The code I am working on is stored in a CodeCommit repository. I have set up an event in EventBridge that triggers a CodeBuild project to start building when a pull request is created. However, there is one issue - the build status of the CodeBuild project is not being displayed in the pull request's activity section.
I have searched but haven't found any solution related to CodeCommit repository. Most of them related to GitHub repository. However, there is a way to post comment from CodeBuild to the pull request and I am trying to follow the below link. But the problem is to configure the buildspec I don't know how can I get the pull request id when the event is triggered.
aws codecommit post-comment-for-pull-request --pull-request-id $PULL_REQUEST_ID --repository-name $REPOSITORY_NAME --before-commit-id $DESTINATION_COMMIT --after-commit-id $SOURCE_COMMIT --content "$content"
https://devato.com/post/codecommit-codebuild-pull-request-workflow
Can anyone give me some ideas. Thanks!
Could you use EventBridge input transformer to get pull request id from a codecommit pull request event and pass it to a codebuild project target? EventBridge StartBuild request has environmentVariablesOverride which can be used to store pr id as env var.
https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-transform-target-input.html
Related
I try to create an AWS CodePipeline that will trigger and pull files from my GITHUB repo whenever there is a commit and then build & deploy to my ECS using CodeBuild.
I managed to create a CodeBuild that takes the files, builds a docker and tag + push it to the ECR and it's working perfectly fine.
BUT - when I try to use this CodeBuild project (which is working definitely OK manually) in my CodePipeline I receive an error. CLIENT_ERROR: AccessDenied: Access Denied status code: 403, request id: MRKXFJDHM0ZJF1F6, host id: C6ds+Gg//r7hxFtBuwwpOPfPPcLbywL5AEWkXixCqfdNbjuFOo4zKEqRx6immShnCNK4VgIyJTs= for primary source and source version arn:aws:s3:::codepipeline-us-east-1-805870671912/segev/SourceArti/Qm4QUD8
I understand it has some connection with the S3 bucket but I can not understand this error. Policies/roles are fine I guess.
Any idea why manually building is working OK and when the pipeline triggers the build I get this error?
Make sure the role associated to your CodePipeline has read&write permissions to your artifact S3, which from the error I can tell is arn:aws:s3:::codepipeline-us-east-1-805870671912
Check the docs about artifacts in CodePipeline:
https://docs.aws.amazon.com/codepipeline/latest/userguide/welcome-introducing-artifacts.html
Greetings.
I am using terraform to create all the infra(CodePipeline, lambda, buckets) on AWS
currently, I've created a pipeline that builds the source zip file and puts it on s3 bucket but the lambda still keeps using the older source. So, I update the URL manually in the AWS console and it works.
Now I want to automate the flow but available solutions are:
AWS SAM + CFT
Codebuild Stage to update the source using AWS CLI
Create a lambda that updates the source
Code Deploy + AWS SAM + CFT
I am not willing to use CFT at all since all of our code is in terraform and CFT requires me to create new lambdas instead of using old ones.
is there any other simpler way to update the lambda source through Codepipeline
The preferred way to deploy a Lambda via CodePipeline is using a CloudFormation Deploy action [1]. Since you are not looking to use CloudFormation, next option could be to run your terraform plan/apply commands from within a CodeBuild job that is part of the pipeline. You will need to provide the CodeBuild role required permission for resource creation (or export the credentials in Environment variabels for TF to use via this [2] method) and install the TF binary within install phase of buildspec.
Ref:
[1] Building a Continuous Delivery Pipeline for a Lambda Application with AWS CodePipeline - https://docs.aws.amazon.com/lambda/latest/dg/build-pipeline.html
[2] How to retrieve Secret Manager data in buildspec.yaml
I am trying to build CI/CD using AWS CodePipeline.
I am integrating the Git lab with AWS S3.I am using this link -
https://aws.amazon.com/quickstart/architecture/git-to-s3-using-webhooks/
When the code is pushed into a specific branch, the AWS API is called. ( I can see in the CloudWatch logs). But I am getting below error -
Failed to authenticate SSH session: Waiting for USERAUTH response:
GitError
Do I need to configure the GITlab username/keys anywhere on AWS/S3/Cloudformation side?
I have configured GIT PULL URL ( GitPullWebHookApi) on the Gitlab Webhooks side.
I have configured, the PublicSSHKey from AWS S3 Cloudformation into the Secret Token in Gitlab.
Am I missing any step?
Is there any document which specifies the steps to configure the Gitlab keys/user credentials for this integration?
Add the SSH public key resource "PublicSSHKey" generated by the Cloudformation Stack in the Gitlab user public key settings. Please remember that the public needs to added to each user's account who need to invoke the pipeline when committing a change in the Git repository. The Outputs tab for the CloudFormation stack contain the two webhook endpoint URLs, the output bucket name, and the public SSH key [1].
[1] https://aws-quickstart.s3.amazonaws.com/quickstart-git2s3/doc/git-to-amazon-s3-using-webhooks.pdf
I have a CodePipeline setup. But now I want to only have my Pipeline run when I trigger it manually, is that possible?
This worked for me:
Set up a regular pipeline with Github webhook set.
This will create and register an internal aws webhook.
Then simply deregister and remove the webhooks like it is written in the aws docs via aws-cli.
Adjust the following to your region, mine is us-east-2:
Find out the name of the webhook:
aws codepipeline list-webhooks
De-register:
aws codepipeline deregister-webhook-with-third-party --webhook-name <webhook-name>
Delete:
aws codepipeline delete-webhook --name <webhook-name>
Note:
It's necessary to have the source step configured to use the Github webhook.
Now you can trigger your pipeline manually via AWS Console or via aws-cli with:
aws codepipeline start-pipeline-execution --name <pipeline-name>
You need configure your CodePipeline to be triggered by CloudWatch event. Once you've done that, an event rule under CloudWatch named "codepipeline-{repository_name}" will be created.
Disabling this rule will stop CodePipeline from been triggered by CodeCommit. When you need a build, just click 'Release Change' button.
You can use CloudWatch Events, to never trigger your pipeline:
https://docs.aws.amazon.com/codepipeline/latest/userguide/pipelines-trigger-source-schedule-console.html
Set up a cronjob that will never execute, and then you can manually trigger the pipeline whenever you want by clicking on the 'Release change' button.
I haven't tested, but I think it should work.
Is it possible right now, programatically to get a list of commits on an AWS CodeCommit repository?
I understand I can use the git command, but I am trying to get the repository information by using CodeCommit's API. Is that possible, or des the API not exist?
An API to directly get commit history is not currently available.
As a general rule, we don't comment on the future direction of the service, but we'd be interested in hearing the details of your use case.
You can use:
aws codecommit get-branch --repository-name MyRepo --branch-name MyBranch
In order to get the commit ID of the branch.
Then you can call:
aws codecommit get-commit --repository-name MyRepo --commitId MyCommitID
to get the comment, author and parent commit ID.
Iterating through the parent IDs you can get the history.