I have a java service that I am trying to create a pipeline to build, create a docker image, tag and push to my ECR.
Steps so far:
Created IAM account with AmazonEC2ContainerRegistryPowerUser privileges.
Created the following repository variables in Bitbucket:
I have the following bitbucket-pipelines.yml:
image: openjdk:8
pipelines:
default:
- step:
caches:
- gradle
script:
- bash ./gradlew build -x test
branches:
develop:
- step:
image: openjdk:8
services:
- docker
script:
- docker version
- echo "This script runs only on commit to the develop branch."
- bash ./gradlew build -x test
# Login to AWS
# - export LOGIN=$(aws ecr get-login --no-include-email --region us-west-1)
# - $LOGIN
- eval $(aws ecr get-login --region ${AWS_DEFAULT_REGION} --no-include-email)
# build docker image
- docker build -t my-image .
# tag and push docker images to ECR
- docker tag icverify-gateway:latest xxxxxxxxxxx.amazonaws.com/my-image:qa
- docker push xxxxxxxxxxx.amazonaws.com/my-image:qa
# register the ECS task definition and capture the version
- export IMAGE_NAME=xxxxxxxxxxx.amazonaws.com/my-image:qa
- export TASK_VERSION=$(aws ecs register-task-definition --family my-image -- container-definitions "[]")
I then get the following on code commit:
+ docker push xxxxxxxxxxx.amazonaws.com/my-image:qa
The push refers to repository [xxxxxxxxxxx.amazonaws.com/my-image]
ac079aa23bfa: Preparing
ceaf9e1ebef5: Preparing9b9b7f3d56a0: Preparing
f1b5933fe4b5: Preparing
no basic auth credentials
There seems to be two main reasons this issue occurs. Both possible issues are with the aws ecr get-login command. Make sure yours is formatted like this:
eval $(aws ecr get-login --no-include-email --region YOUR-REGION-HERE | sed 's|https://||')
Note: make sure to change the region from YOUR-REGION-HERE to the one you are trying to deploy to. For me this is --region ap-southeast-2
1. the docker command given by aws cli is slightly off. (as mentioned here)
While you can read the full reasoning in the post I linked all you need to know is that the aws ecr get-login command needs to be wrapped like so (see parts in bold):
eval $(aws ecr get-login --no-include-email --region ap-southeast-2 | sed 's|https://||')
^ make sure to change your region to the correct one as I will talk about below.
2. No region is specified so it defaults to us-east. In my case, I wanted to deploy to ap-southeast-2 but I didn't specify it. make sure to include the following flag after your get-login statement.
--region ap-southeast-2
Here are my working bitbucket-pipelines for an ECR deploy:
image: python:3.7.4-alpine3.10
pipelines:
tags:
ecr-release-*:
- step:
services:
- docker
caches:
- pip
script:
- pip3 install awscli
- IMAGE="SOME-RANDOM-NUMBER.dkr.ecr.ap-southeast-2.amazonaws.com/YOUR-REPO-NAME"
- TAG=${BITBUCKET_BRANCH:-$BITBUCKET_TAG}
- aws configure set aws_access_key_id "${AWS_KEY}"
- aws configure set aws_secret_access_key "${AWS_SECRET}"
- eval $(aws ecr get-login --no-include-email --region ap-southeast-2 | sed 's|https://||')
- docker build -t $IMAGE:$TAG .
- docker push $IMAGE:$TAG
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thank you, I added that to my login but I get the same error. I am strictly using user/pass for authentication here - but is a cert required for this to work?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Likewise I'm encountering the very same issue, can the documentation be updated to reflect the pipeline requirements?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
@davina This is what I am getting from the output before the "no basic auth credentials":
Command:
eval $(aws ecr get-login-password --region us-east-2 | docker login --username AWS --password-stdin ${AWS_REGISTRY_URL}) | sed 's|https://||'
Error:
bash: aws: command not found
Error: Cannot perform an interactive login from a non TTY device
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.