Merge pull request #82 from mhornbacher/master

feat: add profile support

README.md

@@ -54,6 +54,8 @@ Either a string, or a list of strings with AWS account IDs that correspond to th
 
 ### `no-include-email` (optional)
 
+> Obsolete if using AWS CLI version 1.17.10 or newer.
+
 Add `--no-include-email` to ecr get-login. Required for docker 17.06+, but needs aws-cli 1.11.91+.
 
 ### `region` (optional)
@@ -66,8 +68,16 @@ Retries login after a delay N times. Defaults to 0.
 
 ### `assume-role` (optional)
 
+> Updates AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SESSION_TOKEN environment variables.
+
 Assume an AWS IAM role before ECR login. Supports `role-arn` and `duration-seconds` (optional) per the [associated AWS CLI command.](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sts/assume-role.html)
 
+### `profile` (optional)
+
+> Requires AWS CLI version 1.17.10 or greater.
+
+Use a different AWS profile from the default during ECR login.
+
 ## License
 
 MIT (see [LICENSE](LICENSE))

hooks/environment

@@ -140,6 +140,13 @@ function login_using_aws_ecr_get_login_password() {
     echo >&2 "AWS region should be specified via plugin config or AWS_DEFAULT_REGION environment."
     echo >&2 "Defaulting to $region for legacy compatibility."
   fi
+
+  login_args=("--region" "${region}")
+
+  if [[ -n "${BUILDKITE_PLUGIN_ECR_PROFILE:-}" ]] ; then
+    login_args+=("--profile" "${BUILDKITE_PLUGIN_ECR_PROFILE}")
+  fi
+
   account_ids=()
   while IFS='' read -r line; do account_ids+=("$line"); done < <(plugin_read_list ACCOUNT_IDS | tr "," "\n")
   # check if account_ids is empty, or only contains an empty string.
@@ -153,7 +160,7 @@ function login_using_aws_ecr_get_login_password() {
   fi
   # amend the ~~~ log heading with ^^^ to add the AWS account IDs
   echo "^^^ Authenticating with AWS ECR in $region for ${account_ids[*]} :ecr: :docker:"
-  local password; password="$(retry "${BUILDKITE_PLUGIN_ECR_RETRIES:-0}" aws --region "$region" ecr get-login-password)"
+  local password; password="$(retry "${BUILDKITE_PLUGIN_ECR_RETRIES:-0}" aws ${login_args[@]+"${login_args[@]}"} ecr get-login-password)"
   for account_id in "${account_ids[@]}"; do
     retry "${BUILDKITE_PLUGIN_ECR_RETRIES:-0}" --with-stdin docker login --username AWS --password-stdin "$account_id.dkr.ecr.$region.amazonaws.com" <<< "$password"
   done

plugin.yml

@@ -26,5 +26,7 @@ configuration:
         duration-seconds:
           type: number
           default: 3600
+    profile:
+      type: string
   required:
     - login

tests/run.bats

@@ -6,6 +6,31 @@ load '/usr/local/lib/bats/load.bash'
 
 # export AWS_STUB_DEBUG=/dev/tty
 
+@test "ECR login; configured account ID, configured region, configured profile" {
+  export BUILDKITE_PLUGIN_ECR_LOGIN=true
+  export BUILDKITE_PLUGIN_ECR_ACCOUNT_IDS=321321321321
+  export BUILDKITE_PLUGIN_ECR_REGION=ap-southeast-2
+  export BUILDKITE_PLUGIN_ECR_PROFILE=ecr
+
+  stub aws \
+    "--version : echo aws-cli/2.0.0 Python/3.8.1 Linux/5.5.6-arch1-1 botocore/1.15.3" \
+    "--region ap-southeast-2 --profile ecr ecr get-login-password : echo hunter2"
+
+  stub docker \
+    "login --username AWS --password-stdin 321321321321.dkr.ecr.ap-southeast-2.amazonaws.com : cat > /tmp/password-stdin ; echo logging in to docker"
+
+  run "$PWD/hooks/environment"
+
+  assert_success
+  assert_output --partial "~~~ Authenticating with AWS ECR :ecr: :docker:"
+  assert_output --partial "^^^ Authenticating with AWS ECR in ap-southeast-2 for 321321321321 :ecr: :docker:"
+  assert_output --partial "logging in to docker"
+  [[ $(cat /tmp/password-stdin) == "hunter2" ]]
+
+  unstub aws
+  unstub docker
+}
+
 @test "ECR login; configured account ID, configured region" {
   export BUILDKITE_PLUGIN_ECR_LOGIN=true
   export BUILDKITE_PLUGIN_ECR_ACCOUNT_IDS=321321321321