def __init__(self, scope: core.Construct, id: str, landing_zone: ILandingZone, **kwargs) -> None: super().__init__(scope, id, **kwargs) self.pipeline = pipe.Pipeline(self, 'Pipeline', pipeline_name='{}-Rtsp-Connector'.format( landing_zone.zone_name)) github_init_artifact = pipe.Artifact( artifact_name='github-init-artifact') self.pipeline.add_stage( stage_name='Build-Commit', actions=[ actions.GitHubSourceAction( action_name='Init-from-GitHub', owner='dr-natetorious', repo='aws-homenet', # Note: The secret must be: # 1. formated non-json using the literal value from github.com/settings/tokens # e.g., 1837422b*****26d31c # 2. referencing a token that includes scopes notifications, repo, workflow oauth_token=core.SecretValue.secrets_manager( 'GithubAccessToken'), output=github_init_artifact) ]) self.build_stage = self.pipeline.add_stage(stage_name='Build')
def CdkDeploySimplePipeline(self, name: str, repo, branch: str, src: str, output): cdk_deploy = self.CdkDeployProject(f"{name}-CDKDeploy", stage=branch) cdk_deploy.role.add_to_policy( iam.PolicyStatement(effect=iam.Effect.ALLOW, resources=["*"], actions=["CloudFormation:*", "ec2:*", "s3:*"])) return codepipeline.Pipeline( self, name, stages=[ codepipeline.StageProps( stage_name="Source", actions=[ codepipeline_actions.CodeCommitSourceAction( action_name="CodeCommit_Source", repository=repo, branch=branch, output=src) ]), codepipeline.StageProps( stage_name="Deploy", actions=[ codepipeline_actions.CodeBuildAction( action_name="CdkDeploy", project=cdk_deploy, input=src, outputs=[output]) ]), ])
def __init__(self, scope: core.Construct, id: str, *, repo_name: str = None, bucket, **kwargs) -> None: super().__init__(scope, id, **kwargs) github_secret_personal_site = sm.Secret(self, 'github_secret_personal_site', description=f'{__name__} secret for github', \ secret_name='github_secret_personal_site') personal_site_pipeline = codepipeline.Pipeline( self, "Pipeline", pipeline_name="personal_site_github") source_output = codepipeline.Artifact() source_action = codepipeline_actions.GitHubSourceAction( action_name="GitHub_Source", owner=repo_name.split('/')[0], repo=repo_name.split('/')[1], oauth_token=core.SecretValue.secrets_manager( "github_secret_personal_site"), output=source_output, branch="master") deploy_action = codepipeline_actions.S3DeployAction( action_name="S3Deploy", bucket=bucket, input=source_output) #Add the stages defined above to the pipeline personal_site_pipeline.add_stage(stage_name="Source", actions=[source_action]) personal_site_pipeline.add_stage(stage_name="Deploy", actions=[deploy_action])
def __init__(self, scope: core.Construct, id: str, repo: codecommit.Repository, **kwargs) -> None: super().__init__(scope, id, **kwargs) #---------- CodePipeline ----------# artifactBucket = s3.Bucket(self, 'PipelineBucket', bucket_name="bucket-name") pipeline = codepipeline.Pipeline( self, "CodePipeline", artifact_bucket=s3.Bucket.from_bucket_attributes( self, 'ImportedBucket', bucket_name="bucket-name")) source_output = codepipeline.Artifact() source_action = codepipeline_actions.CodeCommitSourceAction( action_name="Source", repository=repo, output=source_output) pipeline.add_stage(stage_name="Source", actions=[source_action]) #---------- Deploy ----------# deploy_application = codedeploy.ServerApplication( self, "CodeDeployApplication", application_name="application-name") deployment_group = codedeploy.ServerDeploymentGroup( self, "DeploymentGroup", application=deploy_application, ) deploy_action = codepipeline_actions.CodeDeployServerDeployAction( action_name="deploy", input=source_output, deployment_group=deployment_group) pipeline.add_stage(stage_name="Deploy", actions=[deploy_action])
def __init__(self, scope: core.Stack, id: str, **kwargs): super().__init__(scope, id, **kwargs) # create a pipeline self.pipeline = codepipeline.Pipeline(self, "Pipeline", pipeline_name='API_Gateway') # add a source stage self.source_stage = self.pipeline.add_stage(stage_name="Source") self.source_artifact = codepipeline.Artifact() # codebuild projects self.codebuild_validate = CodeBuildProjects( self, "CodebuildValidate", buildspec='buildspec-diff.yml') self.codebuild_deploy = CodeBuildProjects(self, "CodebuildDeploy", buildspec='buildspec.yml') # add source action self.source_stage.add_action( codepipeline_actions.GitHubSourceAction( oauth_token=core.SecretValue.secrets_manager( secret_id='prod/github_oauth_token', json_field='github_oauth_token'), output=self.source_artifact, owner=config['CODEPIPELINE']['GITHUB_OWNER'], repo=config['CODEPIPELINE']['GITHUB_REPO'], branch=config['CODEPIPELINE']['GITHUB_BRANCH'], action_name='Pull_Source', run_order=1, )) # add validate stage self.validate_stage = self.pipeline.add_stage(stage_name='Validate') # add validate codebuild action self.validate_stage.add_action( codepipeline_actions.CodeBuildAction( input=self.source_artifact, project=self.codebuild_validate.project, action_name='Validate_Changes')) # add approval stage self.approval_stage = self.pipeline.add_stage(stage_name='Approval') # simple approval stage to continue build after manual validation complete self.approval_stage.add_action( codepipeline_actions.ManualApprovalAction(action_name='Approval')) # add deploy stage self.deploy_stage = self.pipeline.add_stage(stage_name='Deploy') # add deploy codebuild action self.deploy_stage.add_action( codepipeline_actions.CodeBuildAction( input=self.source_artifact, project=self.codebuild_deploy.project, action_name='Deploy_Changes'))
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) blue_env = self.node.try_get_context("blue_env") green_env = self.node.try_get_context("green_env") app_name = self.node.try_get_context("app_name") bucket = s3.Bucket( self, 'BlueGreenBucket', # The default removal policy is RETAIN, which means that cdk # destroy will not attempt to delete the new bucket, and it will # remain in your account until manually deleted. By setting the # policy to DESTROY, cdk destroy will attempt to delete the bucket, # but will error if the bucket is not empty. removal_policy=core.RemovalPolicy.DESTROY # NOT recommended for production code ) handler = lmbda.Function(self, 'BlueGreenLambda', runtime=lmbda.Runtime.PYTHON_3_6, code=lmbda.Code.asset('resources'), handler='blue_green.lambda_handler', environment={'BUCKET': bucket.bucket_name}) bucket.grant_read_write(handler) repo = cc.Repository( self, 'Repository', repository_name='MyRepositoryName', ) pipeline = cp.Pipeline(self, 'MyFirstPipeline') source_stage = pipeline.add_stage(stage_name='Source') source_artifact = cp.Artifact('Source') source_action = cpactions.CodeCommitSourceAction( action_name='CodeCommit', repository=repo, output=source_artifact) source_stage.add_action(source_action) deploy_stage = pipeline.add_stage(stage_name='Deploy') lambda_action = cpactions.LambdaInvokeAction( action_name='InvokeAction', lambda_=handler, user_parameters={ 'blueEnvironment': blue_env, 'greenEnvironment': green_env, 'application': app_name }, inputs=[source_artifact]) deploy_stage.add_action(lambda_action)
def create_pipeline(self, pipeline_id, pipeline_name, artifact_bucket, pipeline_role): test_pipeline = pipeline.Pipeline( self, id=pipeline_id, pipeline_name=pipeline_name, artifact_bucket=artifact_bucket, role=pipeline_role ) return test_pipeline
def __init__(self, scope: core.Stack, id: str, **kwargs): super().__init__(scope, id, **kwargs) # create an iam role to be assumed later by codebuild self.role = iam.Role( self, "CodeBuildRole", assumed_by=iam.CompositePrincipal( iam.ServicePrincipal('codebuild.amazonaws.com'), iam.ServicePrincipal('ec2.amazonaws.com'))) # TODO: Don't need admin, let's make this least privilege self.role.add_to_policy( iam.PolicyStatement( actions=['*'], resources=['*'], )) # create a pipeline self.pipeline = codepipeline.Pipeline(self, "Pipeline", pipeline_name='EKS') # add a source stage self.source_stage = self.pipeline.add_stage(stage_name="Source") self.source_artifact = codepipeline.Artifact() # codebuild projects self.codebuild_deploy = CodeBuildProjects(self, "CodebuildDeploy", buildspec='buildspec.yml', codepipelinerole=self.role) # add source action self.source_stage.add_action( codepipeline_actions.GitHubSourceAction( oauth_token=core.SecretValue.secrets_manager( secret_id='prod/github_oauth_token', json_field='github_oauth_token'), output=self.source_artifact, owner=config['CODEPIPELINE']['GITHUB_OWNER'], repo=config['CODEPIPELINE']['GITHUB_REPO'], action_name='Pull_Source', run_order=1, )) # add deploy stage self.deploy_stage = self.pipeline.add_stage(stage_name='Deploy') # add deploy codebuild action self.deploy_stage.add_action( codepipeline_actions.CodeBuildAction( input=self.source_artifact, project=self.codebuild_deploy.project, action_name='Deploy_EKS_Cluster'))
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) # Pipeline to connect to sample repo # Pull code and build a docker image pipeline = codepipeline.Pipeline( self, id="pipeline", pipeline_name="demo_pipeline", restart_execution_on_update=True, )
def __init__(self, scope: core.Stack, id: str, **kwargs): super().__init__(scope, id, **kwargs) # create a pipeline self.pipeline = codepipeline.Pipeline(self, "Pipeline", pipeline_name='Service_API') # add a source stage self.source_stage = self.pipeline.add_stage(stage_name="Source") self.source_artifact = codepipeline.Artifact() # codebuild projects self.codebuild_deploy_swagger = CodeBuildProjects( self, "CodebuildSwagger", buildspec='buildspec-swagger.yml') self.codebuild_deploy_ecr = CodeBuildProjects( self, "CodebuildDocker", buildspec='buildspec-docker.yml') # add source action self.source_stage.add_action( codepipeline_actions.GitHubSourceAction( oauth_token=core.SecretValue.secrets_manager( secret_id='prod/github_oauth_token', json_field='github_oauth_token'), output=self.source_artifact, owner=config['CODEPIPELINE']['GITHUB_OWNER'], repo=config['CODEPIPELINE']['GITHUB_REPO'], branch=config['CODEPIPELINE']['GITHUB_BRANCH'], action_name='Pull_Source', run_order=1, )) # add build/test stage self.deploy_stage = self.pipeline.add_stage( stage_name='Test_and_Build') # add build/test codebuild action self.deploy_stage.add_action( codepipeline_actions.CodeBuildAction( input=self.source_artifact, project=self.codebuild_deploy_ecr.project, action_name='Test_and_Build')) # add deploy stage self.deploy_stage = self.pipeline.add_stage( stage_name='API_Deployment') # add deploy codebuild action self.deploy_stage.add_action( codepipeline_actions.CodeBuildAction( input=self.source_artifact, project=self.codebuild_deploy_swagger.project, action_name='API_Deployment'))
def _create_pipeline(self) -> Resource: """ Create CodePipeline for training. """ self.pipeline = codepipeline.Pipeline(self, "Pipeline") self._create_source() self._create_train_step() self._create_stepfunctions_step() self._create_set_experiment_info_env_step() self._create_manual_approve_step() self._create_post_process_step()
def __init__(self, app: core.App, id: str, props, **kwargs) -> None: super().__init__(app, id, **kwargs) # define the s3 artifact source_output = aws_codepipeline.Artifact(artifact_name='source') # define the pipeline pipeline = aws_codepipeline.Pipeline( self, "Pipeline", pipeline_name=f"{props['namespace']}", artifact_bucket=props['bucket'], stages=[ aws_codepipeline.StageProps( stage_name='Source', actions=[ aws_codepipeline_actions.S3SourceAction( bucket=props['bucket'], bucket_key='source.zip', action_name='S3Source', run_order=1, output=source_output, trigger=aws_codepipeline_actions.S3Trigger.POLL), ]), aws_codepipeline.StageProps( stage_name='Build', actions=[ aws_codepipeline_actions.CodeBuildAction( action_name='DockerBuildImages', input=source_output, project=props['cb_docker_build'], run_order=1, ) ]) ]) # give pipelinerole read write to the bucket props['bucket'].grant_read_write(pipeline.role) #pipeline param to get the pipeline_param = aws_ssm.StringParameter( self, "PPipeline", parameter_name=f"{props['namespace']}-pipeline", string_value=pipeline.pipeline_name, description='IoT playground pipeline bucket') # cfn output core.CfnOutput(self, "PipelineOut", description="Pipeline", value=pipeline.pipeline_name)
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) # Create IAM Role For CodeBuild codebuild_role = iam.Role( self, "BuildRole", assumed_by=iam.ServicePrincipal("codebuild.amazonaws.com"), managed_policies=[ iam.ManagedPolicy.from_aws_managed_policy_name( "AdministratorAccess") ]) # Create CodeBuild PipelineProject build_project = codebuild.PipelineProject( self, "BuildProject", role=codebuild_role, build_spec=codebuild.BuildSpec.from_source_filename( "aws-app-resources/buildspec.yml")) # Create CodePipeline pipeline = codepipeline.Pipeline(self, "Pipeline") # Create Artifact artifact = codepipeline.Artifact() # Add Source Stage pipeline.add_stage( stage_name="Source", actions=[ codepipeline_actions.GitHubSourceAction( action_name="SourceCodeRepo", owner="jasonumiker", repo="k8s-plus-aws-gitops", output=artifact, oauth_token=core.SecretValue.secrets_manager( 'github-token')) ]) # Add CodeBuild Stage pipeline.add_stage( stage_name="Deploy", actions=[ codepipeline_actions.CodeBuildAction( action_name="CodeBuildProject", project=build_project, type=codepipeline_actions.CodeBuildActionType.BUILD, input=artifact) ])
def __init__(self, scope: core.Construct, id: str, code_commit_repo: str, default_branch: str = 'mainline', **kwargs) -> None: super().__init__(scope, id, **kwargs) code = codecommit.Repository.from_repository_name( self, "codecommitrepo", code_commit_repo) # Cloudformation permission for project builds # right now setting admin permission on policy # modify this to load custom policy per pipeline from policy statement document # iam_cfn_admin_json = Policies.get_iam_cfn_admin_access_policy() policy_statement = iam.PolicyStatement() policy_statement.add_actions("*") policy_statement.add_resources("*") policy_statement.effect = iam.Effect.ALLOW serverless_build = codebuild.PipelineProject(self, "buildpipeline") # add cfn iam statements to build project serverless_build.add_to_role_policy(policy_statement) build_output = codepipeline.Artifact("BuildOutput") codepipeline.Pipeline( self, "imageBuilderDeploymentPipeline", pipeline_name="ImageBuilderDeploymentPipeline", stages=[ codepipeline.StageProps( stage_name="Source", actions=[ codepipeline_actions.CodeCommitSourceAction( action_name="SourceCode", branch=default_branch, repository=code, output=build_output) ]), codepipeline.StageProps( stage_name="Deploy", actions=[ codepipeline_actions.CodeBuildAction( action_name="CodeDeploy", project=serverless_build, input=build_output) ]) ])
def __init__(self, scope: core.Construct, id: str, bucket: s3.Bucket, **kwargs) -> None: super().__init__(scope, id, **kwargs) branch = id.split('-')[-1] self.pipeline = codepipeline.Pipeline( self, 'wiki-Pipeline-'+branch, pipeline_name='wiki-Pipeline-'+branch, artifact_bucket=bucket ) self.pipeline.add_to_role_policy( iam.PolicyStatement( actions=["s3:GetObject", "s3:GetObjectVersion", "s3:GetBucketVersioning", "s3:PutObject"], resources=[ "arn:aws:s3:::{}".format(os.environ['S3_BUCKET_NAME']), "arn:aws:s3:::{}/*".format(os.environ['S3_BUCKET_NAME']) ] ) ) self.pipeline.add_to_role_policy( iam.PolicyStatement( actions=[ "cloudformation:CreateStack", "cloudformation:DeleteStack", "cloudformation:DescribeStacks", "cloudformation:UpdateStack", "cloudformation:CreateChangeSet", "cloudformation:DeleteChangeSet", "cloudformation:DescribeChangeSet", "cloudformation:ExecuteChangeSet", "cloudformation:SetStackPolicy", "cloudformation:ValidateTemplate", "iam:PassRole" ], resources=['*'] ) ) self.pipeline.add_to_role_policy( iam.PolicyStatement( actions=["codebuild:BatchGetBuilds", "codebuild:StartBuild"], resources=['*'] ) ) self.pipeline.add_to_role_policy( iam.PolicyStatement( actions=[ "lambda:GetPolicy", "lambda:ListEventSourceMappings", "lambda:ListFunctions", "lambda:InvokeFunction", "lambda:GetEventSourceMapping", "lambda:GetFunction", "lambda:ListAliases", "lambda:GetAlias", "lambda:ListTags", "lambda:ListVersionsByFunction", "lambda:GetAccountSettings", "lambda:GetFunctionConfiguration" ], resources=['*'] ) )
def setup_api_pipeline(self): """Setup the build pipeline for API. Using codepipeline to create a Pipeline with 3 steps * Source: CodeCommitSourceAction * Build: CodeBuildActioin * Deploy: EcsDeployAction: deploy to ECS service Returns ------- aws_codepipeline.Pipeline """ source_output = cp.Artifact() build_output = cp.Artifact(self.config.build_output) return cp.Pipeline( self, 'ApiPipeline', pipeline_name=self.config.api.pipeline, stages=[ cp.StageProps(stage_name='Source', actions=[ cp_actions.CodeCommitSourceAction( action_name='Source', repository=self.api_source, branch='master', output=source_output, ) ]), cp.StageProps(stage_name='Build', actions=[ cp_actions.CodeBuildAction( action_name='Build', project=self.api_build_project, input=source_output, outputs=[build_output]) ]), cp.StageProps( stage_name='Deploy', actions=[ cp_actions.EcsDeployAction( action_name='Deploy', service=self.service.service, input=build_output, # image_file=build_output.at_path('imagedefinitions.json') ) ]) ])
def setup_web_pipeline(self): """Setup the build pipeline. Using codepipeline to create a Web Pipeline with 3 stages: * Source: CodeCommitSourceAction * Build : CodeBuildActioin * Deploy: S3DeployAction Returns ------- aws_codepipeline.Pipeline """ source_output = cp.Artifact() build_output = cp.Artifact(self.config.web.build_output) return cp.Pipeline( self, 'WebPipeline', pipeline_name=self.config.web.pipeline, stages=[ cp.StageProps(stage_name='Source', actions=[ cp_actions.CodeCommitSourceAction( action_name='Source', repository=self.web_source, branch='master', output=source_output, ) ]), cp.StageProps(stage_name='Build', actions=[ cp_actions.CodeBuildAction( action_name='Build', project=self.web_build_project, input=source_output, outputs=[build_output]) ]), cp.StageProps( stage_name='Deploy', actions=[ cp_actions.S3DeployAction( action_name='Deploy', bucket=self.web_bucket, input=build_output, access_control=s3.BucketAccessControl.PUBLIC_READ) ]) ])
def _create_pipeline(self) -> codepipeline.Pipeline: """ Define and apply the specifications on how the deployment process will go. """ source_output = codepipeline.Artifact() build_output = codepipeline.Artifact() return codepipeline.Pipeline( self, 'Pipeline', stages=[ self._create_source_stage('Source', source_output), self._create_image_build_stage('Build', source_output, build_output), self._create_deploy_stage('Deploy', build_output) ])
def __init__(self, scope: core.Construct, id: str, asg, **kwargs) -> None: super().__init__(scope, id, **kwargs) #Set up CodeDeploy codedeploy_application = codedeploy.ServerApplication( self, "CodeDeployApp", application_name="JangoMartLoyaltyApp") deploymentgroup = codedeploy.ServerDeploymentGroup( self, "CodeDeployDeploymentGroup", application=codedeploy_application, auto_scaling_groups=[asg], deployment_group_name="JangoMartASG", #role="CodeDeployServiceRole", # <-- syntax error here deployment_config=codedeploy.ServerDeploymentConfig.ALL_AT_ONCE) #Create the pipeline pipeline = codepipeline.Pipeline( self, "CodePipeline", pipeline_name="JangoMartPipeline", #role="CodePipeline-Service-Role" # <-- syntax error here ) source_output = codepipeline.Artifact() #Set up Source stage source_action = codepipeline_actions.GitHubSourceAction( action_name="GitHub_Source", owner="brianfdevore", repo="jangomart-cl", oauth_token=core.SecretValue.secrets_manager("my-github-token"), #oauth_token=secretsmanager.Secret.from_secret_attributes(self, "ImportedSecret", secret_arn="arn:aws:secretsmanager:us-east-1:446451421466:secret:GitHub_JangoMart_Repo_Access_Token-t3S4dj"), output=source_output, branch="master", trigger=codepipeline_actions.GitHubTrigger.POLL) #Set up Deploy stage deploy_action = codepipeline_actions.CodeDeployServerDeployAction( action_name="CodeDeploy", input=source_output, deployment_group=deploymentgroup) #Add the stages defined above to the pipeline pipeline.add_stage(stage_name="Source", actions=[source_action]) pipeline.add_stage(stage_name="Deploy", actions=[deploy_action])
def generate_pipeline(scope, bucket, role, codebuild_project, beanstalk_application, beanstalk_environment, codestar_connection): pipeline = codepipeline.Pipeline( scope=scope, id="JVSANTOSCodePipelineTier1", artifact_bucket=bucket, pipeline_name="jvsantos-pipeline-tier1", role=role, stages=generate_pipeline_stages( codebuild_project=codebuild_project, role=role, beanstalk_application=beanstalk_application, beanstalk_environment=beanstalk_environment, codestar_connection=codestar_connection)) # pipeline. return pipeline
def __init__(self, app: core.App, id: str, props, repo_name: str=None, **kwargs) -> None: super().__init__(app, id, **kwargs) source_output = aws_codepipeline.Artifact(artifact_name='source') code = aws_codecommit.Repository.from_repository_name(self, "ImportedRepo", repo_name) codepipeline = aws_codepipeline.Pipeline(self, "CodePipeline", pipeline_name="flask-pipeline", artifact_bucket=props['bucket'], stages=[ aws_codepipeline.StageProps( stage_name='Source', actions=[ aws_codepipeline_actions.CodeCommitSourceAction( action_name="CodeCommit", repository=code, output=source_output, run_order=1, ), ] ), aws_codepipeline.StageProps( stage_name='Build', actions=[ aws_codepipeline_actions.CodeBuildAction( action_name='DockerBuildImages', input=source_output, project=props['ecr_build'], run_order=1, ) ] ), aws_codepipeline.StageProps( stage_name='Build2', actions=[ aws_codepipeline_actions.CodeBuildAction( action_name='ECSBuild', input=source_output, project=props['ecs_build'], run_order=1, ) ] ) ] )
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) # The code that defines your stack goes here for stage in ["prd", "dev"] : target_function = self.create_function(stage) project = self.create_project(target_function, stage) source_output = codepipeline.Artifact(self.create_name(stage)); branch = "master" if stage == "prd" else "develop" codepipeline.Pipeline(self, self.create_id("Pipeline", stage), pipeline_name=self.create_name(stage), stages=[ codepipeline.StageProps( stage_name="Source", actions=[self.create_source_action(branch, source_output)]), codepipeline.StageProps( stage_name="Build", actions=[self.create_build_action(project, source_output)]) ])
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) try: with open('../.secrets/github_token.txt') as f: github_token = f.read() except FileNotFoundError: print( "Create ../.secrets/github_token.txt and put the token which you create in the github interface into it." ) source_output = aws_codepipeline.Artifact(artifact_name='source') ecr, cb_docker_build = self._get_build_project() pipeline = aws_codepipeline.Pipeline( self, "Pipeline", pipeline_name="cdk-pipeline", stages=[ aws_codepipeline.StageProps( stage_name='Source', actions=[ aws_codepipeline_actions.GitHubSourceAction( output=source_output, action_name="Source", oauth_token=core.SecretValue(github_token), owner='arron1993', repo="arronmoore.com", branch="develop") ]), aws_codepipeline.StageProps( stage_name='Build', actions=[ aws_codepipeline_actions.CodeBuildAction( action_name='DockerBuildImages', input=source_output, project=cb_docker_build, run_order=1, ) ]) ])
def __init__(self, scope, id, github_config: dict, project_config: dict = dict()): super().__init__(scope, id) self.bucket = s3.Bucket(self, 'bucket', removal_policy=core.RemovalPolicy.RETAIN, encryption=s3.BucketEncryption.KMS_MANAGED, versioned=True) self.pipe = cp.Pipeline(self, 'pipe', cross_account_keys=True, pipeline_name=id + '-pipe') self._source(**github_config) self._project(**project_config) self._build(self.artifacts['sources'][0], self.artifacts['build_extras'])
def setup_cicd(scope: core.Construct, id: str, pipelines: Pipelines) -> None: for pipeline_def in pipelines: pipeline = aws_codepipeline.Pipeline( scope, generate_logical_id(pipeline_def["name"]), pipeline_name=pipeline_def["name"], restart_execution_on_update=True, ) for stage_def in pipeline_def["stages"]: stage = pipeline.add_stage(stage_name=stage_def["name"]) for action_def in stage_def["actions"]: action_id = generate_logical_id(pipeline_def["name"], stage_def["name"], action_def["name"]) action = create_action(scope, action_id, action_def) stage.add_action(action) provide_access_to_artifacts(scope, pipeline_def=pipeline_def, artifact_bucket=pipeline.artifact_bucket)
def create_codepipeline(self, build_project, source_bucket, artifact_bucket): # アーティファクト取得 source_output=_cp.Artifact(artifact_name='SourceArtifact') source_build_output=_cp.Artifact(artifact_name='BuildArtifact') # コードパイプライン作成 pipeline=_cp.Pipeline( self, 'Pipeline', pipeline_name='DEMO-PIPELINE', artifact_bucket=artifact_bucket, stages=[ # Source create_source_stage(self, source_output, source_bucket), # Build create_build_stage(self, source_output, build_project), # # Approval # create_approval_stage(self), # Deploy create_deploy_stage(self, source_build_output), ] )
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) pipeline = codepipeline.Pipeline( self, "CodePipeline", pipeline_name="CDKPipelineTest" ) token = core.SecretValue.secrets_manager("arn:aws:secretsmanager:ap-northeast-1:821383200340:secret:GitHubKey-LPPj2Z") sourceoutput = codepipeline.Artifact() sourceaction = actions.GitHubSourceAction( oauth_token=token, output=sourceoutput, owner="haimila", branch="master", repo="cfpipeline", action_name="SourceAction" ) iam_capabilities = core.CfnCapabilities.NAMED_IAM templatepath = codepipeline.ArtifactPath(sourceoutput, "cfpipeline.yml") deployaction = actions.CloudFormationCreateUpdateStackAction( admin_permissions=True, stack_name="CdkPipelineStack", template_path=templatepath, replace_on_failure=True, action_name="DeployAction", capabilities=[iam_capabilities] ) sourcestage = pipeline.add_stage( stage_name="Source", actions=[sourceaction] ) pipeline.add_stage( stage_name="Deploy", actions=[deployaction], placement={"just_after": sourcestage} )
def __init__(self, scope: core.Construct, id: str, frontendBucket, **kwargs): super().__init__(scope, id, **kwargs) prj_name = self.node.try_get_context('project_name') env_name = self.node.try_get_context('env') webhosting_buket = s3.Bucket.from_bucket_name( self, 'webhostingbucket-id', bucket_name=frontendBucket) cdn_id = ssm.StringParameter.from_string_parameter_name( self, 'cdn_id', string_parameter_name=f'/{env_name}/cdn-id') source_repo = ccm.Repository.from_repository_name( self, 'repository-id', repository_name='cdk_app_frontend') artifact_bucket = s3.Bucket( self, 'artifactbucket', encryption=s3.BucketEncryption.S3_MANAGED, access_control=s3.BucketAccessControl.BUCKET_OWNER_FULL_CONTROL) pipeline = cp.Pipeline( self, 'frontend-pipeline', pipeline_name=f'{prj_name}-{env_name}-frontend-pipeline', artifact_bucket=artifact_bucket, restart_execution_on_update=False) source_output = cp.Artifact(artifact_name='source') build_output = cp.Artifact(artifact_name='build') pipeline.add_stage(stage_name='Source', actions=[ cp_actions.CodeCommitSourceAction( action_name='CodeCommitSource', repository=source_repo, branch='master', output=source_output) ])
def _create_pipeline( self, build_pipeline_name: str, github_source: aws_codepipeline_actions.GitHubSourceAction, codebuild_project: aws_codebuild.PipelineProject, config_file_source_bucket_name: str, df_project: DeviceFarmProject, device_farm_pool_arn: str): artifact_bucket = self._create_artifact_bucket( f"pipeline-assets-{build_pipeline_name.lower()}-{self.account}") self.code_build_project = self._create_codebuild_project( "AmplifyAndroidCodeBuildProject") amplify_android_build_output = aws_codepipeline.Artifact( "AmplifyAndroidBuildOutput") pipeline = aws_codepipeline.Pipeline( self, f"{build_pipeline_name}Pipeline", pipeline_name=build_pipeline_name, artifact_bucket=artifact_bucket, stages=[ aws_codepipeline.StageProps(stage_name="Source", actions=[github_source]), aws_codepipeline.StageProps( stage_name="Build", actions=[ self._create_build_and_assemble_action( input_artifact=github_source.action_properties. outputs[0], output_artifact=amplify_android_build_output, pipeline_project=codebuild_project, config_source_bucket=config_file_source_bucket_name ) ]) ]) self._add_devicefarm_test_runner_permissions_to_role(pipeline.role) self._add_devicefarm_test_stage(pipeline, df_project.get_project_id(), device_farm_pool_arn) return pipeline
def __init__(self, scope: core.Construct, id: str, **kwargs) -> None: super().__init__(scope, id, **kwargs) code = codecommit.Repository( self, "CodeRepo", repository_name="iot-gg-cicd-workshop-repo") prod_deploy_param_bucket = s3.Bucket( self, "ProdDeployBucket", versioned=True, ) prod_source_bucket = s3.Bucket( self, "ProdSourceBucket", versioned=True, ) ssm.StringParameter( self, "ProdSourceBucketParameter", parameter_name="/iot-gg-cicd-workshop/s3/prod_source_bucket", string_value=prod_source_bucket.bucket_name, ) ssm.StringParameter( self, "ProdDeployBucketParameter", parameter_name="/iot-gg-cicd-workshop/s3/prod_deploy_param_bucket", string_value=prod_deploy_param_bucket.bucket_name, ) cdk_build = codebuild.PipelineProject( self, "Build", project_name="iot-gg-cicd-workshop-build", build_spec=codebuild.BuildSpec.from_source_filename( "buildspec.yml"), environment_variables={ "AWS_DEFAULT_REGION": codebuild.BuildEnvironmentVariable(value=kwargs['env'].region) }) add_policies(cdk_build, [ "AWSCloudFormationFullAccess", "AmazonSSMFullAccess", "AmazonS3FullAccess", "AWSLambdaFullAccess", "IAMFullAccess", ]) cdk_deploy_canary = codebuild.PipelineProject( self, "Deploy", project_name="iot-gg-cicd-workshop-deploy-canary", build_spec=codebuild.BuildSpec.from_source_filename( "deployspec.yml"), environment_variables={ "AWS_DEFAULT_REGION": codebuild.BuildEnvironmentVariable(value=kwargs['env'].region) }) add_policies(cdk_deploy_canary, [ "AWSCloudFormationFullAccess", "AWSGreengrassFullAccess", "AmazonSSMFullAccess", "ResourceGroupsandTagEditorReadOnlyAccess", "AWSLambdaFullAccess", "AWSIoTFullAccess" ]) source_output = codepipeline.Artifact() cdk_build_output = codepipeline.Artifact("CdkBuildOutput") codepipeline.Pipeline( self, "Pipeline", pipeline_name="iot-gg-cicd-workshop-pipeline-canary", stages=[ codepipeline.StageProps( stage_name="Source", actions=[ codepipeline_actions.CodeCommitSourceAction( action_name="CodeCommit_Source", repository=code, output=source_output) ]), codepipeline.StageProps( stage_name="Build_Package_Deploy_Lambda", actions=[ codepipeline_actions.CodeBuildAction( action_name="Build_Package_Deploy", project=cdk_build, input=source_output, outputs=[cdk_build_output]) ]), codepipeline.StageProps( stage_name="Deploy_GreenGrass_Canary", actions=[ codepipeline_actions.CodeBuildAction( action_name="Deploy_Canary", project=cdk_deploy_canary, input=cdk_build_output) ]), ]) cdk_deploy_prod = codebuild.PipelineProject( self, "DeployProd", project_name="iot-gg-cicd-workshop-deploy-main", build_spec=codebuild.BuildSpec.from_object( dict( version="0.2", phases=dict(install=dict(commands=[ "apt-get install zip", "PROD_SOURCE_BUCKET=$(aws ssm get-parameter --name '/iot-gg-cicd-workshop/s3/prod_source_bucket' --with-decryption --query 'Parameter.Value' --output text)", "aws s3 cp s3://$PROD_SOURCE_BUCKET/prod_deploy.zip prod_deploy.zip", "unzip -o prod_deploy.zip", "ls -la", "make clean init" ]), build=dict(commands=[ "ls -la", "make deploy-greengrass-prod", ])), artifacts={ "base-directory": ".", "files": ["**/*"] }, environment=dict( buildImage=codebuild.LinuxBuildImage.STANDARD_2_0)))) add_policies(cdk_deploy_prod, [ "AWSCloudFormationFullAccess", "AWSGreengrassFullAccess", "AmazonSSMFullAccess", "ResourceGroupsandTagEditorReadOnlyAccess", "AWSLambdaFullAccess" ]) prod_source_output = codepipeline.Artifact() codepipeline.Pipeline( self, "PipelineProd", pipeline_name="iot-gg-cicd-workshop-pipeline-main", stages=[ codepipeline.StageProps( stage_name="Source", actions=[ codepipeline_actions.S3SourceAction( action_name="S3_Source", bucket=prod_deploy_param_bucket, bucket_key="deploy_params.zip", output=prod_source_output) ]), codepipeline.StageProps( stage_name="Deploy_GreenGrass_Prod", actions=[ codepipeline_actions.CodeBuildAction( action_name="Deploy_Prod", project=cdk_deploy_prod, input=prod_source_output) ]), ]) prod_source_bucket.grant_read_write(cdk_deploy_canary.role) prod_source_bucket.grant_read(cdk_deploy_prod.role) prod_deploy_param_bucket.grant_read_write(cdk_deploy_canary.role)