Skip to content

Instantly share code, notes, and snippets.

@maguzzi
Last active January 2, 2024 17:37
Show Gist options
  • Save maguzzi/4899697488d40105dd51ce2c37c1e327 to your computer and use it in GitHub Desktop.
Save maguzzi/4899697488d40105dd51ce2c37c1e327 to your computer and use it in GitHub Desktop.
Parametrized codepipeline
{
"AWSTemplateFormatVersion": "2010-09-09",
"Parameters": {
"ArtifactS3BucketNameParameter": {
"Description": "Artifact S3 Bucket Name",
"Type": "String"
},
"S3BucketNameParameter": {
"Description": "S3 Bucket Name",
"Type": "String"
},
"BranchNameParameter": {
"Description": "Github branch name",
"Type": "String"
},
"PipelineNameParameter": {
"Description": "Pipeline name",
"Type": "String"
},
"PipelineTagParameter": {
"Description": "Pipeline tag",
"Type": "String"
},
"InvalidationLambdaExported": {
"Description": "Lambda function performing the cache invalidation",
"Type": "String"
}
},
"Description": "Codepipeline to build static website with hexo framework",
"Resources": {
"AppPipeline": {
"Properties": {
"ArtifactStore": {
"Location": {
"Ref": "ArtifactS3BucketNameParameter"
},
"Type": "S3"
},
"Name": {
"Ref": "PipelineNameParameter"
},
"RoleArn": {
"Fn::GetAtt": [
"RoleForPipeline",
"Arn"
]
},
"Stages": [
{
"Actions": [
{
"ActionTypeId": {
"Category": "Source",
"Owner": "ThirdParty",
"Provider": "GitHub",
"Version": 1
},
"Configuration": {
"Branch": {
"Ref": "BranchNameParameter"
},
"OAuthToken": "{{resolve:secretsmanager:GithubOAuthToken}}",
"Owner": "maguzzi",
"PollForSourceChanges": "true",
"Repo": "marcoaguzzi_src"
},
"Name": "GithubDownload",
"OutputArtifacts": [
{
"Name": "marcoaguzzi-source-output"
}
],
"RunOrder": 1
}
],
"Name": "Source"
},
{
"Actions": [
{
"ActionTypeId": {
"Category": "Build",
"Owner": "AWS",
"Provider": "CodeBuild",
"Version": "1"
},
"Configuration": {
"ProjectName": {
"Fn::Join" : ["-",["marcoaguzzi-build",{"Ref":"PipelineTagParameter"}]]
}
},
"InputArtifacts": [
{
"Name": "marcoaguzzi-source-output"
}
],
"Name": "BuildAction",
"OutputArtifacts": [
{
"Name": "output-build-artifact"
}
],
"RunOrder": 1
}
],
"Name": "Build"
},
{
"Actions": [
{
"ActionTypeId": {
"Category": "Deploy",
"Owner": "AWS",
"Provider": "S3",
"Version": "1"
},
"Configuration": {
"BucketName": {
"Ref": "S3BucketNameParameter"
},
"Extract": "true"
},
"InputArtifacts": [
{
"Name": "output-build-artifact"
}
],
"Name": "DeployToS3Action"
}
],
"Name": "DeployToS3"
},
{
"Actions": [
{
"ActionTypeId": {
"Category": "Invoke",
"Owner": "AWS",
"Provider": "Lambda",
"Version": "1"
},
"Configuration": {
"FunctionName": {"Fn::ImportValue":{"Ref":"InvalidationLambdaExported"}}
},
"Name": "InvalidateCloudFrontCacheAction"
}
],
"Name": "InvalidateCloudFrontCacheStage"
}
]
},
"Type": "AWS::CodePipeline::Pipeline"
},
"CodePipelineArtifactsBucket": {
"Properties": {
"BucketName": {
"Ref": "ArtifactS3BucketNameParameter"
}
},
"Type": "AWS::S3::Bucket"
},
"MarcoaguzziBuild": {
"Properties": {
"Artifacts": {
"EncryptionDisabled": true,
"Location": "s3-marcoaguzzi-output-bucket",
"Name": "output-build-artifact",
"Packaging": "ZIP",
"Type": "CODEPIPELINE"
},
"ConcurrentBuildLimit": 1,
"Description": "Compile the source into the static website",
"Environment": {
"ComputeType": "BUILD_GENERAL1_SMALL",
"Image": "aws/codebuild/amazonlinux2-x86_64-standard:5.0",
"Type": "LINUX_CONTAINER"
},
"LogsConfig": {
"S3Logs": {
"Status": "DISABLED"
}
},
"Name": {
"Fn::Join" : ["-",["marcoaguzzi-build",{"Ref":"PipelineTagParameter"}]]
},
"ServiceRole": {
"Fn::GetAtt": [
"RoleForPipeline",
"Arn"
]
},
"Source": {
"Type": "CODEPIPELINE"
},
"Cache": {
"Type": "LOCAL",
"Modes": [
"LOCAL_SOURCE_CACHE"
]
}
},
"Type": "AWS::CodeBuild::Project"
},
"RoleForPipeline": {
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": [
"sts:AssumeRole"
],
"Effect": "Allow",
"Principal": {
"Service": [
"codepipeline.amazonaws.com",
"codebuild.amazonaws.com"
]
}
}
],
"Version": "2012-10-17"
},
"Policies": [
{
"PolicyDocument": {
"Statement": [
{
"Action": [
"codebuild:*",
"cloudformation:*",
"logs:*",
"s3:*",
"lambda:invokeFunction"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyName": "MyCodePipelineRolePolicy"
}
]
},
"Type": "AWS::IAM::Role"
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment