How To Create An AWS CodeCommit Approver Rule Template Using AWS CLI
Hello Everyone
Welcome to CloudAffaire and this is Debjeet.
In the last blog post, we have discussed how to manage a pull request in AWS CodeCommit using AWS CLI.
https://cloudaffaire.com/how-to-manage-a-pull-request-in-aws-codecommit-using-aws-cli/
In this blog post, we will discuss on how to create an AWS CodeCommit approver rule template using AWS CLI. In the last blog post, when we created a pull request, we also created an approver rule for the pull request. But instead of creating approver rules for individual pull requests in your CodeCommit repository, you can also create an approver rule template and associate that with your entire CodeCommit repository.
What Is An Approver Rule Template In AWS CodeCommit:
You can create approval rules for pull requests. However, if you want to have one or more approval rules automatically applied to some or all of the pull requests created in repositories, use approval rule templates. Approval rule templates help you customize your development workflows across repositories so that different branches have appropriate levels of approvals and control. You can define different rules for production and development branches. Those rules are applied every time a pull request that matches the rule conditions is created.
An approval rule template can be associated with one or more repositories in the AWS Region where they are created. When a template is associated with a repository, it automatically creates approval rules for pull requests in that repository as part of creating the pull request. Just like a single approval rule, an approval rule template defines an approval rule structure, including the number of required approvals and an optional pool of users from which approvals must come. Unlike an approval rule, you can also define destination references (the branch or branches), also known as branch filters. If you define destination references, then only pull requests whose destination branch names match the specified branch names (destination references) in the template have rules created for them.
How To Create An AWS CodeCommit Approver Rule Template Using AWS CLI:
Requirements:
AWS CLI v2 installed and configured.
https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html
Git installed and configured.
https://www.atlassian.com/git/tutorials/install-git
Step 1: Create an AWS CodeCommit repository.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
#################################################### ## How To Manage A Pull Request In AWS CodeCommit ## #################################################### ## I am using a Linux shell to execute AWS CLI commands ## ------------------------------ ## create a codecommit repository ## ------------------------------ ## create some files for this demo mkdir -p codecmitdemo && cd codecmitdemo ## create a codecommit repository and upload a file aws codecommit create-repository \ --repository-name "my_aws_repo" \ --repository-description "CloudAffaire test repository" \ --tags "Key=release,Value=v1" ## upload a file in the codecommit repository echo "aws" > myfile.txt && AWS_CODECMIT_COMMIT_ID1=$(aws codecommit put-file \ --repository-name "my_aws_repo" \ --branch-name "master" \ --file-content fileb://myfile.txt \ --file-path user1/myfile1.txt \ --name "Debjeet" \ --email "debjeettoni@gmail.com" \ --commit-message "debjeet added myfile.txt" \ --query 'commitId' \ --output text) |
Step 2: Create an approval rule template for CodeCommit repository.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
## ------------------------------------------ ## Create a codecommit approver rule template ## ------------------------------------------ ## create an approver rule policy (for demo I am keeping myself as approver) AWS_CODECOMMIT_APPROVER=$(aws sts get-caller-identity \ --query 'Arn' \ --output text) && cat < { "Version":"2018-11-08", "Statements":[ { "Type":"Approvers", "NumberOfApprovalsNeeded":1, "ApprovalPoolMembers":[ "$AWS_CODECOMMIT_APPROVER" ] } ] } EOF ## create an approver rule template aws codecommit create-approval-rule-template \ --approval-rule-template-name "myapprovaltemplate" \ --approval-rule-template-description "demo template ony me can approve" \ --approval-rule-template-content file://myapproverpolicy.json |
Step 3: Get approval rule template details.
|
1 2 3 4 5 6 7 8 9 10 |
## ---------------------------------- ## get approver rule template details ## ---------------------------------- ## list all approver rule templates in your account aws codecommit list-approval-rule-templates ## get a specific approver rule template details aws codecommit get-approval-rule-template \ --approval-rule-template-name "myapprovaltemplate" |
Step 4: Associate approver rule template with a CodeCommit repository.
|
1 2 3 4 5 6 7 8 9 10 11 12 |
## ----------------------------------------------------- ## associate approver rule template with your repository ## ----------------------------------------------------- ## associate approver rule template with your repository aws codecommit associate-approval-rule-template-with-repository \ --repository-name "my_aws_repo" \ --approval-rule-template-name "myapprovaltemplate" ## check which repositories are currently associated with this approver rule template aws codecommit list-repositories-for-approval-rule-template \ --approval-rule-template-name "myapprovaltemplate" |
Step 5: Create a new branch in your CodeCommit repo for the pull request.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
## ------------------- ## create a new branch ## ------------------- ## create a branch for user2 aws codecommit create-branch \ --repository-name "my_aws_repo" \ --branch-name "update" \ --commit-id "$AWS_CODECMIT_COMMIT_ID1" ## update the file to the update branch echo "gcp" >> myfile.txt && AWS_CODECMIT_COMMIT_ID2=$(aws codecommit put-file \ --repository-name "my_aws_repo" \ --branch-name "update" \ --file-content fileb://myfile.txt \ --file-path myfile.txt \ --name "Debjeet" \ --email "debjeettoni@gmail.com" \ --commit-message "debjeet modified myfile.txt" \ --parent-commit-id "$AWS_CODECMIT_COMMIT_ID1" \ --query 'commitId' \ --output text) |
Step 6: Create a new pull request for the new branch.
|
1 2 3 4 5 6 7 8 9 10 11 |
## --------------------- ## create a pull request ## --------------------- ## create a pull request PULL_REQ_ID=$(aws codecommit create-pull-request \ --title "mypullrequest" \ --description "gcp added in myfile.txt" \ --targets "repositoryName=my_aws_repo,sourceReference=update,destinationReference=master" \ --query 'pullRequest.pullRequestId' \ --output text) |
Step 7: Try to approve the pull request.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
## ------------------------------- ## try to approve the pull request ## ------------------------------- ## check if associated approval rules satisfied PULL_REQ_REV_ID=$(aws codecommit get-pull-request \ --pull-request-id $PULL_REQ_ID \ --query 'pullRequest.revisionId' \ --output text) && aws codecommit evaluate-pull-request-approval-rules \ --pull-request-id $PULL_REQ_ID \ --revision-id $PULL_REQ_REV_ID ## approve the pull request (only me can approve) aws codecommit update-pull-request-approval-state \ --pull-request-id $PULL_REQ_ID \ --revision-id $PULL_REQ_REV_ID \ --approval-state "APPROVE" ## you will get an error as approver can not be same as requestor ## create an iam role with programetic access and AWSCodeCommitFullAccess policy ## configure aws cli for new iam user aws configure --profile approver ## check if its working aws sts get-caller-identity --profile approver |
Step 8: Update the approval rule template.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 |
## ----------------------------- ## update approver rule template ## ----------------------------- ## update approver rule policy (only approver can approve) AWS_CODECOMMIT_APPROVER=$(aws sts get-caller-identity \ --query 'Arn' \ --output text \ --profile approver) && cat < { "Version":"2018-11-08", "Statements":[ { "Type":"Approvers", "NumberOfApprovalsNeeded":1, "ApprovalPoolMembers":[ "$AWS_CODECOMMIT_APPROVER" ] } ] } EOF ## update approver rule template aws codecommit update-approval-rule-template-content \ --approval-rule-template-name "myapprovaltemplate" \ --new-rule-content file://myapproverpolicy.json ## you can also update the approver rule template description aws codecommit update-approval-rule-template-description \ --approval-rule-template-name "myapprovaltemplate" \ --approval-rule-template-description "demo template ony approver can approve" ## check if associated approval rules satisfied PULL_REQ_REV_ID=$(aws codecommit get-pull-request \ --pull-request-id $PULL_REQ_ID \ --query 'pullRequest.revisionId' \ --output text) && aws codecommit evaluate-pull-request-approval-rules \ --pull-request-id $PULL_REQ_ID \ --revision-id $PULL_REQ_REV_ID ## approve the pull request (only approver can approve) aws codecommit update-pull-request-approval-state \ --pull-request-id $PULL_REQ_ID \ --revision-id $PULL_REQ_REV_ID \ --approval-state "APPROVE" \ --profile approver ## success, note we passed 'approver' using --profile parameter |
Step 9: Get pull request approval status.
|
1 2 3 4 5 6 7 8 |
## -------------------------------- ## get pull request approval status ## -------------------------------- ## get pull request approval status as user2 aws codecommit get-pull-request-approval-states \ --pull-request-id $PULL_REQ_ID \ --revision-id $PULL_REQ_REV_ID |
Step 10: Create a pull merge request.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
## --------------------------- ## create a pull merge request ## --------------------------- ## create a pull merge request aws codecommit merge-pull-request-by-fast-forward \ --pull-request-id $PULL_REQ_ID \ --source-commit-id $AWS_CODECMIT_COMMIT_ID2 \ --repository-name "my_aws_repo" ## get changes post pull request approval aws codecommit get-differences \ --repository-name "my_aws_repo" \ --before-commit-specifier "$AWS_CODECMIT_COMMIT_ID1" \ --after-commit-specifier "$AWS_CODECMIT_COMMIT_ID2" |
Step 11: Cleanup.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
## ------- ## cleanup ## ------- ## delete your codecommit repository aws codecommit delete-repository \ --repository-name "my_aws_repo" ## delete the approver rule template aws codecommit delete-approval-rule-template \ --approval-rule-template-name "myapprovaltemplate" ## delete demo directory cd .. && rm -rf codecmitdemo |
Hope you have enjoyed this blog post. To get more details on AWS CodeCommit, please refer below AWS documentation
https://docs.aws.amazon.com/codecommit/latest/userguide/welcome.html
https://docs.aws.amazon.com/cli/latest/reference/codecommit/index.html
CodeCommit is a Git-based version control system and you need to have a basic understanding of Git in order to work with CodeCommit. You can follow the below link to get a basic understanding of Git.
https://cloudaffaire.com/category/devops/git/
That was a good tutorial altogether. No fuss, only relevant information. Thanks for writing such a great piece of content.