我正在尝试使用 AWS CodePipeline、CodeBuild 和 CodeCommit 进行端到端自动化部署,但如果我尝试使用以下方式进行完整克隆,
source
阶段就会随之下降:OutputArtifactFormat = "CODEBUILD_CLONE_REF"
:
repository not found for primary source and source version xxxxx
默认的
CODE_ZIP
工作得很好。
我已经向 CodeBuild 服务角色添加
codecommit:GitPull
权限,向 CodePipeline 服务角色添加 codecommit:GetRepository
权限。
以下是相关部分代码:
// CodeBuild Project
resource "aws_codebuild_project" "this" {
name = var.app_name
service_role = aws_iam_role.codebuild.arn
concurrent_build_limit = 1
environment {
compute_type = "BUILD_GENERAL1_SMALL"
image = var.build_image
image_pull_credentials_type = "SERVICE_ROLE"
privileged_mode = false
type = "ARM_CONTAINER"
}
artifacts {
type = "CODEPIPELINE"
}
source {
type = "CODEPIPELINE"
#location = var.code_commit_https_url
buildspec = file("${path.module}/buildspec.yaml")
}
}
// CodePipeline
resource "aws_codepipeline" "this" {
name = var.app_name
role_arn = aws_iam_role.codepipeline.arn
artifact_store {
location = regex("[^:]+$", var.s3_bucket_arn)
type = "S3"
encryption_key {
id = var.pipeline_key_arn
type = "KMS"
}
}
stage {
name = "Source"
action {
category = "Source"
name = "Source"
output_artifacts = ["SOURCE_ARTIFACT"]
owner = "AWS"
provider = "CodeCommit"
role_arn = var.assume_role_arn
run_order = 1
version = "1"
configuration = {
RepositoryName = var.git_repo_source
BranchName = var.git_repo_branch
PollForSourceChanges = false
OutputArtifactFormat = "CODEBUILD_CLONE_REF"
#OutputArtifactFormat = "CODE_ZIP"
}
}
}
stage {
name = "TerraformValidate"
action { .... }
}
....
}
这个 AWS 示例 似乎与我在 TF 中所做的事情匹配,但仍然失败。我错过了什么或做错了什么?
您当前的配置使得 CodePipeline 已经从 CodeCommit 提取源,但随后 CodeBuild 也尝试从 CodeCommit 提取源。由于您使用的是 CodePipeline,因此您不想配置 CodeBuild 来提取任何源。 CodeBuild 中的这种功能仅适用于不属于较大管道的独立构建。
进行以下更改:
OutputArtifactFormat
。source
块更改为 type = "NO_SOURCE"
。action
块内,添加 input_artifacts = ["SOURCE_ARTIFACT"]
。这告诉 CodePipeline 从“Source”阶段(即来自 Git 存储库的源代码)获取 output_artifact,并将其传递到“TerraformValidate”阶段。