Automating Docker Image Deployment to AWS ECR using GitHub Actions

In modern software development, continuous integration and continuous deployment (CI/CD) are essential practices. GitHub Actions provides a powerful platform to automate these workflows directly from your GitHub repository. In this blog post, we will walk through a sample GitHub Actions workflow that automatically builds and pushes a Docker image to AWS Elastic Container Registry (ECR) whenever a specific file changes.

Prerequisites

Before we begin, ensure you have the following prerequisites:

1. GitHub Repository: A GitHub repository where your code resides.
2. AWS Account: An AWS account with permissions to create and manage ECR repositories.
3. IAM Role: An IAM role with permissions to push Docker images to ECR.
4. Docker: Docker installed on your local machine for testing.

Step-by-Step Guide

Here’s the step-by-step guide to set up the GitHub Actions workflow.

1. Define the GitHub Actions Workflow

Create a new file in your GitHub repository at .github/workflows/docker-build.yml. Add the following code:

name: Docker Build and Push

on:

  push:

    branches:

      - main

 

env:

  AWS_REGION: <YOUR_AWS_REGION>

 

permissions:

  id-token: write

  contents: read

 

jobs:

  build-and-push:

    runs-on: ubuntu-latest

 

    steps:

    - name: Checkout Repository

      uses: actions/checkout@v2

      with:

        fetch-depth: 0

 

    - name: Check if File Changed

      id: check-file-changes

      run: |

        echo "changed=$(if git diff --name-only ${{ github.event.before }} ${{ github.sha }} | grep -q 'path/to/your/file.py'; then echo 'true'; else echo 'false'; fi)" >> $GITHUB_ENV

 

    - name: Configure AWS Credentials

      uses: aws-actions/configure-aws-credentials@v1.7.0

      with:

        role-to-assume: arn:aws:iam::<YOUR_ACCOUNT_ID>:role/<YOUR_ROLE_NAME>

        aws-region: ${{ env.AWS_REGION }}

    

    - name: Build and Push Docker Image

      if: env.changed == 'true'

      env:

        ECR_REGISTRY: <YOUR_ACCOUNT_ID>.dkr.ecr.<YOUR_AWS_REGION>.amazonaws.com

        IMAGE_NAME: <YOUR_IMAGE_NAME>

      run: |

        aws ecr get-login-password --region ${{ env.AWS_REGION }} | docker login --username AWS --password-stdin $ECR_REGISTRY

        docker build -t $ECR_REGISTRY/$IMAGE_NAME .

        docker push $ECR_REGISTRY/$IMAGE_NAME

 

2. Workflow Explanation

• Trigger: The workflow triggers on a push to the main branch.
• Environment Variables: AWS region is set as an environment variable.
• Permissions: GitHub Actions requires permissions to read the repository content and write ID tokens for authentication.
• Job Steps:
  • Checkout Repository: Uses the actions/checkout@v2 action to clone the repository.
  • Check if File Changed: Checks if the specific file (path/to/your/file.py) has changed between commits.
  • Configure AWS Credentials: Configures AWS credentials using aws-actions/configure-aws-credentials@v1.7.0.
  • Build and Push Docker Image: If the file has changed, logs into ECR, builds the Docker image, and pushes it to ECR.

3. Replace Placeholders

Replace the placeholders in the workflow with your actual values:

• <YOUR_AWS_REGION>: Your AWS region (e.g., us-west-2).
• <YOUR_ACCOUNT_ID>: Your AWS account ID.
• <YOUR_ROLE_NAME>: The name of the IAM role with ECR permissions.
• <YOUR_IMAGE_NAME>: The name you want to give your Docker image.

4. Commit and Push

Commit the changes to your repository and push to the main branch:

git add .github/workflows/docker-build.yml

git commit -m "Add GitHub Actions workflow for Docker build and push"

git push origin main

Conclusion

By following this guide, you can automate the process of building and pushing Docker images to AWS ECR using GitHub Actions. This workflow ensures that your Docker images are always up to date whenever changes are made to specific files in your repository. Automating this process reduces manual effort, minimizes errors, and speeds up your CI/CD pipeline.