Skip to content

Instantly share code, notes, and snippets.

@josjaf

josjaf/build

Created August 15, 2019 22:05
Show Gist options
  • Save josjaf/0a6a52616a51ba78c60d0a64020b4f2d to your computer and use it in GitHub Desktop.
Save josjaf/0a6a52616a51ba78c60d0a64020b4f2d to your computer and use it in GitHub Desktop.
Download ZIP
Raw
build
from aws_cdk import (
aws_iam as aws_iam,
aws_s3 as aws_s3,
aws_ecr,
aws_codebuild,
core,
)
class Base(core.Stack):
def __init__(self, app: core.App, id: str, shared_params: dict, shared_outputs: dict) -> None:
super().__init__(app, id)
codebuild_role = aws_iam.Role(
self, "CodeBuildRole",
assumed_by=aws_iam.CompositePrincipal(
aws_iam.ServicePrincipal('codebuild.amazonaws.com'),
aws_iam.AccountRootPrincipal()
),
max_session_duration=core.Duration.hours(1),
managed_policies=[aws_iam.ManagedPolicy.from_aws_managed_policy_name('AdministratorAccess')],
)
self._codebuild_role_docker_build_arn = codebuild_role.role_arn
self._codebuild_role_docker_build_name = codebuild_role.role_name
self._codebuild_role_docker_build = codebuild_role
shared_params['codebuild_role_arn'] = codebuild_role.role_arn
shared_params['codebuild_role'] = codebuild_role
ecr = aws_ecr.Repository(
self, "ECR",
repository_name=f"{shared_params['namespace']}",
removal_policy=core.RemovalPolicy.DESTROY
)
codebuild_docker_build_aardvark = aws_codebuild. \
PipelineProject(self, "CodebuildDockerBuildAardvark",
project_name=f"{shared_params['namespace']}-Docker-Build-Aardvark",
build_spec=aws_codebuild.BuildSpec.from_source_filename(
filename='pipeline_delivery/aardvark_buildspec.yml'),
environment=aws_codebuild.BuildEnvironment(
privileged=True,
# build_image='LinuxBuildImage.STANDARD_1_0',
),
environment_variables={
'ecr': aws_codebuild.BuildEnvironmentVariable(
value=ecr.repository_uri),
'tag': aws_codebuild.BuildEnvironmentVariable(
value='aardvark')
},
description='Pipeline for CodeBuild',
timeout=core.Duration.minutes(60),
role=codebuild_role,
)
self._codebuild_docker_build_aardvark = codebuild_docker_build_aardvark
codebuild_docker_build_repo_kid = \
aws_codebuild.PipelineProject(self, "CodebuildDockerBuildRepoKid",
project_name=f"{shared_params['namespace']}-Docker-Build-RepoKid",
build_spec=aws_codebuild.BuildSpec.from_source_filename(
filename='pipeline_delivery/buildspec.yml'),
environment=aws_codebuild.BuildEnvironment(
privileged=True,
# build_image='LinuxBuildImage.STANDARD_1_0',
),
environment_variables={
'ecr': aws_codebuild.BuildEnvironmentVariable(
value=ecr.repository_uri),
'tag': aws_codebuild.BuildEnvironmentVariable(
value='repokid')
},
description='Pipeline for CodeBuild',
timeout=core.Duration.minutes(60),
role=codebuild_role,
)
codebuild_cdk_deploy = aws_codebuild.PipelineProject(self, "CodebuildCDKDeploy",
project_name=f"{shared_params['namespace']}-cdk-deploy",
build_spec=aws_codebuild.BuildSpec.from_source_filename(
filename='pipeline_delivery/cdk-buildspec.yml'),
description='Pipeline for CodeBuild',
timeout=core.Duration.minutes(60),
role=codebuild_role,
)
# codebuild_docker_build_repo_kid.grant_principal
shared_outputs['bucket_obj'].grant_read_write(codebuild_role)
policy = aws_iam.Policy(
self, "codebuildrolepolicies",
policy_name='cdk',
statements=[
aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=['s3:*'],
resources=[shared_outputs['bucket_obj'].bucket_arn]
),
aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=[
'ec2:*'
],
resources=["*"]
),
aws_iam.PolicyStatement(
effect=aws_iam.Effect.ALLOW,
actions=[
'ecr:*'
],
resources=[ecr.repository_arn]
)
],
roles=[
codebuild_role
]
)
self.shared_outputs = shared_outputs
@property
def outputs(self):
outputs = dict(
codebuild_role_docker_build=self._codebuild_role_docker_build,
codebuild_project_docker_build=self._codebuild_role_docker_build
)
# combined = {**outputs, **self.shared_outputs}
return outputs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment