Provide official container that deploys to ECR
Problem to solve
As part of &1804, we should add support for AWS deployments in a simple way.
Similar to CircleCI orb (linked below) we want users to be able to Log into AWS, build and push image to Amazon ECR
Build images and push them to the Amazon Elastic Container Registry.
Intended users
Teams implementing CD for the cloud
Further details
How this looks in CircleCI orbs:
orbs:
aws-ecr: circleci/aws-ecr@x.y.z
version: 2.1
workflows:
build_and_push_image:
jobs:
- aws-ecr/build-and-push-image:
account-url: AWS_ECR_ACCOUNT_URL_ENV_VAR_NAME
aws-access-key-id: ACCESS_KEY_ID_ENV_VAR_NAME
aws-secret-access-key: SECRET_ACCESS_KEY_ENV_VAR_NAME
context: myContext
create-repo: true
dockerfile: myDockerfile
path: pathToMyDockerfile
profile-name: myProfileName
region: AWS_REGION_ENV_VAR_NAME
repo: myECRRepository
tag: 'latest,myECRRepoTag'
Proposal
- Using #31167 (closed), users can access the AWS cLI.
- They need to log into Amazon ECR (Requires environment variables for AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY)
- Build a docker image
- Authenticate into the Amazon ECR service
- Push a container image to the Amazon ECR registry
Possible gitlab-ci.yml file (linked below):
image: docker:latest
variables:
REPOSITORY_URL: <AWS ACCOUNT ID>.dkr.ecr.eu-central-1.amazonaws.com/<ECS REPOSITORY NAME>
REGION: eu-central-1
TASK_DEFINTION_NAME: <TASK DEFINITION NAME>
CLUSTER_NAME: <CLUSTER NAME>
SERVICE_NAME: <SERVICE NAME>
services:
- docker:dind
before_script:
- apk add --no-cache curl jq python py-pip
- pip install awscli
- $(aws ecr get-login --no-include-email --region "${REGION}")
- IMAGE_TAG="$(echo $CI_COMMIT_SHA | head -c 8)"
stages:
- build
- deploy
build:
stage: build
script:
- echo "Building image..."
- docker build -t $REPOSITORY_URL:latest .
- echo "Tagging image..."
- docker tag $REPOSITORY_URL:latest $REPOSITORY_URL:$IMAGE_TAG
- echo "Pushing image..."
- docker push $REPOSITORY_URL:latest
- docker push $REPOSITORY_URL:$IMAGE_TAG
only:
- master
deploy:
stage: deploy
script:
- echo $REPOSITORY_URL:$IMAGE_TAG
- TASK_DEFINITION=$(aws ecs describe-task-definition --task-definition "$TASK_DEFINTION_NAME" --region "${REGION}")
- NEW_CONTAINER_DEFINTIION=$(echo $TASK_DEFINITION | python $CI_PROJECT_DIR/update_task_definition_image.py $REPOSITORY_URL:$IMAGE_TAG)
- echo "Registering new container definition..."
- aws ecs register-task-definition --region "${REGION}" --family "${TASK_DEFINTION_NAME}" --container-definitions "${NEW_CONTAINER_DEFINTIION}"
- echo "Updating the service..."
- aws ecs update-service --region "${REGION}" --cluster "${CLUSTER_NAME}" --service "${SERVICE_NAME}" --task-definition "${TASK_DEFINTION_NAME}"
only:
- master
Permissions and Security
Following #207379 (closed)
Documentation
Availability & Testing
What does success look like, and how can we measure that?
We should measure the number of time this image is used
What is the type of buyer?
Links / references
https://gist.github.com/jlis/4bc528041b9661ae6594c63cd2ef673c See this orb's source: https://github.com/circleci-public/aws-ecr-orb
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.