Skip to content

Instantly share code, notes, and snippets.

@qswitcher
Last active July 25, 2018 02:00
Show Gist options
  • Save qswitcher/dff325e6f5408ccb19f71f53854d5b56 to your computer and use it in GitHub Desktop.
Save qswitcher/dff325e6f5408ccb19f71f53854d5b56 to your computer and use it in GitHub Desktop.
CodeBuild:
Type: 'AWS::CodeBuild::Project'
Properties:
Name: !Sub ${AWS::StackName}-CodeBuild
ServiceRole: !GetAtt CodeBuildRole.Arn
Artifacts:
# The downloaded source code for the build will come from CodePipeline
Type: CODEPIPELINE
Name: MyProject
Source:
Type: CODEPIPELINE
Environment:
# Linux container with node installed
ComputeType: BUILD_GENERAL1_SMALL
Type: LINUX_CONTAINER
Image: "aws/codebuild/nodejs:8.11.0"
Source:
Type: CODEPIPELINE
BuildSpec: !Sub |
version: 0.1
phases:
pre_build:
commands:
- echo Installing source NPM dependencies...
- npm install
build:
commands:
- echo Build started on `date`
- npm run build
post_build:
commands:
# copy the contents of /build to S3
- aws s3 cp --recursive --acl public-read ./build s3://${DeployBucket}/
# set the cache-control headers for service-worker.js to prevent
# browser caching
- >
aws s3 cp --acl public-read
--cache-control="max-age=0, no-cache, no-store, must-revalidate"
./build/service-worker.js s3://${DeployBucket}/
# set the cache-control headers for index.html to prevent
# browser caching
- >
aws s3 cp --acl public-read
--cache-control="max-age=0, no-cache, no-store, must-revalidate"
./build/index.html s3://${DeployBucket}/
# invalidate the CloudFront cache for index.html and service-worker.js
# to force CloudFront to update its edge locations with the new versions
- >
aws cloudfront create-invalidation --distribution-id ${Distribution}
--paths /index.html /service-worker.js
artifacts:
files:
- '**/*'
base-directory: build
# IAM role that allows CodeBuild to interact with S3, CloudWatch, and CloudFront
CodeBuildRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: Allow
Principal:
Service:
- "codebuild.amazonaws.com"
Action:
- "sts:AssumeRole"
Path: /service-role/
Policies:
- PolicyName: root
PolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: Allow
Action:
- "s3:GetObject"
- "s3:GetObjectVersion"
- "s3:GetBucketVersioning"
- "s3:PutObject"
Resource:
- !GetAtt PipelineBucket.Arn
- !Join ['', [!GetAtt PipelineBucket.Arn, "/*"]]
-
Effect: Allow
Action:
- "s3:GetObject"
- "s3:GetObjectVersion"
- "s3:GetBucketVersioning"
- "s3:PutObject"
- "s3:PutObjectAcl"
Resource:
- !GetAtt DeployBucket.Arn
- !Join ['', [!GetAtt DeployBucket.Arn, "/*"]]
-
Effect: Allow
Action:
- "logs:CreateLogGroup"
- "logs:CreateLogStream"
- "logs:PutLogEvents"
- "cloudfront:CreateInvalidation"
Resource:
- "*"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment