awslabs / aws-simple-cicd Goto Github PK
View Code? Open in Web Editor NEWA prescriptive, serverless CI/CD platform leveraging native AWS services built using the AWS Cloud Development Kit (CDK).
License: Other
A prescriptive, serverless CI/CD platform leveraging native AWS services built using the AWS Cloud Development Kit (CDK).
License: Other
// SourceAction
const sourceAction = new BitBucketSourceAction({
actionName: 'BitbucketSource',
owner: 'ownername',
repo: repoName,
output: sourceOutputArtifact,
connectionArn: SecretValue.secretsManager('BBCloudConnection').toString(),
})
This is what the source action looks like. I need it to be able to access connectionArn from SecretValue. It fails due to lack of permissions at the moment. Where should the resource permission be added?
Action in deploymentPolicy looks as follows:
Action:
- 'cloudformation:*'
- 'iam:*'
- 'lambda:*'
- 'ecs:*'
- 'ecr:*'
- 'logs:*'
- 'ec2:*'
- 'ssm:*'
- 'secretsmanager:*'
i.e have added 'secretsmanager:*' at the bottom
As of now, I get the following error if I use secretsManager:
17/49 | 2:14:10 a.m. | CREATE_FAILED | AWS::IAM::Policy | backend--854-pipeline-backend-setup-pipeline/Source/BitbucketSource/CodePipelineActionRole/DefaultPolicy (backendVLNCC854pipelinebackendsetuppipelineSourceBitbucketSourceCodePipelineActionRoleDefaultPolicy41F7C61D) Syntax errors in policy. (Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument; Request ID: 62b6fb1c-77b0-432c-b907-2e409ff7c538; Proxy: null)
The secret manager was created manually on console and has the following resource permissions:
{
"Version" : "2012-10-17",
"Statement" : [ {
"Effect" : "Allow",
"Principal" : {
"AWS" : "arn:aws:iam::1111111111:role/deployment-role"
},
"Action" : "secretsmanager:GetSecretValue",
"Resource" : "*"
} ]
}
The assume-cross-account-role.env file should be maintained by the administrators only and auto-injected into the deployment stage. This does not need to be exposed to developers.
Consider the following scenario:
Now, what should the next step be here? Is reverting the code manually from the develop branch the only option as other developers in the team want to push the code and trigger the pipeline?
In serverless.yml file, we default to the sandbox for the stage name
stage: ${opt:stage, 'sandbox'}
How to get this stage name from the CI-CD pipeline instead?
Codesuite needs to be authorized against the Github organization/owner before webhooks can be generated.
The Github integration is using v1 today. We should move to the more secure v2 implementation.
Waiting for upstream fix: aws/aws-cdk#10632
How can this pipeline be adopted for multi-region deployments? The reason for adopting multi-region deployment is both compliance and fail-over
It would be useful to create subscriptions to the topic through the code itself instead of doing it through the dashboard every time the pipeline is created
In project-config.json , we have :
"Backend": [
{
"pipelineName": "backend",
"ccRepoName": "backend",
"branch": "master",
"type": "BitBucket",
"cron": ""
}
],
Step 1. Pipeline deployed for branch master
Step 2. Edit project-config.json and change branch name:
"Backend": [
{
"pipelineName": "backend",
"ccRepoName": "backend",
"branch": "develop",
"type": "BitBucket",
"cron": ""
}
],
Step 3. Pipeline deployed for develop branch
At this stage, it deletes the pipeline for the master
branch and deploys it for the develop
branch. How can we keep the pipeline for multiple branches at the same time?
There are pipelines deployed for the following branches: development
, master
. The respective pipeline is triggered onCommit
event (codeCommitRepo.onCommit('OnCommit', {})
so whenever there is any code push to the branch. We are planning to use git-flow as the branching strategy but don't exactly see the advantages of having another branch called staging
, in addition to development
, master
.
I would like to understand what the flow should look like starting from a feature branch. (Also, Not looking to use Trunk based branching strategy)
Feature request: The pipeline can use an additional stage for test cases along with a few test cases for the pipeline and security scans
The pipeline is currently deployed with the stacks that come defined at part of this CI-CD in cicd.ts file. I need to introduce a new stack that will be linked to a different repository.
In config/config.ts, I have added
Tests: Array<ProjectRepo>
In project-config.json, I have added:
"Tests": [
{
"pipelineName": "tests",
"ccRepoName": "tests",
"branch": "master",
"type": "BitBucket",
"cron": ""
},
{
"pipelineName": "tests",
"ccRepoName": "tests",
"branch": "develop",
"type": "BitBucket",
"cron": ""
}
],
In cicd.ts, I have added:
new CicdStack(app, 'QARepo', { prefix, ssmRoot, cicdRoleName, repos: config.Tests})
In package.json, I have changed the synth
command to include the new stack:
"synth": "npm run build && npm run cdk -- synth VLNCC-CICD-BackendRepo && npm run cdk -- synth QARepo"
When I try to run:
cdk deploy --all --profile cicd
I get:
Unable to resolve AWS account to use. It must be either configured when you define your CDK or through the environment.
I did also try running the command
npm run synth
before the cdk deploy --all --profile cicd
command.
How do I deploy the new stack?
Feature request to integrate AWS config to define rules in the pipeline and track configuration changes
In serverless.yml
file, the default profile name is 'sandbox'.
When running sls deploy
command and not passing --profile
argument, it automatically tries to use the sandbox
profile.
profile: ${opt:profile, 'sandbox'}
Now, In package.json
at the root of the application folder that the CI/CD pipeline needs to deploy, we have,
"deploy:cicd": " lerna run deploy --stream",
This will run the deploy
command in all of the serverless services.
In package.json of each of the services, I have:
"deploy": "sls deploy -v",
When the command, npm run deploy:cicd
is run, it throws
deploy in deploy.sh
, I instead getlerna run deploy --stream
--
51 |
52 | internal/modules/cjs/loader.js:834
53 | throw err;
54 | ^
55 |
56 | Error: Cannot find module '.'
57 | Require stack:
58 | - /codebuild/output/src163111865/src/node_modules/.bin/lerna
59 | at Function.Module._resolveFilename (internal/modules/cjs/loader.js:831:15)
60 | at Function.Module._load (internal/modules/cjs/loader.js:687:27)
61 | at Module.require (internal/modules/cjs/loader.js:903:19)
62 | at require (internal/modules/cjs/helpers.js:74:18)
63 | at Object. (/codebuild/output/src163111865/src/node_modules/.bin/lerna:11:3)
64 | at Module._compile (internal/modules/cjs/loader.js:1015:30)
65 | at Object.Module._extensions..js (internal/modules/cjs/loader.js:1035:10)
66 | at Module.load (internal/modules/cjs/loader.js:879:32)
67 | at Function.Module._load (internal/modules/cjs/loader.js:724:14)
68 | at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:60:12) {
69 | code: 'MODULE_NOT_FOUND',
70 | requireStack: [ '/codebuild/output/src163111865/src/node_modules/.bin/lerna' ]
71 | }
72 | npm ERR! code 1
73 | npm ERR! path /codebuild/output/src163111865/src
74 | npm ERR! command failed
75 | npm ERR! command sh -c lerna run deploy --stream
76 |
77 | npm ERR! A complete log of this run can be found in:
78 | npm ERR! /root/.npm/_logs/2021-03-15T23_30_13_216Z-debug.log
I see that we now have a test stage in the CI/CD pipeline. Thank you so much for adding it. I plan to run unit and integration tests before deployment, smoke tests in the dev account only, when smoke tests are positive, promote to QA env. If regression tests in QA env. are positive, promote to production.
To work those steps with this CI/CD, how can these phases run stage-specific tests be added here? Would be great to see it in this pipeline or an example for the same.
Currently, deployment happens through deploy.sh file. How can this pipeline be configured to support
To add the pre-build phase, should an additional shell script file be enough in the source codebase directory named as pre-build.sh and following in build-project.ts
buildSpec: BuildSpec.fromObject({
version: '0.2',
phases: {
install: {
'runtime-versions': {
nodejs: '10'
}
},
pre-build: {
commands: [
'bash ${CODEBUILD_SRC_DIR}/scripts/pre-build.sh'
]
},
build: {
commands: [
'bash ${CODEBUILD_SRC_DIR}/scripts/build.sh'
]
}
},
Is there anything else that would be required?
In the build phase of the code pipeline, in SemverLambda, on line 119, I get an error "Parameter not found"
[
| 2020-11-12T14:43:48.264-08:00Copy{'repo': 'test', 'branch': 'master'} | {'repo': 'test', 'branch': 'master'}
-- | -- | --
| 2020-11-12T14:43:48.407-08:00CopyFunction failed due to exception. | Function failed due to exception.
| 2020-11-12T14:43:48.407-08:00CopyAn error occurred (ParameterNotFound) when calling the GetParameter operation: | An error occurred (ParameterNotFound) when calling the GetParameter operation:
| 2020-11-12T14:43:48.407-08:00 | Traceback (most recent call last):
| 2020-11-12T14:43:48.407-08:00 | File "/var/task/lambda.py", line 119, in semver_handler
| 2020-11-12T14:43:48.407-08:00 | response = ssm.get_parameter(
| 2020-11-12T14:43:48.407-08:00 | File "/var/runtime/botocore/client.py", line 316, in _api_call
]
line 118 need to change to
ssm_param = ssm_root + '/' + repo + '/' + branch + '/version'
from
ssm_param = ssm_root + '/codecommit/' + repo + '/' + branch + '/version'
to resolve the issue
The deployment seems to be failing with the following error:
334 | vlncc-sns: Serverless: Packaging service...
335 | vlncc-sns:
336 | vlncc-sns: Serverless Error ----------------------------------------
337 | vlncc-sns:
338 | vlncc-sns: AWS profile "sandbox" doesn't seem to be configured
339 | vlncc-sns:
340 | vlncc-sns: Get Support --------------------------------------------
341 | vlncc-sns: Docs: docs.serverless.com
342 | vlncc-sns: Bugs: github.com/serverless/serverless/issues
343 | vlncc-sns: Issues: forum.serverless.com
344 | vlncc-sns:
345 | vlncc-sns: Your Environment Information ---------------------------
346 | vlncc-sns: Operating System: linux
347 | vlncc-sns: Node Version: 12.19.1
348 | vlncc-sns: Framework Version: 2.29.0
349 | vlncc-sns: Plugin Version: 4.5.0
350 | vlncc-sns: SDK Version: n/a
351 | vlncc-sns: Components Version: 3.7.3
352 | vlncc-sns:
353 | vlncc-sns: npm ERR! code 1
354 | vlncc-sns: npm ERR! path /codebuild/output/src627196871/src/resources/sns
355 | vlncc-sns: npm ERR! command failed
356 | vlncc-sns: npm ERR! command sh -c sls deploy -v
357 | vlncc-sns: npm ERR! A complete log of this run can be found in:
358 | vlncc-sns: npm ERR! /root/.npm/_logs/2021-03-16T00_43_50_269Z-debug.log
359 | lerna ERR! npm run deploy exited 1 in 'vlncc-sns'
360 | lerna WARN complete Waiting for 2 child processes to exit. CTRL-C to exit immediately.
361 | npm ERR! code 1
362 | npm ERR! path /codebuild/output/src627196871/src
363 | npm ERR! command failed
364 | npm ERR! command sh -c lerna run deploy --stream
365 |
366 | npm ERR! A complete log of this run can be found in:
367 | npm ERR! /root/.npm/_logs/2021-03-16T00_43_50_322Z-debug.log
368
The application is configured to fallback on the profile named sandbox if not passing a profile name at all. How should this be resolved? Do we need to pass the name of the profile when running through CI/CD?
This pipeline gets triggered when on "onCommit". How can I trigger static code analysis and run unit tests when the pull request is created?
build, test, deploy scripts are missing.
Add support for Github
sls deploy command that we use to deploy our services asks for MFA code. How should that be handled in this CI/CD pipeline? Different AWS accounts will need to use different profiles and will ask for MFA code each time sls deploy command needs to run.
Feature request: I think it would be useful to have some test cases for the pipeline.
trying to push my changes to my cloned repo and noticing it’s trying to synth:
"synth": "npm run build && npm run cdk -- synth AWS-Simple-CICD-TeamOne"
AWS-Simple-CICD-TeamOne may not be defined.
I would like to know how can single service deployments be done with this CI/CD.
Also, really like CDK and this CI/CD so far :)
[Container] 2021/03/13 02:58:08 Waiting for agent ping
2 | [Container] 2021/03/13 02:58:11 Waiting for DOWNLOAD_SOURCE
3 | [Container] 2021/03/13 02:58:12 Phase is DOWNLOAD_SOURCE
4 | [Container] 2021/03/13 02:58:12 CODEBUILD_SRC_DIR=/codebuild/output/src418621371/src
5 | [Container] 2021/03/13 02:58:12 YAML location is /codebuild/readonly/buildspec.yml
6 | [Container] 2021/03/13 02:58:12 No commands found for phase name: install
7 | [Container] 2021/03/13 02:58:12 Processing environment variables
8 | [Container] 2021/03/13 02:58:12 Selecting 'nodejs' runtime version '15' based on manual selections...
9 | [Container] 2021/03/13 02:58:12 Phase complete: DOWNLOAD_SOURCE State: FAILED
10 | [Container] 2021/03/13 02:58:12 Phase context status code: YAML_FILE_ERROR Message: Unknown runtime version named '15' of nodejs. This build image has the following versions: 10, 12
We are using node 15 in our application that will be deployed with the CICD. I tried to set
install: {
'runtime-versions': {
nodejs: '15'
}
},
but get the error:
10 | [Container] 2021/03/13 02:58:12 Phase context status code: YAML_FILE_ERROR Message: Unknown runtime version named '15' of nodejs. This build image has the following versions: 10, 12
Why is that? Can we not use node15?
In this CI/CD pipeline, What's the best way to control who can trigger pipelines for dev, test, and master branch?
It will be useful to define a number in the config file for the number of manual approvals required along with IAM usernames/roles that the approval is needed from for deployment to production
Instead of provisioning stages for all environments (dev, test, prod) only provision stages if the account id for the corresponding environment is present.
This will clean up the pipeline and remove extra stages which cannot run.
Allow ability to select target deployment account(s) per repository/pipeline.
Use-cases:
Future enhancements:
Is there any necessary integration required to use this CI/CD pipeline for deploying a Serverless framework-based application? I stumbled on https://serverless-stack.com/chapters/using-aws-cdk-with-serverless-framework.html and wondering if this is relevant here?
Edit: So if I do not run npm install in build.sh, and run it directly in test.sh then, npm run test command runs okay. but If I run npm run install first in build.sh and then in test.sh, it fails at npm run test with module not found error.
What is the relation between build.sh, test.sh and deploy.sh. If npm install command is run in build.sh, then commands in test.sh and deploy.sh fail including the npm install command itself.
Why is that?
@srijitm scripts in package.json
at the root of the application looks as follows:
"scripts": {
"preinstall": "npm i -g serverless && npm i -g lerna",
"postinstall": "lerna bootstrap",
"test": "lerna run --stream test --parallel",
"deploy": "eval \"`aws-auth-helper lerna-deploy` lerna run deploy --since HEAD~1 --stream\"",
"deploy:cicd": " lerna run deploy --stream",
},
My build.sh
file looks as follows and it runs OK (ONLY because it is the first file being run
)
#! /bin/bash
set -e
set -u
set -o pipefail
echo "Building services..................!"
npm install
npm run test
echo "Build completed..................!"
```
My deploy.sh file looks as follows and it FAILS (**if run after the commands in build.sh, if npm install is not run in build.sh, then in runs okay**)
```
#! /bin/bash
set -e
set -u
set -o pipefail
echo "Running Deployment...........................!"
npm install
npm run deploy:cicd
echo "Deployment Completed.........................!"
```
The error when it fails is:
```
Running Deployment...........................!
--
48 |
49 | > [email protected] preinstall
50 | > npm i -g serverless && npm i -g lerna
51 |
52 | npm WARN deprecated [email protected]: this library is no longer supported
53 | npm WARN deprecated [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142
54 | npm WARN deprecated [email protected]: request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142
55 |
56 | added 670 packages, and audited 671 packages in 26s
57 |
58 | 37 packages are looking for funding
59 | run `npm fund` for details
60 |
61 | found 0 vulnerabilities
62 | npm WARN deprecated [email protected]: this library is no longer supported
63 | npm WARN deprecated [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142
64 |
65 | changed 632 packages, and audited 633 packages in 13s
66 |
67 | 62 packages are looking for funding
68 | run `npm fund` for details
69 |
70 | found 0 vulnerabilities
71 |
72 | > [email protected] postinstall
73 | > lerna bootstrap
74 |
75 | internal/modules/cjs/loader.js:834
76 | throw err;
77 | ^
78 |
79 | Error: Cannot find module '.'
80 | Require stack:
81 | - /codebuild/output/src883388911/src/node_modules/.bin/lerna
82 | at Function.Module._resolveFilename (internal/modules/cjs/loader.js:831:15)
83 | at Function.Module._load (internal/modules/cjs/loader.js:687:27)
84 | at Module.require (internal/modules/cjs/loader.js:903:19)
85 | at require (internal/modules/cjs/helpers.js:74:18)
86 | at Object.<anonymous> (/codebuild/output/src883388911/src/node_modules/.bin/lerna:11:3)
87 | at Module._compile (internal/modules/cjs/loader.js:1015:30)
88 | at Object.Module._extensions..js (internal/modules/cjs/loader.js:1035:10)
89 | at Module.load (internal/modules/cjs/loader.js:879:32)
90 | at Function.Module._load (internal/modules/cjs/loader.js:724:14)
91 | at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:60:12) {
92 | code: 'MODULE_NOT_FOUND',
93 | requireStack: [ '/codebuild/output/src883388911/src/node_modules/.bin/lerna' ]
94 | }
95 | npm ERR! code 1
96 | npm ERR! path /codebuild/output/src883388911/src
97 | npm ERR! command failed
98 | npm ERR! command sh -c lerna bootstrap
99 |
100 | npm ERR! A complete log of this run can be found in:
101 | npm ERR! /root/.npm/_logs/2021-03-15T23_48_04_960Z-debug.log
102 |
103 | [Container] 2021/03/15 23:48:04 Command did not exit successfully bash ${CODEBUILD_SRC_DIR}/scripts/deploy.sh exit status 1
104 | [Container] 2021/03/15 23:48:04 Phase complete: BUILD State: FAILED
105 | [Container] 2021/03/15 23:48:04 Phase context status code: COMMAND_EXECUTION_ERROR Message: Error while executing command: bash ${CODEBUILD_SRC_DIR}/scripts/deploy.sh. Reason: exit status 1
106 | [Container] 2021/03/15 23:48:05 Entering phase POST_BUILD
107 | [Container] 2021/03/15 23:48:05 Phase complete: POST_BUILD State: SUCCEEDED
108 | [Container] 2021/03/15 23:48:05 Phase context status code: Message:
109 |
```
**Similarly, test.sh fails.**
I needed to have runtime env of node15, therefore, in the CI-CD pipelie, made the following change for build-project.ts, deploy-project.ts and test-project.ts
```
buildSpec: BuildSpec.fromObject({
version: '0.2',
phases: {
install: {
commands: [
'npm install npm@latest -g',
'npm install lerna@latest -g'
]
},
```
instead of
```
phases: {
install: {
'runtime-versions': {
nodejs: '10'
}
},
```
How do I fix this? What is exactly going wrong here? @srijitm
If the end to end tests/system tests are stored in a separate repo, how to modify this pipeline to run end to end tests on every deployment?
2.Feature request to trigger an alarm when a test fails and fail the deployment
I would like to understand what should be the branching strategy to align well with this CI/CD pipeline. I have previously used Github flow with Feature branch, development branch, and master branch. Since we are promoting a branch to production from the dev environment, I imagine we don't want to have dev and master as separate branches? That will also need us to approve multiple PR's for the same feature branch.
What branching strategy works best for this CI/CD pipeline?
It takes a fairly long time (About 6-8 minutes( to deploy on making a change of 1 line of code as well. Is there a way around it?
I used this CI/CD and tweaked it to connect BitBucket cloud for code source by using BitBucketSourceAction. I think it would be useful to support it as part of this pipeline as well. Will need to store connection ARN as well which could be stored in SSM itself.
const sourceAction = new BitBucketSourceAction({
actionName: 'BitbucketSource',
owner: 'admin',
repo: repoName,
output: sourceOutputArtifact,
connectionArn: 'arn:aws:codestar-connections:us-west-2:blablabla',
})
Also, is it correct to use
import { Repository } from '@aws-cdk/aws-codecommit'
for BitBucket repository as well?
const bitBucketRepo = Repository.fromRepositoryName(
scope,
`${repoName}${repoBranch}BitBucketRepo`,
repoName
)
I needed the pipeline to use node runtime 15, so I had added following in
1.test-project.js
2. deploy-project.ts
3. build-project.ts
install: {
commands: [
'npm install npm@latest -g',
'npm install lerna@latest -g'
]
},
and removed:
phases: {
install: {
'runtime-versions': {
nodejs: '10'
}
},
I am getting the following error in Codebuild
> [email protected] deploy:cicd
--
50 | > lerna run deploy --since HEAD~1 --stream
51 |
52 | internal/modules/cjs/loader.js:834
53 | throw err;
54 | ^
55 |
56 | Error: Cannot find module '.'
57 | Require stack:
58 | - /codebuild/output/src956778402/src/node_modules/.bin/lerna
59 | at Function.Module._resolveFilename (internal/modules/cjs/loader.js:831:15)
60 | at Function.Module._load (internal/modules/cjs/loader.js:687:27)
61 | at Module.require (internal/modules/cjs/loader.js:903:19)
62 | at require (internal/modules/cjs/helpers.js:74:18)
63 | at Object.<anonymous> (/codebuild/output/src956778402/src/node_modules/.bin/lerna:11:3)
64 | at Module._compile (internal/modules/cjs/loader.js:1015:30)
65 | at Object.Module._extensions..js (internal/modules/cjs/loader.js:1035:10)
66 | at Module.load (internal/modules/cjs/loader.js:879:32)
67 | at Function.Module._load (internal/modules/cjs/loader.js:724:14)
68 | at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:60:12) {
69 | code: 'MODULE_NOT_FOUND',
70 | requireStack: [ '/codebuild/output/src956778402/src/node_modules/.bin/lerna' ]
71 | }
72 | npm ERR! code 1
73 | npm ERR! path /codebuild/output/src956778402/src
74 | npm ERR! command failed
75 | npm ERR! command sh -c lerna run deploy --since HEAD~1 --stream
I get this error on running the test command:
lerna run --stream test --parallel
Also, tried with
lerna run --stream test --parallel --scope registration-service
In the services, test script looks like,
"test": "serverless-bundle test --verbose --coverage",
I installed Lerna globally in the pipeline and in build.sh, deploy.sh and test.sh, but I get this error anytime I try to run a lerna command in "test.sh" or "deploy.sh".
seems to be running okay in build.sh but not in test.sh and deploy.sh
An error occurred (AccessDenied) when calling the AssumeRole operation: User: arn:aws:sts::9xxxxxxxxxx:assumed-role/AWS-Simple-CICD-TeamOne-vimpsvlncctestpipel-SP8VE3BYU66Q/AWSCodeBuild-c17e5754-c377-41e5-b1ca-7276e582aeee is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::0xxxxxxxxxx2:role/admin
We have a landing zone account where my username is let's say "simi". I am able to assume role "admin" in accounts - dev, test, tools, and prod.
As the documentation suggests: https://github.com/awslabs/aws-simple-cicd/blob/master/docs/admin.md#deploy-pipelines
"If the AWS accounts are generated using AWS Landing Zone or Control Tower, then use the cross-account role generated by that service and skip this step.", I have skipped this step.
The only change I have made is replaced ROLE_NAME=role/deployment-role
with
ROLE_NAME=role/admin
in line 19 of https://github.com/awslabs/aws-simple-cicd/blob/master/scripts/assume-cross-account-role.env .
Tried changing it to ROLE_NAME=role/simi
as well
Is it required to make any additional changes to be able to resolve this error? How can this be fixed?
If the new branch is named master, then a stack should be created containing CI+CD pipelines, with deploy stages in the dev, test, and production environments.
If the new branch is named develop, then a stack should be created containing CI+CD pipelines, with a deploy stage in the Dev and test environment.
If the new branch has any other name, then the stack should be created with only a CI pipeline.
Should be useful to have this behaviour in the CI/CD pipeline. This is coming from an AWS blog for the event-driven multi-branch pipeline.
This is what the logs look like if I do not have assume-role-cross-account-role.env in the repo.
[Container] 2020/12/04 21:38:09 Running command if [ ! -f "${CODEBUILD_SRC_DIR}/scripts/assume-cross-account-role.env" ]; then echo "assume-cross-account-this.role.env not found in repo" && aws s3 cp s3://${ARTIFACTS_BUCKET_NAME}/admin/cross-account/assume-cross-account-role.env ${CODEBUILD_SRC_DIR}/scripts/; else echo "Overriding assume-cross-account-role.env from repo"; fi
--
30 | assume-cross-account-this.role.env not found in repo
31 | Completed 1.7 KiB/1.7 KiB (23.2 KiB/s) with 1 file(s) remaining
32 | download: s3://vaisala-vimps-vlncc-cicd/admin/cross-account/assume-cross-account-role.env to scripts/assume-cross-account-role.env
33 |
34 | [Container] 2020/12/04 21:38:16 Running command . ${CODEBUILD_SRC_DIR}/scripts/assume-cross-account-role.env
35 | /codebuild/output/tmp/script.sh: 18: /codebuild/output/src075076344/src/scripts/assume-cross-account-role.env:
36 | : not found
37 | /codebuild/output/tmp/script.sh: 20: /codebuild/output/src075076344/src/scripts/assume-cross-account-role.env:
38 | : not found
39 | Assuming role role/deployment-role
40 | in account 074808352032 with session name dev-Deploy
41 |
42 | /codebuild/output/tmp/script.sh: 24: /codebuild/output/src075076344/src/scripts/assume-cross-account-role.env:
43 | : not found
44 | /codebuild/output/tmp/script.sh: 34: /codebuild/output/src075076344/src/scripts/assume-cross-account-role.env: Syntax error: end of file unexpected (expecting "then")
45 |
46 | [Container] 2020/12/04 21:38:16 Command did not exit successfully . ${CODEBUILD_SRC_DIR}/scripts/assume-cross-account-role.env exit status 2
47 | [Container] 2020/12/04 21:38:16 Phase complete: BUILD State: FAILED
48 | [Container] 2020/12/04 21:38:16 Phase context status code: COMMAND_EXECUTION_ERROR Message: Error while executing command: . ${CODEBUILD_SRC_DIR}/scripts/assume-cross-account-role.env. Reason: exit status 2
49 | [Container] 2020/12/04 21:38:16 Entering phase POST_BUILD
50 | [Container] 2020/12/04 21:38:16 Phase complete: POST_BUILD State: SUCCEEDED
51 | [Container] 2020/12/04 21:38:16 Phase context status code: Message:
If I add the file in repo, It works okay
What events in this pipeline should trigger a notification? I added a subscriber through the AWS console. When I publish a message to the topic from the AWS console, I do get a notification. I haven't received any notification from the pipeline though. It seems like there is currently no event in the pipeline that triggers a notification as function send_codebuild_events_to_sns
never really gets called.
I would like to trigger the notification:
The send_build_events_to_sns
method expects a certain structure:
for ex:
status = message['detail']['build-status']
project = message['detail']['project-name']
build_id = message['detail']['build-id']
How can CodeCommit be replaced with BitBucket cloud repo for source? What exact changes are required to fit in this pipeline?
It leaves the s3 bucket and then fails the deploy command next time erring on the existence of the s3 bucket already
npm install command fails in my pipeline written using aws-cdk with the following error:
npm ERR! code ENOTFOUND 33 npm ERR! syscall getaddrinfo 34 npm ERR! errno ENOTFOUND 35 npm ERR! network request to http://nexus.company.com:8081/nexus/repository/npm-group/zip-stream/-/zip-stream-4.1.0.tgz failed, reason: getaddrinfo ENOTFOUND nexus.company.com
How can this be fixed? npm run command works okay in my local system,
.npmrc file looks as follows:
registry="http://nexus.company.com:8081/nexus/repository/npm-group/"
How to whitelist access to private registry from the pipeline?
Due to naming convention cloudformation resource ids getting too long. Shorten unique identifiers
Referring to https://aws.amazon.com/blogs/devops/multi-branch-codepipeline-strategy-with-event-driven-architecture/, It shows the approach we discussed in another issue to trigger a pipeline for every new branch based on events/lambda functions.
It should be useful to have a pipeline automatically created for new branches and automatically deleted after.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.