GitHub Actions CICD Pipeline to Create Docker Image and Push Docker Image into Amazon ECR | Integrate GitHub Actions with AWS ECR

Please find steps for integrating AWS ECR with GitHub Actions:

Pre-requisites:

• Make sure a Project is setup in GitHub with Dockerfile
• Create access keys in AWS
• Create AWS ECR repo if you don't have one.

What are we going to do in this lab?

1. Create a Repository in AWS ECR

2. Create AWS secret keys + access keys

3. Create secrets in GitHub Actions

4. Create workflow yaml

5. Add steps/tasks in the yaml file

6. Run the workflow yaml

7. Check if docker image is been stored in AWS ECR

How to Create a repo in ECR ?

Go to AWS console and search for ECR

Click on Create Repository

Enter name for your repo - all lower case and Click create repository

Once repo is created, choose the repo and click on view push commands. Note down the account ID

Add Access keys and Secret keys as Secrets in GitHub Actions

Go to your GitHub Repo --> Settings --> 

Click on Secrets and Variables under Security in left nav 

Click new Repository Secret

Create secrets in GitHub for AWS_REGION,  REPO_NAME,  AWS_SECRET_ACCESS_KEY and AWS_ACCESS_KEY_ID

Create GitHub Actions CICD workflow yaml:

Go to GitHub repo where your Java project is, create a new file:

.github/workflows/cicd.yml

The below file have four steps(tasks) 

    - Checkout

    - Install Java on runner

    - Build springboot Jar file using Maven

    - Build docker image and tag it

    - Upload docker image into AWS ECR

Copy the content from below:

name: cicd-workflow to create docker image and upload into AWS ECR
on:
  push:
    branches: [ "master" ]
jobs:
  job1:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v3
    - name: Set up JDK 17
      uses: actions/setup-java@v2
      with:
        distribution: 'adopt'
        java-version: '17'
    - name: Build with Maven
      run: mvn clean install
    - name: Setup AWS ECR Details
      uses: aws-actions/configure-aws-credentials@v1
      with:
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        aws-region: ${{secrets.AWS_REGION}}
    - name: Login to Amazon ECR
      id: login-pf-aws-ecr
      uses: aws-actions/amazon-ecr-login@v1
    - name: Build and push Docker image
      env:
        ECR_REGISTRY: ${{ steps.login-pf-aws-ecr.outputs.registry }}
        ECR_REPOSITORY: ${{secrets.REPO_NAME}}
        IMAGE_TAG: ${{ github.sha }}
      run: |
        docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
        docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG

Commit the file.

As soon as you commit, build will run immediately in GitHub Actions. 

Now you can see the output of build in Actions tab.

Please login to AWS console --> ECR and verify if image have been uploaded successfully.

Watch Steps in YouTube channel:

How to Create a Docker Image for Springboot App and Push Docker image into Amazon ECR from Azure DevOps Pipelines | Azure DevOps Pipelines to Build and Push a Docker image to AWS ECR

Amazon Elastic Container Registry (ECR) is a fully managed Docker container registry that makes it easy to store, share, and deploy container images. We will learn how to build docker image for a springboot microservices app using Azure DevOps(ADO) build pipeline and push docker image into AWS ECR.

What are we going to do in this lab?

1. Create a Repository in AWS ECR for storing docker images

2. Create an IAM user and AmazonEC2ContainerRegistryFullAccess policy.

3. Create access keys for IAM user in AWS console

4. Create service connection in AzureDevOps to connect to AWS using IAM user access & secret keys.

5. Create Azure DevOps Build pipeline with below tasks:

• maven build for building JAR
• build docker image
• push docker image into ECR

6. Verify if docker image has been pushed to AWS ECR

Pre-requisites:

• Azure DevOps Account setup and project is created in ADO
• Install AWS toolkit for Azure DevOps
• Setup springboot app in GitHub (you can fork this repository)
• Create service connection in ADO to connect to GitHub personal access Token

Watch Steps in YouTube channel:

Step 1 - Create a repo in ECR 

Go to AWS console, type ECR

Click on Create Repository

Enter name for your repo - all lower case and Click create repository

Create an IAM user

Go to AWS console --> IAM --> Add Users

Enter name for the user

Search for EC2 and choose AmazonEC2ContainerRegistryFullAccess

Click on Create User

Create security credentials

Click on user name ecr-user

Click on Security credentials

Create Access key

Create Service connection 

Go to Project settings --> Service Connections

Enter Access keys and Secret keys

Enter Connect name and select Grant access to all pipelines

Click on save

Create a classic Azure Build pipeline

Click on use the classic editor

Select GitHub and choose your spring-boot project and click continue

Choose a template for the pipeline, type docker and select docker container

Click on Apply

Select build Agent for the Pipeline

Choose Ubuntu latest as build agent

Add Pipeline variables

imageName as springboot-app

repoName as my-springboot-repo

Add Maven task for building springboot JAR file

Make sure Maven task is moved up..it should be a first task

enter maven goas as install

Customize build an image Task 

start customizing the task, choose the version as 2.0

Enter $(imageName) as  Container repository 

Select build as command from drop down

Tags as it have shown below

Remove push an image task

Add ECR push task

now configure the task

Select as shown in screenshot

Choose aws service connection from drop down

select region as per your settings.

select Image ID

enter as $(imageName):$(Build.BuildId)

Repo Name as $(repoName)

$(Build.BuildId) as tar repo tag

Save and Queue

Select ubuntu latest as build agent..do NOT select window agents.

Now make sure build is successful.

Verify if Docker image has been pushed into AWS ECR

Now login to AWS console --> Go to ECR--> select your repo. verify if image has been uploaded successfully.

Automate Docker builds using Jenkins Pipelines | Dockerize Python App | Upload Images into AWS ECR

We will learn how to automate Docker builds using Jenkins. We will use Python based application. I have already created a repo with source code + Dockerfile. We will see how to create Docker image and upload into AWS ECR successfully. We will not be using AWS access keys to upload image into ECR, we will be using IAM role and attach to Jenkins instance to access ECR.

- Automating builds
- Automating Docker image builds
- Automating Docker image upload into AWS ECR
- Automating Docker container provisioning

 

Watch here for YouTube channel:
 

Pre-requistes:
1. Jenkins is up and running
2. Docker installed on Jenkins instance. Click here to for integrating Docker and Jenkins
3. Docker and Docker pipelines plug-in are installed
4. Repo created in ECR, Click here to know how to do that.
5. port 8096 is opened up in firewall rules. 

6. Create an IAM role with AmazonEC2ContainerRegistryFullAccess policy, attach to Jenkins EC2 instance

Step # 1 - Create a pipeline in Jenkins, name can be anything

Step # 2 - Copy the pipeline code from below
Make sure you change red highlighted values below:
Your account_d should be updated and repo should be updated.

pipeline {
    agent any
    environment {
        registry = "acct_id.dkr.ecr.us-east-2.amazonaws.com/your_ecr_repo"
    }
   
    stages {
        stage('Cloning Git') {
            steps {
                checkout([$class: 'GitSCM', branches: [[name: '*/master']], doGenerateSubmoduleConfigurations: false, extensions: [], submoduleCfg: [], userRemoteConfigs: [[credentialsId: '', url: 'https://github.com/akannan1087/myPythonDockerRepo']]])     
            }
        }
  
    // Building Docker images
    stage('Building image') {
      steps{
        script {
          dockerImage = docker.build registry
        }
      }
    }
   
    // Uploading Docker images into AWS ECR

    stage('Pushing to ECR') {
     steps{  
         script {
                sh 'aws ecr get-login-password --region us-east-2 | docker login --username AWS --password-stdin acct_id.dkr.ecr.us-east-2.amazonaws.com'
                sh 'docker push acct_id.dkr.ecr.us-east-2.amazonaws.com/your_ecr_repo:latest'
         }
        }
      }
   
         // Stopping Docker containers for cleaner Docker run
     stage('stop previous containers') {
         steps {
            sh 'docker ps -f name=mypythonContainer -q | xargs --no-run-if-empty docker container stop'
            sh 'docker container ls -a -fname=mypythonContainer -q | xargs -r docker container rm'
         }
       }
      
    stage('Docker Run') {
     steps{
         script {
                sh 'docker run -d -p 8096:5000 --rm --name mypythonContainer acct_id.dkr.ecr.us-east-2.amazonaws.com/your_ecr_repo:latest'
            }
      }
    }
    }
}

Step # 3 - Click on Build - Build the pipeline

Once you create the pipeline and changes values per your ECR account ID, click on Build now.

Steps # 4 - Check Docker images are uploaded into ECR

Login to ECR, click on your repo, now you should see the image got uploaded.

Steps # 5 - Access PythonApp in the browser which is running inside docker container

Once build is successful, go to browser and enter http://public_dns_name:8096

You should see page like below:

How to setup Elastic Container Registry (ECR) for Docker on AWS | How to Create a Repo in ECR for Hosting Docker images | How to Push Docker image into Amazon ECR

Amazon ECR uses Amazon S3 for storage to make your container images highly available and accessible, allowing you to reliably deploy new containers for your applications. Amazon ECR transfers your container images over HTTPS and automatically encrypts your images at rest. Amazon ECR is integrated with Amazon Elastic Container Service (ECS), simplifying your development to production workflow.

What are we going to do in this lab?

1. Create a Repository in AWS ECR

2. Create an IAM role with AmazonEC2ContainerRegistryFullAccess policy.

3. Assign the role to EC2 instance

4. Download pythonApp from Github.

5. Build docker image for the Python App

6. Tag & push docker image to ECR

7. Run python app in Docker container

Pre-requisites:

• Ec2 instance up and running with Docker installed
• Make sure you open port 8081
  

Step 1 - Create a repo in ECR 

Go to AWS console and search for ECR

Click on Create Repository

Enter name for your repo - all lower case and Click create repository

Once repo is created, choose the repo and click on view push commands. Note down the account ID

Note the URL from step # 3 below, this will be used for tagging and pushing docker images into ECR.

That's it, you have created repo successfully. Let us create docker images and push it to above repo in ECR.

Step 2-  Create an IAM role
You need to create an IAM role with AmazonEC2ContainerRegistryFullAccess policy.
Go to AWS console, IAM, click on Roles. create a role

 

Select AWS services, Click EC2, Click on Next permissions.

 
 Now search for AmazonEC2ContainerRegistryFullAccess policy and click

Skip on create tag.
Now give a role name and create it.

Step 3 - Assign the role to EC2 instance

Go to AWS console, click on EC2, select EC2 instance, Choose instance setting.
Click on Attach/Replace IAM Role

Choose the role you have created from the dropdown.
Select the role and click on Apply.

Now Login to EC2 instance where you have installed Docker. You must be able to connect to AWS ECR through AWS CLI which can be installed by

sudo apt  install awscli -y

Once AWS CLI is installed, you can verify the installation:
aws --version

Now you can login to AWS ECR using CLI:

aws ecr get-login-password --region us-east-2 | docker login --username AWS --password-stdin your_acct_id.dkr.ecr.us-east-2.amazonaws.com

Where your_acct_id is from AWS ECR in the above picture.

You must get a message says Login succeeded. Now let's build a docker image, I have already created a public repo in Bitbucket. All you need to do is perform the below command to clone my repo:

Step 4 - Download GitHub Repo
git clone https://bitbucket.org/ananthkannan/mydockerrepo; cd mydockerrepo/pythonApp

Step 5 - Build Docker image
docker build . -t mypythonapp
the above command will build a docker image.

 

Now tag Docker image you had build
docker tag mypythonapp:latest your_acct_id.dkr.ecr.us-east-2.amazonaws.com/your-ecr-repo-name:latest

You can view the image you had built.

Step 6 - Push Docker image into AWS ECR

docker push your_acc_id.dkr.ecr.us-east-2.amazonaws.com/your-ecr-repo-name:latest

Now you should be able to login to ECR and see the images already uploaded.

 

Step 7 - Run Docker container from Docker image

sudo docker run -p 8081:5000 --rm --name myfirstApp1  your_acc_id.dkr.ecr.us-east-2.amazonaws.com/your-ecr-repo-name

Note: You can also create a ECR repo through AWS CLI command in AWS ECR.

aws ecr create-repository --repository-name myawesome-repo --region us-east-2

You can watch the steps on YouTube: