Implementing ECR in Jenkins Pipeline
Basic terminology and links
- Jenkins - a leading open source automation server.
- Jenkins pipeline - a suite of plugins which supports implementing and integrating continuous delivery pipelines into Jenkins.
- Jenkins declarative pipeline - a simplified and opinionated syntax on top of the Pipeline sub-systems.
- AWS ECR - Amazon EC2 Container Registry.
- Docker - the world’s leading software container platform.
Implementing ECR in Jenkins (declarative) Pipeline
This article will demonstrate how to implement ECR in Jenkins Pipeline. The code examples are in declarative pipeline, but can be easily adjusted to scripted pipeline, and some of it even are embeded as scripted pipleines using the ‘script’ blocks. The main pipeline is to build a Docker image and to upload it to ECR. In addition, the article shows how to pull an image from ECR and usage of it.
ECR and Jenkins preparations
In order to be able to ECR, you must perform the following actions:
- Register to AWS and enable the ECR service. Ask your AWS administrator to do it or use AWS help pages for it.
- Create ECR repository for your product
- Create AWS ACCESS KEY ID and AWS SECRET ACCESS KEY. Ask your AWS administrator to do it or use AWS help pages for it.
- Install aws CLI on the Jenkins server and it better be set in the PATH for ‘jenkins’ user.
- run aws configure command for jenkins user or put ~/.aws/credentials file for ‘jenkins’ user. The file must contain the AWS ACCESS KEY ID and AWS SECRET ACCESS KEY and can contains also the default region as well.
- Install Jenkins Amazon ECR Plugin
- Install and configure CloudBees AWS Credentials Jenkins Plugin using the AWS ACCESS KEY ID and AWS SECRET ACCESS KEY in it.
The pipeline for building and pushing a Docker image to ECR
The Docker image build and push to ECR Jenkinsfile:
pipeline
{
options
{
buildDiscarder(logRotator(numToKeepStr: '3'))
}
agent any
environment
{
VERSION = 'latest'
PROJECT = 'tap_sample'
IMAGE = 'tap_sample:latest'
ECRURL = 'http://999999999999.dkr.ecr.eu-central-1.amazonaws.com'
ECRCRED = 'ecr:eu-central-1:tap_ecr'
}
stages
{
stage('Build preparations')
{
steps
{
script
{
// calculate GIT lastest commit short-hash
gitCommitHash = sh(returnStdout: true, script: 'git rev-parse HEAD').trim()
shortCommitHash = gitCommitHash.take(7)
// calculate a sample version tag
VERSION = shortCommitHash
// set the build display name
currentBuild.displayName = "#${BUILD_ID}-${VERSION}"
IMAGE = "$PROJECT:$VERSION"
}
}
}
stage('Docker build')
{
steps
{
script
{
// Build the docker image using a Dockerfile
docker.build("$IMAGE","examples/pipelines/TAP_docker_image_build_push_ecr")
}
}
}
stage('Docker push')
{
steps
{
script
{
// login to ECR - for now it seems that that the ECR Jenkins plugin is not performing the login as expected. I hope it will in the future.
sh("eval \$(aws ecr get-login --no-include-email | sed 's|https://||')")
// Push the Docker image to ECR
docker.withRegistry(ECRURL, ECRCRED)
{
docker.image(IMAGE).push()
}
}
}
}
}
post
{
always
{
// make sure that the Docker image is removed
sh "docker rmi $IMAGE | true"
}
}
}
[ Code source: tikal-advanced-pipeline ]
Please notice that:
- For ECR login I’ve used aws CLI command. I was expecting that the ECR plugin will perform the login, but it doesn’t.
- The version calculations are not the main topic here, it is just an example
Here’s an image of the pipeline job main screen after few builds:
Here’s an image of the ECR repository screen after the image upload:
The pipeline for pulling a Docker image from ECR
The Docker image pull from ECR Jenkinsfile:
pipeline
{
options
{
buildDiscarder(logRotator(numToKeepStr: '3'))
}
agent any
environment
{
PROJECT = 'tap_sample'
ECRURL = 'http://999999999999.dkr.ecr.eu-central-1.amazonaws.com'
ECRCRED = 'ecr:eu-central-1:tap_ecr'
}
stages
{
stage('Docker image pull')
{
steps
{
script
{
sh("eval \$(aws ecr get-login --no-include-email | sed 's|https://||')")
docker.withRegistry(ECRURL, ECRCRED)
{
docker.image(PROJECT).pull()
}
}
}
}
}
}
[ Code source: tikal-advanced-pipeline ]
For any help on this, contact me: yorammi