Connect AWS CodeDeploy to Github without using my Github user?

2
votes

AWS documentation describes how you authenticate to Github using your browser, and that you're currently logged into Github as a valid user with permission to the repository you want to deploy from:

http://docs.aws.amazon.com/codedeploy/latest/userguide/github-integ.html#github-integ-behaviors-auth

Is there any way to setup CodeDeploy without linking my user and having a browser? I'd love to do this using webhooks on each repository and AWS API calls, but I'll make a Github 'service user' if I have to.

More examples: http://blogs.aws.amazon.com/application-management/post/Tx33XKAKURCCW83/Automatically-Deploy-from-GitHub-Using-AWS-CodeDeploy

I'd love to use webhooks on my repo, or set them up myself, than permit AWS access to every repository on my Github account.

4
amazon-web-servicesgithubaws-code-deploy

4 Answers

1
votes

There does not appear to be an alternative to doing the OAuth flow in your browser at this point. If you're concerned about opening your whole Github account up to Amazon, creating a service user is probably the best approach, unfortunately it seems this user still needs administrative access to your repos to set up the integration.

1
votes

After more research I realized my first answer is wrong, you can use AWS CLI to create a CodePipeline using a Github OAuth token. Then you can plug in your CodeDeploy deployment from there. Here's an example configuration:

{
    "pipeline": {
        "roleArn": "arn:aws:iam::99999999:role/AWS-CodePipeline-Service",
        "stages": [
            {
                "name": "Source", 
                "actions": [
                    {
                        "inputArtifacts": [], 
                        "name": "Source", 
                        "actionTypeId": {
                            "category": "Source", 
                            "owner": "ThirdParty", 
                            "version": "1", 
                            "provider": "GitHub"
                        }, 
                        "outputArtifacts": [
                            {
                                "name": "MyApp"
                            }
                        ], 
                        "configuration": {
                            "Owner": "myusername", 
                            "Repo": "myrepo", 
                            "Branch": "master", 
                            "OAuthToken": "**************"
                        }, 
                        "runOrder": 1
                    }
                ]
            },
            {
                "name": "Beta",
                "actions": [
                    {
                        "inputArtifacts": [
                            {
                                "name": "MyApp"
                            }
                        ],
                        "name": "CodePipelineDemoFleet",
                        "actionTypeId": {
                            "category": "Deploy",
                            "owner": "AWS",
                            "version": "1",
                            "provider": "CodeDeploy"
                        },
                        "outputArtifacts": [],
                        "configuration": {
                            "ApplicationName": "CodePipelineDemoApplication",
                            "DeploymentGroupName": "CodePipelineDemoFleet"
                        },
                        "runOrder": 1
                    }
                ]
            }
        ],
        "artifactStore": {
            "type": "S3",
            "location": "codepipeline-us-east-1-99999999"
        },
        "name": "MySecondPipeline",
        "version": 1
    }
}

You can create the pipeline using the command:

aws codepipeline create-pipeline --cli-input-json file://input.json

Make sure that the Github OAuth token has permissions admin:repo_hook and repo.

Reference: http://docs.aws.amazon.com/cli/latest/reference/codepipeline/create-pipeline.html

0
votes

CodeDeploy and Github integration works based on Github Oauth. So to use the CodeDeploy and Github integration, you will have to trust CodeDeploy github application using your github account. Currently this integration will only work in your browser with a valid github account cause CodeDeploy application will always redirect back to CodeDeploy console to verify&finish the OAuth authentication process.

-3
votes

You can do it using this bash command

FROM LOCAL TO REMOTE

rsync --delete -azvv -e "ssh -i /path/to/pem" /path/to/local/code/* [email protected]:/path/to/remote/code

FROM REMOTE TO LOCAL

rsync --delete -azvv -e "ssh -i /path/to/pem" [email protected]:/path/to/remote/code/* /path/to/local/code

rsync checks file versions and updates the files that need to be update