AWS CodePipeline recognizes my new GitHub commit fine - but how? - amazon-web-services

I am currently fiddling around with AWS CodePipeline for the first time and set up the Source and the Build step so far with a demo project.
I have connected the Source Step with a GitHub account (a system-account we use), with admin access to all Repos. As the documentation states, the OAuth-scopes admin:repo_hook and repo are required for this to use; which are granted and the connection is fine.
As the title of this question already states: The integration works just fine - when I push a new commit on master to GitHub, the Pipeline starts working and runs through smoothly.
My question however is: How? As the docs state here:
To integrate with GitHub, AWS CodePipeline uses OAuth tokens
however, when looking in my GitHub settings, I would have expected to find the application listed as an "OAuth application" directly on the Repository or on the organization "OAuth applications", but neither is the case!
Thus, I am wondering how CodePipeline recognizes my new commit. Is it polling the SCM or some other sort of magic? I did not find any WebHooks either.
Thank you in advance!

AWS CodePipeline is connected to GitHub via the new "Integrations" concept: https://github.com/integrations/aws-codepipeline
This concept was announced here: https://developer.github.com/changes/2016-09-14-Integrations-Early-Access/
GitHub Integrations authenticate using JSON Web Tokens and private/public keys, so I'm not sure if AWS are technically correct in describing that as "OAuth" or not. Details here: https://developer.github.com/early-access/integrations/authentication/#as-an-integration

Related

Using NextJS On Demand Revalidation on AWS Amplify

We have built a NextJS website that is running on AWS Amplify, we are currently using getStaticProps in order to render the pages, and we generate them using getStaticPaths.
We would like to use on-demand revalidation in order to refresh the data on our command when we update the database, for example.
Our local env works perfectly, the data is the same until we change and revalidate using our secret API endpoint, on the other hand when we deploy to AWS Amplify, the revalidation doesn't work.
We looked into the logs and didn't see any errors, nor are the permissions for SQS invalid. We even removed the branch and redeployed it, yet nothing worked.
I have tried searching for the same problem online yet didn't find any solution, did anyone here stumble upon the same issue?
Thank you!
Seems like this isn't supported yet, and in the works by the Amplify team.
This was answered in an issue I opened on Amplify's GitHub:
https://github.com/aws-amplify/amplify-hosting/issues/3116
right now, Amplify Hosting does not support on-demand ISR. Supporting
it is on our roadmap and we will update our documentation to make this
clear.
I'm using Vercel while they work on that.

AWS Amplify: Switch existing app to new repository?

Question
Is there any way to point existing Amplify apps to new repositories? Failing that, is there a way to clone Amplify app settings (including Backend environments) from one app to another?
Background
I was a complete newcomer to AWS until several months ago, when I inherited responsibility for an existing set of AWS apps developed by another team.
In our AWS account, Amplify is configured to use GitLab repositories which were under the previous team's control. I got a copy of the code, but I don't have access to the repositories.
So I uploaded the code to a new Bitbucket repository, and now I need to point the existing apps in Amplify to the new repositories. My goal is to be able to push changes to my new repository and have Amplify detect those changes so the new build can be pushed.
3 Unsuccessful Solutions
I've tried approaching this problem from a few different angles.
1. Create a new app
I created a new app which points to the new repository, which proved to be very simple. But I didn't anticipate how difficult it would be to migrate settings (especially the Backend environment) from one app to the other. So I thought it might be simpler to point the existing apps at the new repository.
2. Reconnect Repository
I thought that configuring a new repository for an existing app would be relatively straightforward. Here's the procedure I followed.
Log into AWS Console and navigate to the Amplify service
From the list of apps, select the one I want to modify
Under "App settings", select the "General" tab
Click the "Reconnect repository" button
A dialog box popped up: "Reconnect your Git repository". It prompted me to select from a dropdown list of "Recently updated repositories", but that list was empty. There's no place to enter an address for a new repository, so this path seems to be a dead end.
3. Create a Connection
I tried to "Create a connection to Bitbucket" as described in AWS documentation here: https://docs.aws.amazon.com/dtconsole/latest/userguide/connections-create-bitbucket.html
But the "Developer Tools" console seems unrelated to Amplify. The connection was created successfully, but it doesn't appear in the "Recently updated repositories" list, and I don't know how else it can be used.
If you are okay with a CLI solution, have a look at the comment below from https://github.com/aws-amplify/amplify-hosting/issues/288#issuecomment-737192995
aws amplify update-app --app-id AMPLIFY_APP_ID --repository REPOSITORY_URL --access-token ACCESS_TOKEN
... worked for me, transferring from one github account to another
github account and repo. I know it's not quite what the OP was doing,
but thought it may be worth noting that:
The AMPLIFY_APP_ID is the last bit of the app ARN (e.g.
dXXXXXXXXXXXXX)
For github repositories, the access token is a
Personal Access Token (https://github.com/settings/tokens).
I gave it all of the repo and admin:repo_hook privileges. That had to be created from the repository owner's account, not a contributor.
This helped me to change that app to point to a different GitHub repository.
AWS CLI requires some setup though, the documentation is available here https://docs.aws.amazon.com/cli/latest/userguide/getting-started-quickstart.html
Edit: You might also have to Reconnect The Repository using the UI after changing it using the CLI

Update an existing deployment using deployment manager update API

I use Java APIs for the CRUD operations of the google cloud deployment manager API. I can create, preview, delete deployments OK.
But when I try to update an existing deployment that's in preview mode, the API returns the below error.
Deployment in preview must not have a target with UPDATE
The same inputs works OK for create and preview. So, I'm sure that the inputs are OK.
I looked up for others who have reported this issue.
Here is one such report but no solution.
Does anyone know if there's a git hub repo for google cloud deployment manager where we can report this issue?
As mentioned in the answer here, is a known issue and you can still use the workaround suggested.
I have created an issue tracker for this error message. So, you can add your comments there and follow up for upcoming updates.

AWS codebuild not building my github pull requests

I have set up the AWS codebuild to my github repo, but unfortunately my pull requests are not being built. Only the commits.
According to the AWS codebuild documentation, the pull request builds should be supported natively.
I have checked the option to run the build whenever the code changes.
Is this feature supposed to work seamlessly? I can see github actually sends webhooks upon PR with:
X-GitHub-Event: pull_request
but nothing happens on AWS codebuild side..
how can i troubleshoot this?
Can you look at the response you're getting from back from AWSCodeBuild this should be in Repository -> Settings -> Webhooks -> https://codebuild.#{region}.amazonaws.com/webhooks. From here you can scroll to the bottom of the page and look at Recent Deliveries.
Could you let me know the latest output from a PR.
John

Deploy as Jenkins User or Allow Jenkins To Run As Different User?

I'm just getting started with Jenkins CI, and had a question which I'm
struggling to find answers for in the docs or online. Wonder if
someone might be able to offer some advice?
I'm attempting to use it to automatically deploy my dev and stage
branches of my Django projects which are hosted on a Github
organisation repository (ie, private). At the moment I have a user
"django" who can access the Github repo via a Github deploy key. My
Jenkins user can't access the repo. What's the best practice way of
dealing with this - should I be creating an ssh deploy key for the
"jenkins" user, or should I be getting Jenkins to run as my "django"
user? I've seen mention if a HUDSON_USER in a newsgroup post, but I
can't find reference to this in the docs.
Many thanks!
Ludo.
I have not worked with Github and so this answer may not apply at all, but we do use Jenkins and we use both CVS & Subversion for source control.
In our system, we use different username/password combinations for all three (Jenkins, CVS, Subversion), and it has had no adverse effects yet (it has been a year since we deployed Hudson - currently building 50+ projects).
As long as you can get Jenkins to access the repo using your github deploy key, you shouldn't have to change Jenkins to run as django, or create a jenkins user key for github. Personally, I would keep them separate.
Did you try this?
Contact your OS admin team to grant to access to perform few operations on your version control using SUDO access.
OR
run the command using
sudo -H -u <username> command parameters..