/gitlab-codebuild-quickstart

Integrate your GitLab to AWS CodeBuild quickly.

MIT No AttributionMIT-0

GitLab-CodeBuild Quick Start

This CloudFormation stack helps you to integrate your GitLab to AWS CodeBuild quickly.

Architecture

Architecture

Usage

  1. Click the following button to launch the CloudFormation Stack in your account.

    Launch Stack

  2. (Optional) Modify your AWS CodeBuild service role to add permissions like Amazon ECR access. You can find the role ARN in the output of this stack if you use admin or minimal as the input parameter RoleArnForCodeBuild. You can always modify this role later.

  3. Modify your repository to adapt your build command. The default build command is bash build.sh, in this case your need a file build.sh in your repository to specify your build steps.

  4. Create a webhook in your GitLab project settings.

    1. For the webhook URL, use the value of the output WebhookURL of the CloudFormation stack.
    2. For the secret token, use the value of the parameter WebhookSecretToken of the CloudFormation stack.
    3. Add webhook triggers as you need.

  5. When your webhook is triggered, you will find your builds in the AWS CodeBuild console.

Example

Here is an example of build.sh if you want to build a docker image and upload it to Amazon ECR:

# install docker
apt update -y
apt install docker -y

# login to AWS ECR
aws ecr get-login-password --region us-east-1 | docker login \
    --username AWS --password-stdin \
    1234567890.dkr.ecr.us-east-1.amazonaws.com

# build image
docker build -t myImage .
docker tag myImage 1234567890.dkr.ecr.us-east-1.amazonaws.com/myImage

# create ECR repository
aws ecr create-repository --repository-name=myImage

# publish image
docker push 1234567890.dkr.ecr.us-east-1.amazonaws.com/myImage

Security Concerns

  • The parameters GitLabPassword and WebhookSecretToken are stored in the AWS Secrets Manager.
  • The AWS CodeBuild project has the permission to retrieve GitLabPassword from the AWS Secrets Manager to download your source codes. The GitLab password will be stored as an environment variable and can be accessed by your build command.

Limits

Since this is a quick start template, many AWS CodeBuild features are not included, but you can configure them by yourself.

Those AWS CodeBuild features includes:

  • Access assets within your VPCs like RDS, ElastiCache, etc.
  • Cache build assets to accelerate later builds.
  • Generate build badge.
  • Set timeout and queued timeout.
  • Use certificates from your Amazon S3 bucket.
  • Attach to Amazon EFS file systems.

Security

See CONTRIBUTING for more information.

License

This library is licensed under the MIT-0 License. See the LICENSE file.