ci: disable proxy for ecr publish

ci: retry ecr login
ci: retry ecr push before cleanup
2026-05-21 17:05:24 +08:00 · 2026-05-21 17:02:47 +08:00 · 2026-05-21 16:59:57 +08:00
2 changed files with 24 additions and 10 deletions
@@ -73,6 +73,8 @@ jobs:
          ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }}
        run: |
          set -euo pipefail
+          export HTTP_PROXY= HTTPS_PROXY= ALL_PROXY= http_proxy= https_proxy= all_proxy=
+
          caller_account_id="$(aws sts get-caller-identity --query Account --output text)"
          if [ "${caller_account_id}" != "${AWS_ACCOUNT_ID}" ]; then
            echo "AWS_ACCOUNT_ID does not match caller identity" >&2
@@ -91,26 +93,41 @@ jobs:
              --image-scanning-configuration scanOnPush=true \
              --encryption-configuration encryptionType=AES256 >/dev/null

-          aws ecr get-login-password --region "${AWS_REGION}" \
-            | docker login --username AWS --password-stdin "${ecr_registry}"
+          retry() {
+            for attempt in 1 2 3; do
+              if "$@"; then
+                return 0
+              fi
+              if [ "${attempt}" -eq 3 ]; then
+                return 1
+              fi
+              sleep "$((attempt * 5))"
+            done
+          }

+          ecr_login() {
+            aws ecr get-login-password --region "${AWS_REGION}" \
+              | docker login --username AWS --password-stdin "${ecr_registry}"
+          }
+
+          retry ecr_login
          docker tag "${IMAGE_NAME}:prod-${GITHUB_SHA}" "${ecr_image}:latest"
+          retry docker push "${ecr_image}:latest"

-          image_ids="$(aws ecr list-images \
+          untagged_image_ids="$(aws ecr list-images \
            --region "${AWS_REGION}" \
            --repository-name "${ECR_REPOSITORY}" \
+            --filter tagStatus=UNTAGGED \
            --query 'imageIds[*]' \
            --output json)"
-          if [ "${image_ids}" != "[]" ]; then
+          if [ "${untagged_image_ids}" != "[]" ]; then
            aws ecr batch-delete-image \
              --region "${AWS_REGION}" \
              --repository-name "${ECR_REPOSITORY}" \
-              --image-ids "${image_ids}" >/dev/null \
+              --image-ids "${untagged_image_ids}" >/dev/null \
              || echo "Warning: ECR image cleanup failed; ensure the CI AWS user has ecr:BatchDeleteImage" >&2
          fi

-          docker push "${ecr_image}:latest"
-
  deploy-production:
    needs: build-backend-image
    runs-on: wsl2-docker-host
@@ -1,3 +0,0 @@
-# eryao
-
-eryao test repo
Author	SHA1	Message	Date
zl-q	9d17c7d8cc	ci: disable proxy for ecr publish	2026-05-21 17:05:24 +08:00
zl-q	5895b93b12	ci: retry ecr login	2026-05-21 17:02:47 +08:00
zl-q	08460c6ca9	ci: retry ecr push before cleanup	2026-05-21 16:59:57 +08:00