neilkuan/cdk-podman-buildah-on-codebuild.ts

## cdk-podman-buildah-on-codebuild.ts


import * as path from 'path';
import * as codebuild from '@aws-cdk/aws-codebuild';
import * as codecommit from '@aws-cdk/aws-codecommit';
import * as ecr from '@aws-cdk/aws-ecr';
import * as iam from '@aws-cdk/aws-iam';

import { App, Construct, RemovalPolicy, Stack, StackProps } from '@aws-cdk/core';
export class MyStack extends Stack {
  constructor(scope: Construct, id: string, props: StackProps = {}) {
    super(scope, id, props);
    new ecr.Repository(this, 'DemoRepository', {
      repositoryName: 'lighttpd',
      removalPolicy: RemovalPolicy.DESTROY,
    });
    const codecommitRepo = new codecommit.Repository(this, 'codecommit-repo', {
      repositoryName: 'ecsCicdDemo',
    });
    const codecommitSource = codebuild.Source.codeCommit({
      repository: codecommitRepo,
    });
    const project = new codebuild.Project(this, 'MyProject', {
      projectName: `${this.stackName}`,
      source: codecommitSource,
      environment: {
        buildImage: codebuild.LinuxBuildImage.fromAsset(this, 'CustomImage', {
          directory: path.join(__dirname, '../docker.d'),
        }),
        privileged: true,
      },
      environmentVariables: {
        AWS_DEFAULT_REGION: { value: this.region },
        AWS_ACCOUNT: { value: this.account },
      },
      buildSpec: codebuild.BuildSpec.fromObject({
        version: '0.2',
        phases: {
          build: {
            commands: [
              'echo "Run Podman GO GO GO!!!"',
              'podman ps',
              'echo "Build Image via buildah"',
              'export ctr1=$(buildah from "fedora")',
              'buildah run "$ctr1" -- dnf update -y',
              'buildah run "$ctr1" -- dnf install -y lighttpd',
              'buildah config --annotation "com.example.build.host=$(uname -n)" "$ctr1"',
              'buildah config --cmd "/usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf" "$ctr1"',
              'buildah config --port 80 "$ctr1"',
              'buildah commit "$ctr1" "$AWS_ACCOUNT.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/lighttpd"',
              'echo "List Images"',
              'podman images',
              'echo "Login AWS ECR"',
              'aws ecr get-login-password --region $AWS_DEFAULT_REGION | podman login --password-stdin --username AWS $AWS_ACCOUNT.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com',
              'podman push $AWS_ACCOUNT.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/lighttpd',
            ],
          },
        },
      }),
    });

    project.role!.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonEC2ContainerRegistryFullAccess'));

  }
}

// for development, use account/region from cdk cli
const devEnv = {
  account: process.env.CDK_DEFAULT_ACCOUNT,
  region: process.env.CDK_DEFAULT_REGION,
};

const app = new App();

new MyStack(app, 'my-stack-dev', { env: devEnv });
// new MyStack(app, 'my-stack-prod', { env: prodEnv });

app.synth();


	import * as path from 'path';
	import * as codebuild from '@aws-cdk/aws-codebuild';
	import * as codecommit from '@aws-cdk/aws-codecommit';
	import * as ecr from '@aws-cdk/aws-ecr';
	import * as iam from '@aws-cdk/aws-iam';

	import { App, Construct, RemovalPolicy, Stack, StackProps } from '@aws-cdk/core';
	export class MyStack extends Stack {
	constructor(scope: Construct, id: string, props: StackProps = {}) {
	super(scope, id, props);
	new ecr.Repository(this, 'DemoRepository', {
	repositoryName: 'lighttpd',
	removalPolicy: RemovalPolicy.DESTROY,
	});
	const codecommitRepo = new codecommit.Repository(this, 'codecommit-repo', {
	repositoryName: 'ecsCicdDemo',
	});
	const codecommitSource = codebuild.Source.codeCommit({
	repository: codecommitRepo,
	});
	const project = new codebuild.Project(this, 'MyProject', {
	projectName: `${this.stackName}`,
	source: codecommitSource,
	environment: {
	buildImage: codebuild.LinuxBuildImage.fromAsset(this, 'CustomImage', {
	directory: path.join(__dirname, '../docker.d'),
	}),
	privileged: true,
	},
	environmentVariables: {
	AWS_DEFAULT_REGION: { value: this.region },
	AWS_ACCOUNT: { value: this.account },
	},
	buildSpec: codebuild.BuildSpec.fromObject({
	version: '0.2',
	phases: {
	build: {
	commands: [
	'echo "Run Podman GO GO GO!!!"',
	'podman ps',
	'echo "Build Image via buildah"',
	'export ctr1=$(buildah from "fedora")',
	'buildah run "$ctr1" -- dnf update -y',
	'buildah run "$ctr1" -- dnf install -y lighttpd',
	'buildah config --annotation "com.example.build.host=$(uname -n)" "$ctr1"',
	'buildah config --cmd "/usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf" "$ctr1"',
	'buildah config --port 80 "$ctr1"',
	'buildah commit "$ctr1" "$AWS_ACCOUNT.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/lighttpd"',
	'echo "List Images"',
	'podman images',
	'echo "Login AWS ECR"',
	'aws ecr get-login-password --region $AWS_DEFAULT_REGION \| podman login --password-stdin --username AWS $AWS_ACCOUNT.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com',
	'podman push $AWS_ACCOUNT.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/lighttpd',
	],
	},
	},
	}),
	});

	project.role!.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonEC2ContainerRegistryFullAccess'));

	}
	}

	// for development, use account/region from cdk cli
	const devEnv = {
	account: process.env.CDK_DEFAULT_ACCOUNT,
	region: process.env.CDK_DEFAULT_REGION,
	};

	const app = new App();

	new MyStack(app, 'my-stack-dev', { env: devEnv });
	// new MyStack(app, 'my-stack-prod', { env: prodEnv });

	app.synth();