From 4c2d3985167e0f631cef97c7398b11894df14e4f Mon Sep 17 00:00:00 2001 From: Steph Roberts Date: Mon, 15 Jul 2024 23:27:08 +0000 Subject: [PATCH 1/3] Remove webhook/triggers from CodeBuild CF stack template --- .../codebuild-devbuild-stack.yml | 56 ------------------- 1 file changed, 56 deletions(-) diff --git a/build-infrastructure/codebuild-devbuild-stack.yml b/build-infrastructure/codebuild-devbuild-stack.yml index ca9bc79cd70..0ef06747769 100644 --- a/build-infrastructure/codebuild-devbuild-stack.yml +++ b/build-infrastructure/codebuild-devbuild-stack.yml @@ -46,13 +46,6 @@ Resources: Location: !Ref GithubFullRepoName Type: GITHUB TimeoutInMinutes: 60 - Triggers: - BuildType: BUILD - # Config list of developers allowlisted to create builds when creating PRs to GithubBranchName - # This allow list can be modified using aws-cli or aws-sdk - # CodeBuild also supports pattern matches using regex, but this is not useful for listing different Github IDs - # so they have to be listed separately - Webhook: true Visibility: PRIVATE UbuntuArmProject: Type: 'AWS::CodeBuild::Project' @@ -81,13 +74,6 @@ Resources: Location: !Ref GithubFullRepoName Type: GITHUB TimeoutInMinutes: 60 - Triggers: - BuildType: BUILD - # Config list of developers allowlisted to create builds when creating PRs to GithubBranchName - # This allow list can be modified using aws-cli or aws-sdk - # CodeBuild also supports pattern matches using regex, but this is not useful for listing different Github IDs - # so they have to be listed separately - Webhook: true Visibility: PRIVATE ArmProject: Type: 'AWS::CodeBuild::Project' @@ -116,13 +102,6 @@ Resources: Location: !Ref GithubFullRepoName Type: GITHUB TimeoutInMinutes: 60 - Triggers: - BuildType: BUILD - # Config list of developers allowlisted to create builds when creating PRs to GithubBranchName - # This allow list can be modified using aws-cli or aws-sdk - # CodeBuild also supports pattern matches using regex, but this is not useful for listing different Github IDs - # so they have to be listed separately - Webhook: true Visibility: PRIVATE AmdProject: Type: 'AWS::CodeBuild::Project' @@ -151,13 +130,6 @@ Resources: Location: !Ref GithubFullRepoName Type: GITHUB TimeoutInMinutes: 60 - Triggers: - BuildType: BUILD - # Config list of developers allowlisted to create builds when creating PRs to GithubBranchName - # This allow list can be modified using aws-cli or aws-sdk - # CodeBuild also supports pattern matches using regex, but this is not useful for listing different Github IDs - # so they have to be listed separately - Webhook: true Visibility: PRIVATE # Creates a CodeBuild project for Amazon Linux 2 ARM @@ -188,13 +160,6 @@ Resources: Location: !Ref GithubFullRepoName Type: GITHUB TimeoutInMinutes: 60 - Triggers: - BuildType: BUILD - # Config list of developers allowlisted to create builds when creating PRs to GithubBranchName - # This allow list can be modified using aws-cli or aws-sdk - # CodeBuild also supports pattern matches using regex, but this is not useful for listing different Github IDs - # so they have to be listed separately - Webhook: true Visibility: PRIVATE # Creates a CodeBuild project for Amazon Linux 2 AMD @@ -225,13 +190,6 @@ Resources: Location: !Ref GithubFullRepoName Type: GITHUB TimeoutInMinutes: 60 - Triggers: - BuildType: BUILD - # Config list of developers allowlisted to create builds when creating PRs to GithubBranchName - # This allow list can be modified using aws-cli or aws-sdk - # CodeBuild also supports pattern matches using regex, but this is not useful for listing different Github IDs - # so they have to be listed separately - Webhook: true Visibility: PRIVATE # Creates a CodeBuild project for Amazon Linux 2023 ARM @@ -262,13 +220,6 @@ Resources: Location: !Ref GithubFullRepoName Type: GITHUB TimeoutInMinutes: 60 - Triggers: - BuildType: BUILD - # Config list of developers allowlisted to create builds when creating PRs to GithubBranchName - # This allow list can be modified using aws-cli or aws-sdk - # CodeBuild also supports pattern matches using regex, but this is not useful for listing different Github IDs - # so they have to be listed separately - Webhook: true Visibility: PRIVATE # Creates a CodeBuild project for Amazon Linux 2023 AMD @@ -299,13 +250,6 @@ Resources: Location: !Ref GithubFullRepoName Type: GITHUB TimeoutInMinutes: 60 - Triggers: - BuildType: BUILD - # Config list of developers allowlisted to create builds when creating PRs to GithubBranchName - # This allow list can be modified using aws-cli or aws-sdk - # CodeBuild also supports pattern matches using regex, but this is not useful for listing different Github IDs - # so they have to be listed separately - Webhook: true Visibility: PRIVATE # Defines the service roles for the CodeBuild projects From c6237806349594530aa8f4a1edc195092cfdad85 Mon Sep 17 00:00:00 2001 From: Steph Roberts Date: Thu, 18 Jul 2024 17:26:30 +0000 Subject: [PATCH 2/3] Disable artifact encryption on CodeBuild devbuild stack template --- build-infrastructure/codebuild-devbuild-stack.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/build-infrastructure/codebuild-devbuild-stack.yml b/build-infrastructure/codebuild-devbuild-stack.yml index 0ef06747769..4248dee25ab 100644 --- a/build-infrastructure/codebuild-devbuild-stack.yml +++ b/build-infrastructure/codebuild-devbuild-stack.yml @@ -23,6 +23,7 @@ Resources: Type: 'AWS::CodeBuild::Project' Properties: Artifacts: + EncryptionDisabled : true Location: !Ref BuildBucketName NamespaceType: NONE OverrideArtifactName: true @@ -51,6 +52,7 @@ Resources: Type: 'AWS::CodeBuild::Project' Properties: Artifacts: + EncryptionDisabled : true Location: !Ref BuildBucketName NamespaceType: NONE OverrideArtifactName: true @@ -79,6 +81,7 @@ Resources: Type: 'AWS::CodeBuild::Project' Properties: Artifacts: + EncryptionDisabled : true Location: !Ref BuildBucketName NamespaceType: NONE OverrideArtifactName: true @@ -107,6 +110,7 @@ Resources: Type: 'AWS::CodeBuild::Project' Properties: Artifacts: + EncryptionDisabled : true Location: !Ref BuildBucketName NamespaceType: NONE OverrideArtifactName: true @@ -137,6 +141,7 @@ Resources: Type: 'AWS::CodeBuild::Project' Properties: Artifacts: + EncryptionDisabled : true Location: !Ref BuildBucketName NamespaceType: NONE OverrideArtifactName: true @@ -167,6 +172,7 @@ Resources: Type: 'AWS::CodeBuild::Project' Properties: Artifacts: + EncryptionDisabled : true Location: !Ref BuildBucketName NamespaceType: NONE OverrideArtifactName: true @@ -197,6 +203,7 @@ Resources: Type: 'AWS::CodeBuild::Project' Properties: Artifacts: + EncryptionDisabled : true Location: !Ref BuildBucketName NamespaceType: NONE OverrideArtifactName: true @@ -227,6 +234,7 @@ Resources: Type: 'AWS::CodeBuild::Project' Properties: Artifacts: + EncryptionDisabled : true Location: !Ref BuildBucketName NamespaceType: NONE OverrideArtifactName: true From 699da99bc3f7ed459da80762bc512d9710873f00 Mon Sep 17 00:00:00 2001 From: Steph Roberts <114956067+Ephylouise@users.noreply.github.com> Date: Thu, 18 Jul 2024 14:49:14 -0700 Subject: [PATCH 3/3] Remove trailing space on EcryptionDisabled lines --- .../codebuild-devbuild-stack.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/build-infrastructure/codebuild-devbuild-stack.yml b/build-infrastructure/codebuild-devbuild-stack.yml index 4248dee25ab..ab0b26300c2 100644 --- a/build-infrastructure/codebuild-devbuild-stack.yml +++ b/build-infrastructure/codebuild-devbuild-stack.yml @@ -23,7 +23,7 @@ Resources: Type: 'AWS::CodeBuild::Project' Properties: Artifacts: - EncryptionDisabled : true + EncryptionDisabled: true Location: !Ref BuildBucketName NamespaceType: NONE OverrideArtifactName: true @@ -52,7 +52,7 @@ Resources: Type: 'AWS::CodeBuild::Project' Properties: Artifacts: - EncryptionDisabled : true + EncryptionDisabled: true Location: !Ref BuildBucketName NamespaceType: NONE OverrideArtifactName: true @@ -81,7 +81,7 @@ Resources: Type: 'AWS::CodeBuild::Project' Properties: Artifacts: - EncryptionDisabled : true + EncryptionDisabled: true Location: !Ref BuildBucketName NamespaceType: NONE OverrideArtifactName: true @@ -110,7 +110,7 @@ Resources: Type: 'AWS::CodeBuild::Project' Properties: Artifacts: - EncryptionDisabled : true + EncryptionDisabled: true Location: !Ref BuildBucketName NamespaceType: NONE OverrideArtifactName: true @@ -141,7 +141,7 @@ Resources: Type: 'AWS::CodeBuild::Project' Properties: Artifacts: - EncryptionDisabled : true + EncryptionDisabled: true Location: !Ref BuildBucketName NamespaceType: NONE OverrideArtifactName: true @@ -172,7 +172,7 @@ Resources: Type: 'AWS::CodeBuild::Project' Properties: Artifacts: - EncryptionDisabled : true + EncryptionDisabled: true Location: !Ref BuildBucketName NamespaceType: NONE OverrideArtifactName: true @@ -203,7 +203,7 @@ Resources: Type: 'AWS::CodeBuild::Project' Properties: Artifacts: - EncryptionDisabled : true + EncryptionDisabled: true Location: !Ref BuildBucketName NamespaceType: NONE OverrideArtifactName: true @@ -604,4 +604,4 @@ Resources: - 's3:GetBucketAcl' - 's3:GetBucketLocation' PolicyName: !Sub '${AWS::StackName}-ServicePolicyAmzn2023Amd' - RoleName: !Sub '${AWS::StackName}-ServiceRoleAmzn2023Amd' \ No newline at end of file + RoleName: !Sub '${AWS::StackName}-ServiceRoleAmzn2023Amd'