unable to deploy a service to apprunner from local machine

[atali]

I am trying to deploy my service from my local machine but I got the following error:

AWS_PROFILE=mycompany-dev AWS_REGION=us-east-1 copilot svc deploy                                  
Only found one service, defaulting to: backend
Only found one environment, defaulting to: test
Building your container image: docker build -t 000000000000.dkr.ecr.us-east-1.amazonaws.com/mycompany-poc/backend -t 000000000000.dkr.ecr.us-east-1.amazonaws.com/mycompany-poc/backend:237.2416.226-529-gb58831c202 --platform linux/amd64 /Users/myuser/Developer/myrepo/backend -f /Users/myuser/Developer/myrepo/backend/docker/tomcat.Dockerfile
[+] Building 2.3s (21/21) FINISHED                                                                                                                                        
 => [internal] load .dockerignore                                                                                                                                    0.0s
 => => transferring context: 49B                                                                                                                                     0.0s
 => [internal] load build definition from tomcat.Dockerfile                                                                                                          0.0s
 => => transferring dockerfile: 2.02kB                                                                                                                               0.0s
 => resolve image config for docker.io/docker/dockerfile:1                                                                                                           1.1s
 => CACHED docker-image://docker.io/docker/dockerfile:1@sha256:9ba7531bd80fb0a858632727cf7a112fbfd19b17e94c4e84ced81e24ef1a0dbc                                      0.0s
 => => resolve docker.io/docker/dockerfile:1@sha256:9ba7531bd80fb0a858632727cf7a112fbfd19b17e94c4e84ced81e24ef1a0dbc                                                 0.0s
 => [internal] load metadata for public.ecr.aws/amazoncorretto/amazoncorretto:11                                                                                     0.6s
 => [internal] load metadata for public.ecr.aws/docker/library/tomcat:8.5.75-jre11                                                                                   0.6s
 => [builder 1/8] FROM public.ecr.aws/amazoncorretto/amazoncorretto:11@sha256:a3966cd88aead2a0400eaa71c01010991e06c457541e952cdd138939ced08542                       0.0s
 => => resolve public.ecr.aws/amazoncorretto/amazoncorretto:11@sha256:a3966cd88aead2a0400eaa71c01010991e06c457541e952cdd138939ced08542                               0.0s
 => [internal] load build context                                                                                                                                    0.2s
 => => transferring context: 321.75kB                                                                                                                                0.2s
 => [stage-1 1/5] FROM public.ecr.aws/docker/library/tomcat:8.5.75-jre11@sha256:8cd1b986ca5bab3f977929243461962325fc4c46cceedf81decbcd26c65b9827                     0.0s
 => => resolve public.ecr.aws/docker/library/tomcat:8.5.75-jre11@sha256:8cd1b986ca5bab3f977929243461962325fc4c46cceedf81decbcd26c65b9827                             0.0s
 => CACHED [builder 2/8] RUN mkdir -p /opt/scripts                                                                                                                   0.0s
 => CACHED [builder 3/8] WORKDIR build                                                                                                                               0.0s
 => CACHED [builder 4/8] COPY . .                                                                                                                                    0.0s
 => CACHED [builder 5/8] COPY docker/build.sh /opt/scripts/                                                                                                          0.0s
 => CACHED [builder 6/8] RUN ls -al                                                                                                                                  0.0s
 => CACHED [builder 7/8] RUN pwd                                                                                                                                     0.0s
 => CACHED [builder 8/8] RUN /opt/scripts/build.sh                                                                                                                   0.0s
 => CACHED [stage-1 2/5] COPY --from=builder build/mycompany/build/libs/mycompany.war /usr/local/tomcat/webapps/ROOT.war                                                 0.0s
 => CACHED [stage-1 3/5] COPY mycompany/src/main/webapp/.ebextensions/server.xml /usr/local/tomcat/conf/server.xml                                                     0.0s
 => CACHED [stage-1 4/5] COPY mycompany/src/main/webapp/.ebextensions/mysql-connector-java-8.0.13.jar /usr/local/tomcat/lib                                            0.0s
 => CACHED [stage-1 5/5] COPY mycompany/src/main/webapp/.ebextensions/setenv.sh /usr/local/tomcat/bin                                                                  0.0s
 => exporting to image                                                                                                                                               0.1s
 => => exporting layers                                                                                                                                              0.0s
 => => exporting manifest sha256:c7aa769a60784645963098413063b016c2f5ba3c721ae9b3adbb12315ffc2549                                                                    0.0s
 => => exporting config sha256:5e0ae938f40c530bbe3237c86c3e64be1562c0bb81ae92a39ed7260c7412bd05                                                                      0.0s
 => => naming to 000000000000.dkr.ecr.us-east-1.amazonaws.com/mycompany-poc/backend:latest                                                                             0.0s
 => => unpacking to 000000000000.dkr.ecr.us-east-1.amazonaws.com/mycompany-poc/backend:latest                                                                          0.0s
 => => naming to 000000000000.dkr.ecr.us-east-1.amazonaws.com/mycompany-poc/backend:237.2416.226-529-gb58831c202                                                       0.0s
 => => unpacking to 000000000000.dkr.ecr.us-east-1.amazonaws.com/mycompany-poc/backend:237.2416.226-529-gb58831c202                                                    0.0s
Login Succeeded
Using default tag: latest
00492ed079a9: Pushed 
0c6b8ff8c37e: Pushed 
5587298b1210: Pushed 
d8dadb5783fc: Pushed 
ae79eabdf33e: Pushed 
777a7fcda943: Pushed 
c7aa769a6078: Pushed 
412caad352a3: Pushed 
d3bbeec57145: Pushed 
121319d3ac51: Pushed 
f32dd25a9156: Pushed 
cd32ce0efa70: Pushed 
a6c11f0647f8: Pushed 
49c08883b060: Pushed 
5e0ae938f40c: Pushed 
e6d3e61f7a50: Pushed 
latest: digest: sha256:c7aa769a60784645963098413063b016c2f5ba3c721ae9b3adbb12315ffc2549, size: 3257
121319d3ac51: Pushed 
d8dadb5783fc: Pushed 
a6c11f0647f8: Pushed 
ae79eabdf33e: Pushed 
777a7fcda943: Pushed 
0c6b8ff8c37e: Pushed 
cd32ce0efa70: Pushed 
49c08883b060: Pushed 
c7aa769a6078: Pushed 
5e0ae938f40c: Pushed 
f32dd25a9156: Pushed 
5587298b1210: Pushed 
d3bbeec57145: Pushed 
00492ed079a9: Pushed 
412caad352a3: Pushed 
e6d3e61f7a50: Pushed 
237.2416.226-529-gb58831c202: digest: sha256:c7aa769a60784645963098413063b016c2f5ba3c721ae9b3adbb12315ffc2549, size: 3257
Template parsing error: template: :1:9: executing "" at <index .RepoDigests 0>: error calling index: reflect: slice index out of range
upload deploy resources for service backend: build and push image: push to repo mycompany-poc/backend: inspect image digest for 000000000000.dkr.ecr.us-east-1.amazonaws.com/mycompany-poc/backend: exit status 1

From codepipeline it seems to work but not from my machine. I did some investigation but the RepoDigests is empty when the image is build locally.
But if I clean my local image and download the image with the sha256 from ECR, I got the RepoDigest filled correctly.

I think the issue is coming from this part of the code:

// Push pushes the images with the specified tags and ecr repository URI, and returns the image digest on success.
func (c CmdClient) Push(uri string, tags ...string) (digest string, err error) {
	images := []string{uri}
	for _, tag := range tags {
		images = append(images, imageName(uri, tag))
	}
	var args []string
	if ci, _ := c.lookupEnv("CI"); ci == "true" {
		args = append(args, "--quiet")
	}

	for _, img := range images {
		if err := c.runner.Run("docker", append([]string{"push", img}, args...)); err != nil {
			return "", fmt.Errorf("docker push %s: %w", img, err)
		}
	}
	buf := new(strings.Builder)
	if err := c.runner.Run("docker", []string{"inspect", "--format", "'{{json (index .RepoDigests 0)}}'", uri}, exec.Stdout(buf)); err != nil {
		return "", fmt.Errorf("inspect image digest for %s: %w", uri, err)
	}
	repoDigest := strings.Trim(strings.TrimSpace(buf.String()), `"'`) // remove new lines and quotes from output
	parts := strings.SplitAfter(repoDigest, "@")
	if len(parts) != 2 {
		return "", fmt.Errorf("parse the digest from the repo digest '%s'", repoDigest)
	}
	return parts[1], nil
}

It's not clear for me when the RepoDigests is set ?

This is the result of the command of inspect :

docker inspect 510424353395.dkr.ecr.us-east-1.amazonaws.com/mycompany-poc/backend@sha256:c7aa769a60784645963098413063b016c2f5ba3c721ae9b3adbb12315ffc2549 

[
    {
        "Id": "sha256:c7aa769a60784645963098413063b016c2f5ba3c721ae9b3adbb12315ffc2549",
        "RepoTags": [
            "000000000000.dkr.ecr.us-east-1.amazonaws.com/mycompany-poc/backend:0.0.1",
            "000000000000.dkr.ecr.us-east-1.amazonaws.com/mycompany-poc/backend:237.2416.226-529-gb58831c202",
            "000000000000.dkr.ecr.us-east-1.amazonaws.com/mycompany-poc/backend:latest"
        ],
        "RepoDigests": [],
        "Parent": "",
        "Comment": "",
        "Created": "0001-01-01T00:00:00Z",
        ...

My manifest looks like :

name: backend
type: Request-Driven Web Service

image:
  build:
    dockerfile: ./backend/docker/tomcat.Dockerfile
    context: ./backend
  port: 8080


http:
  path: '/'
  alias: poc-api.dev.mycompany.com
  hosted_zone: ZZZZZZZZZZZZZZZZ

cpu: 1024
memory: 2048

network:
  vpc:
    placement: private
    id: 'vpc-1234'
    security_groups: ['sg-1234']
    subnets:
      private:
        - id: 'subnet-12345'
        - id: 'subnet-56789'

variables:
  AWS_REGION:	"us-east-1"
 

Any suggestions ?

[dannyrandall]

Hey @atali! Thanks for sharing all of those details. If you go to the AWS account where your test environment is, open the CloudFormation console, click on the stack called StackSet-mycompany-poc-test-randomID, and switch to the "Outputs" tab - what is the value of the key ECRRepobackend?

[atali]

Hey @dannyrandall ,

this is the output of ECRRepobackend: arn:aws:ecr:us-east-1:000000000000:repository/mycompany-poc/backend

obviously, the account and the company has been changed

do you have any idea what could cause the issue ?

[huanjani]

Hi, @atali!
It looks like you're experiencing something similar to what is described here: https://stackoverflow.com/questions/53165393/comparing-local-and-remote-image-built-in-docker. I'll keep digging, but that could be a starting point for us!

[huanjani]

What version of Docker are you using?

[atali]

Hi @huanjani ,

Yes,it seems to be the behaviour.

I am using docker desktop. Below all the info :

[huanjani]

Hi!
I also found this, which is kind of interesting.
But first: I just noticed that your manifest may be configured incorrectly. Request-Driven Web (AppRunner) Services don't have all the same fields available as the ECS workloads. For instance, id is not a valid field, and if private is indicated for vpc.placement, the traffic goes through the private subnets, so you don't need to further specify them. See this page for more details. Sorry for not noticing that sooner! Hope this helps!

[huanjani]

Ah! I just realized that you were following the guidance for environment manifests when configuring your VPC. Sorry-- it is confusing that the different manifests have different fields/syntax.

[github-actions]

This issue is stale because it has been open 60 days with no response activity, and is tagged with pending/question. Remove the stale label, add a comment, or this will be closed in 14 days.

[github-actions]

This issue is closed due to inactivity. Feel free to reopen the issue if you have any follow-ups!