Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,465,321
Community Members
 
Community Events
176
Community Groups

Pipe "atlassian/aws-ecr-push-image:1.6.2" fails if the image does not have "latest" tag locally

Deleted user Jan 16, 2023

According to the documentation of this Atlassian organization owned pipe atlassian/aws-ecr-push-image, nothing suggests that the "latest" tag must exist when not attempting to push it, but in practice it seems mandatory.

 

The following script step:

- export IMAGE_NAME=my/image
- docker build -t $IMAGE_NAME:example .
- export TAGS=example
- pipe: atlassian/aws-ecr-push-image:1.6.2
variables:
AWS_OIDC_ROLE_ARN: "<ARN>"
IMAGE_NAME: "$IMAGE_NAME"
TAGS: example

fails with this error:

INFO: Authenticating with a OpenID Connect (OIDC) Web Identity Provider
INFO: Executing the aws-ecr-push-image pipe...
INFO: Successfully logged in to https://***.dkr.ecr.us-east-1.amazonaws.com
✖ Image not found: 404 Client Error for http://host.docker.internal:2375/v1.41/images/my/image/json: Not Found ("no such image: my-image: No such image: my/image:latest")

^ it does not seem sensible that the pipe is looking for the "latest" tag at all when we clearly set it to push tag "example" only.

 

If we also tag the image with "latest" before calling the pipe, the push completes successfully:

- export IMAGE_NAME=my/image
# need to also tag as "latest":
- docker build -t $IMAGE_NAME:latest -t $IMAGE_NAME:example .
- export TAGS=example
- pipe: atlassian/aws-ecr-push-image:1.6.2
variables:
AWS_OIDC_ROLE_ARN: "<ARN>"
IMAGE_NAME: "$IMAGE_NAME"
TAGS: example

 

We think this is a bug: if the "latest" tag is not specified in "variables.TAGS", it should not be mandatory for the tag to be set in local docker registry.
Please forward this feedback to the Atlassian developer(s) of this pipe.

1 answer

1 accepted

0 votes
Answer accepted

@[deleted] hi. Thanks for your investigation.
According to pipe documentation you have to follow the next:

Don't add tag in the IMAGE_NAME variable, pass variables TAGS instead (see more information below).

So yes, this pipe relies on latest tag, but if you will follow this configuration:

script:

  # build the image
  - docker build -t my-docker-image . ## do not add here custom tags

  # use the pipe to push to AWS ECR
  - pipe: atlassian/aws-ecr-push-image:1.6.2
    variables:
      IMAGE_NAME: my-docker-image
      TAGS: 'example'

 then you will achieve your goal.

Regards, Igor.

Hi, so if I get it right, the pipe will always take the local $IMAGE_NAME with tag="latest" and push that to the specified TAGS on remote? 

Maybe this is worth noting in the README in the future because I think the normal expectation is that it'd push the same local tag to the same remote tag. This could introduce some oddities if one has something like this (it's not an issue for me, so no urgency, but worth noting):

script:

  # build the image, rel1 track
- git checkout rel1 - docker build -t my-docker-image:rel1 .

# build the image, rel2 track
- git checkout rel2
- docker build -t my-docker-image:rel2 .

# build the image, on main track
- git checkout main
- docker build -t my-docker-image:latest .
# use the pipe to push to AWS ECR - pipe: atlassian/aws-ecr-push-image:1.6.2 variables: IMAGE_NAME: my-docker-image TAGS: 'rel1 rel2 latest'

^ this would then push the "latest" local tag to all 3 remote $TAGS, which is probably not what one would expect.

Hi, so if I get it right, the pipe will always take the local $IMAGE_NAME with tag="latest" and push that to the specified TAGS on remote? 

Yes.

^ this would then push the "latest" local tag to all 3 remote $TAGS, which is probably not what one would expect.

Yes, this will fail.

We will think about adding a note to the pipe or changing the behaviour of the pipe to take and and push exact tags. We will notify you when new version of the pipe become available.

 

Regards, Igor.

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Site Admin
TAGS

Atlassian Community Events