Skip to content

Instantly share code, notes, and snippets.

@jumpeiMano
Created December 1, 2019 09:27
Show Gist options
  • Save jumpeiMano/032ef70dc697557a0964a6b830a87bb5 to your computer and use it in GitHub Desktop.
Save jumpeiMano/032ef70dc697557a0964a6b830a87bb5 to your computer and use it in GitHub Desktop.
CodePipeline project written by CDK
import cdk = require("@aws-cdk/core");
import s3 = require("@aws-cdk/aws-s3");
import iam = require("@aws-cdk/aws-iam");
import build = require("@aws-cdk/aws-codebuild");
import pipeline = require("@aws-cdk/aws-codepipeline");
import pipeline_actions = require("@aws-cdk/aws-codepipeline-actions");
import deploy = require("@aws-cdk/aws-codedeploy");
export class PipelineStack extends cdk.Stack {
constructor(app: cdk.App, id: string, props?: cdk.StackProps) {
super(app, id, props);
const buildArtifactBucket = new s3.Bucket(this, "build-artifact", {
bucketName: "build-artifact",
versioned: true
});
const webhookFilters: build.FilterGroup[] = [];
webhookFilters.push(
build.FilterGroup.inEventOf(build.EventAction.PUSH).andTagIs(".*")
);
const project = new build.Project(this, "build", {
projectName: "build",
cache: build.Cache.local(
build.LocalCacheMode.DOCKER_LAYER,
build.LocalCacheMode.SOURCE,
build.LocalCacheMode.CUSTOM
),
source: build.Source.bitBucket({
owner: "xxxx",
repo: "xxxx",
reportBuildStatus: true,
webhookFilters,
cloneDepth: 1
}),
buildSpec: build.BuildSpec.fromSourceFilename("buildspec.yml"),
artifacts: build.Artifacts.s3({
bucket: buildArtifactBucket,
name: buildArtifactBucket.bucketName,
includeBuildId: false
})
});
const source = new pipeline.Artifact("source");
const sourceAction = new pipeline_actions.S3SourceAction({
actionName: "source-action",
output: source,
bucket: buildArtifactBucket,
bucketKey: "build-artifact"
});
const pipelineArtifactBucket = new s3.Bucket(
this,
"pipeline-artifact-bucket",
{
bucketName: "pipeline-artifact"
}
);
const appArtifact = new pipeline.Artifact("app-artifact");
const prepareAppArtifactBuild = new pipeline_actions.CodeBuildAction({
actionName: "app-prepare",
input: source,
outputs: [appArtifact],
project: new build.PipelineProject(this, "prepare", {
projectName: "prepare",
buildSpec: build.BuildSpec.fromObject({
version: 0.2,
phases: {
build: {
commands: ["xxx"]
}
},
artifacts: {
"base-directory": "dist",
files: ["**/*"]
}
})
})
});
const appApplication = new deploy.ServerApplication(
this,
"app-application",
{
applicationName: "app"
}
);
const appDeploymentConfig = new deploy.ServerDeploymentConfig(
this,
"app-config",
{
deploymentConfigName: "app-config",
minimumHealthyHosts: deploy.MinimumHealthyHosts.percentage(10)
}
);
new iam.Role(this, "app-role", {
roleName: "deployment-group-role",
assumedBy: new iam.ServicePrincipal("codedeploy.amazonaws.com", {
region: this.region
}),
managedPolicies: [
iam.ManagedPolicy.fromAwsManagedPolicyName(
"service-role/AWSCodeDeployRole"
)
],
inlinePolicies: {
addToPolicy: new iam.PolicyDocument({
statements: [
new iam.PolicyStatement({
actions: [
"iam:PassRole",
"ec2:CreateTags",
"ec2:RunInstances"
],
resources: ["*"]
})
]
})
}
});
const pipelineProject = new pipeline.Pipeline(this, "pipeline", {
pipelineName: "pipeline",
artifactBucket: pipelineArtifactBucket,
stages: [
{
stageName: "source",
actions: [sourceAction]
},
{
stageName: "prepare",
actions: [prepareAppArtifactBuild]
},
{
stageName: "approve",
actions: [
new pipeline_actions.ManualApprovalAction({
actionName: "approve"
})
]
},
{
stageName: "app-deploy",
actions: [
new pipeline_actions.CodeDeployServerDeployAction({
actionName: "app-deploy",
input: appArtifact,
deploymentGroup: deploy.ServerDeploymentGroup.fromServerDeploymentGroupAttributes(
this,
"deployment-group",
{
deploymentGroupName: "app-deployment-group",
deploymentConfig: appDeploymentConfig,
application: appApplication
}
)
})
]
}
]
});
cdk.Tag.add(this, "UserAccessLevel", "restricted");
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment