Merge pull request #430 from aws-actions/http-proxy

feat: add support for HTTP(s) proxy
aws-actions · Mar 29, 2023 · 7724c7e · 7724c7e
2 parents 62f4f87 + 454a99d
commit 7724c7e
Show file tree

Hide file tree

Showing 7 changed files with 2,258 additions and 220 deletions.
diff --git a/README.md b/README.md
@@ -7,8 +7,16 @@ Logs in the local Docker client to one or more Amazon ECR Private registries or
 <!-- toc -->
 
 - [Example of Usage](#examples-of-usage)
-- [Credentials and Region](#credentials-and-region)
+  - [Building and pushing an image](#building-and-pushing-an-image)
+  - [Using an image as a service](#using-an-image-as-a-service)
+- [Credentials](#credentials)
+  - [AWS credentials](#aws-credentials)
+  - [Docker credentials](#docker-credentials)
+- [Self-Hosted Runners](#self-hosted-runners)
+  - [Proxy configuration](#proxy-configuration)
 - [Permissions](#permissions)
+  - [ECR Private](#ecr-private)
+  - [ECR Public](#ecr-public)
 - [Troubleshooting](#troubleshooting)
 - [License Summary](#license-summary)
 - [Security Disclosures](#security-disclosures)
@@ -164,7 +172,7 @@ jobs:
 
 See [action.yml](action.yml) for the full documentation for this action's inputs and outputs.
 
-## Credentials and Region
+## Credentials
 
 ### AWS Credentials
 
@@ -204,6 +212,29 @@ If using ECR Public:
 
 To push Helm charts, you can also login through Docker. By default, Helm can authenticate with the same credentials that you use for Docker.
 
+## Self-Hosted Runners
+
+### Proxy Configuration
+
+If you run in self-hosted environments and/or in secured environments where you need to use a specific proxy, you can set it in the action manually.
+
+Additionally, this action will always consider an already configured proxy in the environment.
+
+Proxy configured via action input:
+```yaml
+uses: aws-actions/[email protected]
+with:
+  http-proxy: "http://companydomain.com:3128"
+````
+
+Proxy configured via an environment variable:
+```shell
+# Your environment configuration
+HTTP_PROXY="http://companydomain.com:3128"
+```
+
+The action will read the underlying proxy configuration from the environment, and you don't need to configure it in the action.
+
 ## Permissions
 
 ### ECR Private

diff --git a/action.yml b/action.yml
@@ -24,6 +24,10 @@ inputs:
       Options: [private, public]
     required: false
     default: private
+  http-proxy:
+    description: >-
+      Proxy to use for the AWS SDK agent.
+    required: false
 outputs:
   registry:
     description: >-

diff --git a/dist/index.js b/dist/index.js
diff --git a/index.js b/index.js
@@ -1,14 +1,16 @@
 const core = require('@actions/core');
 const exec = require('@actions/exec');
 const aws = require('aws-sdk');
+const proxy = require('https-proxy-agent');
 
 const ECR_LOGIN_GITHUB_ACTION_USER_AGENT = 'amazon-ecr-login-for-github-actions';
 const ECR_PUBLIC_REGISTRY_URI = 'public.ecr.aws';
 
 const INPUTS = {
   skipLogout: 'skip-logout',
   registries: 'registries',
-  registryType: 'registry-type'
+  registryType: 'registry-type',
+  httpProxy: 'http-proxy'
 };
 
 const OUTPUTS = {
@@ -27,8 +29,24 @@ const REGISTRY_TYPES = {
 };
 
 
-function replaceSpecialCharacters(registryUri) {
-  return registryUri.replace(/[^a-zA-Z0-9_]+/g, '_');
+function configureProxy(httpProxy) {
+  const proxyFromEnv = process.env.HTTP_PROXY || process.env.http_proxy;
+
+  if (httpProxy || proxyFromEnv) {
+    let proxyToSet;
+
+    if (httpProxy){
+      core.info(`Setting proxy from action input: ${httpProxy}`);
+      proxyToSet = httpProxy;
+    } else {
+      core.info(`Setting proxy from environment: ${proxyFromEnv}`);
+      proxyToSet = proxyFromEnv;
+    }
+
+    aws.config.update({
+      httpOptions: { agent: proxy(proxyToSet) }
+    });
+  }
 }
 
 async function getEcrAuthTokenWrapper(authTokenRequest) {
@@ -70,11 +88,16 @@ async function getEcrPublicAuthTokenWrapper(authTokenRequest) {
   };
 }
 
+function replaceSpecialCharacters(registryUri) {
+  return registryUri.replace(/[^a-zA-Z0-9_]+/g, '_');
+}
+
 async function run() {
   // Get inputs
   const skipLogout = core.getInput(INPUTS.skipLogout, { required: false }).toLowerCase() === 'true';
   const registries = core.getInput(INPUTS.registries, { required: false });
   const registryType = core.getInput(INPUTS.registryType, { required: false }).toLowerCase() || REGISTRY_TYPES.private;
+  const httpProxy = core.getInput(INPUTS.httpProxy, { required: false });
 
   const registryUriState = [];
 
@@ -83,6 +106,9 @@ async function run() {
       throw new Error(`Invalid input for '${INPUTS.registryType}', possible options are [${REGISTRY_TYPES.private}, ${REGISTRY_TYPES.public}]`);
     }
 
+    // Configures proxy
+    configureProxy(httpProxy);
+
     // Get the ECR/ECR Public authorization token(s)
     const authTokenRequest = {};
     if (registryType === REGISTRY_TYPES.private && registries) {