-
Notifications
You must be signed in to change notification settings - Fork 3.9k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(aws-codebuild): add
enableBatchBuilds()
to Project (#12531)
In order for a CodeBuild to run in batch mode, a batch service role is needed, as described [here in the docs](https://docs.aws.amazon.com/codebuild/latest/userguide/batch-build.html). >Batch builds introduce a new security role in the batch configuration. This new role is required as CodeBuild must be able to call the StartBuild, StopBuild, and RetryBuild actions on your behalf to run builds as part of a batch. Customers should use a new role, and not the same role they use in their build... At first I thought lets add this by default, but then I realised when `BatchConfiguration` is set to something, in the aws console the default 'start build' button behaviour changes to start a batch build by default instead :/ So now this adds a new `supportBatchBuildType` option, which when `true` adds minimum amount of `BatchConfiguration` needed for batch builds to run. I also updated the doc blocks for the webhook option and CodePipeline action option, because users of those also need to set this option. It would be nice to auto-enable this if a webhook or CodeBuild action is configured, but that sounds pretty complicated. I'm not sure why anyone would need to customise this role, given it appears to only be used internally to do those 3 things, so this PR does not make it configurable. My thinking is that this could be added later if needed, but this PR just gets batch builds working. In the future if people want control of the other `BatchConfiguration` options I was thinking these could be added and would require `supportBatchBuildType` to be `true`. related: aws-cloudformation/cloudformation-coverage-roadmap#621
- Loading branch information
1 parent
d7e028a
commit 0568390
Showing
8 changed files
with
477 additions
and
19 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
188 changes: 188 additions & 0 deletions
188
packages/@aws-cdk/aws-codebuild/test/integ.github-webhook-batch.expected.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,188 @@ | ||
{ | ||
"Resources": { | ||
"MyProjectRole9BBE5233": { | ||
"Type": "AWS::IAM::Role", | ||
"Properties": { | ||
"AssumeRolePolicyDocument": { | ||
"Statement": [ | ||
{ | ||
"Action": "sts:AssumeRole", | ||
"Effect": "Allow", | ||
"Principal": { | ||
"Service": "codebuild.amazonaws.com" | ||
} | ||
} | ||
], | ||
"Version": "2012-10-17" | ||
} | ||
} | ||
}, | ||
"MyProjectRoleDefaultPolicyB19B7C29": { | ||
"Type": "AWS::IAM::Policy", | ||
"Properties": { | ||
"PolicyDocument": { | ||
"Statement": [ | ||
{ | ||
"Action": [ | ||
"logs:CreateLogGroup", | ||
"logs:CreateLogStream", | ||
"logs:PutLogEvents" | ||
], | ||
"Effect": "Allow", | ||
"Resource": [ | ||
{ | ||
"Fn::Join": [ | ||
"", | ||
[ | ||
"arn:", | ||
{ | ||
"Ref": "AWS::Partition" | ||
}, | ||
":logs:", | ||
{ | ||
"Ref": "AWS::Region" | ||
}, | ||
":", | ||
{ | ||
"Ref": "AWS::AccountId" | ||
}, | ||
":log-group:/aws/codebuild/", | ||
{ | ||
"Ref": "MyProject39F7B0AE" | ||
} | ||
] | ||
] | ||
}, | ||
{ | ||
"Fn::Join": [ | ||
"", | ||
[ | ||
"arn:", | ||
{ | ||
"Ref": "AWS::Partition" | ||
}, | ||
":logs:", | ||
{ | ||
"Ref": "AWS::Region" | ||
}, | ||
":", | ||
{ | ||
"Ref": "AWS::AccountId" | ||
}, | ||
":log-group:/aws/codebuild/", | ||
{ | ||
"Ref": "MyProject39F7B0AE" | ||
}, | ||
":*" | ||
] | ||
] | ||
} | ||
] | ||
} | ||
], | ||
"Version": "2012-10-17" | ||
}, | ||
"PolicyName": "MyProjectRoleDefaultPolicyB19B7C29", | ||
"Roles": [ | ||
{ | ||
"Ref": "MyProjectRole9BBE5233" | ||
} | ||
] | ||
} | ||
}, | ||
"MyProjectBatchServiceRole6B35CF0E": { | ||
"Type": "AWS::IAM::Role", | ||
"Properties": { | ||
"AssumeRolePolicyDocument": { | ||
"Statement": [ | ||
{ | ||
"Action": "sts:AssumeRole", | ||
"Effect": "Allow", | ||
"Principal": { | ||
"Service": "codebuild.amazonaws.com" | ||
} | ||
} | ||
], | ||
"Version": "2012-10-17" | ||
} | ||
} | ||
}, | ||
"MyProjectBatchServiceRoleDefaultPolicy7A0E5721": { | ||
"Type": "AWS::IAM::Policy", | ||
"Properties": { | ||
"PolicyDocument": { | ||
"Statement": [ | ||
{ | ||
"Action": [ | ||
"codebuild:StartBuild", | ||
"codebuild:StopBuild", | ||
"codebuild:RetryBuild" | ||
], | ||
"Effect": "Allow", | ||
"Resource": { | ||
"Fn::GetAtt": [ | ||
"MyProject39F7B0AE", | ||
"Arn" | ||
] | ||
} | ||
} | ||
], | ||
"Version": "2012-10-17" | ||
}, | ||
"PolicyName": "MyProjectBatchServiceRoleDefaultPolicy7A0E5721", | ||
"Roles": [ | ||
{ | ||
"Ref": "MyProjectBatchServiceRole6B35CF0E" | ||
} | ||
] | ||
} | ||
}, | ||
"MyProject39F7B0AE": { | ||
"Type": "AWS::CodeBuild::Project", | ||
"Properties": { | ||
"Artifacts": { | ||
"Type": "NO_ARTIFACTS" | ||
}, | ||
"Environment": { | ||
"ComputeType": "BUILD_GENERAL1_SMALL", | ||
"Image": "aws/codebuild/standard:1.0", | ||
"ImagePullCredentialsType": "CODEBUILD", | ||
"PrivilegedMode": false, | ||
"Type": "LINUX_CONTAINER" | ||
}, | ||
"ServiceRole": { | ||
"Fn::GetAtt": [ | ||
"MyProjectRole9BBE5233", | ||
"Arn" | ||
] | ||
}, | ||
"Source": { | ||
"Location": "https://github.com/aws/aws-cdk.git", | ||
"ReportBuildStatus": false, | ||
"Type": "GITHUB" | ||
}, | ||
"BuildBatchConfig": { | ||
"ServiceRole": { | ||
"Fn::GetAtt": [ | ||
"MyProjectBatchServiceRole6B35CF0E", | ||
"Arn" | ||
] | ||
} | ||
}, | ||
"EncryptionKey": "alias/aws/s3", | ||
"Triggers": { | ||
"BuildType": "BUILD_BATCH", | ||
"FilterGroups": [ | ||
[ | ||
{ | ||
"Pattern": "PUSH", | ||
"Type": "EVENT" | ||
} | ||
] | ||
], | ||
"Webhook": true | ||
} | ||
} | ||
} | ||
} | ||
} |
29 changes: 29 additions & 0 deletions
29
packages/@aws-cdk/aws-codebuild/test/integ.github-webhook-batch.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
import * as cdk from '@aws-cdk/core'; | ||
import * as codebuild from '../lib'; | ||
|
||
class TestStack extends cdk.Stack { | ||
constructor(scope: cdk.App, id: string) { | ||
super(scope, id); | ||
|
||
const source = codebuild.Source.gitHub({ | ||
owner: 'aws', | ||
repo: 'aws-cdk', | ||
reportBuildStatus: false, | ||
webhook: true, | ||
webhookTriggersBatchBuild: true, | ||
webhookFilters: [ | ||
codebuild.FilterGroup.inEventOf(codebuild.EventAction.PUSH), | ||
], | ||
}); | ||
new codebuild.Project(this, 'MyProject', { | ||
source, | ||
grantReportGroupPermissions: false, | ||
}); | ||
} | ||
} | ||
|
||
const app = new cdk.App(); | ||
|
||
new TestStack(app, 'test-codebuild-github-webhook-batch'); | ||
|
||
app.synth(); |
Oops, something went wrong.