It takes some tries to get Gitlab CI to build and deploy to AWS, since you need to use docker in docker (dind). Here is what works for me.
- runner must be privileged
- see changes to runner volumes
deploy_staging: | |
image: docker:stable | |
stage: deploy | |
when: always | |
services: | |
- name: docker:dind | |
alias: dockerhost | |
variables: | |
ECR_REPO_PREFIX: XXX.dkr.ecr.eu-west-1.amazonaws.com/my-app-name | |
DOCKER_TLS_CERTDIR: "" | |
DOCKER_DRIVER: overlay2 | |
DOCKER_HOST: tcp://dockerhost:2375/ | |
script: | |
- export DEBIAN_FRONTEND=noninteractive | |
# Install python & AWS CLI | |
- apk update -qy && apk add --no-cache curl unzip bash | |
- apk add --no-cache python3 && python3 -m ensurepip && rm -r /usr/lib/python*/ensurepip && pip3 install --upgrade pip setuptools && if [ ! -e /usr/bin/pip ]; then ln -s pip3 /usr/bin/pip ; fi && if [[ ! -e /usr/bin/python ]]; then ln -sf /usr/bin/python3 /usr/bin/python; fi && rm -r /root/.cache | |
- pip3 install awscli | |
# Login to AWS ECR | |
- $(aws ecr get-login --no-include-email --region eu-west-1) | |
# docker images | |
- docker pull ${ECR_REPO_PREFIX}:cache-latest || true | |
- docker build -f ./docker/staging/Dockerfile --cache-from ${ECR_REPO_PREFIX}:cache-latest -t ${ECR_REPO_PREFIX}:${CI_COMMIT_SHA} -t ${ECR_REPO_PREFIX}:cache-latest . | |
- docker push ${ECR_REPO_PREFIX}:cache-latest | |
- docker push ${ECR_REPO_PREFIX}:${CI_COMMIT_SHA} | |
# AWS Cloudformation | |
- aws cloudformation update-stack --template-url https://s3.amazonaws.com/web-platform-cloudformation/ecs-${CI_COMMIT_SHA}.yml --stack-name web-platform-staging --region eu-west-1 --capabilities CAPABILITY_IAM | |
- aws cloudformation wait stack-update-complete --stack-name web-platform-staging --region eu-west-1 | |
only: | |
- tags | |
- staging |
[[runners]] | |
name = "my-gitlab-runner" | |
url = "https://gitlab.example.com/" | |
token = "SOME_TOKEN" | |
executor = "docker" | |
[runners.custom_build_dir] | |
[runners.cache] | |
[runners.cache.s3] | |
[runners.cache.gcs] | |
[runners.cache.azure] | |
[runners.docker] | |
tls_verify = false | |
image = "docker:stable" | |
privileged = true | |
disable_entrypoint_overwrite = false | |
oom_kill_disable = false | |
disable_cache = false | |
volumes = ["/certs/client", "/cache"] | |
shm_size = 0 |