Permalink
Branch: master
Find file Copy path
739db86 Jan 12, 2019
2 contributors

Users who have contributed to this file

@yoshinori-satoh @YoshinoriSatoh
executable file 124 lines (117 sloc) 3.27 KB
AWSTemplateFormatVersion: '2010-09-09'
Description: Build and push docker image to ECR from github Repository.
Parameters:
Env:
Type: String
CodeRepository:
Type: String
Branch:
Type: String
ImageRegistry:
Type: String
Owner:
Type: String
OAuthToken:
Type: String
Resources:
# ---------- S3 bucket ----------
ArtifactBucketStack:
Type: AWS::S3::Bucket
# ---------- CodeBuild ----------
CodeBuildProject:
Type: AWS::CodeBuild::Project
Properties:
Name: !Sub ${AWS::StackName}-${Env}
ServiceRole: !Ref CodeBuildServiceRole
Artifacts:
Type: CODEPIPELINE
Environment:
ComputeType: BUILD_GENERAL1_SMALL
Image: aws/codebuild/docker:17.09.0
Type: LINUX_CONTAINER
EnvironmentVariables:
- Name: Env
Type: PLAINTEXT
Value: !Ref Env
Source:
Type: CODEPIPELINE
BuildSpec: buildspec.yaml
CodeBuildServiceRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service: codebuild.amazonaws.com
Action: sts:AssumeRole
ManagedPolicyArns:
- arn:aws:iam::aws:policy/PowerUserAccess
# ---------- CodePipeline ----------
CodePipeline:
Type: AWS::CodePipeline::Pipeline
Properties:
Name: !Sub ${AWS::StackName}-${Env}
RoleArn: !GetAtt CodePipelineServiceRole.Arn
ArtifactStore:
Location: !Ref ArtifactBucketStack
Type: S3
Stages:
- Name: Source
Actions:
- Name: Source
ActionTypeId:
Category: Source
Owner: ThirdParty
Provider: GitHub
Version: 1
Configuration:
Owner: !Ref Owner
Repo: !Ref CodeRepository
Branch: !Ref Branch
OAuthToken: !Ref OAuthToken
PollForSourceChanges: true
OutputArtifacts:
- Name: Src
- Name: Build
Actions:
- Name: BuildAndPushImage
ActionTypeId:
Category: Build
Owner: AWS
Provider: CodeBuild
Version: 1
Configuration:
ProjectName: !Ref CodeBuildProject
InputArtifacts:
- Name: Src
OutputArtifacts:
- Name: Build
CodePipelineServiceRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service: codepipeline.amazonaws.com
Action: sts:AssumeRole
ManagedPolicyArns:
- arn:aws:iam::aws:policy/PowerUserAccess
Policies:
- PolicyName: !Sub ${AWS::StackName}-codebuild-service-policy
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Resource:
- "*"
Action:
- iam:PassRole
# ---------- ECR Repository ----------
ECRRepository:
Type: AWS::ECR::Repository
Properties:
RepositoryName: !Ref ImageRegistry