Build docker to ECR with travis

You will need an AWS IAM Policy for the Travis user that looks pretty much like this I strongly suggest you use a different user for this


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "ecr:PutLifecyclePolicy",
                "ecr:GetLifecyclePolicyPreview",
                "ecr:CreateRepository",
                "ecr:GetDownloadUrlForLayer",
                "ecr:GetAuthorizationToken",
                "ecr:ListTagsForResource",
                "ecr:UploadLayerPart",
                "ecr:ListImages",
                "ecr:DeleteLifecyclePolicy",
                "ecr:DeleteRepository",
                "ecr:PutImage",
                "ecr:UntagResource",
                "ecr:SetRepositoryPolicy",
                "ecr:BatchGetImage",
                "ecr:CompleteLayerUpload",
                "ecr:DescribeImages",
                "ecr:TagResource",
                "ecr:DescribeRepositories",
                "ecr:StartLifecyclePolicyPreview",
                "ecr:InitiateLayerUpload",
                "ecr:BatchCheckLayerAvailability",
                "ecr:GetRepositoryPolicy",
                "ecr:GetLifecyclePolicy"
            ],
            "Resource": "*"
        }
    ]
}

Next you will encrypt the created credentials in the .travis.yml file


travis encrypt AWS_ACCESS_KEY_ID=super_secret --add
travis encrypt AWS_SECRET_ACCESS_KEY=super_secret --add

Then your travis file should look like this


dist: xenial
language: minimal
services:
  - docker

before_install:
  - pip install --user awscli
  - export PATH=$PATH:$HOME/.local/bin
script:
  - eval $(aws ecr get-login --no-include-email --region us-east-1)
  - make build-production
  - make push-image
env:
  global:
  - secure: <your encrypted key>
  - secure: <your encrypted key>