Skip to content
This repository has been archived by the owner on Nov 17, 2023. It is now read-only.

[v1.x] For ECR, ensure we sanitize region input from environment variable #19882

Merged
merged 2 commits into from
Feb 11, 2021
Merged

[v1.x] For ECR, ensure we sanitize region input from environment variable #19882

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3967b8a
Set default for cache_intermediate.
Feb 11, 2021
493069c
Make sure we sanitize region extracted from registry, since we pass i…
Feb 11, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion ci/build.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,7 @@ def get_dockerfile(platform: str, path=get_dockerfiles_path()) -> str:


def build_docker(platform: str, registry: str, num_retries: int, no_cache: bool,
cache_intermediate: bool) -> str:
cache_intermediate: bool=False) -> str:
"""
Build a container for the given platform
:param platform: Platform
Expand Down
33 changes: 22 additions & 11 deletions ci/docker_cache.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
import logging
import os
import subprocess
import re
import sys
from typing import *

Expand Down Expand Up @@ -96,24 +97,30 @@ def _build_save_container(platform, registry, load_cache) -> Optional[str]:
# Error handling is done by returning the errorous platform name. This is necessary due to
# Parallel being unable to handle exceptions

ECR_LOGGED_IN = False
def _ecr_login(registry):
"""
Use the AWS CLI to get credentials to login to ECR.
"""
# extract region from registry
region = registry.split(".")[3]
global ECR_LOGGED_IN
if ECR_LOGGED_IN:
return
regionMatch = re.match(r'.*?\.dkr\.ecr\.([a-z]+\-[a-z]+\-\d+)\.amazonaws\.com', registry)
assert(regionMatch)
region = regionMatch.group(1)
logging.info("Logging into ECR region %s using aws-cli..", region)
os.system("$(aws ecr get-login --region "+region+" --no-include-email)")
ECR_LOGGED_IN = True

def _upload_image(registry, docker_tag, image_id) -> None:
"""
Upload the passed image by id, tag it with docker tag and upload to S3 bucket
Upload the passed image by id, tag it with docker tag and upload to docker registry.
:param registry: Docker registry name
:param docker_tag: Docker tag
:param image_id: Image id
:return: None
"""

if "dkr.ecr" in registry:
_ecr_login(registry)

Expand Down Expand Up @@ -200,15 +207,19 @@ def script_name() -> str:

platforms = build_util.get_platforms()

secret_name = os.environ['DOCKERHUB_SECRET_NAME']
endpoint_url = os.environ['DOCKERHUB_SECRET_ENDPOINT_URL']
region_name = os.environ['DOCKERHUB_SECRET_ENDPOINT_REGION']

try:
login_dockerhub(secret_name, endpoint_url, region_name)
if "dkr.ecr" in args.docker_registry:
_ecr_login(args.docker_registry)
return build_save_containers(platforms=platforms, registry=args.docker_registry, load_cache=True)
finally:
logout_dockerhub()
else:
secret_name = os.environ['DOCKERHUB_SECRET_NAME']
endpoint_url = os.environ['DOCKERHUB_SECRET_ENDPOINT_URL']
region_name = os.environ['DOCKERHUB_SECRET_ENDPOINT_REGION']

try:
login_dockerhub(secret_name, endpoint_url, region_name)
return build_save_containers(platforms=platforms, registry=args.docker_registry, load_cache=True)
finally:
logout_dockerhub()


if __name__ == '__main__':
Expand Down