I’m trying to push an image to ECR on GitLab and the docker login command keeps failing. I tried looking around online and tried 3 different variations and they all failed. Here’s my gitlab-ci.yml file
image: docker:latest
services:
- docker:dind
before_script:
- apk add --update --no-cache jq py-pip
- pip install awscli
- aws ecr get-login --no-include-email --region us-west-2
- docker login -u AWS -p $(aws ecr get-login-password --region us-west-2) https://775362094965.dkr.ecr.us-west-2.amazonaws.com
#Denied: not authorized
- docker login --username AWS --password-stdin https://775362094965.dkr.ecr.us-west-2.amazonaws.com
# Error: Cannot perform an interactive login from a non TTY device
- docker login --username AWS --password-stdin public.ecr.aws/u1c1h9j4
# Error: Cannot perform an interactive login from a non TTY device
stages:
- build
- deploy
build-job:
stage: build
script:
- docker build -t $REPOSITORY_URL:$IMAGE_TAG .
- docker push $REPOSITORY_URL:$IMAGE_TAG
only:
- main
deploy-job:
stage: deploy
script:
- echo `aws ecs describe-task-definition --task-definition $CI_AWS_ECS_TASK_DEFINITION --region us-west-2` > input.json
- echo $(cat input.json | jq '.taskDefinition.containerDefinitions[].image="'$REPOSITORY_URL':'$IMAGE_TAG'"') > input.json
- echo $(cat input.json | jq '.taskDefinition') > input.json
- echo $(cat input.json | jq 'del(.taskDefinitionArn)' | jq 'del(.revision)' | jq 'del(.status)' | jq 'del(.requiresAttributes)' | jq 'del(.compatibilities)' | jq 'del(.registeredAt)' | jq 'del(.registeredBy)') > input.json
- aws ecs register-task-definition --cli-input-json file://input.json --region us-west-2
- revision=$(aws ecs describe-task-definition --task-definition $CI_AWS_ECS_TASK_DEFINITION --region us-west-2 | egrep "revision" | tr "/" " " | awk '{print $2}' | sed 's/"$//' | cut -d "," -f 1)
- aws ecs update-service --cluster $CI_AWS_ECS_CLUSTER --service $CI_AWS_ECS_SERVICE --task-definition $CI_AWS_ECS_TASK_DEFINITION:$revision --region us-west-2
I inserted all 3 docker login variations that I tried and listed the error I received in my pipeline right underneath them. I tried them all individually
2
Answers
For modern versions of AWS CLI v1 or v2:
For older versions of AWS CLI v1 that don’t have
get-login-password
:You must also make sure your configured identity has permission to ECR.
This would imply to me you might have an issue with your IAM permissions.
aws ecr get-login-password | docker login --username AWS --password-stdin https://775362094965.dkr.ecr.us-west-2.amazonaws.com
Generally
password-stdin
option reads password from user input, but as you want to implement CI/CD, you can pipe the password as given above.I found a detailed description to solve the issue @
https://medium.com/devops-with-valentine/gitlab-ci-build-push-docker-image-to-aws-ecr-elastic-container-registry-b63b91a58728
Either you have not specified in the post, but maybe your setup does not have aws-cli setup of its own ! You may need to add aws-cli image to get your pipeline working