Avoid push on certain condition
Is it possible to skip pushing prepared docker image to ECR? We're using `build-docker-image` shell script from reference architecture (which on it's turn rely on `infrastucture-deployer`). During building application's docker images we would like to avoid them under certain conditions (example: builds on unmerged PRs) to be pushed to Amazon ECR. Deployment of application is performed only during merging PR. For sure, kaniko has option `--no-push`, which doing is exactly what is needed - build image, but do not upload it to container's registry. `build-docker-image` helper itself has also corresponding option `--skip-push` From what I've tried - simple appending `--skip-push` does not working. Example: ``` function build_docker_image { local -r region="$1" local -r sha="$2" local -r docker_tag="$3" local -r github_action="$4" local assume_role_exports assume_role_exports="$(assume_autodeploy_role)" local -a build_args=(--aws-region "$region" --) build_args+=(docker-image-builder build-docker-image) build_args+=(--repo "$REPO_HTTP") build_args+=(--sha "$sha") build_args+=(--context-path "$DOCKER_CONTEXT_PATH") build_args+=(--docker-image-tag "$DOCKER_REPO_URL:$docker_tag") if [[ ${github_action} == "pull_request" ]]; then build_args+=(--skip-push) fi (eval "$assume_role_exports" && infrastructure-deployer "${build_args[@]}") } ``` Which during execution converts to ``` `+ infrastructure-deployer --aws-region us-east-1 -- docker-image-builder build-docker-image --repo https://github.com/***/***.git --sha 7c6c704dad11fc2b86de61e1d4ff349163780b55 --context-path . --docker-image-tag *****.dkr.ecr.us-east-1.amazonaws.com/****:7c6c704dad11fc2b86de61e1d4ff349163780b55 --skip-push ``` and appears to be useless, as not accepted by `infrastructure-deployer` ``` [infrastructure-deployer] INFO[2022-05-03T20:08:03+03:00] Invoking Lambda function ecs-deploy-runner-invoker to trigger deployment. ERROR: OptionNotInAllowedOptionsError: Option --skip-push is not in the provided list of allowed options for the script. ``` What's meant way here to skip docker push properly?
This is currently not supported. The `build-docker-image` helper you are pointing to is different from the trigger command used by the ECS Deploy Runner (whose source is [here](https://github.com/gruntwork-io/terraform-aws-ci/blob/master/modules/ecs-deploy-runner/docker/kaniko/build_docker_image.go)). If you are looking to do only the build step without pushing, then the recommendation is to build the docker image directly in your CI server rather than going through the ECS Deploy Runner. The goal of the ECS Deploy Runner is to prevent arbitrary pushes of images to different ECR repos, so it is not necessary to go through the ECS Deploy Runner if you are not intending to push. With that said, I filed https://github.com/gruntwork-io/terraform-aws-ci/issues/439 to track this feature request. Please follow that ticket to be notified when this feature is implemented.