Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Set lifecycle rules #9

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 31 additions & 1 deletion .circleci/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ orbs:
# https://circleci.com/orbs/registry/orb/circleci/aws-ecr
# required environment variables:
# https://circleci.com/docs/2.0/ecs-ecr/#configure-circleci-environment-variables
aws-ecr: circleci/aws-ecr@6.15.3
aws-ecr: circleci/aws-ecr@8.1.2

workflows:
version: 2
Expand All @@ -32,6 +32,36 @@ workflows:
tag: "latest,$CIRCLE_BRANCH,$CIRCLE_SHA1"
# create the AWS ECR repo if it does not exist already.
create-repo: true
lifecycle-policy-path: >
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The documentation says this should be a path, not the actual content.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes! But it's a lie.

I started adding a file as in https://github.com/remind101/r101-api/pull/16623/files#diff-2c27a3138e2c83cb750d9a8a3b415799e8f3806ae6bd8a9d06a6abb23e018d36 (only left there for dev purposes) only to get Invalid length for parameter lifecyclePolicyText, value: 28, valid min length: 100 (https://app.circleci.com/pipelines/github/remind101/r101-api/11123/workflows/b3566098-95c6-4f13-9fd7-8a7f3f79a4d1/jobs/257499).

After my initial wtf moment, my suspects were confirmed when I tried the current approach and bingo! got An error occurred (AccessDeniedException) when calling the PutLifecyclePolicy operation: User: arn:aws:iam::************:user/erc-stage-circleci is not authorized to perform: ecr:PutLifecyclePolicy on resource: arn:aws:ecr:*********:************:repository/remind101/r101-api because no identity-based policy allows the ecr:PutLifecyclePolicy action (https://app.circleci.com/pipelines/github/remind101/r101-api/11188/workflows/00a85887-5e28-4912-81d6-94738f99dbe9/jobs/258057).

Trust no one.

Copy link
Contributor

@isobit isobit May 26, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

WTF lol. Well, at least it would be good to have a comment to explain that.

valid min length: 100

🤔

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What do you mean with "at least"?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

added comment

{
"rules": [
{
"rulePriority": 1,
"description": "Keep latest master image",
"selection": {
"tagStatus": "tagged",
"tagPrefixList": ["master", "main"],
"countType": "imageCountMoreThan",
"countNumber": 5
},
"action": {
"type": "expire"
}
},
Lowercases marked this conversation as resolved.
Show resolved Hide resolved
{
"rulePriority": 2,
"description": "Expire all images older than 90 days.",
"selection": {
"countType": "sinceImagePushed",
"countNumber": 90,
"countUnit": "days"
},
"action": {
"type": "expire"
}
}
]
}
# provide the aws-ecr context (environment variables) to push docker_image into ecr.
# https://circleci.com/docs/2.0/ecs-ecr/#configure-circleci-environment-variables
context: aws-ecr
Expand Down