Elastic Beanstalk - Docker Platform with ECR - Specifying a tag via environment variable

I am looking at using Elastic Beanstalk + ECR to manage deployments.

FROM <ACCOUNT_ID>.dkr.ecr.us-east-1.amazonaws.com/<repoName>:<TAG>
ADD entrypoint.sh /
EXPOSE 8080 8787 9990
ENTRYPOINT [ "/entrypoint.sh" ]

This is working if I hard code the entire FROM .. But What I really want is to pass the tag as an environment variable. I want to pin the version.

What I am trying to do is have Code Build build, deploy, test, and (if all goes well), promote the artifact to a STAGE repo.. where it will be promoted to a Prod after another set of tests.

Then our terraform can pass the commitId to deploy.

I want to avoid deploying latest tag because we want to control when the change gets release and there is potential for auto-scale event to pull it before it has been tested.

My optimistic attempt to add ${GIT_COMMIT} illustrated that the Dockerfile's FROM does not interpret Environment Variables. And a few passes with sed suggested that all the file coying beanstalk does ( to onDeck / staging / current ) probably would not be wise.

I am wondering if people have had success addressing similar goals with Beanstalk/ECR.

Have you considered using ARG in your Dockerfile. Passing an argument to a Dockerfile should work. Take a look at Understand how ARG and FROM interact. Your Dockerfile should look like this:

ARG GIT_TAG
FROM <ACCOUNT_ID>.dkr.ecr.us-east-1.amazonaws.com/<repoName>:${GIT_TAG}
ADD entrypoint.sh /
EXPOSE 8080 8787 9990
ENTRYPOINT [ "/entrypoint.sh" ]

Then you should be able to build your image using something like this:

docker build --build-arg GIT_TAG=SOME_TAG .