You've already forked microservices
mirror of
https://github.com/ebosas/microservices.git
synced 2025-06-24 22:26:56 +02:00
Build S3 trigger
This commit is contained in:
ebosas
@ -14,4 +14,5 @@ phases:
|
|||||||
- docker push $REPO_URI:latest
|
- docker push $REPO_URI:latest
|
||||||
- docker push $REPO_URI:$TAG
|
- docker push $REPO_URI:$TAG
|
||||||
- printf '[{"name":"%s","imageUri":"%s"}]' $SERVICE $REPO_URI:$TAG > imagedefinitions.json
|
- printf '[{"name":"%s","imageUri":"%s"}]' $SERVICE $REPO_URI:$TAG > imagedefinitions.json
|
||||||
- aws s3 cp imagedefinitions.json s3://$ARTIFACT_BUCKET/$SERVICE/imagedefinitions.json
|
- zip $SERVICE.zip imagedefinitions.json
|
||||||
|
- aws s3 cp imagedefinitions.json s3://$ARTIFACT_BUCKET/imagedefinitions/$SERVICE.zip
|
||||||
@ -37,14 +37,15 @@ Resources:
|
|||||||
Statement:
|
Statement:
|
||||||
# Allow codepipeline to put artifacts in the S3 bucket
|
# Allow codepipeline to put artifacts in the S3 bucket
|
||||||
# as well as get artifacts back out of it.
|
# as well as get artifacts back out of it.
|
||||||
- Resource:
|
- Resource: "*"
|
||||||
- !Sub arn:aws:s3:::${ArtifactBucket}/*
|
# - !Sub arn:aws:s3:::${ArtifactBucket}/*
|
||||||
Effect: Allow
|
Effect: Allow
|
||||||
Action:
|
Action:
|
||||||
- s3:PutObject
|
- s3:PutObject
|
||||||
- s3:GetObject
|
- s3:GetObject
|
||||||
- s3:GetObjectVersion
|
- s3:GetObjectVersion
|
||||||
- s3:GetBucketVersioning
|
- s3:GetBucketVersioning
|
||||||
|
- s3:*
|
||||||
# Allow codepipeline to build code builds
|
# Allow codepipeline to build code builds
|
||||||
- Resource: "*"
|
- Resource: "*"
|
||||||
Effect: Allow
|
Effect: Allow
|
||||||
|
|||||||
@ -116,7 +116,7 @@ Resources:
|
|||||||
requestParameters:
|
requestParameters:
|
||||||
bucketName: [!Ref ArtifactBucket]
|
bucketName: [!Ref ArtifactBucket]
|
||||||
key:
|
key:
|
||||||
- !Sub ${ServiceName}/imagedefinitions.json
|
- !Sub imagedefinitions/${ServiceName}.json
|
||||||
detail-type: [AWS API Call via CloudTrail]
|
detail-type: [AWS API Call via CloudTrail]
|
||||||
source: [aws.s3]
|
source: [aws.s3]
|
||||||
Targets:
|
Targets:
|
||||||
@ -141,7 +141,7 @@ Resources:
|
|||||||
Pipeline:
|
Pipeline:
|
||||||
Type: AWS::CodePipeline::Pipeline
|
Type: AWS::CodePipeline::Pipeline
|
||||||
Properties:
|
Properties:
|
||||||
RoleArn: !GetAtt CodePipelineServiceRole.Arn
|
RoleArn: !Ref CodePipelineServiceRoleArn
|
||||||
ArtifactStore:
|
ArtifactStore:
|
||||||
Type: S3
|
Type: S3
|
||||||
Location: !Ref ArtifactBucket
|
Location: !Ref ArtifactBucket
|
||||||
@ -175,7 +175,7 @@ Resources:
|
|||||||
Provider: S3
|
Provider: S3
|
||||||
Configuration:
|
Configuration:
|
||||||
S3Bucket: !Ref ArtifactBucket
|
S3Bucket: !Ref ArtifactBucket
|
||||||
S3ObjectKey: !Sub ${ServiceName}/imagedefinitions.json
|
S3ObjectKey: !Sub imagedefinitions/${ServiceName}.json
|
||||||
PollForSourceChanges: false
|
PollForSourceChanges: false
|
||||||
OutputArtifacts:
|
OutputArtifacts:
|
||||||
- Name: Image
|
- Name: Image
|
||||||
@ -309,73 +309,6 @@ Resources:
|
|||||||
Action: codepipeline:StartPipelineExecution
|
Action: codepipeline:StartPipelineExecution
|
||||||
Resource: !Sub arn:aws:codepipeline:${AWS::Region}:${AWS::AccountId}:${Pipeline}
|
Resource: !Sub arn:aws:codepipeline:${AWS::Region}:${AWS::AccountId}:${Pipeline}
|
||||||
|
|
||||||
|
|
||||||
#-----------------------------------------------------------------------------#
|
|
||||||
# Role for CodePipeline service
|
|
||||||
#-----------------------------------------------------------------------------#
|
|
||||||
CodePipelineServiceRole:
|
|
||||||
Type: AWS::IAM::Role
|
|
||||||
Properties:
|
|
||||||
Path: /
|
|
||||||
AssumeRolePolicyDocument:
|
|
||||||
Version: 2012-10-17
|
|
||||||
Statement:
|
|
||||||
- Effect: Allow
|
|
||||||
Principal:
|
|
||||||
Service: codepipeline.amazonaws.com
|
|
||||||
Action: sts:AssumeRole
|
|
||||||
Policies:
|
|
||||||
- PolicyName: root
|
|
||||||
PolicyDocument:
|
|
||||||
Version: 2012-10-17
|
|
||||||
Statement:
|
|
||||||
# Allow codepipeline to put artifacts in the S3 bucket
|
|
||||||
# as well as get artifacts back out of it.
|
|
||||||
- Resource: "*"
|
|
||||||
Effect: Allow
|
|
||||||
Action:
|
|
||||||
- s3:PutObject
|
|
||||||
- s3:GetObject
|
|
||||||
- s3:GetObjectVersion
|
|
||||||
- s3:GetBucketVersioning
|
|
||||||
- s3:*
|
|
||||||
# Allow codepipeline to build code builds
|
|
||||||
- Resource: "*"
|
|
||||||
Effect: Allow
|
|
||||||
Action:
|
|
||||||
- codebuild:StartBuild
|
|
||||||
- codebuild:BatchGetBuilds
|
|
||||||
- iam:PassRole
|
|
||||||
# Allow codepipeline to deploy cloudformation stacks
|
|
||||||
- Effect: Allow
|
|
||||||
Action:
|
|
||||||
- cloudformation:CreateChangeSet
|
|
||||||
- cloudformation:CreateStack
|
|
||||||
- cloudformation:CreateUploadBucket
|
|
||||||
- cloudformation:DeleteStack
|
|
||||||
- cloudformation:Describe*
|
|
||||||
- cloudformation:List*
|
|
||||||
- cloudformation:UpdateStack
|
|
||||||
- cloudformation:ValidateTemplate
|
|
||||||
- cloudformation:ExecuteChangeSet
|
|
||||||
Resource: "*"
|
|
||||||
# Allow codepipeline to get images from ECR
|
|
||||||
- Effect: Allow
|
|
||||||
Action:
|
|
||||||
- ecr:GetAuthorizationToken
|
|
||||||
- ecr:BatchCheckLayerAvailability
|
|
||||||
- ecr:GetDownloadUrlForLayer
|
|
||||||
- ecr:GetRepositoryPolicy
|
|
||||||
- ecr:DescribeRepositories
|
|
||||||
- ecr:ListImages
|
|
||||||
- ecr:DescribeImages
|
|
||||||
- ecr:BatchGetImage
|
|
||||||
- ecr:GetLifecyclePolicy
|
|
||||||
- ecr:GetLifecyclePolicyPreview
|
|
||||||
- ecr:ListTagsForResource
|
|
||||||
- ecr:DescribeImageScanFindings
|
|
||||||
Resource: "*"
|
|
||||||
|
|
||||||
Outputs:
|
Outputs:
|
||||||
PipelineUrl:
|
PipelineUrl:
|
||||||
Value: !Sub https://console.aws.amazon.com/codepipeline/home?region=${AWS::Region}#/view/${Pipeline}
|
Value: !Sub https://console.aws.amazon.com/codepipeline/home?region=${AWS::Region}#/view/${Pipeline}
|
||||||
|
|||||||
Reference in New Issue
Block a user