Supply Docker images on ECR

nsmithuk · web-flow · commit 368dfd7f1fe3 · 2023-10-25T14:42:12.000+01:00
* Try AWS integration * Test * Use latest orb * Test push * ECR Login * Login to ECR * Validated permissions * Temporarily lock version of oscrypto until bug fixed wbond/oscrypto#78 * Updated docs * Push to ECR
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -1,7 +1,8 @@
 version: 2.1
 
 orbs:
-  aws-cli: circleci/aws-cli@1.3.1
+  aws-cli: circleci/aws-cli@4.1.1
+  aws-ecr: circleci/aws-ecr@9.0.0
 
 workflows:
   build:
@@ -349,6 +350,13 @@ jobs:
       - image: cimg/base:stable
     steps:
       - setup_remote_docker
+      - aws-cli/setup:
+         role_arn: "${AWS_ROLE_ARN}"
+         region: "us-east-1"
+      - run:
+          name: Login to AWS ECR
+          command: |
+            aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/nsmithuk
       - run:
           name: Login to Docker Hub
           command: |
@@ -362,12 +370,20 @@ jobs:
           name: Copy image to new tag
           command: |
             ./regctl image copy nsmithuk/local-kms:circleci nsmithuk/local-kms:latest
+            ./regctl image copy nsmithuk/local-kms:circleci public.ecr.aws/nsmithuk/local-kms:latest
 
   build-docker-push-tag:
     docker:
       - image: cimg/base:stable
     steps:
       - setup_remote_docker
+      - aws-cli/setup:
+         role_arn: "${AWS_ROLE_ARN}"
+         region: "us-east-1"
+      - run:
+          name: Login to AWS ECR
+          command: |
+            aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/nsmithuk
       - run:
           name: Login to Docker Hub
           command: |
@@ -384,8 +400,11 @@ jobs:
             echo "Version Full << pipeline.git.tag >>"
             echo "Version Major $VERSION_MAJOR"
             
-            ./regctl image copy nsmithuk/local-kms:circleci nsmithuk/local-kms:${VERSION_MAJOR}            
-            ./regctl image copy nsmithuk/local-kms:circleci nsmithuk/local-kms:<< pipeline.git.tag >>            
+            ./regctl image copy nsmithuk/local-kms:circleci nsmithuk/local-kms:${VERSION_MAJOR}
+            ./regctl image copy nsmithuk/local-kms:circleci nsmithuk/local-kms:<< pipeline.git.tag >>
+
+            ./regctl image copy nsmithuk/local-kms:circleci public.ecr.aws/nsmithuk/local-kms:${VERSION_MAJOR}
+            ./regctl image copy nsmithuk/local-kms:circleci public.ecr.aws/nsmithuk/local-kms:<< pipeline.git.tag >>
 
   release-artifacts-s3:
     executor: aws-cli/default
diff --git a/README.md b/README.md
@@ -55,6 +55,8 @@ Pre-built binaries:
 
 ## Getting Started with Docker
 
+Images are available on both [Docker Hub](https://hub.docker.com/r/nsmithuk/local-kms) and [AWS Public ECR](https://gallery.ecr.aws/nsmithuk/local-kms).
+
 The quickest way to get started is with Docker. To get LKMS up, running and accessible on port 8080, you can run:
 ```
 docker run -p 8080:8080 nsmithuk/local-kms
diff --git a/tests/functional/requirments.txt b/tests/functional/requirments.txt
@@ -2,4 +2,4 @@ pytest
 requests
 aws-requests-auth
 pycryptodome
-oscrypto
+https://github.com/wbond/oscrypto/archive/d5f3437ed24257895ae1edd9e503cfb352e635a8.zip
