├── .nojekyll ├── docs ├── partner_editable │ ├── pre-reqs.adoc │ ├── regions.adoc │ ├── service_limits.adoc │ ├── deployment_options.adoc │ ├── specialized_knowledge.adoc │ ├── overview_target_and_usage.adoc │ ├── product_description.adoc │ ├── licenses.adoc │ ├── deploy_steps.adoc │ ├── _settings.adoc │ ├── architecture.adoc │ ├── faq_troubleshooting.adoc │ └── additional_info.adoc ├── generated │ ├── regions │ │ └── index.adoc │ ├── services │ │ ├── index.adoc │ │ └── metadata.adoc │ └── parameters │ │ ├── index.adoc │ │ └── git2s3.template.adoc └── images │ ├── image1.png │ ├── image3.png │ ├── image4.png │ ├── testfile.png │ ├── cfn_outputs.png │ ├── commit_push.png │ ├── outputs_tab.png │ ├── S3_new_object.png │ ├── using_webhooks.png │ ├── architecture_diagram.png │ └── aws-quickstart-graphic.png ├── CODEOWNERS ├── functions └── source │ ├── CreateSSHKey │ ├── requirements.txt │ ├── NOTICE.txt │ ├── Dockerfile │ ├── cfnresponse.py │ ├── lambda_function.py │ └── LICENCE.txt │ ├── GitPullS3 │ ├── NOTICE.txt │ ├── LICENCE.txt │ ├── lambda_function.py │ └── THIRD_PARTY_LICENSES.md │ └── DeleteBucketContents │ ├── NOTICE.txt │ ├── cfnresponse.py │ ├── lambda_function.py │ └── LICENCE.txt ├── .gitignore ├── .gitmodules ├── CODE_OF_CONDUCT.md ├── README.md ├── NOTICE.txt ├── .taskcat.yml ├── .github └── workflows │ └── main-docs-build.yml ├── LICENSE.txt └── templates └── git2s3.template.yaml /.nojekyll: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /docs/partner_editable/pre-reqs.adoc: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /docs/partner_editable/regions.adoc: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /docs/partner_editable/service_limits.adoc: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /docs/partner_editable/deployment_options.adoc: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /docs/partner_editable/specialized_knowledge.adoc: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /CODEOWNERS: -------------------------------------------------------------------------------- 1 | * @aws-quickstart/aws_quickstart_team 2 | -------------------------------------------------------------------------------- /docs/generated/regions/index.adoc: -------------------------------------------------------------------------------- 1 | // placeholder 2 | -------------------------------------------------------------------------------- /docs/generated/services/index.adoc: -------------------------------------------------------------------------------- 1 | // placeholder 2 | -------------------------------------------------------------------------------- /docs/generated/services/metadata.adoc: -------------------------------------------------------------------------------- 1 | // placeholder 2 | -------------------------------------------------------------------------------- /functions/source/CreateSSHKey/requirements.txt: -------------------------------------------------------------------------------- 1 | cryptography 2 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | functions/packages 2 | .idea 3 | .DS_Store 4 | taskcat_outputs -------------------------------------------------------------------------------- /docs/images/image1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-quickstart/quickstart-git2s3/HEAD/docs/images/image1.png -------------------------------------------------------------------------------- /docs/images/image3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-quickstart/quickstart-git2s3/HEAD/docs/images/image3.png -------------------------------------------------------------------------------- /docs/images/image4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-quickstart/quickstart-git2s3/HEAD/docs/images/image4.png -------------------------------------------------------------------------------- /docs/images/testfile.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-quickstart/quickstart-git2s3/HEAD/docs/images/testfile.png -------------------------------------------------------------------------------- /docs/images/cfn_outputs.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-quickstart/quickstart-git2s3/HEAD/docs/images/cfn_outputs.png -------------------------------------------------------------------------------- /docs/images/commit_push.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-quickstart/quickstart-git2s3/HEAD/docs/images/commit_push.png -------------------------------------------------------------------------------- /docs/images/outputs_tab.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-quickstart/quickstart-git2s3/HEAD/docs/images/outputs_tab.png -------------------------------------------------------------------------------- /docs/images/S3_new_object.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-quickstart/quickstart-git2s3/HEAD/docs/images/S3_new_object.png -------------------------------------------------------------------------------- /docs/images/using_webhooks.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-quickstart/quickstart-git2s3/HEAD/docs/images/using_webhooks.png -------------------------------------------------------------------------------- /functions/source/GitPullS3/NOTICE.txt: -------------------------------------------------------------------------------- 1 | Git2S3-GitPullS3 2 | Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. -------------------------------------------------------------------------------- /docs/generated/parameters/index.adoc: -------------------------------------------------------------------------------- 1 | 2 | === Parameters for deploying into your selected Region. 3 | include::git2s3.template.adoc[] 4 | -------------------------------------------------------------------------------- /docs/images/architecture_diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-quickstart/quickstart-git2s3/HEAD/docs/images/architecture_diagram.png -------------------------------------------------------------------------------- /functions/source/CreateSSHKey/NOTICE.txt: -------------------------------------------------------------------------------- 1 | Git2S3-CreateSSHKey 2 | Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | -------------------------------------------------------------------------------- /docs/images/aws-quickstart-graphic.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws-quickstart/quickstart-git2s3/HEAD/docs/images/aws-quickstart-graphic.png -------------------------------------------------------------------------------- /functions/source/DeleteBucketContents/NOTICE.txt: -------------------------------------------------------------------------------- 1 | Git2S3-DeleteBucketContents 2 | Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "docs/boilerplate"] 2 | path = docs/boilerplate 3 | url = https://github.com/aws-quickstart/quickstart-documentation-base-common.git 4 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | ## Code of Conduct 2 | This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). 3 | For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact 4 | opensource-codeofconduct@amazon.com with any additional questions or comments. 5 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # quickstart-git2s3 2 | ## Deprecation Notice 3 | 4 | :x: This repository is subject to deprecation in Q4 2024. For more details, [please review this announcement](https://github.com/aws-ia/.announcements/issues/1). 5 | 6 | ## This repository has been deprecated in favor of https://github.com/aws-ia/cfn-ps-git2s3. 7 | ***We will archive this repository and keep it publicly available until May 1, 2024.*** 8 | -------------------------------------------------------------------------------- /NOTICE.txt: -------------------------------------------------------------------------------- 1 | Copyright 2016-2017 Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at 4 | 5 | http://aws.amazon.com/apache2.0/ 6 | 7 | or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. 8 | -------------------------------------------------------------------------------- /functions/source/CreateSSHKey/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM lambci/lambda:build-python3.8 2 | 3 | COPY . . 4 | 5 | RUN mkdir -p python/ && \ 6 | pip install -t ./ -r ./requirements.txt && \ 7 | find . -name "*.dist-info" -exec rm -rf {} \; | true && \ 8 | find . -name "*.egg-info" -exec rm -rf {} \; | true && \ 9 | find . -name "*.pth" -exec rm -rf {} \; | true && \ 10 | find . -name "__pycache__" -exec rm -rf {} \; | true && \ 11 | rm Dockerfile requirements.txt && \ 12 | find . -exec touch -t 202007010000.00 {} + && \ 13 | zip -X -r lambda.zip ./ 14 | 15 | CMD mkdir -p /output/ && mv lambda.zip /output/ 16 | -------------------------------------------------------------------------------- /docs/partner_editable/overview_target_and_usage.adoc: -------------------------------------------------------------------------------- 1 | This Quick Start deploys the HTTPS endpoint you can use to configure a webhook to link your Git and AWS services. With a webhook in place, each time a Git user pushes a commit, your repository is automatically retrieved, zipped, and uploaded to an Amazon Simple Storage Service (Amazon S3) bucket. You can then configure AWS services such as AWS CodePipeline, AWS CodeBuild, and AWS CodeDeploy to use the S3 bucket as a source. 2 | 3 | This guide describes the components that are deployed by the Quick Start, and contains links to launch the AWS CloudFormation template that automates the deployment. 4 | 5 | -------------------------------------------------------------------------------- /.taskcat.yml: -------------------------------------------------------------------------------- 1 | project: 2 | name: quickstart-git2s3 3 | owner: jmmccon@amazon.com 4 | package_lambda: true 5 | lambda_source_path: functions/source 6 | lambda_zip_path: functions/packages 7 | regions: 8 | - ap-northeast-1 9 | - ap-northeast-2 10 | - ap-south-1 11 | - ap-southeast-1 12 | - ap-southeast-2 13 | - ca-central-1 14 | - eu-central-1 15 | - eu-west-1 16 | - eu-west-2 17 | - sa-east-1 18 | - us-east-1 19 | - us-east-2 20 | - us-west-1 21 | - us-west-2 22 | parameters: 23 | AllowedIps: 131.103.20.160/27,165.254.145.0/26,104.192.143.0/24 24 | QSS3BucketName: $[taskcat_autobucket] 25 | template: templates/git2s3.template.yaml 26 | tests: 27 | git2s3: {} 28 | -------------------------------------------------------------------------------- /docs/partner_editable/product_description.adoc: -------------------------------------------------------------------------------- 1 | After deploying the Quick Start, you use the link:#_configuring_git_services[endpoint information] it provides to configure a webhook in your Git service. A webhook sends an HTTPS POST request to the endpoint in response to a push action. The HTTPS POST request contains JavaScript Object Notation (JSON) data about the push and repository. After the request is accepted by Amazon API Gateway, it is passed to an AWS Lambda function that triggers an AWS CodeBuild project. The AWS CodeBuild project uses the information in the HTTPS POST request to retrieve the latest version of your repository. 2 | 3 | For more information about the components that this Quick Start deploys, see the link:#_architecture[Architecture] section later in this guide. -------------------------------------------------------------------------------- /docs/partner_editable/licenses.adoc: -------------------------------------------------------------------------------- 1 | The Quick Start provides an Amazon API Gateway endpoint, Lambda functions, and an AWS CodeBuild project to access, compress, and upload code to Amazon S3. AWS CodePipeline carries a cost for each active pipeline. (See https://aws.amazon.com/codepipeline/pricing/[AWS CodePipeline pricing].) 2 | 3 | Depending on your configuration, the Quick Start may deploy an AWS Key Management Service (AWS KMS) key which incurs a monthly cost for key storage and usage. (See https://aws.amazon.com/kms/pricing/[AWS Key Management Service pricing].) 4 | 5 | API Gateway, Amazon S3, Lambda, and AWS CodeBuild costs vary depending on how often you commit code to the connected Git repository. (See https://aws.amazon.com/api-gateway/pricing/[Amazon API Gateway pricing], https://aws.amazon.com/s3/pricing/[Amazon S3 pricing], https://aws.amazon.com/lambda/pricing/[AWS Lambda pricing] and https://aws.amazon.com/codebuild/pricing/[AWS CodeBuild pricing].) 6 | -------------------------------------------------------------------------------- /.github/workflows/main-docs-build.yml: -------------------------------------------------------------------------------- 1 | name: main-documentation 2 | 3 | on: 4 | push: 5 | branches: 6 | - master 7 | - main 8 | jobs: 9 | build-adocs: 10 | runs-on: ubuntu-18.04 11 | name: asciidoc builder 12 | steps: 13 | - name: Checkout (main) 14 | uses: actions/checkout@v2 15 | - name: Get new doc updates 16 | run: | 17 | wget https://raw.githubusercontent.com/aws-quickstart/quickstart-documentation-base-common/main/.utils/configure_git_env.sh 18 | chmod +x configure_git_env.sh 19 | ./configure_git_env.sh 20 | - name: Setup python 21 | uses: actions/setup-python@v2 22 | with: 23 | python-version: 3.x 24 | - name: Generate dynamic content. 25 | run: ./docs/boilerplate/.utils/generate_dynamic_content.sh 26 | - name: Run local actions 27 | id: adoc 28 | uses: ./docs/boilerplate/.actions/asciidoctor-action 29 | with: 30 | program: "./docs/boilerplate/.utils/build_docs.sh" 31 | - name: Stage and Push changes to gh-pages branch. 32 | run: ./docs/boilerplate/.utils/commit_and_push_to_ghpages.sh 33 | env: 34 | GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" 35 | - name: Configure gh-pages source and trigger build if necessary. 36 | run: ./docs/boilerplate/.utils/config_and_trigger_gh-pages.sh 37 | env: 38 | GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" 39 | -------------------------------------------------------------------------------- /docs/partner_editable/deploy_steps.adoc: -------------------------------------------------------------------------------- 1 | // We need to work around Step numbers here if we are going to potentially exclude the AMI subscription 2 | === Sign in to your AWS account 3 | 4 | . Sign in to your AWS account at https://aws.amazon.com with an IAM user role that has the necessary permissions. For details, see link:#_planning_the_deployment[Planning the deployment] earlier in this guide. 5 | . Make sure that your AWS account is configured correctly, as discussed in the link:#_technical_requirements[Technical requirements] section. 6 | 7 | === Launch the Quick Start 8 | 9 | . https://fwd.aws/8kp57[Launch the AWS CloudFormation template] into your AWS account. 10 | 11 | NOTE: You are responsible for the cost of the AWS services used while running this Quick Start reference deployment. There is no additional cost for using this Quick Start. Prices are subject to change. See the pricing pages for each AWS service you use in this Quick Start for full details. 12 | 13 | :xrefstyle: short 14 | [start=2] 15 | . Check the Region that’s displayed in the upper-right corner of the navigation bar, and change it if necessary. This Region is where the Quick Start infrastructure is built. The template for this Quick Start is launched in the US East (Ohio) Region by default. 16 | . On the *Select Template* page, keep the default setting for the template URL, and then choose *Next*. 17 | . On the *Specify Details* page, change the stack name if needed. Review the parameters for the template. Provide values for the parameters that require input. For all other parameters, review the default settings and customize them as necessary. For details on each parameter, see the link:#_parameter_reference[Parameter reference] section of this guide. After reviewing and customizing the parameters, choose *Next*. 18 | -------------------------------------------------------------------------------- /docs/partner_editable/_settings.adoc: -------------------------------------------------------------------------------- 1 | // Do not change this first attribute. Do change the others. 2 | :quickstart-team-name: AWS Quick Start team 3 | :quickstart-project-name: quickstart-git2s3 4 | :partner-product-name: Git webhooks 5 | // For the following attribute, if you have no short name, enter the same name as partner-product-name. 6 | :partner-product-short-name: Git webhooks 7 | // If there's no partner, comment partner-company-name and partner-contributors. 8 | // :partner-company-name: Example Company Name, Ltd. 9 | :doc-month: January 10 | :doc-year: 2021 11 | // For the following two "contributor" attributes, if the partner agrees to include names in the byline, 12 | // enter names for both partner-contributors and quickstart-contributors. 13 | // Otherwise, delete all placeholder names: everything preceding "{partner-company-name}" 14 | // and "{quickstart-team-name}". Use commas as shown in the placeholder text. 15 | // Use the comma before "and" only when three or more names. 16 | // :partner-contributors: Shuai Ye, Michael McConnell, and John Smith, {partner-company-name} 17 | :quickstart-contributors: Kirankumar Chandrashekar and Jay McConnell, AWS Quick Start team 18 | // For deployment_time, use minutes if deployment takes an hour or less, 19 | // for example, 30 minutes or 60 minutes. 20 | // Use hours for deployment times greater than 60 minutes (rounded to a quarter hour), 21 | // for example, 1.25 hours, 2 hours, 2.5 hours. 22 | :deployment_time: 15 minutes 23 | :default_deployment_region: us-east-2 24 | // Uncomment the following two attributes if you are using an AWS Marketplace listing. 25 | // Additional content will be generated automatically based on these attributes. 26 | // :marketplace_subscription: 27 | // :marketplace_listing_url: https://example.com/ 28 | :disable_licenses: 29 | :disable_regions: 30 | :disable_requirements: 31 | :parameters_as_appendix: 32 | -------------------------------------------------------------------------------- /functions/source/CreateSSHKey/cfnresponse.py: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon Web Services, Inc. or its affiliates. All Rights Reserved. 2 | # This file is licensed to you under the AWS Customer Agreement (the "License"). 3 | # You may not use this file except in compliance with the License. 4 | # A copy of the License is located at http://aws.amazon.com/agreement/ . 5 | # This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied. 6 | # See the License for the specific language governing permissions and limitations under the License. 7 | 8 | import urllib3 9 | import json 10 | http = urllib3.PoolManager() 11 | SUCCESS = "SUCCESS" 12 | FAILED = "FAILED" 13 | 14 | def send(event, context, responseStatus, responseData, physicalResourceId=None, noEcho=False): 15 | responseUrl = event['ResponseURL'] 16 | 17 | print(responseUrl) 18 | 19 | responseBody = {} 20 | responseBody['Status'] = responseStatus 21 | responseBody['Reason'] = 'See the details in CloudWatch Log Stream: ' + context.log_stream_name 22 | responseBody['PhysicalResourceId'] = physicalResourceId or context.log_stream_name 23 | responseBody['StackId'] = event['StackId'] 24 | responseBody['RequestId'] = event['RequestId'] 25 | responseBody['LogicalResourceId'] = event['LogicalResourceId'] 26 | responseBody['NoEcho'] = noEcho 27 | responseBody['Data'] = responseData 28 | 29 | json_responseBody = json.dumps(responseBody) 30 | 31 | print("Response body:\n" + json_responseBody) 32 | 33 | headers = { 34 | 'content-type' : '', 35 | 'content-length' : str(len(json_responseBody)) 36 | } 37 | 38 | try: 39 | 40 | response = http.request('PUT',responseUrl,body=json_responseBody.encode('utf-8'),headers=headers) 41 | print("Status code: " + response.reason) 42 | except Exception as e: 43 | print("send(..) failed executing requests.put(..): " + str(e)) 44 | -------------------------------------------------------------------------------- /functions/source/DeleteBucketContents/cfnresponse.py: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon Web Services, Inc. or its affiliates. All Rights Reserved. 2 | # This file is licensed to you under the AWS Customer Agreement (the "License"). 3 | # You may not use this file except in compliance with the License. 4 | # A copy of the License is located at http://aws.amazon.com/agreement/ . 5 | # This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied. 6 | # See the License for the specific language governing permissions and limitations under the License. 7 | 8 | import urllib3 9 | import json 10 | http = urllib3.PoolManager() 11 | SUCCESS = "SUCCESS" 12 | FAILED = "FAILED" 13 | 14 | def send(event, context, responseStatus, responseData, physicalResourceId=None, noEcho=False): 15 | responseUrl = event['ResponseURL'] 16 | 17 | print(responseUrl) 18 | 19 | responseBody = {} 20 | responseBody['Status'] = responseStatus 21 | responseBody['Reason'] = 'See the details in CloudWatch Log Stream: ' + context.log_stream_name 22 | responseBody['PhysicalResourceId'] = physicalResourceId or context.log_stream_name 23 | responseBody['StackId'] = event['StackId'] 24 | responseBody['RequestId'] = event['RequestId'] 25 | responseBody['LogicalResourceId'] = event['LogicalResourceId'] 26 | responseBody['NoEcho'] = noEcho 27 | responseBody['Data'] = responseData 28 | 29 | json_responseBody = json.dumps(responseBody) 30 | 31 | print("Response body:\n" + json_responseBody) 32 | 33 | headers = { 34 | 'content-type' : '', 35 | 'content-length' : str(len(json_responseBody)) 36 | } 37 | 38 | try: 39 | 40 | response = http.request('PUT',responseUrl,body=json_responseBody.encode('utf-8'),headers=headers) 41 | print("Status code: " + response.reason) 42 | except Exception as e: 43 | print("send(..) failed executing requests.put(..): " + str(e)) -------------------------------------------------------------------------------- /docs/partner_editable/architecture.adoc: -------------------------------------------------------------------------------- 1 | Deploying this Quick Start builds the following environment in the AWS Cloud. 2 | 3 | // Replace this example diagram with your own. Send us your source PowerPoint file. Be sure to follow our guidelines here : http://(we should include these points on our contributors guide) 4 | 5 | :xrefstyle: short 6 | [#architecture_diagram] 7 | .Git webhooks with AWS services Quick Start architecture 8 | [link=images/architecture_diagram.png] 9 | image::../images/architecture_diagram.png[architecture_diagram,width=100%,height=100%] 10 | 11 | As shown in <>, this Quick Start sets up a serverless AWS Cloud environment that includes the following components: 12 | 13 | * Amazon API Gateway to receive Git webhook requests and forward them to AWS Lambda. 14 | * An AWS Lambda function to process Git webhook requests from API Gateway and invoke an AWS CodeBuild project. 15 | * An AWS CodeBuild project to connect to your Git service, then retrieve, zip, and upload the latest version of your Git repository to Amazon S3. 16 | * An AWS Key Management Service (AWS KMS) key to encrypt/decrypt the SSH (Secure Shell) keys used by AWS CodeBuild to connect to your Git repository using SSH. The SSH key pair is generated by a Lambda-backed AWS CloudFormation custom resource when the stack is deployed. 17 | * Two Amazon S3 buckets: one for Git repository contents, and another for encrypted SSH keys. A Lambda-backed AWS CloudFormation custom resource deletes the contents of the S3 buckets when you delete the CloudFormation stack. If you need backups, copy the S3 buckets before deleting the stack. 18 | 19 | [NOTE] 20 | ======== 21 | * The Quick Start deploys AWS Identity and Access Management (IAM) roles required by Lambda and API Gateway. The inline permissions attached to the roles are scoped using the http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege[least privilege] model. 22 | * The AWS CodeBuild project must be able to communicate with your Git repository. For example, you can employ a SaaS-based Git service like GitHub to which CodeBuild can connect over the internet. 23 | * The Git repository S3 bucket this Quick Start deploys has versioning enabled, and all previous versions are retained indefinitely. To modify the retention period, see http://docs.aws.amazon.com/AmazonS3/latest/user-guide/create-lifecycle.html[How do I create a lifecycle rule for an S3 bucket?] 24 | ======== 25 | -------------------------------------------------------------------------------- /functions/source/DeleteBucketContents/lambda_function.py: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon Web Services, Inc. or its affiliates. All Rights Reserved. 2 | # This file is licensed to you under the AWS Customer Agreement (the "License"). 3 | # You may not use this file except in compliance with the License. 4 | # A copy of the License is located at http://aws.amazon.com/agreement/ . 5 | # This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied. 6 | # See the License for the specific language governing permissions and limitations under the License. 7 | 8 | import cfnresponse 9 | import traceback 10 | import boto3 11 | 12 | def lambda_handler(event,context): 13 | try: 14 | if event['RequestType'] == 'Delete': 15 | s3 = boto3.client('s3') 16 | # Delete KeyBucket contents 17 | print ('Getting KeyBucket objects...') 18 | s3objects = s3.list_objects_v2(Bucket=event["ResourceProperties"]["KeyBucket"]) 19 | if 'Contents' in s3objects.keys(): 20 | print ('Deleting KeyBucket objects %s...' % str([{'Key':key['Key']} for key in s3objects['Contents']])) 21 | s3.delete_objects(Bucket=event["ResourceProperties"]["KeyBucket"],Delete={'Objects':[{'Key':key['Key']} for key in s3objects['Contents']]}) 22 | # Delete Output bucket contents and versions 23 | print ('Getting OutputBucket objects...') 24 | objects=[] 25 | versions=s3.list_object_versions(Bucket=event["ResourceProperties"]["OutputBucket"]) 26 | while versions: 27 | if 'Versions' in versions.keys(): 28 | for v in versions['Versions']: 29 | objects.append({'Key':v['Key'],'VersionId': v['VersionId']}) 30 | if 'DeleteMarkers'in versions.keys(): 31 | for v in versions['DeleteMarkers']: 32 | objects.append({'Key':v['Key'],'VersionId': v['VersionId']}) 33 | if versions['IsTruncated']: 34 | versions=s3.list_object_versions(Bucket=event["ResourceProperties"]["OutputBucket"],VersionIdMarker=versions['NextVersionIdMarker']) 35 | else: 36 | versions=False 37 | if objects != []: 38 | s3.delete_objects(Bucket=event["ResourceProperties"]["OutputBucket"],Delete={'Objects':objects}) 39 | cfnresponse.send(event, context, cfnresponse.SUCCESS, {}, '') 40 | except: 41 | print (traceback.print_exc()) 42 | cfnresponse.send(event, context, cfnresponse.FAILED, {}, '') 43 | -------------------------------------------------------------------------------- /functions/source/CreateSSHKey/lambda_function.py: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon Web Services, Inc. or its affiliates. 2 | # All Rights Reserved. 3 | # This file is licensed to you under the AWS Customer Agreement 4 | # (the "License"). 5 | # You may not use this file except in compliance with the License. 6 | # A copy of the License is located at http://aws.amazon.com/agreement/ . 7 | # This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 8 | # CONDITIONS OF ANY KIND, express or implied. 9 | # See the License for the specific language governing permissions and 10 | # limitations under the License. 11 | 12 | 13 | import cfnresponse 14 | import traceback 15 | import boto3 16 | from cryptography.hazmat.primitives import serialization as \ 17 | crypto_serialization 18 | from cryptography.hazmat.primitives.asymmetric import rsa 19 | from cryptography.hazmat.backends import default_backend as \ 20 | crypto_default_backend 21 | 22 | 23 | def lambda_handler(event,context): 24 | try: 25 | if event['RequestType'] == 'Create': 26 | # Generate keys 27 | new_key = rsa.generate_private_key( 28 | backend=crypto_default_backend(), public_exponent=65537, 29 | key_size=2048) 30 | priv_key = str(new_key.private_bytes( 31 | crypto_serialization.Encoding.PEM, 32 | crypto_serialization.PrivateFormat.PKCS8, 33 | crypto_serialization.NoEncryption() 34 | ), 'utf-8') 35 | pub_key = str(new_key.public_key().public_bytes( 36 | crypto_serialization.Encoding.OpenSSH, 37 | crypto_serialization.PublicFormat.OpenSSH 38 | ), 'utf-8') 39 | print(priv_key) 40 | print(pub_key) 41 | # Encrypt private key 42 | kms = boto3.client( 43 | 'kms', region_name=event["ResourceProperties"]["Region"]) 44 | enc_key = kms.encrypt( 45 | KeyId=event["ResourceProperties"]["KMSKey"], 46 | Plaintext=priv_key)['CiphertextBlob'] 47 | f = open('/tmp/enc_key', 'wb') 48 | f.write(enc_key) 49 | f.close() 50 | # Upload private key to S3 51 | s3 = boto3.client('s3') 52 | s3.upload_file('/tmp/enc_key', 53 | event["ResourceProperties"]["KeyBucket"], 'enc_key') 54 | else: 55 | pub_key = event['PhysicalResourceId'] 56 | cfnresponse.send(event, context, cfnresponse.SUCCESS, {}, pub_key) 57 | except: 58 | traceback.print_exc() 59 | cfnresponse.send(event, context, cfnresponse.FAILED, {}, '') 60 | 61 | -------------------------------------------------------------------------------- /docs/generated/parameters/git2s3.template.adoc: -------------------------------------------------------------------------------- 1 | 2 | .General settings 3 | [width="100%",cols="16%,11%,73%",options="header",] 4 | |=== 5 | |Parameter label (name) |Default value|Description|Output S3 bucket name 6 | (`OutputBucketName`)|`**__Blank string__**`|(Optional) Name for the S3 bucket where the Git repository .zip file is stored. If left blank, the Quick Start creates one for you.|Custom domain name 7 | (`CustomDomainName`)|`**__Blank string__**`|Domain name for the webhook endpoint. If left blank, API Gateway creates a domain name for you. 8 | |=== 9 | .Git pull settings 10 | [width="100%",cols="16%,11%,73%",options="header",] 11 | |=== 12 | |Parameter label (name) |Default value|Description|API secret 13 | (`ApiSecret`)|`**__Blank string__**`|API secret used to authenticate access to webhooks in GitHub Enterprise, GitLab, and other Git services. If a webhook payload header contains a matching secret, IP address authentication is bypassed. API secrets cannot contain commas (,), backward slashes (\), or quotes (").|Allowed IP addresses 14 | (`AllowedIps`)|`18.205.93.0/25,18.234.32.128/25,13.52.5.0/25`|Comma-separated list of allowed IP CIDR blocks. The default addresses listed are BitBucket Cloud IP ranges.|Exclude .git directory 15 | (`ExcludeGit`)|`True`|Choose False to omit the .git directory from the Git repository .zip file. 16 | |=== 17 | .AWS Quick Start configuration 18 | [width="100%",cols="16%,11%,73%",options="header",] 19 | |=== 20 | |Parameter label (name) |Default value|Description|Quick Start S3 bucket name 21 | (`QSS3BucketName`)|`aws-quickstart`|S3 bucket name for Quick Start assets. It can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-).|Quick Start S3 bucket Region 22 | (`QSS3BucketRegion`)|`us-east-1`|AWS Region where the Quick Start assets S3 bucket (QSS3BucketName) is hosted. Required when using your own S3 bucket.|Quick Start S3 key prefix 23 | (`QSS3KeyPrefix`)|`quickstart-git2s3/`|Key prefix for the Quick Start assets S3 bucket. A key prefix is similar to a directory name that enables you to store similar data under the same directory in an S3 bucket. It can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slashes (/). 24 | |=== 25 | .VPC configuration 26 | [width="100%",cols="16%,11%,73%",options="header",] 27 | |=== 28 | |Parameter label (name) |Default value|Description|VPC ID 29 | (`VPCId`)|`**__Blank string__**`|ID of the VPC in which the Lambda function runs.|VPC CIDR 30 | (`VPCCidrRange`)|`**__Blank string__**`|CIDR range of the VPC.|Subnet IDs 31 | (`SubnetIds`)|`**__Blank string__**`|SubnetIDs in which the Lambda function runs.|Hostname override 32 | (`ScmHostnameOverride`)|`**__Blank string__**`|Name to override the hostname in the header of a webhook JSON payload. 33 | |=== -------------------------------------------------------------------------------- /docs/partner_editable/faq_troubleshooting.adoc: -------------------------------------------------------------------------------- 1 | // Add any tips or answers to anticipated questions. This could include the following troubleshooting information. If you don’t have any other Q&A to add, change “FAQ” to “Troubleshooting.” 2 | 3 | == FAQ 4 | 5 | *Q.* I encountered a *CREATE_FAILED* error when I launched the Quick Start. 6 | 7 | *A.* If AWS CloudFormation fails to create the stack, we recommend that you relaunch the template with *Rollback on failure* set to *Disabled*. (This setting is under *Advanced* on the *Options* page of the AWS CloudFormation console.) With this setting, the stack’s state is retained and the instance remains running so you can troubleshoot the issue. 8 | 9 | WARNING: When you set *Rollback on failure* to *Disabled*, you continue to incur AWS charges for this stack. Ensure that you delete the stack after troubleshooting. 10 | 11 | For more information, see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/troubleshooting.html[Troubleshooting AWS CloudFormation^]. 12 | 13 | == Troubleshooting 14 | 15 | If commits to your repository do not show up in Amazon S3, do the following: 16 | 17 | * Check the security parameters and endpoint in your Git webhook configuration. See link:#_configuring_git_services[Configuring Git services] earlier in this guide and consult your Git service documentation for help with configuring webhooks. 18 | * Check the AWS Lambda logs for errors. These are stored in Amazon CloudWatch Logs. For help with accessing them, see https://docs.aws.amazon.com/lambda/latest/dg/monitoring-cloudwatchlogs.html[Accessing Amazon CloudWatch logs for AWS Lambda]. 19 | * Check the AWS CodeBuild project logs for errors. To access them, do the following: 20 | . Open the AWS CodeBuild console. 21 | . On the *Build history* page, choose the *Build run* link for the project. 22 | . On the *Build status* page, see the *Build logs* tab. 23 | 24 | == Additional resources 25 | 26 | === AWS services 27 | 28 | * https://aws.amazon.com/documentation/cloudformation/[AWS CloudFormation] 29 | * https://aws.amazon.com/documentation/lambda/[AWS Lambda] 30 | ** https://docs.aws.amazon.com/lambda/latest/dg/lambda-troubleshooting.html[Troubleshooting issues in AWS Lambda^] 31 | * https://aws.amazon.com/documentation/apigateway/[Amazon API Gateway] 32 | * https://aws.amazon.com/documentation/s3/[Amazon S3] 33 | * https://aws.amazon.com/documentation/codepipeline/[AWS CodePipeline] 34 | ** http://docs.aws.amazon.com/codepipeline/latest/userguide/tutorials-simple-s3.html[Tutorial: Create a simple pipeline (S3 bucket)] 35 | * https://aws.amazon.com/documentation/codebuild/[AWS CodeBuild] 36 | ** https://docs.aws.amazon.com/codebuild/latest/userguide/troubleshooting.html[Troubleshooting AWS CodeBuild^] 37 | ** http://docs.aws.amazon.com/codebuild/latest/userguide/getting-started.html[Getting started with AWS CodeBuild using the console] 38 | 39 | === Webhooks 40 | 41 | * https://developer.github.com/v3/repos/hooks/[GitHub Docs: Webhooks] 42 | * https://confluence.atlassian.com/bitbucket/manage-webhooks-735643732.html[BitBucket Support: Manage webhooks] 43 | * https://docs.gitlab.com/ce/user/project/integrations/webhooks.html[GitLab Docs: Webhooks] -------------------------------------------------------------------------------- /docs/partner_editable/additional_info.adoc: -------------------------------------------------------------------------------- 1 | === Configuring Git services 2 | 3 | After deploying the Quick Start, set up a webhook in your Git repository. 4 | 5 | To configure a webhook, you need *GitPullWebHookApi* and *PublicSSHKey*. You can find these on the *Outputs* tab on the AWS CloudFormation console after deploying the Quick Start. 6 | 7 | [#outputs_tab] 8 | .Outputs tab on the AWS CloudFormation console 9 | [link=images/outputs_tab.png] 10 | image::../images/outputs_tab.png[outputs_tab,width=701,height=222] 11 | 12 | * *GitPullWebHookApi* is the URL endpoint that receives the HTTP POST request from the Git service. 13 | * *PublicSSHKey* is the public SSH key used to connect to your Git repository. This key can be configured as a read-only machine user or as a deployment key in your Git repository. 14 | 15 | The instructions for setting up webhooks and deployment keys vary by Git service. For more information, see your Git service documentation. 16 | 17 | === Configuring AWS services 18 | 19 | After deploying the Quick Start, configure the AWS services in your workload to use the Git repository S3 bucket as a source. 20 | 21 | As shown in <>, the *Outputs* tab in the AWS CloudFormation console includes *OutputBucketName*. This output is an Amazon S3 key that forms the base of the path to the .zip file of your repository code. The S3 key has the following format: 22 | 23 | ``` 24 | S3://output-bucket-name/git-user/git-repository/git-user_git-repository.zip 25 | ``` 26 | Here, `git-user` is the owner or path prefix of the repository. In some Git services, this may be an organization name. However, some Git services do not return a Git user or organization for a repository. In these cases, you can omit the `git-user` parts of the path. 27 | 28 | The instructions vary for linking an AWS service to an Amazon S3 object. For links to AWS service documentation, see link:#_aws_services[AWS services], later in this guide. 29 | 30 | == Adding an API secret after deployment 31 | 32 | You can launch this Quick Start without an *API Secret* parameter. If your Git service provides an API secret when you create a webhook, you can update the stack with the API secret later. 33 | 34 | To update the stack with an API secret, do the following: 35 | 36 | . In the https://console.aws.amazon.com/cloudformation[AWS CloudFormation console], select the stack you want to update. 37 | . In the stack details pane, choose *Update*. 38 | . Choose *Use current template*. 39 | . On the *Specify stack details* page, change the *API Secret* parameter setting, then choose *Next*. 40 | . On the *Configure stack options* page, choose *Next*. 41 | . Select *I acknowledge that this template may create IAM resources*. 42 | . Choose *Update stack*. When the status is *UPDATE_COMPLETE*, the stack is updated with the API secret. 43 | 44 | == Test the deployment 45 | 46 | Before putting a webhook into production, test your deployment by doing the following: 47 | 48 | . Modify a file in your repository. 49 | . Commit and push the changes. 50 | . Wait a few minutes, and then check the Git repository S3 bucket for a new (or updated) object with a key that matches your repository path. 51 | 52 | :xrefstyle: short 53 | [#S3_new_object] 54 | .Checking for a new or updated object in your S3 bucket after a commit 55 | [link=images/S3_new_object.png] 56 | image::../images/S3_new_object.png[S3_new_object,width=646,height=348] 57 | 58 | == Best practices 59 | 60 | The architecture built by this Quick Start supports AWS best practices for security. 61 | 62 | === SSH keys 63 | 64 | This Quick Start deploys a private SSH key pair that is encrypted with an AWS KMS key and uploaded to Amazon S3. AWS CodeBuild decrypts the private SSH key and uses it to authenticate your Git service before cloning the repository. 65 | 66 | We don’t recommend sharing SSH keys among multiple services, or launching another instance of this Quick Start to clone and store another repository in Amazon S3. Each repository should use unique SSH keys. 67 | 68 | === Webhook security 69 | 70 | Git services provide different ways to authenticate an endpoint, such as webhook secrets, source-IP-address allow listing, personal access tokens, and OAuth2. We recommend that you set up at least one of these security mechanisms to protect your webhook API endpoint. 71 | 72 | For more information about how this Quick Start uses endpoint security mechanisms, see the link:#_parameter_reference[Parameter reference] section of this guide. For specific guidance on how to configure security mechanisms for your Git service, refer to your Git service documentation. 73 | -------------------------------------------------------------------------------- /functions/source/CreateSSHKey/LICENCE.txt: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | 4 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 5 | 6 | 1. Definitions. 7 | 8 | “License” shall mean the terms and conditions for use, reproduction, and 9 | distribution as defined by Sections 1 through 9 of this document. 10 | 11 | “Licensor” shall mean the copyright owner or entity authorized by the copyright 12 | owner that is granting the License. 13 | 14 | “Legal Entity” shall mean the union of the acting entity and all other entities 15 | that control, are controlled by, or are under common control with that entity. 16 | For the purposes of this definition, “control” means (i) the power, direct or 17 | indirect, to cause the direction or management of such entity, whether by 18 | contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the 19 | outstanding shares, or (iii) beneficial ownership of such entity. 20 | 21 | “You” (or “Your”) shall mean an individual or Legal Entity exercising 22 | permissions granted by this License. 23 | 24 | “Source” form shall mean the preferred form for making modifications, including 25 | but not limited to software source code, documentation source, and configuration 26 | files. 27 | 28 | “Object” form shall mean any form resulting from mechanical transformation or 29 | translation of a Source form, including but not limited to compiled object code, 30 | generated documentation, and conversions to other media types. 31 | 32 | “Work” shall mean the work of authorship, whether in Source or Object form, made 33 | available under the License, as indicated by a copyright notice that is included 34 | in or attached to the work (an example is provided in the Appendix below). 35 | 36 | “Derivative Works” shall mean any work, whether in Source or Object form, that 37 | is based on (or derived from) the Work and for which the editorial revisions, 38 | annotations, elaborations, or other modifications represent, as a whole, an 39 | original work of authorship. For the purposes of this License, Derivative Works 40 | shall not include works that remain separable from, or merely link (or bind by 41 | name) to the interfaces of, the Work and Derivative Works thereof. 42 | 43 | “Contribution” shall mean any work of authorship, including the original version 44 | of the Work and any modifications or additions to that Work or Derivative Works 45 | thereof, that is intentionally submitted to Licensor for inclusion in the Work 46 | by the copyright owner or by an individual or Legal Entity authorized to submit 47 | on behalf of the copyright owner. For the purposes of this definition, 48 | “submitted” means any form of electronic, verbal, or written communication sent 49 | to the Licensor or its representatives, including but not limited to 50 | communication on electronic mailing lists, source code control systems, and 51 | issue tracking systems that are managed by, or on behalf of, the Licensor for 52 | the purpose of discussing and improving the Work, but excluding communication 53 | that is conspicuously marked or otherwise designated in writing by the copyright 54 | owner as “Not a Contribution.” 55 | 56 | “Contributor” shall mean Licensor and any individual or Legal Entity on behalf 57 | of whom a Contribution has been received by Licensor and subsequently 58 | incorporated within the Work. 59 | 60 | 2. Grant of Copyright License. Subject to the terms and conditions of this 61 | License, each Contributor hereby grants to You a perpetual, worldwide, 62 | non-exclusive, no-charge, royalty-free, irrevocable copyright license to 63 | reproduce, prepare Derivative Works of, publicly display, publicly perform, 64 | sublicense, and distribute the Work and such Derivative Works in Source or 65 | Object form. 66 | 67 | 3. Grant of Patent License. Subject to the terms and conditions of this License, 68 | each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, 69 | no-charge, royalty-free, irrevocable (except as stated in this section) patent 70 | license to make, have made, use, offer to sell, sell, import, and otherwise 71 | transfer the Work, where such license applies only to those patent claims 72 | licensable by such Contributor that are necessarily infringed by their 73 | Contribution(s) alone or by combination of their Contribution(s) with the Work 74 | to which such Contribution(s) was submitted. If You institute patent litigation 75 | against any entity (including a cross-claim or counterclaim in a lawsuit) 76 | alleging that the Work or a Contribution incorporated within the Work 77 | constitutes direct or contributory patent infringement, then any patent licenses 78 | granted to You under this License for that Work shall terminate as of the date 79 | such litigation is filed. 80 | 81 | 4. Redistribution. You may reproduce and distribute copies of the Work or 82 | Derivative Works thereof in any medium, with or without modifications, and in 83 | Source or Object form, provided that You meet the following conditions: 84 | 85 | You must give any other recipients of the Work or Derivative Works a copy of 86 | this License; and 87 | You must cause any modified files to carry prominent notices stating that 88 | You changed the files; and 89 | You must retain, in the Source form of any Derivative Works that You 90 | distribute, all copyright, patent, trademark, and attribution notices 91 | from the Source form of the Work, excluding those notices that do not 92 | pertain to any part of the Derivative Works; and 93 | If the Work includes a “NOTICE” text file as part of its distribution, then 94 | any Derivative Works that You distribute must include a readable copy of 95 | the attribution notices contained within such NOTICE file, excluding those 96 | notices that do not pertain to any part of the Derivative Works, in at 97 | least one of the following places: within a NOTICE text file distributed 98 | as part of the Derivative Works; within the Source form or documentation, 99 | if provided along with the Derivative Works; or, within a display 100 | generated by the Derivative Works, if and wherever such third-party 101 | notices normally appear. The contents of the NOTICE file are for 102 | informational purposes only and do not modify the License. You may add 103 | Your own attribution notices within Derivative Works that You distribute, 104 | alongside or as an addendum to the NOTICE text from the Work, provided 105 | that such additional attribution notices cannot be construed as modifying 106 | the License. 107 | 108 | You may add Your own copyright statement to Your modifications and may provide 109 | additional or different license terms and conditions for use, reproduction, or 110 | distribution of Your modifications, or for any such Derivative Works as a whole, 111 | provided Your use, reproduction, and distribution of the Work otherwise complies 112 | with the conditions stated in this License. 113 | 114 | 5. Submission of Contributions. Unless You explicitly state otherwise, any 115 | Contribution intentionally submitted for inclusion in the Work by You to the 116 | Licensor shall be under the terms and conditions of this License, without any 117 | additional terms or conditions. Notwithstanding the above, nothing herein shall 118 | supersede or modify the terms of any separate license agreement you may have 119 | executed with Licensor regarding such Contributions. 120 | 121 | 6. Trademarks. This License does not grant permission to use the trade names, 122 | trademarks, service marks, or product names of the Licensor, except as required 123 | for reasonable and customary use in describing the origin of the Work and 124 | reproducing the content of the NOTICE file. 125 | 126 | 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in 127 | writing, Licensor provides the Work (and each Contributor provides its 128 | Contributions) on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 129 | KIND, either express or implied, including, without limitation, any warranties 130 | or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 131 | PARTICULAR PURPOSE. You are solely responsible for determining the 132 | appropriateness of using or redistributing the Work and assume any risks 133 | associated with Your exercise of permissions under this License. 134 | 135 | 8. Limitation of Liability. In no event and under no legal theory, whether in 136 | tort (including negligence), contract, or otherwise, unless required by 137 | applicable law (such as deliberate and grossly negligent acts) or agreed to in 138 | writing, shall any Contributor be liable to You for damages, including any 139 | direct, indirect, special, incidental, or consequential damages of any character 140 | arising as a result of this License or out of the use or inability to use the 141 | Work (including but not limited to damages for loss of goodwill, work stoppage, 142 | computer failure or malfunction, or any and all other commercial damages or 143 | losses), even if such Contributor has been advised of the possibility of such 144 | damages. 145 | 146 | 9. Accepting Warranty or Additional Liability. While redistributing the Work or 147 | Derivative Works thereof, You may choose to offer, and charge a fee for, 148 | acceptance of support, warranty, indemnity, or other liability obligations 149 | and/or rights consistent with this License. However, in accepting such 150 | obligations, You may act only on Your own behalf and on Your sole 151 | responsibility, not on behalf of any other Contributor, and only if You agree to 152 | indemnify, defend, and hold each Contributor harmless for any liability incurred 153 | by, or claims asserted against, such Contributor by reason of your accepting any 154 | such warranty or additional liability. 155 | 156 | END OF TERMS AND CONDITIONS 157 | 158 | Note: Other license terms may apply to certain, identified software files 159 | contained within or distributed with the accompanying software if such terms 160 | are included in the directory containing the accompanying software. Such other 161 | license terms will then apply in lieu of the terms of the software license 162 | above. 163 | -------------------------------------------------------------------------------- /functions/source/GitPullS3/LICENCE.txt: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | 4 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 5 | 6 | 1. Definitions. 7 | 8 | “License” shall mean the terms and conditions for use, reproduction, and 9 | distribution as defined by Sections 1 through 9 of this document. 10 | 11 | “Licensor” shall mean the copyright owner or entity authorized by the copyright 12 | owner that is granting the License. 13 | 14 | “Legal Entity” shall mean the union of the acting entity and all other entities 15 | that control, are controlled by, or are under common control with that entity. 16 | For the purposes of this definition, “control” means (i) the power, direct or 17 | indirect, to cause the direction or management of such entity, whether by 18 | contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the 19 | outstanding shares, or (iii) beneficial ownership of such entity. 20 | 21 | “You” (or “Your”) shall mean an individual or Legal Entity exercising 22 | permissions granted by this License. 23 | 24 | “Source” form shall mean the preferred form for making modifications, including 25 | but not limited to software source code, documentation source, and configuration 26 | files. 27 | 28 | “Object” form shall mean any form resulting from mechanical transformation or 29 | translation of a Source form, including but not limited to compiled object code, 30 | generated documentation, and conversions to other media types. 31 | 32 | “Work” shall mean the work of authorship, whether in Source or Object form, made 33 | available under the License, as indicated by a copyright notice that is included 34 | in or attached to the work (an example is provided in the Appendix below). 35 | 36 | “Derivative Works” shall mean any work, whether in Source or Object form, that 37 | is based on (or derived from) the Work and for which the editorial revisions, 38 | annotations, elaborations, or other modifications represent, as a whole, an 39 | original work of authorship. For the purposes of this License, Derivative Works 40 | shall not include works that remain separable from, or merely link (or bind by 41 | name) to the interfaces of, the Work and Derivative Works thereof. 42 | 43 | “Contribution” shall mean any work of authorship, including the original version 44 | of the Work and any modifications or additions to that Work or Derivative Works 45 | thereof, that is intentionally submitted to Licensor for inclusion in the Work 46 | by the copyright owner or by an individual or Legal Entity authorized to submit 47 | on behalf of the copyright owner. For the purposes of this definition, 48 | “submitted” means any form of electronic, verbal, or written communication sent 49 | to the Licensor or its representatives, including but not limited to 50 | communication on electronic mailing lists, source code control systems, and 51 | issue tracking systems that are managed by, or on behalf of, the Licensor for 52 | the purpose of discussing and improving the Work, but excluding communication 53 | that is conspicuously marked or otherwise designated in writing by the copyright 54 | owner as “Not a Contribution.” 55 | 56 | “Contributor” shall mean Licensor and any individual or Legal Entity on behalf 57 | of whom a Contribution has been received by Licensor and subsequently 58 | incorporated within the Work. 59 | 60 | 2. Grant of Copyright License. Subject to the terms and conditions of this 61 | License, each Contributor hereby grants to You a perpetual, worldwide, 62 | non-exclusive, no-charge, royalty-free, irrevocable copyright license to 63 | reproduce, prepare Derivative Works of, publicly display, publicly perform, 64 | sublicense, and distribute the Work and such Derivative Works in Source or 65 | Object form. 66 | 67 | 3. Grant of Patent License. Subject to the terms and conditions of this License, 68 | each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, 69 | no-charge, royalty-free, irrevocable (except as stated in this section) patent 70 | license to make, have made, use, offer to sell, sell, import, and otherwise 71 | transfer the Work, where such license applies only to those patent claims 72 | licensable by such Contributor that are necessarily infringed by their 73 | Contribution(s) alone or by combination of their Contribution(s) with the Work 74 | to which such Contribution(s) was submitted. If You institute patent litigation 75 | against any entity (including a cross-claim or counterclaim in a lawsuit) 76 | alleging that the Work or a Contribution incorporated within the Work 77 | constitutes direct or contributory patent infringement, then any patent licenses 78 | granted to You under this License for that Work shall terminate as of the date 79 | such litigation is filed. 80 | 81 | 4. Redistribution. You may reproduce and distribute copies of the Work or 82 | Derivative Works thereof in any medium, with or without modifications, and in 83 | Source or Object form, provided that You meet the following conditions: 84 | 85 | You must give any other recipients of the Work or Derivative Works a copy of 86 | this License; and 87 | You must cause any modified files to carry prominent notices stating that 88 | You changed the files; and 89 | You must retain, in the Source form of any Derivative Works that You 90 | distribute, all copyright, patent, trademark, and attribution notices 91 | from the Source form of the Work, excluding those notices that do not 92 | pertain to any part of the Derivative Works; and 93 | If the Work includes a “NOTICE” text file as part of its distribution, then 94 | any Derivative Works that You distribute must include a readable copy of 95 | the attribution notices contained within such NOTICE file, excluding those 96 | notices that do not pertain to any part of the Derivative Works, in at 97 | least one of the following places: within a NOTICE text file distributed 98 | as part of the Derivative Works; within the Source form or documentation, 99 | if provided along with the Derivative Works; or, within a display 100 | generated by the Derivative Works, if and wherever such third-party 101 | notices normally appear. The contents of the NOTICE file are for 102 | informational purposes only and do not modify the License. You may add 103 | Your own attribution notices within Derivative Works that You distribute, 104 | alongside or as an addendum to the NOTICE text from the Work, provided 105 | that such additional attribution notices cannot be construed as modifying 106 | the License. 107 | 108 | You may add Your own copyright statement to Your modifications and may provide 109 | additional or different license terms and conditions for use, reproduction, or 110 | distribution of Your modifications, or for any such Derivative Works as a whole, 111 | provided Your use, reproduction, and distribution of the Work otherwise complies 112 | with the conditions stated in this License. 113 | 114 | 5. Submission of Contributions. Unless You explicitly state otherwise, any 115 | Contribution intentionally submitted for inclusion in the Work by You to the 116 | Licensor shall be under the terms and conditions of this License, without any 117 | additional terms or conditions. Notwithstanding the above, nothing herein shall 118 | supersede or modify the terms of any separate license agreement you may have 119 | executed with Licensor regarding such Contributions. 120 | 121 | 6. Trademarks. This License does not grant permission to use the trade names, 122 | trademarks, service marks, or product names of the Licensor, except as required 123 | for reasonable and customary use in describing the origin of the Work and 124 | reproducing the content of the NOTICE file. 125 | 126 | 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in 127 | writing, Licensor provides the Work (and each Contributor provides its 128 | Contributions) on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 129 | KIND, either express or implied, including, without limitation, any warranties 130 | or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 131 | PARTICULAR PURPOSE. You are solely responsible for determining the 132 | appropriateness of using or redistributing the Work and assume any risks 133 | associated with Your exercise of permissions under this License. 134 | 135 | 8. Limitation of Liability. In no event and under no legal theory, whether in 136 | tort (including negligence), contract, or otherwise, unless required by 137 | applicable law (such as deliberate and grossly negligent acts) or agreed to in 138 | writing, shall any Contributor be liable to You for damages, including any 139 | direct, indirect, special, incidental, or consequential damages of any character 140 | arising as a result of this License or out of the use or inability to use the 141 | Work (including but not limited to damages for loss of goodwill, work stoppage, 142 | computer failure or malfunction, or any and all other commercial damages or 143 | losses), even if such Contributor has been advised of the possibility of such 144 | damages. 145 | 146 | 9. Accepting Warranty or Additional Liability. While redistributing the Work or 147 | Derivative Works thereof, You may choose to offer, and charge a fee for, 148 | acceptance of support, warranty, indemnity, or other liability obligations 149 | and/or rights consistent with this License. However, in accepting such 150 | obligations, You may act only on Your own behalf and on Your sole 151 | responsibility, not on behalf of any other Contributor, and only if You agree to 152 | indemnify, defend, and hold each Contributor harmless for any liability incurred 153 | by, or claims asserted against, such Contributor by reason of your accepting any 154 | such warranty or additional liability. 155 | 156 | END OF TERMS AND CONDITIONS 157 | 158 | Note: Other license terms may apply to certain, identified software files 159 | contained within or distributed with the accompanying software if such terms 160 | are included in the directory containing the accompanying software. Such other 161 | license terms will then apply in lieu of the terms of the software license 162 | above. 163 | -------------------------------------------------------------------------------- /functions/source/DeleteBucketContents/LICENCE.txt: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | 4 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 5 | 6 | 1. Definitions. 7 | 8 | “License” shall mean the terms and conditions for use, reproduction, and 9 | distribution as defined by Sections 1 through 9 of this document. 10 | 11 | “Licensor” shall mean the copyright owner or entity authorized by the copyright 12 | owner that is granting the License. 13 | 14 | “Legal Entity” shall mean the union of the acting entity and all other entities 15 | that control, are controlled by, or are under common control with that entity. 16 | For the purposes of this definition, “control” means (i) the power, direct or 17 | indirect, to cause the direction or management of such entity, whether by 18 | contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the 19 | outstanding shares, or (iii) beneficial ownership of such entity. 20 | 21 | “You” (or “Your”) shall mean an individual or Legal Entity exercising 22 | permissions granted by this License. 23 | 24 | “Source” form shall mean the preferred form for making modifications, including 25 | but not limited to software source code, documentation source, and configuration 26 | files. 27 | 28 | “Object” form shall mean any form resulting from mechanical transformation or 29 | translation of a Source form, including but not limited to compiled object code, 30 | generated documentation, and conversions to other media types. 31 | 32 | “Work” shall mean the work of authorship, whether in Source or Object form, made 33 | available under the License, as indicated by a copyright notice that is included 34 | in or attached to the work (an example is provided in the Appendix below). 35 | 36 | “Derivative Works” shall mean any work, whether in Source or Object form, that 37 | is based on (or derived from) the Work and for which the editorial revisions, 38 | annotations, elaborations, or other modifications represent, as a whole, an 39 | original work of authorship. For the purposes of this License, Derivative Works 40 | shall not include works that remain separable from, or merely link (or bind by 41 | name) to the interfaces of, the Work and Derivative Works thereof. 42 | 43 | “Contribution” shall mean any work of authorship, including the original version 44 | of the Work and any modifications or additions to that Work or Derivative Works 45 | thereof, that is intentionally submitted to Licensor for inclusion in the Work 46 | by the copyright owner or by an individual or Legal Entity authorized to submit 47 | on behalf of the copyright owner. For the purposes of this definition, 48 | “submitted” means any form of electronic, verbal, or written communication sent 49 | to the Licensor or its representatives, including but not limited to 50 | communication on electronic mailing lists, source code control systems, and 51 | issue tracking systems that are managed by, or on behalf of, the Licensor for 52 | the purpose of discussing and improving the Work, but excluding communication 53 | that is conspicuously marked or otherwise designated in writing by the copyright 54 | owner as “Not a Contribution.” 55 | 56 | “Contributor” shall mean Licensor and any individual or Legal Entity on behalf 57 | of whom a Contribution has been received by Licensor and subsequently 58 | incorporated within the Work. 59 | 60 | 2. Grant of Copyright License. Subject to the terms and conditions of this 61 | License, each Contributor hereby grants to You a perpetual, worldwide, 62 | non-exclusive, no-charge, royalty-free, irrevocable copyright license to 63 | reproduce, prepare Derivative Works of, publicly display, publicly perform, 64 | sublicense, and distribute the Work and such Derivative Works in Source or 65 | Object form. 66 | 67 | 3. Grant of Patent License. Subject to the terms and conditions of this License, 68 | each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, 69 | no-charge, royalty-free, irrevocable (except as stated in this section) patent 70 | license to make, have made, use, offer to sell, sell, import, and otherwise 71 | transfer the Work, where such license applies only to those patent claims 72 | licensable by such Contributor that are necessarily infringed by their 73 | Contribution(s) alone or by combination of their Contribution(s) with the Work 74 | to which such Contribution(s) was submitted. If You institute patent litigation 75 | against any entity (including a cross-claim or counterclaim in a lawsuit) 76 | alleging that the Work or a Contribution incorporated within the Work 77 | constitutes direct or contributory patent infringement, then any patent licenses 78 | granted to You under this License for that Work shall terminate as of the date 79 | such litigation is filed. 80 | 81 | 4. Redistribution. You may reproduce and distribute copies of the Work or 82 | Derivative Works thereof in any medium, with or without modifications, and in 83 | Source or Object form, provided that You meet the following conditions: 84 | 85 | You must give any other recipients of the Work or Derivative Works a copy of 86 | this License; and 87 | You must cause any modified files to carry prominent notices stating that 88 | You changed the files; and 89 | You must retain, in the Source form of any Derivative Works that You 90 | distribute, all copyright, patent, trademark, and attribution notices 91 | from the Source form of the Work, excluding those notices that do not 92 | pertain to any part of the Derivative Works; and 93 | If the Work includes a “NOTICE” text file as part of its distribution, then 94 | any Derivative Works that You distribute must include a readable copy of 95 | the attribution notices contained within such NOTICE file, excluding those 96 | notices that do not pertain to any part of the Derivative Works, in at 97 | least one of the following places: within a NOTICE text file distributed 98 | as part of the Derivative Works; within the Source form or documentation, 99 | if provided along with the Derivative Works; or, within a display 100 | generated by the Derivative Works, if and wherever such third-party 101 | notices normally appear. The contents of the NOTICE file are for 102 | informational purposes only and do not modify the License. You may add 103 | Your own attribution notices within Derivative Works that You distribute, 104 | alongside or as an addendum to the NOTICE text from the Work, provided 105 | that such additional attribution notices cannot be construed as modifying 106 | the License. 107 | 108 | You may add Your own copyright statement to Your modifications and may provide 109 | additional or different license terms and conditions for use, reproduction, or 110 | distribution of Your modifications, or for any such Derivative Works as a whole, 111 | provided Your use, reproduction, and distribution of the Work otherwise complies 112 | with the conditions stated in this License. 113 | 114 | 5. Submission of Contributions. Unless You explicitly state otherwise, any 115 | Contribution intentionally submitted for inclusion in the Work by You to the 116 | Licensor shall be under the terms and conditions of this License, without any 117 | additional terms or conditions. Notwithstanding the above, nothing herein shall 118 | supersede or modify the terms of any separate license agreement you may have 119 | executed with Licensor regarding such Contributions. 120 | 121 | 6. Trademarks. This License does not grant permission to use the trade names, 122 | trademarks, service marks, or product names of the Licensor, except as required 123 | for reasonable and customary use in describing the origin of the Work and 124 | reproducing the content of the NOTICE file. 125 | 126 | 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in 127 | writing, Licensor provides the Work (and each Contributor provides its 128 | Contributions) on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 129 | KIND, either express or implied, including, without limitation, any warranties 130 | or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 131 | PARTICULAR PURPOSE. You are solely responsible for determining the 132 | appropriateness of using or redistributing the Work and assume any risks 133 | associated with Your exercise of permissions under this License. 134 | 135 | 8. Limitation of Liability. In no event and under no legal theory, whether in 136 | tort (including negligence), contract, or otherwise, unless required by 137 | applicable law (such as deliberate and grossly negligent acts) or agreed to in 138 | writing, shall any Contributor be liable to You for damages, including any 139 | direct, indirect, special, incidental, or consequential damages of any character 140 | arising as a result of this License or out of the use or inability to use the 141 | Work (including but not limited to damages for loss of goodwill, work stoppage, 142 | computer failure or malfunction, or any and all other commercial damages or 143 | losses), even if such Contributor has been advised of the possibility of such 144 | damages. 145 | 146 | 9. Accepting Warranty or Additional Liability. While redistributing the Work or 147 | Derivative Works thereof, You may choose to offer, and charge a fee for, 148 | acceptance of support, warranty, indemnity, or other liability obligations 149 | and/or rights consistent with this License. However, in accepting such 150 | obligations, You may act only on Your own behalf and on Your sole 151 | responsibility, not on behalf of any other Contributor, and only if You agree to 152 | indemnify, defend, and hold each Contributor harmless for any liability incurred 153 | by, or claims asserted against, such Contributor by reason of your accepting any 154 | such warranty or additional liability. 155 | 156 | END OF TERMS AND CONDITIONS 157 | 158 | Note: Other license terms may apply to certain, identified software files 159 | contained within or distributed with the accompanying software if such terms 160 | are included in the directory containing the accompanying software. Such other 161 | license terms will then apply in lieu of the terms of the software license 162 | above. 163 | -------------------------------------------------------------------------------- /functions/source/GitPullS3/lambda_function.py: -------------------------------------------------------------------------------- 1 | # Copyright 2020 Amazon Web Services, Inc. or its affiliates. All Rights Reserved. 2 | # This file is licensed to you under the AWS Customer Agreement (the "License"). 3 | # You may not use this file except in compliance with the License. 4 | # A copy of the License is located at http://aws.amazon.com/agreement/ . 5 | # This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, express or implied. 6 | # See the License for the specific language governing permissions and limitations under the License. 7 | 8 | from boto3 import client 9 | import os 10 | import time 11 | import stat 12 | import shutil 13 | from ipaddress import ip_network, ip_address 14 | import logging 15 | import hmac 16 | import hashlib 17 | import distutils.util 18 | 19 | # If true the function will not include .git folder in the zip 20 | exclude_git = bool(distutils.util.strtobool(os.environ['ExcludeGit'])) 21 | 22 | # If true the function will delete all files at the end of each invocation, useful if you run into storage space 23 | # constraints, but will slow down invocations as each invoke will need to checkout the entire repo 24 | cleanup = False 25 | 26 | key = 'enc_key' 27 | 28 | logger = logging.getLogger() 29 | logger.setLevel(logging.INFO) 30 | logger.handlers[0].setFormatter(logging.Formatter('[%(asctime)s][%(levelname)s] %(message)s')) 31 | logging.getLogger('boto3').setLevel(logging.ERROR) 32 | logging.getLogger('botocore').setLevel(logging.ERROR) 33 | 34 | s3 = client('s3') 35 | kms = client('kms') 36 | 37 | 38 | def lambda_handler(event, context): 39 | print(event) 40 | keybucket = event['context']['key-bucket'] 41 | outputbucket = event['context']['output-bucket'] 42 | pubkey = event['context']['public-key'] 43 | # Source IP ranges to allow requests from, if the IP is in one of these the request will not be checked for an api key 44 | ipranges = [] 45 | if event['context']['allowed-ips']: 46 | for i in event['context']['allowed-ips'].split(','): 47 | ipranges.append(ip_network(u'%s' % i)) 48 | # APIKeys, it is recommended to use a different API key for each repo that uses this function 49 | apikeys = event['context']['api-secrets'].split(',') 50 | ip = ip_address(event['context']['source-ip']) 51 | secure = False 52 | if ipranges: 53 | for net in ipranges: 54 | if ip in net: 55 | secure = True 56 | if 'X-Git-Token' in event['params']['header'].keys(): 57 | print (event['params']['header']['X-Git-Token']) 58 | if event['params']['header']['X-Git-Token'] in apikeys: 59 | secure = True 60 | if 'X-Gitlab-Token' in event['params']['header'].keys(): 61 | if event['params']['header']['X-Gitlab-Token'] in apikeys: 62 | secure = True 63 | if 'X-Hub-Signature' in event['params']['header'].keys(): 64 | for k in apikeys: 65 | if 'use-sha256' in event['context']: 66 | k1 = hmac.new(str(k).encode('utf-8'), str(event['context']['raw-body']).encode('utf-8'), hashlib.sha256).hexdigest() 67 | k2 = str(event['params']['header']['X-Hub-Signature'].replace('sha256=', '')) 68 | else: 69 | k1 = hmac.new(str(k).encode('utf-8'), str(event['context']['raw-body']).encode('utf-8'), hashlib.sha1).hexdigest() 70 | k2 = str(event['params']['header']['X-Hub-Signature'].replace('sha1=', '')) 71 | if k1 == k2: 72 | secure = True 73 | # TODO: Add the ability to clone TFS repo using SSH keys 74 | try: 75 | # GitHub 76 | full_name = event['body-json']['repository']['full_name'] 77 | except KeyError: 78 | try: 79 | # BitBucket #14 80 | full_name = event['body-json']['repository']['fullName'] 81 | except KeyError: 82 | try: 83 | # GitLab 84 | full_name = event['body-json']['repository']['path_with_namespace'] 85 | except KeyError: 86 | try: 87 | # GitLab 8.5+ 88 | full_name = event['body-json']['project']['path_with_namespace'] 89 | except KeyError: 90 | try: 91 | # BitBucket server 92 | full_name = event['body-json']['repository']['name'] 93 | except KeyError: 94 | # BitBucket pull-request 95 | full_name = event['body-json']['pullRequest']['fromRef']['repository']['name'] 96 | if not secure: 97 | logger.error('Source IP %s is not allowed' % event['context']['source-ip']) 98 | raise Exception('Source IP %s is not allowed' % event['context']['source-ip']) 99 | 100 | # GitHub publish event 101 | if('action' in event['body-json'] and event['body-json']['action'] == 'published'): 102 | branch_name = 'tags/%s' % event['body-json']['release']['tag_name'] 103 | repo_name = full_name + '/release' 104 | else: 105 | repo_name = full_name 106 | try: 107 | # branch names should contain [name] only, tag names - "tags/[name]" 108 | branch_name = event['body-json']['ref'].replace('refs/heads/', '').replace('refs/tags/', 'tags/') 109 | except KeyError: 110 | try: 111 | # Bibucket server 112 | branch_name = event['body-json']['push']['changes'][0]['new']['name'] 113 | except: 114 | # Bitbucket Server v6.6.1 115 | try: 116 | branch_name = event['body-json']['changes'][0]['ref']['displayId'] 117 | except: 118 | branch_name = 'master' 119 | try: 120 | # GitLab 121 | remote_url = event['body-json']['project']['git_ssh_url'] 122 | except Exception: 123 | try: 124 | remote_url = 'git@'+event['body-json']['repository']['links']['html']['href'].replace('https://', '').replace('/', ':', 1)+'.git' 125 | except: 126 | try: 127 | # GitHub 128 | remote_url = event['body-json']['repository']['ssh_url'] 129 | except: 130 | # Bitbucket 131 | try: 132 | for i, url in enumerate(event['body-json']['repository']['links']['clone']): 133 | if url['name'] == 'ssh': 134 | ssh_index = i 135 | remote_url = event['body-json']['repository']['links']['clone'][ssh_index]['href'] 136 | except: 137 | # BitBucket pull-request 138 | for i, url in enumerate(event['body-json']['pullRequest']['fromRef']['repository']['links']['clone']): 139 | if url['name'] == 'ssh': 140 | ssh_index = i 141 | 142 | remote_url = event['body-json']['pullRequest']['fromRef']['repository']['links']['clone'][ssh_index]['href'] 143 | try: 144 | codebuild_client = client(service_name='codebuild') 145 | new_build = codebuild_client.start_build(projectName=os.getenv('GitPullCodeBuild'), 146 | environmentVariablesOverride=[ 147 | { 148 | 'name': 'GitUrl', 149 | 'value': remote_url, 150 | 'type': 'PLAINTEXT' 151 | }, 152 | { 153 | 'name': 'Branch', 154 | 'value': branch_name, 155 | 'type': 'PLAINTEXT' 156 | }, 157 | { 158 | 'name': 'KeyBucket', 159 | 'value': keybucket, 160 | 'type': 'PLAINTEXT' 161 | }, 162 | { 163 | 'name': 'KeyObject', 164 | 'value': key, 165 | 'type': 'PLAINTEXT' 166 | }, 167 | 168 | { 169 | 'name': 'outputbucket', 170 | 'value': outputbucket, 171 | 'type': 'PLAINTEXT' 172 | }, 173 | { 174 | 'name': 'outputbucketkey', 175 | 'value': '%s' % (repo_name.replace('/', '_')) + '.zip', 176 | 'type': 'PLAINTEXT' 177 | }, 178 | { 179 | 'name': 'outputbucketpath', 180 | 'value': '%s/%s/' % (repo_name, branch_name), 181 | 'type': 'PLAINTEXT' 182 | }, 183 | { 184 | 'name': 'exclude_git', 185 | 'value': '%s' % (exclude_git), 186 | 'type': 'PLAINTEXT' 187 | } 188 | 189 | ]) 190 | buildId = new_build['build']['id'] 191 | logger.info('CodeBuild Build Id is %s' % (buildId)) 192 | buildStatus = 'NOT_KNOWN' 193 | counter = 0 194 | while (counter < 60 and buildStatus != 'SUCCEEDED'): # capped this, so it just fails if it takes too long 195 | logger.info("Waiting for Codebuild to complete") 196 | time.sleep(5) 197 | logger.info(counter) 198 | counter = counter + 1 199 | theBuild = codebuild_client.batch_get_builds(ids=[buildId]) 200 | print(theBuild) 201 | buildStatus = theBuild['builds'][0]['buildStatus'] 202 | logger.info('CodeBuild Build Status is %s' % (buildStatus)) 203 | if buildStatus == 'SUCCEEDED': 204 | EnvVariables = theBuild['builds'][0]['exportedEnvironmentVariables'] 205 | commit_id = [env for env in EnvVariables if env['name'] == 'GIT_COMMIT_ID'][0]['value'] 206 | commit_message = [env for env in EnvVariables if env['name'] == 'GIT_COMMIT_MSG'][0]['value'] 207 | current_revision = { 208 | 'revision': "Git Commit Id:" + commit_id, 209 | 'changeIdentifier': 'GitLab', 210 | 'revisionSummary': "Git Commit Message:" + commit_message 211 | } 212 | outputVariables = { 213 | 'commit_id': "Git Commit Id:" + commit_id, 214 | 'commit_message': "Git Commit Message:" + commit_message 215 | } 216 | break 217 | elif buildStatus == 'FAILED' or buildStatus == 'FAULT' or buildStatus == 'STOPPED' or buildStatus == 'TIMED_OUT': 218 | break 219 | except Exception as e: 220 | logger.info("Error in Function: %s" % (e)) 221 | -------------------------------------------------------------------------------- /LICENSE.txt: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "{}" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright {yyyy} {name of copyright owner} 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | 203 | -------------------------------------------------------------------------------- /templates/git2s3.template.yaml: -------------------------------------------------------------------------------- 1 | AWSTemplateFormatVersion: '2010-09-09' 2 | Description: Git webhooks to clone and store a Git repository in S3. Used to integrate Git services 3 | with AWS services like AWS CodePipeline, AWS CodeBuild, and AWS CodeDeploy. (qs-1nfhrd9bh) 4 | Metadata: 5 | QuickStartDocumentation: 6 | EntrypointName: Parameters for deploying into your selected Region 7 | AWS::CloudFormation::Interface: 8 | ParameterGroups: 9 | - Label: 10 | default: General settings 11 | Parameters: 12 | - OutputBucketName 13 | - CustomDomainName 14 | - Label: 15 | default: Git pull settings 16 | Parameters: 17 | - ApiSecret 18 | - AllowedIps 19 | - ExcludeGit 20 | - Label: 21 | default: AWS Quick Start configuration 22 | Parameters: 23 | - QSS3BucketName 24 | - QSS3BucketRegion 25 | - QSS3KeyPrefix 26 | - Label: 27 | default: VPC configuration 28 | Parameters: 29 | - VPCId 30 | - VPCCidrRange 31 | - SubnetIds 32 | - ScmHostnameOverride 33 | ParameterLabels: 34 | AllowedIps: 35 | default: Allowed IP addresses 36 | ApiSecret: 37 | default: API secret 38 | CustomDomainName: 39 | default: Custom domain name 40 | OutputBucketName: 41 | default: Output S3 bucket name 42 | QSS3BucketName: 43 | default: Quick Start S3 bucket name 44 | QSS3BucketRegion: 45 | default: Quick Start S3 bucket Region 46 | QSS3KeyPrefix: 47 | default: Quick Start S3 key prefix 48 | VPCId: 49 | default: VPC ID 50 | VPCCidrRange: 51 | default: VPC CIDR 52 | SubnetIds: 53 | default: Subnet IDs 54 | ScmHostnameOverride: 55 | default: Hostname override 56 | ExcludeGit: 57 | default: Exclude .git directory 58 | Parameters: 59 | AllowedIps: 60 | Description: Comma-separated list of allowed IP CIDR blocks. The default addresses listed are BitBucket Cloud IP ranges. 61 | Type: String 62 | Default: 18.205.93.0/25,18.234.32.128/25,13.52.5.0/25 63 | ApiSecret: 64 | Description: API secret used to authenticate access to webhooks in GitHub Enterprise, GitLab, and other Git services. If a webhook payload header contains a matching secret, IP address authentication is bypassed. API secrets cannot contain commas (,), backward slashes (\), or quotes ("). 65 | Type: String 66 | Default: '' 67 | NoEcho: 'true' 68 | CustomDomainName: 69 | Description: Domain name for the webhook endpoint. If left blank, API Gateway creates a domain name for you. 70 | Type: String 71 | Default: '' 72 | OutputBucketName: 73 | Description: (Optional) Name for the S3 bucket where the Git repository .zip file is stored. If left blank, the Quick Start creates one for you. 74 | Type: String 75 | Default: '' 76 | QSS3BucketName: 77 | AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$ 78 | ConstraintDescription: Quick Start S3 bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen 79 | (-). 80 | Default: aws-quickstart 81 | Description: S3 bucket name for Quick Start assets. It can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). 82 | Type: String 83 | QSS3BucketRegion: 84 | Default: 'us-east-1' 85 | Description: AWS Region where the Quick Start assets S3 bucket (QSS3BucketName) is hosted. Required when using your own S3 bucket. 86 | Type: String 87 | QSS3KeyPrefix: 88 | AllowedPattern: ^[0-9a-zA-Z-/]*$ 89 | ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slashes (/). 90 | Default: quickstart-git2s3/ 91 | Description: Key prefix for the Quick Start assets S3 bucket. A key prefix is similar to a directory name that enables you to store similar data under the same directory in an S3 bucket. It can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slashes (/). 92 | Type: String 93 | VPCId: 94 | Description: ID of the VPC in which the Lambda function runs. 95 | Type: String 96 | Default: '' 97 | VPCCidrRange: 98 | Description: CIDR range of the VPC. 99 | Type: String 100 | Default: '' 101 | SubnetIds: 102 | Description: SubnetIDs in which the Lambda function runs. 103 | Type: CommaDelimitedList 104 | Default: '' 105 | ScmHostnameOverride: 106 | Description: Name to override the hostname in the header of a webhook JSON payload. 107 | Type: String 108 | Default: '' 109 | ExcludeGit: 110 | Description: Choose False to omit the .git directory from the Git repository .zip file. 111 | Type: String 112 | Default: 'True' 113 | AllowedValues: ['True', 'False'] 114 | 115 | Conditions: 116 | UseAllowedIps: !Not 117 | - !Equals 118 | - !Ref 'AllowedIps' 119 | - '' 120 | UseApiSecret: !Not 121 | - !Equals 122 | - !Ref 'ApiSecret' 123 | - '' 124 | UseCustomDomain: !Not 125 | - !Equals 126 | - !Ref 'CustomDomainName' 127 | - '' 128 | AutoGenOutputBucketName: !Not 129 | - !Equals 130 | - !Ref 'OutputBucketName' 131 | - '' 132 | ShouldRunInVPC: !Not 133 | - !Equals 134 | - !Ref 'VPCId' 135 | - '' 136 | UsingDefaultBucket: !Equals [!Ref QSS3BucketName, 'aws-quickstart'] 137 | 138 | Resources: 139 | LambdaZipsBucket: 140 | Type: AWS::S3::Bucket 141 | Properties: 142 | Tags: [] 143 | BucketEncryption: 144 | ServerSideEncryptionConfiguration: 145 | - ServerSideEncryptionByDefault: 146 | SSEAlgorithm: AES256 147 | PublicAccessBlockConfiguration: 148 | BlockPublicAcls: true 149 | BlockPublicPolicy: true 150 | IgnorePublicAcls: true 151 | RestrictPublicBuckets: true 152 | VersioningConfiguration: 153 | Status: Enabled 154 | 155 | CopyZips: 156 | Type: AWS::CloudFormation::CustomResource 157 | Properties: 158 | ServiceToken: !GetAtt 'CopyZipsFunction.Arn' 159 | DestBucket: !Ref 'LambdaZipsBucket' 160 | SourceBucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] 161 | Prefix: !Ref 'QSS3KeyPrefix' 162 | Objects: 163 | - functions/packages/CreateSSHKey/lambda.zip 164 | - functions/packages/DeleteBucketContents/lambda.zip 165 | - functions/packages/GitPullS3/lambda.zip 166 | 167 | CopyZipsRole: 168 | Type: AWS::IAM::Role 169 | Properties: 170 | AssumeRolePolicyDocument: 171 | Version: '2012-10-17' 172 | Statement: 173 | - Effect: Allow 174 | Principal: 175 | Service: lambda.amazonaws.com 176 | Action: sts:AssumeRole 177 | ManagedPolicyArns: 178 | - Sub 'arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole 179 | Path: / 180 | Policies: 181 | - PolicyName: lambda-copier 182 | PolicyDocument: 183 | Version: '2012-10-17' 184 | Statement: 185 | - Effect: Allow 186 | Action: 187 | - s3:GetObject 188 | Resource: !Sub 189 | - arn:${AWS::Partition}:s3:::${S3Bucket}/${QSS3KeyPrefix}* 190 | - S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] 191 | - Effect: Allow 192 | Action: 193 | - s3:PutObject 194 | - s3:DeleteObject 195 | Resource: 196 | - !Sub 'arn:${AWS::Partition}:s3:::${LambdaZipsBucket}/${QSS3KeyPrefix}*' 197 | - Effect: Allow 198 | Action: 199 | - s3:* 200 | Resource: 201 | - '*' 202 | 203 | CopyZipsFunction: 204 | Type: AWS::Lambda::Function 205 | Properties: 206 | Description: Copies objects from a source S3 bucket to a destination. 207 | Handler: index.handler 208 | Runtime: python3.7 209 | Role: !GetAtt 'CopyZipsRole.Arn' 210 | Timeout: 240 211 | Code: 212 | ZipFile: !Join 213 | - "\n" 214 | - - import json 215 | - import logging 216 | - import threading 217 | - import boto3 218 | - import cfnresponse 219 | - '' 220 | - '' 221 | - 'def copy_objects(source_bucket, dest_bucket, prefix, objects):' 222 | - ' s3 = boto3.client(''s3'')' 223 | - ' for o in objects:' 224 | - ' key = prefix + o' 225 | - ' copy_source = {' 226 | - ' ''Bucket'': source_bucket,' 227 | - ' ''Key'': key' 228 | - ' }' 229 | - ' s3.copy_object(CopySource=copy_source, Bucket=dest_bucket, 230 | Key=key)' 231 | - '' 232 | - '' 233 | - 'def delete_objects(bucket, prefix, objects):' 234 | - ' s3 = boto3.client(''s3'')' 235 | - ' objects = {''Objects'': [{''Key'': prefix + o} for o in objects]}' 236 | - ' s3.delete_objects(Bucket=bucket, Delete=objects)' 237 | - '' 238 | - '' 239 | - 'def timeout(event, context):' 240 | - ' logging.error(''Execution is about to time out, sending failure 241 | response to CloudFormation'')' 242 | - ' cfnresponse.send(event, context, cfnresponse.FAILED, {}, None)' 243 | - '' 244 | - '' 245 | - 'def handler(event, context):' 246 | - ' # make sure we send a failure to CloudFormation if the function 247 | is going to timeout' 248 | - ' timer = threading.Timer((context.get_remaining_time_in_millis() 249 | / 1000.00) - 0.5, timeout, args=[event, context])' 250 | - ' timer.start()' 251 | - '' 252 | - ' print(''Received event: %s'' % json.dumps(event))' 253 | - ' status = cfnresponse.SUCCESS' 254 | - ' try:' 255 | - ' source_bucket = event[''ResourceProperties''][''SourceBucket'']' 256 | - ' dest_bucket = event[''ResourceProperties''][''DestBucket'']' 257 | - ' prefix = event[''ResourceProperties''][''Prefix'']' 258 | - ' objects = event[''ResourceProperties''][''Objects'']' 259 | - ' if event[''RequestType''] == ''Delete'':' 260 | - ' delete_objects(dest_bucket, prefix, objects)' 261 | - ' else:' 262 | - ' copy_objects(source_bucket, dest_bucket, prefix, objects)' 263 | - ' except Exception as e:' 264 | - ' logging.error(''Exception: %s'' % e, exc_info=True)' 265 | - ' status = cfnresponse.FAILED' 266 | - ' finally:' 267 | - ' timer.cancel()' 268 | - ' cfnresponse.send(event, context, status, {}, None)' 269 | - '' 270 | 271 | KeyBucket: 272 | Type: AWS::S3::Bucket 273 | Properties: 274 | Tags: [] 275 | BucketEncryption: 276 | ServerSideEncryptionConfiguration: 277 | - ServerSideEncryptionByDefault: 278 | SSEAlgorithm: AES256 279 | PublicAccessBlockConfiguration: 280 | BlockPublicAcls: true 281 | BlockPublicPolicy: true 282 | IgnorePublicAcls: true 283 | RestrictPublicBuckets: true 284 | VersioningConfiguration: 285 | Status: Enabled 286 | 287 | OutputBucket: 288 | Type: AWS::S3::Bucket 289 | Properties: 290 | BucketName: !If 291 | - AutoGenOutputBucketName 292 | - !Ref 'OutputBucketName' 293 | - !Ref 'AWS::NoValue' 294 | BucketEncryption: 295 | ServerSideEncryptionConfiguration: 296 | - ServerSideEncryptionByDefault: 297 | SSEAlgorithm: AES256 298 | PublicAccessBlockConfiguration: 299 | BlockPublicAcls: true 300 | BlockPublicPolicy: true 301 | IgnorePublicAcls: true 302 | RestrictPublicBuckets: true 303 | VersioningConfiguration: 304 | Status: Enabled 305 | Tags: [] 306 | 307 | KMSKey: 308 | Type: AWS::KMS::Key 309 | Properties: 310 | Description: AWS KWS key to encrypt and decrypt SSH keys stored in S3. 311 | EnableKeyRotation: true 312 | KeyPolicy: 313 | Version: '2012-10-17' 314 | Statement: 315 | - Sid: Allow access for Key Administrators 316 | Effect: Allow 317 | Principal: 318 | AWS: 319 | - !Join 320 | - '' 321 | - - 'arn:aws:iam::' 322 | - !Ref 'AWS::AccountId' 323 | - :root 324 | Action: 325 | - kms:Create* 326 | - kms:Describe* 327 | - kms:Enable* 328 | - kms:List* 329 | - kms:Put* 330 | - kms:Update* 331 | - kms:Revoke* 332 | - kms:Disable* 333 | - kms:Get* 334 | - kms:Delete* 335 | - kms:ScheduleKeyDeletion 336 | - kms:CancelKeyDeletion 337 | Resource: '*' 338 | - Sid: Allow use of the key 339 | Effect: Allow 340 | Principal: 341 | AWS: 342 | - !Join 343 | - '' 344 | - - 'arn:aws:iam::' 345 | - !Ref 'AWS::AccountId' 346 | - :root 347 | Action: 348 | - kms:Encrypt 349 | - kms:Decrypt 350 | - kms:ReEncrypt* 351 | - kms:GenerateDataKey* 352 | - kms:DescribeKey 353 | Resource: '*' 354 | - Sid: Allow attachment of persistent resources 355 | Effect: Allow 356 | Principal: 357 | AWS: 358 | - !Join 359 | - '' 360 | - - 'arn:aws:iam::' 361 | - !Ref 'AWS::AccountId' 362 | - :root 363 | Action: 364 | - kms:CreateGrant 365 | - kms:ListGrants 366 | - kms:RevokeGrant 367 | Resource: '*' 368 | Condition: 369 | Bool: 370 | kms:GrantIsForAWSResource: true 371 | 372 | CreateSSHKeyRole: 373 | Type: AWS::IAM::Role 374 | Properties: 375 | AssumeRolePolicyDocument: 376 | Version: '2012-10-17' 377 | Statement: 378 | - Effect: Allow 379 | Principal: 380 | Service: lambda.amazonaws.com 381 | Action: sts:AssumeRole 382 | Path: / 383 | Policies: 384 | - PolicyName: git2cp-sshkeygen 385 | PolicyDocument: 386 | Version: '2012-10-17' 387 | Statement: 388 | - Effect: Allow 389 | Action: 390 | - s3:GetObject 391 | Resource: 392 | - !Join 393 | - '' 394 | - - 'arn:aws:s3:::' 395 | - !Ref 'KeyBucket' 396 | - /crypto.zip 397 | - Effect: Allow 398 | Action: 399 | - s3:PutObject 400 | Resource: 401 | - !Join 402 | - '' 403 | - - 'arn:aws:s3:::' 404 | - !Ref 'KeyBucket' 405 | - /enc_key 406 | - Effect: Allow 407 | Action: 408 | - kms:Encrypt 409 | Resource: 410 | - !GetAtt 'KMSKey.Arn' 411 | - Effect: Allow 412 | Action: 413 | - logs:CreateLogGroup 414 | - logs:CreateLogStream 415 | - logs:PutLogEvents 416 | Resource: 417 | - !Sub arn:${AWS::Partition}:logs:*:*:* 418 | 419 | CreateSSHKeyLambda: 420 | DependsOn: CopyZips 421 | Type: AWS::Lambda::Function 422 | Properties: 423 | Handler: lambda_function.lambda_handler 424 | MemorySize: 128 425 | Role: !GetAtt 'CreateSSHKeyRole.Arn' 426 | Runtime: python3.8 427 | Timeout: 300 428 | Code: 429 | S3Bucket: !Ref 'LambdaZipsBucket' 430 | S3Key: !Sub '${QSS3KeyPrefix}functions/packages/CreateSSHKey/lambda.zip' 431 | 432 | CreateSSHKey: 433 | Type: AWS::CloudFormation::CustomResource 434 | Version: '1.0' 435 | Properties: 436 | ServiceToken: !GetAtt 'CreateSSHKeyLambda.Arn' 437 | KeyBucket: !Ref 'KeyBucket' 438 | Region: !Ref 'AWS::Region' 439 | KMSKey: !Ref 'KMSKey' 440 | 441 | DeleteBucketContentsRole: 442 | Type: AWS::IAM::Role 443 | Properties: 444 | AssumeRolePolicyDocument: 445 | Version: '2012-10-17' 446 | Statement: 447 | - Effect: Allow 448 | Principal: 449 | Service: lambda.amazonaws.com 450 | Action: sts:AssumeRole 451 | Path: / 452 | Policies: 453 | - PolicyName: git2cp-deletebucketcontents 454 | PolicyDocument: 455 | Version: '2012-10-17' 456 | Statement: 457 | - Effect: Allow 458 | Action: 459 | - s3:* 460 | Resource: 461 | - !Join 462 | - '' 463 | - - 'arn:aws:s3:::' 464 | - !Ref 'KeyBucket' 465 | - /* 466 | - !Join 467 | - '' 468 | - - 'arn:aws:s3:::' 469 | - !Ref 'OutputBucket' 470 | - /* 471 | - !Join 472 | - '' 473 | - - 'arn:aws:s3:::' 474 | - !Ref 'KeyBucket' 475 | - !Join 476 | - '' 477 | - - 'arn:aws:s3:::' 478 | - !Ref 'OutputBucket' 479 | - Effect: Allow 480 | Action: 481 | - logs:CreateLogGroup 482 | - logs:CreateLogStream 483 | - logs:PutLogEvents 484 | Resource: 485 | - arn:aws:logs:*:*:* 486 | 487 | DeleteBucketContentsLambda: 488 | DependsOn: CopyZips 489 | Type: AWS::Lambda::Function 490 | Properties: 491 | Handler: lambda_function.lambda_handler 492 | MemorySize: 128 493 | Role: !GetAtt 'DeleteBucketContentsRole.Arn' 494 | Runtime: python3.8 495 | Timeout: 300 496 | Code: 497 | S3Bucket: !Ref 'LambdaZipsBucket' 498 | S3Key: !Sub '${QSS3KeyPrefix}functions/packages/DeleteBucketContents/lambda.zip' 499 | 500 | DeleteBucketContents: 501 | Type: AWS::CloudFormation::CustomResource 502 | Version: '1.0' 503 | DependsOn: 504 | - KeyBucket 505 | - OutputBucket 506 | Properties: 507 | ServiceToken: !GetAtt 'DeleteBucketContentsLambda.Arn' 508 | KeyBucket: !Ref 'KeyBucket' 509 | OutputBucket: !Ref 'OutputBucket' 510 | 511 | CodeBuildServiceRole: 512 | Type: "AWS::IAM::Role" 513 | Properties: 514 | AssumeRolePolicyDocument: 515 | Version: "2012-10-17" 516 | Statement: 517 | - Effect: "Allow" 518 | Principal: 519 | Service: "codebuild.amazonaws.com" 520 | Action: 521 | - "sts:AssumeRole" 522 | Path: "/" 523 | ManagedPolicyArns: 524 | - !Ref CodeBuildEndpointPolicy 525 | Tags: 526 | - 527 | Key: 'tagging-policy' 528 | Value: !Join ['-', ["test", "ok"]] 529 | 530 | CodeBuildBasePolicy: 531 | Type: 'AWS::IAM::ManagedPolicy' 532 | Properties: 533 | Description: Policy with base permissions for CodeBuild. 534 | Path: / 535 | Roles: 536 | - !Ref CodeBuildServiceRole 537 | PolicyDocument: 538 | Version: 2012-10-17 539 | Statement: 540 | - Effect: "Allow" 541 | Action: 542 | - "logs:CreateLogGroup" 543 | - "logs:PutLogEvents" 544 | - "logs:CreateLogStream" 545 | Resource: 546 | - !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/*" 547 | - Effect: "Allow" 548 | Action: 549 | - "s3:GetObject" 550 | - "s3:GetObjectVersion" 551 | - "s3:GetBucketAcl" 552 | - "s3:GetBucketLocation" 553 | Resource: 554 | - !GetAtt KeyBucket.Arn 555 | - !Sub "${KeyBucket.Arn}/*" 556 | - Effect: "Allow" 557 | Action: 558 | - "s3:PutObject" 559 | Resource: 560 | - !GetAtt OutputBucket.Arn 561 | - !Sub "${OutputBucket.Arn}/*" 562 | - Effect: "Allow" 563 | Action: 564 | - 'kms:Encrypt' 565 | - 'kms:Decrypt' 566 | - 'kms:ReEncrypt*' 567 | - 'kms:GenerateDataKey*' 568 | - 'kms:DescribeKey' 569 | Resource: 570 | - !GetAtt KMSKey.Arn 571 | 572 | CodeBuildEndpointPolicy: 573 | Type: 'AWS::IAM::ManagedPolicy' 574 | Properties: 575 | Description: Policy with permissions enabling CodeBuild to work with endpoints. 576 | Path: / 577 | PolicyDocument: 578 | Version: "2012-10-17" 579 | Statement: 580 | - Effect: Allow 581 | Action: 582 | - 'ec2:CreateNetworkInterface' 583 | - 'ec2:DescribeDhcpOptions' 584 | - 'ec2:DescribeNetworkInterfaces' 585 | - 'ec2:DeleteNetworkInterface' 586 | - 'ec2:DescribeSubnets' 587 | - 'ec2:DescribeSecurityGroups' 588 | - 'ec2:DescribeVpcs' 589 | Resource: '*' 590 | - Effect: Allow 591 | Action: 592 | - 'ec2:CreateNetworkInterfacePermission' 593 | Resource: !Sub 'arn:aws:ec2:${AWS::Region}:${AWS::AccountId}:network-interface/*' 594 | 595 | GitPullRole: 596 | Type: AWS::IAM::Role 597 | Properties: 598 | AssumeRolePolicyDocument: 599 | Version: '2012-10-17' 600 | Statement: 601 | - Effect: Allow 602 | Principal: 603 | Service: lambda.amazonaws.com 604 | Action: sts:AssumeRole 605 | Path: / 606 | Policies: 607 | - PolicyName: git2cp-gitpull 608 | PolicyDocument: 609 | Version: '2012-10-17' 610 | Statement: 611 | - Effect: Allow 612 | Action: 613 | - kms:Decrypt 614 | Resource: 615 | - !GetAtt 'KMSKey.Arn' 616 | - Effect: Allow 617 | Action: 618 | - s3:PutObject 619 | Resource: 620 | - !Join 621 | - '' 622 | - - 'arn:aws:s3:::' 623 | - !Ref 'OutputBucket' 624 | - !Join 625 | - '' 626 | - - 'arn:aws:s3:::' 627 | - !Ref 'OutputBucket' 628 | - /* 629 | - Effect: Allow 630 | Action: 631 | - s3:GetObject 632 | Resource: 633 | - !Join 634 | - '' 635 | - - 'arn:aws:s3:::' 636 | - !Ref 'KeyBucket' 637 | - /enc_key 638 | - Effect: Allow 639 | Action: 640 | - logs:CreateLogGroup 641 | - logs:CreateLogStream 642 | - logs:PutLogEvents 643 | Resource: 644 | - arn:aws:logs:*:*:* 645 | - Effect: Allow 646 | Action: 647 | - codebuild:StartBuild 648 | - codebuild:BatchGetBuilds 649 | Resource: 650 | - !GetAtt GitPullCodeBuild.Arn 651 | - Effect: Allow 652 | Action: 653 | - 'ec2:CreateNetworkInterface' 654 | - 'ec2:DescribeDhcpOptions' 655 | - 'ec2:DescribeNetworkInterfaces' 656 | - 'ec2:DeleteNetworkInterface' 657 | - 'ec2:DescribeSubnets' 658 | - 'ec2:DescribeSecurityGroups' 659 | - 'ec2:DescribeVpcs' 660 | Resource: 661 | - '*' 662 | - Effect: Allow 663 | Action: 664 | - 'ec2:CreateNetworkInterfacePermission' 665 | Resource: !Sub 'arn:aws:ec2:${AWS::Region}:${AWS::AccountId}:network-interface/*' 666 | GitPullCodeBuild: 667 | Type: AWS::CodeBuild::Project 668 | Properties: 669 | VpcConfig: !If 670 | - ShouldRunInVPC 671 | - SecurityGroupIds: 672 | - !Ref 'GitPullSecurityGroup' 673 | Subnets: !Ref 'SubnetIds' 674 | VpcId: !Ref VPCId 675 | - !Ref 'AWS::NoValue' 676 | Artifacts: 677 | Type: NO_ARTIFACTS 678 | Environment: 679 | Image: aws/codebuild/standard:2.0 680 | Type: LINUX_CONTAINER 681 | ComputeType: BUILD_GENERAL1_SMALL 682 | QueuedTimeoutInMinutes: 60 683 | ServiceRole: !GetAtt CodeBuildServiceRole.Arn 684 | Source: 685 | BuildSpec: | 686 | version: 0.2 687 | env: 688 | exported-variables: 689 | - GIT_COMMIT_ID 690 | - GIT_COMMIT_MSG 691 | phases: 692 | install: 693 | runtime-versions: 694 | python: 3.7 695 | # commands: 696 | # - pip3 install boto3 697 | build: 698 | commands: 699 | - echo "=======================Start-Deployment=============================" 700 | - echo "Getting the SSH Private Key" 701 | - | 702 | python3 - << "EOF" 703 | from boto3 import client 704 | import os 705 | s3 = client('s3') 706 | kms = client('kms') 707 | enckey = s3.get_object(Bucket=os.getenv('KeyBucket'), Key=os.getenv('KeyObject'))['Body'].read() 708 | privkey = kms.decrypt(CiphertextBlob=enckey)['Plaintext'] 709 | with open('enc_key.pem', 'w') as f: 710 | print(privkey.decode("utf-8"), file=f) 711 | EOF 712 | - mv ./enc_key.pem ~/.ssh/id_rsa 713 | - ls ~/.ssh/ 714 | - echo "Setting SSH config profile" 715 | - | 716 | cat > ~/.ssh/config < 328 | Copyright (C) 329 | 330 | This program is free software; you can redistribute it and/or modify 331 | it under the terms of the GNU General Public License as published by 332 | the Free Software Foundation; either version 2 of the License, or 333 | (at your option) any later version. 334 | 335 | This program is distributed in the hope that it will be useful, 336 | but WITHOUT ANY WARRANTY; without even the implied warranty of 337 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 338 | GNU General Public License for more details. 339 | 340 | You should have received a copy of the GNU General Public License along 341 | with this program; if not, write to the Free Software Foundation, Inc., 342 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 343 | 344 | Also add information on how to contact you by electronic and paper mail. 345 | 346 | If the program is interactive, make it output a short notice like this 347 | when it starts in an interactive mode: 348 | 349 | Gnomovision version 69, Copyright (C) year name of author 350 | Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. 351 | This is free software, and you are welcome to redistribute it 352 | under certain conditions; type `show c' for details. 353 | 354 | The hypothetical commands `show w' and `show c' should show the appropriate 355 | parts of the General Public License. Of course, the commands you use may 356 | be called something other than `show w' and `show c'; they could even be 357 | mouse-clicks or menu items--whatever suits your program. 358 | 359 | You should also get your employer (if you work as a programmer) or your 360 | school, if any, to sign a "copyright disclaimer" for the program, if 361 | necessary. Here is a sample; alter the names: 362 | 363 | Yoyodyne, Inc., hereby disclaims all copyright interest in the program 364 | `Gnomovision' (which makes passes at compilers) written by James Hacker. 365 | 366 | , 1 April 1989 367 | Ty Coon, President of Vice 368 | 369 | This General Public License does not permit incorporating your program into 370 | proprietary programs. If your program is a subroutine library, you may 371 | consider it more useful to permit linking proprietary applications with the 372 | library. If this is what you want to do, use the GNU Lesser General 373 | Public License instead of this License. 374 | ``` 375 | 376 | ## libgit2 377 | 378 | *[Project page](https://github.com/libgit2/libgit2/)* 379 | 380 | ``` 381 | libgit2 is Copyright (C) the libgit2 contributors, 382 | unless otherwise stated. See the AUTHORS file for details. 383 | 384 | Note that the only valid version of the GPL as far as this project 385 | is concerned is _this_ particular version of the license (ie v2, not 386 | v2.2 or v3.x or whatever), unless explicitly otherwise stated. 387 | 388 | ---------------------------------------------------------------------- 389 | 390 | LINKING EXCEPTION 391 | 392 | In addition to the permissions in the GNU General Public License, 393 | the authors give you unlimited permission to link the compiled 394 | version of this library into combinations with other programs, 395 | and to distribute those combinations without any restriction 396 | coming from the use of this file. (The General Public License 397 | restrictions do apply in other respects; for example, they cover 398 | modification of the file, and distribution when not linked into 399 | a combined executable.) 400 | 401 | ---------------------------------------------------------------------- 402 | 403 | GNU GENERAL PUBLIC LICENSE 404 | Version 2, June 1991 405 | 406 | Copyright (C) 1989, 1991 Free Software Foundation, Inc. 407 | 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 408 | Everyone is permitted to copy and distribute verbatim copies 409 | of this license document, but changing it is not allowed. 410 | 411 | Preamble 412 | 413 | The licenses for most software are designed to take away your 414 | freedom to share and change it. By contrast, the GNU General Public 415 | License is intended to guarantee your freedom to share and change free 416 | software--to make sure the software is free for all its users. This 417 | General Public License applies to most of the Free Software 418 | Foundation's software and to any other program whose authors commit to 419 | using it. (Some other Free Software Foundation software is covered by 420 | the GNU Library General Public License instead.) You can apply it to 421 | your programs, too. 422 | 423 | When we speak of free software, we are referring to freedom, not 424 | price. Our General Public Licenses are designed to make sure that you 425 | have the freedom to distribute copies of free software (and charge for 426 | this service if you wish), that you receive source code or can get it 427 | if you want it, that you can change the software or use pieces of it 428 | in new free programs; and that you know you can do these things. 429 | 430 | To protect your rights, we need to make restrictions that forbid 431 | anyone to deny you these rights or to ask you to surrender the rights. 432 | These restrictions translate to certain responsibilities for you if you 433 | distribute copies of the software, or if you modify it. 434 | 435 | For example, if you distribute copies of such a program, whether 436 | gratis or for a fee, you must give the recipients all the rights that 437 | you have. You must make sure that they, too, receive or can get the 438 | source code. And you must show them these terms so they know their 439 | rights. 440 | 441 | We protect your rights with two steps: (1) copyright the software, and 442 | (2) offer you this license which gives you legal permission to copy, 443 | distribute and/or modify the software. 444 | 445 | Also, for each author's protection and ours, we want to make certain 446 | that everyone understands that there is no warranty for this free 447 | software. If the software is modified by someone else and passed on, we 448 | want its recipients to know that what they have is not the original, so 449 | that any problems introduced by others will not reflect on the original 450 | authors' reputations. 451 | 452 | Finally, any free program is threatened constantly by software 453 | patents. We wish to avoid the danger that redistributors of a free 454 | program will individually obtain patent licenses, in effect making the 455 | program proprietary. To prevent this, we have made it clear that any 456 | patent must be licensed for everyone's free use or not licensed at all. 457 | 458 | The precise terms and conditions for copying, distribution and 459 | modification follow. 460 | 461 | GNU GENERAL PUBLIC LICENSE 462 | TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 463 | 464 | 0. This License applies to any program or other work which contains 465 | a notice placed by the copyright holder saying it may be distributed 466 | under the terms of this General Public License. The "Program", below, 467 | refers to any such program or work, and a "work based on the Program" 468 | means either the Program or any derivative work under copyright law: 469 | that is to say, a work containing the Program or a portion of it, 470 | either verbatim or with modifications and/or translated into another 471 | language. (Hereinafter, translation is included without limitation in 472 | the term "modification".) Each licensee is addressed as "you". 473 | 474 | Activities other than copying, distribution and modification are not 475 | covered by this License; they are outside its scope. The act of 476 | running the Program is not restricted, and the output from the Program 477 | is covered only if its contents constitute a work based on the 478 | Program (independent of having been made by running the Program). 479 | Whether that is true depends on what the Program does. 480 | 481 | 1. You may copy and distribute verbatim copies of the Program's 482 | source code as you receive it, in any medium, provided that you 483 | conspicuously and appropriately publish on each copy an appropriate 484 | copyright notice and disclaimer of warranty; keep intact all the 485 | notices that refer to this License and to the absence of any warranty; 486 | and give any other recipients of the Program a copy of this License 487 | along with the Program. 488 | 489 | You may charge a fee for the physical act of transferring a copy, and 490 | you may at your option offer warranty protection in exchange for a fee. 491 | 492 | 2. You may modify your copy or copies of the Program or any portion 493 | of it, thus forming a work based on the Program, and copy and 494 | distribute such modifications or work under the terms of Section 1 495 | above, provided that you also meet all of these conditions: 496 | 497 | a) You must cause the modified files to carry prominent notices 498 | stating that you changed the files and the date of any change. 499 | 500 | b) You must cause any work that you distribute or publish, that in 501 | whole or in part contains or is derived from the Program or any 502 | part thereof, to be licensed as a whole at no charge to all third 503 | parties under the terms of this License. 504 | 505 | c) If the modified program normally reads commands interactively 506 | when run, you must cause it, when started running for such 507 | interactive use in the most ordinary way, to print or display an 508 | announcement including an appropriate copyright notice and a 509 | notice that there is no warranty (or else, saying that you provide 510 | a warranty) and that users may redistribute the program under 511 | these conditions, and telling the user how to view a copy of this 512 | License. (Exception: if the Program itself is interactive but 513 | does not normally print such an announcement, your work based on 514 | the Program is not required to print an announcement.) 515 | 516 | These requirements apply to the modified work as a whole. If 517 | identifiable sections of that work are not derived from the Program, 518 | and can be reasonably considered independent and separate works in 519 | themselves, then this License, and its terms, do not apply to those 520 | sections when you distribute them as separate works. But when you 521 | distribute the same sections as part of a whole which is a work based 522 | on the Program, the distribution of the whole must be on the terms of 523 | this License, whose permissions for other licensees extend to the 524 | entire whole, and thus to each and every part regardless of who wrote it. 525 | 526 | Thus, it is not the intent of this section to claim rights or contest 527 | your rights to work written entirely by you; rather, the intent is to 528 | exercise the right to control the distribution of derivative or 529 | collective works based on the Program. 530 | 531 | In addition, mere aggregation of another work not based on the Program 532 | with the Program (or with a work based on the Program) on a volume of 533 | a storage or distribution medium does not bring the other work under 534 | the scope of this License. 535 | 536 | 3. You may copy and distribute the Program (or a work based on it, 537 | under Section 2) in object code or executable form under the terms of 538 | Sections 1 and 2 above provided that you also do one of the following: 539 | 540 | a) Accompany it with the complete corresponding machine-readable 541 | source code, which must be distributed under the terms of Sections 542 | 1 and 2 above on a medium customarily used for software interchange; or, 543 | 544 | b) Accompany it with a written offer, valid for at least three 545 | years, to give any third party, for a charge no more than your 546 | cost of physically performing source distribution, a complete 547 | machine-readable copy of the corresponding source code, to be 548 | distributed under the terms of Sections 1 and 2 above on a medium 549 | customarily used for software interchange; or, 550 | 551 | c) Accompany it with the information you received as to the offer 552 | to distribute corresponding source code. (This alternative is 553 | allowed only for noncommercial distribution and only if you 554 | received the program in object code or executable form with such 555 | an offer, in accord with Subsection b above.) 556 | 557 | The source code for a work means the preferred form of the work for 558 | making modifications to it. For an executable work, complete source 559 | code means all the source code for all modules it contains, plus any 560 | associated interface definition files, plus the scripts used to 561 | control compilation and installation of the executable. However, as a 562 | special exception, the source code distributed need not include 563 | anything that is normally distributed (in either source or binary 564 | form) with the major components (compiler, kernel, and so on) of the 565 | operating system on which the executable runs, unless that component 566 | itself accompanies the executable. 567 | 568 | If distribution of executable or object code is made by offering 569 | access to copy from a designated place, then offering equivalent 570 | access to copy the source code from the same place counts as 571 | distribution of the source code, even though third parties are not 572 | compelled to copy the source along with the object code. 573 | 574 | 4. You may not copy, modify, sublicense, or distribute the Program 575 | except as expressly provided under this License. Any attempt 576 | otherwise to copy, modify, sublicense or distribute the Program is 577 | void, and will automatically terminate your rights under this License. 578 | However, parties who have received copies, or rights, from you under 579 | this License will not have their licenses terminated so long as such 580 | parties remain in full compliance. 581 | 582 | 5. You are not required to accept this License, since you have not 583 | signed it. However, nothing else grants you permission to modify or 584 | distribute the Program or its derivative works. These actions are 585 | prohibited by law if you do not accept this License. Therefore, by 586 | modifying or distributing the Program (or any work based on the 587 | Program), you indicate your acceptance of this License to do so, and 588 | all its terms and conditions for copying, distributing or modifying 589 | the Program or works based on it. 590 | 591 | 6. Each time you redistribute the Program (or any work based on the 592 | Program), the recipient automatically receives a license from the 593 | original licensor to copy, distribute or modify the Program subject to 594 | these terms and conditions. You may not impose any further 595 | restrictions on the recipients' exercise of the rights granted herein. 596 | You are not responsible for enforcing compliance by third parties to 597 | this License. 598 | 599 | 7. If, as a consequence of a court judgment or allegation of patent 600 | infringement or for any other reason (not limited to patent issues), 601 | conditions are imposed on you (whether by court order, agreement or 602 | otherwise) that contradict the conditions of this License, they do not 603 | excuse you from the conditions of this License. If you cannot 604 | distribute so as to satisfy simultaneously your obligations under this 605 | License and any other pertinent obligations, then as a consequence you 606 | may not distribute the Program at all. For example, if a patent 607 | license would not permit royalty-free redistribution of the Program by 608 | all those who receive copies directly or indirectly through you, then 609 | the only way you could satisfy both it and this License would be to 610 | refrain entirely from distribution of the Program. 611 | 612 | If any portion of this section is held invalid or unenforceable under 613 | any particular circumstance, the balance of the section is intended to 614 | apply and the section as a whole is intended to apply in other 615 | circumstances. 616 | 617 | It is not the purpose of this section to induce you to infringe any 618 | patents or other property right claims or to contest validity of any 619 | such claims; this section has the sole purpose of protecting the 620 | integrity of the free software distribution system, which is 621 | implemented by public license practices. Many people have made 622 | generous contributions to the wide range of software distributed 623 | through that system in reliance on consistent application of that 624 | system; it is up to the author/donor to decide if he or she is willing 625 | to distribute software through any other system and a licensee cannot 626 | impose that choice. 627 | 628 | This section is intended to make thoroughly clear what is believed to 629 | be a consequence of the rest of this License. 630 | 631 | 8. If the distribution and/or use of the Program is restricted in 632 | certain countries either by patents or by copyrighted interfaces, the 633 | original copyright holder who places the Program under this License 634 | may add an explicit geographical distribution limitation excluding 635 | those countries, so that distribution is permitted only in or among 636 | countries not thus excluded. In such case, this License incorporates 637 | the limitation as if written in the body of this License. 638 | 639 | 9. The Free Software Foundation may publish revised and/or new versions 640 | of the General Public License from time to time. Such new versions will 641 | be similar in spirit to the present version, but may differ in detail to 642 | address new problems or concerns. 643 | 644 | Each version is given a distinguishing version number. If the Program 645 | specifies a version number of this License which applies to it and "any 646 | later version", you have the option of following the terms and conditions 647 | either of that version or of any later version published by the Free 648 | Software Foundation. If the Program does not specify a version number of 649 | this License, you may choose any version ever published by the Free Software 650 | Foundation. 651 | 652 | 10. If you wish to incorporate parts of the Program into other free 653 | programs whose distribution conditions are different, write to the author 654 | to ask for permission. For software which is copyrighted by the Free 655 | Software Foundation, write to the Free Software Foundation; we sometimes 656 | make exceptions for this. Our decision will be guided by the two goals 657 | of preserving the free status of all derivatives of our free software and 658 | of promoting the sharing and reuse of software generally. 659 | 660 | NO WARRANTY 661 | 662 | 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY 663 | FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN 664 | OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES 665 | PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED 666 | OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 667 | MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS 668 | TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE 669 | PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, 670 | REPAIR OR CORRECTION. 671 | 672 | 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 673 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR 674 | REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, 675 | INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING 676 | OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED 677 | TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY 678 | YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER 679 | PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE 680 | POSSIBILITY OF SUCH DAMAGES. 681 | 682 | END OF TERMS AND CONDITIONS 683 | 684 | How to Apply These Terms to Your New Programs 685 | 686 | If you develop a new program, and you want it to be of the greatest 687 | possible use to the public, the best way to achieve this is to make it 688 | free software which everyone can redistribute and change under these terms. 689 | 690 | To do so, attach the following notices to the program. It is safest 691 | to attach them to the start of each source file to most effectively 692 | convey the exclusion of warranty; and each file should have at least 693 | the "copyright" line and a pointer to where the full notice is found. 694 | 695 | 696 | Copyright (C) 697 | 698 | This program is free software; you can redistribute it and/or modify 699 | it under the terms of the GNU General Public License as published by 700 | the Free Software Foundation; either version 2 of the License, or 701 | (at your option) any later version. 702 | 703 | This program is distributed in the hope that it will be useful, 704 | but WITHOUT ANY WARRANTY; without even the implied warranty of 705 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 706 | GNU General Public License for more details. 707 | 708 | You should have received a copy of the GNU General Public License 709 | along with this program; if not, write to the Free Software 710 | Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 711 | 712 | 713 | Also add information on how to contact you by electronic and paper mail. 714 | 715 | If the program is interactive, make it output a short notice like this 716 | when it starts in an interactive mode: 717 | 718 | Gnomovision version 69, Copyright (C) year name of author 719 | Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. 720 | This is free software, and you are welcome to redistribute it 721 | under certain conditions; type `show c' for details. 722 | 723 | The hypothetical commands `show w' and `show c' should show the appropriate 724 | parts of the General Public License. Of course, the commands you use may 725 | be called something other than `show w' and `show c'; they could even be 726 | mouse-clicks or menu items--whatever suits your program. 727 | 728 | You should also get your employer (if you work as a programmer) or your 729 | school, if any, to sign a "copyright disclaimer" for the program, if 730 | necessary. Here is a sample; alter the names: 731 | 732 | Yoyodyne, Inc., hereby disclaims all copyright interest in the program 733 | `Gnomovision' (which makes passes at compilers) written by James Hacker. 734 | 735 | , 1 April 1989 736 | Ty Coon, President of Vice 737 | 738 | This General Public License does not permit incorporating your program into 739 | proprietary programs. If your program is a subroutine library, you may 740 | consider it more useful to permit linking proprietary applications with the 741 | library. If this is what you want to do, use the GNU Library General 742 | Public License instead of this License. 743 | 744 | ---------------------------------------------------------------------- 745 | 746 | The bundled ZLib code is licensed under the ZLib license: 747 | 748 | Copyright (C) 1995-2010 Jean-loup Gailly and Mark Adler 749 | 750 | This software is provided 'as-is', without any express or implied 751 | warranty. In no event will the authors be held liable for any damages 752 | arising from the use of this software. 753 | 754 | Permission is granted to anyone to use this software for any purpose, 755 | including commercial applications, and to alter it and redistribute it 756 | freely, subject to the following restrictions: 757 | 758 | 1. The origin of this software must not be misrepresented; you must not 759 | claim that you wrote the original software. If you use this software 760 | in a product, an acknowledgment in the product documentation would be 761 | appreciated but is not required. 762 | 2. Altered source versions must be plainly marked as such, and must not be 763 | misrepresented as being the original software. 764 | 3. This notice may not be removed or altered from any source distribution. 765 | 766 | Jean-loup Gailly Mark Adler 767 | jloup@gzip.org madler@alumni.caltech.edu 768 | 769 | ---------------------------------------------------------------------- 770 | 771 | The Clar framework is licensed under the ISC license: 772 | 773 | Copyright (c) 2011-2015 Vicent Marti 774 | 775 | Permission to use, copy, modify, and/or distribute this software for any 776 | purpose with or without fee is hereby granted, provided that the above 777 | copyright notice and this permission notice appear in all copies. 778 | 779 | THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 780 | WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 781 | MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 782 | ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 783 | WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 784 | ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 785 | OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 786 | 787 | ---------------------------------------------------------------------- 788 | 789 | The regex library (deps/regex/) is licensed under the GNU LGPL 790 | (available at the end of this file). 791 | 792 | Definitions for data structures and routines for the regular 793 | expression library. 794 | 795 | Copyright (C) 1985,1989-93,1995-98,2000,2001,2002,2003,2005,2006,2008 796 | Free Software Foundation, Inc. 797 | This file is part of the GNU C Library. 798 | 799 | The GNU C Library is free software; you can redistribute it and/or 800 | modify it under the terms of the GNU Lesser General Public 801 | License as published by the Free Software Foundation; either 802 | version 2.1 of the License, or (at your option) any later version. 803 | 804 | The GNU C Library is distributed in the hope that it will be useful, 805 | but WITHOUT ANY WARRANTY; without even the implied warranty of 806 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 807 | Lesser General Public License for more details. 808 | 809 | You should have received a copy of the GNU Lesser General Public 810 | License along with the GNU C Library; if not, write to the Free 811 | Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 812 | 02110-1301 USA. 813 | 814 | ---------------------------------------------------------------------- 815 | 816 | The bundled winhttp definition files (deps/winhttp/) are licensed under 817 | the GNU LGPL (available at the end of this file). 818 | 819 | Copyright (C) 2007 Francois Gouget 820 | 821 | This library is free software; you can redistribute it and/or 822 | modify it under the terms of the GNU Lesser General Public 823 | License as published by the Free Software Foundation; either 824 | version 2.1 of the License, or (at your option) any later version. 825 | 826 | This library is distributed in the hope that it will be useful, 827 | but WITHOUT ANY WARRANTY; without even the implied warranty of 828 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 829 | Lesser General Public License for more details. 830 | 831 | You should have received a copy of the GNU Lesser General Public 832 | License along with this library; if not, write to the Free Software 833 | Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA 834 | 835 | ---------------------------------------------------------------------- 836 | 837 | GNU LESSER GENERAL PUBLIC LICENSE 838 | Version 2.1, February 1999 839 | 840 | Copyright (C) 1991, 1999 Free Software Foundation, Inc. 841 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 842 | Everyone is permitted to copy and distribute verbatim copies 843 | of this license document, but changing it is not allowed. 844 | 845 | [This is the first released version of the Lesser GPL. It also counts 846 | as the successor of the GNU Library Public License, version 2, hence 847 | the version number 2.1.] 848 | 849 | Preamble 850 | 851 | The licenses for most software are designed to take away your 852 | freedom to share and change it. By contrast, the GNU General Public 853 | Licenses are intended to guarantee your freedom to share and change 854 | free software--to make sure the software is free for all its users. 855 | 856 | This license, the Lesser General Public License, applies to some 857 | specially designated software packages--typically libraries--of the 858 | Free Software Foundation and other authors who decide to use it. You 859 | can use it too, but we suggest you first think carefully about whether 860 | this license or the ordinary General Public License is the better 861 | strategy to use in any particular case, based on the explanations below. 862 | 863 | When we speak of free software, we are referring to freedom of use, 864 | not price. Our General Public Licenses are designed to make sure that 865 | you have the freedom to distribute copies of free software (and charge 866 | for this service if you wish); that you receive source code or can get 867 | it if you want it; that you can change the software and use pieces of 868 | it in new free programs; and that you are informed that you can do 869 | these things. 870 | 871 | To protect your rights, we need to make restrictions that forbid 872 | distributors to deny you these rights or to ask you to surrender these 873 | rights. These restrictions translate to certain responsibilities for 874 | you if you distribute copies of the library or if you modify it. 875 | 876 | For example, if you distribute copies of the library, whether gratis 877 | or for a fee, you must give the recipients all the rights that we gave 878 | you. You must make sure that they, too, receive or can get the source 879 | code. If you link other code with the library, you must provide 880 | complete object files to the recipients, so that they can relink them 881 | with the library after making changes to the library and recompiling 882 | it. And you must show them these terms so they know their rights. 883 | 884 | We protect your rights with a two-step method: (1) we copyright the 885 | library, and (2) we offer you this license, which gives you legal 886 | permission to copy, distribute and/or modify the library. 887 | 888 | To protect each distributor, we want to make it very clear that 889 | there is no warranty for the free library. Also, if the library is 890 | modified by someone else and passed on, the recipients should know 891 | that what they have is not the original version, so that the original 892 | author's reputation will not be affected by problems that might be 893 | introduced by others. 894 | 895 | Finally, software patents pose a constant threat to the existence of 896 | any free program. We wish to make sure that a company cannot 897 | effectively restrict the users of a free program by obtaining a 898 | restrictive license from a patent holder. Therefore, we insist that 899 | any patent license obtained for a version of the library must be 900 | consistent with the full freedom of use specified in this license. 901 | 902 | Most GNU software, including some libraries, is covered by the 903 | ordinary GNU General Public License. This license, the GNU Lesser 904 | General Public License, applies to certain designated libraries, and 905 | is quite different from the ordinary General Public License. We use 906 | this license for certain libraries in order to permit linking those 907 | libraries into non-free programs. 908 | 909 | When a program is linked with a library, whether statically or using 910 | a shared library, the combination of the two is legally speaking a 911 | combined work, a derivative of the original library. The ordinary 912 | General Public License therefore permits such linking only if the 913 | entire combination fits its criteria of freedom. The Lesser General 914 | Public License permits more lax criteria for linking other code with 915 | the library. 916 | 917 | We call this license the "Lesser" General Public License because it 918 | does Less to protect the user's freedom than the ordinary General 919 | Public License. It also provides other free software developers Less 920 | of an advantage over competing non-free programs. These disadvantages 921 | are the reason we use the ordinary General Public License for many 922 | libraries. However, the Lesser license provides advantages in certain 923 | special circumstances. 924 | 925 | For example, on rare occasions, there may be a special need to 926 | encourage the widest possible use of a certain library, so that it becomes 927 | a de-facto standard. To achieve this, non-free programs must be 928 | allowed to use the library. A more frequent case is that a free 929 | library does the same job as widely used non-free libraries. In this 930 | case, there is little to gain by limiting the free library to free 931 | software only, so we use the Lesser General Public License. 932 | 933 | In other cases, permission to use a particular library in non-free 934 | programs enables a greater number of people to use a large body of 935 | free software. For example, permission to use the GNU C Library in 936 | non-free programs enables many more people to use the whole GNU 937 | operating system, as well as its variant, the GNU/Linux operating 938 | system. 939 | 940 | Although the Lesser General Public License is Less protective of the 941 | users' freedom, it does ensure that the user of a program that is 942 | linked with the Library has the freedom and the wherewithal to run 943 | that program using a modified version of the Library. 944 | 945 | The precise terms and conditions for copying, distribution and 946 | modification follow. Pay close attention to the difference between a 947 | "work based on the library" and a "work that uses the library". The 948 | former contains code derived from the library, whereas the latter must 949 | be combined with the library in order to run. 950 | 951 | GNU LESSER GENERAL PUBLIC LICENSE 952 | TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 953 | 954 | 0. This License Agreement applies to any software library or other 955 | program which contains a notice placed by the copyright holder or 956 | other authorized party saying it may be distributed under the terms of 957 | this Lesser General Public License (also called "this License"). 958 | Each licensee is addressed as "you". 959 | 960 | A "library" means a collection of software functions and/or data 961 | prepared so as to be conveniently linked with application programs 962 | (which use some of those functions and data) to form executables. 963 | 964 | The "Library", below, refers to any such software library or work 965 | which has been distributed under these terms. A "work based on the 966 | Library" means either the Library or any derivative work under 967 | copyright law: that is to say, a work containing the Library or a 968 | portion of it, either verbatim or with modifications and/or translated 969 | straightforwardly into another language. (Hereinafter, translation is 970 | included without limitation in the term "modification".) 971 | 972 | "Source code" for a work means the preferred form of the work for 973 | making modifications to it. For a library, complete source code means 974 | all the source code for all modules it contains, plus any associated 975 | interface definition files, plus the scripts used to control compilation 976 | and installation of the library. 977 | 978 | Activities other than copying, distribution and modification are not 979 | covered by this License; they are outside its scope. The act of 980 | running a program using the Library is not restricted, and output from 981 | such a program is covered only if its contents constitute a work based 982 | on the Library (independent of the use of the Library in a tool for 983 | writing it). Whether that is true depends on what the Library does 984 | and what the program that uses the Library does. 985 | 986 | 1. You may copy and distribute verbatim copies of the Library's 987 | complete source code as you receive it, in any medium, provided that 988 | you conspicuously and appropriately publish on each copy an 989 | appropriate copyright notice and disclaimer of warranty; keep intact 990 | all the notices that refer to this License and to the absence of any 991 | warranty; and distribute a copy of this License along with the 992 | Library. 993 | 994 | You may charge a fee for the physical act of transferring a copy, 995 | and you may at your option offer warranty protection in exchange for a 996 | fee. 997 | 998 | 2. You may modify your copy or copies of the Library or any portion 999 | of it, thus forming a work based on the Library, and copy and 1000 | distribute such modifications or work under the terms of Section 1 1001 | above, provided that you also meet all of these conditions: 1002 | 1003 | a) The modified work must itself be a software library. 1004 | 1005 | b) You must cause the files modified to carry prominent notices 1006 | stating that you changed the files and the date of any change. 1007 | 1008 | c) You must cause the whole of the work to be licensed at no 1009 | charge to all third parties under the terms of this License. 1010 | 1011 | d) If a facility in the modified Library refers to a function or a 1012 | table of data to be supplied by an application program that uses 1013 | the facility, other than as an argument passed when the facility 1014 | is invoked, then you must make a good faith effort to ensure that, 1015 | in the event an application does not supply such function or 1016 | table, the facility still operates, and performs whatever part of 1017 | its purpose remains meaningful. 1018 | 1019 | (For example, a function in a library to compute square roots has 1020 | a purpose that is entirely well-defined independent of the 1021 | application. Therefore, Subsection 2d requires that any 1022 | application-supplied function or table used by this function must 1023 | be optional: if the application does not supply it, the square 1024 | root function must still compute square roots.) 1025 | 1026 | These requirements apply to the modified work as a whole. If 1027 | identifiable sections of that work are not derived from the Library, 1028 | and can be reasonably considered independent and separate works in 1029 | themselves, then this License, and its terms, do not apply to those 1030 | sections when you distribute them as separate works. But when you 1031 | distribute the same sections as part of a whole which is a work based 1032 | on the Library, the distribution of the whole must be on the terms of 1033 | this License, whose permissions for other licensees extend to the 1034 | entire whole, and thus to each and every part regardless of who wrote 1035 | it. 1036 | 1037 | Thus, it is not the intent of this section to claim rights or contest 1038 | your rights to work written entirely by you; rather, the intent is to 1039 | exercise the right to control the distribution of derivative or 1040 | collective works based on the Library. 1041 | 1042 | In addition, mere aggregation of another work not based on the Library 1043 | with the Library (or with a work based on the Library) on a volume of 1044 | a storage or distribution medium does not bring the other work under 1045 | the scope of this License. 1046 | 1047 | 3. You may opt to apply the terms of the ordinary GNU General Public 1048 | License instead of this License to a given copy of the Library. To do 1049 | this, you must alter all the notices that refer to this License, so 1050 | that they refer to the ordinary GNU General Public License, version 2, 1051 | instead of to this License. (If a newer version than version 2 of the 1052 | ordinary GNU General Public License has appeared, then you can specify 1053 | that version instead if you wish.) Do not make any other change in 1054 | these notices. 1055 | 1056 | Once this change is made in a given copy, it is irreversible for 1057 | that copy, so the ordinary GNU General Public License applies to all 1058 | subsequent copies and derivative works made from that copy. 1059 | 1060 | This option is useful when you wish to copy part of the code of 1061 | the Library into a program that is not a library. 1062 | 1063 | 4. You may copy and distribute the Library (or a portion or 1064 | derivative of it, under Section 2) in object code or executable form 1065 | under the terms of Sections 1 and 2 above provided that you accompany 1066 | it with the complete corresponding machine-readable source code, which 1067 | must be distributed under the terms of Sections 1 and 2 above on a 1068 | medium customarily used for software interchange. 1069 | 1070 | If distribution of object code is made by offering access to copy 1071 | from a designated place, then offering equivalent access to copy the 1072 | source code from the same place satisfies the requirement to 1073 | distribute the source code, even though third parties are not 1074 | compelled to copy the source along with the object code. 1075 | 1076 | 5. A program that contains no derivative of any portion of the 1077 | Library, but is designed to work with the Library by being compiled or 1078 | linked with it, is called a "work that uses the Library". Such a 1079 | work, in isolation, is not a derivative work of the Library, and 1080 | therefore falls outside the scope of this License. 1081 | 1082 | However, linking a "work that uses the Library" with the Library 1083 | creates an executable that is a derivative of the Library (because it 1084 | contains portions of the Library), rather than a "work that uses the 1085 | library". The executable is therefore covered by this License. 1086 | Section 6 states terms for distribution of such executables. 1087 | 1088 | When a "work that uses the Library" uses material from a header file 1089 | that is part of the Library, the object code for the work may be a 1090 | derivative work of the Library even though the source code is not. 1091 | Whether this is true is especially significant if the work can be 1092 | linked without the Library, or if the work is itself a library. The 1093 | threshold for this to be true is not precisely defined by law. 1094 | 1095 | If such an object file uses only numerical parameters, data 1096 | structure layouts and accessors, and small macros and small inline 1097 | functions (ten lines or less in length), then the use of the object 1098 | file is unrestricted, regardless of whether it is legally a derivative 1099 | work. (Executables containing this object code plus portions of the 1100 | Library will still fall under Section 6.) 1101 | 1102 | Otherwise, if the work is a derivative of the Library, you may 1103 | distribute the object code for the work under the terms of Section 6. 1104 | Any executables containing that work also fall under Section 6, 1105 | whether or not they are linked directly with the Library itself. 1106 | 1107 | 6. As an exception to the Sections above, you may also combine or 1108 | link a "work that uses the Library" with the Library to produce a 1109 | work containing portions of the Library, and distribute that work 1110 | under terms of your choice, provided that the terms permit 1111 | modification of the work for the customer's own use and reverse 1112 | engineering for debugging such modifications. 1113 | 1114 | You must give prominent notice with each copy of the work that the 1115 | Library is used in it and that the Library and its use are covered by 1116 | this License. You must supply a copy of this License. If the work 1117 | during execution displays copyright notices, you must include the 1118 | copyright notice for the Library among them, as well as a reference 1119 | directing the user to the copy of this License. Also, you must do one 1120 | of these things: 1121 | 1122 | a) Accompany the work with the complete corresponding 1123 | machine-readable source code for the Library including whatever 1124 | changes were used in the work (which must be distributed under 1125 | Sections 1 and 2 above); and, if the work is an executable linked 1126 | with the Library, with the complete machine-readable "work that 1127 | uses the Library", as object code and/or source code, so that the 1128 | user can modify the Library and then relink to produce a modified 1129 | executable containing the modified Library. (It is understood 1130 | that the user who changes the contents of definitions files in the 1131 | Library will not necessarily be able to recompile the application 1132 | to use the modified definitions.) 1133 | 1134 | b) Use a suitable shared library mechanism for linking with the 1135 | Library. A suitable mechanism is one that (1) uses at run time a 1136 | copy of the library already present on the user's computer system, 1137 | rather than copying library functions into the executable, and (2) 1138 | will operate properly with a modified version of the library, if 1139 | the user installs one, as long as the modified version is 1140 | interface-compatible with the version that the work was made with. 1141 | 1142 | c) Accompany the work with a written offer, valid for at 1143 | least three years, to give the same user the materials 1144 | specified in Subsection 6a, above, for a charge no more 1145 | than the cost of performing this distribution. 1146 | 1147 | d) If distribution of the work is made by offering access to copy 1148 | from a designated place, offer equivalent access to copy the above 1149 | specified materials from the same place. 1150 | 1151 | e) Verify that the user has already received a copy of these 1152 | materials or that you have already sent this user a copy. 1153 | 1154 | For an executable, the required form of the "work that uses the 1155 | Library" must include any data and utility programs needed for 1156 | reproducing the executable from it. However, as a special exception, 1157 | the materials to be distributed need not include anything that is 1158 | normally distributed (in either source or binary form) with the major 1159 | components (compiler, kernel, and so on) of the operating system on 1160 | which the executable runs, unless that component itself accompanies 1161 | the executable. 1162 | 1163 | It may happen that this requirement contradicts the license 1164 | restrictions of other proprietary libraries that do not normally 1165 | accompany the operating system. Such a contradiction means you cannot 1166 | use both them and the Library together in an executable that you 1167 | distribute. 1168 | 1169 | 7. You may place library facilities that are a work based on the 1170 | Library side-by-side in a single library together with other library 1171 | facilities not covered by this License, and distribute such a combined 1172 | library, provided that the separate distribution of the work based on 1173 | the Library and of the other library facilities is otherwise 1174 | permitted, and provided that you do these two things: 1175 | 1176 | a) Accompany the combined library with a copy of the same work 1177 | based on the Library, uncombined with any other library 1178 | facilities. This must be distributed under the terms of the 1179 | Sections above. 1180 | 1181 | b) Give prominent notice with the combined library of the fact 1182 | that part of it is a work based on the Library, and explaining 1183 | where to find the accompanying uncombined form of the same work. 1184 | 1185 | 8. You may not copy, modify, sublicense, link with, or distribute 1186 | the Library except as expressly provided under this License. Any 1187 | attempt otherwise to copy, modify, sublicense, link with, or 1188 | distribute the Library is void, and will automatically terminate your 1189 | rights under this License. However, parties who have received copies, 1190 | or rights, from you under this License will not have their licenses 1191 | terminated so long as such parties remain in full compliance. 1192 | 1193 | 9. You are not required to accept this License, since you have not 1194 | signed it. However, nothing else grants you permission to modify or 1195 | distribute the Library or its derivative works. These actions are 1196 | prohibited by law if you do not accept this License. Therefore, by 1197 | modifying or distributing the Library (or any work based on the 1198 | Library), you indicate your acceptance of this License to do so, and 1199 | all its terms and conditions for copying, distributing or modifying 1200 | the Library or works based on it. 1201 | 1202 | 10. Each time you redistribute the Library (or any work based on the 1203 | Library), the recipient automatically receives a license from the 1204 | original licensor to copy, distribute, link with or modify the Library 1205 | subject to these terms and conditions. You may not impose any further 1206 | restrictions on the recipients' exercise of the rights granted herein. 1207 | You are not responsible for enforcing compliance by third parties with 1208 | this License. 1209 | 1210 | 11. If, as a consequence of a court judgment or allegation of patent 1211 | infringement or for any other reason (not limited to patent issues), 1212 | conditions are imposed on you (whether by court order, agreement or 1213 | otherwise) that contradict the conditions of this License, they do not 1214 | excuse you from the conditions of this License. If you cannot 1215 | distribute so as to satisfy simultaneously your obligations under this 1216 | License and any other pertinent obligations, then as a consequence you 1217 | may not distribute the Library at all. For example, if a patent 1218 | license would not permit royalty-free redistribution of the Library by 1219 | all those who receive copies directly or indirectly through you, then 1220 | the only way you could satisfy both it and this License would be to 1221 | refrain entirely from distribution of the Library. 1222 | 1223 | If any portion of this section is held invalid or unenforceable under any 1224 | particular circumstance, the balance of the section is intended to apply, 1225 | and the section as a whole is intended to apply in other circumstances. 1226 | 1227 | It is not the purpose of this section to induce you to infringe any 1228 | patents or other property right claims or to contest validity of any 1229 | such claims; this section has the sole purpose of protecting the 1230 | integrity of the free software distribution system which is 1231 | implemented by public license practices. Many people have made 1232 | generous contributions to the wide range of software distributed 1233 | through that system in reliance on consistent application of that 1234 | system; it is up to the author/donor to decide if he or she is willing 1235 | to distribute software through any other system and a licensee cannot 1236 | impose that choice. 1237 | 1238 | This section is intended to make thoroughly clear what is believed to 1239 | be a consequence of the rest of this License. 1240 | 1241 | 12. If the distribution and/or use of the Library is restricted in 1242 | certain countries either by patents or by copyrighted interfaces, the 1243 | original copyright holder who places the Library under this License may add 1244 | an explicit geographical distribution limitation excluding those countries, 1245 | so that distribution is permitted only in or among countries not thus 1246 | excluded. In such case, this License incorporates the limitation as if 1247 | written in the body of this License. 1248 | 1249 | 13. The Free Software Foundation may publish revised and/or new 1250 | versions of the Lesser General Public License from time to time. 1251 | Such new versions will be similar in spirit to the present version, 1252 | but may differ in detail to address new problems or concerns. 1253 | 1254 | Each version is given a distinguishing version number. If the Library 1255 | specifies a version number of this License which applies to it and 1256 | "any later version", you have the option of following the terms and 1257 | conditions either of that version or of any later version published by 1258 | the Free Software Foundation. If the Library does not specify a 1259 | license version number, you may choose any version ever published by 1260 | the Free Software Foundation. 1261 | 1262 | 14. If you wish to incorporate parts of the Library into other free 1263 | programs whose distribution conditions are incompatible with these, 1264 | write to the author to ask for permission. For software which is 1265 | copyrighted by the Free Software Foundation, write to the Free 1266 | Software Foundation; we sometimes make exceptions for this. Our 1267 | decision will be guided by the two goals of preserving the free status 1268 | of all derivatives of our free software and of promoting the sharing 1269 | and reuse of software generally. 1270 | 1271 | NO WARRANTY 1272 | 1273 | 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO 1274 | WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. 1275 | EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR 1276 | OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY 1277 | KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE 1278 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 1279 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE 1280 | LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME 1281 | THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 1282 | 1283 | 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN 1284 | WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY 1285 | AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU 1286 | FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR 1287 | CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE 1288 | LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING 1289 | RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A 1290 | FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF 1291 | SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH 1292 | DAMAGES. 1293 | 1294 | END OF TERMS AND CONDITIONS 1295 | 1296 | How to Apply These Terms to Your New Libraries 1297 | 1298 | If you develop a new library, and you want it to be of the greatest 1299 | possible use to the public, we recommend making it free software that 1300 | everyone can redistribute and change. You can do so by permitting 1301 | redistribution under these terms (or, alternatively, under the terms of the 1302 | ordinary General Public License). 1303 | 1304 | To apply these terms, attach the following notices to the library. It is 1305 | safest to attach them to the start of each source file to most effectively 1306 | convey the exclusion of warranty; and each file should have at least the 1307 | "copyright" line and a pointer to where the full notice is found. 1308 | 1309 | 1310 | Copyright (C) 1311 | 1312 | This library is free software; you can redistribute it and/or 1313 | modify it under the terms of the GNU Lesser General Public 1314 | License as published by the Free Software Foundation; either 1315 | version 2.1 of the License, or (at your option) any later version. 1316 | 1317 | This library is distributed in the hope that it will be useful, 1318 | but WITHOUT ANY WARRANTY; without even the implied warranty of 1319 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 1320 | Lesser General Public License for more details. 1321 | 1322 | You should have received a copy of the GNU Lesser General Public 1323 | License along with this library; if not, write to the Free Software 1324 | Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 1325 | 1326 | Also add information on how to contact you by electronic and paper mail. 1327 | 1328 | You should also get your employer (if you work as a programmer) or your 1329 | school, if any, to sign a "copyright disclaimer" for the library, if 1330 | necessary. Here is a sample; alter the names: 1331 | 1332 | Yoyodyne, Inc., hereby disclaims all copyright interest in the 1333 | library `Frob' (a library for tweaking knobs) written by James Random Hacker. 1334 | 1335 | , 1 April 1990 1336 | Ty Coon, President of Vice 1337 | 1338 | That's all there is to it! 1339 | ``` 1340 | 1341 | ## cffi 1342 | 1343 | *[Project page](https://bitbucket.org/cffi/cffi/)* 1344 | 1345 | ``` 1346 | Except when otherwise stated (look for LICENSE files in directories or 1347 | information at the beginning of each file) all software and 1348 | documentation is licensed as follows: 1349 | 1350 | The MIT License 1351 | 1352 | Permission is hereby granted, free of charge, to any person 1353 | obtaining a copy of this software and associated documentation 1354 | files (the "Software"), to deal in the Software without 1355 | restriction, including without limitation the rights to use, 1356 | copy, modify, merge, publish, distribute, sublicense, and/or 1357 | sell copies of the Software, and to permit persons to whom the 1358 | Software is furnished to do so, subject to the following conditions: 1359 | 1360 | The above copyright notice and this permission notice shall be included 1361 | in all copies or substantial portions of the Software. 1362 | 1363 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 1364 | OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 1365 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 1366 | THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 1367 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 1368 | FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 1369 | DEALINGS IN THE SOFTWARE. 1370 | ``` 1371 | 1372 | ## ipaddress 1373 | 1374 | *[Project page](https://github.com/phihag/ipaddress)* 1375 | 1376 | ``` 1377 | This package is a modified version of cpython's ipaddress module. 1378 | It is therefore distributed under the PSF license, as follows: 1379 | 1380 | PYTHON SOFTWARE FOUNDATION LICENSE VERSION 2 1381 | -------------------------------------------- 1382 | 1383 | 1. This LICENSE AGREEMENT is between the Python Software Foundation 1384 | ("PSF"), and the Individual or Organization ("Licensee") accessing and 1385 | otherwise using this software ("Python") in source or binary form and 1386 | its associated documentation. 1387 | 1388 | 2. Subject to the terms and conditions of this License Agreement, PSF hereby 1389 | grants Licensee a nonexclusive, royalty-free, world-wide license to reproduce, 1390 | analyze, test, perform and/or display publicly, prepare derivative works, 1391 | distribute, and otherwise use Python alone or in any derivative version, 1392 | provided, however, that PSF's License Agreement and PSF's notice of copyright, 1393 | i.e., "Copyright (c) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 1394 | 2011, 2012, 2013, 2014 Python Software Foundation; All Rights Reserved" are 1395 | retained in Python alone or in any derivative version prepared by Licensee. 1396 | 1397 | 3. In the event Licensee prepares a derivative work that is based on 1398 | or incorporates Python or any part thereof, and wants to make 1399 | the derivative work available to others as provided herein, then 1400 | Licensee hereby agrees to include in any such work a brief summary of 1401 | the changes made to Python. 1402 | 1403 | 4. PSF is making Python available to Licensee on an "AS IS" 1404 | basis. PSF MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR 1405 | IMPLIED. BY WAY OF EXAMPLE, BUT NOT LIMITATION, PSF MAKES NO AND 1406 | DISCLAIMS ANY REPRESENTATION OR WARRANTY OF MERCHANTABILITY OR FITNESS 1407 | FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF PYTHON WILL NOT 1408 | INFRINGE ANY THIRD PARTY RIGHTS. 1409 | 1410 | 5. PSF SHALL NOT BE LIABLE TO LICENSEE OR ANY OTHER USERS OF PYTHON 1411 | FOR ANY INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES OR LOSS AS 1412 | A RESULT OF MODIFYING, DISTRIBUTING, OR OTHERWISE USING PYTHON, 1413 | OR ANY DERIVATIVE THEREOF, EVEN IF ADVISED OF THE POSSIBILITY THEREOF. 1414 | 1415 | 6. This License Agreement will automatically terminate upon a material 1416 | breach of its terms and conditions. 1417 | 1418 | 7. Nothing in this License Agreement shall be deemed to create any 1419 | relationship of agency, partnership, or joint venture between PSF and 1420 | Licensee. This License Agreement does not grant permission to use PSF 1421 | trademarks or trade name in a trademark sense to endorse or promote 1422 | products or services of Licensee, or any third party. 1423 | 1424 | 8. By copying, installing or otherwise using Python, Licensee 1425 | agrees to be bound by the terms and conditions of this License 1426 | Agreement. 1427 | ``` 1428 | --------------------------------------------------------------------------------