Automating Docker Image Builds and AWS ECR Deployment with GitHub Actions
CI/CD pipeline with Amazon ECR and GitHub Actions
Introduction
In today's world, organizations must develop and deploy software quickly and reliably. Docker and Amazon ECR offer a powerful way to package applications into containers and manage them securely.
In this blog, I will show you how to automate the process of building Docker images and deploying them to AWS ECR using GitHub Actions. GitHub Actions lets you create custom automated workflows right in your GitHub repository. By combining GitHub Actions with Docker and AWS ECR, developers can easily build, test, and deploy their containerized apps in ECR.
What is ECR?
Amazon Elastic Container Registry (Amazon ECR) is a fully managed container registry offering high-performance hosting, so you can reliably deploy application images. It is like a secure storage space for containerized applications which is managed by Amazon. It's really fast and reliable, so you can easily store and deploy your application images and related files wherever you need them. Think of it as a safe storage place to keep all your application stuff, so you can use it whenever and wherever you want.
What is GitHub Actions?
GitHub Actions is a tool that allows developers to automate various software development workflows. It provides a (CI/CD) solution integrated directly into GitHub. With GitHub Actions, developers can build, test, and deploy their code directly from their GitHub repositories.
This automation simplifies the development process and ensures that code changes go through a series of predefined checks before being merged into the main codebase. These checks can include running unit tests, security scans, and more.
Steps to Build Image and Deploy to ECR using GitHub Actions
- Install AWS CLI : Install tha AWS CLI tool from https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html#getting-started-install-instructions
Here I have provided steps for installations in Linux.
Download the installation file using
curlUnzip the installer. If your Linux distribution doesn't have a built-in
unzipcommand, use an equivalent to unzip it.Run the install program. The installation command uses a file named
installin the newly unzippedawsdirectory.
$ curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
$ unzip awscliv2.zip
$ sudo ./aws/install
Create ECR Repository: Create a repository in ECR where you will store all the docker images and can fetch specific or the latest image whenever required.
Check the version :
aws --version
- Configure CLI tool to interact with your AWS account using
aws configure
Here it will ask AWS Access keys. Access keys consist of an access key ID and secret access key, which are used to sign to make requests to AWS.
If you don't have access keys, you can create them by using the IAM console.
Open the IAM console at https://console.aws.amazon.com/iam/.
Open the Security credentials tab, and then choose Create access key. It will generate Access Key ID and secret access key.
To download the key pair, choose Download .csv file. Store the .csv file with keys in a secure location.
Do not create access keys for the root user Because this will allow full access to all your resources for all AWS services, including your billing information.
Now go to your GitHub repository settings and Secrets and variables sections. Add the credentials in your GitHub repository secret.
Click on the New repository secret button and add AWS_ACCESS_KEY_ID , AWS_SECRET_ACCESS_KEY
- Create a GitHub Actions workflow in the repository actions tab. Replace the content with the following one.
name: Build and Push Image to AWS ECR
on:
push:
branches: [ "main" ]
env:
AWS_REGION: ap-south-1
ECR_REPOSITORY: url-shortener
permissions:
contents: read
jobs:
deploy:
name: Deploy
runs-on: ubuntu-latest
environment: production
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Get version tag
id: vars
run: echo "version=$(cat VERSION)" >> $GITHUB_OUTPUT
- name: Test output
run: echo ${{ steps.vars.outputs.version }}
- name: Build, tag, and push image to Amazon ECR
id: build-image
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: ${{env.ECR_REPOSITORY}}
IMAGE_TAG: ${{ steps.vars.outputs.version }}
run: |
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
Update the environment variables AWS_REGION and ECR_REPOSITORY with the specific region you are using for your AWS services and the name of the ECR repository you have created.
Make sure the Dockerfile is inside the root directory.
Create a VERSION File: In the root directory of your project. Inside this file, add the desired version number (e.g., 1.0.0). This file will hold the version information.
- name: Get version tag
id: vars
run: echo "version=$(cat VERSION)" >> $GITHUB_OUTPUT
- name: Test output
run: echo ${{ steps.vars.outputs.version }}
In this GitHub Actions workflow, we first use the cat command to read the content of the VERSION file and store it in a variable named version. Then, we set this variable as an environment variable using >> $GITHUB_OUTPUT.
Once you have committed the workflow to GitHub, the GitHub Actions will automatically start executing the defined workflow. It will build the Docker image, tag it with the specified version, and push it to the configured Amazon ECR repository, ensuring your application is ready to be deployed and accessed securely.
Congratulations! You have successfully created a GitHub workflow that builds and pushes container images to AWS ECR.