alphaspirit - Fotolia
Build Docker container images with AWS CodeBuild
AWS CodeBuild is a developer tool that automates tasks, such as software releases, and enables IT teams to build and push containers to a registry within minutes.
AWS has evolved its cloud developer tools and services over the years, and a recent addition could change how many approach server builds.
The cloud provider unveiled AWS CodeBuild at re:Invent, a service that automates the server build and management process. Developers can use CodeBuild with other AWS tools to completely automate software releases.
AWS CodeBuild compiles application source code, runs tests and returns software artifacts and container images. The native service removes the need for dev teams to scale, patch and maintain build servers. Otherwise, an IT team might develop a C++ application that uses an open source automation server, such as Jenkins, to compile source code. After compiling code and running some tests, Jenkins can output binaries and installation packages for the application. AWS CodeBuild, on the other hand, can handle those tasks as an alternative to Jenkins.
Developers can add a build stage within their deployment pipelines to send source code to CodeBuild automatically. To do so, create a build project in the CodeBuild console to give the service the source code location and tell it which runtimes or tools to use. For example, the source code could reside in a CodeCommit repository with an application written in Java, Ruby, Python or Node.js. The programming language determines the runtime and the compiler to use.
The CodeBuild service also enables teams to build Docker container images. Let's take a look at a real-world example of how developers can use the service to set up a build project that creates a Docker image and pushes it to Amazon Elastic Cloud Compute Container Registry (ECR).
Setting up the build source
Before you dive into CodeBuild, you need to understand the source code used to build this Docker container image. Figure 1 shows an AWS CodeCommit repository that contains a simple Dockerfile.
The Dockerfile defines a simple configuration for the container. We'll use Ubuntu as the base container image, install the Apache web server and include a "Hello World!" message in the default index.html page.
AWS CodeBuild uses this Dockerfile to run a Docker build, which creates a container image with the desired components and configuration. We also need to instruct CodeBuild to push this image to an ECR repository when the build is complete. To do this, use a build specification file (Figure 2).
The build specification is a YAML-formatted file called buildspec.yml, which is stored in the same CodeCommit repository as the Dockerfile for the container image. The build specification tells CodeBuild what to do in the various stages of the build process. That process includes three phases:
- Pre-build: Authenticates to the ECR service using the AWS Command Line interface. We need an authenticated connection to ECR later to push the new container image to the repository.
- Build: Executes the Docker commands needed to build and tag the container image.
- Post-build: Executes the docker push command to send the built container image into the ECR repository.
Create a build project in CodeBuild
To create the build project in the CodeBuild web console, select the New Build Project button. Next, define a name for the build project and then define the source location. Developers can choose Amazon Simple Storage Service (S3), AWS CodeCommit or GitHub as their build source.
Set the Source Provider to AWS CodeCommit and select the repository. In this example, the repository is named MyDockerFiles.
After defining the build source, configure the build environment. I used a managed image that runs the Ubuntu OS with the Docker 1.12 runtime. The CodeBuild service spins up a system using these settings to perform the build. CodeBuild uses the buildspec.yml, file which is in the root of my CodeCommit repository (Figure 3).
The build project pushes the container image into ECR, so it doesn't need to produce any artifacts, such as binaries, into an S3 bucket. Developers can also create a new Identity and Access Management (IAM) service role in an account to allow CodeBuild to interact with other AWS tools. Keep in mind: This role needs additional permissions. So, to allow CodeBuild to log in and push a container image to the ECR service, developers must configure the IAM role to allow those operations.
How well do you know Docker components and services?
With Docker containers moving into more enterprise IT shops, it's imperative to grasp how the technology works. Test your knowledge of Docker components and services with this quiz.Running the build
After the build project is created, select it in the CodeBuild console and then choose the Start Build button.
After the build completes, you can review detailed information about everything that happened within each phase of the build. You also can access to build logs that show the output from the commands in the buildspec.yml file (Figure 4).
It takes about three minutes to build the container image and push it to the repository in ECR.
These instructions barely scratch the surface of what you can do with AWS CodeBuild. Not only does it perform a number of runtime builds for various platforms, it also will support Windows-based runtimes, such as the .NET Framework in the future. And developers also can use CodeBuild natively as a build stage inside AWS CodePipeline.