Add AWS ECR Login task

This task will be used to authenticate to Amazon ECR registry.

Signed-off-by: Divyansh42 <diagrawa@redhat.com>

task/aws-ecr-login/0.1/README.md

@@ -0,0 +1,49 @@
+# AWS ECR Login
+
+This task retrieves an `authentication token` using the GetAuthorizationToken API 
+that you can use to authenticate to an `Amazon ECR registry`. You can pass the 
+authorization token to the login command of the container client of your preference,
+such as the Docker CLI. After you have authenticated to an Amazon ECR registry with 
+this authentication token, you can use the client to push and pull images from that 
+registry as long as your IAM principal has access to do so until the token expires. 
+
+*NOTE*: The authorization token is valid for 12 hours.
+
+## Install the Task
+
+```
+kubectl apply -f https://raw.githubusercontent.com/tektoncd/catalog/master/task/aws-ecr-login/0.1/aws-ecr-login.yaml
+```
+
+## Parameters
+
+- **Region**: Region for AWS, ensure that you specify the same 
+    Region that your Amazon ECR registry exists in.
+
+## Workspaces
+
+- **secrets**: A workspace that consists of credentials required by the `aws` 
+    which needs to be mounted to their default path as required by the aws.
+
+## Secret
+
+AWS `credentials` and `config` both should be provided in the form of `secret`.
+
+Secret [example](../0.1/samples/secret.yaml)
+can be referred to create `aws-credentials`.
+
+Refer [aws docs](https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/setup-credentials.html) 
+guide for setting up AWS Credentials and Region.
+
+## Usage
+
+AWS ECR login task will be used to authenticate to Amazon ECR registry. 
+This Task will give the `authentication token` in form of `result` 
+of the task and this token can be used for authentication.
+
+Once you get the `authentication token` you can login using 
+the login command of the container client of your preference. 
+
+In the given [example](../0.1/samples) image is being pushed 
+to Amazon ECR Registry and `buildah` is used 
+as container client for the same.

task/aws-ecr-login/0.1/aws-ecr-login.yaml

@@ -0,0 +1,40 @@
+---
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: aws-ecr-login
+  labels:
+    app.kubernetes.io/version: "0.1"
+  annotations:
+    tekton.dev/pipelines.minVersion: "0.12.1"
+    tekton.dev/tags: aws, ecr
+    tekton.dev/displayName: "Amazon ECR Login"
+spec:
+  description: >-
+    This task retrieves an `authentication token` using the GetAuthorizationToken API
+    that you can use to authenticate to an `Amazon ECR registry`
+
+    You can pass the authorization token to the login command of the container
+    client of your preference, such as the Docker CLI. After you have
+    authenticated to an Amazon ECR registry with this authentication token, you
+    can use the client to push and pull images from that registry as long as your
+    IAM principal has access to do so until the token expires.
+
+  workspaces:
+    - name: secrets
+      mountPath: /tekton/home/.aws
+  params:
+    - name: region
+      type: string
+      default: "us-east-1"
+      description: |
+        Region for AWS, ensure that you specify the
+        same Region that your Amazon ECR registry exists in.
+  steps:
+    - name: get-login-password
+      image: amazon/aws-cli:latest
+      script: |
+        aws ecr get-login-password --region $(params.region) > $(results.password.path)
+  results:
+    - name: password
+      description: The password to authenticate to ecr registry.

task/aws-ecr-login/0.1/samples/run.yaml

@@ -0,0 +1,44 @@
+---
+apiVersion: tekton.dev/v1beta1
+kind: Pipeline
+metadata:
+  name: ecr-login-pipeline
+spec:
+  workspaces:
+    - name: secrets
+  tasks:
+    - name: ecr-get-password
+      taskRef:
+        name: aws-ecr-login
+      workspaces:
+        - name: secrets
+          workspace: secrets
+    - name: push-image
+      taskRef:
+        name: push-image
+      runAfter:
+        - ecr-get-password
+      workspaces:
+        - name: secrets
+          workspace: secrets
+      params:
+        - name: PASSWORD
+          value: $(tasks.ecr-get-password.results.password)
+        - name: AWS_ACCOUNT_ID
+          value: "269733383066"
+        - name: REGION
+          value: "us-east-1"
+  results:
+    - name: password
+---
+apiVersion: tekton.dev/v1beta1
+kind: PipelineRun
+metadata:
+  name: ecr-login-pipeline-run
+spec:
+  pipelineRef:
+    name: ecr-login-pipeline
+  workspaces:
+    - name: secrets
+      secret:
+        secretName: aws-credentials

task/aws-ecr-login/0.1/samples/secret.yaml

@@ -0,0 +1,20 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: aws-credentials
+type: Opaque
+stringData:
+  credentials: |-
+    [profile-name]
+    aws_access_key_id     = [aws_access_key_id]
+    aws_secret_access_key = [aws_secret_access_key]
+    [default]
+    aws_access_key_id     = [aws_access_key_id]
+    aws_secret_access_key = [aws_secret_access_key]
+  config: |-
+    [profile (profile-name)]
+    region = us-east-1
+    output = text
+    [default]
+    region = us-east-2

task/aws-ecr-login/0.1/samples/test-task.yaml

@@ -0,0 +1,31 @@
+---
+apiVersion: tekton.dev/v1beta1
+kind: Task
+metadata:
+  name: push-image
+spec:
+  workspaces:
+    - name: secrets
+      mountPath: /tekton/home/.aws
+  params:
+    - name: PASSWORD
+      type: string
+    - name: AWS_ACCOUNT_ID
+      type: string
+    - name: REGION
+      type: string
+  steps:
+    - name: pull-and-push
+      image: quay.io/buildah/stable:v1.14.8
+      script: |
+        # Login to ecr
+        buildah login \
+        --username AWS \
+        --password "$(params.PASSWORD)" \
+        "$(params.AWS_ACCOUNT_ID)".dkr.ecr."$(params.REGION)".amazonaws.com
+
+        # Pull and push to aws ecr
+        buildah pull hello-world
+        buildah push hello-world docker://"$(params.AWS_ACCOUNT_ID)".dkr.ecr."$(params.REGION)".amazonaws.com/hello-world
+      securityContext:
+        privileged: true