-
Notifications
You must be signed in to change notification settings - Fork 22
/
Copy pathAzureDevopsPipeline.yaml
159 lines (159 loc) · 4.36 KB
/
AzureDevopsPipeline.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
---
AWSTemplateFormatVersion: '2010-09-09'
Description: Create Custom CodePipeline Source Action for MS DevOps
Parameters:
Organization:
Default: 'Org_4_AWS'
Description: Azure DevOps Organization
Type: String
Repo:
Default: 'Repo_4_AWS'
Description: Azure DevOps Repo
Type: String
Project:
Default: 'Project_4_AWS'
Description: Azure DevOps Project
Type: String
Branch:
Default: 'master'
Description: Azure DevOps Branch
Type: String
PipelineName:
Default: 'AzureDevopsProject1'
Description: PipeLine Name
Type: String
Resources:
ArtifactBucket:
Type: AWS::S3::Bucket
DeletionPolicy: Delete
Properties:
VersioningConfiguration:
Status: Enabled
DeployBucket:
Type: AWS::S3::Bucket
DeletionPolicy: Delete
Properties:
VersioningConfiguration:
Status: Enabled
PipelinePolicy:
Type: AWS::IAM::ManagedPolicy
Properties:
ManagedPolicyName: !Sub AzureDevops-CodePipelinePolicy-${AWS::StackName}
Path: "/"
PolicyDocument:
Version: "2012-10-17"
Statement:
- Sid: s3
Effect: Allow
Action:
- s3:PutObject
- s3:Get*
- s3:List
Resource: [
!Sub '${ArtifactBucket.Arn}',
!Sub '${ArtifactBucket.Arn}/*',
!Sub '${DeployBucket.Arn}',
!Sub '${DeployBucket.Arn}/*'
]
- Sid: cloudwatch
Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
Resource: arn:aws:logs:*:*:*
PipelineRole:
Type: 'AWS::IAM::Role'
Properties:
ManagedPolicyArns: [
!Ref PipelinePolicy
]
AssumeRolePolicyDocument:
Statement:
- Action:
- 'sts:AssumeRole'
Effect: Allow
Principal:
Service:
- "codepipeline.amazonaws.com"
Path: /
AppPipeline:
Type: AWS::CodePipeline::Pipeline
Properties:
Name: !Ref PipelineName
RoleArn: !Sub ${PipelineRole.Arn}
Stages:
- Name: Source
Actions:
- Name: AzureDevOps
ActionTypeId:
Category: Source
Owner: Custom
Version: "1"
Provider: AzureDevOpsRepo
OutputArtifacts:
- Name: AzureCode
Configuration:
Organization: !Ref Organization
Repo: !Ref Repo
Branch: !Ref Branch
Project: !Ref Project
PipelineName: !Ref PipelineName
RunOrder: 1
- Name: Deploy
Actions:
- Name: S3deploy
ActionTypeId:
Category: Deploy
Owner: AWS
Provider: S3
Version: '1'
InputArtifacts:
- Name: AzureCode
Configuration:
BucketName: !Ref DeployBucket
Extract: true
RunOrder: 1
ArtifactStore:
Type: S3
Location: !Ref ArtifactBucket
Webhook:
Type: 'AWS::CodePipeline::Webhook'
Properties:
AuthenticationConfiguration: {}
Filters:
- JsonPath: "$.resource.refUpdates..name"
MatchEquals: !Sub 'refs/heads/${Branch}'
Authentication: UNAUTHENTICATED
TargetPipeline: !Ref AppPipeline
TargetAction: Source
Name: !Sub AzureDevopsHook-${AWS::StackName}
TargetPipelineVersion: !Sub ${AppPipeline.Version}
RegisterWithThirdParty: False
BuildProjectPolicy:
Type: AWS::IAM::Policy
Properties:
PolicyName: !Sub ${AWS::StackName}-codebuild-Policy
PolicyDocument:
Version: 2012-10-17
Statement:
-
Effect: Allow
Action:
- s3:PutObject
- s3:GetBucketPolicy
- s3:GetObject
- s3:ListBucket
Resource:
- !Sub '${ArtifactBucket.Arn}'
- !Sub '${ArtifactBucket.Arn}/*'
- !Sub '${DeployBucket.Arn}'
- !Sub '${DeployBucket.Arn}/*'
Roles:
-
!ImportValue BuildProjectRole
Outputs:
Webhook:
Value: !Sub ${Webhook.Url}
Export:
Name: !Sub ${AWS::StackName}-WebhookUrl