CI/CD Pipeline for Python Apps: GitHub to Amazon ECR

In modern DevOps practices, automating build and deployment pipelines is essential for faster delivery, consistency, and reliability. In this blog, we’ll walk through setting up a CI/CD pipeline for a Python application using GitHub Actions, which builds a Docker image and pushes it to Amazon Elastic Container Registry (ECR).

🌐 Why CI/CD with GitHub and ECR?

• GitHub Actions is a powerful native CI/CD tool that integrates seamlessly with your GitHub repositories.
• Amazon ECR is a secure, scalable, and reliable container registry for storing Docker images.
• Automating the pipeline ensures consistent builds, less manual intervention, and quicker feedback loops.

🔧 Prerequisites

Before getting started, make sure you have:

1. A GitHub repository containing your Python application.
2. A valid Dockerfile in your project root.
3. An AWS account with permissions to access and push to Amazon ECR.
4. An Amazon ECR repository created.
5. GitHub Secrets configured:

• AWS_ACCESS_KEY_ID
• AWS_SECRET_ACCESS_KEY
• AWS_REGION
• ECR_REPOSITORY

📂 Sample Project Structure

my-python-app/
├── app.py
├── requirements.txt
├── Dockerfile
└── .github/
    └── workflows/
        └── deploy-to-ecr.yml

⚙️ GitHub Actions Workflow

Create the file .github/workflows/deploy-to-ecr.yml with the following content:

name: Build and Push to Amazon ECR

on:
  push:
    branches:
      - main

jobs:
  build-and-push:
    runs-on: ubuntu-latest

    steps:
    - name: Checkout source
      uses: actions/checkout@v3

    - name: Configure AWS credentials
      uses: aws-actions/configure-aws-credentials@v2
      with:
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        aws-region: ${{ secrets.AWS_REGION }}

    - name: Login to Amazon ECR
      id: login-ecr
      uses: aws-actions/amazon-ecr-login@v1

    - name: Build, tag, and push Docker image to ECR
      env:
        ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }}
        IMAGE_TAG: ${{ github.sha }}
      run: |
        docker build -t $ECR_REPOSITORY:$IMAGE_TAG .
        docker push $ECR_REPOSITORY:$IMAGE_TAG

    - name: Output pushed image info
      run: echo "Image pushed: ${{ secrets.ECR_REPOSITORY }}:${{ github.sha }}"

🚀 Final Result

After pushing to the main branch, GitHub Actions will:

1. Checkout the code.
2. Authenticate with AWS.
3. Build the Docker image.
4. Tag it using the commit SHA.
5. Push the image to the specified ECR repository.

🚧 What’s Next?

• Integrate testing stages before deployment.
• Add deployment to Amazon ECS, EKS, or Lambda.
• Set up notifications via Slack or Google Chat.

✨ Conclusion

With just a few steps, you’ve now automated your CI/CD pipeline from GitHub to Amazon ECR. This setup improves reliability and speeds up your deployment process. Happy deploying!