chore: cleanup ECR login logic

Author: lklimek

.github/actions/aws_ecr_login/action.yaml

@@ -0,0 +1,42 @@
+---
+# Login to AWS ECR
+name: "aws_ecr_login"
+description: "Login to AWS ECR to store Docker containers"
+inputs:
+  aws_account_id:
+    description: AWS account ID (AWS_ACCOUNT_ID)
+    required: true
+  aws_access_key_id:
+    description: Access key ID (AWS_ACCESS_KEY_ID)
+    required: true
+  aws_secret_access_key:
+    description: Secret access key (AWS_SECRET_ACCESS_KEY)
+    required: true
+  aws_region:
+    description: AWS region to use (AWS_REGION)
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - name: Configure AWS credentials and bucket region
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        aws-access-key-id: ${{ inputs.aws_access_key_id }}
+        aws-secret-access-key: ${{ inputs.aws_secret_access_key }}
+        aws-region: ${{ inputs.aws_region }}
+
+    - name: Login to ECR
+      run: |
+        aws ecr get-login-password \
+          --region ${{ inputs.aws_region }} | docker login --username AWS --password-stdin ${{ inputs.aws_account_id }}.dkr.ecr.${{ inputs.aws_region  }}.amazonaws.com
+      shell: bash
+
+    # Unset AWS credentials to avoid conflicts, as we prefer credentials from ~/.aws/credentials to authenticate
+    - name: Unset AWS credentials to avoid conflicts
+      shell: bash
+      run: |
+        echo AWS_DEFAULT_REGION='' >> $GITHUB_ENV
+        echo AWS_REGION='' >> $GITHUB_ENV
+        echo AWS_ACCESS_KEY_ID='' >> $GITHUB_ENV
+        echo AWS_SECRET_ACCESS_KEY='' >> $GITHUB_ENV

.github/actions/docker/action.yaml

@@ -162,19 +162,6 @@ runs:
         secret_access_key: ${{ inputs.cache_secret_access_key }}
         install: false
 
-    # Unset AWS credentials to avoid conflicts, as we use credentials in ~/.aws/credentials generated in sccache action.
-    - name: Unset AWS credentials to avoid conflicts
-      shell: bash
-      run: |
-        if [ ! -f "$HOME/.aws/credentials" ]; then
-          echo "Error: AWS credentials file not found"
-          exit 1
-        fi
-        echo AWS_DEFAULT_REGION='' >> $GITHUB_ENV
-        echo AWS_REGION='' >> $GITHUB_ENV
-        echo AWS_ACCESS_KEY_ID='' >> $GITHUB_ENV
-        echo AWS_SECRET_ACCESS_KEY='' >> $GITHUB_ENV
-
     - name: Build and push Docker image ${{ inputs.image }}
       id: docker_build
       uses: docker/build-push-action@v6

.github/workflows/release.yml

@@ -231,14 +231,6 @@ jobs:
         with:
           fetch-depth: 0
 
-      # TODO: Do we still need this?
-      - name: Configure AWS credentials and bucket region
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          aws-region: ${{ vars.AWS_REGION  }}
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-
       - name: Download JS build artifacts
         uses: actions/download-artifact@v4
         with:

.github/workflows/tests-build-image.yml

@@ -24,19 +24,13 @@ jobs:
         with:
           fetch-depth: 0
 
-      # AWS credentials only needed for ECR login
-      - name: Configure AWS credentials and bucket region
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: ${{ vars.AWS_REGION }}
-
       - name: Login to ECR
-        run: |
-          aws ecr get-login-password \
-            --region ${{ vars.AWS_REGION  }} | docker login --username AWS --password-stdin ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ vars.AWS_REGION  }}.amazonaws.com
-        shell: bash
+        uses: ./.github/actions/aws_ecr_login
+        with:
+          aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws_region: ${{ vars.AWS_REGION }}
+          aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }}
 
       - name: Build and push by SHA
         uses: ./.github/actions/docker

.github/workflows/tests-build-js.yml

@@ -6,13 +6,6 @@ jobs:
     name: Build JS
     runs-on: ubuntu-24.04
     steps:
-      # - name: Configure AWS credentials and bucket region
-      #   uses: aws-actions/configure-aws-credentials@v4
-      #   with:
-      #     aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-      #     aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-      #     aws-region: ${{ vars.AWS_REGION  }}
-
       - uses: softwareforgood/check-artifact-v4-existence@v0
         id: check-artifact
         with:

.github/workflows/tests-codeql.yml

@@ -20,14 +20,6 @@ jobs:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
-      # TODO do we still need this?
-      - name: Configure AWS credentials and bucket region
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: ${{ vars.AWS_REGION  }}
-
       - name: Setup Node.JS
         uses: ./.github/actions/nodejs
 

.github/workflows/tests-dashmate.yml

@@ -31,12 +31,13 @@ jobs:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
-      - name: Configure AWS credentials and bucket region
-        uses: aws-actions/configure-aws-credentials@v4
+      - name: Login to ECR
+        uses: ./.github/actions/aws_ecr_login
         with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: ${{ vars.AWS_REGION }}
+          aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws_region: ${{ vars.AWS_REGION }}
+          aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }}
 
       - name: Setup Node.JS
         uses: ./.github/actions/nodejs
@@ -53,7 +54,6 @@ jobs:
 
           # Login to ECR
           DOCKER_HUB_ORG="${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ vars.AWS_REGION  }}.amazonaws.com"
-          aws ecr get-login-password --region ${{ vars.AWS_REGION  }} | docker login --username AWS --password-stdin $DOCKER_HUB_ORG
 
           SHA_TAG=sha-${{ github.sha }}
 

.github/workflows/tests-js-package.yml

@@ -25,13 +25,6 @@ jobs:
       - name: Check out repo
         uses: actions/checkout@v4
 
-      - name: Configure AWS credentials and bucket region
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: ${{ vars.AWS_REGION  }}
-
       - name: Setup Node.JS
         uses: ./.github/actions/nodejs
 
@@ -57,14 +50,6 @@ jobs:
         with:
           fetch-depth: 0
 
-      # TODO: Do we still need this?
-      - name: Configure AWS credentials and bucket region
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          aws-region: ${{ vars.AWS_REGION  }}
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-
       - name: Setup Node.JS
         uses: ./.github/actions/nodejs
 

.github/workflows/tests-packges-functional.yml

@@ -20,15 +20,13 @@ jobs:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
-      - name: Configure AWS credentials and bucket region
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: ${{ vars.AWS_REGION  }}
-
       - name: Login to ECR
-        run: aws ecr get-login-password --region ${{ vars.AWS_REGION  }} | docker login --username AWS --password-stdin ${{ env.ECR_HOST }}
+        uses: ./.github/actions/aws_ecr_login
+        with:
+          aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws_region: ${{ vars.AWS_REGION }}
+          aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }}
 
       - name: Start local network
         uses: ./.github/actions/local-network

.github/workflows/tests-test-suite.yml

@@ -38,15 +38,13 @@ jobs:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
-      - name: Configure AWS credentials and bucket region
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: ${{ vars.AWS_REGION }}
-
       - name: Login to ECR
-        run: aws ecr get-login-password --region ${{ vars.AWS_REGION }} | docker login --username AWS --password-stdin ${{ env.ECR_HOST }}
+        uses: ./.github/actions/aws_ecr_login
+        with:
+          aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws_region: ${{ vars.AWS_REGION }}
+          aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }}
 
       - name: Start local network
         uses: ./.github/actions/local-network