forked from aws-samples/aws-serverless-samfarm
-
Notifications
You must be signed in to change notification settings - Fork 0
/
pipeline.yaml
179 lines (179 loc) · 5.66 KB
/
pipeline.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
AWSTemplateFormatVersion: "2010-09-09"
Description: "Template for full CI/CD serverless applications."
Parameters:
AppName:
Type: String
Description: Name of the application.
MinLength: "1"
MaxLength: "80"
AllowedPattern: "[A-Za-z0-9-]+"
ConstraintDescription: Malformed input parameter. AppName must only contain upper and lower case letters, numbers, and -.
SAMInputFile:
Type: String
Description: The filename for the SAM file.
Default: saml.yaml
SAMOutputFile:
Type: String
Description: The filename for the output SAM file from the buildspec file.
Default: post-saml.yaml
StagingFile:
Type: String
Description: The cloudformation staging file. Leave empty if no staging file is needed.
Default: beta.json
CodeBuildImage:
Type: String
Default: "aws/codebuild/nodejs:7.0.0"
Description: Image used for CodeBuild project.
GitHubRepoName:
Type: String
Description: The GitHub repo name
GitHubRepoBranch:
Type: String
Description: The GitHub repo branch code pipelines should watch for changes on
Default: master
GitHubUser:
Type: String
Description: GitHub UserName. This username must have access to the GitHubToken.
GitHubToken:
NoEcho: true
Type: String
Description: "Secret. OAuthToken with access to Repo. Long string of characters and digits. Go to https://github.com/settings/tokens"
CodePipelineRole:
Type: String
Description: Role the pipeline will use
CloudformationRole:
Type: String
Description: Role for cloudformation
CodeBuildRole:
Type: String
Description: Role for code build
Conditions:
HasStagingVariables:
!Not
- !Equals [!Ref StagingFile, ""]
Resources:
CodeBuildProject:
DependsOn: [S3Bucket]
Description: Creating AWS CodeBuild project
Type: AWS::CodeBuild::Project
Properties:
Artifacts:
Type: CODEPIPELINE
Description: !Sub "Building stage for ${AppName}."
Environment:
ComputeType: BUILD_GENERAL1_SMALL
EnvironmentVariables:
- Name: S3_BUCKET
Value: !Ref S3Bucket
Image: !Ref CodeBuildImage
Type: LINUX_CONTAINER
Name: !Sub "${AppName}-build"
ServiceRole: !Ref CodeBuildRole
Source:
Type: CODEPIPELINE
Tags:
- Key: app-name
Value: !Ref AppName
TimeoutInMinutes: 5
S3Bucket:
Description: Creating Amazon S3 bucket for AWS CodePipeline artifacts
Type: AWS::S3::Bucket
DeletionPolicy: Retain
Properties:
BucketName: !Sub "serverless-app-${AWS::AccountId}-${AWS::Region}-${AppName}"
VersioningConfiguration:
Status: Enabled
S3ArtifactBucketPolicy:
DependsOn: [S3Bucket]
Description: Setting Amazon S3 bucket policy for AWS CodePipeline access
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref S3Bucket
PolicyDocument:
Version: "2012-10-17"
Id: SSEAndSSLPolicy
Statement:
- Sid: DenyInsecureConnections
Effect: Deny
Principal: "*"
Action: s3:*
Resource: !Sub "arn:aws:s3:::${S3Bucket}/*"
Condition:
Bool:
aws:SecureTransport: false
ProjectPipeline:
DependsOn: [S3Bucket, CodeBuildProject]
Description: Creating a deployment pipeline for your project in AWS CodePipeline
Type: AWS::CodePipeline::Pipeline
Properties:
Name: !Sub "${AppName}-pipeline"
RoleArn: !Ref CodePipelineRole
Stages:
- Name: Source
Actions:
- Name: source
InputArtifacts: []
ActionTypeId:
Version: "1"
Category: Source
Owner: ThirdParty
Provider: GitHub
OutputArtifacts:
- Name: !Sub "${AppName}-SourceArtifact"
Configuration:
Repo: !Ref GitHubRepoName
Branch: !Ref GitHubRepoBranch
OAuthToken: !Ref GitHubToken
Owner: !Ref GitHubUser
RunOrder: 1
- Name: Build
Actions:
- Name: build-from-source
InputArtifacts:
- Name: !Sub "${AppName}-SourceArtifact"
ActionTypeId:
Category: Build
Owner: AWS
Version: "1"
Provider: CodeBuild
OutputArtifacts:
- Name: !Sub "${AppName}-BuildArtifact"
Configuration:
ProjectName: !Sub "${AppName}-build"
RunOrder: 1
- Name: Deploy
Actions:
- Name: create-changeset
InputArtifacts:
- Name: !Sub "${AppName}-BuildArtifact"
ActionTypeId:
Category: Deploy
Owner: AWS
Version: "1"
Provider: CloudFormation
OutputArtifacts: []
Configuration:
StackName: !Sub "${AppName}-serverless-stack"
ActionMode: CHANGE_SET_REPLACE
RoleArn: !Ref CloudformationRole
ChangeSetName: pipeline-changeset
Capabilities: CAPABILITY_NAMED_IAM
TemplatePath: !Sub "${AppName}-BuildArtifact::${SAMOutputFile}"
TemplateConfiguration: !If [ HasStagingVariables, !Sub "${AppName}-BuildArtifact::${StagingFile}", "" ]
RunOrder: 1
- Name: execute-changeset
InputArtifacts: []
ActionTypeId:
Category: Deploy
Owner: AWS
Version: "1"
Provider: CloudFormation
OutputArtifacts: []
Configuration:
StackName: !Sub "${AppName}-serverless-stack"
ActionMode: CHANGE_SET_EXECUTE
ChangeSetName: pipeline-changeset
RunOrder: 2
ArtifactStore:
Type: S3
Location: !Ref S3Bucket