gh-actions-for-devops/.github/workflows/aws-codebuild-run.yml at main · dceoy/gh-actions-for-devops · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
---
name: Build using an AWS CodeBuild project
on:
  workflow_call:
    inputs:
      aws-iam-role-to-assume:
        required: false
        type: string
        description: AWS IAM role ARN to assume
        default: null
      aws-region:
        required: false
        type: string
        description: AWS region to use
        default: us-east-1
      aws-profile-env-file:
        required: false
        type: string
        description: Environment file containing AWS IAM role ARN (ROLE_ARN) and region (REGION)
        default: null
      aws-codebuild-project-name:
        required: false
        type: string
        description: AWS CodeBuild Project Name
        default: null
      buildspec-override:
        required: false
        type: string
        description: Buildspec Override
        default: null
      compute-type-override:
        required: false
        type: string
        description: The name of a compute type for this build that overrides the one specified in the build project
        default: null
      environment-type-override:
        required: false
        type: string
        description: A container type for this build that overrides the one specified in the build project
        default: null
      image-override:
        required: false
        type: string
        description: The name of an image for this build that overrides the one specified in the build project
        default: null
      image-pull-credentials-type-override:
        required: false
        type: string
        description: The type of credentials CodeBuild uses to pull images in your build
        default: null
      env-vars-for-codebuild:
        required: false
        type: string
        description: Comma separated list of environment variables to send to CodeBuild
        default: null
      update-interval:
        required: false
        type: string
        description: How often the action calls the API for updates
        default: null
      update-back-off:
        required: false
        type: string
        description: Base back-off time for the update calls for API if rate-limiting is encountered
        default: null
      disable-source-override:
        required: false
        type: boolean
        description: Set to `true` if you want do disable source repo override
        default: false
      source-version-override:
        required: false
        type: string
        description: The source version that overrides the sourceVersion provided to Codebuild
        default: null
      source-type-override:
        required: false
        type: string
        description: The source input type that overrides the source input defined in the build project for this build (NO_SOURCE, CODECOMMIT, CODEPIPELINE, GITHUB, S3, BITBUCKET, or GITHUB_ENTERPRISE)
        default: null
      source-location-override:
        required: false
        type: string
        description: The location that overrides the source location defined in the build project for this build
        default: null
      hide-cloudwatch-logs:
        required: false
        type: boolean
        description: Set to `true` to prevent the CloudWatch logs from streaming the output to GitHub
        default: false
      disable-github-env-vars:
        required: false
        type: boolean
        description: Set to `true` if you want do disable github environment variables in codebuild
        default: false
      artifacts-type-override:
        required: false
        type: string
        description: The type of build output artifact
        default: null
      stop-on-signals:
        required: false
        type: string
        description: Comma separated list of process signals on which to stop the build. Default is SIGINT
        default: SIGINT
      runs-on:
        required: false
        type: string
        description: GitHub Actions runner to use
        default: ubuntu-latest
      timeout-minutes:
        required: false
        type: number
        description: Timeout in minutes for the job
        default: 360
    outputs:
      aws-build-id:
        description: The AWS CodeBuild Build ID for this build
        value: ${{ jobs.aws-codebuild-run-build.outputs.aws-build-id }}
permissions:
  contents: read    # This is required for actions/checkout
  id-token: write   # This is required for requesting the JWT
defaults:
  run:
    shell: bash -euo pipefail {0}
    working-directory: .
jobs:
  aws-codebuild-run-build:
    runs-on: ${{ inputs.runs-on }}
    timeout-minutes: ${{ inputs.timeout-minutes }}
    outputs:
      aws-build-id: ${{ steps.aws-codebuild-run-build.outputs.aws-build-id }}
    steps:
      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
        with:
          fetch-depth: 1
          persist-credentials: false
      - name: Read AWS profile environment file
        if: inputs.aws-profile-env-file != null
        id: aws-profile-env
        env:
          AWS_PROFILE_ENV_FILE: ${{ inputs.aws-profile-env-file }}
        run: |
          cat "${AWS_PROFILE_ENV_FILE}" >> "${GITHUB_OUTPUT}"
      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37  # v6.1.0
        with:
          role-to-assume: ${{ inputs.aws-iam-role-to-assume || steps.aws-profile-env.outputs.ROLE_ARN || null }}
          aws-region: ${{ inputs.aws-region || steps.aws-profile-env.outputs.REGION || null }}
          role-session-name: github-actions-${{ github.run_id }}
      - name: Run an AWS CodeBuild project
        id: aws-codebuild-run-build
        uses: aws-actions/aws-codebuild-run-build@7e46c3fa1c1f217e26a73712796b1f78938b534b  # v1.0.19
        with:
          project-name: ${{ inputs.aws-codebuild-project-name || steps.aws-profile-env.outputs.AWS_CODEBUILD_PROJECT_NAME || null }}
          buildspec-override: ${{ inputs.buildspec-override }}
          compute-type-override: ${{ inputs.compute-type-override }}
          environment-type-override: ${{ inputs.environment-type-override }}
          image-override: ${{ inputs.image-override }}
          image-pull-credentials-type-override: ${{ inputs.image-pull-credentials-type-override }}
          env-vars-for-codebuild: ${{ inputs.env-vars-for-codebuild }}
          update-interval: ${{ inputs.update-interval }}
          update-back-off: ${{ inputs.update-back-off }}
          disable-source-override: ${{ inputs.disable-source-override }}
          source-version-override: ${{ inputs.source-version-override }}
          source-type-override: ${{ inputs.source-type-override }}
          source-location-override: ${{ inputs.source-location-override }}
          hide-cloudwatch-logs: ${{ inputs.hide-cloudwatch-logs }}
          disable-github-env-vars: ${{ inputs.disable-github-env-vars }}
          artifacts-type-override: ${{ inputs.artifacts-type-override }}
          stop-on-signals: ${{ inputs.stop-on-signals }}