-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathpipeline.yaml
135 lines (125 loc) · 3.94 KB
/
pipeline.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
AWSTemplateFormatVersion: '2010-09-09'
Description: >
scheduled-event-adjuster-pipeline
This template builds the CI/CD pipeline used to package the
scheduled-event-adjuster solution.
Parameters:
GitHubRepository:
Type: String
Description: The full name of the GitHub repository that triggers the
build.
Resources:
RepoConnection:
Type: AWS::CodeStarConnections::Connection
Properties:
ConnectionName: aws-scheduled-event-adjuster
ProviderType: GitHub
PipelineArtifactStoreBucket:
Type: AWS::S3::Bucket
# Avoid deletion failures due to non-empty bucket
DeletionPolicy: Retain
SolutionBucket:
Type: AWS::S3::Bucket
# Avoid deletion failures due to non-empty bucket
DeletionPolicy: Retain
CodeBuildServiceRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service: codebuild.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: 'ArtifactUploadPolicy'
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: 'Allow'
Action:
- 's3:ListBuckets'
Resource: '*'
- Effect: 'Allow'
Action:
- 's3:PutObject'
- 's3:GetObject'
Resource:
- !Sub '${SolutionBucket.Arn}'
- !Sub '${SolutionBucket.Arn}/*'
- !Sub '${PipelineArtifactStoreBucket.Arn}'
- !Sub '${PipelineArtifactStoreBucket.Arn}/*'
- Effect: 'Allow'
Action:
- 'logs:*'
Resource: '*'
# ManagedPolicyArns:
# - arn:aws:iam::aws:policy/AdministratorAccess
CodeBuildProject:
Type: AWS::CodeBuild::Project
Properties:
Artifacts:
ArtifactIdentifier: SourceArtifact
Type: CODEPIPELINE
Environment:
ComputeType: BUILD_GENERAL1_SMALL
EnvironmentVariables:
- Name: SOLUTION_BUCKET
Type: PLAINTEXT
Value: !Ref SolutionBucket
Image: aws/codebuild/amazonlinux2-x86_64-standard:3.0
PrivilegedMode: true
Type: LINUX_CONTAINER
ServiceRole: !Ref CodeBuildServiceRole
Source:
Type: CODEPIPELINE
BuildSpec: ./buildspec.yaml
CodePipelineServiceRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service: codepipeline.amazonaws.com
Action: sts:AssumeRole
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AdministratorAccess
CodePipelinePipeline:
Type: AWS::CodePipeline::Pipeline
Properties:
ArtifactStore:
Location: !Ref PipelineArtifactStoreBucket
Type: S3
RoleArn: !GetAtt CodePipelineServiceRole.Arn
Stages:
- Name: Source
Actions:
- Name: Source
ActionTypeId:
Category: Source
Owner: AWS
Provider: CodeStarSourceConnection
Version: 1
Configuration:
ConnectionArn: !Ref RepoConnection
FullRepositoryId: !Ref GitHubRepository
BranchName: master
OutputArtifacts:
- Name: SourceArtifact
- Name: Build
Actions:
- Name: Build
ActionTypeId:
Category: Build
Owner: AWS
Provider: CodeBuild
Version: 1
Configuration:
ProjectName: !Ref CodeBuildProject
InputArtifacts:
- Name: SourceArtifact
OutputArtifacts:
- Name: BuildArtifact