chore: add ecr permission. update image name (#8)

ashleyjtaylor · Mar 9, 2024 · 0f78f2c · 0f78f2c
1 parent 91e7736
commit 0f78f2c
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 13 deletions.
diff --git a/.github/workflows/infrastructure.yml b/.github/workflows/infrastructure.yml
@@ -3,7 +3,6 @@ name: infrastructure
 env:
   NODE_VERSION: 20
   OIDC_ROLE_ARN: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/saas-github-oidc-provider-role
-  # ECR_URI: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com
 
 permissions:
   id-token: write
@@ -60,21 +59,13 @@ jobs:
         if: ${{ steps.filter.outputs.images == 'true' }}
         working-directory: ./infrastructure
         run: |
-          # aws --version
-          # aws ecr get-login-password --region ${{ secrets.AWS_REGION }} | docker login --username AWS --password-stdin ${{ env.ECR_URI }}
-          aws ecr describe-repositories --repository-names base || aws ecr create-repository --repository-name base
-
-          # REPOSITORY_URI=${{ env.ECR_URI }}/base
-
-          # docker build -t $REPOSITORY_URI:latest -f ./src/images/Dockerfile.base .
-          # docker tag base:latest $REPOSITORY_URI:latest
-          # docker push $REPOSITORY_URI:latest
+          aws ecr describe-repositories --repository-names $REPOSITORY || aws ecr create-repository --repository-name $REPOSITORY
 
           docker build -t $REGISTRY/$REPOSITORY:latest -f ./src/images/Dockerfile.base .
           docker push $REGISTRY/$REPOSITORY:latest
         env:
           REGISTRY: ${{ steps.login-ecr.outputs.registry }}
-          REPOSITORY: base  
+          REPOSITORY: saas-base
 
       - name: Synth
         working-directory: ./infrastructure

diff --git a/infrastructure/src/constructs/oidc-provider.ts b/infrastructure/src/constructs/oidc-provider.ts
@@ -72,13 +72,14 @@ export default class OIDCProvider extends Construct {
               actions: [
                 'ecr:DescribeImages',
                 'ecr:DescribeRepositories',
+                'ecr:CreateRepository',
                 'ecr:CompleteLayerUpload',
                 'ecr:UploadLayerPart',
                 'ecr:InitiateLayerUpload',
                 'ecr:BatchCheckLayerAvailability',
                 'ecr:PutImage'
               ],
-              resources: [`arn:aws:ecr:::repository/${project}-dev-*`],
+              resources: [`arn:aws:ecr:::repository/${project}-*`],
               effect: Effect.ALLOW
             })
           ]

diff --git a/infrastructure/src/images/Dockerfile.base b/infrastructure/src/images/Dockerfile.base
@@ -2,4 +2,4 @@ FROM node:20-alpine3.19 AS setup
 RUN apk add --no-cache python3 make g++
 RUN apk add --no-cache jq
 RUN apk add --no-cache git
-RUN apk add --no-cache aws-cli
+RUN apk add --no-cache aws-cli