This repository has been archived by the owner on Sep 26, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathaws-docker.yml
101 lines (98 loc) · 3.13 KB
/
aws-docker.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
Parameters:
ProjectName:
Type: String
Default: foomatic
Resources:
GitRepo:
Type: "AWS::CodeCommit::Repository"
Properties:
RepositoryName: !Ref ProjectName
BuildRole:
Type: "AWS::IAM::Role"
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Principal:
Service:
- "codebuild.amazonaws.com"
Action:
- "sts:AssumeRole"
Path: "/"
Policies:
-
PolicyName: "root"
PolicyDocument:
Version: "2012-10-17"
Statement:
# Pull from repo
-
Effect: "Allow"
Action:
- "codecommit:GitPull"
Resource:
- !Sub "arn:aws:codecommit:${AWS::Region}:${AWS::AccountId}:${ProjectName}"
# Write build logs:
-
Effect: "Allow"
Action:
- "logs:CreateLogGroup"
- "logs:CreateLogStream"
- "logs:PutLogEvents"
Resource:
- !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/${ProjectName}"
- !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/${ProjectName}:*"
# Login to ECR:
-
Effect: "Allow"
Action:
- "ecr:GetAuthorizationToken"
Resource: "*"
# Publish to ECR
-
Effect: "Allow"
Action:
- "ecr:BatchCheckLayerAvailability"
- "ecr:CompleteLayerUpload"
- "ecr:InitiateLayerUpload"
- "ecr:PutImage"
- "ecr:UploadLayerPart"
Resource:
- !Sub "arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/${ProjectName}"
Build:
Type: "AWS::CodeBuild::Project"
Properties:
Name:
Ref: ProjectName
ServiceRole: !GetAtt BuildRole.Arn
Source:
Type: CODECOMMIT
Location:
!GetAtt GitRepo.CloneUrlHttp
BuildSpec:
!Sub |
version: 0.1
phases:
pre_build:
commands:
- aws ecr get-login --region ${AWS::Region}
- $(aws ecr get-login --region ${AWS::Region})
build:
commands:
- docker build -t ${ProjectName}:latest .
- docker tag ${ProjectName}:latest ${AWS::AccountId}.dkr.ecr.${AWS::Region}.amazonaws.com/${ProjectName}:latest
post_build:
commands:
- docker push ${AWS::AccountId}.dkr.ecr.${AWS::Region}.amazonaws.com/${ProjectName}:latest
Artifacts:
Type: NO_ARTIFACTS
Environment:
Type: linuxContainer
ComputeType: BUILD_GENERAL1_SMALL
Image: aws/codebuild/docker:1.12.1
DockrRepo:
Type: "AWS::ECR::Repository"
Properties:
RepositoryName: !Ref ProjectName