in cluster-codebuild/eks_codebuild.py [0:0]
def __init__(self, scope: Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
# Create IAM Role For CodeBuild
# TODO Make this role's policy least privilege
aws_app_resources_build_role = iam.Role(
self, "EKSCodeBuildRole",
assumed_by=iam.ServicePrincipal("codebuild.amazonaws.com"),
managed_policies=[
iam.ManagedPolicy.from_aws_managed_policy_name(
"AdministratorAccess")
]
)
# We only want to fire on the master branch and if there is a change in the dockerbuild folder
git_hub_source = codebuild.Source.git_hub(
owner=self.node.try_get_context("github_owner"),
repo=self.node.try_get_context("github_repo"),
branch_or_ref=self.node.try_get_context("github_branch"),
webhook=True,
webhook_filters=[
codebuild.FilterGroup.in_event_of(codebuild.EventAction.PUSH).and_branch_is(
self.node.try_get_context("github_branch")).and_file_path_is("cluster-bootstrap/*")
]
)
# Create CodeBuild
build_project = codebuild.Project(
self, "EKSCodeBuild",
source=git_hub_source,
role=aws_app_resources_build_role,
environment=codebuild.BuildEnvironment(
build_image=codebuild.LinuxBuildImage.STANDARD_5_0,
compute_type=codebuild.ComputeType.LARGE
),
build_spec=codebuild.BuildSpec.from_source_filename(
"cluster-bootstrap/buildspec.yml")
)