Guidance needed for customize codebuild s3 artifact resources
See original GitHub issue❓ General Issue
The Question
Any way to customize GitHubSourceAction
output with following configuration.
Artifact input, output with cuztomize FILENAME and disable KMS encrypt by default.
Something like below…
codeBuildProject.addSecondaryArtifact(
Artifacts.s3({
bucket: codebuildBucket,
path: 'mypath',
name: 'name',
identifier: 'bridge-artifact1',
encryption: false,
}),
);
Sample code
// buildspec.yml
artifacts:
files:
- "**/*"
name: myCUSTOMNAME ///// THIS not working, still generate randomly
// Codebuild bucket
const codebuildBucket = new s3.Bucket(
this,
`${environment.ENV}-codebuild-bucket`,
{
bucketName: `${environment.ENV.toLowerCase()}-codebuild-bucket`,
removalPolicy: cdk.RemovalPolicy.DESTROY,
blockPublicAccess: new s3.BlockPublicAccess({
blockPublicAcls: true,
blockPublicPolicy: false,
ignorePublicAcls: true,
restrictPublicBuckets: false,
}),
accessControl: s3.BucketAccessControl.PUBLIC_READ,
},
);
const pipeline = new codepipeline.Pipeline(
this,
`${environment.ENV}`,
{
pipelineName: `${environment.ENV}`,
restartExecutionOnUpdate: true,
artifactBucket: codebuildBucket,
},
);
// Source stage, grab code from Github
const sourceStage = pipeline.addStage({
stageName: 'Source',
});
const buildStage = pipeline.addStage({
stageName: 'Build',
placement: {
justAfter: sourceStage,
},
});
const sourceOutput = new codepipeline.Artifact('sourceOutput');
const sourceAction = new cpaction.GitHubSourceAction({
actionName: codebuild-action-${environment.ENV}`,
owner: '',
repo: 'api',
oauthToken: oauthSecret,
branch: `${environment.branch}`,
trigger: cpaction.GitHubTrigger.WEBHOOK,
output: sourceOutput, ////// THIS I hope I can customize its output file's name and disable KMS encryption.
});
sourceStage.addAction(sourceAction);
const codeBuildProject = new codebuild.PipelineProject(
this,
`Api-${environment.ENV}`,
{
role: buildRole,
environment: {
buildImage: codebuild.LinuxBuildImage.fromDockerRegistry('node:12-buster'),
},
buildSpec: codebuild.BuildSpec.fromSourceFilename('buildspec.yml'),
},
);
const buildOutput = new codepipeline.Artifact('buildOutput');
const buildAction = new cpaction.CodeBuildAction({
actionName: 'Build',
input: sourceOutput, // This hope it can disable its encryption
outputs: [buildOutput], // This hope it can disable its encryption
project: codeBuildProject,
});
buildStage.addAction(buildAction);
Environment
- CDK CLI Version: 1.44.0
- Module Version: 1.44.0
- Node.js Version: v14.3.0
- OS: OSX
- Language (Version): TypeScript (3.8.3)
References
Issue Analytics
- State:
- Created 3 years ago
- Comments:5 (3 by maintainers)
Top Results From Across the Web
CodeBuild::Project Artifacts - AWS CloudFormation
Artifacts is a property of the AWS::CodeBuild::Project resource that specifies output settings for artifacts generated by an AWS CodeBuild build.
Read more >AWS::CodeBuild::Project Artifacts - Amazon CloudFormation
Artifacts is a property of the AWS::CodeBuild::Project resource that specifies output settings for artifacts generated by an Amazon CodeBuild build.
Read more >AWS CodeBuild - Understanding Output Artifacts - YouTube
In this video I show you how to create output artifacts for your codebuild instance and how we can define what files to...
Read more >Troubleshooting AWS CodePipeline Artifacts - Stelligent
The Artifact Store is an Amazon S3 bucket that CodePipeline uses to store artifacts used by pipelines. When you first use the CodePipeline...
Read more >AWS CodeBuild - Artillery.io
This guide assumes you have an existing AWS account with permissions to access the different resources used when setting up AWS CodeBuild projects,...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
I already commented that fixing the names of the artifacts is not possible, and doesn’t really make sense in CodePipeline. Basically, the pipeline controls the names, not the CodeBuild project that executes the build (there is no guarantee that the name is dynamic like
myname-$(date +%Y-%m-%d)
, a user can also make it justmyname
, and then everything would fall apart).As for encryption, there is a single key used for encryption in the entire CodePipeline - it cannot be set per action. You can grant IAM users permissions to that one key using standard CDK methods like
grantEncrypt()
, etc.No problem 🙂. I’m resolving this one, let me know if you need any more info about this from our side.