aws-build-push-ecr.gitlab-ci

Automate your CI/CD pipeline by building Docker images and pushing them to AWS ECR using GitLab CI. This guide provides a practical example for DevOps Alertmanager.

GitLab CI AWS ECR Build & Push

Automating Docker Image Deployment to AWS ECR with GitLab CI

This section details a GitLab CI configuration designed to automate the process of building Docker images and pushing them to Amazon Elastic Container Registry (ECR). This is a crucial step in modern DevOps workflows, enabling seamless deployment of containerized applications.

GitLab CI Configuration for AWS ECR

The following YAML configuration outlines the steps involved in building and pushing a Docker image to AWS ECR. It leverages environment variables for sensitive information and defines stages for pipeline execution.

variables:
  AWS_ACCOUNT_ID: $AWS_ACCOUNT_ID
  ECR_REGISTRY: $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com
  ECR_REPO: devops-alertmanager
  ALERTMANAGER_VERSION: 0.24.0
  DOCKER_HOST: tcp://docker:2375
  DOCKER_TLS_CERTDIR: ""

stages:
  - build

publish:
  stage: build
  image:
    name: amazon/aws-cli:2.3.2
    entrypoint: [""]
  tags:
    - dind
  services:
    - docker:19.03.12-dind
  before_script:
    - amazon-linux-extras install docker -y
    - aws --version
    - docker --version
  script:
    - docker build --build-arg ALERTMANAGER_VERSION=$ALERTMANAGER_VERSION --build-arg GIT_COMMIT=$CI_COMMIT_SHA -t $ECR_REPO:$ALERTMANAGER_VERSION .
    - docker tag $ECR_REPO:$ALERTMANAGER_VERSION $ECR_REGISTRY/$ECR_REPO:$ALERTMANAGER_VERSION
    - docker tag $ECR_REPO:latest $ECR_REGISTRY/$ECR_REPO:$ALERTMANAGER_VERSION
    - aws ecr get-login-password | docker login --username AWS --password-stdin $ECR_REGISTRY
    - docker push $ECR_REGISTRY/$ECR_REPO:$ALERTMANAGER_VERSION
    - docker push $ECR_REGISTRY/$ECR_REPO:latest
    - echo "pushed to $ECR_REGISTRY/$ECR_REPO:$ALERTMANAGER_VERSION and $ECR_REGISTRY/$ECR_REPO:latest"
  only:
    - master

Understanding the GitLab CI Script

This script defines a single job named publish within the build stage. It utilizes a specific Docker image for AWS CLI operations and runs within a Docker-in-Docker (dind) service. The before_script section ensures necessary tools are installed and verified. The main script block handles the Docker build, tagging, AWS ECR login, and subsequent image pushes. The job is configured to run only on the master branch.

Key Components and Best Practices

For a robust CI/CD pipeline, consider the following:

  • AWS Credentials Management: Securely manage your AWS access keys and secret access keys using GitLab CI/CD variables.
  • ECR Repository Setup: Ensure your AWS ECR repository is created and configured appropriately before running the pipeline.
  • Docker Image Optimization: Optimize your Dockerfiles for smaller image sizes and faster build times.
  • Versioning: Implement a clear versioning strategy for your Docker images, as demonstrated with ALERTMANAGER_VERSION.

This setup provides a solid foundation for automating your containerized deployments to AWS ECR.