Running the sample Directory structure Files Adapting the sample to push the image to Docker Hub Related resources

Docker sample for CodeBuild

This sample produces as build output a Docker image and then pushes the Docker image to an Amazon Elastic Container Registry (Amazon ECR) image repository. You can adapt this sample to push the Docker image to Docker Hub. For more information, see Adapting the sample to push the image to Docker Hub.

To learn how to build a Docker image by using a custom Docker build image (docker:dind in Docker Hub), see our Docker in custom image sample.

This sample was tested referencing golang:1.12.

This sample uses the new multi-stage Docker builds feature, which produces a Docker image as build output. It then pushes the Docker image to an Amazon ECR image repository. Multi-stage Docker image builds help to reduce the size of the final Docker image. For more information, see Use multi-stage builds with Docker.

Important

Running this sample might result in charges to your Amazon account. These include possible charges for Amazon CodeBuild and for Amazon resources and actions related to Amazon S3, Amazon KMS, CloudWatch Logs, and Amazon ECR. For more information, see CodeBuild pricing, Amazon S3 pricing, Amazon Key Management Service pricing, Amazon CloudWatch pricing, and Amazon Elastic Container Registry pricing.

Topics

Running the sample
Directory structure
Files
Adapting the sample to push the image to Docker Hub
Related resources

Running the sample

To run this sample

If you already have an image repository in Amazon ECR you want to use, skip to step 3. Otherwise, if you are using an user instead of an Amazon root account or an administrator user to work with Amazon ECR, add this statement (between ### BEGIN ADDING STATEMENT HERE ### and ### END ADDING STATEMENT HERE ###) to the user (or IAM group the user is associated with). Using an Amazon root account is not recommended.This statement allows the creation of Amazon ECR repositories for storing Docker images. Ellipses (...) are used for brevity and to help you locate where to add the statement. Do not remove any statements, and do not type these ellipses into the policy. For more information, see Working with inline policies using the Amazon Web Services Management Console in the user Guide.
```
{
  "Statement": [
    ### BEGIN ADDING STATEMENT HERE ###
    {
      "Action": [
        "ecr:CreateRepository"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    ### END ADDING STATEMENT HERE ###
    ...
  ],
  "Version": "2012-10-17"
}
```
Note
The IAM entity that modifies this policy must have permission in IAM to modify policies.
Create an image repository in Amazon ECR. Be sure to create the repository in the same Amazon Region where you create your build environment and run your build. For more information, see Creating a repository in the Amazon ECR User Guide. This repository's name must match the repository name you specify later in this procedure, represented by the IMAGE_REPO_NAME environment variable.
Add this statement (between ### BEGIN ADDING STATEMENT HERE ### and ### END ADDING STATEMENT HERE ###) to the policy you attached to your Amazon CodeBuild service role. This statement allows CodeBuild to upload Docker images to Amazon ECR repositories. Ellipses (...) are used for brevity and to help you locate where to add the statement. Do not remove any statements, and do not type these ellipses into the policy.
```
{
  "Statement": [
    ### BEGIN ADDING STATEMENT HERE ###
    {
      "Action": [
        "ecr:BatchCheckLayerAvailability",
        "ecr:CompleteLayerUpload",
        "ecr:GetAuthorizationToken",
        "ecr:InitiateLayerUpload",
        "ecr:PutImage",
        "ecr:UploadLayerPart"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    ### END ADDING STATEMENT HERE ###
    ...
  ],
  "Version": "2012-10-17"
}
```
Note
The IAM entity that modifies this policy must have permission in IAM to modify policies.
Create the files as described in the "Directory structure" and "Files" sections of this topic, and then upload them to an S3 input bucket or an Amazon CodeCommit, GitHub, or Bitbucket repository.

Important
Do not upload (root directory name), just the files inside of (root directory name).
If you are using an S3 input bucket, be sure to create a ZIP file that contains the files, and then upload it to the input bucket. Do not add (root directory name) to the ZIP file, just the files inside of (root directory name).
Follow the steps in Run CodeBuild directly to create a build project, run the build, and view build information.

If you use the console to create your project:
1. For Operating system, choose Ubuntu.
2. For Runtime, choose Standard.
3. For Image, choose aws/codebuild/standard:4.0.
4. Because you use this build project to build a Docker image, select Privileged.
  
  Note
  By default, Docker containers do not allow access to any devices. Privileged mode grants a build project's Docker container access to all devices. For more information, see Runtime Privilege and Linux Capabilities on the Docker Docs website.
5. Add the following environment variables:
  - AWS_DEFAULT_REGION with a value of region-ID
  - AWS_ACCOUNT_ID with a value of account-ID
  - IMAGE_TAG with a value of Latest
  - IMAGE_REPO_NAME with a value of Amazon-ECR-repo-name
If you use the Amazon CLI to create the build project, the JSON-formatted input to the create-project command might look similar to this. (Replace the placeholders with your own values.)
```
{
  "name": "sample-docker-project",
  "source": {
    "type": "S3",
    "location": "codebuild-region-ID-account-ID-input-bucket/DockerSample.zip"
  },
  "artifacts": {
    "type": "NO_ARTIFACTS"
  },
  "environment": {
    "type": "LINUX_CONTAINER",
    "image": "aws/codebuild/standard:4.0",
    "computeType": "BUILD_GENERAL1_SMALL",
    "environmentVariables": [
      {
        "name": "AWS_DEFAULT_REGION",
        "value": "region-ID"
      },
      {
        "name": "AWS_ACCOUNT_ID",
        "value": "account-ID"
      },
      {
        "name": "IMAGE_REPO_NAME",
        "value": "Amazon-ECR-repo-name"
      },
      {
        "name": "IMAGE_TAG",
        "value": "latest"
      }
    ],
    "privilegedMode": true
  },
  "serviceRole": "arn:aws:iam::account-ID:role/role-name",
  "encryptionKey": "arn:aws:kms:region-ID:account-ID:key/key-ID"
}
```
Confirm that CodeBuild successfully pushed the Docker image to the repository:
1. Open the Amazon ECR console at https://console.amazonaws.cn/ecr/.
2. Choose the repository name. The image should be listed in the Image tag column.

Directory structure

This sample assumes this directory structure.


(root directory name)
├── buildspec.yml
└── Dockerfile

Files

This sample uses these files.

buildspec.yml (in (root directory name))


version: 0.2

phases:
  pre_build:
    commands:
      - echo Logging in to Amazon ECR...
      - aws ecr get-login-password --region $AWS_DEFAULT_REGION | docker login --username Amazon --password-stdin $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com
  build:
    commands:
      - echo Build started on `date`
      - echo Building the Docker image...          
      - docker build -t $IMAGE_REPO_NAME:$IMAGE_TAG .
      - docker tag $IMAGE_REPO_NAME:$IMAGE_TAG $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME:$IMAGE_TAG      
  post_build:
    commands:
      - echo Build completed on `date`
      - echo Pushing the Docker image...
      - docker push $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME:$IMAGE_TAG

Dockerfile (in (root directory name))


FROM golang:1.12-alpine AS build
#Install git
RUN apk add --no-cache git
#Get the hello world package from a GitHub repository
RUN go get github.com/golang/example/hello
WORKDIR /go/src/github.com/golang/example/hello
# Build the project and send the output to /bin/HelloWorld 
RUN go build -o /bin/HelloWorld

FROM golang:1.12-alpine
#Copy the build's output binary from the previous build container
COPY --from=build /bin/HelloWorld /bin/HelloWorld
ENTRYPOINT ["/bin/HelloWorld"]

Note

CodeBuild overrides the ENTRYPOINT for custom Docker images.

Adapting the sample to push the image to Docker Hub

To push the Docker image to Docker Hub instead of Amazon ECR, edit this sample's code.

Note

If you are using a version of Docker earlier than 17.06, remove the --no-include-email option.

Replace these Amazon ECR-specific lines of code in the buildspec.yml file:


...
  pre_build:
    commands:
      - echo Logging in to Amazon ECR...
      - aws ecr get-login-password --region $AWS_DEFAULT_REGION | docker login --username Amazon --password-stdin $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com
  build:
    commands:
      - echo Build started on `date`
      - echo Building the Docker image...          
      - docker build -t $IMAGE_REPO_NAME:$IMAGE_TAG .
      - docker tag $IMAGE_REPO_NAME:$IMAGE_TAG $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME:$IMAGE_TAG
  post_build:
    commands:
      - echo Build completed on `date`
      - echo Pushing the Docker image...
      - docker push $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME:$IMAGE_TAG
...

With these Docker Hub-specific lines of code:


...
  pre_build:
    commands:
      - echo Logging in to Docker Hub...
      # Type the command to log in to your Docker Hub account here.          
  build:
    commands:
      - echo Build started on `date`
      - echo Building the Docker image...
      - docker build -t $IMAGE_REPO_NAME:$IMAGE_TAG .
      - docker tag $IMAGE_REPO_NAME:$IMAGE_TAG $IMAGE_REPO_NAME:$IMAGE_TAG
  post_build:
    commands:
      - echo Build completed on `date`
      - echo Pushing the Docker image...
      - docker push $IMAGE_REPO_NAME:$IMAGE_TAG
...

Upload the edited code to an S3 input bucket or an Amazon CodeCommit, GitHub, or Bitbucket repository.

Important
Do not upload (root directory name), just the files inside of (root directory name).
If you are using an S3 input bucket, be sure to create a ZIP file that contains the files, and then upload it to the input bucket. Do not add (root directory name) to the ZIP file, just the files inside of (root directory name).

Replace these lines of code from the JSON-formatted input to the create-project command:


...
    "environmentVariables": [
      {
        "name": "AWS_DEFAULT_REGION",
        "value": "region-ID"
      },
      {
        "name": "AWS_ACCOUNT_ID",
        "value": "account-ID"
      },
      {
        "name": "IMAGE_REPO_NAME",
        "value": "Amazon-ECR-repo-name"
      },
      {
        "name": "IMAGE_TAG",
        "value": "latest"
      }
    ]
...

With these lines of code:


...
    "environmentVariables": [
      {
        "name": "IMAGE_REPO_NAME",
        "value": "your-Docker-Hub-repo-name"
      },
      {
        "name": "IMAGE_TAG",
        "value": "latest"
      }
    ]
...

Follow the steps in Run CodeBuild directly to create a build environment, run the build, and view related build information.
Confirm that Amazon CodeBuild successfully pushed the Docker image to the repository. Sign in to Docker Hub, go to the repository, and choose the Tags tab. The latest tag should contain a very recent Last Updated value.

Related resources

For information about getting started with Amazon CodeBuild, see Getting started with Amazon CodeBuild using the console.
For information about troubleshooting issues in CodeBuild, see Troubleshooting Amazon CodeBuild.
For information about quotas in CodeBuild, see Quotas for Amazon CodeBuild.

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Docker in custom image sample

GitHub Enterprise Server sample