Illustration of Docker logo with an arrow to ECR logo

Building a Docker image in Jenkinsfile and publishing to ECR

Terence Wong

In this post, you learn how to build and push the Octopus Deploy underwater app to Amazon Elastic Container Registry (ECR) using Jenkins.


To follow along, you need:

  • An Amazon Web Services (AWS) account
  • A Jenkins instance
  • A GitHub account

For instructions on installing Jenkins in your chosen environment, you can refer to our guides:

This post uses the Octopus underwater app repository. You can fork the repository and follow along.

Alternatively, the jenkins-ecr branch contains the template files to complete the steps in this post. You'll need to replace some values with your own. I've included my values in this post as a reference.

Amazon Web Services setup

To set up AWS for Jenkins, you need to create an access key and an ECR repository to store the image.

To create an access key, go to Amazon Console, then IAM, then Users, [your user], Security credentials, and Create Access Key.

Your browser will download a file containing the Access Key ID and the Secret Access Key. These values will be used in Jenkins to authenticate to Amazon.

To create a repository, go to the Amazon Console, then ECR, then Create Repository.

You need to set up an image repository for each image that you publish. Give the repository the same name you want the image to have.

You will see your repository under Amazon ECR, then Repositories. Make a note of the zone it's in, in the URI field.

ECR Repository

Jenkins setup

First, you need to install some plugins to interact with Docker and Amazon.

Go to the Dashboard, then Manage Jenkins, then Manage Plugins.

You need the following plugins:

You can search for these plugins in the Available tab. After they're installed, they appear in the Installed tab.

You use a Jenkinsfile to compile, build, test, and push the image to Amazon ECR. A Jenkinsfile is a configuration file that defines a Jenkins Pipeline. A Jenkins Pipeline is a series of steps that Jenkins performs on an artifact to achieve the desired result. In this case, it's the clone, build, test, and push of an image to Amazon ECR.

The power of using a Jenkinsfile is to check it into source control to manage different versions of the file.

In your Jenkins instance, go to Manage Jenkins, then Manage Credentials, then Jenkins Store, then Global Credentials (unrestricted), and finally Add Credentials.

Manage Credentials

Fill in the following fields, leaving everything else as default:

  • Kind - AWS credentials
  • ID - aws-credentials, for example
  • Access Key ID - Access Key ID from earlier
  • Secret Access Key - Secret Access Key from earlier

Click OK to save.

Input Key

Go to the Jenkins Dashboard, then New Item.

Give your pipeline a name and select the Pipeline item, then OK.

Add Pipeline

Fill out the following fields for the pipeline, leaving everything else as default:

  • GitHub hook trigger for GITScm polling - check the box
  • Definition - pipeline script from SCM
  • SCM - Git
  • Repository URL - the URL of your forked repo and the jenkins-ecr branch
  • Credentials - zone of the repository
  • Branch Specifier - */jenkins-ecr

Click SAVE.

GitHub setup

For this example, you use a sample web application that displays an animated underwater scene with helpful links.

You need to set up a webhook so that Jenkins knows when the repository is updated. To do this, go to Settings, then Webhooks.


Fill out the following fields, leaving everything else as default.

  • Payload URL - http://[jenkins-url]/github-webhook/
  • Content type - application/json
  • Which events would you like to trigger this webhook?- select Just the push event

Click Add webhook to save.

Add a Jenkins file to the root level of the repository. You need to reference your Amazon ECR repository. Note the following changes required below:

pipeline {
    agent any
    options {
    stages {
         stage('Clone repository') { 
            steps { 
                checkout scm

        stage('Build') { 
            steps { 
                 app ="underwater")
            steps {
                 echo 'Empty'
        stage('Deploy') {
            steps {
                        docker.withRegistry('', 'ecr:us-east-2:aws-credentials') {

The Jenkinsfile consists of different stages. Jenkins will run each of these stages in order, and if the build fails, you'll see which stage failed.

Commit your code to GitHub. The commit will trigger a build job in Jenkins. Go to your Jenkins instance URL to see the build.

I had to trigger a Jenkins job by clicking the Build now button. After this, the webhook triggers worked on every push.

Jenkins Success

After the build finishes, go to the Amazon ECR to see a new image built and pushed to the repository. It tags the latest push with the Jenkins build number and latest.

ECR Success


In this post, you set up a Jenkins Pipeline to build a GitHub repository and push it to Amazon ECR. The Jenkinsfile can push to other container registries such as those offered by Google and Microsoft. It can also include additional stages depending on the build requirements.

After the image is pushed, you can use a tool like Octopus Deploy to deploy the image to a target environment. If you're not already using Octopus Deploy, you can sign up for a free trial.

Check out our other posts about deploying with Jenkins, Kubernetes, and Octopus Deploy:

Try our free Jenkins Pipeline Generator tool to create a Pipeline file in Groovy syntax. It's everything you need to get your Pipeline project started.

Watch our Jenkins Pipeline webinar

We host webinars regularly. See the webinars page for details about upcoming events, and live stream recordings.

Read the rest of our Continuous Integration series.

Happy deployments!