Jun 5, 2021

3 min read

Efficient and Secure Integration of Jeninks with ECR

aws ecr get-login
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:GetRepositoryPolicy",
"ecr:DescribeRepositories",
"ecr:ListImages",
"ecr:DescribeImages",
"ecr:BatchGetImage",
"ecr:GetLifecyclePolicy",
"ecr:GetLifecyclePolicyPreview",
"ecr:ListTagsForResource",
"ecr:DescribeImageScanFindings",
"ecr:InitiateLayerUpload",
"ecr:UploadLayerPart",
"ecr:CompleteLayerUpload",
"ecr:PutImage"
],
"Resource": "*"
}
]
}
git clone https://github.com/awslabs/amazon-ecr-credential-helper.gitcd amazon-ecr-credential-helper/make docker
mkdir -p bin
docker run --rm \
-e TARGET_GOOS= \
-e TARGET_GOARCH= \
-v '/root/amazon-ecr-credential-helper/bin':/go/src/github.com/awslabs/amazon-ecr-credential-helper/bin \
sha256:f40028122007c4597897a7950d160497ee9963827ac218cc9e37176a21f65b25
./scripts/build_binary.sh ./bin/local 0.5.0 c5b4d8f
go: downloading github.com/aws/aws-sdk-go v1.38.44
go: downloading github.com/docker/docker-credential-helpers v0.6.3
go: downloading github.com/mitchellh/go-homedir v1.1.0
go: downloading github.com/pkg/errors v0.9.1
go: extracting github.com/pkg/errors v0.9.1
go: extracting github.com/mitchellh/go-homedir v1.1.0
go: downloading github.com/sirupsen/logrus v1.4.2
go: extracting github.com/sirupsen/logrus v1.4.2
go: downloading golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f
go: extracting github.com/docker/docker-credential-helpers v0.6.3
go: extracting golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f
go: extracting github.com/aws/aws-sdk-go v1.38.44
go: downloading github.com/jmespath/go-jmespath v0.4.0
go: extracting github.com/jmespath/go-jmespath v0.4.0
go: finding github.com/docker/docker-credential-helpers v0.6.3
go: finding github.com/mitchellh/go-homedir v1.1.0
go: finding github.com/aws/aws-sdk-go v1.38.44
go: finding github.com/sirupsen/logrus v1.4.2
go: finding golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f
go: finding github.com/jmespath/go-jmespath v0.4.0
go: finding github.com/pkg/errors v0.9.1
Built ecr-login
[root@ip-10-0-0-216 amazon-ecr-credential-helper]# cd bin/local/
[root@ip-10-0-0-216 local]# ls
docker-credential-ecr-login
vim /var/lib/jenkins/.docker/config.json.
{
"credsStore": "ecr-login"
}
docker push ${AWS_ECR_REPO}/${REPO_NAME}:${currentBuild.number}docker pull ${AWS_ECR_REPO}/${REPO_NAME}:${currentBuild.number}