forked from aws/aws-for-fluent-bit
-
Notifications
You must be signed in to change notification settings - Fork 0
/
buildspec_publish_public_ecr.yml
58 lines (53 loc) · 2.85 KB
/
buildspec_publish_public_ecr.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
version: 0.2
phases:
install:
runtime-versions:
golang: 1.13
python: 3.x
pre_build:
commands:
- echo Publish the image to Public ECR
- curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
- unzip awscliv2.zip
- which aws
- ls -l /root/.pyenv/shims/aws
- ./aws/install --bin-dir /root/.pyenv/shims --install-dir /root/.pyenv/shims --update
build:
commands:
# Enforce STS regional endpoints
- export AWS_STS_REGIONAL_ENDPOINTS=regional
# Pull the image that we built and pushed in the `Build` stage
- aws ecr get-login-password --region ${AWS_REGION} | docker login --username AWS --password-stdin ${AWS_ACCOUNT}.dkr.ecr.${AWS_REGION}.amazonaws.com
- docker pull ${AWS_ACCOUNT}.dkr.ecr.${AWS_REGION}.amazonaws.com/amazon/aws-for-fluent-bit-test:"amd64"
- docker pull ${AWS_ACCOUNT}.dkr.ecr.${AWS_REGION}.amazonaws.com/amazon/aws-for-fluent-bit-test:"arm64"
- docker tag ${AWS_ACCOUNT}.dkr.ecr.${AWS_REGION}.amazonaws.com/amazon/aws-for-fluent-bit-test:amd64 amazon/aws-for-fluent-bit:amd64
- docker tag ${AWS_ACCOUNT}.dkr.ecr.${AWS_REGION}.amazonaws.com/amazon/aws-for-fluent-bit-test:arm64 amazon/aws-for-fluent-bit:arm64
# Image with Init Process
- docker pull ${AWS_ACCOUNT}.dkr.ecr.${AWS_REGION}.amazonaws.com/amazon/aws-for-fluent-bit-test:"init-amd64"
- docker pull ${AWS_ACCOUNT}.dkr.ecr.${AWS_REGION}.amazonaws.com/amazon/aws-for-fluent-bit-test:"init-arm64"
- docker tag ${AWS_ACCOUNT}.dkr.ecr.${AWS_REGION}.amazonaws.com/amazon/aws-for-fluent-bit-test:init-amd64 amazon/aws-for-fluent-bit:init-amd64
- docker tag ${AWS_ACCOUNT}.dkr.ecr.${AWS_REGION}.amazonaws.com/amazon/aws-for-fluent-bit-test:init-arm64 amazon/aws-for-fluent-bit:init-arm64
# List the docker images
- docker images
# Assume role to publish, get the credentials, and set them as environment variables
- |
if [ "${PUBLISH_ROLE_ARN_PUBLIC_ECR}" != "" ]; then
CREDS=`aws sts assume-role --role-arn ${PUBLISH_ROLE_ARN_PUBLIC_ECR} --role-session-name publicECR`
export AWS_ACCESS_KEY_ID=`echo $CREDS | jq -r .Credentials.AccessKeyId`
export AWS_SECRET_ACCESS_KEY=`echo $CREDS | jq -r .Credentials.SecretAccessKey`
export AWS_SESSION_TOKEN=`echo $CREDS | jq -r .Credentials.SessionToken`
fi
# Push the image to Public ECR
- './scripts/publish.sh cicd-publish public-ecr'
# Nullify the temporary credentials for the assumed role to publish
- |
if [ "${PUBLISH_ROLE_ARN_PUBLIC_ECR}" != "" ]; then
export AWS_ACCESS_KEY_ID=
export AWS_SECRET_ACCESS_KEY=
export AWS_SESSION_TOKEN=
fi
# Pull the image from Public ECR and verify
- './scripts/publish.sh cicd-verify public-ecr'
artifacts:
files:
- '**/*'