# Create a build project
prebuild_project = codebuild.Project(
resource_name="sample",
name="sample",
build_timeout=30, # In minutes
artifacts={
"type": "NO_ARTIFACTS",
},
environment={
"computeType": "BUILD_GENERAL1_SMALL",
"image": "aws/codebuild/amazonlinux2-x86_64-standard:3.0",
"imagePullCredentialsType": "CODEBUILD",
"type": "LINUX_CONTAINER",
"privilegedMode": True, # Required to use docker
},
service_role=cicd_role.arn,
source={
"gitCloneDepth": 1,
"gitSubmodulesConfig": {
"fetchSubmodules": True,
},
"location": repo_url,
"buildspec": "build.yml",
"type": "GITHUB",
"report_build_status": True,
"auth": {
"type": "OAUTH",
"resource": source_credentials.arn,
},
},
)
def __init__(
self,
name,
vpc_environment: VPC,
efs_environment: EFS,
github_repo_name: Input[str],
github_version_name: Input[str] = None,
opts=None,
):
super().__init__("nuage:aws:DevelopmentEnvironment:CodeBuild",
f"{name}CodebuildEnvironment", None, opts)
# TODO pass this in - with a default?
def get_codebuild_serice_role_policy():
return {
"Version": "2012-10-17",
"Statement": [{
"Action": "*",
"Effect": "Allow",
"Resource": "*"
}]
}
account_id = get_caller_identity().account_id
#TODO add random chars on the end of default name to prevent conflicts
project_name = f"{name}BuildDeploy"
pulumi_token_param = ssm.Parameter(f"{name}PulumiAccessToken",
type="SecureString",
value="none")
codebuild_vpc_policy = iam.Policy(
f"{name}CodeBuildVpcPolicy",
policy=get_codebuild_vpc_policy(
account_id,
vpc_environment.private_subnet.id).apply(json.dumps))
codebuild_base_policy = iam.Policy(f"{name}CodeBuildBasePolicy",
policy=json.dumps(
get_codebuild_base_policy(
account_id, project_name)))
codebuild_service_role_policy = iam.Policy(
f"{name}CodeBuildServiceRolePolicy",
policy=json.dumps(get_codebuild_serice_role_policy()))
codebuild_service_role = iam.Role(f"{name}CodeBuildRole",
assume_role_policy="""{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "codebuild.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}""")
codebuild_vpn_policy_attach = iam.PolicyAttachment(
f"{name}CodeBuildVpnAttachment",
policy_arn=codebuild_vpc_policy.arn,
roles=[codebuild_service_role.name])
codebuild_base_policy_attach = iam.PolicyAttachment(
f"{name}CodeBuildBaseAttachment",
policy_arn=codebuild_base_policy.arn,
roles=[codebuild_service_role.name])
codebuild_service_role_policy_attach = iam.PolicyAttachment(
f"{name}CodeBuildServiceRoleAttachment",
policy_arn=codebuild_service_role_policy.arn,
roles=[codebuild_service_role.name])
codebuild_project = codebuild.Project(
f"{name}CodeBuildProject",
description="Builds and deploys the stack",
name=project_name,
vpc_config={
"vpc_id": vpc_environment.vpc.id,
"subnets": [vpc_environment.private_subnet],
"security_group_ids": [vpc_environment.security_group.id]
},
source={
"type": "GITHUB",
"location": github_repo_name
},
source_version=github_version_name,
artifacts={"type": "NO_ARTIFACTS"},
environment={
"image":
"aws/codebuild/amazonlinux2-x86_64-standard:2.0",
"privileged_mode":
True,
"type":
"LINUX_CONTAINER",
"compute_type":
"BUILD_GENERAL1_SMALL",
"environment_variables": [{
"name": "PULUMI_ACCESS_TOKEN",
"type": "PARAMETER_STORE",
"value": pulumi_token_param.name
}, {
"name":
"FILESYSTEM_ID",
"type":
"PLAINTEXT",
"value":
efs_environment.file_system_id
}]
},
service_role=codebuild_service_role.arn,
opts=ResourceOptions(depends_on=[vpc_environment]))
outputs = {"pulumi_token_param_name": pulumi_token_param.name}
self.set_outputs(outputs)