From 7ec32c65afc8eb4f8d1455e08ab44db4885e1c99 Mon Sep 17 00:00:00 2001 From: David Gatti Date: Sun, 1 Mar 2020 12:42:34 +0100 Subject: [PATCH 1/2] Added conditional webhook --- 03_Parameters/auto_deploy.json | 8 ++++++++ 05_Conditions/github_owner.json | 3 +++ 07_Resources/Repos/converter/CodePipeline/webhook.json | 1 + 07_Resources/Repos/inbound/CodePipeline/webhook.json | 1 + 07_Resources/Repos/outbound/CodePipeline/webhook.json | 1 + 5 files changed, 14 insertions(+) create mode 100644 03_Parameters/auto_deploy.json create mode 100644 05_Conditions/github_owner.json diff --git a/03_Parameters/auto_deploy.json b/03_Parameters/auto_deploy.json new file mode 100644 index 0000000..5266f3b --- /dev/null +++ b/03_Parameters/auto_deploy.json @@ -0,0 +1,8 @@ +{ + "AutoDeployParam": { + "Description": "Don't change this unless you forked your own copy of the repos. And want to have auto deployment for changes in code that you made in your repos. If you set Yes, then the CodePipeline setup will get a Webhook resource, otherwise skipped, since you don't have access to our repos, and can't add a web hook entry in our repos.", + "Type": "String", + "AllowedValues" : ["No", "Yes"], + "Default": "No" + } +} diff --git a/05_Conditions/github_owner.json b/05_Conditions/github_owner.json new file mode 100644 index 0000000..05318ff --- /dev/null +++ b/05_Conditions/github_owner.json @@ -0,0 +1,3 @@ +{ + "GitHubAutodeploymentCondition": { "Fn::Equals": [ {"Ref": "AutoDeployParam"}, "Yes"] } +} diff --git a/07_Resources/Repos/converter/CodePipeline/webhook.json b/07_Resources/Repos/converter/CodePipeline/webhook.json index da23a81..616a0d6 100644 --- a/07_Resources/Repos/converter/CodePipeline/webhook.json +++ b/07_Resources/Repos/converter/CodePipeline/webhook.json @@ -1,6 +1,7 @@ { "PipelineConverterWebhook": { "Type": "AWS::CodePipeline::Webhook", + "Condition": "GitHubAutodeploymentCondition", "Properties": { "Authentication": "GITHUB_HMAC", "AuthenticationConfiguration": { diff --git a/07_Resources/Repos/inbound/CodePipeline/webhook.json b/07_Resources/Repos/inbound/CodePipeline/webhook.json index e41ffe3..e4e32b6 100644 --- a/07_Resources/Repos/inbound/CodePipeline/webhook.json +++ b/07_Resources/Repos/inbound/CodePipeline/webhook.json @@ -1,6 +1,7 @@ { "PipelineInboundWebhook": { "Type": "AWS::CodePipeline::Webhook", + "Condition": "GitHubAutodeploymentCondition", "Properties": { "Authentication": "GITHUB_HMAC", "AuthenticationConfiguration": { diff --git a/07_Resources/Repos/outbound/CodePipeline/webhook.json b/07_Resources/Repos/outbound/CodePipeline/webhook.json index dc298bd..caf6edf 100644 --- a/07_Resources/Repos/outbound/CodePipeline/webhook.json +++ b/07_Resources/Repos/outbound/CodePipeline/webhook.json @@ -1,6 +1,7 @@ { "PipelineOutboundWebhook": { "Type": "AWS::CodePipeline::Webhook", + "Condition": "GitHubAutodeploymentCondition", "Properties": { "Authentication": "GITHUB_HMAC", "AuthenticationConfiguration": { From 8515270eb3baa2d6bb1a6b001eb6f0cc7aa4379d Mon Sep 17 00:00:00 2001 From: David Gatti Date: Sun, 1 Mar 2020 12:42:50 +0100 Subject: [PATCH 2/2] Cleaninig and reorganization --- .gitignore | 1 + 02_Metadata/interface.json | 27 +++++++++++++++++++ 03_Parameters/code_pipeline_bucket_name.json | 2 +- ...ub_account_name.json => github_owner.json} | 4 +-- 03_Parameters/github_token.json | 4 +-- 03_Parameters/stage.json | 4 +-- .../converter/CodeBuild/Policies/s3.json | 2 +- .../Repos/converter/CodePipeline/_index.json | 8 +++--- .../Repos/converter/CodePipeline/webhook.json | 2 +- .../Repos/inbound/CodeBuild/Policies/s3.json | 2 +- .../Repos/inbound/CodePipeline/_index.json | 8 +++--- .../Repos/inbound/CodePipeline/webhook.json | 2 +- .../Repos/outbound/CodeBuild/Policies/s3.json | 2 +- .../Repos/outbound/CodePipeline/_index.json | 8 +++--- .../Repos/outbound/CodePipeline/webhook.json | 2 +- 15 files changed, 53 insertions(+), 25 deletions(-) create mode 100644 02_Metadata/interface.json rename 03_Parameters/{github_account_name.json => github_owner.json} (53%) diff --git a/.gitignore b/.gitignore index 0fa9842..a16f57c 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ **/*.DS_Store +/CloudFormation.json diff --git a/02_Metadata/interface.json b/02_Metadata/interface.json new file mode 100644 index 0000000..a779a30 --- /dev/null +++ b/02_Metadata/interface.json @@ -0,0 +1,27 @@ +{ + "AWS::CloudFormation::Interface" : { + "ParameterGroups": [ + { + "Label" : { "default" : "Basics" }, + "Parameters" : [ "CodePipelineArtifactsParam" ] + }, + { + "Label" : { "default" : "GitHub" }, + "Parameters" : [ "GitHubAccountOwnerParam", "GitHubTokenParam", "StageParam", "AutoDeployParam" ] + }, + { + "Label" : { "default" : "Product Configuration" }, + "Parameters" : [ "EmailRestingPlace"] + } + ], + "ParameterLabels": { + "CodePipelineArtifactsParam": { "default" : "CodePipeline Artifacts" }, + "GitHubTokenParam": { "default" : "GitHub Token" }, + "GitHubAccountOwnerParam": { "default" : "GitHub Owner" }, + "StageParam": { "default" : "Deployment Stage" }, + "AutoDeployParam": { "default" : "Autodeployment" }, + + "EmailRestingPlace": { "default" : "Email Bucket Name" } + } + } +} diff --git a/03_Parameters/code_pipeline_bucket_name.json b/03_Parameters/code_pipeline_bucket_name.json index b51c4e9..17d7a17 100644 --- a/03_Parameters/code_pipeline_bucket_name.json +++ b/03_Parameters/code_pipeline_bucket_name.json @@ -1,5 +1,5 @@ { - "CodePipelineBucketName": { + "CodePipelineArtifactsParam": { "Description": "The S3 bucket name where CodePipeline will store the artifacts (this is needed only by CP to work, and pass task results to the next stage) - (This bucket needs to exist already in S3)", "Type": "String" } diff --git a/03_Parameters/github_account_name.json b/03_Parameters/github_owner.json similarity index 53% rename from 03_Parameters/github_account_name.json rename to 03_Parameters/github_owner.json index 71beb58..a409d39 100644 --- a/03_Parameters/github_account_name.json +++ b/03_Parameters/github_owner.json @@ -1,6 +1,6 @@ { - "ParamGitHubAccountName": { - "Description": "The name of the GitHub account, it is the same names that you find in the URL. Organization or private account.", + "GitHubAccountOwnerParam": { + "Description": "The name of the GitHub account, it is the same names that you find in the URL (Organization or private account).", "Type": "String", "Default": "0x4447" } diff --git a/03_Parameters/github_token.json b/03_Parameters/github_token.json index d970881..5daeef0 100644 --- a/03_Parameters/github_token.json +++ b/03_Parameters/github_token.json @@ -1,6 +1,6 @@ { - "GitHubToken": { - "Description": "You need to create a Personal access tokens (https://github.com/settings/tokens) for CodePipeline to have access to the GitHub repo even if they are public, and the Scope has to have: repo and admin:repo_hook", + "GitHubTokenParam": { + "Description": "You need to create a Personal access tokens (https://github.com/settings/tokens) for CodePipeline to have access to the GitHub repo despite it being public. Find out more here: https://docs.aws.amazon.com/codepipeline/latest/userguide/GitHub-authentication.html", "NoEcho": true, "Type": "String" } diff --git a/03_Parameters/stage.json b/03_Parameters/stage.json index d794a6e..0499d20 100644 --- a/03_Parameters/stage.json +++ b/03_Parameters/stage.json @@ -1,6 +1,6 @@ { - "Stage": { - "Description": "Select what Stage are you deploying.", + "StageParam": { + "Description": "Select what type of environment are you deploying (branch of the repo).", "Type": "String", "AllowedValues": ["master", "development"], "Default": "master", diff --git a/07_Resources/Repos/converter/CodeBuild/Policies/s3.json b/07_Resources/Repos/converter/CodeBuild/Policies/s3.json index 7019440..d5d9125 100644 --- a/07_Resources/Repos/converter/CodeBuild/Policies/s3.json +++ b/07_Resources/Repos/converter/CodeBuild/Policies/s3.json @@ -10,7 +10,7 @@ { "Effect": "Allow", "Action": "s3:*", - "Resource": { "Fn::Sub": "arn:aws:s3:::${CodePipelineBucketName}/*"} + "Resource": { "Fn::Sub": "arn:aws:s3:::${CodePipelineArtifactsParam}/*"} } ] } diff --git a/07_Resources/Repos/converter/CodePipeline/_index.json b/07_Resources/Repos/converter/CodePipeline/_index.json index 38b3bf8..ba9c494 100644 --- a/07_Resources/Repos/converter/CodePipeline/_index.json +++ b/07_Resources/Repos/converter/CodePipeline/_index.json @@ -4,7 +4,7 @@ "Properties": { "Name": "0x4447_s3_email_lambda_converter", "ArtifactStore": { - "Location": { "Ref": "CodePipelineBucketName" }, + "Location": { "Ref": "CodePipelineArtifactsParam" }, "Type": "S3" }, "RoleArn": { "Fn::GetAtt": ["PipelineConverterRole", "Arn"] }, @@ -22,11 +22,11 @@ "Version": "1" }, "Configuration": { - "Owner": { "Ref": "ParamGitHubAccountName" }, + "Owner": { "Ref": "GitHubAccountOwnerParam" }, "Repo": "0x4447_product_s3_email_lambda_converter", - "Branch": { "Ref": "Stage" }, + "Branch": { "Ref": "StageParam" }, "PollForSourceChanges": false, - "OAuthToken": { "Ref": "GitHubToken" } + "OAuthToken": { "Ref": "GitHubTokenParam" } }, "OutputArtifacts": [ { diff --git a/07_Resources/Repos/converter/CodePipeline/webhook.json b/07_Resources/Repos/converter/CodePipeline/webhook.json index 616a0d6..6ceb70d 100644 --- a/07_Resources/Repos/converter/CodePipeline/webhook.json +++ b/07_Resources/Repos/converter/CodePipeline/webhook.json @@ -5,7 +5,7 @@ "Properties": { "Authentication": "GITHUB_HMAC", "AuthenticationConfiguration": { - "SecretToken": { "Ref": "GitHubToken" } + "SecretToken": { "Ref": "GitHubTokenParam" } }, "Filters": [ { diff --git a/07_Resources/Repos/inbound/CodeBuild/Policies/s3.json b/07_Resources/Repos/inbound/CodeBuild/Policies/s3.json index b7cbcfb..2fd7704 100644 --- a/07_Resources/Repos/inbound/CodeBuild/Policies/s3.json +++ b/07_Resources/Repos/inbound/CodeBuild/Policies/s3.json @@ -10,7 +10,7 @@ { "Effect": "Allow", "Action": "s3:*", - "Resource": { "Fn::Sub": "arn:aws:s3:::${CodePipelineBucketName}/*"} + "Resource": { "Fn::Sub": "arn:aws:s3:::${CodePipelineArtifactsParam}/*"} } ] } diff --git a/07_Resources/Repos/inbound/CodePipeline/_index.json b/07_Resources/Repos/inbound/CodePipeline/_index.json index 3643648..79f00a4 100644 --- a/07_Resources/Repos/inbound/CodePipeline/_index.json +++ b/07_Resources/Repos/inbound/CodePipeline/_index.json @@ -4,7 +4,7 @@ "Properties": { "Name": "0x4447_s3_email_lambda_inbound", "ArtifactStore": { - "Location": { "Ref": "CodePipelineBucketName" }, + "Location": { "Ref": "CodePipelineArtifactsParam" }, "Type": "S3" }, "RoleArn": { "Fn::GetAtt": ["PipelineInboundRole", "Arn"] }, @@ -22,11 +22,11 @@ "Version": "1" }, "Configuration": { - "Owner": { "Ref": "ParamGitHubAccountName" }, + "Owner": { "Ref": "GitHubAccountOwnerParam" }, "Repo": "0x4447_product_s3_email_lambda_inbound", - "Branch": { "Ref": "Stage" }, + "Branch": { "Ref": "StageParam" }, "PollForSourceChanges": false, - "OAuthToken": { "Ref": "GitHubToken" } + "OAuthToken": { "Ref": "GitHubTokenParam" } }, "OutputArtifacts": [ { diff --git a/07_Resources/Repos/inbound/CodePipeline/webhook.json b/07_Resources/Repos/inbound/CodePipeline/webhook.json index e4e32b6..8ee6539 100644 --- a/07_Resources/Repos/inbound/CodePipeline/webhook.json +++ b/07_Resources/Repos/inbound/CodePipeline/webhook.json @@ -5,7 +5,7 @@ "Properties": { "Authentication": "GITHUB_HMAC", "AuthenticationConfiguration": { - "SecretToken": { "Ref": "GitHubToken" } + "SecretToken": { "Ref": "GitHubTokenParam" } }, "Filters": [ { diff --git a/07_Resources/Repos/outbound/CodeBuild/Policies/s3.json b/07_Resources/Repos/outbound/CodeBuild/Policies/s3.json index ada9053..934b7f9 100644 --- a/07_Resources/Repos/outbound/CodeBuild/Policies/s3.json +++ b/07_Resources/Repos/outbound/CodeBuild/Policies/s3.json @@ -10,7 +10,7 @@ { "Effect": "Allow", "Action": "s3:*", - "Resource": { "Fn::Sub": "arn:aws:s3:::${CodePipelineBucketName}/*"} + "Resource": { "Fn::Sub": "arn:aws:s3:::${CodePipelineArtifactsParam}/*"} } ] } diff --git a/07_Resources/Repos/outbound/CodePipeline/_index.json b/07_Resources/Repos/outbound/CodePipeline/_index.json index c162033..b67446f 100644 --- a/07_Resources/Repos/outbound/CodePipeline/_index.json +++ b/07_Resources/Repos/outbound/CodePipeline/_index.json @@ -4,7 +4,7 @@ "Properties": { "Name": "0x4447_s3_email_lambda_outbound", "ArtifactStore": { - "Location": { "Ref": "CodePipelineBucketName" }, + "Location": { "Ref": "CodePipelineArtifactsParam" }, "Type": "S3" }, "RoleArn": { "Fn::GetAtt": ["PipelineOutboundRole", "Arn"] }, @@ -22,11 +22,11 @@ "Version": "1" }, "Configuration": { - "Owner": { "Ref": "ParamGitHubAccountName" }, + "Owner": { "Ref": "GitHubAccountOwnerParam" }, "Repo": "0x4447_product_s3_email_lambda_outbound", - "Branch": { "Ref": "Stage" }, + "Branch": { "Ref": "StageParam" }, "PollForSourceChanges": false, - "OAuthToken": { "Ref": "GitHubToken" } + "OAuthToken": { "Ref": "GitHubTokenParam" } }, "OutputArtifacts": [ { diff --git a/07_Resources/Repos/outbound/CodePipeline/webhook.json b/07_Resources/Repos/outbound/CodePipeline/webhook.json index caf6edf..68813f5 100644 --- a/07_Resources/Repos/outbound/CodePipeline/webhook.json +++ b/07_Resources/Repos/outbound/CodePipeline/webhook.json @@ -5,7 +5,7 @@ "Properties": { "Authentication": "GITHUB_HMAC", "AuthenticationConfiguration": { - "SecretToken": { "Ref": "GitHubToken" } + "SecretToken": { "Ref": "GitHubTokenParam" } }, "Filters": [ {