Deployment Credentials & Instructions
The Deployment tab in your environment details provides the tools and instructions needed to deploy new versions of your application. The deployment process varies depending on whether you’re using internal (private) or external (public) container images.
Understanding Image Types
Internal Images These are private container images stored in Quant Cloud’s managed ECR (Elastic Container Registry). Internal images require authentication to access and are ideal for proprietary applications or when you need full control over your container registry.
External Images
These are publicly available images from registries like Docker Hub, or images from your own external private registries. External images are referenced directly by their public registry path (e.g., nginx:latest
, node:18-alpine
).
ECR Authentication for Internal Images
When working with internal images, you need to authenticate with Quant Cloud’s ECR before you can push new image versions.
Getting ECR Login Credentials The Deployment tab provides a “Refresh ECR Login Command” button that generates temporary authentication credentials for your organization’s ECR. These credentials are:
- Temporary: Valid for approximately 11 hours from generation
- Organization-specific: Tied to your current organization context
- Automatically formatted: Provided as a ready-to-use
docker login
command
Using the Login Command
- Click “Refresh ECR Login Command” to generate fresh credentials
- Copy the provided
docker login
command - Run the command in your terminal where Docker is installed
- Verify successful authentication with the “Login Succeeded” message
The interface shows the expiration time for your current credentials, so you know when to refresh them.
Container-Specific Deployment Instructions
Selecting Your Container Use the dropdown menu to select which container you want to deploy. The instructions will automatically adapt based on whether that container uses internal or external images.
Internal Image Deployment Workflow For containers configured with internal images, the tab provides a complete deployment workflow:
-
Build & Tag: Create and tag your Docker image locally
Terminal window docker tag YOUR_IMAGE:TAG ECR_REPOSITORY_URI:CONFIGURED_TAG -
Authenticate: Use the ECR login command from the section above
-
Push: Upload your image to the ECR repository
Terminal window docker push ECR_REPOSITORY_URI:CONFIGURED_TAG -
Redeploy: Click the “Redeploy” button to update your environment with the new image
The interface displays your current configured image identifier (e.g., php-latest
) and provides the exact ECR repository URI for your application.
External Image Updates For containers using external images, the process is simpler:
- Update the image identifier in your container configuration
- Save the configuration changes
- Click “Redeploy” to apply the new image
GitHub Actions Integration
Quant Cloud provides GitHub Actions to streamline ECR authentication and deployment in your CI/CD pipelines.
ECR Login Action
The quant-cloud-ecr-action automatically handles ECR authentication in your workflows:
- name: Get ECR Credentials uses: quantcdn/quant-cloud-ecr-action@v1 id: ecr-login with: api_key: ${{ secrets.QUANT_API_KEY }} organization: your-org-name
- name: Login to ECR uses: docker/login-action@v3 with: registry: ${{ steps.ecr-login.outputs.endpoint }} username: ${{ steps.ecr-login.outputs.username }} password: ${{ steps.ecr-login.outputs.password }}
Complete Build and Deploy Workflow
Here’s an example of a complete CI/CD workflow that builds, pushes, and deploys images:
name: Build and Push to Quant Cloud ECR
on: push: branches: [develop, master] tags: ['*']
jobs: build-and-push: runs-on: ubuntu-latest
steps: - name: Checkout code uses: actions/checkout@v4
- name: Set up Docker Buildx uses: docker/setup-buildx-action@v3
- name: Determine image tag id: vars run: | if [[ $GITHUB_REF == refs/tags/* ]]; then echo "suffix=-${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT elif [[ $GITHUB_REF == refs/heads/develop ]]; then echo "suffix=-staging" >> $GITHUB_OUTPUT echo "environment=staging" >> $GITHUB_OUTPUT elif [[ $GITHUB_REF == refs/heads/master ]]; then echo "suffix=-latest" >> $GITHUB_OUTPUT echo "environment=production" >> $GITHUB_OUTPUT fi
- name: Get ECR Credentials uses: quantcdn/quant-cloud-ecr-action@v1 id: ecr-login with: api_key: ${{ secrets.QUANT_API_KEY }} organization: your-org
- name: Login to ECR uses: docker/login-action@v3 with: registry: ${{ steps.ecr-login.outputs.endpoint }} username: ${{ steps.ecr-login.outputs.username }} password: ${{ steps.ecr-login.outputs.password }}
- name: Build and push image uses: docker/build-push-action@v5 with: context: . platforms: linux/arm64 push: true tags: | ${{ steps.ecr-login.outputs.endpoint }}/your-org/your-app:web${{ steps.vars.outputs.suffix }}
- name: Redeploy environment uses: quantcdn/quant-cloud-environment-state-action@v1 with: api_key: ${{ secrets.QUANT_API_KEY }} organization: your-org application: your-app environment: ${{ steps.vars.outputs.environment }} action: redeploy
Best Practices
Image Tagging Strategy Use meaningful tags that correspond to your deployment strategy:
latest
for production releasesstaging
for staging environment testing- Version numbers for specific releases (e.g.,
v1.2.3
) - Branch names for feature development
Security Considerations
- Store API keys as GitHub secrets, never in your workflow files
- Use temporary ECR credentials rather than long-lived access keys
- Regularly rotate your Quant Cloud API keys
Workflow Optimization
- Build for ARM64 architecture when possible for better cost efficiency
- Use Docker layer caching to speed up builds
- Implement conditional deployments based on branch or tag patterns
Environment Management
- Use different image tags for different environments
- Automate staging deployments but require manual approval for production
- Monitor deployment status and implement rollback procedures
The Deployment tab centralizes all the information and tools needed for efficient container deployment, whether you’re working locally or setting up automated CI/CD pipelines.