
const ecrRegistryRegex = /^(([0-9]{12})\.dkr\.ecr\.(.+)\.amazonaws\.com(.cn)?)(\/([^:]+)(:.+)?)?$/;
|
|
|
|
|
|
|
|
export const isECR = (registry: string): boolean => {
|
|
|
|
return ecrRegistryRegex.test(registry) || isPubECR(registry);
|
2020-12-11 07:15:35 +01:00
|
|
|
};
|
|
|
|
|
2020-12-17 20:21:48 +01:00
|
|
|
export const isPubECR = (registry: string): boolean => {
|
2020-12-11 07:15:35 +01:00
|
|
|
return registry === 'public.ecr.aws';
|
2020-08-21 14:45:16 +02:00
|
|
|
};
|
|
|
|
|
2020-12-17 20:21:48 +01:00
|
|
|
export const getRegion = (registry: string): string => {
|
|
|
|
if (isPubECR(registry)) {
|
2020-12-11 07:15:35 +01:00
|
|
|
return process.env.AWS_REGION || process.env.AWS_DEFAULT_REGION || 'us-east-1';
|
|
|
|
}
|
2020-12-17 20:21:48 +01:00
|
|
|
const matches = registry.match(ecrRegistryRegex);
|
|
|
|
if (!matches) {
|
|
|
|
return '';
|
|
|
|
}
|
|
|
|
return matches[3];
|
|
|
|
};
|
|
|
|
|
|
|
|
export const getAccountIDs = (registry: string): string[] => {
|
|
|
|
if (isPubECR(registry)) {
|
|
|
|
return [];
|
|
|
|
}
|
|
|
|
const matches = registry.match(ecrRegistryRegex);
|
|
|
|
if (!matches) {
|
|
|
|
return [];
|
|
|
|
}
|
|
|
|
let accountIDs: Array<string> = [matches[2]];
|
|
|
|
if (process.env.AWS_ACCOUNT_IDS) {
|
|
|
|
accountIDs.push(...process.env.AWS_ACCOUNT_IDS.split(','));
|
|
|
|
}
|
|
|
|
return accountIDs.filter((item, index) => accountIDs.indexOf(item) === index);
|
2020-08-21 15:07:43 +02:00
|
|
|
};
|
|
|
|
|
2021-12-20 10:43:09 +01:00
|
|
|
export interface RegistryData {
|
|
|
|
registry: string;
|
|
|
|
username: string;
|
|
|
|
password: string;
|
|
|
|
}
|
2020-08-21 14:45:16 +02:00
|
|
|
|
2021-12-20 10:43:09 +01:00
|
|
|
export const getRegistriesData = async (registry: string, username?: string, password?: string): Promise<RegistryData[]> => {
|
|
|
|
const region = getRegion(registry);
|
|
|
|
const accountIDs = getAccountIDs(registry);
|
2020-08-21 14:56:11 +02:00
|
|
|
|
2021-12-20 10:43:09 +01:00
|
|
|
const authTokenRequest = {};
|
|
|
|
if (accountIDs.length > 0) {
|
|
|
|
core.debug(`Requesting AWS ECR auth token for ${accountIDs.join(', ')}`);
|
|
|
|
authTokenRequest['registryIds'] = accountIDs;
|
2020-08-21 15:27:22 +02:00
|
|
|
}
|
|
|
|
|
2021-12-20 10:43:09 +01:00
|
|
|
if (isPubECR(registry)) {
|
|
|
|
core.info(`AWS Public ECR detected with ${region} region`);
|
|
|
|
const ecrPublic = new aws.ECRPUBLIC({
|
|
|
|
customUserAgent: 'docker-login-action',
|
|
|
|
accessKeyId: username || process.env.AWS_ACCESS_KEY_ID || '',
|
|
|
|
secretAccessKey: password || process.env.AWS_SECRET_ACCESS_KEY || '',
|
|
|
|
region: region
|
2020-08-21 15:27:22 +02:00
|
|
|
});
|
2021-12-20 10:43:09 +01:00
|
|
|
const authTokenResponse = await ecrPublic.getAuthorizationToken(authTokenRequest).promise();
|
|
|
|
if (!authTokenResponse.authorizationData || !authTokenResponse.authorizationData.authorizationToken) {
|
|
|
|
throw new Error('Could not retrieve an authorization token from AWS Public ECR');
|
|
|
|
}
|
|
|
|
const authToken = Buffer.from(authTokenResponse.authorizationData.authorizationToken, 'base64').toString('utf-8');
|
|
|
|
const creds = authToken.split(':', 2);
|
|
|
|
return [
|
|
|
|
{
|
|
|
|
registry: 'public.ecr.aws',
|
|
|
|
username: creds[0],
|
|
|
|
password: creds[1]
|
|
|
|
}
|
|
|
|
];
|
2020-08-21 15:27:22 +02:00
|
|
|
} else {
|
2021-12-20 10:43:09 +01:00
|
|
|
core.info(`AWS ECR detected with ${region} region`);
|
|
|
|
const ecr = new aws.ECR({
|
|
|
|
customUserAgent: 'docker-login-action',
|
|
|
|
accessKeyId: username || process.env.AWS_ACCESS_KEY_ID || '',
|
|
|
|
secretAccessKey: password || process.env.AWS_SECRET_ACCESS_KEY || '',
|
|
|
|
region: region
|
2020-08-21 15:27:22 +02:00
|
|
|
});
|
2021-12-20 10:43:09 +01:00
|
|
|
const authTokenResponse = await ecr.getAuthorizationToken(authTokenRequest).promise();
|
|
|
|
if (!Array.isArray(authTokenResponse.authorizationData) || !authTokenResponse.authorizationData.length) {
|
|
|
|
throw new Error('Could not retrieve an authorization token from AWS ECR');
|
|
|
|
}
|
|
|
|
const regDatas: RegistryData[] = [];
|
|
|
|
for (const authData of authTokenResponse.authorizationData) {
|
|
|
|
const authToken = Buffer.from(authData.authorizationToken || '', 'base64').toString('utf-8');
|
|
|
|
const creds = authToken.split(':', 2);
|
|
|
|
regDatas.push({
|
|
|
|
registry: authData.proxyEndpoint || '',
|
|
|
|
username: creds[0],
|
|
|
|
password: creds[1]
|
|
|
|
});
|
|
|
|
}
|
|
|
|
return regDatas;
|
2020-08-21 14:45:16 +02:00
|
|
|
}
|
|
|
|
};
|