Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Pipe "atlassian/aws-ecr-push-image:1.6.2" fails if the image does not have "latest" tag locally

Deleted user January 16, 2023

According to the documentation of this Atlassian organization owned pipe atlassian/aws-ecr-push-image, nothing suggests that the "latest" tag must exist when not attempting to push it, but in practice it seems mandatory.

 

The following script step:

- export IMAGE_NAME=my/image
- docker build -t $IMAGE_NAME:example .
- export TAGS=example
- pipe: atlassian/aws-ecr-push-image:1.6.2
  variables:
    AWS_OIDC_ROLE_ARN: "<ARN>"
    IMAGE_NAME: "$IMAGE_NAME"
    TAGS: example

fails with this error:

INFO: Authenticating with a OpenID Connect (OIDC) Web Identity Provider
INFO: Executing the aws-ecr-push-image pipe...
INFO: Successfully logged in to https://***.dkr.ecr.us-east-1.amazonaws.com
✖ Image not found: 404 Client Error for http://host.docker.internal:2375/v1.41/images/my/image/json: Not Found ("no such image: my-image: No such image: my/image:latest")

^ it does not seem sensible that the pipe is looking for the "latest" tag at all when we clearly set it to push tag "example" only.

 

If we also tag the image with "latest" before calling the pipe, the push completes successfully:

- export IMAGE_NAME=my/image
# need to also tag as "latest":
- docker build -t $IMAGE_NAME:latest -t $IMAGE_NAME:example .
- export TAGS=example
- pipe: atlassian/aws-ecr-push-image:1.6.2
  variables:
    AWS_OIDC_ROLE_ARN: "<ARN>"
    IMAGE_NAME: "$IMAGE_NAME"
    TAGS: example

 

We think this is a bug: if the "latest" tag is not specified in "variables.TAGS", it should not be mandatory for the tag to be set in local docker registry.
Please forward this feedback to the Atlassian developer(s) of this pipe.
Answer
Watch
Like Be the first to like this
1693 views

1 answer

1 accepted

0 votes
Answer accepted
Igor Stoyanov
Igor Stoyanov
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 20, 2023

@[deleted] hi. Thanks for your investigation.
According to pipe documentation you have to follow the next:

Don't add tag in the IMAGE_NAME variable, pass variables TAGS instead (see more information below).

So yes, this pipe relies on latest tag, but if you will follow this configuration:

script:

  # build the image
  - docker build -t my-docker-image . ## do not add here custom tags

  # use the pipe to push to AWS ECR
  - pipe: atlassian/aws-ecr-push-image:1.6.2
    variables:
      IMAGE_NAME: my-docker-image
      TAGS: 'example'

 then you will achieve your goal.

Regards, Igor.

View More Comments
Deleted user January 20, 2023

Hi, so if I get it right, the pipe will always take the local $IMAGE_NAME with tag="latest" and push that to the specified TAGS on remote? 

Maybe this is worth noting in the README in the future because I think the normal expectation is that it'd push the same local tag to the same remote tag. This could introduce some oddities if one has something like this (it's not an issue for me, so no urgency, but worth noting):

script:

  # build the image, rel1 track
  - git checkout rel1
  - docker build -t my-docker-image:rel1 .

  # build the image, rel2 track
  - git checkout rel2
  - docker build -t my-docker-image:rel2 .

  # build the image, on main track
  - git checkout main
  - docker build -t my-docker-image:latest .

  # use the pipe to push to AWS ECR
  - pipe: atlassian/aws-ecr-push-image:1.6.2
    variables:
      IMAGE_NAME: my-docker-image
      TAGS: 'rel1 rel2 latest'

^ this would then push the "latest" local tag to all 3 remote $TAGS, which is probably not what one would expect.

Like
Igor Stoyanov
Igor Stoyanov
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 23, 2023

Hi, so if I get it right, the pipe will always take the local $IMAGE_NAME with tag="latest" and push that to the specified TAGS on remote? 

Yes.

^ this would then push the "latest" local tag to all 3 remote $TAGS, which is probably not what one would expect.

Yes, this will fail.

We will think about adding a note to the pipe or changing the behaviour of the pipe to take and and push exact tags. We will notify you when new version of the pipe become available.

 

Regards, Igor.

Like
Igor Stoyanov
Igor Stoyanov
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 7, 2023

 

We created a new release of aws-ecr-push-image according to this feature request.

Now users have to build and tag all images they want to push with requested tags:

script:

  # build the image
  - docker build -t my-docker-image:my-tag -t my-docker-image .

  # use the pipe to push to AWS ECR
  - pipe: atlassian/aws-ecr-push-image:2.0.0
    variables:
      AWS_ACCESS_KEY_ID: $AWS_ACCESS_KEY_ID
      AWS_SECRET_ACCESS_KEY: $AWS_SECRET_ACCESS_KEY
      AWS_DEFAULT_REGION: $AWS_DEFAULT_REGION
      IMAGE_NAME: my-docker-image
      TAGS: 'my-tag latest'

Regards, Igor

Like kaoka kelvin likes this
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Site Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events