Build docker to ECR with travis
You will need an AWS IAM Policy for the Travis user that looks pretty much like this I strongly suggest you use a different user for this
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"ecr:PutLifecyclePolicy",
"ecr:GetLifecyclePolicyPreview",
"ecr:CreateRepository",
"ecr:GetDownloadUrlForLayer",
"ecr:GetAuthorizationToken",
"ecr:ListTagsForResource",
"ecr:UploadLayerPart",
"ecr:ListImages",
"ecr:DeleteLifecyclePolicy",
"ecr:DeleteRepository",
"ecr:PutImage",
"ecr:UntagResource",
"ecr:SetRepositoryPolicy",
"ecr:BatchGetImage",
"ecr:CompleteLayerUpload",
"ecr:DescribeImages",
"ecr:TagResource",
"ecr:DescribeRepositories",
"ecr:StartLifecyclePolicyPreview",
"ecr:InitiateLayerUpload",
"ecr:BatchCheckLayerAvailability",
"ecr:GetRepositoryPolicy",
"ecr:GetLifecyclePolicy"
],
"Resource": "*"
}
]
}
Next you will encrypt the created credentials in the .travis.yml file
travis encrypt AWS_ACCESS_KEY_ID=super_secret --add
travis encrypt AWS_SECRET_ACCESS_KEY=super_secret --add
Then your travis file should look like this
dist: xenial
language: minimal
services:
- docker
before_install:
- pip install --user awscli
- export PATH=$PATH:$HOME/.local/bin
script:
- eval $(aws ecr get-login --no-include-email --region us-east-1)
- make build-production
- make push-image
env:
global:
- secure: <your encrypted key>
- secure: <your encrypted key>