nektos/actを試す
junya0530まずはWorkflowを検出する
act -l
INFO[0000] Using docker host 'unix:///var/run/docker.sock', and daemon socket 'unix:///var/run/docker.sock'
WARN ⚠ You are using Apple M-series chip and you have not specified container architecture, you might encounter issues while running act. If so, try running it with '--container-architecture linux/amd64'. ⚠
Stage Job ID Job name Workflow name Workflow file Events
0 build-and-push-container-image build-and-push-container-image build-and-push-container-image build-and-push-container-image.yaml workflow_dispatch
Worfflowはこれname: build-and-push-container-image
name: build-and-push-container-image
on:
workflow_dispatch:
inputs:
environment:
description: "Specify the image repository environment."
required: true
default: "dev"
build-target:
description: "Tag name of branch name to deploy (e.g. main, develop, v1.0.0 etc.)."
required: true
default: "main"
permissions:
id-token: write
contents: read
jobs:
build-and-push-container-image:
timeout-minutes: 5
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v5
with:
ref: ${{ github.event.inputs.build-target }}
- name: Get image tag
id: get-image-tag
run: |
SHORT_COMMIT_ID=$(git rev-parse --short HEAD)
REF=$(echo ${{ github.event.inputs.build-target }} | sed -e 's/\//-/g')
echo "image-tag=${REF}-${SHORT_COMMIT_ID}" >> $GITHUB_OUTPUT
- name: Assume role
uses: aws-actions/configure-aws-credentials@v5
with:
role-to-assume: ${{ secrets.IAM_ARN_TO_PUSH_IMAGE}}
aws-region: ap-northeast-1
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Build and push Docker image to Amazon ECR
uses: docker/build-push-action@v6
with:
context: "docker/html"
push: true
tags: ${{ steps.login-ecr.outputs.registry }}/sample-${{ github.event.inputs.environment }}-web:${{ steps.get-image-tag.outputs.image-tag }}
OIDCで認証させて動かしてみる。
inputにIAMロールArnを渡すフィールドを追加して渡してみたが、以下のエラーが出る。
act -P ubuntu-latest=catthehacker/ubuntu:act-latest --input aws_role_arn=arn:aws:iam::<AccountID>:role/sample-dev-role
:
[build-and-push-container-image/build-and-push-container-image] ⭐ Run Main Assume role
[build-and-push-container-image/build-and-push-container-image] 🐳 docker cp src=/Users/taniaijunya/.cache/act/aws-actions-configure-aws-credentials@v5/ dst=/var/run/act/actions/aws-actions-configure-aws-credentials@v5/
[build-and-push-container-image/build-and-push-container-image] 🐳 docker exec cmd=[/opt/acttoolcache/node/18.20.8/arm64/bin/node /var/run/act/actions/aws-actions-configure-aws-credentials@v5/dist/index.js] user= workdir=
| It looks like you might be trying to authenticate with OIDC. Did you mean to set the `id-token` permission? If you are not trying to authenticate with OIDC and the action is working successfully, you can ignore this message.
[build-and-push-container-image/build-and-push-container-image] ❗ ::error::Credentials could not be loaded, please check your action inputs: Could not load credentials from any providers
[build-and-push-container-image/build-and-push-container-image] ❌ Failure - Main Assume role [2.914872334s]
以下AIに確認してみた。
act環境のポイント
actはGitHub Actionsのローカル実行ツールですが、OIDC(id-token: write)によるAWS認証はGitHubの本番環境でのみ有効です。
actではOIDC認証は使えません。
そのため、aws-actions/configure-aws-credentials で role-to-assume を使う場合、actでは認証情報が取得できずエラーになります。
junya0530じゃあ、キーを直接渡す。
act -P ubuntu-latest=catthehacker/ubuntu:act-latest \
--env-file <(aws configure export-credentials \
--format env | sed 's/^export //') \
--input environment=dev --input=build-target=main
成功ログ
❯ act -P ubuntu-latest=catthehacker/ubuntu:act-latest --env-file <(aws configure export-credentials --format env | sed 's/^export //') --input environment=dev --input=build-target=main
INFO[0000] Using docker host 'unix:///var/run/docker.sock', and daemon socket 'unix:///var/run/docker.sock'
WARN ⚠ You are using Apple M-series chip and you have not specified container architecture, you might encounter issues while running act. If so, try running it with '--container-architecture linux/amd64'. ⚠
[build-and-push-container-image/build-and-push-container-image] ⭐ Run Set up job
[build-and-push-container-image/build-and-push-container-image] 🚀 Start image=catthehacker/ubuntu:act-latest
[build-and-push-container-image/build-and-push-container-image] 🐳 docker pull image=catthehacker/ubuntu:act-latest platform= username= forcePull=true
[build-and-push-container-image/build-and-push-container-image] using DockerAuthConfig authentication for docker pull
[build-and-push-container-image/build-and-push-container-image] 🐳 docker create image=catthehacker/ubuntu:act-latest platform= entrypoint=["tail" "-f" "/dev/null"] cmd=[] network="host"
[build-and-push-container-image/build-and-push-container-image] 🐳 docker run image=catthehacker/ubuntu:act-latest platform= entrypoint=["tail" "-f" "/dev/null"] cmd=[] network="host"
[build-and-push-container-image/build-and-push-container-image] 🐳 docker exec cmd=[node --no-warnings -e console.log(process.execPath)] user= workdir=
[build-and-push-container-image/build-and-push-container-image] ✅ Success - Set up job
[build-and-push-container-image/build-and-push-container-image] ☁ git clone 'https://github.com/actions/checkout' # ref=v5
[build-and-push-container-image/build-and-push-container-image] ☁ git clone 'https://github.com/aws-actions/configure-aws-credentials' # ref=v5
[build-and-push-container-image/build-and-push-container-image] ☁ git clone 'https://github.com/aws-actions/amazon-ecr-login' # ref=v2
[build-and-push-container-image/build-and-push-container-image] ☁ git clone 'https://github.com/docker/build-push-action' # ref=v6
[build-and-push-container-image/build-and-push-container-image] ⭐ Run Main Checkout repository
[build-and-push-container-image/build-and-push-container-image] 🐳 docker cp src=/Users/taniaijunya/.cache/act/actions-checkout@v5/ dst=/var/run/act/actions/actions-checkout@v5/
[build-and-push-container-image/build-and-push-container-image] 🐳 docker exec cmd=[/opt/acttoolcache/node/18.20.8/arm64/bin/node /var/run/act/actions/actions-checkout@v5/dist/index.js] user= workdir=
[build-and-push-container-image/build-and-push-container-image] ❓ add-matcher /run/act/actions/actions-checkout@v5/dist/problem-matcher.json
| Syncing repository: jnytnai0613/terraform-up-and-running
[build-and-push-container-image/build-and-push-container-image] ❓ ::group::Getting Git version info
| Working directory is '/Users/taniaijunya/src/github.com/jnytnai0613/terraform-up-and-running'
| [command]/usr/bin/git version
| git version 2.51.0
[build-and-push-container-image/build-and-push-container-image] ❓ ::endgroup::
[build-and-push-container-image/build-and-push-container-image] ⚙ ***
| Temporarily overriding HOME='/tmp/e921c0d6-c0ca-411b-b91a-2f633e874e45' before making global git config changes
| Adding repository directory to the temporary git global config as a safe directory
| [command]/usr/bin/git config --global --add safe.directory /Users/taniaijunya/src/github.com/jnytnai0613/terraform-up-and-running
| Deleting the contents of '/Users/taniaijunya/src/github.com/jnytnai0613/terraform-up-and-running'
[build-and-push-container-image/build-and-push-container-image] ❓ ::group::Initializing the repository
| [command]/usr/bin/git init /Users/taniaijunya/src/github.com/jnytnai0613/terraform-up-and-running
| hint: Using 'master' as the name for the initial branch. This default branch name
| hint: is subject to change. To configure the initial branch name to use in all
| hint: of your new repositories, which will suppress this warning, call:
| hint:
| hint: git config --global init.defaultBranch <name>
| hint:
| hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and
| hint: 'development'. The just-created branch can be renamed via this command:
| hint:
| hint: git branch -m <name>
| hint:
| hint: Disable this message with "git config set advice.defaultBranchName false"
| Initialized empty Git repository in /Users/taniaijunya/src/github.com/jnytnai0613/terraform-up-and-running/.git/
| [command]/usr/bin/git remote add origin https://github.com/jnytnai0613/terraform-up-and-running
[build-and-push-container-image/build-and-push-container-image] ❓ ::endgroup::
[build-and-push-container-image/build-and-push-container-image] ❓ ::group::Disabling automatic garbage collection
| [command]/usr/bin/git config --local gc.auto 0
[build-and-push-container-image/build-and-push-container-image] ❓ ::endgroup::
[build-and-push-container-image/build-and-push-container-image] ❓ ::group::Setting up auth
| [command]/usr/bin/git config --local --name-only --get-regexp core.sshCommand
| [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'core.sshCommand' && git config --local --unset-all 'core.sshCommand' || :"
| [command]/usr/bin/git config --local --name-only --get-regexp http.https://github.com/.extraheader
| [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'http.https://github.com/.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :"
| [command]/usr/bin/git config --local http.https://github.com/.extraheader AUTHORIZATION: basic ***
[build-and-push-container-image/build-and-push-container-image] ❓ ::endgroup::
[build-and-push-container-image/build-and-push-container-image] ❓ ::group::Fetching the repository
| [command]/usr/bin/git -c protocol.version=2 fetch --no-tags --prune --no-recurse-submodules --depth=1 origin +refs/heads/main*:refs/remotes/origin/main* +refs/tags/main*:refs/tags/main*
| From https://github.com/jnytnai0613/terraform-up-and-running
| * [new branch] main -> origin/main
[build-and-push-container-image/build-and-push-container-image] ❓ ::endgroup::
[build-and-push-container-image/build-and-push-container-image] ❓ ::group::Determining the checkout info
| [command]/usr/bin/git branch --list --remote origin/main
| origin/main
[build-and-push-container-image/build-and-push-container-image] ❓ ::endgroup::
| [command]/usr/bin/git sparse-checkout disable
| [command]/usr/bin/git config --local --unset-all extensions.worktreeConfig
[build-and-push-container-image/build-and-push-container-image] ❓ ::group::Checking out the ref
| [command]/usr/bin/git checkout --progress --force -B main refs/remotes/origin/main
| Switched to a new branch 'main'
| branch 'main' set up to track 'origin/main'.
[build-and-push-container-image/build-and-push-container-image] ❓ ::endgroup::
| [command]/usr/bin/git log -1 --format=%H
| 7d31ff190a08c10eecdadc35a8ff4e6b4dea5024
[build-and-push-container-image/build-and-push-container-image] ❓ ::remove-matcher owner=checkout-git::
[build-and-push-container-image/build-and-push-container-image] ✅ Success - Main Checkout repository [1.183100458s]
[build-and-push-container-image/build-and-push-container-image] ⚙ ::set-output:: commit=7d31ff190a08c10eecdadc35a8ff4e6b4dea5024
[build-and-push-container-image/build-and-push-container-image] ⚙ ::set-output:: ref=main
[build-and-push-container-image/build-and-push-container-image] ⭐ Run Main Get image tag
[build-and-push-container-image/build-and-push-container-image] 🐳 docker exec cmd=[bash -e /var/run/act/workflow/get-image-tag] user= workdir=
[build-and-push-container-image/build-and-push-container-image] ✅ Success - Main Get image tag [53.764583ms]
[build-and-push-container-image/build-and-push-container-image] ⚙ ::set-output:: image-tag=main-7d31ff1
[build-and-push-container-image/build-and-push-container-image] ⭐ Run Main Assume role
[build-and-push-container-image/build-and-push-container-image] 🐳 docker cp src=/Users/taniaijunya/.cache/act/aws-actions-configure-aws-credentials@v5/ dst=/var/run/act/actions/aws-actions-configure-aws-credentials@v5/
[build-and-push-container-image/build-and-push-container-image] 🐳 docker exec cmd=[/opt/acttoolcache/node/18.20.8/arm64/bin/node /var/run/act/actions/aws-actions-configure-aws-credentials@v5/dist/index.js] user= workdir=
| Proceeding with IAM user credentials
[build-and-push-container-image/build-and-push-container-image] ✅ Success - Main Assume role [1.029388875s]
[build-and-push-container-image/build-and-push-container-image] ⚙ ::set-env:: AWS_REGION=ap-northeast-1
[build-and-push-container-image/build-and-push-container-image] ⚙ ::set-env:: AWS_DEFAULT_REGION=ap-northeast-1
[build-and-push-container-image/build-and-push-container-image] ⚙ ::set-output:: aws-account-id=<AccountID>
[build-and-push-container-image/build-and-push-container-image] ⚙ ::set-output:: authenticated-arn=arn:aws:iam::<AccountID>:user/junyataniai
[build-and-push-container-image/build-and-push-container-image] ⭐ Run Main Login to Amazon ECR
[build-and-push-container-image/build-and-push-container-image] 🐳 docker cp src=/Users/taniaijunya/.cache/act/aws-actions-amazon-ecr-login@v2/ dst=/var/run/act/actions/aws-actions-amazon-ecr-login@v2/
[build-and-push-container-image/build-and-push-container-image] 🐳 docker exec cmd=[/opt/acttoolcache/node/18.20.8/arm64/bin/node /var/run/act/actions/aws-actions-amazon-ecr-login@v2/dist/index.js] user= workdir=
| Logging into registry <AccountID>.dkr.ecr.ap-northeast-1.amazonaws.com
[build-and-push-container-image/build-and-push-container-image] ⚙ ***
[build-and-push-container-image/build-and-push-container-image] ✅ Success - Main Login to Amazon ECR [805.643583ms]
[build-and-push-container-image/build-and-push-container-image] ⚙ ::set-output:: docker_username_<AccountID>dkr_ecr_ap_northeast_1_amazonaws_com=AWS
[build-and-push-container-image/build-and-push-container-image] ⚙ ::set-output:: docker_password<AccountID>_dkr_ecr_ap_northeast_1_amazonaws_com=***
[build-and-push-container-image/build-and-push-container-image] ⚙ ::set-output:: registry=<AccountID>.dkr.ecr.ap-northeast-1.amazonaws.com
[build-and-push-container-image/build-and-push-container-image] ⭐ Run Main Build and push Docker image to Amazon ECR
[build-and-push-container-image/build-and-push-container-image] 🐳 docker cp src=/Users/taniaijunya/.cache/act/docker-build-push-action@v6/ dst=/var/run/act/actions/docker-build-push-action@v6/
[build-and-push-container-image/build-and-push-container-image] 🐳 docker exec cmd=[/opt/acttoolcache/node/18.20.8/arm64/bin/node /var/run/act/actions/docker-build-push-action@v6/dist/index.js] user= workdir=
[build-and-push-container-image/build-and-push-container-image] ❓ ::group::GitHub Actions runtime token ACs
[build-and-push-container-image/build-and-push-container-image] 🚧 ::warning::ACTIONS_RUNTIME_TOKEN not set
[build-and-push-container-image/build-and-push-container-image] ❓ ::endgroup::
(省略)
[build-and-push-container-image/build-and-push-container-image] ❓ ::endgroup::
[build-and-push-container-image/build-and-push-container-image] ✅ Success - Post Build and push Docker image to Amazon ECR [415.903416ms]
[build-and-push-container-image/build-and-push-container-image] ⭐ Run Post Login to Amazon ECR
[build-and-push-container-image/build-and-push-container-image] 🐳 docker exec cmd=[/opt/acttoolcache/node/18.20.8/arm64/bin/node /var/run/act/actions/aws-actions-amazon-ecr-login@v2/dist/cleanup/index.js] user= workdir=
| Logging out of registry <AccountID>.dkr.ecr.ap-northeast-1.amazonaws.com
[build-and-push-container-image/build-and-push-container-image] ✅ Success - Post Login to Amazon ECR [64.83ms]
[build-and-push-container-image/build-and-push-container-image] ⭐ Run Post Assume role
[build-and-push-container-image/build-and-push-container-image] 🐳 docker exec cmd=[/opt/acttoolcache/node/18.20.8/arm64/bin/node /var/run/act/actions/aws-actions-configure-aws-credentials@v5/dist/cleanup/index.js] user= workdir=
[build-and-push-container-image/build-and-push-container-image] ✅ Success - Post Assume role [110.387208ms]
[build-and-push-container-image/build-and-push-container-image] ⚙ ::set-env:: AWS_SECRET_ACCESS_KEY=
[build-and-push-container-image/build-and-push-container-image] ⚙ ::set-env:: AWS_SESSION_TOKEN=
[build-and-push-container-image/build-and-push-container-image] ⚙ ::set-env:: AWS_DEFAULT_REGION=
[build-and-push-container-image/build-and-push-container-image] ⚙ ::set-env:: AWS_REGION=
[build-and-push-container-image/build-and-push-container-image] ⚙ ::set-env:: AWS_ACCESS_KEY_ID=
[build-and-push-container-image/build-and-push-container-image] ⭐ Run Post Checkout repository
[build-and-push-container-image/build-and-push-container-image] 🐳 docker exec cmd=[/opt/acttoolcache/node/18.20.8/arm64/bin/node /var/run/act/actions/actions-checkout@v5/dist/index.js] user= workdir=
| [command]/usr/bin/git version
| git version 2.51.0
[build-and-push-container-image/build-and-push-container-image] ⚙ ***
| Temporarily overriding HOME='/tmp/668349f1-f149-421f-9107-77dd226b72ef' before making global git config changes
| Adding repository directory to the temporary git global config as a safe directory
| [command]/usr/bin/git config --global --add safe.directory /Users/taniaijunya/src/github.com/jnytnai0613/terraform-up-and-running
| [command]/usr/bin/git config --local --name-only --get-regexp core.sshCommand
| [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'core.sshCommand' && git config --local --unset-all 'core.sshCommand' || :"
| [command]/usr/bin/git config --local --name-only --get-regexp http.https://github.com/.extraheader
| http.https://github.com/.extraheader
| [command]/usr/bin/git config --local --unset-all http.https://github.com/.extraheader
| [command]/usr/bin/git submodule foreach --recursive sh -c "git config --local --name-only --get-regexp 'http.https://github.com/.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :"
[build-and-push-container-image/build-and-push-container-image] ✅ Success - Post Checkout repository [134.937375ms]
[build-and-push-container-image/build-and-push-container-image] ⭐ Run Complete job
[build-and-push-container-image/build-and-push-container-image] Cleaning up container for job build-and-push-container-image
[build-and-push-container-image/build-and-push-container-image] ✅ Success - Complete job
[build-and-push-container-image/build-and-push-container-image] 🏁 Job succeeded
