implement tags, log group retention and support s3 as source

0ptional · Nov 13, 2020 · c217221 · c217221
1 parent 6fb3adb
commit c217221
Show file tree

Hide file tree

Showing 16 changed files with 461 additions and 185 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,4 @@
 .vscode
 node_modules
-build
+build
+slstest
diff --git a/README.md b/README.md
@@ -17,7 +17,7 @@ custom:
     image: aws/cli
     artifactBucket: my-bucket
     source:
-      - repository: my-repository
+      repository: my-repository
     stages:
       - name: build
         spec: ci/build.yml
@@ -28,54 +28,89 @@ custom:
 ```
 
 
-#### General Properties
+### General Properties
 
 Property | Type | Required | Description
 ---|---|---|---
-`computeType` | string | false | Defaults to `BUILD_GENERAL1_SMALL`. See [Allowed Values](https://)
-`enabled` | boolean | false | Set to `false` if pipeline should not be deployed. This is useful for stage dependent creation of pipeline. Defaults to true.
-`image` | string | true | Provide a docker image name.
-`artifactBucket` | string | true | Bucket name for stored artifacts
-`env` | Record<string, string> | false | Map of environment variables that are made available to each stage.
-`source` | Source Object | true | Configuration for source. 
-`stages` | Array<Stage> | true | List of stages.
+`computeType` | *string* | false | Defaults to `BUILD_GENERAL1_SMALL`. See [allowed values](https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-compute-types.html).
+`enabled` | *boolean* | false | Set to `false` if pipeline should not be deployed. This is useful for stage dependent creation of pipeline. Defaults to true.
+`enabledOn` | *string* | false | Specify name of stage during which the pipeline should be created. This overrides `enabled`.
+`image` | *string* | true | Provide a docker image name.
+`artifactBucket` | *string* | true | Bucket name for stored artifacts
+`env` | *Record<string, string>* | false | Map of environment variables that are made available to each stage.
+`source` | *Source Object* | true | Configuration for source. 
+`stages` | *Array\<Stage>* | true | List of stages.
+`logRetention` | *number* | false | Number of days for which codebuild logs are retained in cloudwatch. See [allowed values](https://docs.aws.amazon.com/de_de/AWSCloudFormation/latest/UserGuide/aws-resource-logs-loggroup.html). Defaults to no limit.
+`tags` | *Record<string, string>* | false | Map of tags. Merged with tags defined in provider. The tags are applied to all created resources (IAM Role, CodeBuild Projects and Pipeline).
 
-#### Source Properties
+### Source Properties
+
+Currently, the plugin supports CodeCommit, GitHub and S3 as sources.
+
+#### CodeCommit Source Properties
 
 Property | Type | Required | Description
 ---|---|---|---
-`repository` | string | true | Name of repository in AWS CodeCommit.
-`branch` | string | false | Branch that should be checked out. Defaults to `master`.
-`trigger` | boolean | false | Set to `false` if the pipeline should not be triggered on source changes. Defaults to `true`.
+`type` | *'codecommit'* | false | When no type is defined, it defaults to `codecommit`.
+`repository` | *string* | true | Name of repository in codecommit.
+`branch` | *string* | false | Branch that should be checked out. Defaults to `master`.
+`trigger` | *boolean* | false | Set to `false` if the pipeline should not be triggered on source changes. Defaults to `true`.
 
-#### Stage Properties
+#### GitHub Source Properties
 
 Property | Type | Required | Description
 ---|---|---|---
-`name` | string | true | Stage name. Output names are also based on stage name.
-`spec` | string | true | Location of the CodeBuild spec file within the primary input (source).
-`inputs` | string[] | false | Specify all stage names from which a stage should receive additional input. The source input is always the primary.
-`image` | string | false | Specify a docker image if this stage should use a different image.
-`env` | Record<string, string> | false | Adds stage specifc environment variables. Stage variables are merged with global variables.
-`computeType` | string | false | Specify if this stage should run with a different compute type than provided in general config.
-`manualExecution` | boolean | false | Set to true, if this stage should not run automatically. Defaults to `false`.
+`type` | *'github'* | true | Type must be set to `github` to use it as a source.
+`repository` | *string* | true | Name of repository with prepended owner (e.g. `0ptional/serverless-codepipeline`)
+`branch` | *string* | false | Branch that should be checked out. Defaults to `master`.
+`trigger` | *boolean* | false | Set to `false` if the pipeline should not be triggered on source changes. Defaults to `true`.
+`githubToken` | *string* | true | To use repositories on GitHub you must provide an OAuth token for a GitHub user. For a guide on how to create the token, read [this](https://docs.github.com/en/free-pro-team@latest/github/authenticating-to-github/creating-a-personal-access-token).
+
+#### S3 Source Properties
+
+Property | Type | Required | Description
+---|---|---|---
+`type` | *'s3'* | true | Type must be set to `s3` to use it as a source.
+`s3Bucket` | *string* | true | Name of S3 Bucket.
+`s3Key` | *string* | false | Key to object (must be zip archive).
+`trigger` | *boolean* | false | Set to `false` if the pipeline should not be triggered on source changes. Defaults to `true`.
+
+### Stage Properties
+
+Property | Type | Required | Description
+---|---|---|---
+`name` | *string* | true | Stage name. Output names are also based on stage name.
+`spec` | *string* | true | Location of the CodeBuild spec file within the primary input (source).
+`inputs` | *string[]* | false | Specify all stage names from which a stage should receive additional input. The source input is always the primary.
+`image` | *string* | false | Specify a docker image if this stage should use a different image.
+`env` | *Record<string, string>* | false | Adds stage specifc environment variables. Stage variables are merged with global variables.
+`computeType` | *string* | false | Specify if this stage should run with a different compute type than provided in general config.
+`manualExecution` | *boolean* | false | Set to true, if this stage should not run automatically. Defaults to `false`.
+
+## Full Example
 
 ```yaml
 custom:
   codepipeline:
     # global config
     computeType: BUILD_GENERAL1_SMALL
-    enabled: ${self:custom.${self:provider.stage}.deployPipeline} # use this for stage dependent deployments
+    # enabled: ${self:custom.${self:provider.stage}.deployPipeline}
+    enabledOn: staging # use this for a single stage dependent deployment
     image: aws/cli
     artifactBucket: my-bucket
+    logRetention: 7
+    tags:
+      PipelineTag: value
     env:
-      VAR1: hello
+      PIPELINE_ENV_VAR: hello
 
     # source config
     source:
-      - repository: my-repository
-        branch: master
-        trigger: true
+      type: github
+      repository: '0ptional/serverless-codepipeline'
+      branch: master
+      trigger: false
+      githubToken: abc*******
 
     # stage config
     stages:
@@ -84,7 +119,7 @@ custom:
         image: aws/cli
         computeType: BUILD_GENERAL1_SMALL
         env:
-          VAR2: world
+          STAGE_ENV_VAR: world
       - name: deploy-dev
         spec: ci/deploy-dev.yml
         inputs: [ build ]
@@ -93,3 +128,7 @@ custom:
         spec: ci/deploy-prod.yml
         inputs: [ build ]
 ```
+
+## Todos
+
+* Support ECR as source
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "serverless-codepipeline-plugin",
-  "version": "1.0.2",
+  "version": "1.1.0",
   "author": "0ptional",
   "description": "",
   "main": "build/index.js",
@@ -13,7 +13,7 @@
   ],
   "devDependencies": {
     "@types/node": "^12.7.12",
-    "@types/serverless": "^1.78.0",
+    "@types/serverless": "^1.78.1",
     "tslint": "^5.20.0",
     "typescript": "^4.0.3"
   },

diff --git a/src/IAMRole.ts b/src/IAMRole.ts
@@ -0,0 +1,40 @@
+import { PipelineConfig } from "./PluginConfig";
+import { IAMRole } from "../types/IAMRole";
+import { mapToTags } from "./util";
+
+export function buildIAMRole(config: PipelineConfig): IAMRole {
+    return {
+        Type: 'AWS::IAM::Role',
+        Properties: {
+            Tags: mapToTags(config.tags),
+            AssumeRolePolicyDocument: {
+                Statement: [
+                    {
+                        Action: ['sts:AssumeRole'],
+                        Effect: 'Allow',
+                        Principal: {
+                            Service: [
+                                'codepipeline.amazonaws.com',
+                                'codebuild.amazonaws.com'
+                            ]
+                        }
+                    }
+                ]
+            },
+            Policies: [
+                {
+                    PolicyName: 'CodePipelineFullAccess',
+                    PolicyDocument: {
+                        Statement: [
+                            {
+                                Action: '*',
+                                Effect: 'Allow',
+                                Resource: '*'
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    }
+}
diff --git a/src/LogGroup.ts b/src/LogGroup.ts
@@ -0,0 +1,13 @@
+import { logGroupName } from "./util";
+import { CodeBuildProject } from "../types/CodeBuildProject";
+import { CloudWatchLogGroup } from "../types/CloudWatchLogGroup";
+
+export function buildLogGroups(projects: CodeBuildProject[], logRetention?: number): CloudWatchLogGroup[] {
+    return projects.map(project => ({
+        Type: 'AWS::Logs::LogGroup',
+        Properties: {
+            LogGroupName: logGroupName(project.Properties.Name),
+            RetentionInDays: logRetention
+        }
+    }));
+}