Ale*_*ker 4 amazon-web-services aws-cloudformation aws-codebuild
我一直在浪费很多时间来尝试使用 CloudFormation 设置 GitHub 网络挂钩。此过程的文档无用,例如:https : //docs.aws.amazon.com/codebuild/latest/userguide/sample-access-tokens.html
$ aws codebuild import-source-credentials --generate-cli-skeleton
usage: aws [options] <command> <subcommand> [<subcommand> ...] [parameters]
To see help text, you can run:
aws help
aws <command> help
aws <command> <subcommand> help
aws: error: argument operation: Invalid choice, valid choices are:
batch-delete-builds | batch-get-builds
batch-get-projects | create-project
create-webhook | delete-project
delete-webhook | invalidate-project-cache
list-builds | list-builds-for-project
list-curated-environment-images | list-projects
start-build | stop-build
update-project | help
我的问题是我找不到为带有 CloudFormation 的 CodeBuild 指定 GitHub 访问令牌的方法。我只是想为 github 存储库设置一个网络钩子,以便在创建、更新拉取请求等时运行一个简单的测试套件。 如前所述,我发现了很多半生不熟的文档,如https://docs .aws.amazon.com/codebuild/latest/userguide/sample-github-pull-request.html概述了如何使用 github 设置 Web 挂钩,但是,当我尝试按照这些指南进行操作时,我在 CloudFormation 中遇到了 no GitHub token 错误。其他文档说您需要从 UI 或 CLI 设置访问令牌,但 CLI 显然已损坏,为什么我在尝试设置云形成时会在管理控制台中创建 CodeBuild 资源?我在示例 CloudFormation 模板中没有看到包含来自 GitHub 的个人访问令牌的位置,并且 Source > Auth 元素的文档是根据自身定义的。“适用于指定授权类型的资源值”没有告诉我这个“资源”是什么。这是我过去 8 个小时在文档中寻找的 GitHub 个人访问令牌吗?我不知道。我确实尝试在该字段中粘贴我的个人访问令牌,但得到了相同的结果。“未找到访问令牌,请访问 AWS CodeBuild 控制台连接到 GitHub”
以下是我的 CloudFormation 模板:
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "AWS CodeBuild Template",
"Parameters": {
},
"Resources": {
"CodeBuildProject": {
"Type": "AWS::CodeBuild::Project",
"Properties": {
"Name": "TestingCodeBuild",
"Description": "A description about my project",
"ServiceRole": { "Fn::GetAtt": [ "CodeBuildServiceRole", "Arn" ] },
"Artifacts": {
"Type": "no_artifacts"
},
"Environment": {
"Type": "LINUX_CONTAINER",
"ComputeType": "BUILD_GENERAL1_SMALL",
"Image": "ubuntu:bionic",
"EnvironmentVariables": [
{
"Name": "varName",
"Value": "varValue"
}
]
},
"Source": {
"Auth" : {
"Resource": "WTF IS THIS VALUE, Docs say a resource is a resource for use with the type."
"Type" : "OAUTH"
},
"BuildSpec" : "buildspec.yml",
"GitCloneDepth" : 1,
"ReportBuildStatus" : true,
"Location" : "https://github.com/user/repo.git",
"Type" : "GITHUB"
},
"Triggers": {
"FilterGroups": [
[
{
"Pattern" : "PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED, PULL_REQUEST_REOPENED",
"Type" : "EVENT"
}
]
],
"Webhook" : true
},
"TimeoutInMinutes": 10,
"Tags": [
{
"Key": "Key1",
"Value": "Value1"
},
{
"Key": "Key2",
"Value": "Value2"
}
]
}
},
"CodeBuildServiceRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"codebuild.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
},
"Path": "/",
"Policies": [
{
"PolicyName": "CodeBuildAccessPolicies",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"codecommit:CancelUploadArchive",
"codecommit:GetBranch",
"codecommit:GetCommit",
"codecommit:GetUploadArchiveStatus",
"codecommit:UploadArchive"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"codedeploy:CreateDeployment",
"codedeploy:GetApplicationRevision",
"codedeploy:GetDeployment",
"codedeploy:GetDeploymentConfig",
"codedeploy:RegisterApplicationRevision"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"codebuild:BatchGetBuilds",
"codebuild:StartBuild"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"devicefarm:ListProjects",
"devicefarm:ListDevicePools",
"devicefarm:GetRun",
"devicefarm:GetUpload",
"devicefarm:CreateUpload",
"devicefarm:ScheduleRun"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"iam:PassRole"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"elasticbeanstalk:*",
"ec2:*",
"elasticloadbalancing:*",
"autoscaling:*",
"cloudwatch:*",
"s3:*",
"sns:*",
"cloudformation:*",
"rds:*",
"sqs:*",
"ecs:*"
],
"Resource": "*"
}
]
}
}
]
}
}
}
}
更新 所以我设法通过手动创建一个名为“TempProj”的不相关的 CodeDeploy 项目并将其连接到 GitHub 来使其连接到 GitHub。现在,当您在 Cloud Formation 中创建堆栈时,它可以自动连接到 GitHub。您甚至可以删除该实例,它会继续工作。
Tal*_*raf 15
AWS::CodeBuild::SourceCredential是一个新的AWS资源,出现了CloudFormation Resource Specification v5.1.0,这可让您连接CodeBuild与Github使用GitHub的个人访问令牌(如果你不知道如何创建它,看看这个快速指南)。
快速示例:
AWSTemplateFormatVersion: "2010-09-09"
Resources:
# This resource allows to connect CodeBuild with Github using Personal Access Token.
CodeBuildSourceCredential:
Type: AWS::CodeBuild::SourceCredential
Properties:
AuthType: PERSONAL_ACCESS_TOKEN
ServerType: GITHUB
Token: "<YOUR-PERSONAL-GITHUB-ACCESS-TOKEN>"
# CodeBuild resource.
CodeBuild:
Type: AWS::CodeBuild::Project
Properties:
Source:
Auth:
Resource: !Ref CodeBuildSourceCredential
Type: OAUTH
提示:将个人访问令牌存储在 AWS Secrets Manager 中并使用动态引用指定模板值来获取它。
您可以使用 AWS Secrets Manager 安全地存储您的 GitHub OAuth 令牌,然后您可以在 CloudFormation 模板中使用动态引用,该引用将解析为存储的值。
使用 Secrets Manager 创建密钥时,一个密钥包含 3 个部分:
上面的示例将在您的 CloudFormation 模板中引用为:
'{{resolve:secretsmanager:GitHubToken:SecretString:OAuthToken}}'
CodePipeline 的 CloudFormation 模板中的更完整片段将在每次 git 推送到存储库的指定分支后触发管道运行,如下所示:
...
MyPipeline:
Type: AWS::CodePipeline::Pipeline
Properties:
Stages:
-
Name: GetSource
Actions:
-
Name: GetMyGithubRepoSourceOnPush
ActionTypeId:
Category: Source
Owner: ThirdParty
Version: 1
Provider: GitHub
OutputArtifacts:
- Name: NameOfArtifactForNextStages
Configuration:
Owner: MyGithubUsername
Repo: MyGithubRepoName
Branch: MyRepoBranchName
OAuthToken: '{{resolve:secretsmanager:NameOfSecret:SecretString:KeyOfSecret}}'
我希望这有帮助。
| 归档时间: |
|
| 查看次数: |
5979 次 |
| 最近记录: |