Simple GitHub Simulated Shell Build Simulated Deployment AWS CodePipeline Pipeline
Jump to navigation
Jump to search
Internal
Overview
An example of a simple pipeline to be created with CloudFormation, and that reads code from a GitHub repository, applies a trivial "build" transformation and "deploys" the final artifacts via a CloudFormation project-embedded stack.
Prerequisites
- The example requires a GitHub repository to be available. We'll use https://github.com/ovidiuf/aws-pipeline-source-example. The repository contains buildspec metadata, that drives the build, and a CloudFormation stack specification, that drives the deployment.
- The CodeBuild, CodePipeline and CloudFormation service roles, required by the build service, which performs the build, the CloudFormation service, which performs the deployment, and CodePipeline service, which drives both of them, must be created in advanced and referred from the CloudFormation pipeline stack specification by their ARN, or by reference. I tried creating them as part of the same stack, but I got: "CodeBuild is not authorized to perform: sts:AssumeRole on ...". If they exist when the stack creation is attempted, it works. TODO: try to declare them in the same stack, experiment with dependencies, try to make this work.
Procedure
CodeFormation Stack
The CodePipeline pipeline, the delegate CodeBuild project, and the S3 bucket to keep the artifacts produced by the pipeline will be created as part of one CodeFormation stack:
AWSTemplateFormatVersion: "2010-09-09"
Description: "thalarion release pipeline stack, used by A Simple GitHub - Simulated Shell Build - Simulated Deployment Pipeline Example"
Resources:
BuildBucket:
Type: AWS::S3::Bucket
Properties:
AccessControl: BucketOwnerFullControl
CodeBuildProject:
Type: AWS::CodeBuild::Project
Properties:
Name: !Ref AWS::StackName
ServiceRole: arn:aws:iam::777777777777:role/service-role/themyscira-cicd-prerequisites-CodeBuildServiceRole-1D78FK6LAM8ZS
Source:
Type: CODEPIPELINE
BuildSpec: buildspec.yml
Artifacts:
Type: CODEPIPELINE
Environment:
Type: LINUX_CONTAINER
ComputeType: BUILD_GENERAL1_SMALL
Image: 'aws/codebuild/java:openjdk-8'
PrivilegedMode: true
EnvironmentVariables:
- Name: TEST_VARIABLE
Value: test-value
TimeoutInMinutes: 20
Pipeline:
Type: AWS::CodePipeline::Pipeline
Properties:
Name: !Ref AWS::StackName
RoleArn: arn:aws:iam::777777777777:role/service-role/themyscira-cicd-prerequisi-CodePipelineServiceRole-1NUBQ8NUB9IOE
RestartExecutionOnUpdate: true
ArtifactStore:
Type: 'S3'
Location: !Ref BuildBucket
Stages:
- Name: Source
Actions:
- Name: 'github-pull'
ActionTypeId:
Category: Source
Owner: ThirdParty
Version: '1'
Provider: GitHub
Configuration:
Owner: 'ovidiuf'
Repo: 'aws-pipeline-source-example'
Branch: 'master'
OAuthToken: '*****'
InputArtifacts: []
OutputArtifacts:
- Name: 'sources'
RunOrder: 1
- Name: Build
Actions:
- Name: 'buildspec-driven-build'
ActionTypeId:
Category: Build
Owner: AWS
Version: '1'
Provider: CodeBuild
InputArtifacts:
- Name: 'sources'
OutputArtifacts:
- Name: 'build-files'
Configuration:
ProjectName: !Ref CodeBuildProject
RunOrder: 1
# - Name: Deploy
# Actions:
# - Name: Deploy
# ActionTypeId:
# Category: Deploy
# Owner: AWS
# Version: '1'
# Provider: CloudFormation
# InputArtifacts:
# - Name: 'sources'
# - Name: 'build-files'
# OutputArtifacts: []
# Configuration:
# StackName: !Join ['-', ["themyscira-deployment", !Sub '${AWS::Region}']]
# ActionMode: CREATE_UPDATE
# Capabilities: CAPABILITY_IAM
# TemplatePath: !Sub ContainerSrc::${SvcTemplate}
# TemplateConfiguration: ContainerBuild::overrides.json
# ParameterOverrides: !Sub '{ "ECRRepository": "${ECRRepository}", "EnvironmentName": "${CFEnvironment}", "Image": "${AWS::AccountId}.dkr.ecr.${AWS::Region}.amazonaws.com/${ECRRepository}", "DeploymentStackName": "${DeploymentStackName}", "GitHubRepo": "${GitHubRepositoryName}" }'
# RoleArn:
# Fn::ImportValue: !Sub '${AWS::Region}-CloudFormationDeploymentRole'
# RunOrder: 1
Buildspec
The GitHub repository should expose a builspec.yml in root. A simple example is available here: