AWS CodeBuild Concepts

From NovaOrdis Knowledge Base
Jump to navigation Jump to search

Internal

CodeBuild as AWS Service

CodeBuild is an AWS service, named "codebuild.amazonaws.com".

Build Project

AWS CodeBuild Build Project

Build Badge

A build badge is an embeddable, dynamically generated image that displays the status of the latest build for a project. This image is accessible through a publicly available URL generated for your CodeBuild project. This allows anyone to view the status of an CodeBuild project. Build badges do not contain any security information, so they do not require authentication.

Build Environment

https://docs.aws.amazon.com/codebuild/latest/APIReference/API_ProjectEnvironment.html

Environment Image

The environment image is the container image for the containers that perform the build. The documentation also refers to it as "AWS CodeBuild Docker Image". AWS provides a number of "managed images":

Docker Images Provided by CodeBuild

Custom images can be built and used. The procedure to create a custom build image is documented here:

Build an AWS CodeBuild Docker Image

Privileged Build

A "privileged build" is a build that needs to run docker commands, such as that required to build an image, docker build. If the CodeBuild build project does not have the Privileged flag enabled and attempts to build images, it fails with:

Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

In case of custom environment images, different from those provided by AWS, even if the "privileged build" flag is enabled, the docker daemon must be started explicitly in the build specification - it is not started automatically as in the case of AWS-provided environment images. The following example shows how to configure the build specification:

Amend the Build Specification to Explicitly Start the Docker Daemon

Process and integrate: https://docs.aws.amazon.com/codebuild/latest/APIReference/API_ProjectEnvironment.html

Service Role

The service role, unless specified otherwise, is automatically created with the following policies:

CodeBuildBasePolicy-<build-project-name>-<region>

Example of working CodeBuildBasePolicy-*:

CodeBuildBasePolicy-* Example

CodeBuildCloudWatchLogsPolicy-<build-project-name>-<region>

For operational details on handling the service role, see:

CodeBuild Operations - Role name

Important: if the build process will need to access an ECR instance, the role must get required ECR actions. If the build process will need to access the API Gateway, the role must get the require API Gateway actions, and so on.

VPC

If a VPC is used to run the build, additional permissions and configuration may be needed to allow git clone, docker pull and so on.

Security Group

The build project configuration allows selecting on or more security groups, which are security groups that AWS CodeBuild should use to work with the VPC. The security groups should allow outbound connections.

Environment Variables

Environment Variables in Build Environments

Also see, below:

Build Environment

CODEBUILD_RESOLVED_SOURCE_VERSION

'CODEBUILD_RESOLVED_SOURCE_VERSION' carries an identifier for the version of a build's source code. The format is dependent on the source repository. For GitHub, it is the commit ID. Also see CloudFormation Deployment - Container Image Tag Considerations.

Build Specification, Buildspec

Buildspec

Build Environment

Environment Variables in Build Environments

Example of environment exposes to a CodeBuild build by a CodePipeline pipeline:

TARGET_BUCKET=example-buildbucket-1po70uz4qr4l5
CODEBUILD_LAST_EXIT=0
CODEBUILD_START_TIME=1552585467738
CODEBUILD_BMR_URL=https://CODEBUILD_AGENT:3000 
CODEBUILD_SOURCE_VERSION=arn:aws:s3:::example-buildbucket-1po70uz4qr4l5/example-Pipe/ContainerS/WqhFogn.zip
CODEBUILD_AGENT_ENDPOINT=http://127.0.0.1:7831
CODEBUILD_KMS_KEY_ID=arn:aws:kms:us-west-2:777777777777:alias/aws/s3
CODEBUILD_BUILD_ID=example:53fd170a-0445-42bd-9bf9-cd7b97dc3b13
CODEBUILD_RESOLVED_SOURCE_VERSION=46996c9340aee1415f57d81e77b88359c6ab3110
CODEBUILD_BUILD_SUCCEEDING=1
CODEBUILD_BUILD_ARN=arn:aws:codebuild:us-west-2:777777777777:build/example:43fd170a-0445-42bd-9bf8-cd7b97dc3b13
CODEBUILD_INITIATOR=codepipeline/example-Pipeline-8GR91NZTCLYVA
CODEBUILD_LOG_PATH=33fd170a-0445-42bd-9bf9-cd7b97dc3b15
CODEBUILD_BUILD_IMAGE=aws/codebuild/java:openjdk-8
CODEBUILD_SRC_DIR=/codebuild/output/src461115545/src
CODEBUILD_PROJECT_UUID=....
CODEBUILD_AUTH_TOKEN=.....
CODEBUILD_CONTAINER_NAME=default
CODEBUILD_EXECUTION_ROLE_BUILD=
CODEBUILD_BUILD_URL=https://us-west-2.console.aws.amazon.com/codebuild/home?region=us-west-2#/builds/example:43fd170a-0445-42bd-9bf9-cd7b97dc3b19/view/new
 
AWS_CONTAINER_CREDENTIALS_RELATIVE_URI=/v2/credentials/4b6c5959-d624-4bfb-b239-2f985281c878
AWS_EXECUTION_ENV=AWS_ECS_EC2
AWS_DEFAULT_REGION=us-west-2
AWS_REGION=us-west-2

ECS_CONTAINER_METADATA_URI=http://188.88.88.88/v3/481887c2-cfc5-49c1-a3da-c0a1a0139e90
 
JRE_HOME=/usr/lib/jvm/java-8-openjdk-amd64
JDK_HOME=/usr/lib/jvm/java-8-openjdk-amd64
JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64
JAVA_VERSION=8
JDK_VERSION=8u171-b11-2~14.04
ANT_VERSION=...
ANT_DOWNLOAD_SHA512=...
MAVEN_HOME=/opt/maven 
MAVEN_OPTS=-Dmaven.wagon.httpconnectionManager.maxPerRoute=2
MAVEN_CONFIG=/root/.m2
MAVEN_VERSION=3.5.4
MAVEN_DOWNLOAD_SHA1=...
GRADLE_DOWNLOAD_SHA256=...
GRADLE_VERSION=4.2.1
PYTHON_TOOL_VERSION=3.3-*
GITVERSION_VERSION=3.6.5

DOCKER_BUCKET=download.docker.com
DOCKER_SHA256=...
DOCKER_CHANNEL=stable
DOCKER_COMPOSE_VERSION=...
DOCKER_VERSION=17.09.0-ce

ENV=dev
REPOSITORY_URI=777777777777.dkr.ecr.us-west-2.amazonaws.com/example
SVC_TEMPLATE=container-generic-svcTemplate.yaml
OPENAPI_FILE_NAME=openapi-aws.json
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=4fcfb195f8c4

CodePipeline-Driven CodeBuild Builds

CodePipeline-Driven CodeBuild Builds

How the Build is Triggered

The build can be triggered manually from the console: Code Build -> Build projects -> select the project -> Start Build.

The build can be triggered programmatically. How?.

The build can be triggered by a repository push. How?

The build produces a container images and pushes it into a Docker repository. How about deploying it in ECS?

CodeBuild Operations

Create a Build Project

Organizatorium

  • Where is the project actually built? What resources? Relationship to VPC.