A DevOps engineer is building a pipeline in AWS CodePipeline to build a docker image and push it to AWS ECR.
In the CodePipeline, the source stage is configured with AWS CodeCommit where the source files are stored.
In the build stage, the Action Provider is AWS CodeBuild.
For its buildspec.yml file, there are three phases which are pre_build, build and post_build.
The build stage in the pipeline is responsible for creating the image and pushing it to the ECR repository.
Which command should be put in the pre_build stage in the buildspec.yml file?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer - B.
The buildspec.yml file includes a collection of build commands and related settings for AWS CodeBuild to run the build.
Refer to.
https://aws.amazon.com/blogs/devops/build-a-continuous-delivery-pipeline-for-your-container-images-with-amazon-ecr-as-source/on how to use CodeBuild and CodePipeline to build an image for ECR.
Option A is incorrect: Because the docker build command should be put in the build phase.
Option B is CORRECT: The preparation steps should be put in the pre_build phase such as ecr login, getting the ECR repository URI and tags definition.
Option C is incorrect: Because the docker tag command happens after the docker image is built and should be put in the build phase.
Option D is incorrect: Because docker push should be put in the post_build phase as required after the image is built.
The pre_build phase in the buildspec.yml file of AWS CodeBuild allows a DevOps engineer to execute custom commands before the build process starts. In this scenario, the DevOps engineer wants to build a Docker image and push it to AWS ECR using AWS CodePipeline.
The correct command to put in the pre_build stage in the buildspec.yml file is option B: aws ecr get-login --region $AWS_DEFAULT_REGION.
This command retrieves an authentication token from AWS ECR and prints a docker login command with the token. The docker login command authenticates Docker CLI to an Amazon ECR registry with an authorization token obtained from AWS ECR. The --region option specifies the region where the ECR repository is located.
After executing this command, the Docker CLI is authenticated with the ECR repository and can push the Docker image to ECR using the docker build, docker tag, and docker push commands in the build phase.
Option A is the command to build the Docker image using the Dockerfile located in the current directory and tag it with the latest tag of the ECR repository. Option C is the command to tag the built Docker image with the ECR repository URI and latest tag. Option D is the command to push the Docker image to the ECR repository with the latest tag.
In summary, the correct command to put in the pre_build stage in the buildspec.yml file is option B: aws ecr get-login --region $AWS_DEFAULT_REGION, which authenticates Docker CLI to the ECR repository in the build phase.