Handle AWS credentials

Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>

.github/workflows/ci.yml

@@ -117,3 +117,34 @@ jobs:
 #        if: always()
 #        run: |
 #          rm -f ${HOME}/.docker/config.json
+#
+#  ecr-aws-creds:
+#    runs-on: ${{ matrix.os }}
+#    strategy:
+#      fail-fast: false
+#      matrix:
+#        os:
+#          - ubuntu-20.04
+#          - ubuntu-18.04
+#          - ubuntu-16.04
+#    steps:
+#      -
+#        name: Checkout
+#        uses: actions/checkout@v2.3.1
+#      -
+#        name: Configure AWS Credentials
+#        uses: aws-actions/configure-aws-credentials@v1
+#        with:
+#          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+#          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+#          aws-region: ${{ secrets.AWS_REGION }}
+#      -
+#        name: Login to ECR
+#        uses: ./
+#        with:
+#          registry: ${{ secrets.AWS_ACCOUNT_NUMBER }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com
+#      -
+#        name: Clear
+#        if: always()
+#        run: |
+#          rm -f ${HOME}/.docker/config.json

README.md

@@ -213,6 +213,34 @@ jobs:
           password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
 ```
 
+You can also use the [Configure AWS Credentials](https://github.com/aws-actions/configure-aws-credentials) action in
+combination with this action:
+
+```yaml
+name: ci
+
+on:
+  push:
+    branches: master
+
+jobs:
+  login:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: <region>
+      -
+        name: Login to ECR
+        uses: docker/login-action@v1
+        with:
+          registry: <aws-account-number>.dkr.ecr.<region>.amazonaws.com
+```
+
 > Replace `<aws-account-number>` and `<region>` with their respective values.
 
 ## Customizing

__tests__/context.test.ts

@@ -2,20 +2,7 @@ import osm = require('os');
 
 import {getInputs} from '../src/context';
 
-test('without username getInputs throws errors', async () => {
+test('with password and username getInputs does not throw error', async () => {
-  expect(() => {
-    getInputs();
-  }).toThrowError('Input required and not supplied: username');
-});
-
-test('without password getInputs throws errors', async () => {
-  process.env['INPUT_USERNAME'] = 'dbowie';
-  expect(() => {
-    getInputs();
-  }).toThrowError('Input required and not supplied: password');
-});
-
-test('with password and username getInputs does not error', async () => {
   process.env['INPUT_USERNAME'] = 'dbowie';
   process.env['INPUT_PASSWORD'] = 'groundcontrol';
   expect(() => {

__tests__/main.test.ts

@@ -17,7 +17,7 @@ test('errors when not run on linux platform', async () => {
   expect(coreSpy).toHaveBeenCalledWith('Only supported on linux platform');
 });
 
-test('errors without username', async () => {
+test('errors without username and password', async () => {
   const platSpy = jest.spyOn(osm, 'platform');
   platSpy.mockImplementation(() => 'linux');
 
@@ -25,21 +25,7 @@ test('errors without username', async () => {
 
   await run();
 
-  expect(coreSpy).toHaveBeenCalledWith('Input required and not supplied: username');
+  expect(coreSpy).toHaveBeenCalledWith('Username and password required');
-});
-
-test('errors without password', async () => {
-  const platSpy = jest.spyOn(osm, 'platform');
-  platSpy.mockImplementation(() => 'linux');
-
-  const coreSpy: jest.SpyInstance = jest.spyOn(core, 'setFailed');
-
-  const username: string = 'dbowie';
-  process.env[`INPUT_USERNAME`] = username;
-
-  await run();
-
-  expect(coreSpy).toHaveBeenCalledWith('Input required and not supplied: password');
 });
 
 test('successful with username and password', async () => {
@@ -79,7 +65,7 @@ test('calls docker login', async () => {
   const password: string = 'groundcontrol';
   process.env[`INPUT_PASSWORD`] = password;
 
-  const registry: string = 'https://ghcr.io';
+  const registry: string = 'ghcr.io';
   process.env[`INPUT_REGISTRY`] = registry;
 
   const logout: string = 'true';

action.yml

@@ -12,10 +12,10 @@ inputs:
     required: false
   username:
     description: 'Username used to log against the Docker registry'
-    required: true
+    required: false
   password:
     description: 'Password or personal access token used to log against the Docker registry'
-    required: true
+    required: false
   logout:
     description: 'Log out from the Docker registry at the end of a job'
     default: 'true'

dist/index.js

@@ -3062,10 +3062,11 @@ function logout(registry) {
 exports.logout = logout;
 function loginStandard(registry, username, password) {
     return __awaiter(this, void 0, void 0, function* () {
-        let loginArgs = ['login', '--password-stdin'];
+        if (!username || !password) {
-        if (username) {
+            throw new Error('Username and password required');
-            loginArgs.push('--username', username);
         }
+        let loginArgs = ['login', '--password-stdin'];
+        loginArgs.push('--username', username);
         loginArgs.push(registry);
         if (registry) {
             core.info(`🔑 Logging into ${registry}...`);
@@ -3088,8 +3089,8 @@ function loginECR(registry, username, password) {
         const cliVersion = yield aws.getCLIVersion();
         const region = yield aws.getRegion(registry);
         core.info(`💡 AWS ECR detected with ${region} region`);
-        process.env.AWS_ACCESS_KEY_ID = username;
+        process.env.AWS_ACCESS_KEY_ID = username || process.env.AWS_ACCESS_KEY_ID;
-        process.env.AWS_SECRET_ACCESS_KEY = password;
+        process.env.AWS_SECRET_ACCESS_KEY = password || process.env.AWS_SECRET_ACCESS_KEY;
         core.info(`⬇️ Retrieving docker login command through AWS CLI ${cliVersion} (${cliPath})...`);
         const loginCmd = yield aws.getDockerLoginCmd(cliVersion, registry, region);
         core.info(`🔑 Logging into ${registry}...`);
@@ -3647,8 +3648,8 @@ const core = __importStar(__webpack_require__(186));
 function getInputs() {
     return {
         registry: core.getInput('registry'),
-        username: core.getInput('username', { required: true }),
+        username: core.getInput('username'),
-        password: core.getInput('password', { required: true }),
+        password: core.getInput('password'),
         logout: core.getInput('logout')
     };
 }

src/context.ts

@@ -10,8 +10,8 @@ export interface Inputs {
 export function getInputs(): Inputs {
   return {
     registry: core.getInput('registry'),
-    username: core.getInput('username', {required: true}),
+    username: core.getInput('username'),
-    password: core.getInput('password', {required: true}),
+    password: core.getInput('password'),
     logout: core.getInput('logout')
   };
 }

src/docker.ts

@@ -19,10 +19,12 @@ export async function logout(registry: string): Promise<void> {
 }
 
 export async function loginStandard(registry: string, username: string, password: string): Promise<void> {
-  let loginArgs: Array<string> = ['login', '--password-stdin'];
+  if (!username || !password) {
-  if (username) {
+    throw new Error('Username and password required');
-    loginArgs.push('--username', username);
   }
+
+  let loginArgs: Array<string> = ['login', '--password-stdin'];
+  loginArgs.push('--username', username);
   loginArgs.push(registry);
 
   if (registry) {
@@ -44,8 +46,8 @@ export async function loginECR(registry: string, username: string, password: str
   const region = await aws.getRegion(registry);
   core.info(`💡 AWS ECR detected with ${region} region`);
 
-  process.env.AWS_ACCESS_KEY_ID = username;
+  process.env.AWS_ACCESS_KEY_ID = username || process.env.AWS_ACCESS_KEY_ID;
-  process.env.AWS_SECRET_ACCESS_KEY = password;
+  process.env.AWS_SECRET_ACCESS_KEY = password || process.env.AWS_SECRET_ACCESS_KEY;
 
   core.info(`⬇️ Retrieving docker login command through AWS CLI ${cliVersion} (${cliPath})...`);
   const loginCmd = await aws.getDockerLoginCmd(cliVersion, registry, region);