diff --git a/CodePipeline.yml b/CodePipeline.yml index 660b26e..efc04e9 100644 --- a/CodePipeline.yml +++ b/CodePipeline.yml @@ -18,6 +18,10 @@ Parameters: ProdAccountNo: Type: String Description: The Account Number of the prod account + SourceRepository: + Type: String + Default: scottjbaldwin/AWSCodePipelineExample + Description: The Account Number of the prod account Resources: ArtefactBucket: @@ -280,7 +284,11 @@ Resources: - !Sub 'arn:aws:s3:::${BucketPrefix}-artefactbucket' Action: - 's3:*' - + GitHubConnection: + Type: 'AWS::CodeStarConnections::Connection' + Properties: + ConnectionName: GitHubConnection + ProviderType: GitHub PipelineExecutionRole: Type: AWS::IAM::Role Properties: @@ -333,6 +341,10 @@ Resources: - Effect: Allow Action: sns:Publish Resource: !Ref ProdApprovalGateTopic + - Effect: Allow + Action: + - 'codestar-connections:UseConnection' + Resource: !Ref GitHubConnection Tags: - Key: Project Value: !Ref ProjectName @@ -389,20 +401,21 @@ Resources: Stages: - Name: Source Actions: - - Name: GitHubRepo + - Name: Source + InputArtifacts: [] ActionTypeId: - Category: Source - Owner: ThirdParty - Provider: GitHub Version: '1' - Configuration: - Owner: scottjbaldwin - Repo: AWSCodePipelineExample - Branch: main - OAuthToken: "{{resolve:secretsmanager:CovidSafeOAuthToken:SecretString:AccessToken}}" + Owner: AWS + Category: Source + Provider: CodeStarSourceConnection OutputArtifacts: - Name: SourceArtefact RunOrder: 1 + Configuration: + ConnectionArn: !Ref GitHubConnection + FullRepositoryId: !Ref SourceRepository + BranchName: "main" + OutputArtifactFormat: "CODE_ZIP" - Name: Build Actions: - Name: CodeBuild @@ -552,3 +565,4 @@ Resources: "region": "$.region" InputTemplate: "{\"SNSTopic\": \"Pipeline , execution id has failed! URL: https://ap-southeast-2.console.aws.amazon.com/codesuite/codepipeline/pipelines//view?region=\"}" + \ No newline at end of file diff --git a/README.md b/README.md index 202e8c1..4aabac2 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ In order for this example to run, the infrastructure must be set up in the follo 1. The Build Account base infrastructure must be provisioned by executing `BuildAccountBaseInfrastructure.yml` cloudformation script in the Build Account 1. The dev and prod deployment roles need to be provisioned by executing the `CrossAccountCFNRole.yml` cloudformation script, and passing in the arn of the KMS key provisioned in the previous step -1. The CodePipeline can then be provisioned using the `CodePipeline.yml` again passing in the arn of the KMS key to use for artefact encryption which was provisioned as part of the build account base infratructure +1. The CodePipeline can then be provisioned using the `CodePipeline.yml` again passing in the arn of the KMS key to use for artefact encryption which was provisioned as part of the build account base infratructure. The CloudFormation also creates a CodeStar connection to GitHub. This connection, however, will be in pending state after the creation. You need to setup the connection as an onetime activity before it can be used in the pipeline. This project uses conventions based on ProjectName in order to minimize the number of parameters required to pass to the respective cloudformation templates. For example, the codepipeline assumes that there are roles named `${ProjectName}-${AWS::Region}-DeploymentRole` in both the prod and dev accounts, rather than passing explicit arns in. These roles are set up by the cloudformation scripts as described above.