14

If using a Github repository as a source in a CodeBuild project, the Branch Filter option allows to run builds only for branches, whose name is matching a certain regular expression.

  1. AWS Management Console

In the AWS Management Console you can configure the branch filter upon creating or editing a CodeBuild project:

AWS console

  1. AWS CLI

For awscli exists an option --update-webhook (documented here)

    $ aws codebuild update-webhook --project-name myproject --branch-filter ^master$
  1. CloudFormation

In CodeBuild cloudformation template exists an option Triggers > Webhook (documented here), but this option is just a boolean for simple enabling/disabling the github webhook.

Resources:
    MyCodeBuildProject:
    Type: AWS::CodeBuild::Project
    Properties:
        Name: myproject
        ...
        Triggers:
            Webhook: true

So my question is, how to directly define a branch filter in a cloudformation template, without subsequently having to execute an awscli command or use the AWS Management Console?

dron22
  • 1,235
  • 10
  • 20

3 Answers3

1

You can try using AWS CodePipeline

        Stages:
            -
                Name: "Source"
                Actions:
                    -
                        Name: "Checkout"
                        ActionTypeId:
                            Category: "Source"
                            Owner: "ThirdParty"
                            Provider: "GitHub"
                            Version: "1"
                        Configuration:
                            Owner: !Ref "UsernameOrOrg"
                            Repo: !Ref "ProjectName"
                            Branch: "master"
                            OAuthToken: !Ref "GitHubOAuthToken"
                        OutputArtifacts:
                            -
                                Name: "checkout"
            -
                Name: "Build"
                Actions:
                    -
                        Name: "Build"
                        ActionTypeId:
                            Category: "Build"
                            Owner: "AWS"
                            Provider: "CodeBuild"
                            Version: "1"
                        Configuration:
                            ProjectName: !Ref "BuildProject"
                        InputArtifacts:
                            -
                                Name: "checkout"

Then you just need to define your CodeBuild project with CodePipeline integration:

BuildProject:
    Type: "AWS::CodeBuild::Project"
    Properties:
       ... 
        Artifacts:
            Type: "CODEPIPELINE"
        Source:
            Type: "CODEPIPELINE"
Lakhan Kriplani
  • 464
  • 3
  • 9
Rafał Wrzeszcz
  • 1,996
  • 4
  • 23
  • 45
  • I cannot find in the code pipeline documentation what is the OAuthtoken to be passed to the template. Where do I get this value ? – Jopela Jul 18 '18 at 20:59
  • 1
    That was propably one of the most trickiest AWS documentation pages I even had to look for, when I was strugling with this on my own ;) https://docs.aws.amazon.com/codepipeline/latest/userguide/reference-pipeline-structure.html#action-requirements – Rafał Wrzeszcz Jul 19 '18 at 17:58
  • you need to create a token from https://github.com/settings/tokens and then click on generate token. You need to select the scope admin:repo_hook. – Jopela Jul 22 '18 at 22:59
1

Here is a minimal example using triggers and webhook filters, filter group pattern can also be something like ^refs/heads/.*:

AWSTemplateFormatVersion: "2010-09-09"
Description: "CodeBuild project and IAM role"
Parameters:
  Image:
    Type: String
    Description: "Name of the docker image."
    Default: "my-image"
Resources:
  CodeBuildRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          Effect: Allow
          Principal:
            Service: codebuild.amazonaws.com
          Action: sts:AssumeRole
      Policies:
        - PolicyName: "CodeBuild-Service-Policy"
          PolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Effect: "Allow"
                Action:
                  - "ecr:BatchCheckLayerAvailability"
                  - "ecr:CompleteLayerUpload"
                  - "ecr:DescribeImages"
                  - "ecr:GetAuthorizationToken"
                  - "ecr:InitiateLayerUpload"
                  - "ecr:ListImages"
                  - "ecr:PutImage"
                  - "ecr:UploadLayerPart"
                  - "logs:*"
                Resource: "*"
  CodeBuildProject:
    Type: AWS::CodeBuild::Project
    Properties:
      Artifacts:
        Type: NO_ARTIFACTS
      Environment:
        ComputeType: "BUILD_GENERAL1_SMALL"
        Image: "aws/codebuild/docker:18.09.0"
        Type: LINUX_CONTAINER
      ServiceRole: !GetAtt CodeBuildRole.Arn
      Source:
        Type: GITHUB
        Location: "https://github.com/ORG/REPO.git"
        BuildSpec: "codebuild/create_docker_image.yml"
      Triggers:
        Webhook: true
        FilterGroups:
          - - Type: EVENT
              Pattern: PUSH
            - Type: HEAD_REF
              Pattern: master

See also: https://docs.amazonaws.cn/en_us/codebuild/latest/userguide/sample-bitbucket-pull-request.html#sample-bitbucket-pull-request-filter-webhook-events-cfn

ivansabik
  • 585
  • 4
  • 13
  • I'm getting Failed to call CreateWebhook, reason: Could not find access token for server type github. How can the access token be referenced in CodeBuild? – Ken J Mar 01 '19 at 15:35
  • I set that up from the UI once, and was not required on my CF template but I see what you mean. There must be a way of doing that, but for me it was via AWS console > CodeBuild and manually authorized Github account there – ivansabik Mar 05 '19 at 21:48
1

Set source version in your template and branch will be selected automatically by cloud formation

Docs: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-codebuild-project.html#cfn-codebuild-project-sourceversion

"main" is the name of my branch, so

SourceVersion: refs/heads/main

enter image description here

enter image description here

Lukas Liesis
  • 24,652
  • 10
  • 111
  • 109