-
Notifications
You must be signed in to change notification settings - Fork 16
/
run_create_codebuild_default.py
executable file
·113 lines (93 loc) · 3.85 KB
/
run_create_codebuild_default.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
#!/usr/bin/env python3
import json
import time
from run_common import AWSCli
from run_common import print_message
from run_create_codebuild_common import create_base_iam_policy
from run_create_codebuild_common import create_iam_service_role
from run_create_codebuild_common import create_managed_secret_iam_policy
from run_create_codebuild_common import create_notification_rule
from run_create_codebuild_common import get_notification_rule
from run_create_codebuild_common import have_parameter_store
from run_create_codebuild_common import update_notification_rule
def run_create_default_project(name, settings):
aws_cli = AWSCli(settings['AWS_REGION'])
git_branch = settings['BRANCH']
build_spec = settings['BUILD_SPEC']
build_timeout = settings['BUILD_TIMEOUT']
compute_type = settings['ENV_COMPUTE_TYPE']
description = settings['DESCRIPTION']
git_repo = settings['GITHUB_REPO']
image = settings['IMAGE']
container_type = settings.get('CONTAINER_TYPE', 'LINUX_CONTAINER')
################################################################################
print_message('check previous version')
cmd = ['codebuild', 'list-projects']
result = aws_cli.run(cmd)
need_update = name in result['projects']
################################################################################
print_message('create iam service role')
service_role_name = create_iam_service_role(aws_cli, name)
create_base_iam_policy(aws_cli, name, settings, service_role_name)
if have_parameter_store(settings):
create_managed_secret_iam_policy(aws_cli, name, settings, service_role_name)
time.sleep(10)
service_role_arn = aws_cli.get_role_arn(service_role_name)
################################################################################
print_message('set environment variable')
env_list = []
for pp in settings['ENV_VARIABLES']:
if 'PARAMETER_STORE' == pp['type']:
nn = f"/CodeBuild/{name}/{pp['name']}"
cmd = ['ssm', 'get-parameter', '--name', nn]
aws_cli.run(cmd)
pp['value'] = nn
env_list.append(pp)
################################################################################
config = {
"name": name,
"description": description,
"source": {
"type": "GITHUB",
"location": git_repo,
"gitCloneDepth": 0,
"buildspec": build_spec,
"auth": {
"type": "OAUTH"
},
"insecureSsl": True,
"sourceIdentifier": git_branch
},
"artifacts": {
"type": "NO_ARTIFACTS"
},
"cache": {
"type": "NO_CACHE"
},
"environment": {
"type": container_type,
"image": image,
"computeType": compute_type,
"environmentVariables": env_list
},
"serviceRole": service_role_arn,
"timeoutInMinutes": build_timeout,
"badgeEnabled": True
}
config = json.dumps(config)
if need_update:
print_message(f'update project: {name}')
cmd = ['codebuild', 'update-project', '--cli-input-json', config, '--source-version', git_branch]
result = aws_cli.run(cmd)
else:
print_message(f'create project: {name}')
cmd = ['codebuild', 'create-project', '--cli-input-json', config, '--source-version', git_branch]
result = aws_cli.run(cmd)
################################################################################
print_message('create slack notification')
project_arn = result['project']['arn']
notification_rule_arn = get_notification_rule(aws_cli, project_arn)
if not notification_rule_arn:
create_notification_rule(aws_cli, name, project_arn)
else:
update_notification_rule(aws_cli, name, notification_rule_arn)