ecr-wait-replication¶
ECR wait for replication
Wait until the image(s) just pushed under a mutable branch tag have finished ECR’s asynchronous cross-region replication, so a warm-standby region’s redeploy can’t pull the previous image. Resolves each tag to its digest in the source region and polls the digest’s replication status (digest, not tag, is what makes mutable-tag re-pushes safe). Assumes the deploy role via OIDC – the calling job needs permissions: id-token: write.
Inputs¶
Input |
Required |
Default |
Description |
|---|---|---|---|
|
yes |
— |
DEPLOY_ROLE_ARN – the deploy IAM role to assume via OIDC. |
|
yes |
— |
Source region (where the images were pushed – the app’s primary region). |
|
yes |
— |
Repository names to check, space-separated (e.g. “app/be app/opa app/render”). |
|
yes |
— |
The branch tag that was just pushed (e.g. branch-main). |
|
yes |
— |
Region the replicas must reach before this step succeeds. |
|
no |
|
Give up (and fail) if replication hasn’t completed after this long. |
Usage¶
- uses: actions/checkout@v6
- uses: FSHTech/github-actions/ecr-wait-replication@v1
with:
role-arn: ...
region: ...
repositories: ...
tag: ...
destination-region: ...