Merge pull request #5 from Cervest/multiple-docker-logins

enable logging in to ecr repos in multiple accounts
Cervest · Nov 12, 2021 · 50ee0a6 · 50ee0a6
2 parents b603989 + dd1585e
commit 50ee0a6
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 21 deletions.
diff --git a/action.yml b/action.yml
@@ -15,8 +15,8 @@ inputs:
     required: true
   aws_iam_role_name:
     description: "Used to set up another local AWS profile for assuming another IAM role; required for cross-account k8s auth."
-  ecr_aws_account_id:
-    description: "If logging in to ECR, which AWS account ID the ECR repo is in."
+  ecr_aws_account_ids:
+    description: "A list of comma-separated AWS account IDs with which to perform docker login commands for ECR."
 runs:
   using: "node12"
   main: "build/index.js"
diff --git a/build/index.js b/build/index.js
diff --git a/build/index.js.map b/build/index.js.map
diff --git a/src/index.ts b/src/index.ts
@@ -58,15 +58,20 @@ const setAWSAssumeRoleProfile = (
   console.log("AWS assume role profile added to ~/.aws/config")
 }
 
-const dockerECRLogin = (ecrAwsAccountId: string, awsIamRoleName?: string) => {
+const dockerECRLogin = (
+  ecrAwsAccountIdsArray: string[],
+  awsIamRoleName?: string
+) => {
   const awsProfile = awsIamRoleName || "default"
-  const loginPassword = shell(
-    `aws ecr get-login-password --profile ${awsProfile}`
-  ).trim()
-  const loginResult = shell(
-    `docker login -u AWS -p ${loginPassword} https://${ecrAwsAccountId}.dkr.ecr.eu-west-1.amazonaws.com`
-  )
-  console.log(loginResult)
+  ecrAwsAccountIdsArray.forEach((ecrAwsAccountId) => {
+    const loginPassword = shell(
+      `aws ecr get-login-password --profile ${awsProfile}`
+    ).trim()
+    const loginResult = shell(
+      `docker login -u AWS -p ${loginPassword} https://${ecrAwsAccountId}.dkr.ecr.eu-west-1.amazonaws.com`
+    )
+    console.log(loginResult)
+  })
 }
 
 const setKubernetesConfig = (
@@ -90,7 +95,7 @@ const setKubernetesConfig = (
 const main = () => {
   const {
     INPUT_AWS_ACCOUNT_ID: awsAccountId,
-    INPUT_ECR_AWS_ACCOUNT_ID: ecrAwsAccountId,
+    INPUT_ECR_AWS_ACCOUNT_IDS: ecrAwsAccountIds,
     INPUT_AWS_ACCESS_KEY_ID: awsAccessKeyId,
     INPUT_AWS_SECRET_ACCESS_KEY: awsSecretAccessKey,
     INPUT_CLUSTER: cluster,
@@ -118,8 +123,9 @@ const main = () => {
   if (awsIamRoleName) {
     setAWSAssumeRoleProfile(awsIamRoleName, awsAccountId)
   }
-  if (ecrAwsAccountId) {
-    dockerECRLogin(ecrAwsAccountId, awsIamRoleName)
+  if (ecrAwsAccountIds) {
+    const ecrAwsAccountIdsArray = ecrAwsAccountIds.split(",")
+    dockerECRLogin(ecrAwsAccountIdsArray, awsIamRoleName)
   }
   setKubernetesConfig(awsAccountId, encodedKubeConfig, cluster)
 }