This repository has been archived by the owner on May 26, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 2
/
cloudformation.yml
135 lines (128 loc) · 4.18 KB
/
cloudformation.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
AWSTemplateFormatVersion: 2010-09-09
Description: >-
Create the codebuild project and related notifications for fzfaws. The codebuild
project is responsible to build the new tags and publish it to pypi as well
as building and pushing the docker image to docker hub.
Resources:
CodeBuildProject:
Type: AWS::CodeBuild::Project
Properties:
Artifacts:
Type: NO_ARTIFACTS
BadgeEnabled: true
Description: CodeBuild project for building and pushit fzfaws to pypi and also docker hub.
Environment:
ComputeType: BUILD_GENERAL1_SMALL
Image: aws/codebuild/amazonlinux2-x86_64-standard:3.0
PrivilegedMode: true
Type: LINUX_CONTAINER
LogsConfig:
CloudWatchLogs:
Status: ENABLED
Name: fzfaws
ServiceRole: !Ref CodeBuildRole
Source:
Location: https://github.com/kazhala/fzf.aws.git
Type: GITHUB
ReportBuildStatus: true
SourceVersion: master
Triggers:
Webhook: true
FilterGroups:
- - Type: EVENT
Pattern: PUSH
- Type: HEAD_REF
Pattern: ^refs/heads/master$
- Type: FILE_PATH
Pattern: setup.py
- Type: COMMIT_MESSAGE
Pattern: '^.*v[0-9]+\.[0-9]+\.[0-9]+.*$'
CodeBuildRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Action: 'sts:AssumeRole'
Effect: Allow
Principal:
Service: 'codebuild.amazonaws.com'
Description: !Sub 'CodeBuild role for ${AWS::StackName}'
RoleName: !Sub '${AWS::StackName}-codebuild'
CodeBuildRolePolicy:
Type: AWS::IAM::Policy
Properties:
PolicyName: !Sub '${AWS::StackName}-codebuild-role-policy'
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- 'ssm:GetParameters'
Resource:
- 'arn:aws:ssm:ap-southeast-2:378756445655:parameter/docker/*'
- 'arn:aws:ssm:ap-southeast-2:378756445655:parameter/pypi/*'
- Effect: Allow
Action:
- 'kms:Decrypt'
Resource: 'arn:aws:kms:ap-southeast-2:378756445655:key/51311dc6-8e2d-4139-abdc-5a81261eaa40'
- Effect: Allow
Action:
- 'logs:CreateLogGroup'
- 'logs:CreateLogStream'
- 'logs:PutLogEvents'
Resource:
- 'arn:aws:logs:ap-southeast-2:378756445655:log-group:/aws/codebuild/fzfaws'
- 'arn:aws:logs:ap-southeast-2:378756445655:log-group:/aws/codebuild/fzfaws:*'
Roles:
- !Ref CodeBuildRole
CodeBuildSNSTopic:
Type: AWS::SNS::Topic
Properties:
TopicName: 'CodeBuildfzfawsNotification'
CodeBuildSNSSubscription:
Type: AWS::SNS::Subscription
Properties:
TopicArn: !Ref CodeBuildSNSTopic
Protocol: email
Endpoint: [email protected]
CodeBuildStatusTrigger:
Type: AWS::Events::Rule
Properties:
Description: Report codebuild status to fzfaws sns topic
EventPattern:
source:
- 'aws.codebuild'
detail-type:
- 'CodeBuild Build State Change'
detail:
build-status:
- 'SUCCEEDED'
- 'FAILED'
project-name:
- !Ref CodeBuildProject
Name: !Sub '${AWS::StackName}-codebuild-trigger'
State: ENABLED
Targets:
- Arn: !Ref CodeBuildSNSTopic
Id: CodeBuildSNSTopic
InputTransformer:
InputPathsMap:
id: '$.detail.build-id'
name: '$.detail.project-name'
status: '$.detail.build-status'
InputTemplate: |
"Project '<name>' has reached the build status of '<status>' for build '<id>'."
CodeBuildSNSTopicPolicy:
Type: AWS::SNS::TopicPolicy
Properties:
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service: events.amazonaws.com
Action: 'sns:Publish'
Resource: !Ref CodeBuildSNSTopic
Topics:
- !Ref CodeBuildSNSTopic