Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Guidance needed for customize codebuild s3 artifact resources

See original GitHub issue

❓ General Issue

The Question

Any way to customize GitHubSourceAction output with following configuration. Artifact input, output with cuztomize FILENAME and disable KMS encrypt by default.

Something like below…

codeBuildProject.addSecondaryArtifact(
       Artifacts.s3({
         bucket: codebuildBucket,
         path: 'mypath',
         name: 'name',
         identifier: 'bridge-artifact1',
         encryption: false,
    }),
);

Sample code

// buildspec.yml
artifacts:
  files:
    - "**/*"
  name: myCUSTOMNAME ///// THIS not working, still generate randomly

// Codebuild bucket
    const codebuildBucket = new s3.Bucket(
      this,
      `${environment.ENV}-codebuild-bucket`,
      {
        bucketName: `${environment.ENV.toLowerCase()}-codebuild-bucket`,
        removalPolicy: cdk.RemovalPolicy.DESTROY,
        blockPublicAccess: new s3.BlockPublicAccess({
          blockPublicAcls: true,
          blockPublicPolicy: false,
          ignorePublicAcls: true,
          restrictPublicBuckets: false,
        }),
        accessControl: s3.BucketAccessControl.PUBLIC_READ,
      },
    );

const pipeline = new codepipeline.Pipeline(
      this,
      `${environment.ENV}`,
      {
        pipelineName: `${environment.ENV}`,
        restartExecutionOnUpdate: true,
        artifactBucket: codebuildBucket,
      },
    );

    // Source stage, grab code from Github
    const sourceStage = pipeline.addStage({
      stageName: 'Source',
    });

    const buildStage = pipeline.addStage({
      stageName: 'Build',
      placement: {
        justAfter: sourceStage,
      },
    });

const sourceOutput = new codepipeline.Artifact('sourceOutput');
    const sourceAction = new cpaction.GitHubSourceAction({
      actionName: codebuild-action-${environment.ENV}`,
      owner: '',
      repo: 'api',
      oauthToken: oauthSecret,
      branch: `${environment.branch}`,
      trigger: cpaction.GitHubTrigger.WEBHOOK,
      output: sourceOutput, ////// THIS I hope I can customize its output file's name and disable KMS encryption. 
    });

    sourceStage.addAction(sourceAction);

    const codeBuildProject = new codebuild.PipelineProject(
      this,
      `Api-${environment.ENV}`,
      {
        role: buildRole,
        environment: {
          buildImage: codebuild.LinuxBuildImage.fromDockerRegistry('node:12-buster'),
        },
        buildSpec: codebuild.BuildSpec.fromSourceFilename('buildspec.yml'),
      },
    );

const buildOutput = new codepipeline.Artifact('buildOutput');
    const buildAction = new cpaction.CodeBuildAction({
      actionName: 'Build',
      input: sourceOutput, // This hope it can disable its encryption
      outputs: [buildOutput], // This hope it can disable its encryption
      project: codeBuildProject,
    });

    buildStage.addAction(buildAction);

Environment

CDK CLI Version: 1.44.0
Module Version: 1.44.0
Node.js Version: v14.3.0
OS: OSX
Language (Version): TypeScript (3.8.3)

References

Issue Analytics

State:
Created 3 years ago
Comments:5 (3 by maintainers)

Top GitHub Comments

2reactions

skinny85commented, Jun 9, 2020

I already commented that fixing the names of the artifacts is not possible, and doesn’t really make sense in CodePipeline. Basically, the pipeline controls the names, not the CodeBuild project that executes the build (there is no guarantee that the name is dynamic like myname-$(date +%Y-%m-%d), a user can also make it just myname, and then everything would fall apart).

As for encryption, there is a single key used for encryption in the entire CodePipeline - it cannot be set per action. You can grant IAM users permissions to that one key using standard CDK methods like grantEncrypt(), etc.

0reactions

skinny85commented, Jun 10, 2020

No problem 🙂. I’m resolving this one, let me know if you need any more info about this from our side.

Top Results From Across the Web

CodeBuild::Project Artifacts - AWS CloudFormation

Artifacts is a property of the AWS::CodeBuild::Project resource that specifies output settings for artifacts generated by an AWS CodeBuild build.

AWS::CodeBuild::Project Artifacts - Amazon CloudFormation

Artifacts is a property of the AWS::CodeBuild::Project resource that specifies output settings for artifacts generated by an Amazon CodeBuild build.

AWS CodeBuild - Understanding Output Artifacts - YouTube

In this video I show you how to create output artifacts for your codebuild instance and how we can define what files to...

Troubleshooting AWS CodePipeline Artifacts - Stelligent

The Artifact Store is an Amazon S3 bucket that CodePipeline uses to store artifacts used by pipelines. When you first use the CodePipeline...

AWS CodeBuild - Artillery.io

This guide assumes you have an existing AWS account with permissions to access the different resources used when setting up AWS CodeBuild projects,...