How to set Branch Filter option in AWS CodeBuild cloudformation template?

14
votes

If using a Github repository as a source in a CodeBuild project, the Branch Filter option allows to run builds only for branches, whose name is matching a certain regular expression.

  1. AWS Management Console

In the AWS Management Console you can configure the branch filter upon creating or editing a CodeBuild project:

AWS console

  1. AWS CLI

For awscli exists an option --update-webhook (documented here)

    $ aws codebuild update-webhook --project-name myproject --branch-filter ^master$
  1. CloudFormation

In CodeBuild cloudformation template exists an option Triggers > Webhook (documented here), but this option is just a boolean for simple enabling/disabling the github webhook.

Resources:
    MyCodeBuildProject:
    Type: AWS::CodeBuild::Project
    Properties:
        Name: myproject
        ...
        Triggers:
            Webhook: true

So my question is, how to directly define a branch filter in a cloudformation template, without subsequently having to execute an awscli command or use the AWS Management Console?

3
amazon-web-servicescontinuous-integrationamazon-cloudformationdevopsaws-codebuild

3 Answers

1
votes

You can try using AWS CodePipeline

        Stages:
            -
                Name: "Source"
                Actions:
                    -
                        Name: "Checkout"
                        ActionTypeId:
                            Category: "Source"
                            Owner: "ThirdParty"
                            Provider: "GitHub"
                            Version: "1"
                        Configuration:
                            Owner: !Ref "UsernameOrOrg"
                            Repo: !Ref "ProjectName"
                            Branch: "master"
                            OAuthToken: !Ref "GitHubOAuthToken"
                        OutputArtifacts:
                            -
                                Name: "checkout"
            -
                Name: "Build"
                Actions:
                    -
                        Name: "Build"
                        ActionTypeId:
                            Category: "Build"
                            Owner: "AWS"
                            Provider: "CodeBuild"
                            Version: "1"
                        Configuration:
                            ProjectName: !Ref "BuildProject"
                        InputArtifacts:
                            -
                                Name: "checkout"

Then you just need to define your CodeBuild project with CodePipeline integration:

BuildProject:
    Type: "AWS::CodeBuild::Project"
    Properties:
       ... 
        Artifacts:
            Type: "CODEPIPELINE"
        Source:
            Type: "CODEPIPELINE"
1
votes

Here is a minimal example using triggers and webhook filters, filter group pattern can also be something like ^refs/heads/.*:

AWSTemplateFormatVersion: "2010-09-09"
Description: "CodeBuild project and IAM role"
Parameters:
  Image:
    Type: String
    Description: "Name of the docker image."
    Default: "my-image"
Resources:
  CodeBuildRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          Effect: Allow
          Principal:
            Service: codebuild.amazonaws.com
          Action: sts:AssumeRole
      Policies:
        - PolicyName: "CodeBuild-Service-Policy"
          PolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Effect: "Allow"
                Action:
                  - "ecr:BatchCheckLayerAvailability"
                  - "ecr:CompleteLayerUpload"
                  - "ecr:DescribeImages"
                  - "ecr:GetAuthorizationToken"
                  - "ecr:InitiateLayerUpload"
                  - "ecr:ListImages"
                  - "ecr:PutImage"
                  - "ecr:UploadLayerPart"
                  - "logs:*"
                Resource: "*"
  CodeBuildProject:
    Type: AWS::CodeBuild::Project
    Properties:
      Artifacts:
        Type: NO_ARTIFACTS
      Environment:
        ComputeType: "BUILD_GENERAL1_SMALL"
        Image: "aws/codebuild/docker:18.09.0"
        Type: LINUX_CONTAINER
      ServiceRole: !GetAtt CodeBuildRole.Arn
      Source:
        Type: GITHUB
        Location: "https://github.com/ORG/REPO.git"
        BuildSpec: "codebuild/create_docker_image.yml"
      Triggers:
        Webhook: true
        FilterGroups:
          - - Type: EVENT
              Pattern: PUSH
            - Type: HEAD_REF
              Pattern: master

See also: https://docs.amazonaws.cn/en_us/codebuild/latest/userguide/sample-bitbucket-pull-request.html#sample-bitbucket-pull-request-filter-webhook-events-cfn

0
votes

Set source version in your template and branch will be selected automatically by cloud formation

Docs: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-codebuild-project.html#cfn-codebuild-project-sourceversion

"main" is the name of my branch, so

SourceVersion: refs/heads/main

enter image description here

enter image description here