AWS Codepipeline 多输出工件
AWS Codepipeline Multiple Output Artifacts
对 AWS Codepipeline 还是相当陌生,我正在尝试将输出工件传递到构建的下一阶段。在这种特殊情况下,我想为构建阶段做两个工件,这是我现在唯一关注的部分。我已经包含了我的 codepipeline 代码以供参考:
resource "aws_codepipeline" "cp_plan_pipeline" {
name = "${local.name_prefix_H}-${var.cp_name}"
role_arn = aws_iam_role.cp_service_role.arn
artifact_store {
type = var.cp_artifact_type
location = module.S3.bucket_name
}
stage {
name = "Clone"
action {
name = "Source"
category = "Source"
owner = "AWS"
provider = "CodeCommit"
input_artifacts = []
version = "1"
output_artifacts = ["CodeWorkspace"]
configuration = {
RepositoryName = var.cp_repo_name
BranchName = var.cp_branch_name
PollForSourceChanges = var.cp_poll_sources
OutputArtifactFormat = var.cp_ouput_format
}
run_order = "1"
}
}
stage {
name = "Plan"
action {
name = "Terraform-Plan"
category = "Build"
owner = "AWS"
provider = "CodeBuild"
version = "1"
input_artifacts = ["CodeWorkspace"]
output_artifacts = ["CodeSource","TerraformPlanFile"]
configuration = {
ProjectName = var.cp_plan_project_name
EnvironmentVariables = jsonencode([
{
name = "PIPELINE_EXECUTION_ID"
value = "#{codepipeline.PipelineExecutionId}"
type = "PLAINTEXT"
}
])
}
}
}
stage {
name = "Test"
action {
name = "Testing"
category = "Test"
owner = "AWS"
provider = "CodeBuild"
input_artifacts = ["CodeSource"]
output_artifacts = ["TestOutput"]
version = "1"
configuration = {
ProjectName = var.cp_test_project_name
EnvironmentVariables = jsonencode([
{
name = "PIPELINE_EXECUTION_ID"
value = "#{codepipeline.PipelineExecutionId}"
type = "PLAINTEXT"
}
])
}
}
}
stage {
name = "Manual-Approval"
action {
run_order = 1
name = "AWS-Admin-Approval"
category = "Approval"
owner = "AWS"
provider = "Manual"
version = "1"
input_artifacts = []
output_artifacts = []
configuration = {
CustomData = "Please verify the terraform plan output on the Plan stage and only approve this step if you see expected changes!"
}
}
}
stage {
name = "Deploy"
action {
run_order = 1
name = "Terraform-Apply"
category = "Build"
owner = "AWS"
provider = "CodeBuild"
input_artifacts = ["TerraformPlanFile"]
output_artifacts = []
version = "1"
configuration = {
ProjectName = var.cp_apply_project_name
PrimarySource = "CodeWorkspace"
EnvironmentVariables = jsonencode([
{
name = "PIPELINE_EXECUTION_ID"
value = "#{codepipeline.PipelineExecutionId}"
type = "PLAINTEXT"
}
])
}
}
}
}
因此,就管道的部署而言,管道工作正常。我的构建规范一直运行良好,直到我到达构建规范的工件阶段,我收到以下错误:阶段上下文状态代码:CLIENT_ERROR 消息:构建规范中没有对辅助工件代码源的定义 我的问题是构建规范并尝试输出第二个源,以便我可以将其上传到第二阶段。请注意构建规范的某些部分(例如变量)已被删除。以下构建规范:
version: 0.2
env:
variables:
TF_VERSION: "1.0.7"
PY_VERSION: "3.9.6"
GIT_VERSION: "2.9.5"
PACKER_VERSION: "1.7.8"
JQ_VERSION: "1.6"
TFLINT_VERSION: "0.34.0"
PERMISSION_SETS_DIR: "CodeSource"
phases:
install:
commands:
# iNSTALL/UPDATE SSH CLIENT
- echo UPDATING SSH CLIENT
- "which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )"
# iNSTALL JQ JSON PARSER
- curl -s -qL -o jq https://github.com/stedolan/jq/releases/download/jq-${JQ_VERSION}/jq-linux64
- chmod +x ./jq
- cp jq /usr/bin
# INSTALL TERRAFORM
- echo STARTING TERRAFORM INSTALLATION
- curl -s -qL -o terraform.zip https://releases.hashicorp.com/terraform/${TF_VERSION}/terraform_${TF_VERSION}_linux_amd64.zip
- unzip terraform -d /usr/bin/
- "chmod +x /usr/bin/terraform"
- "/usr/bin/terraform --version"
# INSTALL Packer
- echo STARTING PACKER INSTALLATION
- curl -s -qL -o packer.zip https://releases.hashicorp.com/packer/${PACKER_VERSION}/packer_${PACKER_VERSION}_linux_amd64.zip
- unzip packer -d /usr/bin/
- "chmod +x /usr/bin/packer"
- "/usr/bin/packer --version"
# INSTALL PYTHON
- echo "STARTING PYTHON INSTALLATION"
- "curl -s -qL -o python.tgz https://www.python.org/ftp/python/${PY_VERSION}/Python-${PY_VERSION}.tgz"
- "tar xf python.tgz -C /usr/bin/"
- "python --version"
- python -m pip install -U pip
# ADD PYTHON MODULES
- echo "INSTALL PYTHON MODULES"
- pip install git-remote-codecommit
pre_build:
commands:
# Adds a private SSH key to allow us to clone or npm install Git repositories
- rootpath=$(pwd)
- eval $(ssh-agent -s)
- mkdir -p ~/.ssh
# Configure SSH Key
- echo "$ssh_key" > ~/.ssh/cc_rsa
- cd ~/.ssh/
- cat cc_rsa
- |
echo "Multiline command"
cat > ~/.ssh/config <<EOL
Host idt-codecommit
Hostname git-codecommit.us-east-1.amazonaws.com
User ${cc_user}
IdentityFile ~/.ssh/cc_rsa
EOL
- cat ~/.ssh/config
# Configure SSH Permissions
- echo +++++++++CONFIG SSH+++++++++
- chmod 700 ~/.ssh
- chmod 600 ~/.ssh/config
- chmod 600 ~/.ssh/cc_rsa
- ssh-keyscan -t rsa1,rsa,dsa git-codecommit.us-east-1.amazonaws.com >> ~/.ssh/known_hosts
# Clone directories
- echo +++++++++CLONE DIRECTORIES+++++++++
- mkdir -p ${CODEBUILD_SRC_DIR}/configurations/${PERMISSION_SETS_DIR}
- cd ${CODEBUILD_SRC_DIR}/configurations/${PERMISSION_SETS_DIR}
- git clone codecommit://sourcerepo local_primary_repo
- git clone -b development ssh://sourcerepo2/v1/repos/sourcerepo2
# GET AWS ACCOUNT VARIABLES
- aws_region=$AWS_DEFAULT_REGION
- awsaccountnumber=$(aws sts get-caller-identity --query "Account")
- awsaccountname=$(aws iam list-account-aliases | jq -r '.AccountAliases | .[]')
- |
if [[ "$awsaccountname" == *"prod"* ]]; then
appenv="prod"
else
if [[ "$awsaccountname" == *"test"* ]]; then
appenv="test"
else
if [[ "$awsaccountname" == *"dev"* ]]; then
appenv="dev"
else
if [[ "$awsaccountname" == *"sbx"* ]]; then
appenv="sbx"
else
appenv="other"
fi
fi
fi
fi
build:
on-failure: ABORT
commands:
# Import S3 Folder Location Variable
- cd ${CODEBUILD_SRC_DIR}/configurations/${PERMISSION_SETS_DIR}/local_primary_repo
- CODEBUILD_GIT_BRANCH=`git symbolic-ref HEAD --short 2>/dev/null`
# CHECK TERRAFORM CODE
- cd ${CODEBUILD_SRC_DIR}/configurations/${PERMISSION_SETS_DIR}/local_primary_repo
- echo "yes" | terraform init
- terraform validate > ${bucketconfig}-tfvalidateexport.txt
- terraform validate
- terraform plan -out=tfplan_commitid_${CODEBUILD_RESOLVED_SOURCE_VERSION}_pipelineid_${PIPELINE_EXECUTION_ID}
- cp ${bucketconfig}-tfvalidateexport.txt ${CODEBUILD_SRC_DIR}/
- cp tfplan_commitid_${CODEBUILD_RESOLVED_SOURCE_VERSION}_pipelineid_${PIPELINE_EXECUTION_ID} ${CODEBUILD_SRC_DIR}/
post_build:
commands:
- echo "Terraform plan completed on `date`"
artifacts:
files:
- tfplan_commitid_${CODEBUILD_RESOLVED_SOURCE_VERSION}_pipelineid_${PIPELINE_EXECUTION_ID}
name: TerraformPlanFile
secondary-artifacts:
artifact_1:
files:
- '**/*'
name: CodeSource
base-directory: ${CODEBUILD_SRC_DIR}/configurations/${PERMISSION_SETS_DIR}
关于我做错了什么的链接或建议会很有帮助。谢谢!!
首先要感谢Antonio González for his post。这正是我所需要的解决方案。我想在这里为任何其他寻找同一问题答案的人回顾一下解决方案。我有一个可以帮助初学者的工作理解。当输出多个工件时,您必须使用次要工件:工件阶段内的操作。请参阅下面的示例:
artifacts:
base-directory: ${CODEBUILD_SRC_DIR}/
files:
- '**/*'
secondary-artifacts:
ARTIFACT1:
base-directory: DIRECTORY_FOR_ARTIFACT_1/
files:
- FILES_YOU_LOOKING_TO_OUTPUT
name: ARTIFACT_1_NAME_ANYTHING_YOU_WANT
ARTIFACT2:
base-directory: DIRECTORY_FOR_ARTIFACT_2/
files:
- FILES_YOU_LOOKING_TO_OUTPUT
name: ARTIFACT_2_NAME_ANYTHING_YOU_WANT
所以这是多个工件的基本设置,如果你想做另一个工件,你会做第三个。现在此设置的关键是将 secondary-artifacts 标题映射到您在代码管道输出中定义的输出。回忆一下我的管道构建阶段:
阶段{
名称=“计划”
action {
name = "Terraform-Plan"
category = "Build"
owner = "AWS"
provider = "CodeBuild"
version = "1"
input_artifacts = ["CodeWorkspace"]
output_artifacts = ["CodeSource","TerraformPlanFile"]
输出工件必须与secondary-artifacts标题相关联,如下所示:
secondary-artifacts:
TerraformPlanFile:
base-directory: ${CODEBUILD_SRC_DIR}/
files:
- tfplan_commitid_${CODEBUILD_RESOLVED_SOURCE_VERSION}_pipelineid_${PIPELINE_EXECUTION_ID}
name: TerraformPlanFile
CodeSource:
base-directory: ${CODEBUILD_SRC_DIR}/configurations/${PERMISSION_SETS_DIR}/
files:
- '**/*'
name: CodeSource
注意次要工件标题如何与 output_artifacts 匹配。通过确保这些标题与您确保传递的文件正确输出的标题相匹配。
对 AWS Codepipeline 还是相当陌生,我正在尝试将输出工件传递到构建的下一阶段。在这种特殊情况下,我想为构建阶段做两个工件,这是我现在唯一关注的部分。我已经包含了我的 codepipeline 代码以供参考:
resource "aws_codepipeline" "cp_plan_pipeline" {
name = "${local.name_prefix_H}-${var.cp_name}"
role_arn = aws_iam_role.cp_service_role.arn
artifact_store {
type = var.cp_artifact_type
location = module.S3.bucket_name
}
stage {
name = "Clone"
action {
name = "Source"
category = "Source"
owner = "AWS"
provider = "CodeCommit"
input_artifacts = []
version = "1"
output_artifacts = ["CodeWorkspace"]
configuration = {
RepositoryName = var.cp_repo_name
BranchName = var.cp_branch_name
PollForSourceChanges = var.cp_poll_sources
OutputArtifactFormat = var.cp_ouput_format
}
run_order = "1"
}
}
stage {
name = "Plan"
action {
name = "Terraform-Plan"
category = "Build"
owner = "AWS"
provider = "CodeBuild"
version = "1"
input_artifacts = ["CodeWorkspace"]
output_artifacts = ["CodeSource","TerraformPlanFile"]
configuration = {
ProjectName = var.cp_plan_project_name
EnvironmentVariables = jsonencode([
{
name = "PIPELINE_EXECUTION_ID"
value = "#{codepipeline.PipelineExecutionId}"
type = "PLAINTEXT"
}
])
}
}
}
stage {
name = "Test"
action {
name = "Testing"
category = "Test"
owner = "AWS"
provider = "CodeBuild"
input_artifacts = ["CodeSource"]
output_artifacts = ["TestOutput"]
version = "1"
configuration = {
ProjectName = var.cp_test_project_name
EnvironmentVariables = jsonencode([
{
name = "PIPELINE_EXECUTION_ID"
value = "#{codepipeline.PipelineExecutionId}"
type = "PLAINTEXT"
}
])
}
}
}
stage {
name = "Manual-Approval"
action {
run_order = 1
name = "AWS-Admin-Approval"
category = "Approval"
owner = "AWS"
provider = "Manual"
version = "1"
input_artifacts = []
output_artifacts = []
configuration = {
CustomData = "Please verify the terraform plan output on the Plan stage and only approve this step if you see expected changes!"
}
}
}
stage {
name = "Deploy"
action {
run_order = 1
name = "Terraform-Apply"
category = "Build"
owner = "AWS"
provider = "CodeBuild"
input_artifacts = ["TerraformPlanFile"]
output_artifacts = []
version = "1"
configuration = {
ProjectName = var.cp_apply_project_name
PrimarySource = "CodeWorkspace"
EnvironmentVariables = jsonencode([
{
name = "PIPELINE_EXECUTION_ID"
value = "#{codepipeline.PipelineExecutionId}"
type = "PLAINTEXT"
}
])
}
}
}
}
因此,就管道的部署而言,管道工作正常。我的构建规范一直运行良好,直到我到达构建规范的工件阶段,我收到以下错误:阶段上下文状态代码:CLIENT_ERROR 消息:构建规范中没有对辅助工件代码源的定义 我的问题是构建规范并尝试输出第二个源,以便我可以将其上传到第二阶段。请注意构建规范的某些部分(例如变量)已被删除。以下构建规范:
version: 0.2
env:
variables:
TF_VERSION: "1.0.7"
PY_VERSION: "3.9.6"
GIT_VERSION: "2.9.5"
PACKER_VERSION: "1.7.8"
JQ_VERSION: "1.6"
TFLINT_VERSION: "0.34.0"
PERMISSION_SETS_DIR: "CodeSource"
phases:
install:
commands:
# iNSTALL/UPDATE SSH CLIENT
- echo UPDATING SSH CLIENT
- "which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )"
# iNSTALL JQ JSON PARSER
- curl -s -qL -o jq https://github.com/stedolan/jq/releases/download/jq-${JQ_VERSION}/jq-linux64
- chmod +x ./jq
- cp jq /usr/bin
# INSTALL TERRAFORM
- echo STARTING TERRAFORM INSTALLATION
- curl -s -qL -o terraform.zip https://releases.hashicorp.com/terraform/${TF_VERSION}/terraform_${TF_VERSION}_linux_amd64.zip
- unzip terraform -d /usr/bin/
- "chmod +x /usr/bin/terraform"
- "/usr/bin/terraform --version"
# INSTALL Packer
- echo STARTING PACKER INSTALLATION
- curl -s -qL -o packer.zip https://releases.hashicorp.com/packer/${PACKER_VERSION}/packer_${PACKER_VERSION}_linux_amd64.zip
- unzip packer -d /usr/bin/
- "chmod +x /usr/bin/packer"
- "/usr/bin/packer --version"
# INSTALL PYTHON
- echo "STARTING PYTHON INSTALLATION"
- "curl -s -qL -o python.tgz https://www.python.org/ftp/python/${PY_VERSION}/Python-${PY_VERSION}.tgz"
- "tar xf python.tgz -C /usr/bin/"
- "python --version"
- python -m pip install -U pip
# ADD PYTHON MODULES
- echo "INSTALL PYTHON MODULES"
- pip install git-remote-codecommit
pre_build:
commands:
# Adds a private SSH key to allow us to clone or npm install Git repositories
- rootpath=$(pwd)
- eval $(ssh-agent -s)
- mkdir -p ~/.ssh
# Configure SSH Key
- echo "$ssh_key" > ~/.ssh/cc_rsa
- cd ~/.ssh/
- cat cc_rsa
- |
echo "Multiline command"
cat > ~/.ssh/config <<EOL
Host idt-codecommit
Hostname git-codecommit.us-east-1.amazonaws.com
User ${cc_user}
IdentityFile ~/.ssh/cc_rsa
EOL
- cat ~/.ssh/config
# Configure SSH Permissions
- echo +++++++++CONFIG SSH+++++++++
- chmod 700 ~/.ssh
- chmod 600 ~/.ssh/config
- chmod 600 ~/.ssh/cc_rsa
- ssh-keyscan -t rsa1,rsa,dsa git-codecommit.us-east-1.amazonaws.com >> ~/.ssh/known_hosts
# Clone directories
- echo +++++++++CLONE DIRECTORIES+++++++++
- mkdir -p ${CODEBUILD_SRC_DIR}/configurations/${PERMISSION_SETS_DIR}
- cd ${CODEBUILD_SRC_DIR}/configurations/${PERMISSION_SETS_DIR}
- git clone codecommit://sourcerepo local_primary_repo
- git clone -b development ssh://sourcerepo2/v1/repos/sourcerepo2
# GET AWS ACCOUNT VARIABLES
- aws_region=$AWS_DEFAULT_REGION
- awsaccountnumber=$(aws sts get-caller-identity --query "Account")
- awsaccountname=$(aws iam list-account-aliases | jq -r '.AccountAliases | .[]')
- |
if [[ "$awsaccountname" == *"prod"* ]]; then
appenv="prod"
else
if [[ "$awsaccountname" == *"test"* ]]; then
appenv="test"
else
if [[ "$awsaccountname" == *"dev"* ]]; then
appenv="dev"
else
if [[ "$awsaccountname" == *"sbx"* ]]; then
appenv="sbx"
else
appenv="other"
fi
fi
fi
fi
build:
on-failure: ABORT
commands:
# Import S3 Folder Location Variable
- cd ${CODEBUILD_SRC_DIR}/configurations/${PERMISSION_SETS_DIR}/local_primary_repo
- CODEBUILD_GIT_BRANCH=`git symbolic-ref HEAD --short 2>/dev/null`
# CHECK TERRAFORM CODE
- cd ${CODEBUILD_SRC_DIR}/configurations/${PERMISSION_SETS_DIR}/local_primary_repo
- echo "yes" | terraform init
- terraform validate > ${bucketconfig}-tfvalidateexport.txt
- terraform validate
- terraform plan -out=tfplan_commitid_${CODEBUILD_RESOLVED_SOURCE_VERSION}_pipelineid_${PIPELINE_EXECUTION_ID}
- cp ${bucketconfig}-tfvalidateexport.txt ${CODEBUILD_SRC_DIR}/
- cp tfplan_commitid_${CODEBUILD_RESOLVED_SOURCE_VERSION}_pipelineid_${PIPELINE_EXECUTION_ID} ${CODEBUILD_SRC_DIR}/
post_build:
commands:
- echo "Terraform plan completed on `date`"
artifacts:
files:
- tfplan_commitid_${CODEBUILD_RESOLVED_SOURCE_VERSION}_pipelineid_${PIPELINE_EXECUTION_ID}
name: TerraformPlanFile
secondary-artifacts:
artifact_1:
files:
- '**/*'
name: CodeSource
base-directory: ${CODEBUILD_SRC_DIR}/configurations/${PERMISSION_SETS_DIR}
关于我做错了什么的链接或建议会很有帮助。谢谢!!
首先要感谢Antonio González for his post。这正是我所需要的解决方案。我想在这里为任何其他寻找同一问题答案的人回顾一下解决方案。我有一个可以帮助初学者的工作理解。当输出多个工件时,您必须使用次要工件:工件阶段内的操作。请参阅下面的示例:
artifacts:
base-directory: ${CODEBUILD_SRC_DIR}/
files:
- '**/*'
secondary-artifacts:
ARTIFACT1:
base-directory: DIRECTORY_FOR_ARTIFACT_1/
files:
- FILES_YOU_LOOKING_TO_OUTPUT
name: ARTIFACT_1_NAME_ANYTHING_YOU_WANT
ARTIFACT2:
base-directory: DIRECTORY_FOR_ARTIFACT_2/
files:
- FILES_YOU_LOOKING_TO_OUTPUT
name: ARTIFACT_2_NAME_ANYTHING_YOU_WANT
所以这是多个工件的基本设置,如果你想做另一个工件,你会做第三个。现在此设置的关键是将 secondary-artifacts 标题映射到您在代码管道输出中定义的输出。回忆一下我的管道构建阶段:
阶段{ 名称=“计划”
action {
name = "Terraform-Plan"
category = "Build"
owner = "AWS"
provider = "CodeBuild"
version = "1"
input_artifacts = ["CodeWorkspace"]
output_artifacts = ["CodeSource","TerraformPlanFile"]
输出工件必须与secondary-artifacts标题相关联,如下所示:
secondary-artifacts:
TerraformPlanFile:
base-directory: ${CODEBUILD_SRC_DIR}/
files:
- tfplan_commitid_${CODEBUILD_RESOLVED_SOURCE_VERSION}_pipelineid_${PIPELINE_EXECUTION_ID}
name: TerraformPlanFile
CodeSource:
base-directory: ${CODEBUILD_SRC_DIR}/configurations/${PERMISSION_SETS_DIR}/
files:
- '**/*'
name: CodeSource
注意次要工件标题如何与 output_artifacts 匹配。通过确保这些标题与您确保传递的文件正确输出的标题相匹配。