Created
April 29, 2021 23:28
-
-
Save christopher-caldwell/60769fd0c554eb1207788256b8eea2cf to your computer and use it in GitHub Desktop.
Using CodeBuild with a custom Docker image
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Transform: 'AWS::Serverless-2016-10-31' | |
| Parameters: | |
| Stage: | |
| Type: String | |
| CloudFrontDistributionId: | |
| Type: String | |
| BranchToRunBuildFrom: | |
| Type: String | |
| RepositoryUrl: | |
| Type: String | |
| S3Bucket: | |
| Type: String | |
| Description: Name of S3 Bucket where the builds will be stored | |
| BuildCommand: | |
| Type: String | |
| Description: Command used to run the build for the specified environment | |
| RepositoryName: | |
| Type: String | |
| Description: Command used to run the build for the specified environment | |
| ImageTag: | |
| Type: String | |
| Description: Command used to run the build for the specified environment | |
| UiDeploymentBucket: | |
| Type: String | |
| Description: Command used to run the build for the specified environment | |
| Resources: | |
| # Role that the UI build will assume | |
| UiBuildServiceRole: | |
| Type: AWS::IAM::Role | |
| Properties: | |
| RoleName: !Sub project-ui-build-role-${Stage} | |
| AssumeRolePolicyDocument: | |
| Statement: | |
| - Effect: Allow | |
| Principal: | |
| Service: | |
| - codebuild.amazonaws.com | |
| Action: 'sts:AssumeRole' | |
| Policies: | |
| - PolicyName: cache-invalidation | |
| PolicyDocument: | |
| Statement: | |
| - Effect: Allow | |
| Action: | |
| - cloudfront:CreateInvalidation | |
| Resource: | |
| Fn::Join: | |
| - '' | |
| - - 'arn:aws:cloudfront::' | |
| - !Ref AWS::AccountId | |
| - ':distribution/' | |
| - !Ref CloudFrontDistributionId | |
| - PolicyName: logs-permissions | |
| PolicyDocument: | |
| Statement: | |
| - Effect: Allow | |
| Action: | |
| - logs:CreateLogStream | |
| - logs:CreateLogGroup | |
| - logs:PutLogEvents | |
| Resource: '*' | |
| - PolicyName: codebuild-permissions | |
| PolicyDocument: | |
| Statement: | |
| - Effect: Allow | |
| Action: | |
| - codebuild:CreateReportGroup | |
| - codebuild:CreateReport | |
| - codebuild:UpdateReport | |
| - codebuild:BatchPutTestCases | |
| Resource: '*' | |
| - PolicyName: !Sub upload-artifact-to-s3-${Stage} | |
| PolicyDocument: | |
| Statement: | |
| - Effect: Allow | |
| Action: | |
| - s3:PutObject | |
| Resource: | |
| - !Sub arn:aws:s3:::${S3Bucket} | |
| - !Sub arn:aws:s3:::${S3Bucket}/* | |
| - PolicyName: !Sub codepipeline-deploy-to-s3-${Stage} | |
| PolicyDocument: | |
| Statement: | |
| - Effect: Allow | |
| Action: | |
| - s3:PutObject | |
| - s3:GetBucketAcl | |
| - s3:GetBucketLocation | |
| Resource: | |
| - !Sub arn:aws:s3:::${UiDeploymentBucket} | |
| - !Sub arn:aws:s3:::${S3Bucket} | |
| - !Sub arn:aws:s3:::${S3Bucket}/* | |
| - PolicyName: !Sub allow-ecr-build-image-pull-${Stage} | |
| PolicyDocument: | |
| Statement: | |
| - Effect: Allow | |
| Action: | |
| - ecr:GetDownloadUrlForLayer | |
| - ecr:BatchGetImage | |
| - ecr:BatchCheckLayerAvailability | |
| - ecr:GetAuthorizationToken | |
| Resource: '*' | |
| #CodeBuild resource that will perform build | |
| UiBuildProject: | |
| Type: AWS::CodeBuild::Project | |
| Properties: | |
| Name: !Sub project-ui-build-${Stage} | |
| Description: !Sub 'Build steps for ${Stage} UI' | |
| ServiceRole: !GetAtt UiBuildServiceRole.Arn | |
| Artifacts: | |
| Type: S3 | |
| Location: !Ref S3Bucket | |
| EncryptionDisabled: true | |
| Environment: | |
| Type: LINUX_CONTAINER | |
| ComputeType: BUILD_GENERAL1_SMALL | |
| ImagePullCredentialsType: SERVICE_ROLE | |
| Image: | |
| Fn::Join: | |
| - '' | |
| - - !Ref AWS::AccountId | |
| - .dkr.ecr. | |
| - !Ref AWS::Region | |
| - .amazonaws.com/ | |
| - !Sub ${RepositoryName}:${ImageTag} | |
| EnvironmentVariables: | |
| - Name: BUILD_COMMAND | |
| Value: !Ref BuildCommand | |
| - Name: DISTRIBUTION_ID | |
| Value: !Ref CloudFrontDistributionId | |
| Source: | |
| Type: GITHUB | |
| Location: !Ref RepositoryUrl | |
| BuildSpec: ui/buildspec.yml | |
| Auth: | |
| Resource: !ImportValue GitHubCredentials | |
| Type: OAUTH | |
| TimeoutInMinutes: 10 | |
| Triggers: | |
| Webhook: true | |
| FilterGroups: | |
| - - Type: EVENT | |
| Pattern: PUSH | |
| - Type: HEAD_REF | |
| Pattern: !Sub ^refs/heads/${BranchToRunBuildFrom} | |
| - Type: FILE_PATH | |
| Pattern: ui |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment