in terraform/cicd/Pipeline.py [0:0]
def __init__(self, app: core.App, id: str, props, **kwargs) -> None:
super().__init__(app, id, **kwargs)
# define the s3 artifact
source_output = aws_codepipeline.Artifact(artifact_name='source')
buildspec = aws_codepipeline.Artifact(artifact_name='buildspec')
scanned_source = aws_codepipeline.Artifact(artifact_name='scanned_source')
# define the pipeline
repo = aws_codecommit.Repository(self, "sourcerepo", repository_name='policy-as-code', description='Policy as Code Mirror')
change_set_name = 'policy-as-code'
pipeline = aws_codepipeline.Pipeline(
self, "Pipeline",
pipeline_name=f"{props['namespace']}",
artifact_bucket=props['bucket'],
stages=[
aws_codepipeline.StageProps(
stage_name='Source',
actions=[
aws_codepipeline_actions.CodeCommitSourceAction(
repository=repo,
action_name='source',
branch='main',
output=source_output,
trigger=aws_codepipeline_actions.CodeCommitTrigger.EVENTS
)
]
),
aws_codepipeline.StageProps(
stage_name='Build',
actions=[
aws_codepipeline_actions.CodeBuildAction(
action_name='Setup-Buildspec',
input=source_output,
outputs=[buildspec],
project=props['cb_docker_build'],
run_order=1,
)
]
),
aws_codepipeline.StageProps(
stage_name='ScanDeploy',
actions=[
aws_codepipeline_actions.CodeBuildAction(
action_name='Scan-Terraform-Apply',
input=buildspec,
project=props['cb_scan'],
run_order=1,
outputs=[scanned_source]
)
]
)
]
)
# give pipelinerole read write to the bucket
props['bucket'].grant_read_write(pipeline.role)
# pipeline param to get the
pipeline_param = aws_ssm.StringParameter(
self, "PipelineParam",
parameter_name=f"/{props['namespace']}/pipeline",
string_value=pipeline.pipeline_name,
description='terraform pipeline bucket'
)
# cfn output
core.CfnOutput(
self, "PipelineOut",
description="Pipeline",
value=pipeline.pipeline_name
)