我一直在尝试使用 github actions 将 docker 镜像部署到 AWS ECR,但有一个步骤始终失败。
这是失败的部分:
- name: Pulling ECR for updates and instantiating new updated containers.
uses: appleboy/ssh-action@master
with:
host: ${{secrets.STAGING_HOST}}
username: ${{secrets.STAGING_USERNAME}}
key: ${{secrets.STAGING_PEM}}
port: ${{secrets.STAGING_PORT}}
script: |
cd staging
aws ecr get-login-password --region us-east-2 | docker login -u AWS -p-stdin ***.dkr.ecr.us-east-2.amazonaws.com
docker pull ***.dkr.ecr.us-east-2.amazonaws.com/*container name*:latest
docker-compose -f docker-compose.staging.yml up -d
docker rmi $(docker images --filter dangling=true -q 2>/dev/null) 2>/dev/null
docker exec -i *** python manage.py makemigrations *dir name*
docker exec -i *** python manage.py makemigrations accountsettings
docker exec -i *** python manage.py makemigrations payment
docker exec -i *** python manage.py runapscheduler
docker exec -i *** python manage.py migrate
不知道为什么这是一个问题,因为 github action 的虚拟环境已经安装了 AWS CLI (https://github.com/actions/virtual-environments/blob/main/images/linux/Ubuntu2004-Readme.md),而且我还在 github 操作的其他步骤中使用 AWS CLI,没有任何问题,例如:
- name: Build, Tag and Push image to Amazon ECR.
id: build-image
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: *ecr name*
IMAGE_TAG: latest
run: |
cd *dir name*
docker build -f Dockerfile.staging -t *container name* .
aws ecr get-login-password --region us-east-2 | docker login --username AWS --password-stdin ***.dkr.ecr.us-east-2.amazonaws.com
docker tag *container name*:latest ***.dkr.ecr.us-east-2.amazonaws.com/*container name*:latest
docker push ***.dkr.ecr.us-east-2.amazonaws.com/*container name*:latest
并且图像成功推送到我的 aws ECR。
我已尝试按照此处的建议安装 aws cli:GitHub Action - AWS CLI,但仍然无济于事。
这是我用来安装 aws cli 的代码:
- name: Intalling aws cli via python pip
run: |
python -m pip install --upgrade pip
pip install awscli
这是我收到的完整错误:
======END======
err: bash: line 2: aws: command not found
err: WARNING! Using -*** the CLI is insecure. Use --password-stdin.
err: Error response from daemon: login attempt to https://***.dkr.ecr.us-east-2.amazonaws.com/v2/ failed with status: 400 Bad Request
err: Error response from daemon: Head "https://***.dkr.ecr.us-east-2.amazonaws.com/v2/*ecr name*/manifests/latest": no basic auth credentials
err: Pulling web (***.dkr.ecr.us-east-2.amazonaws.com/*ecr-name*:latest)...
err: Head "https://***.dkr.ecr.us-east-2.amazonaws.com/v2/*ecr-name*/manifests/latest": no basic auth credentials
err: Error: No such container: ***
err: Error: No such container: ***
err: Error: No such container: ***
err: Error: No such container: ***
err: Error: No such container: ***
err: Error: No such container: ***
err: Error: No such container: ***
err: Error: No such container: ***
20***/01/19 04:59:42 Process exited with status 1
AWS CLI 似乎无法在管道上配置访问密钥 ID 和密钥。为了解决这个问题并使其更易于长期管理,我建议使用 AWS 的预构建操作来简化管道的设置过程。
构建 Github 操作管道以将图像推送到 AWS ECR 的最常见方法是使用以下操作:
aws-actions/configure-aws-credentials@v1aws-actions/amazon-ecr-login@v1结合使用这些操作,我们可以配置管道的 shell 会话来存储 AWS CLI 的临时凭证和 docker 登录的 ECR 凭证。
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ap-south-1
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Build, tag, and push the image to Amazon ECR
id: build-image
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: ${{ secrets.REPO_NAME }}
IMAGE_TAG: 1.0
run: |
# Build a docker container and push it to ECR
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
echo "Pushing image to ECR..."
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG"
如果上述指南还不够,并且您在配置访问密钥和机密方面需要帮助,我建议您按照此处
撰写的博客进行操作实际上,我只需在我的 EC2 实例上安装 AWS CLI 即可。