· 6 years ago · Jul 14, 2019, 05:46 AM
1---
2AWSTemplateFormatVersion: 2010-09-09
3Description: Holochain docker build
4Parameters:
5 CodePipelineBucket:
6 Type: String
7 Default: holochain-shared-builds
8 Description: Stack Name of the S3 bucket where Codepipeline saves its artifacts.
9 GitHubRepo:
10 Type: String
11 Default: holonix
12 Description: GitHub repository name.
13 GitHubOwner:
14 Type: String
15 Default: holochain
16 Description: GitHub repository name.
17 GitHubToken:
18 Type: AWS::SSM::Parameter::Value<String>
19 Default: /infra/github/GitHubToken
20 Description: GitHub repository OAuth token
21
22Resources:
23 CodePipeline:
24 Type: AWS::CodePipeline::Pipeline
25 Properties:
26 DisableInboundStageTransitions:
27 -
28 Reason: New Deployment.
29 StageName: Build
30 RoleArn: !GetAtt [CodePipelineRole, Arn]
31 ArtifactStore:
32 Type: S3
33 Location:
34 Fn::ImportValue:
35 !Sub "${CodePipelineBucket}-S3Bucket"
36 Stages:
37 - Name: Source
38 Actions:
39 - Name: Source
40 ActionTypeId:
41 Category: Source
42 Owner: ThirdParty
43 Version: 1
44 Provider: GitHub
45 OutputArtifacts:
46 - Name: Build
47 Configuration:
48 Owner: !Ref GitHubOwner
49 Repo: !Ref GitHubRepo
50 Branch: master
51 OAuthToken: !Ref GitHubToken
52 RunOrder: 1
53 - Name: Build
54 Actions:
55 - Name: Build
56 InputArtifacts:
57 - Name: Build
58 ActionTypeId:
59 Category: Build
60 Owner: AWS
61 Version: 1
62 Provider: CodeBuild
63 OutputArtifacts:
64 - Name: QA
65 Configuration:
66 ProjectName: !Ref CodeBuild
67
68 CodeBuild:
69 Type: AWS::CodeBuild::Project
70 Properties:
71 Name: !Ref AWS::StackName
72 Description: !Ref AWS::StackName
73 ServiceRole: !Ref CodeBuildRole
74 Source:
75 Type: CODEPIPELINE
76 BuildSpec: |
77 version: 0.2
78 phases:
79 install:
80 runtime-versions:
81 docker: 18
82 pre_build:
83 commands:
84 - docker build -t holochain/holonix:latest .
85 - docker login -u $DOCKER_USER -p $DOCKER_PASS
86 - docker push holochain/holonix:latest
87 artifacts:
88 files:
89 - builds/**/*
90 Environment:
91 ComputeType: BUILD_GENERAL1_SMALL
92 Image: aws/codebuild/standard:.0
93 Type: LINUX_CONTAINER
94 Artifacts:
95 Type: CODEPIPELINE
96 Tags:
97 - Key: Name
98 Value: !Ref GitHubRepo
99
100 CodePipelineRole:
101 Type: 'AWS::IAM::Role'
102 Properties:
103 AssumeRolePolicyDocument:
104 Version: '2012-10-17'
105 Statement:
106 - Effect: Allow
107 Principal:
108 Service:
109 - 'codepipeline.amazonaws.com'
110 - 'codebuild.amazonaws.com'
111 Action:
112 - 'sts:AssumeRole'
113 Policies:
114 - PolicyName: ServicesAccess
115 PolicyDocument:
116 Version: '2012-10-17'
117 Statement:
118 - Effect: Allow
119 Action:
120 - codepipeline:*
121 - codebuild:*
122 - lambda:*
123 - iam:ListRoles
124 - iam:PassRole
125 - sns:*
126 Resource: '*'
127 - PolicyName: ArtifactAccess
128 PolicyDocument:
129 Version: '2012-10-17'
130 Statement:
131 - Effect: Allow
132 Action:
133 - s3:*
134 Resource:
135 !Sub
136 - arn:aws:s3:::${Bucket}/*
137 - Bucket:
138 Fn::ImportValue:
139 !Sub "${CodePipelineBucket}-S3Bucket"
140
141 CodeBuildRole:
142 Type: 'AWS::IAM::Role'
143 Properties:
144 AssumeRolePolicyDocument:
145 Version: '2012-10-17'
146 Statement:
147 - Effect: Allow
148 Principal:
149 Service:
150 - 'codebuild.amazonaws.com'
151 Action:
152 - 'sts:AssumeRole'
153 Policies:
154 - PolicyName: ServicesAccess
155 PolicyDocument:
156 Version: '2012-10-17'
157 Statement:
158 - Effect: Allow
159 Action:
160 - logs:*
161 - codecommit:*
162 Resource: '*'
163 - PolicyName: ArtifactAccess
164 PolicyDocument:
165 Version: '2012-10-17'
166 Statement:
167 - Effect: Allow
168 Action:
169 - s3:*
170 Resource:
171 - !Sub
172 - arn:aws:s3:::${Bucket}/*
173 - Bucket:
174 Fn::ImportValue:
175 !Sub "${CodePipelineBucket}-S3Bucket"