Adding CHANGELOG and making profile optional

petewilcock · petewilcock · commit 81c4599494e9 · 2021-01-23T11:03:21.000Z
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -0,0 +1,9 @@
+# Changelog
+
+## 0.0.2
+
+Made provision of AWS profile credential optional. If not specified the awscli will look for credentials in order from the [usual sources](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html).
+
+## 0.0.1
+
+Initial release of ecs-mirror module
diff --git a/README.md b/README.md
@@ -7,20 +7,24 @@ In late 2020, Docker Hub announced that the Hub service would begin limiting the
 
 The [AWS recommendation](https://aws.amazon.com/blogs/containers/advice-for-customers-dealing-with-docker-hub-rate-limits-and-a-coming-soon-announcement/) for those not wishing to upgrade to a paid plan is to mirror the Dockerhub image to their own AWS ECR repository. 
 
-This simple task requires a basic 'pull from Dockerhub-push to ECR' loop for which there exists no good bootstrapping solution (outside of a convolution such as a CodeBuild pipeline) for a new ECR repository that would look to use a Dockerhub image as its 'base' image which can then be used in subsequent builds without the pull limits. 
+This simple task requires a basic 'pull from Dockerhub-push to ECR' loop for which there exists no simple bootstrapping solution. The typical use case is a new ECR repository that would look to use a Dockerhub image as its 'base' image which can then be used in subsequent builds without the pull limits. 
 
 This module is a simple terraform `local-exec` provisioner which runs the required awscli and docker push commands to ECR, and can be woven in to your existing set-up. 
 
 ## Requirements
 
-- aws-cli installed and configured with a named [profile](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html) that has permissions to push to the desired ECR repository
+- aws-cli v2 installed and configured with a named [profile](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html) that has permissions to push to the desired ECR repository
 - [Docker installed](https://docs.docker.com/engine/install/) on the machine executing terraform, and permissions for the user executing terraform to run docker commands (e.g. by adding the user to the 'docker' user group)
 
+## Idempotence
+
+As this module is essentially running a series of bash commands, it ensures idempotence by triggering only when any of the values of the `docker_source`, `ecr_repo_name` or `ecr_repo_tag` variables are changed.
+
 ## Usage Example
 
 ```
 module "ecr_mirror" {
-  source = "./docker_init"
+  source = "TechToSpeech/terraform-aws-ecr-mirror.git"
   aws_account_id = "123456544225"
   aws_region = "eu-west-1"
   docker_source = "wordpress:php7.4-apache"
diff --git a/docker_pullpush.sh b/docker_pullpush.sh
@@ -1,4 +1,10 @@
+#!/bin/bash
+
+if [[ ${#6} -gt 0 ]]; then
+    profile="--profile $6"
+fi
+
 docker pull $1
-aws ecr get-login-password --region $2 --profile $4 | docker login --username AWS --password-stdin $3.dkr.ecr.$2.amazonaws.com
-docker tag $1 $3.dkr.ecr.eu-west-1.amazonaws.com/$5:$6
-docker push $3.dkr.ecr.eu-west-1.amazonaws.com/$5:$6
+aws ecr get-login-password --region $2 $profile | docker login --username AWS --password-stdin $3.dkr.ecr.$2.amazonaws.com
+docker tag $1 $3.dkr.ecr.eu-west-1.amazonaws.com/$4:$5
+docker push $3.dkr.ecr.eu-west-1.amazonaws.com/$4:$5
diff --git a/main.tf b/main.tf
@@ -0,0 +1,9 @@
+resource "null_resource" "docker_pullpush" {
+
+  triggers = {
+    shell_hash = sha256("${var.docker_source}${var.ecr_repo_name}${var.ecr_repo_tag}")
+  }
+  provisioner "local-exec" {
+      command = "${abspath(path.module)}/docker_pullpush.sh ${var.docker_source} ${var.aws_region} ${var.aws_account_id} ${var.ecr_repo_name} ${var.ecr_repo_tag} ${var.aws_profile}"
+  }
+}
diff --git a/main.tf.tf b/main.tf.tf
diff --git a/variables.tf b/variables.tf
@@ -11,7 +11,8 @@ variable "aws_account_id" {
 }
 
 variable "aws_profile" {
-    description = "The awscli profile name (located in the ~/.aws/credentials file) used to authenticate the ECR login and push."
+    description = "The awscli profile name (located in the ~/.aws/credentials file) used to authenticate the ECR login and push (Optional)"
+    default = ""
 }
 
 variable "ecr_repo_name" {

Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,8 @@ variable "aws_account_id" {`
`11`	`11`	`}`
`12`	`12`
`13`	`13`	`variable "aws_profile" {`
`14`		`- description = "The awscli profile name (located in the ~/.aws/credentials file) used to authenticate the ECR login and push."`
	`14`	`+ description = "The awscli profile name (located in the ~/.aws/credentials file) used to authenticate the ECR login and push (Optional)"`
	`15`	`+ default = ""`
`15`	`16`	`}`
`16`	`17`
`17`	`18`	`variable "ecr_repo_name" {`