codebuild 0.1.0 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.codebuild/buildspec.yml +8 -0
- data/.codebuild/project.rb +16 -0
- data/.gitignore +2 -0
- data/.rspec +1 -0
- data/CHANGELOG.md +7 -0
- data/README.md +118 -4
- data/codebuild.gemspec +5 -2
- data/lib/codebuild/aws_services/helpers.rb +52 -0
- data/lib/codebuild/aws_services.rb +17 -0
- data/lib/codebuild/cli.rb +50 -4
- data/lib/codebuild/create.rb +12 -0
- data/lib/codebuild/delete.rb +26 -0
- data/lib/codebuild/deploy.rb +11 -0
- data/lib/codebuild/dsl/project/ssm.rb +22 -0
- data/lib/codebuild/dsl/project.rb +116 -0
- data/lib/codebuild/dsl/role.rb +40 -0
- data/lib/codebuild/dsl.rb +8 -0
- data/lib/codebuild/evaluate.rb +52 -0
- data/lib/codebuild/help/deploy.md +8 -0
- data/lib/codebuild/help/init.md +24 -0
- data/lib/codebuild/help/start.md +6 -0
- data/lib/codebuild/init.rb +75 -0
- data/lib/codebuild/project.rb +62 -0
- data/lib/codebuild/role.rb +73 -0
- data/lib/codebuild/sequence.rb +60 -0
- data/lib/codebuild/stack.rb +34 -0
- data/lib/codebuild/start.rb +39 -0
- data/lib/codebuild/update.rb +12 -0
- data/lib/codebuild/version.rb +1 -1
- data/lib/codebuild.rb +14 -2
- data/lib/template/.codebuild/buildspec.yml +12 -4
- data/lib/template/.codebuild/project.rb.tt +17 -0
- data/lib/template/.codebuild/role.rb +1 -0
- data/readme/full_dsl.md +84 -0
- data/readme/github_oauth.md +37 -0
- data/readme/lookup.md +34 -0
- data/spec/fixtures/app/.codebuild/project.rb +2 -0
- data/spec/fixtures/app/.codebuild/role.rb +1 -0
- data/spec/lib/cli_spec.rb +10 -30
- data/spec/lib/project_spec.rb +12 -0
- data/spec/lib/role_spec.rb +12 -0
- metadata +83 -10
- data/Gemfile.lock +0 -80
- data/lib/codebuild/help/hello.md +0 -5
- data/lib/template/.codebuild/buildspec-example.yml +0 -37
- data/lib/template/.codebuild/project.rb +0 -17
@@ -0,0 +1,24 @@
|
|
1
|
+
## Examples
|
2
|
+
|
3
|
+
codebuild init # infers the name from the parent folder
|
4
|
+
codebuild init --name demo-codebuild-project # set the name
|
5
|
+
|
6
|
+
## Custom Templates
|
7
|
+
|
8
|
+
If you would like the `codebuild init` command to use your own custom templates, you can achieve this with the `--template` and `--template-mode` options. Example:
|
9
|
+
|
10
|
+
codebuild init --template=tongueroo/codebuild-custom-template
|
11
|
+
|
12
|
+
This will clone the repo on GitHub into the `~/.codebuild/templates/tongueroo/codebuild-custom-template` and use that as an additional template source. The default `--template-mode=additive` mode means that if there's a file in `tongueroo/codebuild-custom-template` that exists it will use that in place of the default template files.
|
13
|
+
|
14
|
+
If you do not want to use any of the original default template files within the ufo gem at all, you can use the `--template-mode=replace` mode. Replace mode will only use templates from the provided `--template` option. Example:
|
15
|
+
|
16
|
+
codebuild init --template=tongueroo/codebuild-custom-template --template-mode=replace
|
17
|
+
|
18
|
+
You can also specific the full GitHub url. Example:
|
19
|
+
|
20
|
+
codebuild init --template=https://github.com/tongueroo/codebuild-custom-template
|
21
|
+
|
22
|
+
If you would like to use a local template that is not on GitHub, then created a top-level folder in `~/.codebuild/templates` without a subfolder. Example:
|
23
|
+
|
24
|
+
codebuild init --template=my-custom # uses ~/.codebuild/templates/my-custom
|
@@ -0,0 +1,75 @@
|
|
1
|
+
module Codebuild
|
2
|
+
class Init < Sequence
|
3
|
+
# Ugly, this is how I can get the options from to match with this Thor::Group
|
4
|
+
def self.cli_options
|
5
|
+
[
|
6
|
+
[:name, desc: "CodeBuild project name."],
|
7
|
+
[:force, type: :boolean, desc: "Bypass overwrite are you sure prompt for existing files."],
|
8
|
+
[:template, desc: "Custom template to use."],
|
9
|
+
[:template_mode, desc: "Template mode: replace or additive."],
|
10
|
+
]
|
11
|
+
end
|
12
|
+
cli_options.each { |o| class_option(*o) }
|
13
|
+
|
14
|
+
def setup_template_repo
|
15
|
+
return unless @options[:template]&.include?('/')
|
16
|
+
|
17
|
+
sync_template_repo
|
18
|
+
end
|
19
|
+
|
20
|
+
def set_source_path
|
21
|
+
return unless @options[:template]
|
22
|
+
|
23
|
+
custom_template = "#{ENV['HOME']}/.codebuild/templates/#{@options[:template]}"
|
24
|
+
|
25
|
+
if @options[:template_mode] == "replace" # replace the template entirely
|
26
|
+
override_source_paths(custom_template)
|
27
|
+
else # additive: modify on top of default template
|
28
|
+
default_template = File.expand_path("../../template", __FILE__)
|
29
|
+
override_source_paths([custom_template, default_template])
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
33
|
+
def copy_project
|
34
|
+
puts "Initialize codebuild project in .codebuild"
|
35
|
+
if @options[:template]
|
36
|
+
directory ".", ".codebuild", exclude_pattern: /.git/
|
37
|
+
else
|
38
|
+
directory ".", exclude_pattern: /.git/
|
39
|
+
end
|
40
|
+
end
|
41
|
+
|
42
|
+
private
|
43
|
+
def project_name
|
44
|
+
inferred_name = File.basename(Dir.pwd).gsub('_','-').gsub(/[^0-9a-zA-Z,-]/, '')
|
45
|
+
@options[:name] || inferred_name
|
46
|
+
end
|
47
|
+
|
48
|
+
def project_github_url
|
49
|
+
default = "https://github.com/user/repo"
|
50
|
+
return default unless File.exist?(".git/config") && git_installed?
|
51
|
+
|
52
|
+
url = `git config --get remote.origin.url`.strip
|
53
|
+
url = url.sub('git@github.com:','https://github.com/')
|
54
|
+
url == '' ? default : url
|
55
|
+
end
|
56
|
+
|
57
|
+
def lookup_managed_image(pattern=/ruby:/)
|
58
|
+
resp = codebuild.list_curated_environment_images
|
59
|
+
|
60
|
+
# Helpful for debugging:
|
61
|
+
# aws codebuild list-curated-environment-images | jq -r '.platforms[].languages[].images[].versions[]' | sort
|
62
|
+
|
63
|
+
versions = []
|
64
|
+
resp.platforms.each do |platform|
|
65
|
+
platform.languages.each do |lang|
|
66
|
+
lang.images.each do |image|
|
67
|
+
versions += image.versions.compact
|
68
|
+
end
|
69
|
+
end
|
70
|
+
end
|
71
|
+
versions = versions.select { |v| v =~ pattern }
|
72
|
+
versions.sort.last # IE: aws/codebuild/ruby:2.5.3-1.7.0
|
73
|
+
end
|
74
|
+
end
|
75
|
+
end
|
@@ -0,0 +1,62 @@
|
|
1
|
+
require "yaml"
|
2
|
+
|
3
|
+
module Codebuild
|
4
|
+
class Project
|
5
|
+
include Dsl::Project
|
6
|
+
include Evaluate
|
7
|
+
|
8
|
+
def initialize(options={})
|
9
|
+
@options = options
|
10
|
+
@project_path = options[:project_path] || get_project_path
|
11
|
+
# These defaults make it the project.rb simpler
|
12
|
+
@properties = default_properties
|
13
|
+
end
|
14
|
+
|
15
|
+
def run
|
16
|
+
evaluate(@project_path)
|
17
|
+
resource = {
|
18
|
+
code_build: {
|
19
|
+
type: "AWS::CodeBuild::Project",
|
20
|
+
properties: @properties
|
21
|
+
}
|
22
|
+
}
|
23
|
+
CfnCamelizer.transform(resource)
|
24
|
+
end
|
25
|
+
|
26
|
+
def default_properties
|
27
|
+
{
|
28
|
+
artifacts: { type: "NO_ARTIFACTS" },
|
29
|
+
service_role: { ref: "IamRole" },
|
30
|
+
badge_enabled: true,
|
31
|
+
timeout_in_minutes: 20,
|
32
|
+
logs_config: {
|
33
|
+
cloud_watch_logs: {
|
34
|
+
status: "ENABLED",
|
35
|
+
# the default log group name is thankfully the project name
|
36
|
+
}
|
37
|
+
},
|
38
|
+
source: {
|
39
|
+
type: "GITHUB",
|
40
|
+
# location: "", # required
|
41
|
+
git_clone_depth: 1,
|
42
|
+
git_submodules_config: { fetch_submodules: true },
|
43
|
+
build_spec: build_spec,
|
44
|
+
# auth doesnt seem to work, refer to https://github.com/tongueroo/codebuild/blob/master/readme/github_oauth.md
|
45
|
+
# auth: {
|
46
|
+
# type: "OAUTH",
|
47
|
+
# # resource: "", # required
|
48
|
+
# },
|
49
|
+
report_build_status: true,
|
50
|
+
}
|
51
|
+
}
|
52
|
+
end
|
53
|
+
|
54
|
+
def get_project_path
|
55
|
+
lookup_codebuild_file("project.rb")
|
56
|
+
end
|
57
|
+
|
58
|
+
def build_spec
|
59
|
+
lookup_codebuild_file("buildspec.yml")
|
60
|
+
end
|
61
|
+
end
|
62
|
+
end
|
@@ -0,0 +1,73 @@
|
|
1
|
+
require "yaml"
|
2
|
+
|
3
|
+
module Codebuild
|
4
|
+
class Role
|
5
|
+
include Codebuild::Dsl::Role
|
6
|
+
include Evaluate
|
7
|
+
|
8
|
+
def initialize(options={})
|
9
|
+
@options = options
|
10
|
+
@role_path = options[:role_path] || get_role_path
|
11
|
+
@properties = default_properties
|
12
|
+
@iam_policy = {}
|
13
|
+
end
|
14
|
+
|
15
|
+
def run
|
16
|
+
evaluate(@role_path) if File.exist?(@role_path)
|
17
|
+
@properties[:policies] = [{
|
18
|
+
policy_name: "CodeBuildAccess",
|
19
|
+
policy_document: {
|
20
|
+
version: "2012-10-17",
|
21
|
+
statement: derived_iam_statements
|
22
|
+
}
|
23
|
+
}]
|
24
|
+
resource = {
|
25
|
+
IamRole: {
|
26
|
+
type: "AWS::IAM::Role",
|
27
|
+
properties: @properties
|
28
|
+
}
|
29
|
+
}
|
30
|
+
CfnCamelizer.transform(resource)
|
31
|
+
end
|
32
|
+
|
33
|
+
private
|
34
|
+
def get_role_path
|
35
|
+
lookup_codebuild_file("role.rb")
|
36
|
+
end
|
37
|
+
|
38
|
+
def default_properties
|
39
|
+
{
|
40
|
+
assume_role_policy_document: {
|
41
|
+
statement: [{
|
42
|
+
action: ["sts:AssumeRole"],
|
43
|
+
effect: "Allow",
|
44
|
+
principal: {
|
45
|
+
service: ["codebuild.amazonaws.com"]
|
46
|
+
}
|
47
|
+
}],
|
48
|
+
version: "2012-10-17"
|
49
|
+
},
|
50
|
+
path: "/"
|
51
|
+
}
|
52
|
+
end
|
53
|
+
|
54
|
+
def derived_iam_statements
|
55
|
+
@iam_statements || default_iam_statements
|
56
|
+
end
|
57
|
+
|
58
|
+
def default_iam_statements
|
59
|
+
[{
|
60
|
+
action: [
|
61
|
+
"logs:CreateLogGroup",
|
62
|
+
"logs:CreateLogStream",
|
63
|
+
"logs:PutLogEvents",
|
64
|
+
"ssm:DescribeDocumentParameters",
|
65
|
+
"ssm:DescribeParameters",
|
66
|
+
"ssm:GetParameter*",
|
67
|
+
],
|
68
|
+
effect: "Allow",
|
69
|
+
resource: "*"
|
70
|
+
}]
|
71
|
+
end
|
72
|
+
end
|
73
|
+
end
|
@@ -0,0 +1,60 @@
|
|
1
|
+
require 'fileutils'
|
2
|
+
require 'thor'
|
3
|
+
|
4
|
+
module Codebuild
|
5
|
+
class Sequence < Thor::Group
|
6
|
+
include AwsServices
|
7
|
+
include Thor::Actions
|
8
|
+
|
9
|
+
add_runtime_options! # force, pretend, quiet, skip options
|
10
|
+
# https://github.com/erikhuda/thor/blob/master/lib/thor/actions.rb#L49
|
11
|
+
|
12
|
+
def self.source_paths
|
13
|
+
[File.expand_path("../../template", __FILE__)]
|
14
|
+
end
|
15
|
+
|
16
|
+
private
|
17
|
+
def override_source_paths(*paths)
|
18
|
+
# Using string with instance_eval because block doesnt have access to
|
19
|
+
# path at runtime.
|
20
|
+
self.class.instance_eval %{
|
21
|
+
def self.source_paths
|
22
|
+
#{paths.flatten.inspect}
|
23
|
+
end
|
24
|
+
}
|
25
|
+
end
|
26
|
+
|
27
|
+
def sync_template_repo
|
28
|
+
unless git_installed?
|
29
|
+
abort "Unable to detect git installation on your system. Git needs to be installed in order to use the --template option."
|
30
|
+
end
|
31
|
+
|
32
|
+
template_path = "#{ENV['HOME']}/.codebuild/templates/#{options[:template]}"
|
33
|
+
if File.exist?(template_path)
|
34
|
+
sh("cd #{template_path} && git pull")
|
35
|
+
else
|
36
|
+
FileUtils.mkdir_p(File.dirname(template_path))
|
37
|
+
sh("git clone #{repo_url} #{template_path}")
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
# normalize repo_url
|
42
|
+
def repo_url
|
43
|
+
template = options[:template]
|
44
|
+
if template.include?('github.com')
|
45
|
+
template # leave as is, user has provided full github url
|
46
|
+
else
|
47
|
+
"https://github.com/#{template}"
|
48
|
+
end
|
49
|
+
end
|
50
|
+
|
51
|
+
def git_installed?
|
52
|
+
system("type git > /dev/null")
|
53
|
+
end
|
54
|
+
|
55
|
+
def sh(command)
|
56
|
+
puts "=> #{command}"
|
57
|
+
system(command)
|
58
|
+
end
|
59
|
+
end
|
60
|
+
end
|
@@ -0,0 +1,34 @@
|
|
1
|
+
require "aws-sdk-cloudformation"
|
2
|
+
|
3
|
+
module Codebuild
|
4
|
+
class Stack
|
5
|
+
include AwsServices
|
6
|
+
|
7
|
+
def initialize(options)
|
8
|
+
@options = options
|
9
|
+
@stack_name = options[:stack_name] || inferred_stack_name
|
10
|
+
@template = {"Resources" => {} }
|
11
|
+
end
|
12
|
+
|
13
|
+
def run
|
14
|
+
project = Project.new(@options).run
|
15
|
+
@template["Resources"].merge!(project)
|
16
|
+
|
17
|
+
if project["CodeBuild"]["Properties"]["ServiceRole"] == {"Ref"=>"IamRole"}
|
18
|
+
role = Role.new(@options).run
|
19
|
+
@template["Resources"].merge!(role)
|
20
|
+
end
|
21
|
+
|
22
|
+
puts "Generated CloudFormation template:"
|
23
|
+
puts YAML.dump(@template)
|
24
|
+
return if @options[:noop]
|
25
|
+
|
26
|
+
begin
|
27
|
+
perform
|
28
|
+
rescue Aws::CloudFormation::Errors::ValidationError => e
|
29
|
+
puts "ERROR: #{e.message}".color(:red)
|
30
|
+
exit 1
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
@@ -0,0 +1,39 @@
|
|
1
|
+
module Codebuild
|
2
|
+
class Start
|
3
|
+
include AwsServices
|
4
|
+
|
5
|
+
def initialize(options)
|
6
|
+
@options = options
|
7
|
+
@identifier = options[:identifier] || inferred_stack_name # CloudFormation stack or CodeBuild project name
|
8
|
+
end
|
9
|
+
|
10
|
+
def run
|
11
|
+
resp = codebuild.start_build(
|
12
|
+
project_name: project_name,
|
13
|
+
source_version: @options[:source_version] || 'master'
|
14
|
+
)
|
15
|
+
puts "Build started for project: #{project_name}"
|
16
|
+
end
|
17
|
+
|
18
|
+
def project_name
|
19
|
+
if stack_exists?(@identifier)
|
20
|
+
resp = cfn.describe_stack_resources(stack_name: @identifier)
|
21
|
+
resource = resp.stack_resources.find do |r|
|
22
|
+
r.logical_resource_id == "CodeBuild"
|
23
|
+
end
|
24
|
+
resource.physical_resource_id # codebuild project name
|
25
|
+
elsif project_exists?(@identifier)
|
26
|
+
@identifier
|
27
|
+
else
|
28
|
+
puts "ERROR: Unable to find the codebuild project with identifier #@identifier".color(:red)
|
29
|
+
exit 1
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
33
|
+
private
|
34
|
+
def project_exists?(name)
|
35
|
+
resp = codebuild.batch_get_projects(names: [name])
|
36
|
+
resp.projects.size > 0
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
@@ -0,0 +1,12 @@
|
|
1
|
+
module Codebuild
|
2
|
+
class Update < Stack
|
3
|
+
def perform
|
4
|
+
cfn.update_stack(
|
5
|
+
stack_name: @stack_name,
|
6
|
+
template_body: YAML.dump(@template),
|
7
|
+
capabilities: ["CAPABILITY_IAM"]
|
8
|
+
)
|
9
|
+
puts "Updating stack #{@stack_name}. Check CloudFormation console for status."
|
10
|
+
end
|
11
|
+
end
|
12
|
+
end
|
data/lib/codebuild/version.rb
CHANGED
data/lib/codebuild.rb
CHANGED
@@ -1,15 +1,27 @@
|
|
1
1
|
$:.unshift(File.expand_path("../", __FILE__))
|
2
|
-
require "
|
2
|
+
require "cfn_camelizer"
|
3
3
|
require "codebuild/version"
|
4
4
|
require "rainbow/ext/string"
|
5
5
|
|
6
6
|
module Codebuild
|
7
7
|
class Error < StandardError; end
|
8
8
|
|
9
|
+
autoload :AwsServices, "codebuild/aws_services"
|
9
10
|
autoload :CLI, "codebuild/cli"
|
10
11
|
autoload :Command, "codebuild/command"
|
11
12
|
autoload :Completer, "codebuild/completer"
|
12
13
|
autoload :Completion, "codebuild/completion"
|
14
|
+
autoload :Create, "codebuild/create"
|
15
|
+
autoload :Delete, "codebuild/delete"
|
16
|
+
autoload :Deploy, "codebuild/deploy"
|
17
|
+
autoload :Dsl, "codebuild/dsl"
|
18
|
+
autoload :Evaluate, "codebuild/evaluate"
|
13
19
|
autoload :Help, "codebuild/help"
|
14
|
-
autoload :
|
20
|
+
autoload :Init, "codebuild/init"
|
21
|
+
autoload :Project, "codebuild/project"
|
22
|
+
autoload :Role, "codebuild/role"
|
23
|
+
autoload :Sequence, "codebuild/sequence"
|
24
|
+
autoload :Stack, "codebuild/stack"
|
25
|
+
autoload :Start, "codebuild/start"
|
26
|
+
autoload :Update, "codebuild/update"
|
15
27
|
end
|
@@ -1,5 +1,8 @@
|
|
1
1
|
version: 0.2
|
2
2
|
|
3
|
+
# Example starter file
|
4
|
+
# Edit to fit your needs
|
5
|
+
|
3
6
|
phases:
|
4
7
|
pre_build:
|
5
8
|
commands:
|
@@ -10,11 +13,16 @@ phases:
|
|
10
13
|
- ls /etc/*release*
|
11
14
|
- cat /etc/*release*
|
12
15
|
- whoami
|
16
|
+
# - bundle
|
13
17
|
build:
|
14
18
|
commands:
|
15
19
|
- echo Build started on `date`
|
16
|
-
- echo Building project...
|
17
20
|
- uptime
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
+
# - bundle exec rspec
|
22
|
+
# cache:
|
23
|
+
# paths:
|
24
|
+
# - /usr/local/bundle
|
25
|
+
# - /usr/local/lib/ruby/gems/2.5.0
|
26
|
+
# artifacts:
|
27
|
+
# files:
|
28
|
+
# - result.txt
|
@@ -0,0 +1,17 @@
|
|
1
|
+
# For methods, refer to the properties of the CloudFormation CodeBuild::Project https://amzn.to/2UTeNlr
|
2
|
+
# For convenience methods, refer to the source https://github.com/tongueroo/codebuild/blob/master/lib/codebuild/dsl/project.rb
|
3
|
+
|
4
|
+
name("<%= project_name %>")
|
5
|
+
github_url("<%= project_github_url %>")
|
6
|
+
linux_image("<%= lookup_managed_image(/ruby:/) %>")
|
7
|
+
environment_variables(
|
8
|
+
JETS_ENV: "test",
|
9
|
+
# API_KEY: "ssm:/codebuild/demo/api_key" # Example of ssm parameter
|
10
|
+
)
|
11
|
+
|
12
|
+
# Uncomment to enable github webhook, the GitHub oauth token needs admin:repo_hook permissions
|
13
|
+
# Refer to https://github.com/tongueroo/codebuild/blob/master/readme/github_oauth.md
|
14
|
+
# triggers(webhook: true)
|
15
|
+
|
16
|
+
# Shorthand to enable all local cache modes
|
17
|
+
# local_cache(true)
|
@@ -0,0 +1 @@
|
|
1
|
+
iam_policy("logs", "ssm")
|
data/readme/full_dsl.md
ADDED
@@ -0,0 +1,84 @@
|
|
1
|
+
# "Full" DSL
|
2
|
+
|
3
|
+
## Project DSL
|
4
|
+
|
5
|
+
The convenience methods are shorter and cleaner. However, you have access to a "Full" DSL if needed. The Full DSL are merely the properties of the [AWS::CodeBuild::Project CloudFormation Resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-codebuild-project.html). Here's an example.
|
6
|
+
|
7
|
+
.codebuild/project.rb:
|
8
|
+
|
9
|
+
```ruby
|
10
|
+
name("demo")
|
11
|
+
description("desc2")
|
12
|
+
# https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codebuild-project-source.html
|
13
|
+
source(
|
14
|
+
type: "GITHUB",
|
15
|
+
location: "https://github.com/tongueroo/demo-ufo",
|
16
|
+
git_clone_depth: 1,
|
17
|
+
git_submodules_config: { fetch_submodules: true },
|
18
|
+
build_spec: ".codebuild/buildspec.yml",
|
19
|
+
auth: {
|
20
|
+
type: "OAUTH",
|
21
|
+
resource: ssm("/codebuild/demo/oauth_token"),
|
22
|
+
},
|
23
|
+
report_build_status: true,
|
24
|
+
)
|
25
|
+
|
26
|
+
artifacts(type: "NO_ARTIFACTS")
|
27
|
+
environment(
|
28
|
+
compute_type: "BUILD_GENERAL1_SMALL",
|
29
|
+
image_pull_credentials_type: "CODEBUILD",
|
30
|
+
privileged_mode: true,
|
31
|
+
image: "aws/codebuild/ruby:2.5.3-1.7.0",
|
32
|
+
environment_variables: [
|
33
|
+
{
|
34
|
+
type: "PLAINTEXT",
|
35
|
+
name: "UFO_ENV",
|
36
|
+
value: "development"
|
37
|
+
},
|
38
|
+
{
|
39
|
+
type: "PARAMETER_STORE",
|
40
|
+
name: "API_KEY",
|
41
|
+
value: "/codebuild/demo/api_key"
|
42
|
+
}
|
43
|
+
],
|
44
|
+
type: "LINUX_CONTAINER"
|
45
|
+
)
|
46
|
+
|
47
|
+
service_role(ref: "IamRole")
|
48
|
+
```
|
49
|
+
|
50
|
+
## Full IAM Role DSL
|
51
|
+
|
52
|
+
The convenience methods merely wrap properties of the [AWS::IAM::Role
|
53
|
+
CloudFormation Resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html). If you wanted to set the CloudFormation properties more directly, here's an example of using the "Full" DSL.
|
54
|
+
|
55
|
+
.codebuild/role.rb:
|
56
|
+
|
57
|
+
```ruby
|
58
|
+
assume_role_policy_document(
|
59
|
+
statement: [{
|
60
|
+
action: ["sts:AssumeRole"],
|
61
|
+
effect: "Allow",
|
62
|
+
principal: {
|
63
|
+
service: ["codebuild.amazonaws.com"]
|
64
|
+
}
|
65
|
+
}],
|
66
|
+
version: "2012-10-17"
|
67
|
+
)
|
68
|
+
path("/")
|
69
|
+
policies([{
|
70
|
+
policy_name: "CodeBuildAccess",
|
71
|
+
policy_document: {
|
72
|
+
version: "2012-10-17",
|
73
|
+
statement: [{
|
74
|
+
action: [
|
75
|
+
"logs:CreateLogGroup",
|
76
|
+
"logs:CreateLogStream",
|
77
|
+
"logs:PutLogEvents",
|
78
|
+
],
|
79
|
+
effect: "Allow",
|
80
|
+
resource: "*"
|
81
|
+
}]
|
82
|
+
}
|
83
|
+
}])
|
84
|
+
```
|
@@ -0,0 +1,37 @@
|
|
1
|
+
# GitHub Oauth Token
|
2
|
+
|
3
|
+
Thought that we need to set the oauth token as part of the CloudFormation template source property under [AWS CodeBuild Project SourceAuth](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codebuild-project-sourceauth.html). However, that did not seem to work.
|
4
|
+
|
5
|
+
Instead this guide [Using Access Tokens with Your Source Provider in CodeBuild](https://docs.aws.amazon.com/codebuild/latest/userguide/sample-access-tokens.html) with [aws codebuild import-source-credentials](https://docs.aws.amazon.com/cli/latest/reference/codebuild/import-source-credentials.html) worked.
|
6
|
+
|
7
|
+
## Commands
|
8
|
+
|
9
|
+
Here are the commands for posterity.
|
10
|
+
|
11
|
+
Save the GitHub oauth token to parameter store, in case we need it in the future.
|
12
|
+
|
13
|
+
aws ssm put-parameter --name /codebuild/github/oauth_token --value secret-token-value --type SecureString
|
14
|
+
|
15
|
+
Import the source credential into codebuild.
|
16
|
+
|
17
|
+
TOKEN=$(aws ssm get-parameter --name /codebuild/github/oauth_token --with-decryption | jq -r '.Parameter.Value')
|
18
|
+
cat > /tmp/codebuild-source-credentials.json <<EOL
|
19
|
+
{
|
20
|
+
"token": "$TOKEN",
|
21
|
+
"serverType": "GITHUB",
|
22
|
+
"authType": "PERSONAL_ACCESS_TOKEN"
|
23
|
+
}
|
24
|
+
EOL
|
25
|
+
aws codebuild import-source-credentials --cli-input-json file:///tmp/codebuild-source-credentials.json
|
26
|
+
aws codebuild list-source-credentials
|
27
|
+
|
28
|
+
## Creating the GitHub Oauth Token
|
29
|
+
|
30
|
+
One way to create an GitHub oauth token:
|
31
|
+
|
32
|
+
1. Go to GitHub
|
33
|
+
2. Settings
|
34
|
+
3. Developer Settings
|
35
|
+
4. Personal access tokens
|
36
|
+
|
37
|
+
If using webhook, the oauth token needs `admin:repo_hook` also.
|
data/readme/lookup.md
ADDED
@@ -0,0 +1,34 @@
|
|
1
|
+
# Lookup Paths
|
2
|
+
|
3
|
+
By default, the codebuild tool looks up files in the `.codebuild` folder. You can affect the behavior of the lookup logic with the `--lookup` option.
|
4
|
+
|
5
|
+
## Example 1
|
6
|
+
|
7
|
+
codebuild deploy --lookup unit
|
8
|
+
|
9
|
+
This will look up buildspec.yml, project.rb, and role.rb files in the `.codebuild/unit` folder first. If files are found, then it will use those files in that folder. If not found, it'll fall back to the `.codebuild` parent folder.
|
10
|
+
|
11
|
+
Lookup order with `--lookup unit` for `buildspec.yml`:
|
12
|
+
|
13
|
+
1. .codebuild/unit/buildspec.yml
|
14
|
+
2. .codebuild/buildspec.yml
|
15
|
+
|
16
|
+
Lookup order with `--lookup unit` for `project.rb`:
|
17
|
+
|
18
|
+
1. .codebuild/unit/project.rb
|
19
|
+
2. .codebuild/project.rb
|
20
|
+
|
21
|
+
The same goes other files in the `.codebuild` like `role.rb`.
|
22
|
+
|
23
|
+
## Example 2
|
24
|
+
|
25
|
+
Here's another example:
|
26
|
+
|
27
|
+
codebuild deploy --lookup deploy
|
28
|
+
|
29
|
+
Lookup order with `--lookup deploy` for `buildspec.yml`:
|
30
|
+
|
31
|
+
1. .codebuild/deploy/buildspec.yml
|
32
|
+
2. .codebuild/buildspec.yml
|
33
|
+
|
34
|
+
The same goes other files in the `.codebuild` like `project.rb` and `role.rb`.
|
@@ -0,0 +1 @@
|
|
1
|
+
iam_policy("logs", "ssm")
|