https://stackoverflow.com/questions/70828205/pushing-an-image-to-ecr-getting-retrying-in-seconds
해결방법
IAM에 ecr 권한 정책을 추가해야 함
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowECRActions",
"Effect": "Allow",
"Action": [
"ecr:BatchCheckLayerAvailability",
"ecr:BatchGetImage",
"ecr:CompleteLayerUpload",
"ecr:GetAuthorizationToken",
"ecr:GetDownloadUrlForLayer",
"ecr:GetLifecyclePolicy",
"ecr:GetLifecyclePolicyPreview",
"ecr:GetRepositoryPolicy",
"ecr:InitiateLayerUpload",
"ecr:ListImages",
"ecr:PutImage",
"ecr:PutLifecyclePolicy",
"ecr:SetRepositoryPolicy",
"ecr:StartLifecyclePolicyPreview",
"ecr:UploadLayerPart"
],
"Resource": "*"
}
]
}
ecr에서 pull할 때 오류 생기는 deploy.yml
name: Deploy to Amazon EC2
on:
push:
branches:
- main
# 리전, 버킷 이름, CodeDeploy 앱 이름, CodeDeploy 배포 그룹 이름
env:
AWS_REGION: ap-northeast-2
SOURCE_IMAGE: app
ECR_REPO_NAME: sunflower-ecr-repo
IMAGE_TAG: $(date '+%Y%m%d-%H%M%S')
permissions:
contents: read
jobs:
deploy:
name: Deploy
runs-on: ubuntu-latest
environment: production
steps:
# (1) 기본 체크아웃
- name: Checkout
uses: actions/checkout@v3
# (2) JDK 11 세팅
- name: Set up JDK 11
uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: '11'
# (5) AWS 인증 (IAM 사용자 Access Key, Secret Key 활용)
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}
- name: Login to AWS ECR
uses: aws-actions/amazon-ecr-login@v1
- uses: actions/checkout@v2
- run: mkdir ./src/main/resources
- run: touch ./src/main/resources/application.yml
- run: echo "${{ secrets.APPLICATION }}" | base64 --decode > ./src/main/resources/application.yml
- uses: actions/upload-artifact@v2
with:
name: application.yml
path: ./src/main/resources/application.yml
- run: touch ./src/main/resources/application-s3.yml
- run: echo "${{ secrets.APPLICATION_S3 }}" | base64 --decode > ./src/main/resources/application-s3.yml
- uses: actions/upload-artifact@v2
with:
name: application-s3.yml
path: ./src/main/resources/application-s3.yml
- name: Build with Gradle
run: ./gradlew clean build
- name: Build and push Docker images
run: |
# Set environment variables
export DOCKER_BUILDKIT=1
export COMPOSE_DOCKER_CLI_BUILD=1
# Build and push Docker images
docker-compose build
docker tag ${{ env.SOURCE_IMAGE }}:latest ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com/${{ env.ECR_REPO_NAME }}:$(date '+%Y%m%d-%H%M%S')
docker push ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com/${{ env.ECR_REPO_NAME }}:$(date '+%Y%m%d-%H%M%S')
- name: SSH into EC2 and pull Docker images
uses: appleboy/ssh-action@master
with:
host: ${{ secrets.AWS_HOST }}
username: ${{ secrets.AWS_USERNAME }}
key: ${{ secrets.SSH_PRIVATE_KEY }}
script: |
# Pull Docker images
sudo apt-get update
sudo apt-get upgrade openssl
docker run -it --rm docker:stable /bin/bash
aws ecr get-login-password --region ${{ env.AWS_REGION }} | docker login --username AWS --password-stdin https://${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com
docker pull ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com/${{ env.ECR_REPO_NAME }}:$(date '+%Y%m%d-%H%M%S')
# - name: SSH into EC2 and pull Docker images
# uses: appleboy/ssh-action@master
# with:
# host: ${{ secrets.AWS_HOST }}
# username: ${{ secrets.AWS_USERNAME }}
# key: ${{ secrets.SSH_PRIVATE_KEY }}
# script: |
# # Pull Docker images
# # Install AWS CLI
# sudo apt-get update && sudo apt-get install -y awscli
# # Get ECR login credentials and log in to Docker
# $(aws ecr get-login --no-include-email --region ${{ env.AWS_REGION }})
# docker pull ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com/${{ env.ECR_REPO_NAME }}:$(date '+%Y%m%d-%H%M%S')
# docker login -u AWS -p $(aws ecr get-login-password --region ${{ env.AWS_REGION }}) ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com
# docker pull ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com/${{ env.ECR_REPO_NAME }}:$(date '+%Y%m%d-%H%M%S')
- name: SSH into EC2 and restart Docker containers
uses: appleboy/ssh-action@master
with:
host: ${{ secrets.AWS_HOST }}
username: ${{ secrets.AWS_USERNAME }}
key: ${{ secrets.SSH_PRIVATE_KEY }}
script: |
# Restart Docker containers
docker-compose down
docker-compose up -d
하루에 한 개념씩