1) Creating ECR to hold the docker image
2) Set up Code Build to build image through Dockerfile
3) Recheck log of Code Build on CloudWatch
File buildspec.yml
version: 0.2 phases: pre_build: commands: - echo Connecting to Amazon ECR... - aws --version # - $(aws ecr get-login --region $AWS_DEFAULT_REGION --no-include-email) - aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 250887682577.dkr.ecr.us-east-1.amazonaws.com - REPOSITORY_URI=250887682577.dkr.ecr.us-east-1.amazonaws.com/demo-codebuild - COMMIT_HASH=$(echo $CODEBUILD_RESOLVED_SOURCE_VERSION | cut -c 1-7) - IMAGE_TAG=build-$(echo $CODEBUILD_BUILD_ID | awk -F":" '{print $2}') build: commands: - echo Build started on `date` - echo Building the Docker image... - docker build --platform linux/amd64 -t $REPOSITORY_URI:latest . - docker tag $REPOSITORY_URI:latest $REPOSITORY_URI:$IMAGE_TAG post_build: commands: - echo Build completed on `date` - echo Pushing the Docker images... - docker push $REPOSITORY_URI:latest - docker push $REPOSITORY_URI:$IMAGE_TAG - echo Writing image definitions file... - printf '[{"name":"simple-app","imageUri":"%s"}]' $REPOSITORY_URI:$IMAGE_TAG > imagedefinitions.json - cat imagedefinitions.json artifacts: files: imagedefinitions.json
4) Provisioning CodeBuild(aws) through terraform
Giờ chúng ta sẽ đến với việc demo code build bằng terraform.
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codebuild_project
Đầu Tiên là file demo_codebuild.tf
resource "aws_codebuild_project" "demo_codebuild" { name = "demo_codebuild_${var.environment}" service_role = aws_iam_role.codebuild_role.arn environment { compute_type = var.linux_compute_type image = var.linux_compute_image type = "LINUX_CONTAINER" image_pull_credentials_type = "CODEBUILD" privileged_mode = true # dynamic "environment_variable" { # for_each = var.env_variables_deploy_image # content { # name = environment_variable.value["name"] # type = "PLAINTEXT" # value = environment_variable.value["value"] # } # } } artifacts { type = "NO_ARTIFACTS" } logs_config { cloudwatch_logs { group_name = aws_cloudwatch_log_group.demo_codebuild_group.name } } source { type = "NO_SOURCE" buildspec = <<EOT version: 0.2 env: # parameter-store: # BEARER_TOKEN: "/nimtechnology-provision/BEARER_TOKEN" # build_ssh_key: "/nimtechnology-provision/build_ssh_key" variables: ENVIRONMENT: "${var.environment}" phases: pre_build: commands: - echo "ahihi pre_build" build: commands: - echo "ahihi build" EOT } tags = { Owner = "CloudOps" Env = var.environment } cache { type = var.cache_type modes = var.cache_modes } lifecycle { ignore_changes = [project_visibility] } }
Đầu tiên bạn để ý service_role = aws_iam_role.codebuild_role.arn
Trong đây là mình sẽ các role để codebuild này có thể access vào các resource khác (cloudwatch, SSM,…)
Chúng ta có 1 file iam.tf
# ## Role: codebuild_role resource "aws_iam_role" "codebuild_role" { name = "${var.environment}-${var.aws_region}-codebuild-role" assume_role_policy = <<EOF { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "codebuild.amazonaws.com" }, "Action": "sts:AssumeRole" } ] } EOF } resource "aws_iam_role_policy" "codebuild_policy" { name = "${var.environment}-codebuild-policy" role = aws_iam_role.codebuild_role.id policy = <<EOF { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Resource": [ "*" ], "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", "ssm:GetParameters" ] } ] } EOF }
Ở trên thì mình cấp quyền cho CodeBuild được phép tương tác với CloudWatch.
vời block environment {} thì cũng khá dễ hiều là biến môi trường.
và bạn cần chú ý dynamic
Blocks: Nó đơn giản bạn dụng for để load nhiều biến môi trường
https://www.terraform.io/language/expressions/dynamic-blocks
Phần logs_config {} chúng ta tạo 1 log_group cụ thể để cho codebuild gửi sang.
Mình có file logging.tf
resource "aws_cloudwatch_log_group" "demo_codebuild_group" { name = "${var.environment}-deploy" retention_in_days = 14 tags = { Owner = "CloudOps" Env = var.environment } }