in lib/aws-service-catalog.ts [30:189]
constructor(scope: core.Construct, id: string, props: CdkCloudFormationProductProps) {
super(scope, id);
const codeRepo = new codecommit.CfnRepository(this, 'ccRepo', {
repositoryName: props.githubRepo,
repositoryDescription: `Repo for ${props.productName}`,
code: {
branchName: 'main',
s3: {
bucket: props.TargetCatalog.EmptyRepoZipAsset.bucket.bucketName,
key: props.TargetCatalog.EmptyRepoZipAsset.s3ObjectKey
}
}
});
const pipeline = new codepipeline.Pipeline(this, `${props.githubRepo}-pipeline`, {
pipelineName: `${props.githubRepo}-pipeline`,
});
const sourceOutput = new codepipeline.Artifact();
pipeline.addStage({
stageName: 'Source',
actions: [ new codepipelineactions.CodeCommitSourceAction({
actionName: 'InitRepo',
repository: codecommit.Repository.fromRepositoryName(this, 'stagedRepo', props.githubRepo),
output: sourceOutput,
branch: 'main',
codeBuildCloneOutput: true
})
],
});
var installCommands = [
'npm -g install typescript'
,'npm install -g aws-cdk'
,'git config --global user.email "quickstart@amazon.com"'
,'git config --global user.name "Blueprint Pipeline"'
,`git pull https://github.com/${props.githubOwner}/${props.githubRepo} --allow-unrelated-histories`
];
if(props.cdkLanguage == CdkCloudFormationProduct.CdkLanguage.Typescript){
installCommands.push('npm install')
}
if(props.cdkLanguage == CdkCloudFormationProduct.CdkLanguage.Python){
installCommands.push('pip install -r requirements.txt')
}
var buildCommands = [
];
if(props.cdkLanguage == CdkCloudFormationProduct.CdkLanguage.Typescript){
buildCommands.push('npm run build')
}
if(props.cdkLanguage == CdkCloudFormationProduct.CdkLanguage.Python){
}
buildCommands.push('cdk deploy --require-approval never')
const codeBuildProjectRole = new iam.Role(this, 'codeBuildProjectRole', {
assumedBy: new iam.ServicePrincipal('codebuild.amazonaws.com'),
})
const cdkMinPolicy = {
"Version": "2012-10-17",
"Statement": [
{
"Sid": "resourceWidePermissions",
"Effect": "Allow",
"Action": [
"ec2:DescribeImages",
"iam:GetRole",
"iam:GetAccountPasswordPolicy",
"cloudformation:ListStacks",
"cloudformation:DescribeStackEvents",
"health:DescribeEventAggregates",
"ec2:DescribeAvailabilityZones",
"iam:ListAccountAliases",
"iam:ListRoles",
"ec2:DescribePrefixLists",
"cloudformation:DescribeStacks",
"iam:GetAccountSummary"
],
"Resource": "*"
} ,
{
"Sid": "assumeRolePermission",
"Effect": "Allow",
"Action": [
"sts:AssumeRole",
],
"Resource": [
'arn:aws:iam::*:role/cdk-readOnlyRole',
'arn:aws:iam::*:role/cdk-hnb659fds-deploy-role-*',
'arn:aws:iam::*:role/cdk-hnb659fds-file-publishing-*'
]
}
]
};
const cdkMinPolicyDocument = iam.PolicyDocument.fromJson(cdkMinPolicy);
const cdkMinManagedPolicy = new iam.ManagedPolicy(this, 'cdkMinPolicy', {
document: cdkMinPolicyDocument
});
cdkMinManagedPolicy.attachToRole(codeBuildProjectRole);
//const codeBuildPipeProject = new codebuild.PipelineProject(this, 'Pipeline');
const codeBuildPipeProject = new codebuild.PipelineProject(this, 'Pipeline', {
environment: {
buildImage: codebuild.LinuxBuildImage.STANDARD_2_0,
},
buildSpec: codebuild.BuildSpec.fromObject({
version: '0.2',
phases: {
install: {
commands: installCommands
},
build: {
commands: buildCommands
},
},
}),
role: codeBuildProjectRole
});
pipeline.addStage({
stageName: 'Build',
actions: [
new codepipelineactions.CodeBuildAction({
actionName: 'CodeBuild',
project: codeBuildPipeProject,
input: sourceOutput,
outputs: [new codepipeline.Artifact()], // optional
executeBatchBuild: false // optional, defaults to false
})
]
});
}