├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── LICENSE ├── README.md └── cloudfomation.yaml /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | ## Code of Conduct 2 | This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). 3 | For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact 4 | opensource-codeofconduct@amazon.com with any additional questions or comments. 5 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing Guidelines 2 | 3 | Thank you for your interest in contributing to our project. Whether it's a bug report, new feature, correction, or additional 4 | documentation, we greatly value feedback and contributions from our community. 5 | 6 | Please read through this document before submitting any issues or pull requests to ensure we have all the necessary 7 | information to effectively respond to your bug report or contribution. 8 | 9 | 10 | ## Reporting Bugs/Feature Requests 11 | 12 | We welcome you to use the GitHub issue tracker to report bugs or suggest features. 13 | 14 | When filing an issue, please check existing open, or recently closed, issues to make sure somebody else hasn't already 15 | reported the issue. Please try to include as much information as you can. Details like these are incredibly useful: 16 | 17 | * A reproducible test case or series of steps 18 | * The version of our code being used 19 | * Any modifications you've made relevant to the bug 20 | * Anything unusual about your environment or deployment 21 | 22 | 23 | ## Contributing via Pull Requests 24 | Contributions via pull requests are much appreciated. Before sending us a pull request, please ensure that: 25 | 26 | 1. You are working against the latest source on the *main* branch. 27 | 2. You check existing open, and recently merged, pull requests to make sure someone else hasn't addressed the problem already. 28 | 3. You open an issue to discuss any significant work - we would hate for your time to be wasted. 29 | 30 | To send us a pull request, please: 31 | 32 | 1. Fork the repository. 33 | 2. Modify the source; please focus on the specific change you are contributing. If you also reformat all the code, it will be hard for us to focus on your change. 34 | 3. Ensure local tests pass. 35 | 4. Commit to your fork using clear commit messages. 36 | 5. Send us a pull request, answering any default questions in the pull request interface. 37 | 6. Pay attention to any automated CI failures reported in the pull request, and stay involved in the conversation. 38 | 39 | GitHub provides additional document on [forking a repository](https://help.github.com/articles/fork-a-repo/) and 40 | [creating a pull request](https://help.github.com/articles/creating-a-pull-request/). 41 | 42 | 43 | ## Finding contributions to work on 44 | Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels (enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any 'help wanted' issues is a great place to start. 45 | 46 | 47 | ## Code of Conduct 48 | This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). 49 | For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact 50 | opensource-codeofconduct@amazon.com with any additional questions or comments. 51 | 52 | 53 | ## Security issue notifications 54 | If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue. 55 | 56 | 57 | ## Licensing 58 | 59 | See the [LICENSE](LICENSE) file for our project's licensing. We will ask you to confirm the licensing of your contribution. 60 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy of 4 | this software and associated documentation files (the "Software"), to deal in 5 | the Software without restriction, including without limitation the rights to 6 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of 7 | the Software, and to permit persons to whom the Software is furnished to do so. 8 | 9 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 10 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS 11 | FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR 12 | COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER 13 | IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 14 | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 15 | 16 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## AWS CodePipeline build status integration with third party GIT repository 2 | 3 | Please see the AWS DevOps Blog (https://aws.amazon.com/blogs/devops/) article AWS CodePipeline build status integration with third party GIT repository for instructions and more context. 4 | 5 | AWS CodePipeline allows using third-party git repository as a source for a pipeline and keeping track on results of pipeline execution triggered by a particular commit can be challenging. Setting up this solution assumes some knowledge of CloudFormation, Python3 and the boto3 AWS SDK. 6 | 7 | You will need to have or configure an existing AWS CodePipeline pipeline setup with source provider Bitbucket or GitHub and jave access to GitHub or Bitbucket account to generate API credentials. 8 | 9 | ## Security 10 | 11 | See [CONTRIBUTING](CONTRIBUTING.md#security-issue-notifications) for more information. 12 | 13 | ## License 14 | 15 | This library is licensed under the MIT-0 License. See the LICENSE file. 16 | 17 | -------------------------------------------------------------------------------- /cloudfomation.yaml: -------------------------------------------------------------------------------- 1 | AWSTemplateFormatVersion: '2010-09-09' 2 | Description: Lambda for Pipeline Integrations. 3 | Parameters: 4 | IntegrationType: 5 | Type: String 6 | AllowedValues: 7 | - "Bitbucket" 8 | - "GitHub" 9 | Description: Enter Bitbucket or GitHub 10 | IntegrationUser: 11 | NoEcho: true 12 | Type: String 13 | MinLength: 1 14 | Description: Enter Bitbucket or GitHub API username 15 | IntegrationPass: 16 | NoEcho: true 17 | Type: String 18 | MinLength: 1 19 | Description: Enter Bitbucket or GitHub API password 20 | PipelineName: 21 | Type: String 22 | MinLength: 1 23 | Description: Name of CodePipeline pipeline 24 | EncryptionAtRest: 25 | Type: String 26 | Default: "Yes" 27 | AllowedValues: 28 | - "Yes" 29 | - "No" 30 | Description: Enable encryption at rest for SNS topic 31 | Conditions: 32 | UseCMK: !Equals 33 | - !Ref EncryptionAtRest 34 | - "Yes" 35 | Resources: 36 | SNSTopicEncryptionKey: 37 | Type: AWS::KMS::Key 38 | Condition: UseCMK 39 | Properties: 40 | Description: !Sub "CMK for SNS Topic for encryption at rest in ${AWS::StackName}" 41 | KeyPolicy: 42 | Version: '2012-10-17' 43 | Statement: 44 | - Sid: Enable IAM User Permissions 45 | Effect: Allow 46 | Principal: 47 | AWS: !Sub 'arn:aws:iam::${AWS::AccountId}:root' 48 | Action: kms:* 49 | Resource: '*' 50 | - Sid: Allow administration of the key 51 | Effect: Allow 52 | Principal: 53 | AWS: !Sub 'arn:aws:iam::${AWS::AccountId}:role/Admin' 54 | Action: 55 | - kms:Create* 56 | - kms:Describe* 57 | - kms:Enable* 58 | - kms:List* 59 | - kms:Put* 60 | - kms:Update* 61 | - kms:Revoke* 62 | - kms:Disable* 63 | - kms:Get* 64 | - kms:Delete* 65 | - kms:ScheduleKeyDeletion 66 | - kms:CancelKeyDeletion 67 | Resource: '*' 68 | - Sid: Allow codestar 69 | Effect: Allow 70 | Principal: 71 | Service: "codestar-notifications.amazonaws.com" 72 | Action: 73 | - kms:GenerateDataKey* 74 | - kms:Decrypt 75 | Resource: "*" 76 | Condition: 77 | StringEquals: 78 | "kms:ViaService": !Sub 'sns.${AWS::Region}.amazonaws.com' 79 | PipelineNotificationSNSTopic: 80 | Type: AWS::SNS::Topic 81 | Properties: 82 | KmsMasterKeyId: 83 | Fn::If: 84 | - UseCMK 85 | - !Ref SNSTopicEncryptionKey 86 | - !Ref AWS::NoValue 87 | Subscription: 88 | - Endpoint: !GetAtt PipelineNotificationFunction.Arn 89 | Protocol: "lambda" 90 | PipelineNotificationSNSTopicPolicy: 91 | Type: AWS::SNS::TopicPolicy 92 | Properties: 93 | PolicyDocument: 94 | Version: '2012-10-17' 95 | Statement: 96 | - Sid: SnsTopicPolicy 97 | Effect: Allow 98 | Principal: 99 | Service: "codestar-notifications.amazonaws.com" 100 | Action: 101 | - sns:Publish 102 | Resource: !Ref PipelineNotificationSNSTopic 103 | Topics: 104 | - !Ref PipelineNotificationSNSTopic 105 | LambdaExecutionRole: 106 | Type: AWS::IAM::Role 107 | Properties: 108 | AssumeRolePolicyDocument: 109 | Version: '2012-10-17' 110 | Statement: 111 | - Effect: Allow 112 | Principal: 113 | Service: 114 | - lambda.amazonaws.com 115 | Action: 116 | - sts:AssumeRole 117 | Path: "/" 118 | Policies: 119 | - PolicyName: root 120 | PolicyDocument: 121 | Version: '2012-10-17' 122 | Statement: 123 | - Effect: Allow 124 | Action: 125 | - logs:CreateLogGroup 126 | - logs:CreateLogStream 127 | - logs:PutLogEvents 128 | Resource: arn:aws:logs:*:*:* 129 | - Effect: Allow 130 | Action: 131 | - codepipeline:GetPipelineExecution 132 | Resource: arn:aws:codepipeline:*:*:* 133 | PipelineNotificationRule: 134 | Type: 'AWS::CodeStarNotifications::NotificationRule' 135 | Properties: 136 | Name: !Sub 'Notification for ${PipelineName}' 137 | DetailType: FULL 138 | Resource: !Sub 'arn:aws:codepipeline:${AWS::Region}:${AWS::AccountId}:${PipelineName}' 139 | EventTypeIds: 140 | - codepipeline-pipeline-pipeline-execution-failed 141 | - codepipeline-pipeline-pipeline-execution-canceled 142 | - codepipeline-pipeline-pipeline-execution-started 143 | - codepipeline-pipeline-pipeline-execution-resumed 144 | - codepipeline-pipeline-pipeline-execution-succeeded 145 | - codepipeline-pipeline-pipeline-execution-superseded 146 | Targets: 147 | - TargetType: SNS 148 | TargetAddress: !Ref PipelineNotificationSNSTopic 149 | 150 | SnsPermission: 151 | Type: AWS::Lambda::Permission 152 | Properties: 153 | FunctionName: !GetAtt PipelineNotificationFunction.Arn 154 | Action: lambda:InvokeFunction 155 | Principal: sns.amazonaws.com 156 | SourceArn: !Ref PipelineNotificationSNSTopic 157 | 158 | PipelineNotificationFunction: 159 | Type: AWS::Lambda::Function 160 | Properties: 161 | Runtime: python3.8 162 | Handler: index.lambda_handler 163 | Role: !GetAtt LambdaExecutionRole.Arn 164 | Timeout: 30 165 | Environment: 166 | Variables: 167 | INTEGRATION_AUTH_USER: !Ref IntegrationUser 168 | INTEGRATION_AUTH_PASS: !Ref IntegrationPass 169 | INTEGRATION_TYPE: !Ref IntegrationType 170 | 171 | Code: 172 | ZipFile: | 173 | from __future__ import print_function 174 | 175 | import json 176 | import boto3 177 | import os 178 | import urllib3 179 | from base64 import b64encode 180 | 181 | codepipeline_client = boto3.client('codepipeline') 182 | integration_user = os.environ['INTEGRATION_AUTH_USER'] 183 | integration_pass = os.environ['INTEGRATION_AUTH_PASS'] 184 | integration_type = os.environ['INTEGRATION_TYPE'] 185 | user_pass = integration_user+":"+integration_pass 186 | 187 | 188 | region = os.environ['AWS_REGION'] 189 | 190 | def lambda_handler(event, context): 191 | message = event['Records'][0]['Sns']['Message'] 192 | data = json.loads(message) 193 | print (data) 194 | 195 | #Push only notifications about Pipeline Execution State Changes 196 | if data.get("detailType") != "CodePipeline Pipeline Execution State Change": 197 | return() 198 | 199 | response = codepipeline_client.get_pipeline_execution( 200 | pipelineName=data['detail']['pipeline'], 201 | pipelineExecutionId=data['detail']['execution-id'] 202 | ) 203 | 204 | print(response) 205 | short_commit_od = response['pipelineExecution']['artifactRevisions'][0]['revisionId'][0:7] 206 | commit_id = response['pipelineExecution']['artifactRevisions'][0]['revisionId'] 207 | revision_url = response['pipelineExecution']['artifactRevisions'][0]['revisionUrl'] 208 | 209 | if "FullRepositoryId=" in revision_url: 210 | repo_id = revision_url.split("FullRepositoryId=")[1].split("&")[0] 211 | else: #gitbub v1 integration 212 | repo_id = revision_url.split("/")[3] + "/" + revision_url.split("/")[4] 213 | 214 | 215 | if integration_type == "Bitbucket": 216 | #Based on https://developer.atlassian.com/server/bitbucket/how-tos/updating-build-status-for-commits/ 217 | if data['detail']['state'].upper() in [ "SUCCEEDED" ]: 218 | state = "SUCCESSFUL" 219 | elif data['detail']['state'].upper() in [ "STARTED", "STOPPING", "STOPPED", "SUPERSEDED" ]: 220 | state = "INPROGRESS" 221 | else: 222 | state = "FAILED" 223 | 224 | url = "https://api.bitbucket.org/2.0/repositories/" + repo_id + "/commit/" + commit_id + "/statuses/build" 225 | 226 | build_status={} 227 | build_status['key'] = data['detail']['execution-id'] 228 | build_status['state'] = state 229 | build_status['name'] = "CodePipeline: " + data['detail']['pipeline'] 230 | build_status['url'] = "https://" + region + ".console.aws.amazon.com/codesuite/codepipeline/pipelines/" + data['detail']['pipeline'] + "/executions/" + data['detail']['execution-id'] + "?region="+region 231 | 232 | elif integration_type == "GitHub": 233 | #Based on https://docs.github.com/en/free-pro-team@latest/rest/reference/repos#statuses 234 | if data['detail']['state'].upper() in [ "SUCCEEDED" ]: 235 | state = "success" 236 | elif data['detail']['state'].upper() in [ "STARTED", "STOPPING", "STOPPED", "SUPERSEDED" ]: 237 | state = "pending" 238 | else: 239 | state = "error" 240 | 241 | url = "https://api.github.com/repos/" + repo_id + "/statuses/" + commit_id 242 | 243 | build_status={} 244 | build_status['state'] = state 245 | build_status['context'] = "CodePipeline" 246 | build_status['description'] = data['detail']['pipeline'] 247 | build_status['target_url'] = "https://" + region + ".console.aws.amazon.com/codesuite/codepipeline/pipelines/" + data['detail']['pipeline'] + "/executions/" + data['detail']['execution-id'] + "?region="+region 248 | 249 | else: 250 | return() 251 | 252 | encode_user_pass = b64encode(user_pass.encode()).decode() 253 | 254 | http = urllib3.PoolManager() 255 | r = http.request('POST', url, 256 | headers={'Accept': 'application/json', 'Content-Type': 'application/json', 'User-Agent': 'Curl/0.1', 'Authorization' : 'Basic %s' % encode_user_pass}, 257 | body=json.dumps(build_status).encode('utf-8') 258 | ) 259 | 260 | 261 | print(r.data) 262 | return message 263 | 264 | Outputs: 265 | SnsTopicArn: 266 | Value: !Ref PipelineNotificationSNSTopic 267 | --------------------------------------------------------------------------------