codebuild 0.1.0 → 0.2.0

data/lib/codebuild/help/init.md

@@ -0,0 +1,24 @@
+## Examples
+
+    codebuild init # infers the name from the parent folder
+    codebuild init --name demo-codebuild-project # set the name
+
+## Custom Templates
+
+If you would like the `codebuild init` command to use your own custom templates, you can achieve this with the `--template` and `--template-mode` options.  Example:
+
+    codebuild init --template=tongueroo/codebuild-custom-template
+
+This will clone the repo on GitHub into the `~/.codebuild/templates/tongueroo/codebuild-custom-template` and use that as an additional template source.  The default `--template-mode=additive` mode means that if there's a file in `tongueroo/codebuild-custom-template` that exists it will use that in place of the default template files.
+
+If you do not want to use any of the original default template files within the ufo gem at all, you can use the `--template-mode=replace` mode. Replace mode will only use templates from the provided `--template` option.  Example:
+
+    codebuild init --template=tongueroo/codebuild-custom-template --template-mode=replace
+
+You can also specific the full GitHub url. Example:
+
+    codebuild init --template=https://github.com/tongueroo/codebuild-custom-template
+
+If you would like to use a local template that is not on GitHub, then created a top-level folder in `~/.codebuild/templates` without a subfolder. Example:
+
+    codebuild init --template=my-custom # uses ~/.codebuild/templates/my-custom

data/lib/codebuild/help/start.md

@@ -0,0 +1,6 @@
+## Examples
+
+    codebuild start # infers the name from the parent folder
+    codebuild start stack-name # looks up project via CloudFormation stack
+    codebuild start demo-project # looks up project via codebuild project name
+

data/lib/codebuild/init.rb

@@ -0,0 +1,75 @@
+module Codebuild
+  class Init < Sequence
+    # Ugly, this is how I can get the options from to match with this Thor::Group
+    def self.cli_options
+      [
+        [:name, desc: "CodeBuild project name."],
+        [:force, type: :boolean, desc: "Bypass overwrite are you sure prompt for existing files."],
+        [:template, desc: "Custom template to use."],
+        [:template_mode, desc: "Template mode: replace or additive."],
+      ]
+    end
+    cli_options.each { |o| class_option(*o) }
+
+    def setup_template_repo
+      return unless @options[:template]&.include?('/')
+
+      sync_template_repo
+    end
+
+    def set_source_path
+      return unless @options[:template]
+
+      custom_template = "#{ENV['HOME']}/.codebuild/templates/#{@options[:template]}"
+
+      if @options[:template_mode] == "replace" # replace the template entirely
+        override_source_paths(custom_template)
+      else # additive: modify on top of default template
+        default_template = File.expand_path("../../template", __FILE__)
+        override_source_paths([custom_template, default_template])
+      end
+    end
+
+    def copy_project
+      puts "Initialize codebuild project in .codebuild"
+      if @options[:template]
+        directory ".", ".codebuild", exclude_pattern: /.git/
+      else
+        directory ".", exclude_pattern: /.git/
+      end
+    end
+
+  private
+    def project_name
+      inferred_name = File.basename(Dir.pwd).gsub('_','-').gsub(/[^0-9a-zA-Z,-]/, '')
+      @options[:name] || inferred_name
+    end
+
+    def project_github_url
+      default = "https://github.com/user/repo"
+      return default unless File.exist?(".git/config") && git_installed?
+
+      url = `git config --get remote.origin.url`.strip
+      url = url.sub('git@github.com:','https://github.com/')
+      url == '' ? default : url
+    end
+
+    def lookup_managed_image(pattern=/ruby:/)
+      resp = codebuild.list_curated_environment_images
+
+      # Helpful for debugging:
+      #   aws codebuild list-curated-environment-images | jq -r '.platforms[].languages[].images[].versions[]' | sort
+
+      versions = []
+      resp.platforms.each do |platform|
+        platform.languages.each do |lang|
+          lang.images.each do |image|
+            versions += image.versions.compact
+          end
+        end
+      end
+      versions = versions.select { |v| v =~ pattern }
+      versions.sort.last # IE: aws/codebuild/ruby:2.5.3-1.7.0
+    end
+  end
+end

data/lib/codebuild/project.rb

@@ -0,0 +1,62 @@
+require "yaml"
+
+module Codebuild
+  class Project
+    include Dsl::Project
+    include Evaluate
+
+    def initialize(options={})
+      @options = options
+      @project_path = options[:project_path] || get_project_path
+      # These defaults make it the project.rb simpler
+      @properties = default_properties
+    end
+
+    def run
+      evaluate(@project_path)
+      resource = {
+        code_build: {
+          type: "AWS::CodeBuild::Project",
+          properties: @properties
+        }
+      }
+      CfnCamelizer.transform(resource)
+    end
+
+    def default_properties
+      {
+        artifacts: { type: "NO_ARTIFACTS" },
+        service_role: { ref: "IamRole" },
+        badge_enabled: true,
+        timeout_in_minutes: 20,
+        logs_config: {
+          cloud_watch_logs: {
+            status: "ENABLED",
+            # the default log group name is thankfully the project name
+          }
+        },
+        source: {
+          type: "GITHUB",
+          # location: "", # required
+          git_clone_depth: 1,
+          git_submodules_config: { fetch_submodules: true },
+          build_spec: build_spec,
+          # auth doesnt seem to work, refer to https://github.com/tongueroo/codebuild/blob/master/readme/github_oauth.md
+          # auth: {
+          #   type: "OAUTH",
+          #   # resource: "", # required
+          # },
+          report_build_status: true,
+        }
+      }
+    end
+
+    def get_project_path
+      lookup_codebuild_file("project.rb")
+    end
+
+    def build_spec
+      lookup_codebuild_file("buildspec.yml")
+    end
+  end
+end

data/lib/codebuild/role.rb

@@ -0,0 +1,73 @@
+require "yaml"
+
+module Codebuild
+  class Role
+    include Codebuild::Dsl::Role
+    include Evaluate
+
+    def initialize(options={})
+      @options = options
+      @role_path = options[:role_path] || get_role_path
+      @properties = default_properties
+      @iam_policy = {}
+    end
+
+    def run
+      evaluate(@role_path) if File.exist?(@role_path)
+      @properties[:policies] = [{
+        policy_name: "CodeBuildAccess",
+        policy_document: {
+          version: "2012-10-17",
+          statement: derived_iam_statements
+        }
+      }]
+      resource = {
+        IamRole: {
+          type: "AWS::IAM::Role",
+          properties: @properties
+        }
+      }
+      CfnCamelizer.transform(resource)
+    end
+
+  private
+    def get_role_path
+      lookup_codebuild_file("role.rb")
+    end
+
+    def default_properties
+      {
+        assume_role_policy_document: {
+          statement: [{
+            action: ["sts:AssumeRole"],
+            effect: "Allow",
+            principal: {
+              service: ["codebuild.amazonaws.com"]
+            }
+          }],
+          version: "2012-10-17"
+        },
+        path: "/"
+      }
+    end
+
+    def derived_iam_statements
+      @iam_statements || default_iam_statements
+    end
+
+    def default_iam_statements
+      [{
+        action: [
+          "logs:CreateLogGroup",
+          "logs:CreateLogStream",
+          "logs:PutLogEvents",
+          "ssm:DescribeDocumentParameters",
+          "ssm:DescribeParameters",
+          "ssm:GetParameter*",
+        ],
+        effect: "Allow",
+        resource: "*"
+      }]
+    end
+  end
+end

data/lib/codebuild/sequence.rb

@@ -0,0 +1,60 @@
+require 'fileutils'
+require 'thor'
+
+module Codebuild
+  class Sequence < Thor::Group
+    include AwsServices
+    include Thor::Actions
+
+    add_runtime_options! # force, pretend, quiet, skip options
+      # https://github.com/erikhuda/thor/blob/master/lib/thor/actions.rb#L49
+
+    def self.source_paths
+      [File.expand_path("../../template", __FILE__)]
+    end
+
+  private
+    def override_source_paths(*paths)
+      # Using string with instance_eval because block doesnt have access to
+      # path at runtime.
+      self.class.instance_eval %{
+        def self.source_paths
+          #{paths.flatten.inspect}
+        end
+      }
+    end
+
+    def sync_template_repo
+      unless git_installed?
+        abort "Unable to detect git installation on your system.  Git needs to be installed in order to use the --template option."
+      end
+
+      template_path = "#{ENV['HOME']}/.codebuild/templates/#{options[:template]}"
+      if File.exist?(template_path)
+        sh("cd #{template_path} && git pull")
+      else
+        FileUtils.mkdir_p(File.dirname(template_path))
+        sh("git clone #{repo_url} #{template_path}")
+      end
+    end
+
+    # normalize repo_url
+    def repo_url
+      template = options[:template]
+      if template.include?('github.com')
+        template # leave as is, user has provided full github url
+      else
+        "https://github.com/#{template}"
+      end
+    end
+
+    def git_installed?
+      system("type git > /dev/null")
+    end
+
+    def sh(command)
+      puts "=> #{command}"
+      system(command)
+    end
+  end
+end

data/lib/codebuild/stack.rb

@@ -0,0 +1,34 @@
+require "aws-sdk-cloudformation"
+
+module Codebuild
+  class Stack
+    include AwsServices
+
+    def initialize(options)
+      @options = options
+      @stack_name = options[:stack_name] || inferred_stack_name
+      @template = {"Resources" => {} }
+    end
+
+    def run
+      project = Project.new(@options).run
+      @template["Resources"].merge!(project)
+
+      if project["CodeBuild"]["Properties"]["ServiceRole"] == {"Ref"=>"IamRole"}
+        role = Role.new(@options).run
+        @template["Resources"].merge!(role)
+      end
+
+      puts "Generated CloudFormation template:"
+      puts YAML.dump(@template)
+      return if @options[:noop]
+
+      begin
+        perform
+      rescue Aws::CloudFormation::Errors::ValidationError => e
+        puts "ERROR: #{e.message}".color(:red)
+        exit 1
+      end
+    end
+  end
+end

data/lib/codebuild/start.rb

@@ -0,0 +1,39 @@
+module Codebuild
+  class Start
+    include AwsServices
+
+    def initialize(options)
+      @options = options
+      @identifier = options[:identifier] || inferred_stack_name # CloudFormation stack or CodeBuild project name
+    end
+
+    def run
+      resp = codebuild.start_build(
+        project_name: project_name,
+        source_version: @options[:source_version] || 'master'
+      )
+      puts "Build started for project: #{project_name}"
+    end
+
+    def project_name
+      if stack_exists?(@identifier)
+        resp = cfn.describe_stack_resources(stack_name: @identifier)
+        resource = resp.stack_resources.find do |r|
+          r.logical_resource_id == "CodeBuild"
+        end
+        resource.physical_resource_id # codebuild project name
+      elsif project_exists?(@identifier)
+        @identifier
+      else
+        puts "ERROR: Unable to find the codebuild project with identifier #@identifier".color(:red)
+        exit 1
+      end
+    end
+
+  private
+    def project_exists?(name)
+      resp = codebuild.batch_get_projects(names: [name])
+      resp.projects.size > 0
+    end
+  end
+end

data/lib/codebuild/update.rb

@@ -0,0 +1,12 @@
+module Codebuild
+  class Update < Stack
+    def perform
+      cfn.update_stack(
+        stack_name: @stack_name,
+        template_body: YAML.dump(@template),
+        capabilities: ["CAPABILITY_IAM"]
+      )
+      puts "Updating stack #{@stack_name}. Check CloudFormation console for status."
+    end
+  end
+end

data/lib/codebuild/version.rb

@@ -1,3 +1,3 @@
 module Codebuild
-  VERSION = "0.1.0"
+  VERSION = "0.2.0"
 end

data/lib/codebuild.rb

@@ -1,15 +1,27 @@
 $:.unshift(File.expand_path("../", __FILE__))
-require "aws-sdk-codebuild"
+require "cfn_camelizer"
 require "codebuild/version"
 require "rainbow/ext/string"
 
 module Codebuild
   class Error < StandardError; end
 
+  autoload :AwsServices, "codebuild/aws_services"
   autoload :CLI, "codebuild/cli"
   autoload :Command, "codebuild/command"
   autoload :Completer, "codebuild/completer"
   autoload :Completion, "codebuild/completion"
+  autoload :Create, "codebuild/create"
+  autoload :Delete, "codebuild/delete"
+  autoload :Deploy, "codebuild/deploy"
+  autoload :Dsl, "codebuild/dsl"
+  autoload :Evaluate, "codebuild/evaluate"
   autoload :Help, "codebuild/help"
-  autoload :Sub, "codebuild/sub"
+  autoload :Init, "codebuild/init"
+  autoload :Project, "codebuild/project"
+  autoload :Role, "codebuild/role"
+  autoload :Sequence, "codebuild/sequence"
+  autoload :Stack, "codebuild/stack"
+  autoload :Start, "codebuild/start"
+  autoload :Update, "codebuild/update"
 end

data/lib/template/.codebuild/buildspec.yml

@@ -1,5 +1,8 @@
 version: 0.2
 
+# Example starter file
+# Edit to fit your needs
+
 phases:
   pre_build:
     commands:
@@ -10,11 +13,16 @@ phases:
       - ls /etc/*release*
       - cat /etc/*release*
       - whoami
+      # - bundle
   build:
     commands:
       - echo Build started on `date`
-      - echo Building project...
       - uptime
-artifacts:
-  files:
-    - result.txt
+      # - bundle exec rspec
+# cache:
+#   paths:
+#     - /usr/local/bundle
+#     - /usr/local/lib/ruby/gems/2.5.0
+# artifacts:
+#   files:
+#     - result.txt

data/lib/template/.codebuild/project.rb.tt

@@ -0,0 +1,17 @@
+# For methods, refer to the properties of the CloudFormation CodeBuild::Project https://amzn.to/2UTeNlr
+# For convenience methods, refer to the source https://github.com/tongueroo/codebuild/blob/master/lib/codebuild/dsl/project.rb
+
+name("<%= project_name %>")
+github_url("<%= project_github_url %>")
+linux_image("<%= lookup_managed_image(/ruby:/) %>")
+environment_variables(
+  JETS_ENV: "test",
+  # API_KEY: "ssm:/codebuild/demo/api_key" # Example of ssm parameter
+)
+
+# Uncomment to enable github webhook, the GitHub oauth token needs admin:repo_hook permissions
+# Refer to https://github.com/tongueroo/codebuild/blob/master/readme/github_oauth.md
+# triggers(webhook: true)
+
+# Shorthand to enable all local cache modes
+# local_cache(true)

data/lib/template/.codebuild/role.rb

@@ -0,0 +1 @@
+iam_policy("logs", "ssm")

data/readme/full_dsl.md

@@ -0,0 +1,84 @@
+# "Full" DSL
+
+## Project DSL
+
+The convenience methods are shorter and cleaner. However, you have access to a "Full" DSL if needed. The Full DSL are merely the properties of the [AWS::CodeBuild::Project CloudFormation Resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-codebuild-project.html).  Here's an example.
+
+.codebuild/project.rb:
+
+```ruby
+name("demo")
+description("desc2")
+# https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codebuild-project-source.html
+source(
+  type: "GITHUB",
+  location: "https://github.com/tongueroo/demo-ufo",
+  git_clone_depth: 1,
+  git_submodules_config: { fetch_submodules: true },
+  build_spec: ".codebuild/buildspec.yml",
+  auth: {
+    type: "OAUTH",
+    resource: ssm("/codebuild/demo/oauth_token"),
+  },
+  report_build_status: true,
+)
+
+artifacts(type: "NO_ARTIFACTS")
+environment(
+  compute_type: "BUILD_GENERAL1_SMALL",
+  image_pull_credentials_type: "CODEBUILD",
+  privileged_mode: true,
+  image: "aws/codebuild/ruby:2.5.3-1.7.0",
+  environment_variables: [
+    {
+      type: "PLAINTEXT",
+      name: "UFO_ENV",
+      value: "development"
+    },
+    {
+      type: "PARAMETER_STORE",
+      name: "API_KEY",
+      value: "/codebuild/demo/api_key"
+    }
+  ],
+  type: "LINUX_CONTAINER"
+)
+
+service_role(ref: "IamRole")
+```
+
+## Full IAM Role DSL
+
+The convenience methods merely wrap properties of the [AWS::IAM::Role
+ CloudFormation Resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html).  If you wanted to set the CloudFormation properties more directly, here's an example of using the "Full" DSL.
+
+.codebuild/role.rb:
+
+```ruby
+assume_role_policy_document(
+  statement: [{
+    action: ["sts:AssumeRole"],
+    effect: "Allow",
+    principal: {
+      service: ["codebuild.amazonaws.com"]
+    }
+  }],
+  version: "2012-10-17"
+)
+path("/")
+policies([{
+  policy_name: "CodeBuildAccess",
+  policy_document: {
+    version: "2012-10-17",
+    statement: [{
+      action: [
+        "logs:CreateLogGroup",
+        "logs:CreateLogStream",
+        "logs:PutLogEvents",
+      ],
+      effect: "Allow",
+      resource: "*"
+    }]
+  }
+}])
+```

data/readme/github_oauth.md

@@ -0,0 +1,37 @@
+# GitHub Oauth Token
+
+Thought that we need to set the oauth token as part of the CloudFormation template source property under [AWS CodeBuild Project SourceAuth](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codebuild-project-sourceauth.html). However, that did not seem to work.
+
+Instead this guide [Using Access Tokens with Your Source Provider in CodeBuild](https://docs.aws.amazon.com/codebuild/latest/userguide/sample-access-tokens.html) with [aws codebuild import-source-credentials](https://docs.aws.amazon.com/cli/latest/reference/codebuild/import-source-credentials.html) worked.
+
+## Commands
+
+Here are the commands for posterity.
+
+Save the GitHub oauth token to parameter store, in case we need it in the future.
+
+    aws ssm put-parameter --name /codebuild/github/oauth_token --value secret-token-value --type SecureString
+
+Import the source credential into codebuild.
+
+    TOKEN=$(aws ssm get-parameter --name /codebuild/github/oauth_token --with-decryption | jq -r '.Parameter.Value')
+    cat > /tmp/codebuild-source-credentials.json <<EOL
+    {
+        "token": "$TOKEN",
+        "serverType": "GITHUB",
+        "authType": "PERSONAL_ACCESS_TOKEN"
+    }
+    EOL
+    aws codebuild import-source-credentials --cli-input-json file:///tmp/codebuild-source-credentials.json
+    aws codebuild list-source-credentials
+
+## Creating the GitHub Oauth Token
+
+One way to create an GitHub oauth token:
+
+1. Go to GitHub
+2. Settings
+3. Developer Settings
+4. Personal access tokens
+
+If using webhook, the oauth token needs `admin:repo_hook` also.

data/readme/lookup.md

@@ -0,0 +1,34 @@
+# Lookup Paths
+
+By default, the codebuild tool looks up files in the `.codebuild` folder.  You can affect the behavior of the lookup logic with the `--lookup` option.
+
+## Example 1
+
+    codebuild deploy --lookup unit
+
+This will look up buildspec.yml, project.rb, and role.rb files in the `.codebuild/unit` folder first. If files are found, then it will use those files in that folder. If not found, it'll fall back to the `.codebuild` parent folder.
+
+Lookup order with `--lookup unit` for `buildspec.yml`:
+
+1. .codebuild/unit/buildspec.yml
+2. .codebuild/buildspec.yml
+
+Lookup order with `--lookup unit` for `project.rb`:
+
+1. .codebuild/unit/project.rb
+2. .codebuild/project.rb
+
+The same goes other files in the `.codebuild` like `role.rb`.
+
+## Example 2
+
+Here's another example:
+
+    codebuild deploy --lookup deploy
+
+Lookup order with `--lookup deploy` for `buildspec.yml`:
+
+1. .codebuild/deploy/buildspec.yml
+2. .codebuild/buildspec.yml
+
+The same goes other files in the `.codebuild` like `project.rb` and `role.rb`.

data/spec/fixtures/app/.codebuild/project.rb

@@ -0,0 +1,2 @@
+name "test-codebuild-project"
+description "test desc"

data/spec/fixtures/app/.codebuild/role.rb

@@ -0,0 +1 @@
+iam_policy("logs", "ssm")