Merge pull request #39 from seek-oss/aws-cli-v2-support

aws cli v2 support
seek-oss · Feb 22, 2022 · 55c2f53 · 55c2f53
2 parents e16bb9b + 51c995c
commit 55c2f53
Show file tree

Hide file tree

Showing 4 changed files with 137 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -280,7 +280,7 @@ steps:
 
 ### Changing the name of exported variable
 
-By default image name and computed tag are exported to the Docker buildkite plugin env variable `BUILDKITE_PLUGIN_DOCKER_IMAGE`. In order to chain the plugin with a different plugin, this can be changed by specifying a `export-env-variable` parameter:
+By default, image name and computed tag are exported to the Docker buildkite plugin env variable `BUILDKITE_PLUGIN_DOCKER_IMAGE`. In order to chain the plugin with a different plugin, this can be changed by specifying a `export-env-variable` parameter:
 
 ```yaml
 steps:
@@ -311,6 +311,19 @@ steps:
       - docker#v3.8.0
 ```
 
+#### Specifying a region
+
+By default, the plugin uses the region specified in the `AWS_DEFAULT_REGION` environment variable. If this environment variable is not present, it defaults to the `eu-west-1` region. You can optionally specify the region in which you would like your cache to reside in:
+
+```yaml
+steps:
+  - command: echo wow
+    plugins:
+      - seek-oss/docker-ecr-cache#v1.11.0:
+          region: ap-southeast-2
+      - docker#v3.8.0
+```
+
 #### Required permissions
 
 Below is a sample set of IAM policy statements that will allow this plugin to work:

diff --git a/hooks/lib/ecr-registry-provider.bash b/hooks/lib/ecr-registry-provider.bash
@@ -1,5 +1,19 @@
 login() {
-  $(aws ecr get-login --no-include-email)
+  local account_id
+  local region
+
+  account_id=$(aws sts get-caller-identity --query Account --output text)
+  region=$(get_ecr_region)
+
+  aws ecr get-login-password \
+    --region "${region}" \
+    | docker login \
+    --username AWS \
+    --password-stdin "${account_id}.dkr.ecr.${region}.amazonaws.com"
+}
+
+get_ecr_region() {
+  echo "${BUILDKITE_PLUGIN_DOCKER_ECR_CACHE_REGION:-${AWS_DEFAULT_REGION:-eu-west-1}}"
 }
 
 get_registry_url() {

diff --git a/plugin.yml b/plugin.yml
@@ -31,4 +31,6 @@ configuration:
       type: string
     registry-hostname:
       type: string
+    region:
+      type: string
   required: []
diff --git a/tests/ecr-registry-provider.bats b/tests/ecr-registry-provider.bats
@@ -10,19 +10,22 @@ load "$PWD/hooks/lib/ecr-registry-provider.bash"
 pre_command_hook="$PWD/hooks/pre-command"
 
 @test "ECR: Applies lifecycle policy to existing repositories" {
+  export AWS_DEFAULT_REGION="ap-southeast-2"
   export BUILDKITE_ORGANIZATION_SLUG="example-org"
   export BUILDKITE_PIPELINE_SLUG="example-pipeline"
   local expected_repository_name="build-cache/example-org/example-pipeline"
 
   stub aws \
-    "ecr get-login --no-include-email : echo docker login -u AWS -p 1234 https://1234567891012.dkr.ecr.ap-southeast-2.amazonaws.com" \
+    "sts get-caller-identity --query Account --output text : echo 1234567891012" \
+    "ecr get-login-password --region ap-southeast-2 : echo secure-ecr-password" \
     "ecr describe-repositories --repository-names ${expected_repository_name} --output text --query repositories[0].registryId : echo looked up repository" \
     "ecr describe-repositories --repository-names ${expected_repository_name} --output text --query repositories[0].repositoryArn : echo arn:aws:ecr:ap-southeast-2:1234567891012:repository/${expected_repository_name}" \
     "ecr tag-resource * : echo tag existing resource" \
     "ecr put-lifecycle-policy * : echo put lifecycle policy" \
-    "ecr describe-repositories --repository-names ${expected_repository_name} --output text --query repositories[0].repositoryUri : echo https://1234567891012.dkr.ecr.ap-southeast-2.amazonaws.com"
+    "ecr describe-repositories --repository-names ${expected_repository_name} --output text --query repositories[0].repositoryUri : echo https://1234567891012.dkr.ecr.ap-southeast-2.amazonaws.com" 
+
   stub docker \
-    "login -u AWS -p 1234 https://1234567891012.dkr.ecr.ap-southeast-2.amazonaws.com : echo logging in to docker" \
+    "login --username AWS --password-stdin 1234567891012.dkr.ecr.ap-southeast-2.amazonaws.com : echo logging in to docker" \
     "pull : echo pulled image"
 
   stub sha1sum \
@@ -46,20 +49,69 @@ pre_command_hook="$PWD/hooks/pre-command"
 }
 
 @test "ECR: Builds new images with tags" {
+  export AWS_DEFAULT_REGION="ap-southeast-2"
   export BUILDKITE_ORGANIZATION_SLUG="example-org"
   export BUILDKITE_PIPELINE_SLUG="example-pipeline"
   local expected_repository_name="build-cache/example-org/example-pipeline"
   local repository_uri="1234567891012.dkr.ecr.ap-southeast-2.amazonaws.com/${expected_repository_name}"
 
   stub aws \
-    "ecr get-login --no-include-email : echo docker login -u AWS -p 1234 https://1234567891012.dkr.ecr.ap-southeast-2.amazonaws.com" \
+    "sts get-caller-identity --query Account --output text : echo 1234567891012" \
+    "ecr get-login-password --region ap-southeast-2 : echo secure-ecr-password" \
     "ecr describe-repositories --repository-names ${expected_repository_name} --output text --query repositories[0].registryId : echo looked up repository" \
     "ecr describe-repositories --repository-names ${expected_repository_name} --output text --query repositories[0].repositoryArn : echo arn:aws:ecr:ap-southeast-2:1234567891012:repository/${expected_repository_name}" \
     "ecr tag-resource * : echo tag existing resource" \
     "ecr put-lifecycle-policy * : echo put lifecycle policy" \
-    "ecr describe-repositories --repository-names ${expected_repository_name} --output text --query repositories[0].repositoryUri : echo ${repository_uri}"
+    "ecr describe-repositories --repository-names ${expected_repository_name} --output text --query repositories[0].repositoryUri : echo ${repository_uri}" \
+
+  stub docker \
+    "login --username AWS --password-stdin 1234567891012.dkr.ecr.ap-southeast-2.amazonaws.com : echo logging in to docker" \
+    "pull : echo not found && false" \
+    "build * : echo building docker image" \
+    "tag ${repository_uri}:deadbee ${repository_uri}:latest : echo tagged latest" \
+    "push ${repository_uri}:deadbee : echo pushed deadbeef" \
+    "push ${repository_uri}:latest : echo pushed latest"
+
+  stub sha1sum \
+    "Dockerfile : echo 'sha1sum(Dockerfile)'" \
+    ": echo sha1sum" \
+    ": echo sha1sum" \
+    ": echo deadbeef"
+
+  run "${pre_command_hook}"
+
+  assert_success
+  assert_output --partial "logging in to docker"
+  assert_output --partial "looked up repository"
+  assert_output --partial "building docker image"
+  assert_output --partial "tag existing resource"
+  assert_output --partial "put lifecycle policy"
+  assert_output --partial "tagged latest"
+  assert_output --partial "pushed deadbeef"
+  assert_output --partial "pushed latest"
+
+  unstub aws
+  unstub docker
+  unstub sha1sum
+}
+
+@test "ECR: Uses correct region when region not specified and AWS_DEFAULT_REGION not set" {
+  export BUILDKITE_ORGANIZATION_SLUG="example-org"
+  export BUILDKITE_PIPELINE_SLUG="example-pipeline"
+  local expected_repository_name="build-cache/example-org/example-pipeline"
+  local repository_uri="1234567891012.dkr.ecr.eu-west-1.amazonaws.com/${expected_repository_name}"
+
+  stub aws \
+    "sts get-caller-identity --query Account --output text : echo 1234567891012" \
+    "ecr get-login-password --region eu-west-1 : echo secure-ecr-password" \
+    "ecr describe-repositories --repository-names ${expected_repository_name} --output text --query repositories[0].registryId : echo looked up repository" \
+    "ecr describe-repositories --repository-names ${expected_repository_name} --output text --query repositories[0].repositoryArn : echo arn:aws:ecr:eu-west-1:1234567891012:repository/${expected_repository_name}" \
+    "ecr tag-resource * : echo tag existing resource" \
+    "ecr put-lifecycle-policy * : echo put lifecycle policy" \
+    "ecr describe-repositories --repository-names ${expected_repository_name} --output text --query repositories[0].repositoryUri : echo ${repository_uri}" \
+
   stub docker \
-    "login -u AWS -p 1234 https://1234567891012.dkr.ecr.ap-southeast-2.amazonaws.com : echo logging in to docker" \
+    "login --username AWS --password-stdin 1234567891012.dkr.ecr.eu-west-1.amazonaws.com : echo logging in to docker" \
     "pull : echo not found && false" \
     "build * : echo building docker image" \
     "tag ${repository_uri}:deadbee ${repository_uri}:latest : echo tagged latest" \
@@ -88,3 +140,51 @@ pre_command_hook="$PWD/hooks/pre-command"
   unstub docker
   unstub sha1sum
 }
+
+@test "ECR: Uses correct region when region is specified" {
+  export AWS_DEFAULT_REGION="ap-southeast-2"
+  export BUILDKITE_PLUGIN_DOCKER_ECR_CACHE_REGION="ap-southeast-1"
+  export BUILDKITE_ORGANIZATION_SLUG="example-org"
+  export BUILDKITE_PIPELINE_SLUG="example-pipeline"
+  local expected_repository_name="build-cache/example-org/example-pipeline"
+  local repository_uri="1234567891012.dkr.ecr.ap-southeast-1.amazonaws.com/${expected_repository_name}"
+
+  stub aws \
+    "sts get-caller-identity --query Account --output text : echo 1234567891012" \
+    "ecr get-login-password --region ap-southeast-1 : echo secure-ecr-password" \
+    "ecr describe-repositories --repository-names ${expected_repository_name} --output text --query repositories[0].registryId : echo looked up repository" \
+    "ecr describe-repositories --repository-names ${expected_repository_name} --output text --query repositories[0].repositoryArn : echo arn:aws:ecr:ap-southeast-1:1234567891012:repository/${expected_repository_name}" \
+    "ecr tag-resource * : echo tag existing resource" \
+    "ecr put-lifecycle-policy * : echo put lifecycle policy" \
+    "ecr describe-repositories --repository-names ${expected_repository_name} --output text --query repositories[0].repositoryUri : echo ${repository_uri}" \
+
+  stub docker \
+    "login --username AWS --password-stdin 1234567891012.dkr.ecr.ap-southeast-1.amazonaws.com : echo logging in to docker" \
+    "pull : echo not found && false" \
+    "build * : echo building docker image" \
+    "tag ${repository_uri}:deadbee ${repository_uri}:latest : echo tagged latest" \
+    "push ${repository_uri}:deadbee : echo pushed deadbeef" \
+    "push ${repository_uri}:latest : echo pushed latest"
+
+  stub sha1sum \
+    "Dockerfile : echo 'sha1sum(Dockerfile)'" \
+    ": echo sha1sum" \
+    ": echo sha1sum" \
+    ": echo deadbeef"
+
+  run "${pre_command_hook}"
+
+  assert_success
+  assert_output --partial "logging in to docker"
+  assert_output --partial "looked up repository"
+  assert_output --partial "building docker image"
+  assert_output --partial "tag existing resource"
+  assert_output --partial "put lifecycle policy"
+  assert_output --partial "tagged latest"
+  assert_output --partial "pushed deadbeef"
+  assert_output --partial "pushed latest"
+
+  unstub aws
+  unstub docker
+  unstub sha1sum
+}