[英]How to setup AWS CDK app execution in AWS CodeBuild?
I want to run AWS CDK synthesis from Git repository using AWS CodeBuild - ie if I update the CDK app code in the repo I want CloudFormation stacks to be updated automatically.我想使用 AWS CodeBuild 从 Git 存储库运行 AWS CDK 合成 - 即,如果我更新存储库中的 CDK 应用程序代码,我希望 CloudFormation 堆栈自动更新。 What are the best practices for setting up build role permissions?设置构建角色权限的最佳做法是什么?
For a GitHub repository, your CodeBuild role doesn't need additional permissions but it should have access to an oauthToken
to access GitHub.对于 GitHub 存储库,您的 CodeBuild 角色不需要额外的权限,但它应该有权访问oauthToken
以访问 GitHub。
For a CodeCommit repository, create or import
a codecommit.Repository
object and use a CodeCommitSource
object for your source
parameter, and the build role permissions will be set up automatically (in particular, the permissions that will be added will be to codecommit:GitPull
from the indicated repository).对于 CodeCommit 存储库,创建或import
codecommit.Repository
对象并使用CodeCommitSource
对象作为source
参数,构建角色权限将自动设置(特别是,将添加的权限将是codecommit:GitPull
from指定的存储库)。
You might also be interested in CDK's app-delivery package.您可能还对 CDK 的应用程序交付包感兴趣。 It doesn't just create a CodeBuild project though, it uses CodePipeline to fetch, build and deploy a CDK application, so it might be more than you are looking for.它不只是创建一个 CodeBuild 项目,它还使用 CodePipeline 来获取、构建和部署 CDK 应用程序,因此它可能比您正在寻找的更多。
AWS released a month ago a new class to the CDK suite called pipelines that includes several utilities to ease the job of setting up self modifying pipelines. AWS 一个月前向 CDK 套件发布了一个名为管道的新类,其中包含多个实用程序,以简化设置自修改管道的工作。 In addition, there's codepipeline-actions that includes constructs to hook your pipeline to CodeCommit, GitHub, BitBucket, etc...此外,还有codepipeline-actions ,其中包括将您的管道挂接到 CodeCommit、GitHub、BitBucket 等的结构...
Here's a complete example (verbatim from the linked blog post), using github as a source, that deploys a lambda through CodePipeline:这是一个完整的示例(来自链接的博客文章),使用 github 作为源,通过 CodePipeline 部署 lambda:
Create a stage with your stack用你的堆栈创建一个舞台
import { CfnOutput, Construct, Stage, StageProps } from '@aws-cdk/core';
import { CdkpipelinesDemoStack } from './cdkpipelines-demo-stack';
/**
* Deployable unit of web service app
*/
export class CdkpipelinesDemoStage extends Stage {
public readonly urlOutput: CfnOutput;
constructor(scope: Construct, id: string, props?: StageProps) {
super(scope, id, props);
const service = new CdkpipelinesDemoStack(this, 'WebService');
// Expose CdkpipelinesDemoStack's output one level higher
this.urlOutput = service.urlOutput;
}
}
Create a stack with your pipeline使用您的管道创建堆栈
import * as codepipeline from '@aws-cdk/aws-codepipeline';
import * as codepipeline_actions from '@aws-cdk/aws-codepipeline-actions';
import { Construct, SecretValue, Stack, StackProps } from '@aws-cdk/core';
import { CdkPipeline, SimpleSynthAction } from "@aws-cdk/pipelines";
/**
* The stack that defines the application pipeline
*/
export class CdkpipelinesDemoPipelineStack extends Stack {
constructor(scope: Construct, id: string, props?: StackProps) {
super(scope, id, props);
const sourceArtifact = new codepipeline.Artifact();
const cloudAssemblyArtifact = new codepipeline.Artifact();
const pipeline = new CdkPipeline(this, 'Pipeline', {
// The pipeline name
pipelineName: 'MyServicePipeline',
cloudAssemblyArtifact,
// Where the source can be found
sourceAction: new codepipeline_actions.GitHubSourceAction({
actionName: 'GitHub',
output: sourceArtifact,
oauthToken: SecretValue.secretsManager('github-token'),
owner: 'OWNER',
repo: 'REPO',
}),
// How it will be built and synthesized
synthAction: SimpleSynthAction.standardNpmSynth({
sourceArtifact,
cloudAssemblyArtifact,
// We need a build step to compile the TypeScript Lambda
buildCommand: 'npm run build'
}),
});
// This is where we add the application stages
// ...
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.