A shell script that builds a Docker image and pushes it to ECR

It was troublesome to build and tag each time, log in to ecr and push, so I wrote a script that does it with one command.

I don't usually write so much, so I don't know about Convention when writing Shell, and there may be some strange writing styles. I would be grateful if you could point out if you feel like it.

The one who wrote

#!/bin/sh

# Returns boolean indicates whether designated tagged-image exists.
  # arg1: repository name
  # arg2: tag name
function image_exists() {
  image=$(docker image ls -a | grep $1 | grep $2)

  if [ "$image" ]; then
    return 0;
  else
    return 1;
  fi
}

# Builds new image.
  # arg1: tag in the form like ${repository}:${tag}
  # arg2: Path to Dockerfile
function build_image() {
  docker build -t $1 -f $2 .
}

# Work on master branch
git checkout master

# Get latest master revision
revision=$(git rev-parse --short HEAD)

echo "Current master revision is ${revision}\n"

# Set constants
readonly repository=your-repository-name
readonly ecr_repository=************.dkr.ecr.<region>.amazonaws.com
readonly revised_repository=$repository:$revision
readonly ecr_revised_repository=$ecr_repository/$revised_repository
readonly path_to_dockerfile=<relative-path-to-dockerfile>

echo "local-repository: ${repository}
ecr-repository: ${ecr_repository}
local-revised-repository: ${revised_repository}
ecr-revised-repository: ${ecr_revised_repository}\n"

# Build current source if revision not exists
if image_exists $repository $revision; then
  # Do nothing.
  echo "local-revised-repository already exists. Skip build.\n"
  true;
else
  echo "Start building local-revised-repository."
  build_image $revised_repository $path_to_dockerfile;
fi

# Generate ecr-repository-tagged image if not exists
if image_exists $ecr_repository $revision; then
  # Do nothing.
  echo "ecr-revised-repository already exists. Skip tagging.\n"
  true;
else
  docker tag $revised_repository $ecr_revised_repository;
fi

#Set AWS credentials in this area as needed

# Login to ECR
aws ecr get-login-password --region <region> \
  | docker login --username AWS --password-stdin $ecr_repository

# Push new image to ECR
docker push $ecr_revised_repository

echo "Done.\n"

Implementation requirements

--If you tag it as latest, you won't know when it was built when you look at it later, so use the git revision at the time of release. --Caution: You should take the revision of the release branch, so change the master part as needed --Build if the image tagged with the specified revision does not already exist --Skip build if it exists --Tag the image for ECR with the specified revision tagged if it does not already exist --Skip tagging if it exists --Log in to ECR --Caution: Before logging in to the ECR, obtain the authentication information that can operate the AWS account in which the ECR exists. --Read the profile, if any. ――In my case, I need to obtain temporary authentication information with MFA, so that part is written. --Push the built image to ECR

Bonus: MFA verification

This was annoying, so I hope it helps someone.

#Accepts mfa code input from standard input
read -p "Input mfa code: " mfaCode

result=$(aws sts assume-role \
  --role-arn arn:aws:iam::************:role/<role-name> \
  --role-session-name <session-name> \
  --serial-number <mfa-serial> \
  --token-code $mfaCode --profile <profile-name>)

export AWS_ACCESS_KEY_ID=$(echo $result | jq ".Credentials.AccessKeyId" -r)
export AWS_SECRET_ACCESS_KEY=$(echo $result | jq ".Credentials.SecretAccessKey" -r)
export AWS_SESSION_TOKEN=$(echo $result | jq ".Credentials.SessionToken" -r)

Recommended Posts

A shell script that builds a Docker image and pushes it to ECR
I tried using Wercker to create and publish a Docker image that launches GlassFish 5.
Use Jenkins to build inside Docker and then create a Docker image.
Create a Docker Image for redoc-cli and register it on Docker Hub
Find a value that is convenient to have a method and make it a ValueObject
[Introduction to Docker] Create a Docker image for machine learning and use Jupyter notebook
A solution that makes it easy to input Procon and Web tests to verify results
Create a docker image that runs a simple Java app
How to deploy to Heroku from a local docker image
21 Load the script from a file and execute it
A shell script that builds a Docker image and pushes it to ECR
The story that docker had a hard time
A story about making a Builder that inherits the Builder
A description that only the poster can access
[Java] When writing the source ... A memorandum of understanding β‘ 
21 Load the script from a file and execute it
A command that definitely cleans the local docker environment
If you want to make a Java application a Docker image, it is convenient to use jib.
We have improved Easy Markdown and prepared a docker image that can be built immediately.
[Docker] Is it good enough to call it a multi-stage build? β†’ The story that became so good
Maybe it works! Create an image with Docker and share it!
Assign a Java8 lambda expression to a variable and reuse it
[Docker] Build a site on Hugo and publish it on GitHub
[Personal notes] How to push a Docker image to GitHub Packages
Build a Node-RED environment with Docker to move and understand
Code to specify the image name as a character string and paste it into ImageView (android)
Create a Spring Boot web app that uses IBM Cloudant and deploy it to Cloud Foundry
Docker settings and this and that
Create a private repository in Amazon ECR and push/pull the image
A solution to Docker errors that beginners tend to get stuck in
A little happy that Nginx's Docker container defaults to graceful shutdown
How to read a file and treat it as standard input
Image Spring Boot app using jib-maven-plugin and start it with Docker
Push the Docker Image distributed by Docker Hub to Google Container Registry and start the VM based on that Image
When calling sshpass from Java with shell etc., it seems that it is necessary to have a path.