This is a serverless app that provides automated publishing of serverless applications to the AWS Serverless Application Repository (SAR) via AWS CodePipeline. See this tutorial for a step-by-step walkthrough.
This app contains a single Lambda function: ServerlessRepoPublish. It uses convenience helpers from the serverlessrepo python module to publish applications to SAR.
- A code change is made to a serverless application and pushed to the source repository, which is the source provider of the CodePipeline pipeline.
- The code change flows through the pipeline and outputs a packaged SAM template as a stage output.
- ServerlessRepoPublish lambda is invoked by CodePipeline as part of the Invoke Action of the pipeline.
- ServerlessRepoPublish lambda gets the packaged SAM template from CodePipeline artifact store S3 bucket.
- ServerlessRepoPublish lambda calls
serverlessrepo.publish_application()
with the packaged template as input. It will perform either create or update logic for the serverless application. See here for details on the python module behavior. - ServerlessRepoPublish lambda calls CodePipeline PutJobSuccessResult API with job id if publish is successful. Otherwise, call CodePipeline PutJobFailureResult API with job id and failure details from
serverlessrepo.publish_application()
For a step-by-step walkthrough of using this app with AWS CodePipeline, see this tutorial.
You can also embed this app in the same SAM template that defines your CodePipeline and artifact store bucket using nested apps. Below is a SAM template snippet that nests AWS CodePipeline SAR Auto-Publish app and creates a three-stage (Source, Build, Deploy) pipeline:
AWSTemplateFormatVersion: '2010-09-09'
Transform: 'AWS::Serverless-2016-10-31'
Resources:
CodePipelineServerlessRepoPublishApp:
Type: 'AWS::Serverless::Application'
Properties:
Location:
ApplicationId: 'arn:aws:serverlessrepo:us-east-1:077246666028:applications/aws-serverless-codepipeline-serverlessrepo-publish'
SemanticVersion: 1.0.0
Pipeline:
Type: AWS::CodePipeline::Pipeline
Properties:
ArtifactStore:
Type: S3
Location:
Ref: ArtifactStoreBucket
RoleArn: !GetAtt PipelineRole.Arn
Stages:
- Name: Source
Actions:
- Name: Source
ActionTypeId:
Category: Source
Owner: AWS
Provider: S3
Version: '1'
Configuration:
S3Bucket: <YourSourceBucket>
S3ObjectKey: <YourSourceKey>
OutputArtifacts:
- Name: SourceArtifact
RunOrder: '1'
- Name: Build
Actions:
- Name: Build
ActionTypeId:
Category: Build
Owner: AWS
Provider: CodeBuild
Version: '1'
Configuration:
ProjectName: <YourCodeBuildProjectName>
InputArtifacts:
- Name: SourceArtifact
OutputArtifacts:
- Name: BuildArtifact
RunOrder: '1'
- Name: Deploy
Actions:
- Name: DeployToServerlessRepo
ActionTypeId:
Category: Invoke
Owner: AWS
Provider: Lambda
Version: '1'
Configuration:
FunctionName: !GetAtt CodePipelineServerlessRepoPublishApp.Outputs.ServerlessRepoPublishFunctionName # Here we use the app output ServerlessRepoPublishFunctionName
InputArtifacts:
- Name: BuildArtifact
RunOrder: '1'
PipelineRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Action: ['sts:AssumeRole']
Effect: Allow
Principal:
Service: [codepipeline.amazonaws.com]
Version: '2012-10-17'
Path: /
Policies:
- PolicyName: CodePipelineAccess
PolicyDocument:
Version: '2012-10-17'
Statement:
- Action:
- 'iam:PassRole'
Effect: Allow
Resource: '*'
- Effect: Allow
Action:
- "codebuild:BatchGetBuilds"
- "codebuild:StartBuild"
Resource:
- <YourCodeBuildProjectArn>
- Effect: Allow
Action:
- "lambda:InvokeFunction"
Resource:
- !GetAtt CodePipelineServerlessRepoPublishApp.Outputs.ServerlessRepoPublishFunctionArn # Here we use the app output ServerlessRepoPublishFunctionArn
- Action:
- 's3:ListBucket'
- 's3:GetBucketVersioning'
Effect: Allow
Resource:
- !Sub ${ArtifactStoreBucket.Arn}
- <YourSourceBucketArn>
- Action:
- 's3:PutObject'
- 's3:GetObject'
- 's3:GetObjectVersion'
Effect: Allow
Resource:
- !Sub ${ArtifactStoreBucket.Arn}/*
- <YourSourceBucketArn>
ArtifactStoreBucket:
Type: AWS::S3::Bucket
Properties:
VersioningConfiguration:
Status: Enabled
LogLevel
(optional) - Log level for Lambda function logging, e.g., ERROR, INFO, DEBUG, etc. Default: INFO
ServerlessRepoPublishFunctionName
- ServerlessRepoPublish lambda function name.ServerlessRepoPublishFunctionArn
- ServerlessRepoPublish lambda function ARN.
This code is made available under the MIT license. See the LICENSE file.