Simple GitHub Simulated Shell Build Simulated Deployment AWS CodePipeline Pipeline

From NovaOrdis Knowledge Base
Jump to navigation Jump to search

Internal

Overview

An example of a simple pipeline to be created with CloudFormation, and that reads code from a GitHub repository, applies a trivial "build" transformation and "deploys" the final artifacts via a CloudFormation project-embedded stack.

Prerequisites

  • The example requires a GitHub repository to be available. We'll use https://github.com/ovidiuf/aws-pipeline-source-example. The repository contains buildspec metadata, that drives the build, and a CloudFormation stack specification, that drives the deployment.
  • The CodeBuild, CodePipeline and CloudFormation service roles, required by the build service, which performs the build, the CloudFormation service, which performs the deployment, and CodePipeline service, which drives both of them, must be created in advanced and referred from the CloudFormation pipeline stack specification by their ARN, or by reference. I tried creating them as part of the same stack, but I got: "CodeBuild is not authorized to perform: sts:AssumeRole on ...". If they exist when the stack creation is attempted, it works. TODO: try to declare them in the same stack, experiment with dependencies, try to make this work.. An auxiliary CloudFormation stack that creates those roles is available here:

Procedure

CodeFormation Stack

The CodePipeline pipeline, the delegate CodeBuild project, and the S3 bucket to keep the artifacts produced by the pipeline will be created as part of one CodeFormation stack: 

AWSTemplateFormatVersion: "2010-09-09"

Description: "thalarion release pipeline stack, used by A Simple GitHub - Simulated Shell Build - Simulated Deployment Pipeline Example"

Resources:

  BuildBucket:
    Type: AWS::S3::Bucket
    Properties:
      AccessControl: BucketOwnerFullControl

  CodeBuildProject:
    Type: AWS::CodeBuild::Project
    Properties:
      Name: !Ref AWS::StackName
      ServiceRole: arn:aws:iam::777777777777:role/service-role/themyscira-cicd-prerequisites-CodeBuildServiceRole-1D78FK6LAM8ZS
      Source:
        Type: CODEPIPELINE
        BuildSpec: buildspec.yml
      Artifacts:
        Type: CODEPIPELINE
      Environment:
        Type: LINUX_CONTAINER
        ComputeType: BUILD_GENERAL1_SMALL
        Image: 'aws/codebuild/java:openjdk-8'
        PrivilegedMode: true
        EnvironmentVariables:
          - Name: TEST_VARIABLE
            Value: test-value
      TimeoutInMinutes: 20

  Pipeline:
    Type: AWS::CodePipeline::Pipeline
    Properties:
      Name: !Ref AWS::StackName
      RoleArn: arn:aws:iam::777777777777:role/service-role/themyscira-cicd-prerequisi-CodePipelineServiceRole-1NUBQ8NUB9IOE
      RestartExecutionOnUpdate: true
      ArtifactStore:
        Type: 'S3'
        Location: !Ref BuildBucket
      Stages:
        - Name: Source
          Actions:
          - Name: 'github-pull'
            ActionTypeId:
              Category: Source
              Owner: ThirdParty
              Version: '1'
              Provider: GitHub
            Configuration:
              Owner: 'ovidiuf'
              Repo: 'aws-pipeline-source-example'
              Branch: 'master'
              OAuthToken: '*****'
            InputArtifacts: []
            OutputArtifacts:
            - Name: 'sources'
            RunOrder: 1
        - Name: Build
          Actions:
          - Name: 'buildspec-driven-build'
            ActionTypeId:
              Category: Build
              Owner: AWS
              Version: '1'
              Provider: CodeBuild
            InputArtifacts:
              - Name: 'sources'
            OutputArtifacts:
              - Name: 'build-files'
            Configuration:
              ProjectName: !Ref CodeBuildProject
            RunOrder: 1
#        - Name: Deploy
#          Actions:
#            - Name: Deploy
#              ActionTypeId:
#                Category: Deploy
#                Owner: AWS
#                Version: '1'
#                Provider: CloudFormation
#              InputArtifacts:
#                - Name:  'sources'
#                - Name: 'build-files'
#              OutputArtifacts: []
#              Configuration:
#                StackName: !Join ['-', ["themyscira-deployment", !Sub '${AWS::Region}']]
#                ActionMode: CREATE_UPDATE
#                Capabilities: CAPABILITY_IAM
#                TemplatePath: !Sub ContainerSrc::${SvcTemplate}
#                TemplateConfiguration: ContainerBuild::overrides.json
#                ParameterOverrides: !Sub '{ "ECRRepository": "${ECRRepository}", "EnvironmentName": "${CFEnvironment}", "Image": "${AWS::AccountId}.dkr.ecr.${AWS::Region}.amazonaws.com/${ECRRepository}", "DeploymentStackName": "${DeploymentStackName}", "GitHubRepo": "${GitHubRepositoryName}" }'
#                RoleArn:
#                  Fn::ImportValue: !Sub '${AWS::Region}-CloudFormationDeploymentRole'
#              RunOrder: 1

Buildspec

The GitHub repository should expose a builspec.yml in root. A simple example is available here:

buildspec.yml Example

Deployment Stack

Retrieved from "https://kb.novaordis.com/index.php?title=Simple_GitHub_Simulated_Shell_Build_Simulated_Deployment_AWS_CodePipeline_Pipeline&oldid=56282"