-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: support for AWS CodeArtifact (#89)
- Loading branch information
1 parent
766a65e
commit 26adee6
Showing
20 changed files
with
418 additions
and
39 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
# Using CodeArtifact | ||
|
||
AWS CodeArtifact is a fully managed artifact repository service that makes it easy for organizations of any size to securely store, publish, and share software packages used in their development process. AWS CodeArtifact supports popular package formats and works with commonly used build tools and package managers. | ||
|
||
## Prerequisites | ||
- If you do not have an existing AWS CodeArtifact repository please create one using the AWS Management Console or AWS CLI. For more information, see [Creating a repository](https://docs.aws.amazon.com/codeartifact/latest/ug/getting-started.html#get-started-create-repo). Ensure the repository is configured to upstream the desired package sources, you must be able to fetch 'aws-cdk-lib' and 'cdklabs' packages from the repository. | ||
|
||
## Configuring the CI/CD pipeline | ||
|
||
To use AWS CodeArtifact in your pipeline, you need to configure the `CodeArtifactPlugin` plugin. This plugin is responsible for setting up the necessary commands to authenticate with the AWS CodeArtifact repository and manage the required IAM permissions for the pipeline. | ||
|
||
```typeScript | ||
import { PipelineBlueprint, CodeArtifactPlugin } from '@cdklabs/cdk-cicd-wrapper'; | ||
|
||
const pipeline = PipelineBlueprint.builder() | ||
.plugin(new CodeArtifactPlugin({ | ||
domain: 'my-domain', | ||
repositoryName: 'my-repo', | ||
})) | ||
.synth(app); | ||
``` | ||
|
||
The above snippet configures the pipeline to authenticate with the AWS CodeArtifact repository `my-domain/my-repo`. The plugin will automatically set up the necessary IAM permissions for the pipeline to access the repository. | ||
|
||
## Using AWS CodeArtifact for Python/Swift/dotnet packages | ||
|
||
To use AWS CodeArtifact for Python, Swift, or dotnet packages, you need to configure the plugin for those package types. The `CodeArtifactPlugin` accepts an optional `repositoryTypes` parameter that allows you to specify the package types you want to use with AWS CodeArtifact. | ||
|
||
```typeScript | ||
import { PipelineBlueprint, CodeArtifactPlugin, CodeArtifactRepositoryTypes} from '@cdklabs/cdk-cicd-wrapper'; | ||
|
||
const pipeline = PipelineBlueprint.builder() | ||
.plugin(new CodeArtifactPlugin({ | ||
domain: 'my-domain', | ||
repositoryName: 'my-repo', | ||
repositoryTypes: [CodeArtifactRepositoryTypes.NPM, CodeArtifactRepositoryTypes.PIP, CodeArtifactRepositoryTypes.SWIFT, CodeArtifactRepositoryTypes.NUGET], | ||
})) | ||
.addStack(new MyStack()) | ||
.synth(app); | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
81 changes: 81 additions & 0 deletions
81
packages/@cdklabs/cdk-cicd-wrapper/src/plugins/utils/CodeArtifactPlugin.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,81 @@ | ||
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. | ||
// SPDX-License-Identifier: Apache-2.0 | ||
|
||
import { BuildSpec } from 'aws-cdk-lib/aws-codebuild'; | ||
import * as iam from 'aws-cdk-lib/aws-iam'; | ||
import { GlobalResources, PluginBase, ResourceContext } from '../../common'; | ||
|
||
export enum CodeArtifactRepositoryTypes { | ||
NPM = 'npm', | ||
PIP = 'pip', | ||
NUGET = 'nuget', | ||
SWIFT = 'swift', | ||
DOTNET = 'dotnet', | ||
TWINE = 'twine', | ||
} | ||
|
||
export interface CodeArtifactPluginProps { | ||
readonly domain: string; | ||
|
||
readonly account?: string; | ||
|
||
readonly repositoryName: string; | ||
|
||
readonly repositoryTypes?: CodeArtifactRepositoryTypes[]; | ||
|
||
readonly npmScope?: string; | ||
} | ||
|
||
/** | ||
* Plugin to enable key rotation for KMS keys. | ||
*/ | ||
export class CodeArtifactPlugin extends PluginBase { | ||
readonly name: string = 'CodeArtifactPlugin'; | ||
|
||
readonly version: string = '1.0'; | ||
|
||
constructor(private readonly options: CodeArtifactPluginProps) { | ||
super(); | ||
} | ||
|
||
create(context: ResourceContext): void { | ||
const { domain, repositoryName } = this.options; | ||
const account = this.options.account || context.blueprintProps.deploymentDefinition.RES.env.account; | ||
const region = context.blueprintProps.deploymentDefinition.RES.env.region; | ||
const repositoryTypes = this.options.repositoryTypes || [CodeArtifactRepositoryTypes.NPM]; | ||
|
||
const commands = repositoryTypes.map((type) => | ||
type === CodeArtifactRepositoryTypes.NPM && this.options.npmScope | ||
? `aws codeartifact login --domain ${domain} --domain-owner ${account} --repository ${repositoryName} --tool ${type} --namespace ${this.options.npmScope}` | ||
: `aws codeartifact login --domain ${domain} --domain-owner ${account} --repository ${repositoryName} --tool ${type}`, | ||
); | ||
|
||
const ciDefinition = context.get(GlobalResources.CI_DEFINITION); | ||
|
||
ciDefinition.append( | ||
BuildSpec.fromObject({ | ||
phases: { | ||
pre_build: { | ||
commands: commands, | ||
}, | ||
}, | ||
}), | ||
); | ||
|
||
ciDefinition.additionalPolicyStatements([ | ||
new iam.PolicyStatement({ | ||
actions: ['codeartifact:GetAuthorizationToken'], | ||
resources: [`arn:aws:codeartifact:${region}:${account}:domain/${domain}`], | ||
}), | ||
new iam.PolicyStatement({ | ||
actions: ['codeartifact:GetRepositoryEndpoint', 'codeartifact:ReadFromRepository'], | ||
resources: [`arn:aws:codeartifact:${region}:${account}:repository/${domain}/${repositoryName}`], | ||
}), | ||
new iam.PolicyStatement({ | ||
actions: ['sts:GetServiceBearerToken'], | ||
resources: ['*'], | ||
conditions: { StringEquals: { 'sts:AWSServiceName': 'codeartifact.amazonaws.com' } }, | ||
}), | ||
]); | ||
} | ||
} |
Oops, something went wrong.