Amazon Web Services' CodeBuild is a managed service that allows developers to build projects from source.
Typically CodeBuild is used as part of your CI/CD pipeline, perhaps along with other AWS tools like CodeCommit, CodePipeline and CodeDeploy.
This blog will explore the use of CodeBuild to build the Bedrock project and update a yum repository. Along the way I'll detail some of the things I've learned and the path I took to automating the Bedrock build.
Tuesday, March 14, 2017
Sunday, March 12, 2017
AWS CodeBuild and why I have no hair left
I'll blog soon about AWS CodeBuild and CodePipeline when I get around to documenting all of my frustrations but for now, to save some poor souls from losing their hair, here are some quick tips:
- CodeBuild is not very helpful regarding malformed YAML in your buildspec.yml file. If things don't work, check to make sure your buildspec.yml file is well formed.
- As if that were not bad enough, even if it is well formed, if you include elements it does not recognize it might just skip them silently. I inadvertently used pre-build instead of pre_build and lost some hair on that one.
- As verified in this blog post, CodeBuild will not upload artifacts to the root of a bucket - it really wants a folder name. Odd really, since S3 objects have key names and folders do not really exist. I was trying to create a yum repository in a bucket that is hosting a website and wanted my files to in the root of the bucket. No can do pal.
- If you want to sync some files to said website bucket and are making the site publicly available by setting permissions as I was using the CLI, you'll need to make sure that your CodeBuild policy that is attached to the role you use to run CodeBuilder has the proper permissions to your S3 bucket. In this case you'll need ListObject, PutObject, GetObject, and PutObjectAcl. Here's what the policy might look like:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Resource": [
"arn:aws:logs:us-east-1:*********:log-group:/aws/codebuild/bedrock-build",
"arn:aws:logs:us-east-1:*********:log-group:/aws/codebuild/bedrock-build:*"
],
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
]
},
{
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::codepipeline-us-east-1-*"
],
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:GetObjectVersion"
]
},
{
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::openbedrock",
"arn:aws:s3:::openbedrock/*",
"arn:aws:s3:::repo.openbedrock.net",
"arn:aws:s3:::repo.openbedrock.net/*"
],
"Action": [
"s3:Put*",
"s3:Get*",
"s3:List*"
]
}
]
}
More about my adventures with CodeBuild and CodePipeline later...
Subscribe to:
Posts (Atom)