Application build 및 artifact upload를 위한 AWS Code Build의 설정 파일 buildspec.yml(+ AWS Secret Manager)

buildspec.yml

version: 0.2

env:
  # You can use env at variables, Parameter-store, secrets-manager
  # need to add IAM Policy to CodeBuild Role
  variables:
    CLUSTER_NAME: "node-dev-apne2-cluster"
    SERVICE_NAME: "nodejs_app_svc"
    TASK_DEF_NAME: "nodejs_app"
    Region: "ap-northeast-2"
    # Web Console : AccountID

  secrets-manager:
    ECR_REPOSITORY_URI: NODEJS_APP_SECRET:ECR_REPOSITORY_URI
    APP_NAME : NODEJS_APP_SECRET:APP_NAME

phases:
  install:
    runtime-versions:
      docker: 18

  pre_build:
    commands:
      - echo Current Build number is v${CODEBUILD_BUILD_NUMBER}
      - echo current working dir
      - pwd
      - echo Logging to Amazon ECR
      - aws --version
      - aws ecr get-login-password --region $Region | docker login --username AWS --password-stdin ${AccountID}.dkr.ecr.${Region}.amazonaws.com

  build:
    commands:
      # Build
      - echo Docker build ...
      - docker build -t ${APP_NAME}:v${CODEBUILD_BUILD_NUMBER} .

  post_build:
    commands:
      # Tag, Push
      - echo Docker Tag, Pushz
      - docker tag ${APP_NAME}:v${CODEBUILD_BUILD_NUMBER} ${ECR_REPOSITORY_URI}:v${CODEBUILD_BUILD_NUMBER}
      - docker push ${ECR_REPOSITORY_URI}:v${CODEBUILD_BUILD_NUMBER}

      # taskdef.json
      - cat scripts/taskdef.json | sed -e "s|<ACCOUNT_ID>|${AccountID}|g" -e "s|<ECR_REPO_URI>|${ECR_REPOSITORY_URI}|g" -e "s|<VERSION>|v${CODEBUILD_BUILD_NUMBER}|g" > taskdef.json
      
      # 만약 VPC 설정을 안하였을 경우, 주석 처리 가능
      # appspec.yml
      
      # 치환
      - cat scripts/appspec.yml > appspec.yml
      

artifacts:
 files:
  - appspec.yml
  - taskdef.json
  
# 참조 URL
- https://nyyang.tistory.com/100