Skip to content

lgallard/terraform-aws-codebuild

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

94 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Terraform

terraform-aws-codebuild

Terraform module for creating AWS CodeBuild Projects. AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy.

Usage

You can define CodeBuild projects using object variables (made of maps, lists, booleans, etc.), or you can define projects using the classic module's variables approach (eg. artifacts_*, cache_*, etc.).

In the examples folder you can check both approaches in detail and another example with VPC support.

Example using objects

module "myapp-project" {

  source = "lgallard/codebuild/aws"

  name        = "my-app"
  description = "Codebuild for deploying myapp"

  # CodeBuild Source
  codebuild_source_version = "master"
  codebuild_source = {
    type            = "GITHUB"
    location        = "https://github.com/lgallard/codebuild-example.git"
    git_clone_depth = 1

    git_submodules_config = {
      fetch_submodules = true
    }
  }

  # Secondary Sources (optional)
  codebuild_secondary_sources = [
    {
      type              = "GITHUB"
      location          = "https://github.com/myprofile/myproject-1.git"
      source_identifier = "my_awesome_project1"
    },
    {
      type                = "GITHUB"
      location            = "https://github.com/myprofile/myproject-2.git"
      git_clone_depth     = 1
      source_identifier   = "my_awesome_project2"
      report_build_status = true
      insecure_ssl        = true
    }
  ]

  # Environment
  environment = {
    compute_type    = "BUILD_GENERAL1_SMALL"
    image           = "aws/codebuild/standard:2.0"
    type            = "LINUX_CONTAINER"
    privileged_mode = true

    # Environment variables
    variables = [
      {
        name  = "REGISTRY_URL"
        value = "012345678910.dkr.ecr.us-east-1.amazonaws.com/my-ecr"
      },
      {
        name  = "AWS_DEFAULT_REGION"
        value = "us-east-1"
      },
    ]
  }

  # Artifacts
  artifacts = {
    location  = aws_s3_bucket.myapp-project.bucket
    type      = "S3"
    path      = "/"
    packaging = "ZIP"
  }

  # Cache
  cache = {
    type     = "S3"
    location = aws_s3_bucket.myapp-project.bucket
  }

  # Logs
  s3_logs = {
    status   = "ENABLED"
    location = "${aws_s3_bucket.myapp-project.id}/build-log"
  }

  # Tags
  tags = {
    Environment = "dev"
    owner       = "development-team"
  }

}

Example using variables

module "myapp-project" {

  source = "lgallard/codebuild/aws"

  name        = "my-app-var"
  description = "Codebuild for deploying myapp (variables)"

  # CodeBuild Source
  codebuild_source_version = "master"

  codebuild_source_type                                   = "GITHUB"
  codebuild_source_location                               = "https://github.com/lgallard/codebuild-example.git"
  codebuild_source_git_clone_depth                        = 1
  codebuild_source_git_submodules_config_fetch_submodules = true

  # Environment
  environment_compute_type    = "BUILD_GENERAL1_SMALL"
  environment_image           = "aws/codebuild/standard:2.0"
  environment_type            = "LINUX_CONTAINER"
  environment_privileged_mode = true

  # Environment variables
  environment_variables = [
    {
      name  = "REGISTRY_URL"
      value = "012345678910.dkr.ecr.us-east-1.amazonaws.com/my-ecr"
    },
    {
      name  = "AWS_DEFAULT_REGION"
      value = "us-east-1"
    },
  ]

  # Artifacts
  artifacts_location  = aws_s3_bucket.myapp-project.bucket
  artifacts_type      = "S3"
  artifacts_path      = "/"
  artifacts_packaging = "ZIP"

  # Cache
  cache_type     = "S3"
  cache_location = aws_s3_bucket.myapp-project.bucket

  # Logs
  s3_logs_status   = "ENABLED"
  s3_logs_location = "${aws_s3_bucket.myapp-project.id}/build-var-log"


  # Tags
  tags = {
    Environment = "dev"
    owner       = "development-team"
  }

}

Requirements

No requirements.

Providers

Name Version
aws n/a

Modules

No modules.

Resources

Name Type
aws_codebuild_project.cb_project resource
aws_iam_role.service_role resource
aws_iam_role_policy.codebuild_role_extra_policies resource
aws_caller_identity.current data source
aws_iam_policy_document.codebuild_assume_role_policy data source
aws_iam_policy_document.codebuild_role_extra_policies data source
aws_region.current data source

Inputs

Name Description Type Default Required
artifacts Information about the project's build output artifacts. any {} no
artifacts_artifact_identifier The artifact identifier. Must be the same specified inside AWS CodeBuild buildspec. string null no
artifacts_encryption_disabled If set to true, output artifacts will not be encrypted. If type is set to NO_ARTIFACTS then this value will be ignored. bool false no
artifacts_location Information about the build output artifact location. If type is set to CODEPIPELINE or NO_ARTIFACTS then this value will be ignored. If type is set to S3, this is the name of the output bucket. string null no
artifacts_name The name of the project. If type is set to S3, this is the name of the output artifact object. string null no
artifacts_namespace_type The namespace to use in storing build artifacts. If type is set to S3, then valid values for this parameter are: BUILD_ID or NONE. string null no
artifacts_override_artifact_name If set to true, a name specified in the build spec file overrides the artifact name. bool false no
artifacts_packaging The type of build output artifact to create. If type is set to S3, valid values for this parameter are: NONE or ZIP string null no
artifacts_path If type is set to S3, this is the path to the output artifact string "" no
artifacts_type The build output artifact's type. Valid values for this parameter are: CODEPIPELINE, NO_ARTIFACTS or S3. string "CODEPIPELINE" no
badge_enabled Generates a publicly-accessible URL for the projects build badge. Available as badge_url attribute when enabled. bool false no
build_timeout How long in minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait until timing out any related build that does not get marked as completed.The default is 60 minutes. number 60 no
cache Information about the cache storage for the project. any {} no
cache_location The location where the AWS CodeBuild project stores cached resources. For type S3 the value must be a valid S3 bucket name/prefix. (Required when cache type is S3) string null no
cache_modes Specifies settings that AWS CodeBuild uses to store and reuse build dependencies. Valid values: LOCAL_SOURCE_CACHE, LOCAL_DOCKER_LAYER_CACHE, and LOCAL_CUSTOM_CACHE. (Required when cache type is LOCAL) list(any) [] no
cache_type The type of storage that will be used for the AWS CodeBuild project cache. Valid values: NO_CACHE, LOCAL, and S3. string "NO_CACHE" no
cloudwatch_logs Configuration for the builds to store log data to CloudWatch. any {} no
cloudwatch_logs_group_name The group name of the logs in CloudWatch Logs. string null no
cloudwatch_logs_status Current status of logs in CloudWatch Logs for a build project. Valid values: ENABLED, DISABLED. string "ENABLED" no
cloudwatch_logs_stream_name The stream name of the logs in CloudWatch Logs. string null no
codebuild_secondary_source_auth Information about the authorization settings for AWS CodeBuild to access the source code to be built. map {} no
codebuild_secondary_source_auth_resource The resource value that applies to the specified authorization type. string null no
codebuild_secondary_source_auth_type The authorization type to use. The only valid value is OAUTH string "OAUTH" no
codebuild_secondary_source_buildspec The build spec declaration to use for this build project's related builds. Optional string null no
codebuild_secondary_source_git_clone_depth Information about the Git submodules configuration for an AWS CodeBuild build project. Git submodules config blocks are documented below. This option is only valid when the type is CODECOMMIT. number 0 no
codebuild_secondary_source_git_submodules_config Information about the Git submodules configuration for an AWS CodeBuild build project. Git submodules config blocks are documented below. This option is only valid when the type is CODECOMMIT. map {} no
codebuild_secondary_source_git_submodules_config_fetch_submodules If set to true, fetches Git submodules for the AWS CodeBuild build project. bool true no
codebuild_secondary_source_identifier The name of a folder named that the source will be checked out into inside the AWS CodeBuild source directory string null no
codebuild_secondary_source_insecure_ssl Ignore SSL warnings when connecting to source control. bool false no
codebuild_secondary_source_location The location of the source code from git or s3. string null no
codebuild_secondary_source_report_build_status Set to true to report the status of a build's start and finish to your source provider. This option is only valid when the type is BITBUCKET or GITHUB. bool false no
codebuild_secondary_source_type The type of repository that contains the secondary source code to be built. Valid values for this parameter are: CODECOMMIT, CODEPIPELINE, GITHUB, GITHUB_ENTERPRISE, BITBUCKET, S3 or NO_SOURCE. string "CODEPIPELINE" no
codebuild_secondary_sources Information about the project's secondary sources code. See the related codebuild source objects for descriptions of each parameter.
The parameter source_identifier is the name of the directory to clone the secondary source into as a sibling to the primary source code directory.
If this variable is omitted, no secondary sources are created.

eg:
codebuild_secondary_sources = [
{
type = "GITHUB"
location = "https://github.com/myprofile/myproject-1.git"
source_identifier = "my_awesome_project1"
},
{
type = "GITHUB"
location = "https://github.com/myprofile/myproject-2.git"
git_clone_depth = 1
source_identifier = "my_awesome_project2"
report_build_status = true
insecure_ssl = true
}
]
any [] no
codebuild_source Information about the project's input source code. any {} no
codebuild_source_auth Information about the authorization settings for AWS CodeBuild to access the source code to be built. map(any) {} no
codebuild_source_auth_resource The resource value that applies to the specified authorization type. string null no
codebuild_source_auth_type The authorization type to use. The only valid value is OAUTH string "OAUTH" no
codebuild_source_buildspec The build spec declaration to use for this build project's related builds. This must be set when type is iNO_SOURCE string null no
codebuild_source_git_clone_depth Information about the Git submodules configuration for an AWS CodeBuild build project. Git submodules config blocks are documented below. This option is only valid when the type is CODECOMMIT. number 0 no
codebuild_source_git_submodules_config Information about the Git submodules configuration for an AWS CodeBuild build project. Git submodules config blocks are documented below. This option is only valid when the type is CODECOMMIT. map(any) {} no
codebuild_source_git_submodules_config_fetch_submodules If set to true, fetches Git submodules for the AWS CodeBuild build project. bool true no
codebuild_source_insecure_ssl Ignore SSL warnings when connecting to source control. bool false no
codebuild_source_location The location of the source code from git or s3. string null no
codebuild_source_report_build_status Set to true to report the status of a build's start and finish to your source provider. This option is only valid when the type is BITBUCKET or GITHUB. bool false no
codebuild_source_type The type of repository that contains the source code to be built. Valid values for this parameter are: CODECOMMIT, CODEPIPELINE, GITHUB, GITHUB_ENTERPRISE, BITBUCKET, S3 or NO_SOURCE. string "CODEPIPELINE" no
codebuild_source_version A version of the build input to be built for this project. If not specified, the latest version is used. string null no
description A short description of the project. string null no
encryption_key The AWS Key Management Service (AWS KMS) customer master key (CMK) to be used for encrypting the build project's build output artifacts. string null no
environment Information about the project's build environment. any {} no
environment_certificate The ARN of the S3 bucket, path prefix and object key that contains the PEM-encoded certificate. string null no
environment_compute_type Information about the compute resources the build project will use. Available values for this parameter are: BUILD_GENERAL1_SMALL, BUILD_GENERAL1_MEDIUM, BUILD_GENERAL1_LARGE or BUILD_GENERAL1_2XLARGE. BUILD_GENERAL1_SMALL is only valid if type is set to LINUX_CONTAINER. When type is set to LINUX_GPU_CONTAINER, compute_type need to be BUILD_GENERAL1_LARGE. string "BUILD_GENERAL1_MEDIUM" no
environment_image The Docker image to use for this build project. Valid values include Docker images provided by CodeBuild (e.g aws/codebuild/standard:2.0), Docker Hub images (e.g. hashicorp/terraform:latest), and full Docker repository URIs such as those for ECR (e.g. 137112412989.dkr.ecr.us-west-2.amazonaws.com/amazonlinux:latest) string "aws/codebuild/standard:2.0" no
environment_image_pull_credentials_type The type of credentials AWS CodeBuild uses to pull images in your build. Available values for this parameter are CODEBUID or SERVICE_ROLE. When you use a cross-account or private registry image, you must use SERVICE_ROLE credentials. When you use an AWS CodeBuild curated image, you must use CODEBUILD credentials. string "CODEBUILD" no
environment_privileged_mode If set to true, enables running the Docker daemon inside a Docker container. bool false no
environment_registry_credential Information about credentials for access to a private Docker registry. Registry Credential config blocks are documented below. map(any) {} no
environment_type The type of build environment to use for related builds. Available values are: LINUX_CONTAINER, LINUX_GPU_CONTAINER, WINDOWS_CONTAINER or ARM_CONTAINER. string "LINUX_CONTAINER" no
environment_variables A list of sets of environment variables to make available to builds for this build project. list(any) [] no
name The projects name. string n/a yes
queued_timeout How long in minutes, from 5 to 480 (8 hours), a build is allowed to be queued before it times out.The default is 8 hours. number 480 no
s3_logs Configuration for the builds to store log data to S3. any {} no
s3_logs_encryption_disabled Set to true if you do not want S3 logs encrypted. string true no
s3_logs_location The name of the S3 bucket and the path prefix for S3 logs. Must be set if status is ENABLED, otherwise it must be empty. string null no
s3_logs_status Current status of logs in S3 for a build project. Valid values: ENABLED, DISABLED. string "DISABLED" no
tags A mapping of tags to assign to the resource. map(string) {} no
vpc_config Configuration for the builds to run inside a VPC. any {} no
vpc_config_security_group_ids The security group IDs to assign to running builds. list(string) [] no
vpc_config_subnets The subnet IDs within which to run builds. list(string) [] no
vpc_config_vpc_id The ID of the VPC within which to run builds. string null no

Outputs

Name Description
arn The ARN of the CodeBuild project
id The name (if imported via name) or ARN (if created via Terraform or imported via ARN) of the CodeBuild project.
name The name of the CodeBuild project
service_role_arn Amazon Resource Name (ARN) of the Service Role for CodeBuild.
service_role_id ID of the Service Role created for CodeBuild.
service_role_name Name of the Service Role created for CodeBuild.