-
Notifications
You must be signed in to change notification settings - Fork 22
/
Copy pathtemplate.yml
206 lines (197 loc) · 7.01 KB
/
template.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: >
This serverless app creates publicly accessible links to PR build logs for a given AWS CodeBuild project and posts them as a comment
on the corresponding GitHub PR.
Metadata:
AWS::ServerlessRepo::Application:
Name: github-codebuild-logs
Description: >
This serverless app creates publicly accessible links to PR build logs for a given AWS CodeBuild project and posts them as a comment
on the corresponding GitHub PR.
Author: James Hood
# SPDX License Id, e.g., MIT, MIT-0, Apache-2.0. See https://spdx.org/licenses for more details
SpdxLicenseId: MIT
# paths are relative to .aws-sam/build directory
LicenseUrl: LICENSE
ReadmeUrl: README.md
Labels: [github, pr, ci, codebuild, logs]
HomePageUrl: https://github.com/jlhood/github-codebuild-logs
# Update the semantic version and run sam publish to publish a new version of your app
SemanticVersion: 1.6.0
# best practice is to use git tags for each release and link to the version tag as your source code URL
SourceCodeUrl: https://github.com/jlhood/github-codebuild-logs/tree/1.6.0
Parameters:
CodeBuildProjectName:
Type: String
Description: Name of CodeBuild project this app is posting logs for.
ExpirationInDays:
Type: Number
Description: Number of days before a build's log page expires.
MinValue: 1
Default: 30
CodeBuildProjectCustomLogGroupName:
Type: String
Default: ""
Description: If the CodeBuild Project has a custom log group name, you can specify it here. If not provided, the app will assume the CodeBuild default log group name format of /aws/codebuild/<project name>.
GitHubOAuthToken:
Type: String
Default: ""
Description: OAuth token used for writing comments to GitHub PRs. If not provided, the app will attempt to pull an OAuth token from the CodeBuild project.
NoEcho: true
LogLevel:
Type: String
Description: Log level for Lambda function logging, e.g., ERROR, INFO, DEBUG, etc
Default: INFO
DeletePreviousComments:
Type: String
AllowedValues:
- "true"
- "false"
Default: "false"
Description: Set to "true" to delete previously posted PR comments before posting a new one.
CommentOnSuccess:
Type: String
AllowedValues:
- "true"
- "false"
Default: "true"
Description: Set to "false" to not publish a comment when build is successful.
BuildEventTimeout:
Type: Number
MinValue: 1
MaxValue: 900
Default: 60
Description: Timeout for Process Build Event Lambda.
Conditions:
UseDefaultProjectLogGroupName:
!Equals [!Ref CodeBuildProjectCustomLogGroupName, '']
GitHubOAuthTokenProvided:
!Not [!Equals [!Ref GitHubOAuthToken, '']]
Resources:
ProcessBuildEvents:
Type: AWS::Serverless::Function
Properties:
CodeUri: src/
Handler: processbuildevents.handler
Runtime: python3.12
Tracing: Active
Timeout: !Ref BuildEventTimeout
Policies:
- S3CrudPolicy:
BucketName: !Ref BuildLogs
- Statement:
Effect: Allow
Action:
- codebuild:BatchGetBuilds
- codebuild:BatchGetProjects
Resource: !Sub arn:${AWS::Partition}:codebuild:${AWS::Region}:${AWS::AccountId}:project/${CodeBuildProjectName}
- Statement:
Effect: Allow
Action:
- logs:FilterLogEvents
Resource: !Sub
- arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:${logGroupName}:log-stream:*
- logGroupName: !If
- UseDefaultProjectLogGroupName
- !Sub /aws/codebuild/${CodeBuildProjectName}
- !Ref CodeBuildProjectCustomLogGroupName
- !If
- GitHubOAuthTokenProvided
- AWSSecretsManagerGetSecretValuePolicy:
SecretArn: !Ref GitHubOAuthTokenSecret
- !Ref AWS::NoValue
Environment:
Variables:
LOG_LEVEL: !Ref LogLevel
BUILD_LOGS_BUCKET_NAME: !Ref BuildLogs
CODEBUILD_PROJECT_NAME: !Ref CodeBuildProjectName
EXPIRATION_IN_DAYS: !Ref ExpirationInDays
BUILD_LOGS_API_ENDPOINT: !Sub "https://${BuildLogsApi}.execute-api.${AWS::Region}.amazonaws.com/Prod/buildlogs"
GITHUB_OAUTH_TOKEN_SECRET_ARN: !If
- GitHubOAuthTokenProvided
- !Ref GitHubOAuthTokenSecret
- ''
DELETE_PREVIOUS_COMMENTS: !Ref DeletePreviousComments
COMMENT_ON_SUCCESS: !Ref CommentOnSuccess
Events:
BuildStatus:
Type: CloudWatchEvent
Properties:
Pattern:
source:
- aws.codebuild
'detail-type':
- CodeBuild Build State Change
detail:
'project-name':
- !Ref CodeBuildProjectName
'build-status':
- SUCCEEDED
- FAILED
GitHubOAuthTokenSecret:
Condition: GitHubOAuthTokenProvided
Type: AWS::SecretsManager::Secret
DeletionPolicy: Delete
UpdateReplacePolicy: Retain
Properties:
Name: !Sub /github-codebuild-logs/${AWS::StackName}/GitHubOAuthToken
SecretString: !Ref GitHubOAuthToken
GetBuildLogs:
Type: AWS::Serverless::Function
Properties:
CodeUri: src/
Handler: getbuildlogs.handler
Runtime: python3.12
Tracing: Active
Timeout: 20
Policies:
- S3ReadPolicy:
BucketName: !Ref BuildLogs
Environment:
Variables:
LOG_LEVEL: !Ref LogLevel
BUILD_LOGS_BUCKET_NAME: !Ref BuildLogs
CODEBUILD_PROJECT_NAME: !Ref CodeBuildProjectName
EXPIRATION_IN_DAYS: !Ref ExpirationInDays
Events:
Api:
Type: Api
Properties:
RestApiId: !Ref BuildLogsApi
Path: /buildlogs
Method: get
BuildLogsApi:
Type: AWS::Serverless::Api
DeletionPolicy: Retain
UpdateReplacePolicy: Retain
Properties:
StageName: Prod
MethodSettings:
# This is a publicly accessible endpoint so don't let someone rack up costs by calling our endpoint over and over again.
- ThrottlingRateLimit: 1
ThrottlingBurstLimit: 2
ResourcePath: '/*'
HttpMethod: '*'
BuildLogs:
Type: AWS::S3::Bucket
DeletionPolicy: Retain
UpdateReplacePolicy: Retain
Properties:
LifecycleConfiguration:
Rules:
- ExpirationInDays: !Ref ExpirationInDays
Status: Enabled
Outputs:
ProcessBuildEventsFunctionName:
Description: "ProcessBuildEvents Lambda Function Name"
Value: !Ref ProcessBuildEvents
ProcessBuildEventsFunctionArn:
Description: "ProcessBuildEvents Lambda Function ARN"
Value: !GetAtt ProcessBuildEvents.Arn
BuildLogsBucketName:
Description: "Build logs S3 bucket name"
Value: !Ref BuildLogs
BuildLogsBucketArn:
Description: "Build logs S3 bucket ARN"
Value: !GetAtt BuildLogs.Arn