Is there a way to do pre: or similar at the docker: stage? for ECR?

kidbrax · August 24, 2017, 5:18pm

I’d like to run the ECR login command and extract the username/password. Then I could use the normal private docker image settings on the docker: section. Is there a way to do something like that?

I.d like to do this:

docker:
  - image: acme-private/private-image:321
    auth:
      username: aws-ecr-user  # extracted from ECR login command 
      password: aws-ecr-password  # also extracted from ECR login command

icylisper · August 24, 2017, 7:49pm

I have a similar issue:

Don’t know a solution yet

fvanderwerf · September 1, 2017, 9:08am

See my answer to the other thread:

FelicianoTech · September 1, 2017, 7:06pm

Support for ECR in CircleCI 2.0 is on the roadmap.

@fvanderwerf Do you have a working example of that with a config.yml?

aidanrussell · September 9, 2017, 10:12am

I would like to do this too. It seems a very basic functionality. Can someone post a working config.yml for this please? Presumably it includes a shell script to make the ecr-credential-helper work but guidance much appreciated.

aidanrussell · September 9, 2017, 10:27pm

Hello, I got this working with the following config.yml. It’s perhaps a bit messy so let me know if there’s a better way, but it works because the appropriate password is returned as the sixth argument returned by the aws-credential-helper (i.e. the “f” character), and the username as the fourth (i.e. the “d” character):

version: 2
jobs:
  build:
    docker:
      - image: $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$AWS_ECS_REPOSITORY_NAME:latest
        auth:
          username: $(read a b c d e f g <<<$(aws ecr get-login --no-include-email --region $AWS_DEFAULT_REGION) ; echo "$d";)
          password: $(read a b c d e f g <<<$(aws ecr get-login --no-include-email --region $AWS_DEFAULT_REGION) ; echo "$f";)

edkellena · September 11, 2017, 10:00am

@aidanrussell This is a genius workaround! Thanks a lot for this

FelicianoTech · September 11, 2017, 9:00pm

@aidanrussell The fact that you got that workaround to work is… incredible. Props.

We’ve launched official support for authenticating to ECR now: https://circleci.com/blog/aws-ecr-auth-support/

aidanrussell · September 12, 2017, 7:38am

@FelicianoTech Hooray! Much cleaner

kidbrax · September 22, 2017, 12:44am

can we still use dynamic values as in AIDANRUSSELL’s solution? I have two ECR repos. A development and a production. So my key/secret will be different depending on which branch I am pushing. How can we make the key/secret dynamic?

FelicianoTech · September 24, 2017, 7:04pm

Take a look at the docs. I think the best way to do what you want, keeping things “official”, is to use a different job for each environment. Then, you can use a different set of environment variables for your AWS creds.

kidbrax · September 25, 2017, 3:21pm

That seems extremely inefficient and redundant. So we’d have to completely duplicate the job just to use different keys?

FelicianoTech · September 26, 2017, 12:30am

With YAML anchors, yes. Or do what you asked if you could keep doing. Just giving you another option.

Topic		Replies	Views
Using Private image from ECR Build Environment	14	8847	June 18, 2018
How do I pass AWS session token to aws_auth: for pulling docker images from AWS ECR? Build Environment	7	1033	February 27, 2023
Use ECS repository image as build image in CircleCI Build Environment docker , circle-yml , 2.0	1	1200	June 18, 2018
Using a docker image, to generate command output - includes strange characters in output Feedback & Bug Reports	3	817	September 27, 2018
Please help - Cannot login to ECR repository Deployments nodejs , circle-yml	1	1974	July 19, 2022

Is there a way to do pre: or similar at the docker: stage? for ECR?

Related topics