How To Create An AWS CodeBuild Build Project Using AWS CLI
Hello Everyone
Welcome to CloudAffaire and this is Debjeet.
In the last blog post, we have discussed different components and features of AWS CodeBuild.
https://cloudaffaire.com/what-are-the-components-of-aws-codebuild/
In this blog post, we will discuss how to create an AWS CodeBuild build project using AWS CLI.
What Is CodeBuild Build Project:
A build project includes information about how to run a build, including where to get the source code, which build environment to use, which build commands to run, and where to store the build output. A build environment represents a combination of operating system, programming language runtime, and tools that CodeBuild uses to run a build.
How To Create An AWS CodeBuild Build Project Using AWS CLI:
Requirements:
AWS CLI installed and configured. You can follow the below blog post to install and configure AWS CLI.
https://cloudaffaire.com/how-to-install-aws-cli/
https://cloudaffaire.com/how-to-configure-aws-cli/
Git installed and configured.
https://cloudaffaire.com/category/devops/git/
Step 1: Setup AWS CodeCommit repository to host your CodeBuild source code.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 |
################################################################ ## How To Create An AWS CodeBuild Build Project Using AWS CLI ## ################################################################ ## I am using a Linux shell to execute AWS CLI commands ## -------------------------------------------------- ## Setup CodeCommit to host source code for CodeBuild ## -------------------------------------------------- ## create a directory for this demo mkdir codebuld && cd codebuld ## clone the java source code git clone https://github.com/CloudAffaire/CodeBuild.git ## create a new repository aws codecommit create-repository \ --repository-name "myapp" \ --repository-description "myapp respository" \ --tags "Key=Name,Value=MYAPP" ## follow step 3 to 5 of below blog post to configure https ## cresentials for codecommit required to clone the repo through https ## https://cloudaffaire.com/how-to-access-an-aws-codecommit-repository-remotely/ ## clone your codecommit repository GIT_CLONE_HTTPS_URL=$(aws codecommit get-repository \ --repository-name "myapp" \ --query 'repositoryMetadata.cloneUrlHttp' \ --output text) && git clone $GIT_CLONE_HTTPS_URL ## provide username and password when prompted ## copy the files to codecommit local repo cp -r CodeBuild/src myapp/ cp CodeBuild/buildspec.yml myapp/ cp CodeBuild/pom.xml myapp/ ## commit and push cd myapp git config --global user.name "Debjeet" git config --global user.email "cloudaffaire@gmail.com" git add . git commit -m "code upload" git push cd .. |
Note: CodeBuild supports S3 bucket, CodeCommit, GitHub, and Bitbucket as your build source code location. In this demo, we are using CodeCommit to show the integration of CodeCommit with CodeBuild.
Step 2: Create an IAM role for AWS CodeBuild.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 |
## -------------------------------- ## Create an IAM role for CodeBuild ## -------------------------------- ## create iam policy cat <<EOF > role_assume_policy.json { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "codebuild.amazonaws.com" }, "Action": "sts:AssumeRole" } ] } EOF ## create iam role IAM_ROLE_ARN=$(aws iam create-role \ --role-name CodeBuildServiceRole \ --assume-role-policy-document file://role_assume_policy.json \ --query 'Role.Arn' \ --output text) ## attach some policies to the role (S3, CodeCommit, CloudWatch) aws iam attach-role-policy \ --policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess \ --role-name CodeBuildServiceRole && aws iam attach-role-policy \ --policy-arn arn:aws:iam::aws:policy/AWSCodeCommitFullAccess \ --role-name CodeBuildServiceRole && aws iam attach-role-policy \ --policy-arn arn:aws:iam::aws:policy/CloudWatchFullAccess \ --role-name CodeBuildServiceRole |
Step 3: Create an S3 bucket to store your build outcome (artifacts).
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
## ------------------------------------------ ## Create an S3 bucket for CodeBuild artifact ## ------------------------------------------ ## S3 bucket name (must be uniqe globally) S3_BUCKET_NAME="myappcbcloudaffaire" ## Create a new s3 bucket aws s3api create-bucket \ --bucket "$S3_BUCKET_NAME" \ --create-bucket-configuration "LocationConstraint=ap-south-1" ## Add a tag to the s3 bucket aws s3api put-bucket-tagging \ --bucket "$S3_BUCKET_NAME" \ --tagging 'TagSet=[{Key=Name,Value=MYAPP}]' |
Note: We can deploy this artifact using CodeDeploy and CodePipeline, which will be covered under CodeDeploy.
Step 4: Create a CodeBuild build project.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
## -------------------------------- ## Create a CodeBuild build project ## -------------------------------- ## create build project definition cat <<EOF > build_project_def.json { "name": "mycodebuildproject", "source": { "type": "CODECOMMIT", "location": "$GIT_CLONE_HTTPS_URL" }, "artifacts": { "type": "S3", "location": "$S3_BUCKET_NAME" }, "environment": { "type": "LINUX_CONTAINER", "image": "aws/codebuild/amazonlinux2-x86_64-standard:3.0", "computeType": "BUILD_GENERAL1_SMALL" }, "serviceRole": "$IAM_ROLE_ARN" } EOF ## create the build project aws codebuild create-project \ --cli-input-json file://build_project_def.json ## list all projects in your codebuild aws codebuild list-projects ## get project build details aws codebuild batch-get-projects \ --names "mycodebuildproject" |
Step 5: Start your CodeBuild build project.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
## ---------------------------------- ## Start your CodeBuild build project ## ---------------------------------- ## start build aws codebuild start-build \ --project-name "mycodebuildproject" ## get list of build for the project aws codebuild list-builds-for-project \ --project-name "mycodebuildproject" ## get build details AWS_CODEBULD_BUILD_ID=$(aws codebuild list-builds-for-project \ --project-name "mycodebuildproject" \ --query 'ids[0]' \ --output text) && aws codebuild batch-get-builds \ --ids $AWS_CODEBULD_BUILD_ID |
Note: Additional charges apply to build your source code. CodeBuild builds is charged on per minutes basis and you get 120 free every month for small compute which is used in this demo.
Step 6: Get your build artifacts and logs.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
## --------------------------------------------------- ## Get your CodeBuild build project logs and artifacts ## --------------------------------------------------- ## check the artifacts for the builds aws s3api list-objects \ --bucket $S3_BUCKET_NAME ## check cloudwatch logs for the build logs AWS_CLOUDWATCH_LOG_STREAM=`echo $AWS_CODEBULD_BUILD_ID | awk -F":" '{print $2}'` AWS_CLOUDWATCH_LOG_GROUP=$(aws logs describe-log-groups \ --query 'logGroups[0].logGroupName' \ --output text) aws logs get-log-events \ --log-group-name $AWS_CLOUDWATCH_LOG_GROUP \ --log-stream-name $AWS_CLOUDWATCH_LOG_STREAM \ --limit 10 |
Step 7: Cleanup.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 |
## ------- ## Cleanup ## ------- ## delete codebuild project aws codebuild delete-project \ --name "mycodebuildproject" ## delete cloudwatch logs aws logs delete-log-group \ --log-group-name $AWS_CLOUDWATCH_LOG_GROUP ## delete s3 artifact bucket aws s3 rm s3://$S3_BUCKET_NAME \ --recursive && aws s3 rb s3://$S3_BUCKET_NAME \ --force ## delete your codecommit repository aws codecommit delete-repository \ --repository-name "myapp" ## detach IAM role policy aws iam detach-role-policy \ --policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess \ --role-name CodeBuildServiceRole && aws iam detach-role-policy \ --policy-arn arn:aws:iam::aws:policy/AWSCodeCommitFullAccess \ --role-name CodeBuildServiceRole && aws iam detach-role-policy \ --policy-arn arn:aws:iam::aws:policy/CloudWatchFullAccess \ --role-name CodeBuildServiceRole ## delete IAM role aws iam delete-role \ --role-name "CodeBuildServiceRole" ## delete the directory for this dmeo cd .. && rm -rf codebuld |
Hope you have enjoyed this blog post. To get more details on AWS CodeBuild, please refer below AWS documentation
https://docs.aws.amazon.com/codebuild/index.html