Skip to content

Instantly share code, notes, and snippets.

@christopher-caldwell

christopher-caldwell/template.yml

Created April 29, 2021 23:28
Show Gist options
  • Save christopher-caldwell/60769fd0c554eb1207788256b8eea2cf to your computer and use it in GitHub Desktop.
Save christopher-caldwell/60769fd0c554eb1207788256b8eea2cf to your computer and use it in GitHub Desktop.
Download ZIP
Using CodeBuild with a custom Docker image
Raw
template.yml
Transform: 'AWS::Serverless-2016-10-31'
Parameters:
Stage:
Type: String
CloudFrontDistributionId:
Type: String
BranchToRunBuildFrom:
Type: String
RepositoryUrl:
Type: String
S3Bucket:
Type: String
Description: Name of S3 Bucket where the builds will be stored
BuildCommand:
Type: String
Description: Command used to run the build for the specified environment
RepositoryName:
Type: String
Description: Command used to run the build for the specified environment
ImageTag:
Type: String
Description: Command used to run the build for the specified environment
UiDeploymentBucket:
Type: String
Description: Command used to run the build for the specified environment
Resources:
# Role that the UI build will assume
UiBuildServiceRole:
Type: AWS::IAM::Role
Properties:
RoleName: !Sub project-ui-build-role-${Stage}
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service:
- codebuild.amazonaws.com
Action: 'sts:AssumeRole'
Policies:
- PolicyName: cache-invalidation
PolicyDocument:
Statement:
- Effect: Allow
Action:
- cloudfront:CreateInvalidation
Resource:
Fn::Join:
- ''
- - 'arn:aws:cloudfront::'
- !Ref AWS::AccountId
- ':distribution/'
- !Ref CloudFrontDistributionId
- PolicyName: logs-permissions
PolicyDocument:
Statement:
- Effect: Allow
Action:
- logs:CreateLogStream
- logs:CreateLogGroup
- logs:PutLogEvents
Resource: '*'
- PolicyName: codebuild-permissions
PolicyDocument:
Statement:
- Effect: Allow
Action:
- codebuild:CreateReportGroup
- codebuild:CreateReport
- codebuild:UpdateReport
- codebuild:BatchPutTestCases
Resource: '*'
- PolicyName: !Sub upload-artifact-to-s3-${Stage}
PolicyDocument:
Statement:
- Effect: Allow
Action:
- s3:PutObject
Resource:
- !Sub arn:aws:s3:::${S3Bucket}
- !Sub arn:aws:s3:::${S3Bucket}/*
- PolicyName: !Sub codepipeline-deploy-to-s3-${Stage}
PolicyDocument:
Statement:
- Effect: Allow
Action:
- s3:PutObject
- s3:GetBucketAcl
- s3:GetBucketLocation
Resource:
- !Sub arn:aws:s3:::${UiDeploymentBucket}
- !Sub arn:aws:s3:::${S3Bucket}
- !Sub arn:aws:s3:::${S3Bucket}/*
- PolicyName: !Sub allow-ecr-build-image-pull-${Stage}
PolicyDocument:
Statement:
- Effect: Allow
Action:
- ecr:GetDownloadUrlForLayer
- ecr:BatchGetImage
- ecr:BatchCheckLayerAvailability
- ecr:GetAuthorizationToken
Resource: '*'
#CodeBuild resource that will perform build
UiBuildProject:
Type: AWS::CodeBuild::Project
Properties:
Name: !Sub project-ui-build-${Stage}
Description: !Sub 'Build steps for ${Stage} UI'
ServiceRole: !GetAtt UiBuildServiceRole.Arn
Artifacts:
Type: S3
Location: !Ref S3Bucket
EncryptionDisabled: true
Environment:
Type: LINUX_CONTAINER
ComputeType: BUILD_GENERAL1_SMALL
ImagePullCredentialsType: SERVICE_ROLE
Image:
Fn::Join:
- ''
- - !Ref AWS::AccountId
- .dkr.ecr.
- !Ref AWS::Region
- .amazonaws.com/
- !Sub ${RepositoryName}:${ImageTag}
EnvironmentVariables:
- Name: BUILD_COMMAND
Value: !Ref BuildCommand
- Name: DISTRIBUTION_ID
Value: !Ref CloudFrontDistributionId
Source:
Type: GITHUB
Location: !Ref RepositoryUrl
BuildSpec: ui/buildspec.yml
Auth:
Resource: !ImportValue GitHubCredentials
Type: OAUTH
TimeoutInMinutes: 10
Triggers:
Webhook: true
FilterGroups:
- - Type: EVENT
Pattern: PUSH
- Type: HEAD_REF
Pattern: !Sub ^refs/heads/${BranchToRunBuildFrom}
- Type: FILE_PATH
Pattern: ui
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment