Describe the bug
Following this document, I want to launch a job on a container from my private ECR repository on self-hosted runner(dind mode in k8s).
However there is no basic auth credentials error from second job.
action yaml
name: "test"
on:
push:
branch: action-test
jobs:
login-to-ecr:
permissions:
contents: read
issues: read
id-token: write
checks: write
pull-requests: write
runs-on: [ arc-runner-dind ]
steps:
- name: Get AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
with:
aws-region: ap-northeast-2
role-to-assume: MY-TEST-ROLE
role-session-name: MY-TEST-ROLE-SESSION
mask-aws-account-id: false
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
with:
mask-password: false
skip-logout: true
- name: test
run: |
docker pull 000000000000.dkr.ecr.ap-northeast-2.amazonaws.com/actions-runner-image:lastest
- name: echo
run: |
echo "${{ steps.login-ecr.outputs.docker_username_000000000000_dkr_ecr_ap_northeast_2_amazonaws_com }}"
echo "${{ steps.login-ecr.outputs.docker_password_000000000000_dkr_ecr_ap_northeast_2_amazonaws_com }}"
outputs:
docker_username: ${{ steps.login-ecr.outputs.docker_username_000000000000_dkr_ecr_ap_northeast_2_amazonaws_com }}
docker_password: ${{ steps.login-ecr.outputs.docker_password_000000000000_dkr_ecr_ap_northeast_2_amazonaws_com }}
CI-Test:
permissions:
contents: read
issues: read
id-token: write
checks: write
pull-requests: write
runs-on: [ arc-runner-dind ]
needs: login-to-ecr
container:
image: 000000000000.dkr.ecr.ap-northeast-2.amazonaws.com/actions-runner-image:latest
options: --pull=always
credentials:
username: ${{ needs.login-to-ecr.outputs.docker_username }}
password: ${{ needs.login-to-ecr.outputs.docker_password }}
steps:
- name: test
run: |
echo "hello"
Pulling a private ECR image from login-to-ecr has no issue however pulling same image as a job container from CI-Test job got failed with Error response from daemon: Head "https://000000000000.dkr.ecr.ap-northeast-2.amazonaws.com/v2/actions-runner-image/manifests/latest": no basic auth credentials
To Reproduce
Steps to reproduce the behavior:
- AWS private ECR login in first job and pass credentials as outputs to
<job>.container.credentials to second job.
Expected behavior
A job on a container from private ECR repo should be launched on self-hosted runner.
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
- OS: EKS 1.28 / dind mode arc(action runner controller)
Additional context
Add any other context about the problem here.
Describe the bug
Following this document, I want to launch a job on a container from my private ECR repository on self-hosted runner(dind mode in k8s).
However there is
no basic auth credentialserror from second job.action yaml
Pulling a private ECR image from
login-to-ecrhas no issue however pulling same image as a job container fromCI-Testjob got failed withError response from daemon: Head "https://000000000000.dkr.ecr.ap-northeast-2.amazonaws.com/v2/actions-runner-image/manifests/latest": no basic auth credentialsTo Reproduce
Steps to reproduce the behavior:
<job>.container.credentialsto second job.Expected behavior
A job on a container from private ECR repo should be launched on self-hosted runner.
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
Additional context
Add any other context about the problem here.