buildkite · bshelton229 · Nov 3, 2020
@@ -48,6 +48,7 @@ PLUGINS_ENABLED=()
 [[ $SECRETS_PLUGIN_ENABLED == "true" ]] && PLUGINS_ENABLED+=("secrets")
 [[ $ECR_PLUGIN_ENABLED == "true" ]] && PLUGINS_ENABLED+=("ecr")
 [[ $DOCKER_LOGIN_PLUGIN_ENABLED == "true" ]] && PLUGINS_ENABLED+=("docker-login")
+[[ ${ECR_CRED_HELPER_PLUGIN_ENABLED:-} == "true" ]] && PLUGINS_ENABLED+=("ecr-cred-helper")
 
 # cfn-env is sourced by the environment hook in builds
 cat << EOF > /var/lib/buildkite-agent/cfn-env

@@ -8,6 +8,9 @@ source ~/cfn-env
 BUILDKITE_DOCKER_CONFIG_TEMP_DIRECTORY=$(mktemp -d)
 export BUILDKITE_DOCKER_CONFIG_TEMP_DIRECTORY
 export DOCKER_CONFIG="$BUILDKITE_DOCKER_CONFIG_TEMP_DIRECTORY"
+DOCKER_CONFIG_FILE="${DOCKER_CONFIG}/config.json"
+# Write an empty docker config file
+echo '{}' > $DOCKER_CONFIG_FILE
 
 echo "~~~ :llama: Setting up elastic stack environment ($BUILDKITE_STACK_VERSION)"
 cat ~/cfn-env
@@ -39,10 +42,12 @@ echo "Configuring built-in plugins"
 [[ ! ${SECRETS_PLUGIN_ENABLED:-true} =~ (on|1|true) ]] && PLUGINS_ENABLED=${PLUGINS_ENABLED/secrets/}
 [[ ! ${DOCKER_LOGIN_PLUGIN_ENABLED:-true} =~ (on|1|true) ]] && PLUGINS_ENABLED=${PLUGINS_ENABLED/docker-login/}
 [[ ! ${ECR_PLUGIN_ENABLED:-true} =~ (on|1|true) ]] && PLUGINS_ENABLED=${PLUGINS_ENABLED/ecr/}
+[[ ! ${ECR_CRED_HELPER_PLUGIN_ENABLED:-true} =~ (on|1|true) ]] && PLUGINS_ENABLED=${PLUGINS_ENABLED/ecr-cred-helper/}
 
 SECRETS_PLUGIN_ENABLED=0
 DOCKER_LOGIN_PLUGIN_ENABLED=0
 ECR_PLUGIN_ENABLED=0
+ECR_CRED_HELPER_PLUGIN_ENABLED=0
 
 for plugin in $PLUGINS_ENABLED ; do
   case "$plugin" in
@@ -58,9 +63,17 @@ for plugin in $PLUGINS_ENABLED ; do
       export ECR_PLUGIN_ENABLED=1
       echo "ECR plugin enabled"
       ;;
+    ecr-cred-helper)
+      export ECR_CRED_HELPER_PLUGIN_ENABLED=1
+      echo "ECR cred helper plugin enabled"
+      ;;
   esac
 done
 
+if [[ "${ECR_CRED_HELPER_PLUGIN_ENABLED:-}" == "1" ]] ; then
+  cat <<< "$(jq '."credsStore"="ecr-login"' $DOCKER_CONFIG_FILE)" > $DOCKER_CONFIG_FILE
+fi
+
 if [[ -n "${BUILDKITE_SECRETS_BUCKET:-}" &&  "${SECRETS_PLUGIN_ENABLED:-}" == "1" ]] ; then
   export BUILDKITE_PLUGIN_S3_SECRETS_BUCKET="$BUILDKITE_SECRETS_BUCKET"
 

@@ -45,3 +45,6 @@ sudo curl -Lsf -o /usr/bin/jq https://github.com/stedolan/jq/releases/download/j
 sudo chmod +x /usr/bin/jq
 jq --version
 
+echo "Installing ecr credential helper..."
+sudo amazon-linux-extras enable docker
+sudo yum install -y amazon-ecr-credential-helper
@@ -86,6 +86,7 @@ Metadata:
         Parameters:
         - EnableSecretsPlugin
         - EnableECRPlugin
+        - EnableECRCredHelperPlugin
         - EnableDockerLoginPlugin
 
 Parameters:
@@ -341,6 +342,14 @@ Parameters:
       - "false"
     Default: "true"
 
+  EnableECRCredHelperPlugin:
+    Type: String
+    Description: Enables ecr credential helper plugin
+    AllowedValues:
+      - "true"
+      - "false"
+    Default: "false"
+
   EnableDockerLoginPlugin:
     Type: String
     Description: Enables docker-login plugin for all pipelines
@@ -915,6 +924,7 @@ Resources:
                   AWS_DEFAULT_REGION=${AWS::Region} \
                   SECRETS_PLUGIN_ENABLED=${EnableSecretsPlugin} \
                   ECR_PLUGIN_ENABLED=${EnableECRPlugin} \
+                  ECR_CRED_HELPER_PLUGIN_ENABLED=${EnableECRCredHelperPlugin} \
                   DOCKER_LOGIN_PLUGIN_ENABLED=${EnableDockerLoginPlugin} \
                   AWS_REGION=${AWS::Region} \
                     /usr/local/bin/bk-install-elastic-stack.sh