I am pushing a docker image to ecr repo using the buildspec.yml file. This is what my buildspec.yml look like :-
version: 0.2
phases:
install:
runtime-versions:
nodejs: 16
pre_build:
commands:
- echo Logging in to Amazon ECR.....
- aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin <account-id>.dkr.ecr.us-east-1.amazonaws.com
- REPOSITORY_URI=<account-id>.dkr.ecr.us-east-1.amazonaws.com/vuejs
- IMAGE_TAG=$(echo $CODEBUILD_RESOLVED_SOURCE_VERSION | cut -c 1-7)
build:
commands:
- docker build -t $REPOSITORY_URI:$IMAGE_TAG .
post_build:
commands:
- echo Pushing image now...
- docker push $REPOSITORY_URI:$IMAGE_TAG
- printf '[{"name":"vuejs","imageUri":"%s"}]' $REPOSITORY_URI:$IMAGE_TAG > imagedefinitions.json
artifacts:
files:
- imagedefinitions.json
- appspec.yml
and this is my appspec.yml file :-
version: 0.0
os: linux
files:
- source: /
destination: /
Now my pipeline ( codepipeline ) passes but how can i configure my appspec.yml file to deploy docker container on my EC2 instance? Any help will be appreciated.
Related
I'm trying to setup my codebuild pipeline using AWS documentation. Everything goes fine to the moment when CodeBuild starts building docker image with this command
docker build -t $IMAGE_REPO_NAME:$IMAGE_TAG .
When processing this command AWS is throwing this error
Phase context status code: COMMAND_EXECUTION_ERROR Message: Error while executing command: docker build -t $IMAGE_REPO_NAME:$IMAGE_TAG .. Reason: exit status 125
ENV variables are set using CodeBuild and locally image building is working with the same command.
My buildspec file
version: 0.2
phases:
pre_build:
commands:
- echo Logging in to Amazon ECR...
- aws ecr get-login-password --region $AWS_DEFAULT_REGION | docker login --username AWS --password-stdin $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com
build:
commands:
- echo Build started on `date`
- echo Building the Docker image...
- IMAGE_TAG=$IMAGE_TAG
- IMAGE_REPO_NAME=$IMAGE_REPO_NAME
- docker build -t $IMAGE_REPO_NAME:$IMAGE_TAG .
- docker tag "$IMAGE_REPO_NAME:$IMAGE_TAG" "$AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME:$IMAGE_TAG"
post_build:
commands:
- echo Build completed on `date`
- echo Pushing the Docker image...
- docker push $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME:$IMAGE_TAG
The CodeBuild portion of my pipeline keeps failing with the following error:
BUILD_CONTAINER_UNABLE_TO_PULL_IMAGE: Unable to pull customer's container image. CannotPullContainerError: Error response from daemon: pull access denied for 123456789.dkr.ecr.us-east-1.amazonaws.com/diag_test, repository does not exist or may require 'docker login': denied: User: CodeBuild
I did some beginning research and saw that maybe the IAM role it was using didn't have enough permissions so I attached the AmazonEC2ContainerRegistryFullAccess policy to the role and attempted again - same results.
I verified the URI is correct.
What am I missing?
buildspec.yaml below:
version: 0.2
phases:
pre_build:
commands:
- echo Logging in to Amazon ECR...
- aws --version
- aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 12345678.dkr.ecr.us-east-1.amazonaws.com
- REPOSITORY_URI=12345678.dkr.ecr.us-east-1.amazonaws.com/diag_test
- COMMIT_HASH=$(echo $CODEBUILD_RESOLVED_SOURCE_VERSION | cut -c 1-7)
- IMAGE_TAG=${COMMIT_HASH:=latest}
build:
commands:
- echo Build started on `date`
- echo Building the Docker image...
- docker build -t $REPOSITORY_URI:latest .
- docker tag $REPOSITORY_URI:latest $REPOSITORY_URI:$IMAGE_TAG
post_build:
commands:
- echo Build completed on `date`
- echo Pushing the Docker images...
- docker push $REPOSITORY_URI:latest
- docker push $REPOSITORY_URI:$IMAGE_TAG
- echo Writing image definitions file...
- printf '[{"name":"diag_test","imageUri":"%s"}]' $REPOSITORY_URI:$IMAGE_TAG > imagedefinitions.json
artifacts:
files: imagedefinitions.json
Thanks in advance for the assist! :)
If you pull the ECR image in the CodeBuild pipeline, you should add this line:
aws ecr get-login-password --region $AWS_DEFAULT_REGION | docker login --username AWS --password-stdin $ACCOUNT_NUMBER.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com
You need to login like you did with Docker login.
If you use custom image for CodeBuild, you should add ECR policy
I have created a codebuild whereby the buildspec.yml is as follows (following the standard template given by AWS with minor modifications):
version: 0.2
phases:
pre_build:
commands:
- echo Logging in to Amazon ECR...
- aws --version
- $(aws ecr get-login --region $AWS_DEFAULT_REGION --no-include-email)
- REPOSITORY_URI=xxx.amazonaws.com/projectName
- COMMIT_HASH=$(echo $CODEBUILD_RESOLVED_SOURCE_VERSION | cut -c 1-7)
- IMAGE_TAG=${COMMIT_HASH:=test-cicd}
build:
commands:
- echo Building the docker image...
- docker build -t $REPOSITORY_URI:$COMMIT_HASH -t $REPOSITORY_URI:test-cicd .
- echo Finish building the docker image.
post_build:
commands:
- echo Pushing the docker images...
- docker push $REPOSITORY_URI:$IMAGE_TAG
- docker push $REPOSITORY_URI:test-cicd
- echo Finish pushing the docker images.
- echo Writing image definitions file...
- printf '[{"name":"testcicd","imageUri":"%s"}]' $REPOSITORY_URI:test-cicd > imagedefinitions.json
- cat imagedefinitions.json
artifacts:
files: imagedefinitions.json
The codebuild is successfully pushing the new docker image to ECR and creating the output artifact in S3:
Next I tried to create a codepipeline in which the source is ECR and next stage is to perform codedeploy to ECS. This is the codepipeline created:
However, in the codepipeline status, it shows that the output artifact could not be found:
However, I noticed that the output artifact is indeed in S3!?
I'm trying do a deploy in Ohio from São Paulo, I config the buildspec and the conf on .elasticbeanstalk to set a variable to received us-east as parameter.
I did many tryings to do this work but always the error "EXIT STATUS 4" show. This is my last attempt
COMMAND_EXECUTION_ERROR: Error while executing command: eb deploy Logoneagendamento-teste --region us-east-2. Reason: exit status 4
And the buildspec.yml is as follows
version: 0.2
phases:
install:
runtime-versions:
java: corretto8
commands:
- pip install --upgrade awsebcli awscli
build:
commands:
- echo Iniciando build...
- mvn package
- echo eb list --region
- eb list --region us-east-2
- echo Inciando deploy
- eb deploy $DEPLOY_ENV -r $AWS_DEFAULT_REGION
post_build:
commands:
#- command
#- command artifacts: files: - 'target/LogOne-Agendamento.jar'
# - location #name: $(date +%Y-%m-%d) discard-paths: yes –
so far in my buildspec.yml file I can create a docker image and store it in the ECR repository (I am using codepipeline). My question is how do I deploy it to my ECS instance through the buildspec.yml using the aws cli commands?
i am sharing buildspec.yaml file have a look
version: 0.1
phases:
pre_build:
commands:
- echo Setting timestamp for container tag
- echo `date +%s` > timestamp
- echo Logging into Amazon ECR...
- $(aws ecr get-login --region $AWS_DEFAULT_REGION)
build:
commands:
- echo Building and tagging container
- docker build -t $REPOSITORY_NAME .
- docker tag $REPOSITORY_NAME $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$REPOSITORY_NAME:$BRANCH-`cat ./timestamp`
post_build:
commands:
- echo Pushing docker image
- docker push $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$REPOSITORY_NAME:$BRANCH-`cat ./timestamp`
- echo Preparing CloudFormation Artifacts
- aws s3 cp s3://$ECS_Bucket/$ECS_SERVICE_KEY task-definition.template
- aws s3 cp s3://$ECS_Bucket/$ECS_SERVICE_PARAMS_KEY cf-config.json
artifacts:
files:
- task-definition.template
- cf-config.json
You can edit this more command for ECS instance i have return template which goes to cloud formation.
you can write simple awscli command to create cluster and pull images check this aws documentation: https://docs.aws.amazon.com/cli/latest/reference/ecs/index.html
sharing my own git check it out for more info: https://github.com/harsh4870/ECS-CICD-pipeline