It was troublesome to build and tag each time, log in to ecr and push, so I wrote a script that does it with one command.
I don't usually write so much, so I don't know about Convention when writing Shell, and there may be some strange writing styles. I would be grateful if you could point out if you feel like it.
#!/bin/sh
# Returns boolean indicates whether designated tagged-image exists.
# arg1: repository name
# arg2: tag name
function image_exists() {
image=$(docker image ls -a | grep $1 | grep $2)
if [ "$image" ]; then
return 0;
else
return 1;
fi
}
# Builds new image.
# arg1: tag in the form like ${repository}:${tag}
# arg2: Path to Dockerfile
function build_image() {
docker build -t $1 -f $2 .
}
# Work on master branch
git checkout master
# Get latest master revision
revision=$(git rev-parse --short HEAD)
echo "Current master revision is ${revision}\n"
# Set constants
readonly repository=your-repository-name
readonly ecr_repository=************.dkr.ecr.<region>.amazonaws.com
readonly revised_repository=$repository:$revision
readonly ecr_revised_repository=$ecr_repository/$revised_repository
readonly path_to_dockerfile=<relative-path-to-dockerfile>
echo "local-repository: ${repository}
ecr-repository: ${ecr_repository}
local-revised-repository: ${revised_repository}
ecr-revised-repository: ${ecr_revised_repository}\n"
# Build current source if revision not exists
if image_exists $repository $revision; then
# Do nothing.
echo "local-revised-repository already exists. Skip build.\n"
true;
else
echo "Start building local-revised-repository."
build_image $revised_repository $path_to_dockerfile;
fi
# Generate ecr-repository-tagged image if not exists
if image_exists $ecr_repository $revision; then
# Do nothing.
echo "ecr-revised-repository already exists. Skip tagging.\n"
true;
else
docker tag $revised_repository $ecr_revised_repository;
fi
#Set AWS credentials in this area as needed
# Login to ECR
aws ecr get-login-password --region <region> \
| docker login --username AWS --password-stdin $ecr_repository
# Push new image to ECR
docker push $ecr_revised_repository
echo "Done.\n"
--If you tag it as latest, you won't know when it was built when you look at it later, so use the git revision at the time of release.
--Caution: You should take the revision of the release branch, so change the master part as needed
--Build if the image tagged with the specified revision does not already exist
--Skip build if it exists
--Tag the image for ECR with the specified revision tagged if it does not already exist
--Skip tagging if it exists
--Log in to ECR
--Caution: Before logging in to the ECR, obtain the authentication information that can operate the AWS account in which the ECR exists.
--Read the profile, if any.
ββIn my case, I need to obtain temporary authentication information with MFA, so that part is written.
--Push the built image to ECR
This was annoying, so I hope it helps someone.
#Accepts mfa code input from standard input
read -p "Input mfa code: " mfaCode
result=$(aws sts assume-role \
--role-arn arn:aws:iam::************:role/<role-name> \
--role-session-name <session-name> \
--serial-number <mfa-serial> \
--token-code $mfaCode --profile <profile-name>)
export AWS_ACCESS_KEY_ID=$(echo $result | jq ".Credentials.AccessKeyId" -r)
export AWS_SECRET_ACCESS_KEY=$(echo $result | jq ".Credentials.SecretAccessKey" -r)
export AWS_SESSION_TOKEN=$(echo $result | jq ".Credentials.SessionToken" -r)
Recommended Posts