dockerbambooamazon-ecs

Unable to use the "Docker push" command with ECR

I am unable to use the "Docker" task in Bamboo to push a Docker image up to AWS Elastic Container Repository (ECR) due to an ECR login issue. My output looks like this:

build   18-Oct-2016 12:11:54    9007f5987db3: Preparing
build   18-Oct-2016 12:11:54    b718b2f27b6c: Waiting
build   18-Oct-2016 12:11:54    c986610bcfe6: Waiting
build   18-Oct-2016 12:11:54    ee16ea28e998: Waiting
build   18-Oct-2016 12:11:54    a709d74a4732: Waiting
build   18-Oct-2016 12:11:54    c672d981aff9: Waiting
build   18-Oct-2016 12:11:54    17287d14d5b6: Waiting
build   18-Oct-2016 12:11:54    4505f2891620: Waiting
build   18-Oct-2016 12:11:54    94102dff0575: Waiting
build   18-Oct-2016 12:11:54    e83e87cb73c3: Waiting
build   18-Oct-2016 12:11:54    740e5e49ea89: Waiting
build   18-Oct-2016 12:11:54    092e6cb28bdb: Waiting
build   18-Oct-2016 12:11:54    9007f5987db3: Waiting
build   18-Oct-2016 12:11:54    8d94959a46f4: Waiting
build   18-Oct-2016 12:11:54    d2ccc68b6943: Waiting
build   18-Oct-2016 12:11:54    3dc6be5926c6: Waiting
build   18-Oct-2016 12:11:54    0afc75223403: Waiting
build   18-Oct-2016 12:11:54    71caa5138f3c: Waiting
build   18-Oct-2016 12:11:54    1be454502782: Waiting
build   18-Oct-2016 12:11:54    4a2173830433: Waiting
error   18-Oct-2016 12:11:54    error parsing HTTP 403 response body: invalid character 'Y' looking for beginning of value: "Your Authorization Token has expired. Please run 'aws ecr get-login' to fetch a new one."
simple  18-Oct-2016 12:11:54    Failing task since return code of [/bin/sh /tmp/WEB-SYNAPICI-JOB1-11-ScriptBuildTask-245668070788779382.sh] was 1 while expected 0
Solution

  • I discovered that the aws ecr get-login command was generating a URL prefixed by https://. In order to get Bamboo pushing to my repository, I had to switch from using the Bamboo task to use a custom bash script that strips the "https://" off the front of the docker login command, so that the repository that is being logged into has exactly the same URL as the repository that is being pushed to.

    I feel like this is probably a bug with the AWS client, but here's my script in case anyone else finds it useful:

    #!/usr/bin/env bash
docker_login_command=$(aws ecr get-login)
$(echo $docker_login_command | sed 's|https://||' | sed 's|-e none ||')
container_id=$(docker images | grep foo | awk '{print $3;}' | uniq)
echo $container_id
url="output-of-the-ecr-create-repository-command.dkr.ecr.eu-west-1.amazonaws.com/bar/foo"
docker tag $container_id $url
docker push $url