Improve the use of CodePipeline by adding the following features:
- Approve Manual Approval step via Slack
- Automatically approve/reject Manual Approval step according to QA results
- Copy files according to condition, for example: passed auto-qa tests
Note: to shorten the resources' names, you'll sometimes see cpa
instead of codepipeline-actions
More regions
To deploy in other regions, replace AWS_REGION with the region's code
https://AWS_REGION.console.aws.amazon.com/cloudformation/home?region=AWS_REGION#/stacks/quickcreate?templateURL=https://
codepipeline-actions.s3-eu-west-1.amazonaws.com/cpa-cf-template.yml
You need to create a metadata file which holds all of the information from GitHub.
- Example for creating a specific metadata.nfo file - cpa-cf-codebuild-metadata.yml
- Example for creating a adding metadata info to your build ZIP file - cpa-cf-codebuild.yml
- Make sure your CodeBuild has permissions to copy files to the Metadata bucket
- Add this to
build
orinstall
phase in yourbuildspec.yml
phases: install: runtime-versions: ... # your runtime commands: ... # other commands - echo ">> Creating ${METADATA_FILE_NAME} locally" - echo "my qa results" > ${METADATA_FILE_NAME}
- Add this to
post_build
phase inr yourbuildspec.yml
build: commands: ... # other commands - echo ">> Copying ${METADATA_FILE_NAME} to the bucket ${METADATA_BUCKET_NAME}" - aws s3 cp ${METADATA_FILE_NAME} s3://${METADATA_BUCKET_NAME}/${METADATA_FILE_NAME} --metadata qa_status=success,source_id=${CODEBUILD_RESOLVED_SOURCE_VERSION},webhook_base_ref=${CODEBUILD_WEBHOOK_BASE_REF},webhook_head_ref=${CODEBUILD_WEBHOOK_HEAD_REF},webhook_event=${CODEBUILD_WEBHOOK_EVENT},webhook_actor=${CODEBUILD_WEBHOOK_ACTOR_ACCOUNT_ID},webhook_trigger=${CODEBUILD_WEBHOOK_TRIGGER},repo_url=${CODEBUILD_SOURCE_REPO_URL}
TODO: Add instructions on how to do it via AWS Console
Add relevant topics in your CodePipeline, full example - cpa-cf-codepipeline.yml
Stages:
... # other stages
- Name: Release
Actions:
- Name: ManualReleaseApproval
ActionTypeId:
Category: Approval
Owner: AWS
Provider: Manual
Version: "1"
Configuration:
# This is where use the SNS Topic
NotificationArn: !Sub "arn:aws:sns:${AWS::Region}:${AWS::AccountId}:${AppName}-cpa-Release-${Stage}"
CustomData: !Sub "${Stage}"
RunOrder: 1
TODO: Add instructions on how to do it via AWS Console
Contributing
- AWS user with Administrator privileges
- aws cli
- yarn
- bash
- Docker
- Docker Compose
- Integrate CodeBuild with your GitHub account
- Create CodeBuild project
- Source Provider: GitHub, Repository in my GitHub account and click Connect
- Discard the CodeBuild project
- aws-vault (Optional, but recommended)
TODO: Create a Docker image of prerequisites
codepipeline-actions:
- means we're in this project's root folder
Clone this repository
codepipeline-actions: git [email protected]:devops-internal/codepipeline-actions.git
codepipeline-actions:
- means we're in this project's root folder
bash-5.0#
- means we're in the container
codepipeline-actions: yarn docker:run
...
bash-5.0:
aws-vault users - Update env
file with your AWS_VAULT_PROFILE
and run yarn docker:run:aws-vault
- Installs dependencies for Lambda Layers and services (Lambda Functions)
- Creates two S3 buckets and updates
.env
file
- Create a Slack channel:
codepipeline_notifications
- Create a Slack application
- Create a Slack Bot for your Slack application, and add the bot to your channel
- Update
.env
file with the valuesSLACK_SIGNING_SECRET
SLACK_BOT_OAUTH_TOKEN
Run inside the running container
bash-5.0# yarn build
...
bash-5.0# yarn deploy:all
...
>> Go to Slack apps: https://api.slack.com/apps --> Select your app
>> Go to Interactive Components --> Update Request URL with:
>> https://hashedstr.execute-api.eu-west-1.amazonaws.com/prod/codepipeline/release
bash-5.0#
- Builds services (Lambda Functions) and outputs
dist
folder in each service - Deploys lambda layers - axios
- Deploys services - Lambda Functions
- Deploys CodeBuild
- Deploys CodePipeline
Create a pull-request, from any branch to develop
branch, now look at codepipeline_notifications
channel in Slack
Troubleshooting
If you updated the SNS-Topic, then the link to it in CodePipeline might be broken. Re-deploy CodePipeline with a different SNS-Topic, and then re-deploy CodePipeline with the corrent SNS-Topic.
No worries, update the .env
file and then run:
bash-5.0# yarn deploy:cpa
This will re-deploy the Lambda Functions (services) with the updated secrets.