in infra/ecs-service/construct/ecs-cicd-const.ts [79:152]
private createBuildProject(ecrRepo: ecr.Repository, props: EcsCicdProps): codebuild.Project {
const project = new codebuild.Project(this, 'DockerBuild', {
projectName: `${props.stackName}DockerBuild`,
environment: {
buildImage: codebuild.LinuxBuildImage.AMAZON_LINUX_2_2,
computeType: codebuild.ComputeType.LARGE,
privileged: true
},
environmentVariables: {
'CLUSTER_NAME': {
value: `${props.cluster.clusterName}`
},
'ECR_REPO_URI': {
value: `${ecrRepo.repositoryUri}`
},
'CONTAINER_NAME': {
value: `${props.containerName}`
},
'APP_PATH': {
value: `${props.appPath}`
}
},
buildSpec: codebuild.BuildSpec.fromObject({
version: "0.2",
phases: {
pre_build: {
commands: [
'echo "In Pre-Build Phase"',
'export TAG=latest',
'echo $TAG'
]
},
build: {
commands: [
'echo "In Build Phase"',
'cd $APP_PATH',
'ls -l',
`docker build -t $ECR_REPO_URI:$TAG .`,
'$(aws ecr get-login --no-include-email)',
'docker push $ECR_REPO_URI:$TAG'
]
},
post_build: {
commands: [
'echo "In Post-Build Phase"',
'pwd',
"printf '[{\"name\":\"%s\",\"imageUri\":\"%s\"}]' $CONTAINER_NAME $ECR_REPO_URI:$TAG > imagedefinitions.json",
"pwd; ls -al; cat imagedefinitions.json"
]
}
},
artifacts: {
files: [
`${props.appPath}/imagedefinitions.json`
]
}
}),
});
ecrRepo.grantPullPush(project.role!);
project.addToRolePolicy(new iam.PolicyStatement({
actions: [
"ecs:DescribeCluster",
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:BatchGetImage",
"ecr:GetDownloadUrlForLayer"
],
resources: [props.cluster.clusterArn],
}));
return project;
}