def _source(self,
owner: str,
repo: str,
branch: str = 'master',
connection: str = None,
oauth: str = None):
"""[summary]
Args:
owner (str): Github organization/user
repo (str): git repository url name
branch (str): git branch
connection (str): AWS codebuild connection_arn
oauth (str): Github oauth token
"""
artifact = cp.Artifact()
if not connection and not oauth:
raise SystemError("No credentials for Github provided")
checkout = cpa.BitBucketSourceAction(
connection_arn=connection,
action_name="Source-{}".format(branch),
output=artifact,
owner=owner,
repo=repo,
branch=branch,
code_build_clone_output=True)
self.artifacts['sources'].append(artifact)
self.actions['sources'].append(checkout)
self.pipe.add_stage(stage_name='Source@{}'.format(repo),
actions=[checkout])
def __init__(self, scope: core.Construct, id: str, params: dict, **kwargs):
super().__init__(scope, id, **kwargs)
source_artifact = codepipeline.Artifact()
cloud_assembly_artifact = codepipeline.Artifact()
pipeline = pipelines.CdkPipeline(
self,
'CdkPipeline',
cloud_assembly_artifact=cloud_assembly_artifact,
pipeline_name=params['pipeline_name'],
source_action=cpactions.BitBucketSourceAction(
action_name='GithubAction',
output=source_artifact,
connection_arn=params['connection_arn'],
owner=params['github_owner'],
repo=params['github_repo'],
branch=params['github_branch']),
synth_action=pipelines.SimpleSynthAction(
source_artifact=source_artifact,
cloud_assembly_artifact=cloud_assembly_artifact,
role_policy_statements=[
aws_iam.PolicyStatement(
actions=["secretsmanager:GetSecretValue"],
resources=[params['secret_arn']])
],
install_command=
'npm install -g aws-cdk && pip install --upgrade pip && pip install -r requirements.txt',
synth_command="cdk synth -v -c region=%s -c secret_name=%s" %
(params['region'], params['secret_name']),
))
pipeline.add_application_stage(CmnStage(self, 'CMN'))
def __init__(self, pipeline_data: PipelineData):
super().__init__(pipeline_data.scope,
pipeline_data.name,
env=pipeline_data.env)
self.source_artifact = cp.Artifact('Source')
self.cloud_assembly_artifact = cp.Artifact('CloudAs')
self.pipeline = CdkPipeline(
self,
"Pipeline",
self_mutating=True,
cross_account_keys=False,
cloud_assembly_artifact=self.cloud_assembly_artifact,
source_action=cpa.BitBucketSourceAction(
role=iam.LazyRole(
self,
'SourceRole',
assumed_by=iam.AccountPrincipal(self.account),
managed_policies=[
iam.ManagedPolicy.from_aws_managed_policy_name(
'AmazonS3FullAccess')
]),
action_name="Ship",
connection_arn=pipeline_data.github_connection_arn,
owner=pipeline_data.github_owner,
repo=pipeline_data.repo_name,
branch=pipeline_data.repo_branch,
output=self.source_artifact),
synth_action=SimpleSynthAction(
install_commands=pipeline_data.synth_install_commands,
environment=cb.BuildEnvironment(
environment_variables={
env_key: cb.BuildEnvironmentVariable(
value=pipeline_data.build_env[env_key])
for env_key in pipeline_data.build_env
},
build_image=cb.LinuxBuildImage.STANDARD_5_0,
compute_type=cb.ComputeType.SMALL,
privileged=True),
synth_command='cdk synth',
action_name='Synthesize',
cloud_assembly_artifact=self.cloud_assembly_artifact,
source_artifact=self.source_artifact))
pipeline = self.pipeline.node.try_find_child('Pipeline')
build_stage = pipeline.node.try_find_child('Build')
synth_action = build_stage.node.try_find_child('Synthesize')
build_proj = synth_action.node.try_find_child('CdkBuildProject')
cfn_build_project = build_proj.node.default_child
# Need Privileged mode for starting docker
cfn_build_project.add_property_override("Environment.PrivilegedMode",
"true")
# Updating from v4 by default in aws-cdk to v5
cfn_build_project.add_property_override("Environment.Image",
"aws/codebuild/standard:5.0")
# Only clone the last commit. Don't clone the history
cfn_build_project.add_property_override("Source.GitCloneDepth", 1)
self.pipeline.add_application_stage(pipeline_data.app_stage)
def __init__(self, scope: core.Construct, id: str, params: dict, **kwargs):
super().__init__(scope, id, **kwargs)
source_artifact = codepipeline.Artifact()
cloud_assembly_artifact = codepipeline.Artifact()
pipeline = pipelines.CdkPipeline(self, 'datapipeline-demo-cd',
cloud_assembly_artifact=cloud_assembly_artifact,
pipeline_name=params['pipeline_name'],
source_action=cpactions.BitBucketSourceAction(
action_name='GithubAction',
output=source_artifact,
connection_arn=params['connection_arn'],
owner=params['github_owner'],
repo=params['github_repo'],
branch=params['github_branch']
),
synth_action=pipelines.SimpleSynthAction(
source_artifact=source_artifact,
cloud_assembly_artifact=cloud_assembly_artifact,
role_policy_statements=[
aws_iam.PolicyStatement(
actions=["secretsmanager:GetSecretValue"],
resources=[params['secret_arn']]
),
aws_iam.PolicyStatement(
actions=[
"ec2:CreateNetworkInterface",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInternetGateways",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DeleteNetworkInterface",
"ec2:ModifyNetworkInterfaceAttribute"
],
resources=['*']
),
],
install_command='npm install -g aws-cdk && pip install --upgrade pip && pip install -r requirements.txt',
synth_command="cdk synth -v -c region=%s -c secret_name=%s"%(params['region'],params['secret_name']),
)
)
pipeline.add_application_stage(DeploymentStage(self, 'datapipeline-demo'))
def __init__(self, scope: core.Construct, id: str, **kwargs):
super().__init__(scope, id, **kwargs)
param = Parameters.instance()
pipeline_name = param.getParameter('pipeline_name')
connection_arn = param.getParameter('connection_arn')
github_owner = param.getParameter('github_owner')
github_repo = param.getParameter('github_repo')
github_branch = param.getParameter('github_branch')
secret_arn = param.getParameter('secret_arn')
source_artifact = codepipeline.Artifact()
cloud_assembly_artifact = codepipeline.Artifact()
pipeline = pipelines.CdkPipeline(
self,
'CdkPipeline',
cloud_assembly_artifact=cloud_assembly_artifact,
pipeline_name=pipeline_name,
source_action=cpactions.BitBucketSourceAction(
action_name='GithubAction',
output=source_artifact,
connection_arn=connection_arn,
owner=github_owner,
repo=github_repo,
branch=github_branch),
synth_action=pipelines.SimpleSynthAction(
source_artifact=source_artifact,
cloud_assembly_artifact=cloud_assembly_artifact,
role_policy_statements=[
aws_iam.PolicyStatement(
actions=["secretsmanager:GetSecretValue"],
resources=[secret_arn])
],
install_command=
'npm install -g aws-cdk && pip install --upgrade pip && pip install -r requirements.txt',
synth_command=
f"cdk synth -v -c region={AppContext.region} -c secret_name={AppContext.secret_name}",
))
pipeline.add_application_stage(DeployStage(self, 'Deploy'))
def generate_pipeline_stages(codebuild_project, role, beanstalk_application,
beanstalk_environment, codestar_connection):
source_output = codepipeline.Artifact("SourceOutput")
source_stage = codepipeline.StageProps(
stage_name="Source",
actions=[
codepipeline_actions.BitBucketSourceAction(
connection_arn=codestar_connection.attr_connection_arn,
output=source_output,
repo="santos-devops-challenge-tier1",
owner="Jayvee1413",
action_name="Github",
code_build_clone_output=True,
run_order=1),
],
)
codebuild_output = codepipeline.Artifact("CodebuildOutput")
codebuild_stage = codepipeline.StageProps(
stage_name="Build",
actions=[
codepipeline_actions.CodeBuildAction(
input=source_output,
project=codebuild_project,
outputs=[codebuild_output],
action_name="codebuild",
run_order=2,
)
])
deploy_stage = codepipeline.StageProps(
stage_name="Deploy",
actions=[
ElasticBeanStalkDeployAction(
action_name='Deploy',
role=role,
application_name=beanstalk_application.application_name,
input=codebuild_output,
environment_name=beanstalk_environment.environment_name,
run_order=3)
])
return [source_stage, codebuild_stage, deploy_stage]
def __init__(self, scope: core.Construct, construct_id: str, **kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
# The code that defines your stack goes here
pipeline = codepipeline.Pipeline(
self, "Pipeline", artifact_bucket=s3.Bucket(self, "ArtifactBucket")
)
# Define the 'source' stage to be triggered by a webhook on the GitHub
# repo for the code. Don't be fooled by the name, it's just a codestar
# connection in the background. Bitbucket isn't involved.
source_output = codepipeline.Artifact("SourceOutput")
github_source = pipeline_actions.BitBucketSourceAction(
action_name="Github_Source",
connection_arn=core.SecretValue.secrets_manager(
secret_id="folksgl_github_connection_arn", json_field="arn"
).to_string(),
repo="sam-cicd-python-template",
owner="folksgl",
branch="main",
output=source_output,
)
pipeline.add_stage(stage_name="Source", actions=[github_source])
# Define the 'build' stage
build_project = codebuild.PipelineProject(
scope=self,
id="Build",
# Declare the pipeline artifact bucket name as an environment variable
# so the build can send the deployment package to it.
environment_variables={
"PACKAGE_BUCKET": codebuild.BuildEnvironmentVariable(
value=pipeline.artifact_bucket.bucket_name,
type=codebuild.BuildEnvironmentVariableType.PLAINTEXT,
)
},
environment=codebuild.BuildEnvironment(
build_image=codebuild.LinuxBuildImage.STANDARD_3_0
),
)
build_stage_output = codepipeline.Artifact("BuildStageOutput")
build_action = pipeline_actions.CodeBuildAction(
action_name="Build",
project=build_project,
input=source_output,
outputs=[build_stage_output],
)
pipeline.add_stage(stage_name="Build", actions=[build_action])
# Define the 'deploy' stage
stack_name = "gateway-service-python"
change_set_name = f"{stack_name}-changeset"
create_change_set = pipeline_actions.CloudFormationCreateReplaceChangeSetAction(
action_name="CreateChangeSet",
stack_name=stack_name,
change_set_name=change_set_name,
template_path=build_stage_output.at_path("packaged.yaml"),
admin_permissions=True,
run_order=1,
)
execute_change_set = pipeline_actions.CloudFormationExecuteChangeSetAction(
action_name="Deploy",
stack_name=stack_name,
change_set_name=change_set_name,
run_order=2,
)
pipeline.add_stage(
stage_name="DevDeployment", actions=[create_change_set, execute_change_set]
)
def __init__(self, scope: core.Construct, id: str,
shared_context: Dict[str, str], **kwargs) -> None:
super().__init__(scope, id, **kwargs)
self.pipeline_id = f'{id}-cicd-stack'
artifact_bucket = s3.Bucket(
scope=self,
id=f'{id}-artifacts-bucket',
removal_policy=core.RemovalPolicy.DELETE,
auto_delete_objects=True,
encryption=s3.BucketEncryption.KMS_MANAGED,
versioned=False,
lifecycle_rules=[LifecycleRule(expiration=core.Duration.days(2))])
classifier_pipeline = pipeline.Pipeline(
scope=self,
id=f'{id}-pipeline',
artifact_bucket=artifact_bucket,
pipeline_name=self.pipeline_id,
restart_execution_on_update=True,
)
source_output = pipeline.Artifact()
classifier_pipeline.add_stage(
stage_name='GithubSources',
actions=[
actions.BitBucketSourceAction(
connection_arn=shared_context['github_connection_arn'],
owner=shared_context['github_owner'],
repo=shared_context['github_repo'],
action_name='SourceCodeRepo',
branch='master',
output=source_output,
)
])
self.ecr_repository = ecr.Repository(scope=self, id=f'{id}-ecr-repo')
self.ecr_repository.add_lifecycle_rule(
max_image_age=core.Duration.days(7))
build_project = build.PipelineProject(
scope=self,
id=f'{id}-build-project',
project_name=f'ClassifierBuildProject',
description=f'Build project for the classifier',
environment=build.BuildEnvironment(
build_image=build.LinuxBuildImage.STANDARD_3_0,
privileged=True,
compute_type=build.ComputeType.MEDIUM),
environment_variables={
'REPOSITORY_URI':
build.BuildEnvironmentVariable(
value=self.ecr_repository.repository_uri),
},
timeout=core.Duration.minutes(15),
cache=build.Cache.bucket(artifact_bucket,
prefix=f'codebuild-cache'),
build_spec=build.BuildSpec.from_source_filename('buildspec.yml'),
)
build_project.add_to_role_policy(
iam.PolicyStatement(actions=[
'codebuild:CreateReportGroup', 'codebuild:CreateReport',
'codebuild:BatchPutTestCases', 'codebuild:UpdateReport',
'codebuild:StartBuild'
],
resources=['*']))
self.ecr_repository.grant_pull_push(build_project)
build_output = pipeline.Artifact()
classifier_pipeline.add_stage(
stage_name='BuildStage',
actions=[
actions.CodeBuildAction(action_name='CodeBuildProjectAction',
input=source_output,
outputs=[build_output],
project=build_project,
type=actions.CodeBuildActionType.BUILD,
run_order=1)
])
def __init__(self, scope: core.Construct, id: str, *, artifact_bucket_name: str, **kwargs) -> None:
"""Define the resources for the CodePipeline.
:param scope: the parent construct
:param id: the logical id
:param artifact_bucket_name: the bucket name for artifacts passed between code pipeline
"""
super().__init__(scope, id, **kwargs)
stack = core.Stack.of(self)
account_id = stack.account
region = stack.region
repo_name = 'clin-msi'
# build projects
environment = cb.BuildEnvironment(build_image=cb.LinuxBuildImage.STANDARD_4_0)
self._pytest_project = cb.PipelineProject(self, 'UnitTest',
project_name=f"{repo_name}-unittest",
build_spec=cb.BuildSpec.from_object(buildspec_pytest),
environment=environment)
self._publish_project = cb.PipelineProject(self, 'Publish',
project_name=f"{repo_name}-publish",
build_spec=cb.BuildSpec.from_object(buildspec_publish),
environment=environment)
self._publish_project.add_to_role_policy(
iam.PolicyStatement(
effect=iam.Effect.ALLOW,
actions=["ssm:GetParameters"],
resources=[
f"arn:aws:ssm:{region}:{account_id}:parameter/ClinMsi/PyPI/Credentials/Username",
f"arn:aws:ssm:{region}:{account_id}:parameter/ClinMsi/PyPI/Credentials/Password"
]
))
# actions
source_output = cp.Artifact()
source_action = actions.BitBucketSourceAction(
action_name='GitHub',
connection_arn=f"arn:aws:codestar-connections:{region}:{account_id}:connection/a859d7f0-0bf3-48f5-bce1-492c9bc08bef",
output=source_output,
code_build_clone_output=True,
owner="nch-igm",
repo=repo_name,
branch="master")
unittest_action = actions.CodeBuildAction(action_name='UnittestAction', input=source_output, project=self._pytest_project)
publish_action = actions.CodeBuildAction(action_name='PyPIPublishAction', input=source_output, project=self._publish_project)
manual_approval = actions.ManualApprovalAction(action_name='ApproveToPublish')
# initialize pipeline
self._artifact_bucket = s3.Bucket.from_bucket_name(self, 'Bucket', artifact_bucket_name)
self._pipeline = cp.Pipeline(
self, 'CodePipeline',
pipeline_name=repo_name,
artifact_bucket=self._artifact_bucket)
self._pipeline.add_to_role_policy(
iam.PolicyStatement(
effect=iam.Effect.ALLOW,
actions=['codebuild:StartBuild', 'kms:PutKeyPolicy'],
resources=[
self._pytest_project.project_arn,
self._publish_project.project_arn,
self._pipeline.artifact_bucket.bucket_arn
]))
self._pipeline.add_stage(stage_name="Source", actions=[source_action])
self._pipeline.add_stage(stage_name="UnitTest", actions=[unittest_action])
self._pipeline.add_stage(stage_name="ManualApprovalForPublish", actions=[manual_approval])
self._pipeline.add_stage(stage_name="Publish", actions=[publish_action])
