Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Get started Tell me more
Atlassian Community about banner
4,641,818
Community Members
 
Community Events
196
Community Groups

Pipe "atlassian/aws-ecr-push-image:1.6.2" fails if the image does not have "latest" tag locally

Deleted user Jan 16, 2023

According to the documentation of this Atlassian organization owned pipe atlassian/aws-ecr-push-image, nothing suggests that the "latest" tag must exist when not attempting to push it, but in practice it seems mandatory.

 

The following script step:

- export IMAGE_NAME=my/image
- docker build -t $IMAGE_NAME:example .
- export TAGS=example
- pipe: atlassian/aws-ecr-push-image:1.6.2
  variables:
    AWS_OIDC_ROLE_ARN: "<ARN>"
    IMAGE_NAME: "$IMAGE_NAME"
    TAGS: example

fails with this error:

INFO: Authenticating with a OpenID Connect (OIDC) Web Identity Provider
INFO: Executing the aws-ecr-push-image pipe...
INFO: Successfully logged in to https://***.dkr.ecr.us-east-1.amazonaws.com
✖ Image not found: 404 Client Error for http://host.docker.internal:2375/v1.41/images/my/image/json: Not Found ("no such image: my-image: No such image: my/image:latest")

^ it does not seem sensible that the pipe is looking for the "latest" tag at all when we clearly set it to push tag "example" only.

 

If we also tag the image with "latest" before calling the pipe, the push completes successfully:

- export IMAGE_NAME=my/image
# need to also tag as "latest":
- docker build -t $IMAGE_NAME:latest -t $IMAGE_NAME:example .
- export TAGS=example
- pipe: atlassian/aws-ecr-push-image:1.6.2
  variables:
    AWS_OIDC_ROLE_ARN: "<ARN>"
    IMAGE_NAME: "$IMAGE_NAME"
    TAGS: example

 

We think this is a bug: if the "latest" tag is not specified in "variables.TAGS", it should not be mandatory for the tag to be set in local docker registry.
Please forward this feedback to the Atlassian developer(s) of this pipe.
Answer
Watch
Like Be the first to like this
936 views

1 answer

1 accepted

0 votes
Answer accepted
Igor Stoyanov
Igor Stoyanov
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Jan 20, 2023 • edited

@[deleted] hi. Thanks for your investigation.
According to pipe documentation you have to follow the next:

Don't add tag in the IMAGE_NAME variable, pass variables TAGS instead (see more information below).

So yes, this pipe relies on latest tag, but if you will follow this configuration:

script:

  # build the image
  - docker build -t my-docker-image . ## do not add here custom tags

  # use the pipe to push to AWS ECR
  - pipe: atlassian/aws-ecr-push-image:1.6.2
    variables:
      IMAGE_NAME: my-docker-image
      TAGS: 'example'

 then you will achieve your goal.

Regards, Igor.

View More Comments
Deleted user Jan 20, 2023 • edited

Hi, so if I get it right, the pipe will always take the local $IMAGE_NAME with tag="latest" and push that to the specified TAGS on remote? 

Maybe this is worth noting in the README in the future because I think the normal expectation is that it'd push the same local tag to the same remote tag. This could introduce some oddities if one has something like this (it's not an issue for me, so no urgency, but worth noting):

script:

  # build the image, rel1 track
  - git checkout rel1
  - docker build -t my-docker-image:rel1 .

  # build the image, rel2 track
  - git checkout rel2
  - docker build -t my-docker-image:rel2 .

  # build the image, on main track
  - git checkout main
  - docker build -t my-docker-image:latest .

  # use the pipe to push to AWS ECR
  - pipe: atlassian/aws-ecr-push-image:1.6.2
    variables:
      IMAGE_NAME: my-docker-image
      TAGS: 'rel1 rel2 latest'

^ this would then push the "latest" local tag to all 3 remote $TAGS, which is probably not what one would expect.

Like
Igor Stoyanov
Igor Stoyanov
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Jan 23, 2023

Hi, so if I get it right, the pipe will always take the local $IMAGE_NAME with tag="latest" and push that to the specified TAGS on remote? 

Yes.

^ this would then push the "latest" local tag to all 3 remote $TAGS, which is probably not what one would expect.

Yes, this will fail.

We will think about adding a note to the pipe or changing the behaviour of the pipe to take and and push exact tags. We will notify you when new version of the pipe become available.

 

Regards, Igor.

Like
Igor Stoyanov
Igor Stoyanov
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Feb 07, 2023

 

We created a new release of aws-ecr-push-image according to this feature request.

Now users have to build and tag all images they want to push with requested tags:

script:

  # build the image
  - docker build -t my-docker-image:my-tag -t my-docker-image .

  # use the pipe to push to AWS ECR
  - pipe: atlassian/aws-ecr-push-image:2.0.0
    variables:
      AWS_ACCESS_KEY_ID: $AWS_ACCESS_KEY_ID
      AWS_SECRET_ACCESS_KEY: $AWS_SECRET_ACCESS_KEY
      AWS_DEFAULT_REGION: $AWS_DEFAULT_REGION
      IMAGE_NAME: my-docker-image
      TAGS: 'my-tag latest'

Regards, Igor

Like kaoka kelvin likes this
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Site Admin
TAGS
AUG Leaders

Atlassian Community Events

See all events