Merge pull request #33 from 0x4447/development

Conditional Webhook
0x4447 · Mar 1, 2020 · 3efdab0 · 3efdab0
2 parents 8faf3d3 + 8515270
commit 3efdab0
Show file tree

Hide file tree

Showing 17 changed files with 67 additions and 25 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1 +1,2 @@
 **/*.DS_Store
+/CloudFormation.json
diff --git a/02_Metadata/interface.json b/02_Metadata/interface.json
@@ -0,0 +1,27 @@
+{
+	"AWS::CloudFormation::Interface" : {
+		"ParameterGroups": [
+			{
+				"Label" : { "default" : "Basics" },
+				"Parameters" : [ "CodePipelineArtifactsParam" ]
+			},
+			{
+				"Label" : { "default" : "GitHub" },
+				"Parameters" : [ "GitHubAccountOwnerParam", "GitHubTokenParam", "StageParam", "AutoDeployParam" ]
+			},
+			{
+				"Label" : { "default" : "Product Configuration" },
+				"Parameters" : [ "EmailRestingPlace"]
+			}
+		],
+		"ParameterLabels": {
+			"CodePipelineArtifactsParam": { "default" : "CodePipeline Artifacts" },
+			"GitHubTokenParam": { "default" : "GitHub Token" },
+			"GitHubAccountOwnerParam": { "default" : "GitHub Owner" },
+			"StageParam": { "default" : "Deployment Stage" },
+			"AutoDeployParam": { "default" : "Autodeployment" },
+
+			"EmailRestingPlace": { "default" : "Email Bucket Name" }
+		}
+	}
+}
diff --git a/03_Parameters/auto_deploy.json b/03_Parameters/auto_deploy.json
@@ -0,0 +1,8 @@
+{
+	"AutoDeployParam": {
+		"Description": "Don't change this unless you forked your own copy of the repos. And want to have auto deployment for changes in code that you made in your repos. If you set Yes, then the CodePipeline setup will get a Webhook resource, otherwise skipped, since you don't have access to our repos, and can't add a web hook entry in our repos.",
+		"Type": "String",
+		"AllowedValues" : ["No", "Yes"],
+		"Default": "No"
+	}
+}
diff --git a/03_Parameters/code_pipeline_bucket_name.json b/03_Parameters/code_pipeline_bucket_name.json
@@ -1,5 +1,5 @@
 {
-	"CodePipelineBucketName": {
+	"CodePipelineArtifactsParam": {
 		"Description": "The S3 bucket name where CodePipeline will store the artifacts (this is needed only by CP to work, and pass task results to the next stage) - (This bucket needs to exist already in S3)",
 		"Type": "String"
 	}

diff --git a/03_Parameters/github_account_name.json → 03_Parameters/github_owner.json b/03_Parameters/github_account_name.json → 03_Parameters/github_owner.json
@@ -1,6 +1,6 @@
 {
-	"ParamGitHubAccountName": {
-		"Description": "The name of the GitHub account, it is the same names that you find in the URL. Organization or private account.",
+	"GitHubAccountOwnerParam": {
+		"Description": "The name of the GitHub account, it is the same names that you find in the URL (Organization or private account).",
 		"Type": "String",
 		"Default": "0x4447"
 	}

diff --git a/03_Parameters/github_token.json b/03_Parameters/github_token.json
@@ -1,6 +1,6 @@
 {
-	"GitHubToken": {
-		"Description": "You need to create a Personal access tokens (https://github.com/settings/tokens) for CodePipeline to have access to the GitHub repo even if they are public, and the Scope has to have: repo and admin:repo_hook",
+	"GitHubTokenParam": {
+		"Description": "You need to create a Personal access tokens (https://github.com/settings/tokens) for CodePipeline to have access to the GitHub repo despite it being public. Find out more here: https://docs.aws.amazon.com/codepipeline/latest/userguide/GitHub-authentication.html",
 		"NoEcho": true,
 		"Type": "String"
 	}

diff --git a/03_Parameters/stage.json b/03_Parameters/stage.json
@@ -1,6 +1,6 @@
 {
-	"Stage": {
-		"Description": "Select what Stage are you deploying.",
+	"StageParam": {
+		"Description": "Select what type of environment are you deploying (branch of the repo).",
 		"Type": "String",
 		"AllowedValues": ["master", "development"],
 		"Default": "master",

diff --git a/05_Conditions/github_owner.json b/05_Conditions/github_owner.json
@@ -0,0 +1,3 @@
+{
+	"GitHubAutodeploymentCondition": { "Fn::Equals": [ {"Ref": "AutoDeployParam"}, "Yes"] }
+}
diff --git a/07_Resources/Repos/converter/CodeBuild/Policies/s3.json b/07_Resources/Repos/converter/CodeBuild/Policies/s3.json
@@ -10,7 +10,7 @@
 					{
 						"Effect": "Allow",
 						"Action": "s3:*",
-						"Resource": { "Fn::Sub": "arn:aws:s3:::${CodePipelineBucketName}/*"}
+						"Resource": { "Fn::Sub": "arn:aws:s3:::${CodePipelineArtifactsParam}/*"}
 					}
 				]
 			}

diff --git a/07_Resources/Repos/converter/CodePipeline/_index.json b/07_Resources/Repos/converter/CodePipeline/_index.json
@@ -4,7 +4,7 @@
 		"Properties": {
 			"Name": "0x4447_s3_email_lambda_converter",
 			"ArtifactStore": {
-				"Location": { "Ref": "CodePipelineBucketName" },
+				"Location": { "Ref": "CodePipelineArtifactsParam" },
 				"Type": "S3"
 			},
 			"RoleArn": { "Fn::GetAtt": ["PipelineConverterRole", "Arn"] },
@@ -22,11 +22,11 @@
 								"Version": "1"
 							},
 							"Configuration": {
-								"Owner": { "Ref": "ParamGitHubAccountName" },
+								"Owner": { "Ref": "GitHubAccountOwnerParam" },
 								"Repo": "0x4447_product_s3_email_lambda_converter",
-								"Branch": { "Ref": "Stage" },
+								"Branch": { "Ref": "StageParam" },
 								"PollForSourceChanges": false,
-								"OAuthToken": { "Ref": "GitHubToken" }
+								"OAuthToken": { "Ref": "GitHubTokenParam" }
 							},
 							"OutputArtifacts": [
 								{

diff --git a/07_Resources/Repos/converter/CodePipeline/webhook.json b/07_Resources/Repos/converter/CodePipeline/webhook.json
@@ -1,10 +1,11 @@
 {
 	"PipelineConverterWebhook": {
 		"Type": "AWS::CodePipeline::Webhook",
+		"Condition": "GitHubAutodeploymentCondition",
 		"Properties": {
 			"Authentication": "GITHUB_HMAC",
 			"AuthenticationConfiguration": {
-				"SecretToken": { "Ref": "GitHubToken" }
+				"SecretToken": { "Ref": "GitHubTokenParam" }
 			},
 			"Filters": [
 				{

diff --git a/07_Resources/Repos/inbound/CodeBuild/Policies/s3.json b/07_Resources/Repos/inbound/CodeBuild/Policies/s3.json
@@ -10,7 +10,7 @@
 					{
 						"Effect": "Allow",
 						"Action": "s3:*",
-						"Resource": { "Fn::Sub": "arn:aws:s3:::${CodePipelineBucketName}/*"}
+						"Resource": { "Fn::Sub": "arn:aws:s3:::${CodePipelineArtifactsParam}/*"}
 					}
 				]
 			}

diff --git a/07_Resources/Repos/inbound/CodePipeline/_index.json b/07_Resources/Repos/inbound/CodePipeline/_index.json
@@ -4,7 +4,7 @@
 		"Properties": {
 			"Name": "0x4447_s3_email_lambda_inbound",
 			"ArtifactStore": {
-				"Location": { "Ref": "CodePipelineBucketName" },
+				"Location": { "Ref": "CodePipelineArtifactsParam" },
 				"Type": "S3"
 			},
 			"RoleArn": { "Fn::GetAtt": ["PipelineInboundRole", "Arn"] },
@@ -22,11 +22,11 @@
 								"Version": "1"
 							},
 							"Configuration": {
-								"Owner": { "Ref": "ParamGitHubAccountName" },
+								"Owner": { "Ref": "GitHubAccountOwnerParam" },
 								"Repo": "0x4447_product_s3_email_lambda_inbound",
-								"Branch": { "Ref": "Stage" },
+								"Branch": { "Ref": "StageParam" },
 								"PollForSourceChanges": false,
-								"OAuthToken": { "Ref": "GitHubToken" }
+								"OAuthToken": { "Ref": "GitHubTokenParam" }
 							},
 							"OutputArtifacts": [
 								{

diff --git a/07_Resources/Repos/inbound/CodePipeline/webhook.json b/07_Resources/Repos/inbound/CodePipeline/webhook.json
@@ -1,10 +1,11 @@
 {
 	"PipelineInboundWebhook": {
 		"Type": "AWS::CodePipeline::Webhook",
+		"Condition": "GitHubAutodeploymentCondition",
 		"Properties": {
 			"Authentication": "GITHUB_HMAC",
 			"AuthenticationConfiguration": {
-				"SecretToken": { "Ref": "GitHubToken" }
+				"SecretToken": { "Ref": "GitHubTokenParam" }
 			},
 			"Filters": [
 				{

diff --git a/07_Resources/Repos/outbound/CodeBuild/Policies/s3.json b/07_Resources/Repos/outbound/CodeBuild/Policies/s3.json
@@ -10,7 +10,7 @@
 					{
 						"Effect": "Allow",
 						"Action": "s3:*",
-						"Resource": { "Fn::Sub": "arn:aws:s3:::${CodePipelineBucketName}/*"}
+						"Resource": { "Fn::Sub": "arn:aws:s3:::${CodePipelineArtifactsParam}/*"}
 					}
 				]
 			}

diff --git a/07_Resources/Repos/outbound/CodePipeline/_index.json b/07_Resources/Repos/outbound/CodePipeline/_index.json
@@ -4,7 +4,7 @@
 		"Properties": {
 			"Name": "0x4447_s3_email_lambda_outbound",
 			"ArtifactStore": {
-				"Location": { "Ref": "CodePipelineBucketName" },
+				"Location": { "Ref": "CodePipelineArtifactsParam" },
 				"Type": "S3"
 			},
 			"RoleArn": { "Fn::GetAtt": ["PipelineOutboundRole", "Arn"] },
@@ -22,11 +22,11 @@
 								"Version": "1"
 							},
 							"Configuration": {
-								"Owner": { "Ref": "ParamGitHubAccountName" },
+								"Owner": { "Ref": "GitHubAccountOwnerParam" },
 								"Repo": "0x4447_product_s3_email_lambda_outbound",
-								"Branch": { "Ref": "Stage" },
+								"Branch": { "Ref": "StageParam" },
 								"PollForSourceChanges": false,
-								"OAuthToken": { "Ref": "GitHubToken" }
+								"OAuthToken": { "Ref": "GitHubTokenParam" }
 							},
 							"OutputArtifacts": [
 								{

diff --git a/07_Resources/Repos/outbound/CodePipeline/webhook.json b/07_Resources/Repos/outbound/CodePipeline/webhook.json
@@ -1,10 +1,11 @@
 {
 	"PipelineOutboundWebhook": {
 		"Type": "AWS::CodePipeline::Webhook",
+		"Condition": "GitHubAutodeploymentCondition",
 		"Properties": {
 			"Authentication": "GITHUB_HMAC",
 			"AuthenticationConfiguration": {
-				"SecretToken": { "Ref": "GitHubToken" }
+				"SecretToken": { "Ref": "GitHubTokenParam" }
 			},
 			"Filters": [
 				{