├── .editorconfig ├── .github └── ISSUE_TEMPLATE.md ├── .gitignore ├── CHANGELOG ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── LICENSE ├── README.md ├── iam └── policies │ ├── assume-role │ └── codebuild.json │ └── codebuild.json ├── main.tf ├── outputs.tf └── variables.tf /.editorconfig: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017-2018 Martin Donath 2 | 3 | # Permission is hereby granted, free of charge, to any person obtaining a copy 4 | # of this software and associated documentation files (the "Software"), to 5 | # deal in the Software without restriction, including without limitation the 6 | # rights to use, copy, modify, merge, publish, distribute, sublicense, and/or 7 | # sell copies of the Software, and to permit persons to whom the Software is 8 | # furnished to do so, subject to the following conditions: 9 | 10 | # The above copyright notice and this permission notice shall be included in 11 | # all copies or substantial portions of the Software. 12 | 13 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | # FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE 16 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 18 | # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS 19 | # IN THE SOFTWARE. 20 | 21 | # Top-level config 22 | root = true 23 | 24 | # Default 25 | [*] 26 | charset = utf-8 27 | indent_style = space 28 | indent_size = 2 29 | end_of_line = lf 30 | insert_final_newline = true 31 | trim_trailing_whitespace = true 32 | 33 | # Makefiles 34 | [Makefile] 35 | indent_style = tab 36 | indent_size = 8 37 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | ## Description 2 | 3 | [Description of the bug] 4 | 5 | ### Expected behavior 6 | 7 | [What you expected to happen] 8 | 9 | ### Actual behavior 10 | 11 | [What is actually happening] 12 | 13 | ### Steps to reproduce the bug 14 | 15 | 1. [First step] 16 | 2. [Second step] 17 | 3. [and so on...] 18 | 19 | ### Package versions 20 | 21 | * terraform-aws-github-ci: `...` 22 | * terraform: `...` 23 | 24 | ### System information 25 | 26 | * OS: [The operating system you're running] 27 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017-2018 Martin Donath 2 | 3 | # Permission is hereby granted, free of charge, to any person obtaining a copy 4 | # of this software and associated documentation files (the "Software"), to 5 | # deal in the Software without restriction, including without limitation the 6 | # rights to use, copy, modify, merge, publish, distribute, sublicense, and/or 7 | # sell copies of the Software, and to permit persons to whom the Software is 8 | # furnished to do so, subject to the following conditions: 9 | 10 | # The above copyright notice and this permission notice shall be included in 11 | # all copies or substantial portions of the Software. 12 | 13 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | # FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE 16 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 18 | # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS 19 | # IN THE SOFTWARE. 20 | 21 | # macOS internals 22 | .DS_Store 23 | 24 | # Terraform runtime 25 | .terraform 26 | .terraform.tfstate.lock.info 27 | 28 | # Terraform state 29 | *.tfstate 30 | *.tfstate.backup 31 | -------------------------------------------------------------------------------- /CHANGELOG: -------------------------------------------------------------------------------- 1 | terraform-aws-github-ci-1.0.0 (2018-12-26) 2 | 3 | * Added support for CodeBuild environment variables 4 | * Removed custom Lambda functions in favor of native CodeBuild functionality 5 | * Officially deprecated the project - this should be the last release 6 | 7 | terraform-aws-github-ci-0.5.4 (2018-08-18) 8 | 9 | * Fixed GitHub webhook creation by temporarily downgrading provider to < 1 10 | 11 | terraform-aws-github-ci-0.5.3 (2018-06-04) 12 | 13 | * Added support for privileged mode 14 | 15 | terraform-aws-github-ci-0.5.2 (2018-05-16) 16 | 17 | * Fixed indeterministic environment variable mapping 18 | 19 | terraform-aws-github-ci-0.5.1 (2018-04-12) 20 | 21 | * Fixed broken update for build status badges 22 | 23 | terraform-aws-github-ci-0.5.0 (2018-04-12) 24 | 25 | * Added support to configure build specification file location 26 | * Fixed #10: Webhook fails due to invalid reference 27 | 28 | terraform-aws-github-ci-0.4.1 (2018-04-01) 29 | 30 | * Fixed #5: Removed default for namespace variable 31 | 32 | terraform-aws-github-ci-0.4.0 (2018-03-30) 33 | 34 | * Refactored complete code base into TypeScript 35 | 36 | terraform-aws-github-ci-0.3.0 (2017-12-03) 37 | 38 | * Fixed compatibility errors with Terraform 0.11 39 | 40 | terraform-aws-github-ci-0.2.0 (2017-12-02) 41 | 42 | * Added support for external CodeBuild project configuration 43 | * Fixed GitHub webhook being set repeatedly due to OAuth token 44 | * Restructured project into submodules 45 | 46 | terraform-aws-github-ci-0.1.1 (2017-11-15) 47 | 48 | * Fixed missing distribution files 49 | * Fixed invalid source location for initial status badge 50 | 51 | terraform-aws-github-ci-0.1.0 (2017-11-15) 52 | 53 | * Initial release 54 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Contributor Covenant Code of Conduct 2 | 3 | ## Our pledge 4 | 5 | In the interest of fostering an open and welcoming environment, we as 6 | contributors and maintainers pledge to making participation in our project and 7 | our community a harassment-free experience for everyone, regardless of age, body 8 | size, disability, ethnicity, gender identity and expression, level of 9 | experience, nationality, personal appearance, race, religion, or sexual 10 | identity and orientation. 11 | 12 | ## Our standards 13 | 14 | Examples of behavior that contributes to creating a positive environment 15 | include: 16 | 17 | * Using welcoming and inclusive language 18 | * Being respectful of differing viewpoints and experiences 19 | * Gracefully accepting constructive criticism 20 | * Focusing on what is best for the community 21 | * Showing empathy towards other community members 22 | 23 | Examples of unacceptable behavior by participants include: 24 | 25 | * The use of sexualized language or imagery and unwelcome sexual attention or 26 | advances 27 | * Trolling, insulting/derogatory comments, and personal or political attacks 28 | * Public or private harassment 29 | * Publishing others' private information, such as a physical or electronic 30 | address, without explicit permission 31 | * Other conduct which could reasonably be considered inappropriate in a 32 | professional setting 33 | 34 | ## Our responsibilities 35 | 36 | Project maintainers are responsible for clarifying the standards of acceptable 37 | behavior and are expected to take appropriate and fair corrective action in 38 | response to any instances of unacceptable behavior. 39 | 40 | Project maintainers have the right and responsibility to remove, edit, or reject 41 | comments, commits, code, wiki edits, issues, and other contributions that are 42 | not aligned to this Code of Conduct, or to ban temporarily or permanently any 43 | contributor for other behaviors that they deem inappropriate, threatening, 44 | offensive, or harmful. 45 | 46 | ## Scope 47 | 48 | This Code of Conduct applies both within project spaces and in public spaces 49 | when an individual is representing the project or its community. Examples of 50 | representing a project or community include using an official project e-mail 51 | address, posting via an official social media account, or acting as an 52 | appointed representative at an online or offline event. Representation of a 53 | project may be further defined and clarified by project maintainers. 54 | 55 | ## Enforcement 56 | 57 | Instances of abusive, harassing, or otherwise unacceptable behavior may be 58 | reported by contacting the project team at 59 | https://gitter.im/squidfunk/terraform-aws-github-ci. The project team will 60 | review and investigate all complaints, and will respond in a way that it deems 61 | appropriate to the circumstances. The project team is obligated to maintain 62 | confidentiality with regard to the reporter of an incident. Further details of 63 | specific enforcement policies may be posted separately. 64 | 65 | Project maintainers who do not follow or enforce the Code of Conduct in good 66 | faith may face temporary or permanent repercussions as determined by other 67 | members of the project's leadership. 68 | 69 | ## Attribution 70 | 71 | This Code of Conduct is adapted from the [Contributor Covenant][1], version 1.4, 72 | available at [http://contributor-covenant.org/version/1/4][2] 73 | 74 | [1]: http://contributor-covenant.org 75 | [2]: http://contributor-covenant.org/version/1/4/ 76 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing 2 | 3 | Interested in contributing to this project? Want to report a bug? Before you do, 4 | please read the following guidelines. 5 | 6 | ## Submission context 7 | 8 | ### Got a question or problem? 9 | 10 | For quick questions there's no need to open an issue as you can reach us on 11 | [gitter.im][1]. 12 | 13 | [1]: https://gitter.im/squidfunk/terraform-aws-github-ci 14 | 15 | ### Found a bug? 16 | 17 | If you found a bug, you can help us by submitting an issue to the 18 | [issue tracker][2] in our GitHub repository. Even better, you can submit 19 | a pull request with a fix. However, before doing so, please read the 20 | [submission guidelines][3]. 21 | 22 | [2]: https://github.com/squidfunk/terraform-aws-github-ci/issues 23 | [3]: #submission-guidelines 24 | 25 | ### Missing a feature? 26 | 27 | You can request a new feature by submitting an issue to our GitHub Repository. 28 | If you would like to implement a new feature, please submit an issue with a 29 | proposal for your work first, to be sure that it is of use for everyone. 30 | Please consider what kind of change it is: 31 | 32 | * For a **major feature**, first open an issue and outline your proposal so 33 | that it can be discussed. This will also allow us to better coordinate our 34 | efforts, prevent duplication of work and help you to craft the change so 35 | that it is successfully accepted into the project. 36 | 37 | * **Small features and bugs** can be crafted and directly submitted as a pull 38 | request (PR). However, there is no guarantee that your feature will make it 39 | into the master, as it's always a matter of opinion whether if benefits the 40 | overall functionality of this project. 41 | 42 | ## Submission guidelines 43 | 44 | ### Submitting an issue 45 | 46 | Before you submit an issue, please search the issue tracker. Maybe the problem 47 | you are encountering is already known and the discussion might inform you of 48 | workarounds readily available. 49 | 50 | We want to address all the issues as soon as possible, but before fixing a bug 51 | we first need to reproduce and confirm it. In order to reproduce bugs we will 52 | systematically ask you to provide a minimal reproduction scenario using the 53 | custom issue template. Please stick to the issue template. 54 | 55 | Unfortunately we are not able to investigate / fix bugs without a minimal 56 | reproduction scenario, so if we don't hear back from you we may close the issue. 57 | 58 | ### Submitting a pull request 59 | 60 | Search GitHub for an open or closed PR that relates to your submission. You 61 | don't want to duplicate effort. If you do not find a related issue or PR, 62 | go ahead. 63 | 64 | 1. Fork the project, make your changes in a separate git branch and add 65 | descriptive messages to your commits. 66 | 67 | 2. Push your branch to GitHub and send a PR to `terraform-aws-github-ci:master`. 68 | If we suggest changes, rebase your branch and push the changes to your 69 | GitHub repository, which will automatically update your PR. 70 | 71 | After your PR is merged, you can safely delete your branch and pull the changes 72 | from the main (upstream) repository. 73 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2017-2018 Martin Donath 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy 4 | of this software and associated documentation files (the "Software"), to 5 | deal in the Software without restriction, including without limitation the 6 | rights to use, copy, modify, merge, publish, distribute, sublicense, and/or 7 | sell copies of the Software, and to permit persons to whom the Software is 8 | furnished to do so, subject to the following conditions: 9 | 10 | The above copyright notice and this permission notice shall be included in 11 | all copies or substantial portions of the Software. 12 | 13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE 16 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 18 | FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS 19 | IN THE SOFTWARE. 20 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ![Status][status-image] 2 | 3 | [status-image]: https://img.shields.io/badge/status-deprecated-red.svg 4 | 5 | # Terraform AWS GitHub CI 6 | 7 | > This project has been deprecated, as AWS CodeBuild now natively supports 8 | > automatic builds on new commits and reports status back to GitHub. However, 9 | > it may serve as a template for anyone trying to get AWS CodeBuild working. 10 | 11 | A Terraform module to setup a serverless GitHub CI build environment with pull 12 | request and build status support using AWS CodeBuild. 13 | 14 | ## Usage 15 | 16 | You need an AWS and GitHub account and a repository you want to be built. The 17 | repository must specify a `buildspec.yml` which is documented [here][2]. First, 18 | you need to go to the [CodeBuild][3] dashboard in your region, manually create 19 | a new project and choose GitHub as the **Source provider**, allowing AWS to 20 | authorize your account. Next, [set up your AWS credentials][4] and 21 | [install Terraform][5] if you haven't got it available already. 22 | 23 | [2]: http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.htm 24 | [3]: https://console.aws.amazon.com/codebuild/home 25 | [4]: http://docs.aws.amazon.com/de_de/cli/latest/userguide/cli-chap-getting-started.html 26 | [5]: https://www.terraform.io/downloads.html 27 | 28 | Next, add the following module to your Terraform configuration and apply it: 29 | 30 | ``` hcl 31 | module "github_ci" { 32 | source = "github.com/squidfunk/terraform-aws-github-ci" 33 | version = "1.0.0" 34 | 35 | namespace = "" 36 | github_owner = "" 37 | github_repository = "" 38 | github_oauth_token = "" 39 | } 40 | ``` 41 | 42 | All resources are prefixed with the value specified as `namespace`. If the S3 43 | bucket name (see below) is not explicitly set, it's set to the given `namespace` 44 | which means there must not already exist an S3 bucket with the same name. This 45 | is a common source of error. 46 | 47 | Now, when you push to `master`, or create a pull request, CodeBuild will 48 | automatically build the commit and report the status back to GitHub. A status 49 | badge can be added to your project's README using the `codebuild_badge_url` and 50 | `codebuild_url` outputs printed to the terminal. 51 | 52 | **Note**: the OAuth-token is currently mandatory (also for public repositories), 53 | because Terraform doesn't support conditional blocks inside resources. However, 54 | this feature is currently [being implemented][6] and should be released shortly. 55 | If you want to omit it, create your own CodeBuild project [see below][7]. 56 | 57 | [6]: https://github.com/hashicorp/terraform/issues/7034 58 | 59 | ## Configuration 60 | 61 | The following variables can be configured: 62 | 63 | ### Required 64 | 65 | #### `namespace` 66 | 67 | - **Description**: AWS resource namespace/prefix (lowercase alphanumeric) 68 | - **Default**: `none` 69 | 70 | #### `github_owner` 71 | 72 | - **Description**: GitHub repository owner 73 | - **Default**: `none` 74 | 75 | #### `github_repository` 76 | 77 | - **Description**: GitHub repository name 78 | - **Default**: `none` 79 | 80 | #### `github_oauth_token` 81 | 82 | - **Description**: GitHub OAuth token for repository access 83 | - **Default**: `none` 84 | 85 | ### Optional 86 | 87 | #### `codebuild_compute_type` 88 | 89 | - **Description**: Compute resources used by the build 90 | - **Default**: `"BUILD_GENERAL1_SMALL"` 91 | 92 | #### `codebuild_image` 93 | 94 | - **Description**: Base image for provisioning (AWS Registry, Docker) 95 | - **Default**: `"aws/codebuild/ubuntu-base:14.04"` 96 | 97 | #### `codebuild_buildspec` 98 | 99 | - **Description**: Build specification file location ([file format][2]) 100 | - **Default**: `"buildspec.yml"` (at repository root) 101 | 102 | #### `codebuild_privileged_mode` 103 | 104 | - **Description**: If set to true, enables running the Docker daemon inside a 105 | Docker container. 106 | - **Default**: `false` 107 | 108 | #### `codebuild_bucket` 109 | 110 | - **Description**: S3 bucket to store status badge and artifacts 111 | - **Default**: `"${var.namespace}"` (equal to namespace) 112 | 113 | #### `codebuild_environment_variables` 114 | 115 | - **Description**: CodeBuild environment variables 116 | - **Default**: [] 117 | 118 | #### `codebuild_badge_enabled` 119 | 120 | - **Description**: Generates a publicly-accessible URL for the projects build 121 | badge 122 | - **Default**: `true` 123 | 124 | ### Outputs 125 | 126 | The following outputs are exported: 127 | 128 | #### `codebuild_service_role_name` 129 | 130 | - **Description**: CodeBuild service role name 131 | 132 | #### `codebuild_service_role_arn` 133 | 134 | - **Description**: CodeBuild service role ARN 135 | 136 | #### `codebuild_bucket` 137 | 138 | - **Description**: CodeBuild artifacts bucket name 139 | 140 | #### `codebuild_badge_url` 141 | 142 | - **Description**: CodeBuild status badge URL 143 | 144 | #### `codebuild_url` 145 | 146 | - **Description**: CodeBuild project URL 147 | 148 | ## Limitations 149 | 150 | This module first integrated with AWS CodePipeline but switched to CodeBuild, 151 | because the former is heavily opinionated in terms of configuration and much, 152 | much slower. For this reason, the deployment of your build artifacts must be 153 | handled by another module which can be triggered when the build artifacts are 154 | written to S3, most likely by [using a Lambda function][8]. 155 | 156 | [8]: http://docs.aws.amazon.com/lambda/latest/dg/with-s3-example.html 157 | 158 | ## License 159 | 160 | **MIT License** 161 | 162 | Copyright (c) 2017-2018 Martin Donath 163 | 164 | Permission is hereby granted, free of charge, to any person obtaining a copy 165 | of this software and associated documentation files (the "Software"), to 166 | deal in the Software without restriction, including without limitation the 167 | rights to use, copy, modify, merge, publish, distribute, sublicense, and/or 168 | sell copies of the Software, and to permit persons to whom the Software is 169 | furnished to do so, subject to the following conditions: 170 | 171 | The above copyright notice and this permission notice shall be included in 172 | all copies or substantial portions of the Software. 173 | 174 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 175 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 176 | FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE 177 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 178 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 179 | FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS 180 | IN THE SOFTWARE. 181 | -------------------------------------------------------------------------------- /iam/policies/assume-role/codebuild.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": { 4 | "Effect": "Allow", 5 | "Action": "sts:AssumeRole", 6 | "Principal": { 7 | "Service": "codebuild.amazonaws.com" 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /iam/policies/codebuild.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "logs:CreateLogGroup", 8 | "logs:CreateLogStream", 9 | "logs:PutLogEvents" 10 | ], 11 | "Resource": "arn:aws:logs:*:*:*" 12 | }, 13 | { 14 | "Effect": "Allow", 15 | "Action": [ 16 | "s3:GetBucketVersioning", 17 | "s3:GetObject", 18 | "s3:GetObjectVersion", 19 | "s3:PutObject" 20 | ], 21 | "Resource": [ 22 | "arn:aws:s3:::${bucket}/*", 23 | "arn:aws:s3:::${bucket}" 24 | ] 25 | } 26 | ] 27 | } 28 | -------------------------------------------------------------------------------- /main.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017-2018 Martin Donath 2 | 3 | # Permission is hereby granted, free of charge, to any person obtaining a copy 4 | # of this software and associated documentation files (the "Software"), to 5 | # deal in the Software without restriction, including without limitation the 6 | # rights to use, copy, modify, merge, publish, distribute, sublicense, and/or 7 | # sell copies of the Software, and to permit persons to whom the Software is 8 | # furnished to do so, subject to the following conditions: 9 | 10 | # The above copyright notice and this permission notice shall be included in 11 | # all copies or substantial portions of the Software. 12 | 13 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | # FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE 16 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 18 | # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS 19 | # IN THE SOFTWARE. 20 | 21 | # ----------------------------------------------------------------------------- 22 | # Data: General 23 | # ----------------------------------------------------------------------------- 24 | 25 | # data.aws_region._ 26 | data "aws_region" "_" {} 27 | 28 | # ----------------------------------------------------------------------------- 29 | # Data: GitHub 30 | # ----------------------------------------------------------------------------- 31 | 32 | # data.template_file.codebuild_source_location.rendered 33 | data "template_file" "codebuild_source_location" { 34 | template = "https://github.com/$${owner}/$${repository}.git" 35 | 36 | vars { 37 | owner = "${var.github_owner}" 38 | repository = "${var.github_repository}" 39 | } 40 | } 41 | 42 | # ----------------------------------------------------------------------------- 43 | # Data: IAM 44 | # ----------------------------------------------------------------------------- 45 | 46 | # data.template_file.codebuild_iam_policy.rendered 47 | data "template_file" "codebuild_iam_policy" { 48 | template = "${file("${path.module}/iam/policies/codebuild.json")}" 49 | 50 | vars { 51 | bucket = "${aws_s3_bucket._.bucket}" 52 | } 53 | } 54 | 55 | # ----------------------------------------------------------------------------- 56 | # Resources: IAM 57 | # ----------------------------------------------------------------------------- 58 | 59 | # aws_iam_role.codebuild 60 | resource "aws_iam_role" "codebuild" { 61 | name = "${var.namespace}-codebuild" 62 | path = "/${var.namespace}/codebuild/" 63 | 64 | assume_role_policy = "${ 65 | file("${path.module}/iam/policies/assume-role/codebuild.json") 66 | }" 67 | } 68 | 69 | # aws_iam_policy.codebuild 70 | resource "aws_iam_policy" "codebuild" { 71 | name = "${var.namespace}-codebuild" 72 | path = "/${var.namespace}/codebuild/" 73 | 74 | policy = "${data.template_file.codebuild_iam_policy.rendered}" 75 | } 76 | 77 | # aws_iam_policy_attachment.codebuild 78 | resource "aws_iam_policy_attachment" "codebuild" { 79 | name = "${var.namespace}-codebuild" 80 | 81 | policy_arn = "${aws_iam_policy.codebuild.arn}" 82 | roles = ["${aws_iam_role.codebuild.name}"] 83 | } 84 | 85 | # ----------------------------------------------------------------------------- 86 | # Resources: S3 87 | # ----------------------------------------------------------------------------- 88 | 89 | # aws_s3_bucket._ 90 | resource "aws_s3_bucket" "_" { 91 | bucket = "${coalesce(var.codebuild_bucket, var.namespace)}" 92 | acl = "private" 93 | } 94 | 95 | # ----------------------------------------------------------------------------- 96 | # Resources: CodeBuild 97 | # ----------------------------------------------------------------------------- 98 | 99 | # aws_codebuild_project._ 100 | resource "aws_codebuild_project" "_" { 101 | name = "${var.github_repository}" 102 | 103 | build_timeout = "5" 104 | service_role = "${aws_iam_role.codebuild.arn}" 105 | badge_enabled = "${var.codebuild_badge_enabled}" 106 | 107 | source { 108 | type = "GITHUB" 109 | location = "${data.template_file.codebuild_source_location.rendered}" 110 | buildspec = "${var.codebuild_buildspec}" 111 | 112 | auth { 113 | type = "OAUTH" 114 | resource = "${var.github_oauth_token}" 115 | } 116 | } 117 | 118 | environment { 119 | compute_type = "${var.codebuild_compute_type}" 120 | type = "LINUX_CONTAINER" 121 | image = "${var.codebuild_image}" 122 | privileged_mode = "${var.codebuild_privileged_mode}" 123 | environment_variable = "${var.codebuild_environment_variables}" 124 | } 125 | 126 | artifacts { 127 | type = "S3" 128 | location = "${aws_s3_bucket._.bucket}" 129 | name = "${var.github_repository}" 130 | namespace_type = "BUILD_ID" 131 | packaging = "ZIP" 132 | } 133 | } 134 | 135 | # aws_codebuild_webhook._ 136 | resource "aws_codebuild_webhook" "_" { 137 | project_name = "${aws_codebuild_project._.name}" 138 | } 139 | -------------------------------------------------------------------------------- /outputs.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017-2018 Martin Donath 2 | 3 | # Permission is hereby granted, free of charge, to any person obtaining a copy 4 | # of this software and associated documentation files (the "Software"), to 5 | # deal in the Software without restriction, including without limitation the 6 | # rights to use, copy, modify, merge, publish, distribute, sublicense, and/or 7 | # sell copies of the Software, and to permit persons to whom the Software is 8 | # furnished to do so, subject to the following conditions: 9 | 10 | # The above copyright notice and this permission notice shall be included in 11 | # all copies or substantial portions of the Software. 12 | 13 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | # FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE 16 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 18 | # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS 19 | # IN THE SOFTWARE. 20 | 21 | # ----------------------------------------------------------------------------- 22 | # Outputs 23 | # ----------------------------------------------------------------------------- 24 | 25 | # output.codebuild_service_role_name 26 | output "codebuild_service_role_name" { 27 | value = "${aws_iam_role.codebuild.name}" 28 | } 29 | 30 | # output.codebuild_service_role_arn 31 | output "codebuild_service_role_arn" { 32 | value = "${aws_iam_role.codebuild.arn}" 33 | } 34 | 35 | # output.codebuild_bucket 36 | output "codebuild_bucket" { 37 | value = "${aws_s3_bucket._.bucket}" 38 | } 39 | 40 | # output.codebuild_badge_url 41 | output "codebuild_badge_url" { 42 | value = "${ 43 | var.codebuild_badge_enabled == "true" 44 | ? aws_codebuild_project._.*.badge_url[0] 45 | : "" 46 | }" 47 | } 48 | 49 | # output.codebuild_url 50 | output "codebuild_url" { 51 | value = "https://console.aws.amazon.com/codebuild/home?region=${ 52 | data.aws_region._.name 53 | }#/projects/${ 54 | var.github_repository 55 | }/view" 56 | } 57 | -------------------------------------------------------------------------------- /variables.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2017-2018 Martin Donath 2 | 3 | # Permission is hereby granted, free of charge, to any person obtaining a copy 4 | # of this software and associated documentation files (the "Software"), to 5 | # deal in the Software without restriction, including without limitation the 6 | # rights to use, copy, modify, merge, publish, distribute, sublicense, and/or 7 | # sell copies of the Software, and to permit persons to whom the Software is 8 | # furnished to do so, subject to the following conditions: 9 | 10 | # The above copyright notice and this permission notice shall be included in 11 | # all copies or substantial portions of the Software. 12 | 13 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | # FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE 16 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 18 | # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS 19 | # IN THE SOFTWARE. 20 | 21 | # ----------------------------------------------------------------------------- 22 | # Variables: General 23 | # ----------------------------------------------------------------------------- 24 | 25 | # var.namespace 26 | variable "namespace" { 27 | description = "AWS resource namespace/prefix" 28 | } 29 | 30 | # ----------------------------------------------------------------------------- 31 | # Variables: GitHub 32 | # ----------------------------------------------------------------------------- 33 | 34 | # var.github_owner 35 | variable "github_owner" { 36 | description = "GitHub repository owner" 37 | } 38 | 39 | # var.github_repository 40 | variable "github_repository" { 41 | description = "GitHub repository name" 42 | } 43 | 44 | # var.github_oauth_token 45 | variable "github_oauth_token" { 46 | description = "GitHub OAuth token for repository access" 47 | } 48 | 49 | # ----------------------------------------------------------------------------- 50 | # Variables: CodeBuild 51 | # ----------------------------------------------------------------------------- 52 | 53 | # var.codebuild_compute_type 54 | variable "codebuild_compute_type" { 55 | description = "Compute resources used by the build" 56 | default = "BUILD_GENERAL1_SMALL" 57 | } 58 | 59 | # var.codebuild_image 60 | variable "codebuild_image" { 61 | description = "Base image for provisioning" 62 | default = "aws/codebuild/ubuntu-base:14.04" 63 | } 64 | 65 | # var.codebuild_buildspec 66 | variable "codebuild_buildspec" { 67 | description = "Build specification file location" 68 | default = "" 69 | } 70 | 71 | # var.codebuild_privileged_mode 72 | variable "codebuild_privileged_mode" { 73 | description = "Enables running the Docker daemon inside a Docker container" 74 | default = "false" 75 | } 76 | 77 | # var.codebuild_bucket 78 | variable "codebuild_bucket" { 79 | description = "S3 bucket to store status badge and artifacts" 80 | default = "" 81 | } 82 | 83 | # var.codebuild_environment_variables 84 | variable "codebuild_environment_variables" { 85 | description = "Environment variables to be used for build" 86 | default = [] 87 | type = "list" 88 | } 89 | 90 | # var.codebuild_badge_enabled 91 | variable "codebuild_badge_enabled" { 92 | description = "Generates a publicly-accessible URL for the projects build badge" 93 | default = "true" 94 | } 95 | --------------------------------------------------------------------------------