I built a Code Pipeline with AWS CDK.
Good work. @naokiur. We look forward to working with you in 2020 and this year as well.
After knowing AWS CDK "How do you create this with an AWS CDK ...?" I often think like this.
This time, I will introduce a simple CI / CD environment. Built with AWS CDK (Java).
environment
- MacBook Pro (Retina 13-inch、Early 2015)
- macOS Mojave 10.14.6
- Java 1.8.0_191
- IntelliJ IDEA CE 2019.2.4
Building Code Pipeline
Diagram
Get the source, ZIP, just store in S3, Because I use Github for business, Not CodeCommit I made Github the source.
Code Pipeline construction
To build CodePipeline Broadly speaking, I was able to build it by creating the following.
- Pipeline class
- Stages class
- Action class
- Artifact class
Pipeline class
Literally, it is a class that represents CodePipeline.
build () this class
By cdk deploy
I was able to build a Code Pipeline on AWS.
final Pipeline saveToS3Pipeline = Pipeline.Builder
.create(this, "saveSourceToS3")
.pipelineName("saveSourceToS3")
.stages(new ArrayList<>(Arrays.asList(source, build, deploy)))
.build();
Not limited to this
To generate AWS resources
hoge.Builder.create (Stack class, id). ~ Omitted ~ .build ()
It seems that it can be built with
I feel that it is easy to understand.
CodePipeline requires at least two Stages, so
You must specify a List with at least two elements in stages ().
If not specified, an error will occur.
Stage class
This is the Stage class to be set in CodePipeline. This time (although there is not much content) You have created all three stages: Source, Build, and Deploy.
final StageProps source = StageProps.builder()
.stageName("DownloadSourceFromGithub")
.actions(new ArrayList<>(Arrays.asList(github)))
.build();
final StageProps build = StageProps.builder()
.stageName("BuildSource")
.actions(new ArrayList<>(Arrays.asList(codeBuild)))
.build();
final StageProps deploy = StageProps.builder()
.stageName("SaveSourceToS3")
.actions(new ArrayList<>(Arrays.asList(s3)))
.build();
It's not written as hoge.Builder.create (Stack class, id). ~ Omitted ~ .build ().
Stage is not an AWS service, but an element of CodePipeline,
This is because it does not appear as a resource in the CloudFormation stack.
(* This is an individual opinion)
It seems that Stage can have multiple Actions.
Action class
A class of Action to be executed in Stage. Create Actions for each Stage. This time (because there is not much content) One for each stage.
final Action github = GitHubSourceAction.Builder
.create()
.actionName("DownloadFromGithub")
.oauthToken(githubToken)
.branch(branchName)
.repo(repoName)
.owner(ownerName)
.output(sourceArtifact)
.build();
final Action codeBuild = CodeBuildAction.Builder
.create()
.actionName("BuildSource")
.project(codeBuildProject)
.input(sourceArtifact)
.outputs(new ArrayList<>(Arrays.asList(buildArtifact)))
.build();
final Action s3 = S3DeployAction.Builder
.create()
.bucket(deployBucket)
.actionName("DeploySourceToS3")
.input(buildArtifact)
.build();
In the codepipeline.actions package,
Since there is a class according to the Action to be executed,
Generate the required class.
(Currently, it doesn't seem to be all that CodePipeline can do ...)
GitHubSourceAction class
Action to use Github as Source. It's easy to understand. Set up repositories and branches.
You can also specify an OAuth Token to connect, Use the SecretValue class.
SecretValue class
This class is for getting secret information. Get information from Secret in the System Manager parameter store It seems that you can get information from Secret Manager.
This time, set the Token of Github in Secret Manager in advance, I tried to get it.
final SecretsManagerSecretOptions secretOptions = SecretsManagerSecretOptions.builder()
.jsonField("github-token")
.build();
final SecretValue githubToken = SecretValue.secretsManager(
"naokiur-secret",
secretOptions
);
CodeBuildAction class
A class that builds CodeBuild for CodePipeline. This time I created buildspec.yml in the repository.
S3DeployAction class
A class for deploying to S3.
Artifact class
I came out in the Action class Also a CodePipeline, This class is specified for Input / Output of each Action. Now you have the image of handing over.
Create the following two Specified for Input / Output of each Action.
final Artifact sourceArtifact = Artifact.artifact("Source");
final Artifact buildArtifact = Artifact.artifact("Build");
Now you have a complete build! !!
Where I was addicted
- System Manager parameter store Secret cannot be set to CodePipeline
- I just didn't know, but it wasn't supported ...
- At first, I was trying to do it with Secret in the parameter store instead of SecretManager, but I got the following error message ... * SSM Secure reference is not supported in [AWS::CodePipeline::Pipeline/Properties/Stages,AWS::CodePipeline::Webhook/Properties/AuthenticationConfiguration/SecretToken]
- Invalid credentials appear on Github webhook
- When generating the SecretValue class.
- I just didn't know this, but at first, when SecretValue was generated, it was as follows.
*
final SecretValue githubToken = SecretValue.secretsManager("naokiur-secret"); - I couldn't connect with this, and I was addicted to why the Token should be correct.
- After all, it seems that the key specification method was incorrect, it could not be obtained, and the Token was accessing empty.
- I didn't notice until I got an error when running CodePipeline ...
- When I executed the command
cdk synthesizethat can generate a CloudFormation file, the relevant item was as follows. *SecretToken: "{{resolve:secretsmanager:naokiur-secret:SecretString:::}}" - Now you notice the lack of parameters ...
I used it as a reference
- https://dev.classmethod.jp/server-side/serverless/aws-cdk-cicd/
- https://github.com/aws/aws-cdk/issues/3515
- https://docs.aws.amazon.com/ja_jp/codepipeline/latest/userguide/GitHub-rotate-personal-token-CLI.html
Recommended Posts