aws-build-push-ecr.gitlab-ci
Automate your CI/CD pipeline by building Docker images and pushing them to AWS ECR using GitLab CI. This guide provides a practical example for DevOps Alertmanager.
GitLab CI AWS ECR Build & Push
Automating Docker Image Deployment to AWS ECR with GitLab CI
This section details a GitLab CI configuration designed to automate the process of building Docker images and pushing them to Amazon Elastic Container Registry (ECR). This is a crucial step in modern DevOps workflows, enabling seamless deployment of containerized applications.
GitLab CI Configuration for AWS ECR
The following YAML configuration outlines the steps involved in building and pushing a Docker image to AWS ECR. It leverages environment variables for sensitive information and defines stages for pipeline execution.
variables:
AWS_ACCOUNT_ID: $AWS_ACCOUNT_ID
ECR_REGISTRY: $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com
ECR_REPO: devops-alertmanager
ALERTMANAGER_VERSION: 0.24.0
DOCKER_HOST: tcp://docker:2375
DOCKER_TLS_CERTDIR: ""
stages:
- build
publish:
stage: build
image:
name: amazon/aws-cli:2.3.2
entrypoint: [""]
tags:
- dind
services:
- docker:19.03.12-dind
before_script:
- amazon-linux-extras install docker -y
- aws --version
- docker --version
script:
- docker build --build-arg ALERTMANAGER_VERSION=$ALERTMANAGER_VERSION --build-arg GIT_COMMIT=$CI_COMMIT_SHA -t $ECR_REPO:$ALERTMANAGER_VERSION .
- docker tag $ECR_REPO:$ALERTMANAGER_VERSION $ECR_REGISTRY/$ECR_REPO:$ALERTMANAGER_VERSION
- docker tag $ECR_REPO:latest $ECR_REGISTRY/$ECR_REPO:$ALERTMANAGER_VERSION
- aws ecr get-login-password | docker login --username AWS --password-stdin $ECR_REGISTRY
- docker push $ECR_REGISTRY/$ECR_REPO:$ALERTMANAGER_VERSION
- docker push $ECR_REGISTRY/$ECR_REPO:latest
- echo "pushed to $ECR_REGISTRY/$ECR_REPO:$ALERTMANAGER_VERSION and $ECR_REGISTRY/$ECR_REPO:latest"
only:
- master
Understanding the GitLab CI Script
This script defines a single job named publish
within the build
stage. It utilizes a specific Docker image for AWS CLI operations and runs within a Docker-in-Docker (dind) service. The before_script
section ensures necessary tools are installed and verified. The main script
block handles the Docker build, tagging, AWS ECR login, and subsequent image pushes. The job is configured to run only on the master
branch.
Key Components and Best Practices
For a robust CI/CD pipeline, consider the following:
- AWS Credentials Management: Securely manage your AWS access keys and secret access keys using GitLab CI/CD variables.
- ECR Repository Setup: Ensure your AWS ECR repository is created and configured appropriately before running the pipeline.
- Docker Image Optimization: Optimize your Dockerfiles for smaller image sizes and faster build times.
- Versioning: Implement a clear versioning strategy for your Docker images, as demonstrated with
ALERTMANAGER_VERSION
.
This setup provides a solid foundation for automating your containerized deployments to AWS ECR.