ci: disable proxy for ecr publish

ci: retry ecr login
2026-05-21 17:05:24 +08:00 · 2026-05-21 17:02:47 +08:00
1 changed files with 10 additions and 5 deletions
@@ -73,6 +73,8 @@ jobs:
          ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }}
        run: |
          set -euo pipefail
+          export HTTP_PROXY= HTTPS_PROXY= ALL_PROXY= http_proxy= https_proxy= all_proxy=
+
          caller_account_id="$(aws sts get-caller-identity --query Account --output text)"
          if [ "${caller_account_id}" != "${AWS_ACCOUNT_ID}" ]; then
            echo "AWS_ACCOUNT_ID does not match caller identity" >&2
@@ -91,11 +93,6 @@ jobs:
              --image-scanning-configuration scanOnPush=true \
              --encryption-configuration encryptionType=AES256 >/dev/null

-          aws ecr get-login-password --region "${AWS_REGION}" \
-            | docker login --username AWS --password-stdin "${ecr_registry}"
-
-          docker tag "${IMAGE_NAME}:prod-${GITHUB_SHA}" "${ecr_image}:latest"
-
          retry() {
            for attempt in 1 2 3; do
              if "$@"; then
@@ -107,6 +104,14 @@ jobs:
              sleep "$((attempt * 5))"
            done
          }
+
+          ecr_login() {
+            aws ecr get-login-password --region "${AWS_REGION}" \
+              | docker login --username AWS --password-stdin "${ecr_registry}"
+          }
+
+          retry ecr_login
+          docker tag "${IMAGE_NAME}:prod-${GITHUB_SHA}" "${ecr_image}:latest"
          retry docker push "${ecr_image}:latest"

          untagged_image_ids="$(aws ecr list-images \
Author	SHA1	Message	Date
zl-q	9d17c7d8cc	ci: disable proxy for ecr publish	2026-05-21 17:05:24 +08:00
zl-q	5895b93b12	ci: retry ecr login	2026-05-21 17:02:47 +08:00