codebuild 0.6.2 → 0.6.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/README.md +3 -3
- data/codebuild.gemspec +1 -0
- data/docs/_docs/dsl/project.md +2 -2
- data/docs/_docs/dsl/schedule.md +2 -2
- data/docs/_docs/examples/ecs.md +15 -4
- data/docs/_docs/examples/jets.md +2 -2
- data/docs/_docs/examples/ruby.md +1 -1
- data/docs/_docs/github_oauth.md +1 -1
- data/docs/_docs/start.md +11 -6
- data/docs/_docs/type-option.md +2 -2
- data/docs/_docs/variables.md +28 -1
- data/docs/_includes/examples-steps.md +2 -2
- data/docs/_includes/subnav.html +1 -1
- data/lib/codebuild/version.rb +1 -1
- metadata +16 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: badd1e72fa3c3f4789dab4d592f6d26d14b75e6544b4dc2f51b0e363a95ca60c
|
4
|
+
data.tar.gz: d7b8bd1d7e44f670b526acacc9efd00a8c102366379cd359e23e131814cb8ed2
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a129f41b1259bb1611fe919244a3d4bf21145bc0378b6a1da652399351a587fce014ef34498b93282eda7ddc186eb8a4a34b174bd0a701fab439f6766dd1c6af
|
7
|
+
data.tar.gz: 4e92c824e7c1d59bf9dfd1585bce64ad5acfe158927ea2dd7f33b291699d700b6e47fe065f764798b4c63aa015f488e0bc7c0c58d6358b4ae0c5b487f6ec435f
|
data/CHANGELOG.md
CHANGED
@@ -3,6 +3,9 @@
|
|
3
3
|
All notable changes to this project will be documented in this file.
|
4
4
|
This project *tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
|
5
5
|
|
6
|
+
## [0.6.3]
|
7
|
+
- add aws_data gem dependency
|
8
|
+
|
6
9
|
## [0.6.2]
|
7
10
|
- add s3 read-only access to default role
|
8
11
|
- fix settings
|
data/README.md
CHANGED
@@ -97,7 +97,7 @@ Here's a list of some of the convenience shorthand DSL methods:
|
|
97
97
|
|
98
98
|
Please refer to [lib/codebuild/dsl/project.rb](lib/codebuild/dsl/project.rb) for the full list.
|
99
99
|
|
100
|
-
More slightly more control, you may be interested in the `github_source` and `linux_environment` methods. For even more control, see [DSL docs](docs/dsl).
|
100
|
+
More slightly more control, you may be interested in the `github_source` and `linux_environment` methods. For even more control, see [DSL docs](https://codebuild.cloud/docs/dsl/).
|
101
101
|
|
102
102
|
## IAM Role DSL
|
103
103
|
|
@@ -140,11 +140,11 @@ rate "1 day"
|
|
140
140
|
|
141
141
|
## Full DSL
|
142
142
|
|
143
|
-
The convenience DSL methods shown above are short and clean. They merely wrap a DSL that map to the properties of CloudFormation resources like [AWS::CodeBuild::Project](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-codebuild-project.html) and [AWS::IAM::Role](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html). Refer the [DSL docs](docs/dsl) for more info.
|
143
|
+
The convenience DSL methods shown above are short and clean. They merely wrap a DSL that map to the properties of CloudFormation resources like [AWS::CodeBuild::Project](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-codebuild-project.html) and [AWS::IAM::Role](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html). Refer the [DSL docs](https://codebuild.cloud/docs/dsl/) for more info.
|
144
144
|
|
145
145
|
## Type Option
|
146
146
|
|
147
|
-
By default, the codebuild tool looks up files in the `.codebuild` folder. You can affect the behavior of the Type logic with the `--Type` option. More info [Type docs](
|
147
|
+
By default, the codebuild tool looks up files in the `.codebuild` folder. You can affect the behavior of the Type logic with the `--Type` option. More info [Type docs](https://codebuild.cloud/docs/type-option/).
|
148
148
|
|
149
149
|
## Installation
|
150
150
|
|
data/codebuild.gemspec
CHANGED
@@ -19,6 +19,7 @@ Gem::Specification.new do |spec|
|
|
19
19
|
spec.require_paths = ["lib"]
|
20
20
|
|
21
21
|
spec.add_dependency "activesupport"
|
22
|
+
spec.add_dependency "aws_data"
|
22
23
|
spec.add_dependency "aws-sdk-cloudformation"
|
23
24
|
spec.add_dependency "aws-sdk-codebuild"
|
24
25
|
spec.add_dependency "aws-sdk-ssm"
|
data/docs/_docs/dsl/project.md
CHANGED
@@ -37,7 +37,7 @@ The convenience methods are shorter and cleaner. However, you have access to a F
|
|
37
37
|
.codebuild/project.rb:
|
38
38
|
|
39
39
|
```ruby
|
40
|
-
name("demo") # recommend to not set
|
40
|
+
# name("demo") # recommend to not set, and let the codebuild tool set this automatically
|
41
41
|
description("desc2")
|
42
42
|
# https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codebuild-project-source.html
|
43
43
|
source(
|
@@ -77,4 +77,4 @@ environment(
|
|
77
77
|
service_role(ref: "IamRole")
|
78
78
|
```
|
79
79
|
|
80
|
-
{% include prev_next.md %}
|
80
|
+
{% include prev_next.md %}
|
data/docs/_docs/dsl/schedule.md
CHANGED
@@ -12,7 +12,7 @@ The codebuild tool supports creating a CloudWatch scheduled event rule that will
|
|
12
12
|
```ruby
|
13
13
|
rate "1 day"
|
14
14
|
# or
|
15
|
-
cron("0 10 * * ? *") # Run at 10:00 am (UTC) every day
|
15
|
+
# cron("0 10 * * ? *") # Run at 10:00 am (UTC) every day
|
16
16
|
```
|
17
17
|
|
18
18
|
## Full DSL
|
@@ -26,4 +26,4 @@ description "my description"
|
|
26
26
|
schedule_expression "rate(1 day)"
|
27
27
|
```
|
28
28
|
|
29
|
-
{% include prev_next.md %}
|
29
|
+
{% include prev_next.md %}
|
data/docs/_docs/examples/ecs.md
CHANGED
@@ -49,10 +49,19 @@ phases:
|
|
49
49
|
- UFO_ENV=$UFO_ENV ufo ship $UFO_APP
|
50
50
|
```
|
51
51
|
|
52
|
-
|
52
|
+
The `ufo ship` command:
|
53
53
|
|
54
|
-
|
54
|
+
UFO_ENV=$UFO_ENV ufo ship $UFO_APP
|
55
|
+
|
56
|
+
When codebuild actually runs, the values will be:
|
57
|
+
|
58
|
+
UFO_ENV=production ufo ship demo-web
|
59
|
+
|
60
|
+
## IAM Policy
|
55
61
|
|
62
|
+
The codebuild tool also can create the IAM Policy that will give CodeBuild the IAM permissions necessary to create the ECS service and other resources that `ufo ship` creates. Here are the IAM permissions as detailed on the [UFO Minimal IAM Permissions](https://ufoships.com/docs/extras/minimal-deploy-iam/) docs.
|
63
|
+
|
64
|
+
.codebuild/role.rb:
|
56
65
|
|
57
66
|
```ruby
|
58
67
|
iam_policy(
|
@@ -83,6 +92,8 @@ iam_policy(
|
|
83
92
|
managed_iam_policy("AmazonS3ReadOnlyAccess") # optional but common to need read only access to s3
|
84
93
|
```
|
85
94
|
|
95
|
+
## Security
|
96
|
+
|
86
97
|
From a security perspective, using CodeBuild gives us a stronger security posture. The **only** permission the user calling [cb start]({% link _docs/start.md %}) really needs is CodeBuild access. The permissions to create the ECS service and other deployment resources are delegated to the CodeBuild project itself. We know that the CodeBuild project will not run any arbitrary commands unless we update `buildspec.yml` and explicitly give permission to it's IAM role.
|
87
98
|
|
88
99
|
{% include examples-steps.md %}
|
@@ -91,6 +102,6 @@ From a security perspective, using CodeBuild gives us a stronger security postur
|
|
91
102
|
|
92
103
|
If you are using CodePipeline also, you may be wondering why not just use the provided Amazon ECS deployment action instead. It comes down to control. With a CodeBuild project, we have full control of how we want to build and deploy the Docker image to ECS.
|
93
104
|
|
94
|
-
Also, with the CodePipeline ECS deploy action, we are unable to configure a timeout. If the ECS deployment fails due to some reasons, we're stuck waiting 60 minutes for the pipeline timeout. There's a way to hack around this by literally overriding updating the CodeBuild project. You also must do it manually and are charged for the time. With CodeBuild project, you can set the timeout value yourself. Essentially, you have more control with CodeBuild.
|
105
|
+
Also, with the CodePipeline ECS deploy action, we are unable to configure a timeout. If the ECS deployment fails due to some reasons, we're stuck waiting 60 minutes for the pipeline timeout. There's a way to hack around this by literally overriding updating the CodeBuild project. You also must do it manually and are charged for the time if you don't notice it. With CodeBuild project, you can set the timeout value yourself. Essentially, you have more control with CodeBuild. There's some more info here: [CodePipeline ECS Deploy vs CodeBuild ufo ship](https://codepipeline.org/docs/ecs-deploy/).
|
95
106
|
|
96
|
-
{% include prev_next.md %}
|
107
|
+
{% include prev_next.md %}
|
data/docs/_docs/examples/jets.md
CHANGED
@@ -20,7 +20,7 @@ environment_variables(
|
|
20
20
|
)
|
21
21
|
```
|
22
22
|
|
23
|
-
The [.codebuild/project.rb](.codebuild/project.rb) uses a Docker image that has
|
23
|
+
The [.codebuild/project.rb](https://github.com/tongueroo/jets-codebuild/blob/master/.codebuild/project.rb) uses a Docker image that has Ruby, Node, and Yarn already installed. If you prefer to use another image, update the `linux_image` setting, and update your `buildspec.yml` accordingly. For example, you may need to install the necessary packages.
|
24
24
|
|
25
25
|
Here's the buildspec:
|
26
26
|
|
@@ -76,4 +76,4 @@ You may be interested in the [separate-unit-and-deploy branch](https://github.co
|
|
76
76
|
|
77
77
|
{% include examples-steps.md %}
|
78
78
|
|
79
|
-
{% include prev_next.md %}
|
79
|
+
{% include prev_next.md %}
|
data/docs/_docs/examples/ruby.md
CHANGED
data/docs/_docs/github_oauth.md
CHANGED
data/docs/_docs/start.md
CHANGED
@@ -5,18 +5,23 @@ nav_order: 7
|
|
5
5
|
|
6
6
|
You can start a CodeBuild project with the `cb start` command. Here's an example:
|
7
7
|
|
8
|
-
$ cb start
|
8
|
+
$ cb start demo
|
9
9
|
Build started for project: demo
|
10
10
|
Please check the CodeBuild console for the status.
|
11
11
|
Codebuild Log Url:
|
12
12
|
https://us-west-2.console.aws.amazon.com/codesuite/codebuild/projects/demo/build/demo%3A7bc4cb33-d918-467a-9e09-fe7fe1f57ed8/log
|
13
13
|
$
|
14
14
|
|
15
|
+
If the project name is the same as the parent folder name then you can do this:
|
16
|
+
|
17
|
+
cd demo
|
18
|
+
cb start # demo is inferred from the parent folder
|
19
|
+
|
15
20
|
## Specifying Code Branch
|
16
21
|
|
17
22
|
If you would like start a build using a specific code branch you can use the `--branch` or `-b` option. Example:
|
18
23
|
|
19
|
-
cb start -b feature-branch
|
24
|
+
cb start demo -b feature-branch
|
20
25
|
|
21
26
|
## AWS CLI Equivalent
|
22
27
|
|
@@ -28,14 +33,14 @@ The `cb start` command is a simple wrapper to the AWS API with the ruby sdk. You
|
|
28
33
|
|
29
34
|
If you are using multiple Codebuild projects with [Types]({% link _docs/type-option.md %}), you can start the specific CodeBuild project type with the `--type` option. Example:
|
30
35
|
|
31
|
-
cb start --type unit
|
36
|
+
cb start demo --type unit
|
32
37
|
|
33
38
|
## Override CodeBuild Environment Variables
|
34
39
|
|
35
40
|
You can override CodeBuild env variables at runtime with `--env-vars`. Examples:
|
36
41
|
|
37
|
-
cb start --type vpc --env-vars K1=v1 K2=v2
|
38
|
-
cb start --type vpc --env-vars K1=v1 K2=ssm:v2 # support for PARAMETER_STORE
|
42
|
+
cb start demo --type vpc --env-vars K1=v1 K2=v2
|
43
|
+
cb start demo --type vpc --env-vars K1=v1 K2=ssm:v2 # support for PARAMETER_STORE
|
39
44
|
|
40
45
|
Remember the environment variables are within the CodeBuild environment instance running the build script, not the application's environment.
|
41
46
|
|
@@ -43,4 +48,4 @@ Remember the environment variables are within the CodeBuild environment instance
|
|
43
48
|
|
44
49
|
Also, for help info you can check the [cb start]({% link _reference/cb-start.md %}) CLI reference.
|
45
50
|
|
46
|
-
{% include prev_next.md %}
|
51
|
+
{% include prev_next.md %}
|
data/docs/_docs/type-option.md
CHANGED
@@ -3,7 +3,7 @@ title: Type Option
|
|
3
3
|
nav_order: 4
|
4
4
|
---
|
5
5
|
|
6
|
-
The `--type` option is a powerful option that allows you to create multiple codebuild projects associated with the same
|
6
|
+
The `--type` option is a powerful option that allows you to create multiple codebuild projects associated with the same repo.
|
7
7
|
|
8
8
|
## Default Behavior
|
9
9
|
|
@@ -69,4 +69,4 @@ demo | demo-cb
|
|
69
69
|
demo-unit | demo-unit-cb
|
70
70
|
demo-web-unit | demo-web-unit-cb
|
71
71
|
|
72
|
-
{% include prev_next.md %}
|
72
|
+
{% include prev_next.md %}
|
data/docs/_docs/variables.md
CHANGED
@@ -87,4 +87,31 @@ The type specific variable files override the top-level variable files. Type spe
|
|
87
87
|
|
88
88
|
The top-level variables files are also loaded because it is common to need variables that are available to all projects.
|
89
89
|
|
90
|
-
|
90
|
+
## VPC and Migrations Example
|
91
|
+
|
92
|
+
An good exmaple of using variables is run migrations via codebuild and the task requires access to the VPC.
|
93
|
+
However, the development and production resources are on separate VPCs. Variables can help here:
|
94
|
+
|
95
|
+
.codebuild/variables/development.rb:
|
96
|
+
|
97
|
+
```ruby
|
98
|
+
@vpc_config = { vpc_id: "vpc-aaa", subnet_id: "subnet-aaa" }
|
99
|
+
```
|
100
|
+
|
101
|
+
.codebuild/variables/production.rb:
|
102
|
+
|
103
|
+
```ruby
|
104
|
+
@vpc_config = { vpc_id: "vpc-bbb", subnet_id: "subnet-bbb" }
|
105
|
+
```
|
106
|
+
|
107
|
+
You'll use then `@vpc_config` variable in the `buildspec.yml`.
|
108
|
+
|
109
|
+
.codebuild/buildspec.yml:
|
110
|
+
|
111
|
+
```ruby
|
112
|
+
github_url("https://github.com/tongueroo/demo-ufo")
|
113
|
+
linux_image("aws/codebuild/ruby:2.5.3-1.7.0")
|
114
|
+
vpc_config @vpc_config
|
115
|
+
```
|
116
|
+
|
117
|
+
{% include prev_next.md %}
|
@@ -10,8 +10,8 @@ This creates the CodeBuild project as well as the necessary IAM role.
|
|
10
10
|
|
11
11
|
To start a build:
|
12
12
|
|
13
|
-
cb start
|
13
|
+
cb start demo
|
14
14
|
|
15
15
|
You can also start a build with a specific branch. Remember to `git push` your branch.
|
16
16
|
|
17
|
-
cb start -b mybranch
|
17
|
+
cb start demo -b mybranch
|
data/docs/_includes/subnav.html
CHANGED
@@ -9,7 +9,7 @@
|
|
9
9
|
<li><a href="{% link _docs/deploy.md %}">Deploy</a></li>
|
10
10
|
<li><a href="{% link _docs/start.md %}">Start</a></li>
|
11
11
|
<li><a href="{% link _docs/settings.md %}">Settings</a></li>
|
12
|
-
<li><a href="{% link _docs/conventions.md %}">
|
12
|
+
<li><a href="{% link _docs/conventions.md %}">Conventions</a></li>
|
13
13
|
<li><a href="{% link _docs/github_oauth.md %}">Github Oauth</a></li>
|
14
14
|
</ul>
|
15
15
|
</li>
|
data/lib/codebuild/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: codebuild
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.6.
|
4
|
+
version: 0.6.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tung Nguyen
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-
|
11
|
+
date: 2019-08-09 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -24,6 +24,20 @@ dependencies:
|
|
24
24
|
- - ">="
|
25
25
|
- !ruby/object:Gem::Version
|
26
26
|
version: '0'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: aws_data
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - ">="
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '0'
|
34
|
+
type: :runtime
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - ">="
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '0'
|
27
41
|
- !ruby/object:Gem::Dependency
|
28
42
|
name: aws-sdk-cloudformation
|
29
43
|
requirement: !ruby/object:Gem::Requirement
|