We'll do the following
- Create Bitbucket repository
- Push Docker image to ECR from Bitbucket
- Configure Bitbucket pipeline.
Create Bitbucket repository
1: Created ssh key.
ssh-keygen -t rsa -C aaa@example.com
2: Add pub key to bitbucket.
3: set remote but... password is needed?
git remote add origin git@bitbucket.org:xxx/yyy.git
git push origin master
Password for 'https://aaa@bitbucket.org':
# ????
4: Get remote URL
git config --get remote.origin.url
https://aaa@bitbucket.org/bbb/ccc.git
5: This should not be https... should be git.
git remote set-url origin git@bitbucket.org:xxxx/yyyy.git
error..
6: Specify ssh key
https://qiita.com/sonots/items/826b90b085f294f93acf
Push Docker image to ECR from Bitbucket
We have to create the IAM Role of OIDC.
Get identity provider of Bitbucket.
You can get the information from Bitbucket.
{Your repository settings} > Pipelines > OpenID Connect
Get the following.
- Identity provider URL
- Audience
AWS IAM Setting.
Create provider
- Go to
IAM > Identity providers > Add provider. - Fill in
Identity provider URLandAudience.
Create policy
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "GetAuthorizationToken",
"Effect": "Allow",
"Action": [
"ecr:GetAuthorizationToken"
],
"Resource": "*"
},
{
"Sid": "AllowPushImage",
"Effect": "Allow",
"Action": [
"ecr:BatchCheckLayerAvailability",
"ecr:InitiateLayerUpload",
"ecr:UploadLayerPart",
"ecr:CompleteLayerUpload",
"ecr:PutImage"
],
"Resource": "arn:aws:ecr:ap-northeast-1:{AWS Account ID}:repository/*"
}
]
}
Create role
- Go to
IAM > Role > Create role. - Select
Web identity. - Select
Identity provider URLandAudiencecreated by previous step. - Choose policy created in previous step.
Configure bitbucket pipeline.
Minimum configuration
image: atlassian/default-image:2
definitions:
script: &ecrScript
- docker build -t $REPO_NAME .
- pipe: atlassian/aws-ecr-push-image:1.5.0
variables:
AWS_OIDC_ROLE_ARN: $OIDC_ROLE_ARN
IMAGE_NAME: $IMAGE_NAME
TAGS: "${BITBUCKET_TAG} build-$BITBUCKET_BUILD_NUMBER latest"
pipelines:
custom:
build-custom:
- step:
name: Deploy to ECR
services:
- docker
oidc: true
script: *ecrScript
NOTE
AWS_DEFAULT_REGION must be configured as Variable. Otherwise we will get the error ValueError: Invalid endpoint: https://api.ecr..amazonaws.com. Please check official document.
Top comments (1)
Much appreciated. This was a great help.