sparse-intern-71089
03/29/2023, 2:51 AMsteep-toddler-94095
03/29/2023, 4:59 AMpreview
even after you've authenticated with ECR?fresh-spring-82225
03/29/2023, 5:50 AM- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v2
with:
aws-region: us-east-2
role-to-assume: arn:aws:iam::[account id]:role/[pulumi role]
role-session-name: pulumi-up
role-duration-seconds: 900
- name: Use Node.js
uses: actions/setup-node@v3
with:
node-version: 16
- run: yarn install --frozen-lockfile
working-directory: ${{ env.PULUMI_WORKING_DIRECTORY }}
- name: PR previews
if: ${{ github.event_name == 'pull_request' }}
uses: pulumi/actions@v3
with:
command: preview
comment-on-pr: true
stack-name: ${{ env.PULUMI_STACK_NAME }}
work-dir: ${{ env.PULUMI_WORKING_DIRECTORY }}
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Apply infrastructure update
if: ${{ github.event_name == 'push' }}
uses: pulumi/actions@v3
with:
command: up
stack-name: ${{ env.PULUMI_STACK_NAME }}
work-dir: ${{ env.PULUMI_WORKING_DIRECTORY }}
so the up
step should have the same authentication as the preview
step, right?steep-toddler-94095
03/29/2023, 4:55 PMup
and preview
should have the same auth unless preview
runs code that adds additional auth. if it does not it's puzzling why there is a difference
but a main issue here is your github actions workflow does not do ECR login. configuring aws credentials isn't enough to pull from a private ECR repofresh-spring-82225
03/29/2023, 6:46 PMfresh-spring-82225
03/29/2023, 6:48 PMup
succeeds with out aws-actions/amazon-ecr-login
🤔steep-toddler-94095
03/29/2023, 9:50 PMup
jobs just happened to use runners that were already authenticated with ECR from another job?fresh-spring-82225
03/29/2023, 10:32 PM