This repository has been archived by the owner on Jun 28, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
helloworld-codebuild-cf-template.py
105 lines (94 loc) · 3.13 KB
/
helloworld-codebuild-cf-template.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
"""Generating CloudFormation template."""
from awacs.aws import (
Allow,
Policy,
Principal,
Statement
)
from awacs.sts import AssumeRole
from troposphere import (
Join,
Ref,
Template
)
from troposphere.codebuild import (
Artifacts,
Environment,
Project,
Source
)
from troposphere.iam import Role
t = Template()
t.add_description("Effective DevOps in AWS: CodeBuild - Helloworld container")
t.add_resource(Role(
"ServiceRole",
AssumeRolePolicyDocument=Policy(
Statement=[
Statement(
Effect=Allow,
Action=[AssumeRole],
Principal=Principal("Service", ["codebuild.amazonaws.com"])
)
]
),
Path="/",
ManagedPolicyArns=[
'arn:aws:iam::aws:policy/AWSCodePipelineReadOnlyAccess',
'arn:aws:iam::aws:policy/AWSCodeBuildDeveloperAccess',
'arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPowerUser',
'arn:aws:iam::aws:policy/AmazonS3FullAccess',
'arn:aws:iam::aws:policy/CloudWatchLogsFullAccess'
]
))
environment = Environment(
ComputeType='BUILD_GENERAL1_SMALL',
Image='aws/codebuild/docker:1.12.1',
Type='LINUX_CONTAINER',
EnvironmentVariables=[
{'Name': 'REPOSITORY_NAME', 'Value': 'helloworld'},
{'Name': 'REPOSITORY_URI',
'Value': Join("", [
Ref("AWS::AccountId"),
".dkr.ecr.",
Ref("AWS::Region"),
".amazonaws.com",
"/",
"helloworld"])},
],
)
buildspec = """version: 0.1
phases:
pre_build:
commands:
- aws codepipeline get-pipeline-state --name "${CODEBUILD_INITIATOR##*/}" --query stageStates[?actionStates[0].latestExecution.externalExecutionId==\`$CODEBUILD_BUILD_ID\`].latestExecution.pipelineExecutionId --output=text > /tmp/execution_id.txt
- aws codepipeline get-pipeline-execution --pipeline-name "${CODEBUILD_INITIATOR##*/}" --pipeline-execution-id $(cat /tmp/execution_id.txt) --query 'pipelineExecution.artifactRevisions[0].revisionId' --output=text > /tmp/tag.txt
- printf "%s:%s" "$REPOSITORY_URI" "$(cat /tmp/tag.txt)" > /tmp/build_tag.txt
- printf '{"tag":"%s"}' "$(cat /tmp/tag.txt)" > /tmp/build.json
- $(aws ecr get-login --no-include-email)
build:
commands:
- docker build -t "$(cat /tmp/build_tag.txt)" .
post_build:
commands:
- docker push "$(cat /tmp/build_tag.txt)"
- aws ecr batch-get-image --repository-name $REPOSITORY_NAME --image-ids imageTag="$(cat /tmp/tag.txt)" --query 'images[].imageManifest' --output text | tee /tmp/latest_manifest.json
- aws ecr put-image --repository-name $REPOSITORY_NAME --image-tag latest --image-manifest "$(cat /tmp/latest_manifest.json)"
artifacts:
files: /tmp/build.json
discard-paths: yes
"""
t.add_resource(Project(
"CodeBuild",
Name='HelloWorldContainer',
Environment=environment,
ServiceRole=Ref("ServiceRole"),
Source=Source(
Type="CODEPIPELINE",
BuildSpec=buildspec
),
Artifacts=Artifacts(
Type="CODEPIPELINE",
Name="output"
),
))
print(t.to_json())