Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(codebuild): remove oauthToken property from source #2252

Merged
merged 4 commits into from
Apr 16, 2019
Merged

fix(codebuild): remove oauthToken property from source #2252

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
68ebad0
fix(codebuild): remove oauthToken property from source
Kaixiang-AWS Apr 12, 2019
3faa2f7
update documentation
Kaixiang-AWS Apr 12, 2019
c7f19e3
add integ test against github source
Kaixiang-AWS Apr 12, 2019
3a6aebe
add ImportSourceCredentials example in README.md
Kaixiang-AWS Apr 16, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 9 additions & 4 deletions packages/@aws-cdk/aws-codebuild/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -90,20 +90,25 @@ Example:
const gitHubSource = new codebuild.GitHubSource({
owner: 'awslabs',
repo: 'aws-cdk',
oauthToken: new secretsmanager.SecretString(this, 'GitHubOAuthToken', {
secretId: 'my-github-token',
}).stringValue,
webhook: true, // optional, default: false
});
```

To provide GitHub credentials, please either go to AWS CodeBuild Console to connect
or call `ImportSourceCredentials` to persist your personal access token.
Example:

```
aws codebuild import-source-credentials --server-type GITHUB --auth-type PERSONAL_ACCESS_TOKEN --token <token_value>
```

### `BitBucketSource`

This source type can be used to build code from a BitBucket repository.

## Environment

By default, projects use a small instance with an Ubuntu 14.04 image. You
By default, projects use a small instance with an Ubuntu 18.04 image. You
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you want to update this, you will also need to update:

https://github.com/awslabs/aws-cdk/blob/huijbers/bump-jsii/packages/@aws-cdk/aws-codebuild/lib/project.ts#L944
https://github.com/awslabs/aws-cdk/blob/huijbers/bump-jsii/packages/@aws-cdk/aws-codebuild/lib/project.ts#L625

And add a new image here:

https://github.com/awslabs/aws-cdk/blob/huijbers/bump-jsii/packages/@aws-cdk/aws-codebuild/lib/project.ts#L1026

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry for not mentioning that in the PR. I have already pushed a commit to change the image, but forgot to update the documentation in the previous commit.

87b1ea0

can use the `environment` property to customize the build environment:

* `buildImage` defines the Docker image used. See [Images](#images) below for
Expand Down
19 changes: 0 additions & 19 deletions packages/@aws-cdk/aws-codebuild/lib/source.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
import codecommit = require('@aws-cdk/aws-codecommit');
import iam = require('@aws-cdk/aws-iam');
import s3 = require('@aws-cdk/aws-s3');
import { SecretValue } from '@aws-cdk/cdk';
import { CfnProject } from './codebuild.generated';
import { Project } from './project';

Expand Down Expand Up @@ -211,13 +210,6 @@ export interface GitHubSourceProps extends GitBuildSourceProps {
*/
readonly repo: string;

/**
* The oAuthToken used to authenticate when cloning source git repo.
* Note that you need to give CodeBuild permissions to your GitHub account in order for the token to work.
* That is a one-time operation that can be done through the AWS Console for CodeBuild.
*/
readonly oauthToken: SecretValue;

/**
* Whether to create a webhook that will trigger a build every time a commit is pushed to the GitHub repository.
*
Expand All @@ -239,14 +231,12 @@ export interface GitHubSourceProps extends GitBuildSourceProps {
export class GitHubSource extends GitBuildSource {
public readonly type: SourceType = SourceType.GitHub;
private readonly httpsCloneUrl: string;
private readonly oauthToken: SecretValue;
private readonly reportBuildStatus: boolean;
private readonly webhook?: boolean;

constructor(props: GitHubSourceProps) {
super(props);
this.httpsCloneUrl = `https://github.com/${props.owner}/${props.repo}.git`;
this.oauthToken = props.oauthToken;
this.webhook = props.webhook;
this.reportBuildStatus = props.reportBuildStatus === undefined ? true : props.reportBuildStatus;
}
Expand All @@ -261,7 +251,6 @@ export class GitHubSource extends GitBuildSource {

protected toSourceProperty(): any {
return {
auth: { type: 'OAUTH', resource: this.oauthToken },
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think this is correct. I believe you still need to supply auth: { type: 'OAUTH' } here.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Kaixiang-AWS can you confirm whether the auth: { type: 'OAUTH' } is still required here, even without the Token?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have updated the PR and added an integ test against github source to make sure it can deploy.

I can confirm that auth field is not required. There might be an issue with the doc. I will report it to the doc writer and ask him to update the doc.

location: this.httpsCloneUrl,
reportBuildStatus: this.reportBuildStatus,
};
Expand All @@ -277,11 +266,6 @@ export interface GitHubEnterpriseSourceProps extends GitBuildSourceProps {
*/
readonly httpsCloneUrl: string;

/**
* The OAuth token used to authenticate when cloning the git repository.
*/
readonly oauthToken: SecretValue;

/**
* Whether to ignore SSL errors when connecting to the repository.
*
Expand All @@ -296,19 +280,16 @@ export interface GitHubEnterpriseSourceProps extends GitBuildSourceProps {
export class GitHubEnterpriseSource extends GitBuildSource {
public readonly type: SourceType = SourceType.GitHubEnterprise;
private readonly httpsCloneUrl: string;
private readonly oauthToken: SecretValue;
private readonly ignoreSslErrors?: boolean;

constructor(props: GitHubEnterpriseSourceProps) {
super(props);
this.httpsCloneUrl = props.httpsCloneUrl;
this.oauthToken = props.oauthToken;
this.ignoreSslErrors = props.ignoreSslErrors;
}

protected toSourceProperty(): any {
return {
auth: { type: 'OAUTH', resource: this.oauthToken },
location: this.httpsCloneUrl,
insecureSsl: this.ignoreSslErrors,
};
Expand Down
129 changes: 129 additions & 0 deletions packages/@aws-cdk/aws-codebuild/test/integ.github.expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,129 @@
{
"Resources": {
"MyProjectRole9BBE5233": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": {
"Fn::Join": [
"",
[
"codebuild.",
{
"Ref": "AWS::URLSuffix"
}
]
]
}
}
}
],
"Version": "2012-10-17"
}
}
},
"MyProjectRoleDefaultPolicyB19B7C29": {
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyDocument": {
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": [
{
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":logs:",
{
"Ref": "AWS::Region"
},
":",
{
"Ref": "AWS::AccountId"
},
":log-group:/aws/codebuild/",
{
"Ref": "MyProject39F7B0AE"
}
]
]
},
{
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":logs:",
{
"Ref": "AWS::Region"
},
":",
{
"Ref": "AWS::AccountId"
},
":log-group:/aws/codebuild/",
{
"Ref": "MyProject39F7B0AE"
},
":*"
]
]
}
]
}
],
"Version": "2012-10-17"
},
"PolicyName": "MyProjectRoleDefaultPolicyB19B7C29",
"Roles": [
{
"Ref": "MyProjectRole9BBE5233"
}
]
}
},
"MyProject39F7B0AE": {
"Type": "AWS::CodeBuild::Project",
"Properties": {
"Artifacts": {
"Type": "NO_ARTIFACTS"
},
"Environment": {
"ComputeType": "BUILD_GENERAL1_SMALL",
"Image": "aws/codebuild/standard:1.0",
"PrivilegedMode": false,
"Type": "LINUX_CONTAINER"
},
"ServiceRole": {
"Fn::GetAtt": [
"MyProjectRole9BBE5233",
"Arn"
]
},
"Source": {
"Location": "https://github.com/awslabs/aws-cdk.git",
"ReportBuildStatus": false,
"Type": "GITHUB"
}
}
}
}
}
23 changes: 23 additions & 0 deletions packages/@aws-cdk/aws-codebuild/test/integ.github.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
import cdk = require('@aws-cdk/cdk');
import codebuild = require('../lib');

class TestStack extends cdk.Stack {
constructor(scope: cdk.App, id: string) {
super(scope, id);

const source = new codebuild.GitHubSource({
owner: 'awslabs',
repo: 'aws-cdk',
reportBuildStatus: false,
});
new codebuild.Project(this, 'MyProject', {
source
});
}
}

const app = new cdk.App();

new TestStack(app, 'test-codebuild-github');

app.run();
77 changes: 75 additions & 2 deletions packages/@aws-cdk/aws-codebuild/test/test.codebuild.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -470,6 +470,79 @@ export = {
});
test.done();
},
'with GitHub source'(test: Test) {
const stack = new cdk.Stack();

new codebuild.Project(stack, 'Project', {
source: new codebuild.GitHubSource({
owner: 'testowner',
repo: 'testrepo',
cloneDepth: 3,
webhook: true,
reportBuildStatus: false,
})
});

expect(stack).to(haveResource('AWS::CodeBuild::Project', {
Source: {
Type: "GITHUB",
Location: 'https://github.com/testowner/testrepo.git',
ReportBuildStatus: false,
GitCloneDepth: 3,
}
}));

expect(stack).to(haveResourceLike('AWS::CodeBuild::Project', {
Triggers: {
Webhook: true,
},
}));

test.done();
},
'with GitHubEnterprise source'(test: Test) {
const stack = new cdk.Stack();

new codebuild.Project(stack, 'MyProject', {
source: new codebuild.GitHubEnterpriseSource({
httpsCloneUrl: 'https://github.testcompany.com/testowner/testrepo',
ignoreSslErrors: true,
cloneDepth: 4,
})
});

expect(stack).to(haveResource('AWS::CodeBuild::Project', {
Source: {
Type: "GITHUB_ENTERPRISE",
InsecureSsl: true,
GitCloneDepth: 4,
Location: 'https://github.testcompany.com/testowner/testrepo'
}
}));

test.done();
},
'with Bitbucket source'(test: Test) {
const stack = new cdk.Stack();

new codebuild.Project(stack, 'Project', {
source: new codebuild.BitBucketSource({
owner: 'testowner',
repo: 'testrepo',
cloneDepth: 5,
})
});

expect(stack).to(haveResource('AWS::CodeBuild::Project', {
Source: {
Type: 'BITBUCKET',
Location: 'https://bitbucket.org/testowner/testrepo.git',
GitCloneDepth: 5,
},
}));

test.done();
},
'fail creating a Project when no build spec is given'(test: Test) {
const stack = new cdk.Stack();

Expand Down Expand Up @@ -1065,8 +1138,8 @@ export = {
{ source: new codebuild.CodePipelineSource(), shouldPassValidation: false },
{ source: new codebuild.CodeCommitSource({ repository: repo }), shouldPassValidation: false },
{ source: new codebuild.S3BucketSource({ bucket, path: 'path/to/source.zip' }), shouldPassValidation: false },
{ source: new codebuild.GitHubSource({ owner: 'awslabs', repo: 'aws-cdk', oauthToken: new cdk.SecretValue()}), shouldPassValidation: true },
{ source: new codebuild.GitHubEnterpriseSource({ httpsCloneUrl: 'url', oauthToken: new cdk.SecretValue()}), shouldPassValidation: true },
{ source: new codebuild.GitHubSource({ owner: 'awslabs', repo: 'aws-cdk' }), shouldPassValidation: true },
{ source: new codebuild.GitHubEnterpriseSource({ httpsCloneUrl: 'url' }), shouldPassValidation: true },
{ source: new codebuild.BitBucketSource({ owner: 'awslabs', repo: 'aws-cdk' }), shouldPassValidation: true }
];

Expand Down
Loading