How can we share ECR login step between the jobs

Question

I created 3 jobs, all are building the image and pushing into the ECR but as you can see I have to repeat the Configure AWS Credentials and Log in to Amazon ECR step.

Is there a way to reduce it?

jobs:
  build-app1:
    steps:
    # see: https://github.com/aws-actions/configure-aws-credentials
    - name: Configure AWS Credentials
      uses: aws-actions/configure-aws-credentials@v1
      with:
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        aws-region: us-east-1

    # see: https://github.com/aws-actions/amazon-ecr-login
    - name: Log in to Amazon ECR
      id: login-ecr
      uses: aws-actions/amazon-ecr-login@v1

    - name: Build, tag, and push image to Amazon ECR
      env:
        ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
        ECR_REPOSITORY: reponame
        IMAGE_TAG: ${{ github.sha }}
      run: |
        docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
        docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
  build-app2:
    steps:
    # see: https://github.com/aws-actions/configure-aws-credentials
    - name: Configure AWS Credentials
      uses: aws-actions/configure-aws-credentials@v1
      with:
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        aws-region: us-east-1

    # see: https://github.com/aws-actions/amazon-ecr-login
    - name: Log in to Amazon ECR
      id: login-ecr
      uses: aws-actions/amazon-ecr-login@v1

    - name: Build, tag, and push image to Amazon ECR
      env:
        ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
        ECR_REPOSITORY: reponame2
        IMAGE_TAG: ${{ github.sha }}
      run: |
        docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
        docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
  build-app3:
    steps:
    # see: https://github.com/aws-actions/configure-aws-credentials
    - name: Configure AWS Credentials
      uses: aws-actions/configure-aws-credentials@v1
      with:
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        aws-region: us-east-1

    # see: https://github.com/aws-actions/amazon-ecr-login
    - name: Log in to Amazon ECR
      id: login-ecr
      uses: aws-actions/amazon-ecr-login@v1

    - name: Build, tag, and push image to Amazon ECR
      env:
        ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
        ECR_REPOSITORY: reponame3
        IMAGE_TAG: ${{ github.sha }}
      run: |
        docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
        docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG

Answer 1

You can't as each job may represent a different machine. So basically once your job is finished machine is cleared and goes back to the pool and become available for a another workload.

Answer 2

You can have matrix and run all three parallel. Below is the code snippet

jobs:
  build-app:
  runs-on: ubuntu-latest
  strategy:
      matrix:
        Repo: [Repo1, Repo2, Repo3]
    steps:
    # see: https://github.com/aws-actions/configure-aws-credentials
    - name: Configure AWS Credentials
      uses: aws-actions/configure-aws-credentials@v1
      with:
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        aws-region: us-east-1

    # see: https://github.com/aws-actions/amazon-ecr-login
    - name: Log in to Amazon ECR
      id: login-ecr
      uses: aws-actions/amazon-ecr-login@v1

    - name: Build, tag, and push image to Amazon ECR
      env:
        ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
        ECR_REPOSITORY:  ${{ matrix.Repo }}
        IMAGE_TAG: ${{ github.sha }}
      run: |
        docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
        docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG

Or if you feel running three jobs on three different machines is not suitable for your needs then below shell script might help you

#!/bin/bash

ECR_IMAGE_NAME=<Image Name>
ECR_REPO_NAME=<ECR REPO 1>
ECR_IMAGE_URL=$ECR_REPO_NAME/$ECR_IMAGE_NAME:$GITHUB_SHA

echo "Login in ECR"
aws ecr get-login-password --region $AWS_REGION | docker login --username AWS --password-stdin $ECR_REPO_NAME
echo "logged in ECR"
docker build -t $ECR_IMAGE_NAME .
docker tag $ECR_IMAGE_NAME $ECR_IMAGE_URL
docker push $ECR_IMAGE_URL

echo "Logging out of $ECR_REPO_NAME"
docker logout
###########################################
ECR_IMAGE_NAME=<Image Name>
ECR_REPO_NAME=<ECR REPO 2>
ECR_IMAGE_URL=$ECR_REPO_NAME/$ECR_IMAGE_NAME:$GITHUB_SHA

echo "Login in ECR"
aws ecr get-login-password --region $AWS_REGION | docker login --username AWS --password-stdin $ECR_REPO_NAME
echo "logged in ECR"
docker build -t $ECR_IMAGE_NAME .
docker tag $ECR_IMAGE_NAME $ECR_IMAGE_URL
docker push $ECR_IMAGE_URL

echo "Logging out of $ECR_REPO_NAME"
docker logout
#########################################
ECR_IMAGE_NAME=<Image Name>
ECR_REPO_NAME=<ECR REPO 3>
ECR_IMAGE_URL=$ECR_REPO_NAME/$ECR_IMAGE_NAME:$GITHUB_SHA

echo "Login in ECR"
aws ecr get-login-password --region $AWS_REGION | docker login --username AWS --password-stdin $ECR_REPO_NAME
echo "logged in ECR"
docker build -t $ECR_IMAGE_NAME .
docker tag $ECR_IMAGE_NAME $ECR_IMAGE_URL
docker push $ECR_IMAGE_URL

echo "Logging out of $ECR_REPO_NAME"
docker logout

And run this script alone after the aws login step since all three repos are in same region,

jobs:
  build-app:
  runs-on: ubuntu-latest
steps:
    # see: https://github.com/aws-actions/configure-aws-credentials
    - name: Configure AWS Credentials
      uses: aws-actions/configure-aws-credentials@v1
      with:
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        aws-region: us-east-1
    - name: Push Docker Images to ECR
      run: chmod +x script.sh && ./script.sh
      env: 
       GITHUB_SHA: ${{github.sha}}
       AWS_REGION: us-east-1