This repository has been archived by the owner on Dec 20, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathcf-container.yaml
145 lines (130 loc) · 4.31 KB
/
cf-container.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
AWSTemplateFormatVersion: '2010-09-09'
Parameters:
ContainerNamespace:
Type: String
Default: ''
CostTagKey:
Type: String
Default: "osl-billing"
CostTagValue:
Type: String
Default: ''
CodeStarConnectionArn:
Type: String
Description: The Arn goes here. Connection created via https://docs.aws.amazon.com/dtconsole/latest/userguide/connections-create-github.html
Default: ''
GitHubFullRepo:
Type: String
Description: Owner/RepoName of desired GitHub path https://github.com/Owner/RepoName.
Default: 'ASFOpenSARlab/opensarlab-container'
GitHubBranchName:
Type: String
Default: 'main'
Resources:
ContainerPipelineRole:
Type: AWS::IAM::Role
Properties:
RoleName: !Sub ${AWS::Region}-${CostTagValue}-container-pipeline-role
AssumeRolePolicyDocument:
Statement:
Effect: Allow
Principal:
Service:
- cloudformation.amazonaws.com
- codebuild.amazonaws.com
- codepipeline.amazonaws.com
Action: sts:AssumeRole
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AdministratorAccess
ImagesCodeBuild:
Type: AWS::CodeBuild::Project
Properties:
Name: !Sub ${CostTagValue}-images
Artifacts:
Type: CODEPIPELINE
Environment:
Type: LINUX_CONTAINER
Image: aws/codebuild/standard:5.0
ComputeType: BUILD_GENERAL1_MEDIUM
PrivilegedMode: true
ServiceRole: !GetAtt ContainerPipelineRole.Arn
Tags:
- Key: !Sub ${CostTagKey}
Value: !Sub ${CostTagValue}
Source:
Type: CODEPIPELINE
BuildSpec: !Sub |
version: 0.2
env:
git-credential-helper: yes
shell: bash
phases:
install:
runtime-versions:
python: 3.9
build:
on-failure: ABORT
commands:
- echo "Logging into ECR...";
docker login -u AWS -p $(aws ecr get-login-password --region ${AWS::Region}) ${AWS::AccountId}.dkr.ecr.${AWS::Region}.amazonaws.com
- export DOCKER_REGISTRY="${AWS::AccountId}.dkr.ecr.${AWS::Region}.amazonaws.com/${ContainerNamespace}"
- cd images;
for p in $(ls -d */ | cut -f1 -d/ | grep -v "^_"); do
echo "Building image '$p'";
python3 check_ecr.py --image_name $p --aws_region ${AWS::Region} --container_namespace ${ContainerNamespace};
cd $p;
bash build.sh $p;
cd ..;
done
PipelineBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Sub codepipeline-${AWS::Region}-${CostTagValue}-container
Tags:
- Key: !Sub ${CostTagKey}
Value: !Sub ${CostTagValue}
Pipeline:
Type: AWS::CodePipeline::Pipeline
Properties:
ArtifactStore:
Type: S3
Location: !Ref PipelineBucket
Name: !Sub ${CostTagValue}-Container-Pipeline
RestartExecutionOnUpdate: False
RoleArn: !GetAtt ContainerPipelineRole.Arn
Tags:
- Key: !Sub ${CostTagKey}
Value: !Sub ${CostTagValue}
Stages:
- Name: !Sub ${CostTagValue}-GitHub-Source
Actions:
- Name: source
InputArtifacts: []
ActionTypeId:
Version: '1'
Owner: AWS
Category: Source
Provider: CodeStarSourceConnection
OutputArtifacts:
- Name: SourceArtifact
RunOrder: 1
Configuration:
ConnectionArn: !Sub ${CodeStarConnectionArn}
FullRepositoryId: !Sub ${GitHubFullRepo}
BranchName: !Sub ${GitHubBranchName}
OutputArtifactFormat: CODEBUILD_CLONE_REF
- Name: !Sub ${CostTagValue}-Build-Images
Actions:
- Name: images
RunOrder: 1
ActionTypeId:
Category: Build
Owner: AWS
Provider: CodeBuild
Version: "1"
Configuration:
ProjectName: !Ref ImagesCodeBuild
InputArtifacts:
- Name: SourceArtifact
OutputArtifacts: []
Region: !Sub ${AWS::Region}