首页 > 其他分享 >[AWS] CloudFormation Template Connect Github Version 2 Using CodeStar

[AWS] CloudFormation Template Connect Github Version 2 Using CodeStar

时间:2022-09-05 07:33:34浏览次数:106  
标签:GitHub Version AWS Effect CloudFormation Github Action Type


Using CloudFormation template to create CodePipeline should be the best practice to maintain a pipeline. There are a lot of posts or videos online that can teach you how to do it, for example, this youtube video. The above tutorial is very good to teach you how to create a pipeline with yaml template file, the only thing is that it is still using Github Version 1 Connection which is not recommended by AWS anymore.


Recommended: The GitHub version 2 action uses Github app-based auth backed by a CodeStarSourceConnection for Bitbucket, GitHub, and GitHub Enterprise Server actions resource. It installs an AWS CodeStar Connections application into your GitHub organization so that you can manage access in GitHub.

Not recommended: The GitHub version 1 action uses OAuth tokens to authenticate with GitHub and uses a separate webhook to detect changes. This is no longer the recommended method.

The following is part of the CloudFormation template file that use CodeStar to create Github Version 2 Connection:


Parameters:
  GitHubOwner:
    Type: String
    AllowedPattern: '[A-Za-z0-9-]+'
    Default: <YourUserName>
  GitHubRepository:
    Type: String
    AllowedPattern: '[A-Za-z0-9-]+'
    Default: <YourRepo>
  GitHubBranch:
    Type: String
    AllowedPattern: '[A-Za-z0-9-]+'
    Default: master
Resources:
  CodePipelineServiceRole:
    Type: 'AWS::IAM::Role'
    Properties:
      AssumeRolePolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: Allow
            Principal:
              Service: codepipeline.amazonaws.com
            Action: 'sts:AssumeRole'
      Policies:
        - PolicyName: root
          PolicyDocument:
            Version: 2012-10-17
            Statement:
              - Sid: CodeStarConnectionPolicy
                Effect: Allow
                Action:
                  - 'codestar-connections:UseConnection'
                Resource: '*'
              - Sid: CloudWatchLogsPolicy
                Effect: Allow
                Action:
                  - 'logs:CreateLogGroup'
                  - 'logs:CreateLogStream'
                  - 'logs:PutLogEvents'
                Resource:
                  - '*'
              - Sid: S3GetObjectPolicy
                Effect: Allow
                Action:
                  - 's3:GetObject'
                  - 's3:GetObjectVersion'
                Resource:
                  - '*'
              - Sid: S3PutObjectPolicy
                Effect: Allow
                Action:
                  - 's3:PutObject'
                Resource:
                  - '*'
              - Sid: S3BucketIdentity
                Effect: Allow
                Action:
                  - 's3:GetBucketAcl'
                  - 's3:GetBucketLocation'
                Resource:
                  - '*'
              - Sid: CodeBuildPolicy
                Action:
                  - 'codebuild:BatchGetBuilds'
                  - 'codebuild:StartBuild'
                Resource: '*'
                Effect: Allow
  CodePipelineArtifactStore:
    Type: 'AWS::S3::Bucket'
    DeletionPolicy: Delete
    Properties:
      VersioningConfiguration:
        Status: Enabled
  CodeStarConnection:
    Type: 'AWS::CodeStarConnections::Connection'
    Properties:
      ConnectionName: SupGitHubConnection
      ProviderType: GitHub
  CodePipeline:
    Type: 'AWS::CodePipeline::Pipeline'
    Properties:
      Name: !Ref 'AWS::StackName'
      RoleArn: !GetAtt 
        - CodePipelineServiceRole
        - Arn
      ArtifactStore:
        Type: S3
        Location: !Ref CodePipelineArtifactStore
      Stages:
        - Name: Source
          Actions:
            - Name: Source
              ActionTypeId:
                Category: Source
                Owner: AWS
                Version: 1
                Provider: CodeStarSourceConnection
              Configuration:
                ConnectionArn: !Ref CodeStarConnection
                BranchName: !Ref GitHubBranch
                FullRepositoryId: !Sub ${GitHubOwner}/${GitHubRepository}
              OutputArtifacts:
                - Name: SourceCode

References:

Complete GitHub CI/CD Pipeline with AWS CodeBuild and AWS CodePipeline using CloudFormation template

Using Cloudformation To Automate Build, Test, And Deploy With Codepipeline (part 3)

Update a GitHub version 1 source action to a GitHub version 2 source action

标签:GitHub,Version,AWS,Effect,CloudFormation,Github,Action,Type
From: https://www.cnblogs.com/grandyang/p/16656747.html

相关文章

  • MLops:我最喜欢的数据科学项目的 Github 项目模板
    MLops:我最喜欢的数据科学项目的Github项目模板source:unsplash.com-@yancyminTLDR:在这个故事中,我将分享一个git项目结构,我经常将其用作数据科学项目的起点,并......
  • Hexo + GitHub Pages 搭建博客
    前言:HEXO是一个快速、简洁且高效的博客框架,GitHubPages是GitHub提供的一个网页寄存服务,可用于存放静态网页,包括博客、项目文档甚至整本书。前提:注册GitHub教......
  • 详述 GitHub 中声明 LICENSE 的方法
    当我们在GitHub浏览一些开源项目时,我们经常会看到这样的标志:如上图所示,Apache-2.0,我们可以将其称之为开源许可证,那么到底开源许可证是什么呢?开源许可证即授权条款。......
  • Git使用出现[email protected] Permission denied publickey. 处理
    Git使用出现[email protected]:Permissiondeniedpublickey.处理进入gitbash界面然后:第一步,gitconfig--global--list验证邮箱与GitHub注册时输入的是否一致第二步......
  • git解决The authenticity of host ‘github.com (192.30.255.112)‘ can‘t be establ
    git解决Theauthenticityofhost‘github.com(192.30.255.112)‘can‘tbeestablished问题报错完整信息Theauthenticityofhost'github.com(20.205.243.166)'c......
  • 利用 SSH 完成 Git 与 GitHub 的绑定
    如上图所示,进入Settings页面后,再点击SSHandGPGKeys进入此子界面,然后点击NewSSHkey按钮:在「史上最简单的GitHub教程」中,我们已经对GitHub有了一定的了解,包括创建仓......
  • GitHub 主页介绍及修改个人信息
    接着「敲开GitHub的大门-注册账号」一文的内容,我们继续往下介绍:注意:下面的是之前的版本,现在界面已经有所更新了,而且浏览器可以帮助我们翻译成中文,也是比较方便的.......
  • 创建 GitHub 仓库的步骤及方法
    创建GitHub仓库的步骤及方法在「GitHub主页介绍及修改个人信息」一文中,我们已经对GitHub的个人主页有了一些了解,并且完成了对个人信息的修改。但是美中不足的是,我们......
  • 深入理解 GitHub Flow
    深入理解GitHubFlowGitHubFlow是一个轻量级,基于分支的工作流,支持团队和项目的定期部署。本指南介绍了GitHubFlow的工作原理。Step1.创建分支(Createabranch)......
  • Hello World · GitHub 指南
    HelloWorld·GitHub指南简介HelloWorld项目是计算机编程历史中悠久的传统。在我们学习新知识的时候,她也是一个简单的练习。现在,就让我们一起了解GitHub吧!你将学......