I have a Codebuild project that is building an docker image and pushing it to ECR registry. I got hit with dockerhub rate limits, so I've been trying to pull the same image from AWS ECR Gallery instead of Dockerhub. How do I force docker build to use the pulled image instead of redownloading the same image with tags from docker hub registry?
Codebuild buildspec.yaml
version: 0.2
phases:
install:
runtime-versions:
docker: 19
commands:
- nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://127.0.0.1:2375 --storage-driver=overlay2&
- timeout 15 sh -c "until docker info; do echo .; sleep 1; done"
pre_build:
commands:
- echo Logging in to Amazon ECR....
- aws --version
# update the following line with your own region
- $(aws ecr get-login --no-include-email --region us-east-1)
- IMAGE_TAG=$Environment
- REPOSITORY_URI=<removing-this-part-was-my-private-repository-uri>
- echo Pushing to $REPOSITORY_URI:$IMAGE_TAG
- docker pull public.ecr.aws/docker/library/node:14.19.0-alpine3.14
- docker pull public.ecr.aws/nginx/nginx:alpine
build:
commands:
- echo Build started on `date`
- echo Building the Docker image...
# update the following line with the name of your own ECR repository
- docker build -t local_build:latest .
# update the following line with the URI of your own ECR repository (view the Push Commands in the console)
- docker tag local_build:latest $REPOSITORY_URI:$IMAGE_TAG
post_build:
commands:
- echo Build completed on `date`
- echo pushing to repo
# update the following line with the URI of your own ECR repository
- docker push $REPOSITORY_URI:$IMAGE_TAG
As you can see, I'm pulling the node:14.19.0-alpine3.14 and nginx:alpine images from ECR public gallery.
This is my Dockerfile:
# Multi-stage
# 1) Node image for building frontend assets
# 2) nginx stage to serve frontend assets
# Name the node stage "builder"
FROM node:14.19.0-alpine3.14 AS builder
# Some build tools here https://stackoverflow.com/questions/54428608/docker-node-alpine-image-build-fails-on-node-gyp
RUN apk add g++ make py3-pip
# Set working directory
WORKDIR /app
# Copy all files from current directory to working dir in image
COPY . .
# install node modules and build assets
RUN npm ci && npm run build
# nginx state for serving content
FROM nginx:alpine
# Set working directory to nginx asset directory
WORKDIR /usr/share/nginx/html
# Remove default nginx static assets
RUN rm -rf ./*
# Copy static assets from builder stage
COPY --from=builder /app/build .
# Containers run nginx with global directives and daemon off
ENTRYPOINT ["nginx", "-g", "daemon off;"]
Codebuild logs:
[Container] 2022/02/08 04:49:19 Running command docker pull public.ecr.aws/docker/library/node:14.19.0-alpine3.14
113 14.19.0-alpine3.14: Pulling from docker/library/node
114 97518928ae5f: Pulling fs layer
115 94ae0bc29be1: Pulling fs layer
116 d5329011e23a: Pulling fs layer
117 b0eb5127ee8f: Pulling fs layer
118 b0eb5127ee8f: Waiting
119 d5329011e23a: Download complete
120 97518928ae5f: Verifying Checksum
121 97518928ae5f: Download complete
122 b0eb5127ee8f: Verifying Checksum
123 b0eb5127ee8f: Download complete
124 97518928ae5f: Pull complete
125 94ae0bc29be1: Download complete
126 94ae0bc29be1: Pull complete
127 d5329011e23a: Pull complete
128 b0eb5127ee8f: Pull complete
129 Digest: sha256:8c93166ecea91d8384d9f1768ceaca1cd8bc22c1eb13005cecfb491588bd8169
130 Status: Downloaded newer image for public.ecr.aws/docker/library/node:14.19.0-alpine3.14
131 public.ecr.aws/docker/library/node:14.19.0-alpine3.14
132
133 [Container] 2022/02/08 04:49:24 Running command docker pull public.ecr.aws/nginx/nginx:alpine
134 alpine: Pulling from nginx/nginx
135 59bf1c3509f3: Pulling fs layer
136 8d6ba530f648: Pulling fs layer
137 5288d7ad7a7f: Pulling fs layer
138 39e51c61c033: Pulling fs layer
139 ee6f71c6f4a8: Pulling fs layer
140 f2303c6c8865: Pulling fs layer
141 39e51c61c033: Waiting
142 ee6f71c6f4a8: Waiting
143 f2303c6c8865: Waiting
144 5288d7ad7a7f: Download complete
145 39e51c61c033: Verifying Checksum
146 39e51c61c033: Download complete
147 59bf1c3509f3: Verifying Checksum
148 59bf1c3509f3: Download complete
149 ee6f71c6f4a8: Verifying Checksum
150 ee6f71c6f4a8: Download complete
151 f2303c6c8865: Verifying Checksum
152 f2303c6c8865: Download complete
153 8d6ba530f648: Verifying Checksum
154 8d6ba530f648: Download complete
155 59bf1c3509f3: Pull complete
156 8d6ba530f648: Pull complete
157 5288d7ad7a7f: Pull complete
158 39e51c61c033: Pull complete
159 ee6f71c6f4a8: Pull complete
160 f2303c6c8865: Pull complete
161 Digest: sha256:3f033ffbe255618d38a47a4909f257c66620e08ce7b50f4081f16ca09c2cb74f
162 Status: Downloaded newer image for public.ecr.aws/nginx/nginx:alpine
163 public.ecr.aws/nginx/nginx:alpine
164
165 [Container] 2022/02/08 04:49:26 Phase complete: PRE_BUILD State: SUCCEEDED
166 [Container] 2022/02/08 04:49:26 Phase context status code: Message:
167 [Container] 2022/02/08 04:49:26 Entering phase BUILD
168 [Container] 2022/02/08 04:49:26 Running command echo Build started on `date`
169 Build started on Tue Feb 8 04:49:26 UTC 2022
170
171 [Container] 2022/02/08 04:49:26 Running command echo Building the Docker image...
172 Building the Docker image...
173
174 [Container] 2022/02/08 04:49:26 Running command docker build -t depaint:latest .
175 Sending build context to Docker daemon 2.353MB
176
177 Step 1/10 : FROM node:14.19.0-alpine3.14 AS builder
178 14.19.0-alpine3.14: Pulling from library/node
179 Digest: sha256:8c93166ecea91d8384d9f1768ceaca1cd8bc22c1eb13005cecfb491588bd8169
180 Status: Downloaded newer image for node:14.19.0-alpine3.14
181 ---> 442800913bae
Line 179-181 here seems to prove that it's redownloading it again anyway.
I also tried changing the docker build command inside buildspec.yaml to:
docker build -t <name-removed>:latest --cache-from public.ecr.aws/docker/library/node:14.19.0-alpine3.14 --cache-from public.ecr.aws/nginx/nginx:alpine .
This didn't work either
The problem lies here:
FROM node:14.19.0-alpine3.14 AS builder
You haven't specified a registry in this FROM statement. Since you haven't specified a registry, it pulls hub.docker.com/docker/library/node. This is a different tag than public.ecr.aws/docker/library/node:14.19.0-alpine3.14, because all registries have different namespaces.
If you want the version from ECR, you need to specify that in your Dockerfile:
FROM public.ecr.aws/docker/library/node:14.19.0-alpine3.14
This also makes it unnecessary to pull the base image before building - it will automatically fetch the base image if it's not present.