Introduction
Deploying Docker images to Amazon Elastic Container Registry (ECR) is a crucial step in the software development lifecycle. By automating this process using GitHub Actions, you can streamline your deployment workflow and ensure consistent and efficient delivery of your applications. In this blog post, we will explore how to leverage GitHub Actions to automate the deployment of Docker images to Amazon ECR, saving time and effort in the deployment process.
Prerequisites
GitHub Actions Enabled: GitHub Actions should be enabled for your repository. If it's not enabled, go to the "Actions" tab of your repository and follow the prompts to enable it.
Access Credentials: Ensure that you have the necessary access credentials to authenticate and interact with both AWS services (ECR) and your GitHub repository. This includes AWS access key ID, secret access key, and GitHub personal access token.
Dockerfile: Create a Dockerfile in the root of your project directory. The Dockerfile defines the instructions to build your Docker image, including the base image, dependencies, and runtime configurations.
AWS IAM Permissions: Make sure you have the required IAM permissions in your AWS account to create and manage ECR repositories, as well as to push and pull Docker images from the registry.
Knowledge of YAML and GitHub Actions: Familiarize yourself with YAML syntax and GitHub Actions concepts, such as workflows, jobs, steps, and event triggers. This knowledge will help you define and customize your deployment workflow effectively.
Workflow of the entire process
When a developer or user makes changes to the code and opens a pull request (PR), the CI/CD pipeline using GitHub Actions and ECR is triggered. The pipeline consists of various stages and steps, including testing the code changes, building the Docker image, and logging in to the AWS ECR repository using the correct AWS credentials. Once these stages are completed successfully, the Docker image is pushed to the ECR repository with the appropriate label and tag, indicating the version or release.
Why Automate Docker Image Deployment with GitHub Actions?
Manual deployment processes are prone to errors and can take up a lot of time, especially when deploying to multiple environments. However, by automating the deployment using GitHub Actions, you can enjoy several advantages:
Consistency: Automation ensures that each deployment follows the same steps and configurations, reducing the chances of mistakes and inconsistencies.
Efficiency: Automating the deployment process helps you save time and effort, allowing you to release updates more quickly and frequently.
Scalability: As your project expands, automated deployments make it easier to scale your infrastructure and effortlessly deliver updates to different environments.
Step 1: Create an IAM User with ECR Access
To begin, create an IAM (Identity and Access Management) user in your AWS account. Assign the necessary permissions to the user, specifically granting access to Amazon ECR as shown above. Obtain the user's access key ID and secret access key, as they will be used to authenticate GitHub Actions during the deployment process.
Step 2: Set Up the Amazon ECR Repository
In the AWS Management Console, navigate to the Amazon ECR service and create a new repository. Give it a descriptive name, and note down the repository URI, as it will be needed in the GitHub Actions workflow. As shown above, I created graphsp-web as the name of the ECR repository.
Step 3: Create a GitHub Actions Workflow:
In your GitHub repository, create a new directory called .github/workflows. Inside this directory, create a YAML file, such as main.yml, to define your deployment workflow. This file will contain the necessary steps to automate the deployment process.
The pipeline is named "CI/CD Pipeline" using
name: CI/CD Pipeline.The workflow is triggered when there are pushes to the main branch or pull requests targeting the main branch using the
onsection.Environment variables are defined using the
envsection. The AWS region is set tous-east-1, the AWS account ID is obtained from a secret, and the ECR repository name is set tographsp-web. TheIMAGE_TAGis set tolatest.The workflow consists of a single job named "build-and-push" using
jobs.build-and-push.The job runs on an Ubuntu environment (
ubuntu-latest) usingruns-on: ubuntu-latest.Permissions are set to allow necessary access for the workflow using the
permissionssection. In this case, it grants write access to security events and read access to actions and contents.The steps section begins with checking out the code using
actions/checkout@v2.The AWS credentials are configured using the
aws-actions/configure-aws-credentialsaction. The action sets the AWS access key ID, secret access key, and AWS region using secrets and environment variables defined earlier.
The main code for pushing the Docker image to ECR is shown below
The step named "Login to Amazon ECR" uses the
aws-actions/amazon-ecr-loginaction to authenticate with Amazon ECR. This step ensures that the subsequent Docker commands can securely interact with the ECR registry.The step named "Build and tag Docker image" uses the
docker/build-push-actionaction. It builds the Docker image using the current context (.), sets the push option to false (as we will push the image in the next step), and specifies the tags for the image. The tags are set to the ECR repository name and the image tag is defined in the environment variables.The
build-argssection under "Build and tag Docker image" allows passing build arguments to the Docker build process. It specifies the arguments and their corresponding values.The step named "Push Docker image to Amazon ECR" uses the
runkeyword to execute a custom shell command. It tags the Docker image with the ECR repository URI by appending the AWS account ID, AWS region, and repository name to the image tag. Finally, it pushes the tagged Docker image to Amazon ECR using thedocker pushcommand.
With these additional steps, the pipeline ensures that the Docker image is built, tagged, and pushed to the specified Amazon ECR repository. The authentication with Amazon ECR is handled automatically, and the image is pushed with the appropriate tags and repository URI based on the environment variables.
Step 4: Run the Workflow:
Save and commit your workflow file to trigger the deployment workflow. GitHub Actions will automatically execute the defined steps whenever the specified triggers are activated. Monitor the workflow execution in the Actions tab of your GitHub repository to track the progress and identify any issues. The image of a successful workflow run is shown below
The docker image on the ECR registry after running the workflow -
Note: When someone opens the Pr with the changement in any code then each time the docker image will be created and pushed to the ECR when all the necessary tests pass from the workflow. I created the above code and workflow in march when I am preparing for the GSOC.
The overall code -
๐ Congratulations on automating your Docker image deployment to Amazon ECR with GitHub Actions! ๐
By following the steps outlined in this blog post, you have successfully set up a streamlined and efficient CI/CD pipeline for your applications. ๐ Embracing automation not only saves valuable time and effort but also ensures consistency and scalability in your deployment process. ๐ฏ
Now, sit back and enjoy the benefits of automated deployments, knowing that your Docker images will be seamlessly pushed to Amazon ECR whenever there are changes in your repository. ๐ With faster and more frequent releases, you can iterate and deliver your applications with confidence.
Keep exploring the possibilities of GitHub Actions and AWS services to further enhance and customize your deployment workflow. Remember, automation is a journey, and there are always opportunities for continuous improvement and optimization. ๐ช
Once again, congratulations on achieving automated Docker image deployment with GitHub Actions and Amazon ECR! ๐ May your deployments be smooth, your releases be successful, and your applications thrive in the cloud! โ๏ธโจ