diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 41c1baa..2537f2f 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,4 +1,25 @@ # Use this file to define individuals or teams that are responsible for code in a repository. # Read more: +# +# Order is important: the last matching pattern has the highest precedence -* @cloudposse/engineering \ No newline at end of file +# These owners will be the default owners for everything +* @cloudposse/engineering @cloudposse/contributors + +# Cloud Posse must review any changes to Makefiles +**/Makefile @cloudposse/engineering +**/Makefile.* @cloudposse/engineering + +# Cloud Posse must review any changes to GitHub actions +.github/* @cloudposse/engineering + +# Cloud Posse must review any changes to standard context definition, +# but some changes can be rubber-stamped. +**/*.tf @cloudposse/engineering @cloudposse/approvers +README.yaml @cloudposse/engineering @cloudposse/approvers +README.md @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers +docs/*.md @cloudposse/engineering @cloudposse/contributors @cloudposse/approvers + +# Cloud Posse Admins must review all changes to CODEOWNERS or the mergify configuration +.github/mergify.yml @cloudposse/admins +.github/CODEOWNERS @cloudposse/admins diff --git a/.github/auto-release.yml b/.github/auto-release.yml new file mode 100644 index 0000000..c78a4d8 --- /dev/null +++ b/.github/auto-release.yml @@ -0,0 +1,53 @@ +name-template: 'v$RESOLVED_VERSION' +tag-template: '$RESOLVED_VERSION' +version-template: '$MAJOR.$MINOR.$PATCH' +version-resolver: + major: + labels: + - 'major' + minor: + labels: + - 'minor' + - 'enhancement' + patch: + labels: + - 'auto-update' + - 'patch' + - 'fix' + - 'bugfix' + - 'bug' + - 'hotfix' + default: 'minor' + +categories: +- title: '🚀 Enhancements' + labels: + - 'enhancement' + - 'patch' +- title: '🐛 Bug Fixes' + labels: + - 'fix' + - 'bugfix' + - 'bug' + - 'hotfix' +- title: '🤖 Automatic Updates' + labels: + - 'auto-update' + +change-template: | +
+ $TITLE @$AUTHOR (#$NUMBER) + + $BODY +
+ +template: | + $CHANGES + +replacers: +# Remove irrelevant information from Renovate bot +- search: '/---\s+^#.*Renovate configuration(?:.|\n)*?This PR has been generated .*/gm' + replace: '' +# Remove Renovate bot banner image +- search: '/\[!\[[^\]]*Renovate\][^\]]*\](\([^)]*\))?\s*\n+/gm' + replace: '' diff --git a/.github/mergify.yml b/.github/mergify.yml new file mode 100644 index 0000000..b010656 --- /dev/null +++ b/.github/mergify.yml @@ -0,0 +1,58 @@ +# https://docs.mergify.io/conditions.html +# https://docs.mergify.io/actions.html +pull_request_rules: +- name: "approve automated PRs that have passed checks" + conditions: + - "author~=^(cloudpossebot|renovate\\[bot\\])$" + - "base=master" + - "-closed" + - "head~=^(auto-update|renovate)/.*" + - "check-success=test/bats" + - "check-success=test/readme" + - "check-success=test/terratest" + - "check-success=validate-codeowners" + actions: + review: + type: "APPROVE" + bot_account: "cloudposse-mergebot" + message: "We've automatically approved this PR because the checks from the automated Pull Request have passed." + +- name: "merge automated PRs when approved and tests pass" + conditions: + - "author~=^(cloudpossebot|renovate\\[bot\\])$" + - "base=master" + - "-closed" + - "head~=^(auto-update|renovate)/.*" + - "check-success=test/bats" + - "check-success=test/readme" + - "check-success=test/terratest" + - "check-success=validate-codeowners" + - "#approved-reviews-by>=1" + - "#changes-requested-reviews-by=0" + - "#commented-reviews-by=0" + actions: + merge: + method: "squash" + +- name: "delete the head branch after merge" + conditions: + - "merged" + actions: + delete_head_branch: {} + +- name: "ask to resolve conflict" + conditions: + - "conflict" + - "-closed" + actions: + comment: + message: "This pull request is now in conflict. Could you fix it @{{author}}? 🙏" + +- name: "remove outdated reviews" + conditions: + - "base=master" + actions: + dismiss_reviews: + changes_requested: true + approved: true + message: "This Pull Request has been updated, so we're dismissing all reviews." diff --git a/.github/renovate.json b/.github/renovate.json new file mode 100644 index 0000000..ae4f0aa --- /dev/null +++ b/.github/renovate.json @@ -0,0 +1,12 @@ +{ + "extends": [ + "config:base", + ":preserveSemverRanges" + ], + "labels": ["auto-update"], + "enabledManagers": ["terraform"], + "terraform": { + "ignorePaths": ["**/context.tf", "examples/**"] + } +} + diff --git a/.github/workflows/auto-context.yml b/.github/workflows/auto-context.yml new file mode 100644 index 0000000..ab979e0 --- /dev/null +++ b/.github/workflows/auto-context.yml @@ -0,0 +1,57 @@ +name: "auto-context" +on: + schedule: + # Update context.tf nightly + - cron: '0 3 * * *' + +jobs: + update: + if: github.event_name == 'schedule' + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + + - name: Update context.tf + shell: bash + id: update + env: + GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + run: | + if [[ -f context.tf ]]; then + echo "Discovered existing context.tf! Fetching most recent version to see if there is an update." + curl -o context.tf -fsSL https://raw.githubusercontent.com/cloudposse/terraform-null-label/master/exports/context.tf + if git diff --no-patch --exit-code context.tf; then + echo "No changes detected! Exiting the job..." + else + echo "context.tf file has changed. Update examples and rebuild README.md." + make init + make github/init/context.tf + make readme/build + echo "::set-output name=create_pull_request::true" + fi + else + echo "This module has not yet been updated to support the context.tf pattern! Please update in order to support automatic updates." + fi + + - name: Create Pull Request + if: steps.update.outputs.create_pull_request == 'true' + uses: cloudposse/actions/github/create-pull-request@0.22.0 + with: + token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} + committer: 'cloudpossebot <11232728+cloudpossebot@users.noreply.github.com>' + author: 'cloudpossebot <11232728+cloudpossebot@users.noreply.github.com>' + commit-message: Update context.tf from origin source + title: Update context.tf + body: |- + ## what + This is an auto-generated PR that updates the `context.tf` file to the latest version from `cloudposse/terraform-null-label` + + ## why + To support all the features of the `context` interface. + + branch: auto-update/context.tf + base: master + delete-branch: true + labels: | + auto-update + context diff --git a/.github/workflows/auto-format.yml b/.github/workflows/auto-format.yml new file mode 100644 index 0000000..990abed --- /dev/null +++ b/.github/workflows/auto-format.yml @@ -0,0 +1,86 @@ +name: Auto Format +on: + pull_request_target: + types: [opened, synchronize] + +jobs: + auto-format: + runs-on: ubuntu-latest + container: cloudposse/build-harness:slim-latest + steps: + # Checkout the pull request branch + # "An action in a workflow run can’t trigger a new workflow run. For example, if an action pushes code using + # the repository’s GITHUB_TOKEN, a new workflow will not run even when the repository contains + # a workflow configured to run when push events occur." + # However, using a personal access token will cause events to be triggered. + # We need that to ensure a status gets posted after the auto-format commit. + # We also want to trigger tests if the auto-format made no changes. + - uses: actions/checkout@v2 + if: github.event.pull_request.state == 'open' + name: Privileged Checkout + with: + token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} + repository: ${{ github.event.pull_request.head.repo.full_name }} + # Check out the PR commit, not the merge commit + # Use `ref` instead of `sha` to enable pushing back to `ref` + ref: ${{ github.event.pull_request.head.ref }} + + # Do all the formatting stuff + - name: Auto Format + if: github.event.pull_request.state == 'open' + shell: bash + run: make BUILD_HARNESS_PATH=/build-harness PACKAGES_PREFER_HOST=true -f /build-harness/templates/Makefile.build-harness pr/auto-format/host + + # Commit changes (if any) to the PR branch + - name: Commit changes to the PR branch + if: github.event.pull_request.state == 'open' + shell: bash + id: commit + env: + SENDER: ${{ github.event.sender.login }} + run: | + set -x + output=$(git diff --name-only) + + if [ -n "$output" ]; then + echo "Changes detected. Pushing to the PR branch" + git config --global user.name 'cloudpossebot' + git config --global user.email '11232728+cloudpossebot@users.noreply.github.com' + git add -A + git commit -m "Auto Format" + # Prevent looping by not pushing changes in response to changes from cloudpossebot + [[ $SENDER == "cloudpossebot" ]] || git push + # Set status to fail, because the push should trigger another status check, + # and we use success to indicate the checks are finished. + printf "::set-output name=%s::%s\n" "changed" "true" + exit 1 + else + printf "::set-output name=%s::%s\n" "changed" "false" + echo "No changes detected" + fi + + - name: Auto Test + uses: cloudposse/actions/github/repository-dispatch@0.22.0 + # match users by ID because logins (user names) are inconsistent, + # for example in the REST API Renovate Bot is `renovate[bot]` but + # in GraphQL it is just `renovate`, plus there is a non-bot + # user `renovate` with ID 1832810. + # Mergify bot: 37929162 + # Renovate bot: 29139614 + # Cloudpossebot: 11232728 + # Need to use space separators to prevent "21" from matching "112144" + if: > + contains(' 37929162 29139614 11232728 ', format(' {0} ', github.event.pull_request.user.id)) + && steps.commit.outputs.changed == 'false' && github.event.pull_request.state == 'open' + with: + token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} + repository: cloudposse/actions + event-type: test-command + client-payload: |- + { "slash_command":{"args": {"unnamed": {"all": "all", "arg1": "all"}}}, + "pull_request": ${{ toJSON(github.event.pull_request) }}, + "github":{"payload":{"repository": ${{ toJSON(github.event.repository) }}, + "comment": {"id": ""} + } + } + } diff --git a/.github/workflows/auto-release.yml b/.github/workflows/auto-release.yml new file mode 100644 index 0000000..3f48017 --- /dev/null +++ b/.github/workflows/auto-release.yml @@ -0,0 +1,19 @@ +name: auto-release + +on: + push: + branches: + - master + +jobs: + publish: + runs-on: ubuntu-latest + steps: + # Drafts your next Release notes as Pull Requests are merged into "master" + - uses: release-drafter/release-drafter@v5 + with: + publish: true + prerelease: false + config-name: auto-release.yml + env: + GITHUB_TOKEN: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} diff --git a/.github/workflows/chatops.yml b/.github/workflows/chatops.yml index a6bb11b..4ddc067 100644 --- a/.github/workflows/chatops.yml +++ b/.github/workflows/chatops.yml @@ -9,13 +9,13 @@ jobs: steps: - uses: actions/checkout@v2 - name: "Handle common commands" - uses: cloudposse/actions/github/slash-command-dispatch@0.15.0 + uses: cloudposse/actions/github/slash-command-dispatch@0.22.0 with: token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} reaction-token: ${{ secrets.GITHUB_TOKEN }} repository: cloudposse/actions commands: rebuild-readme, terraform-fmt - permission: none + permission: triage issue-type: pull-request test: @@ -24,13 +24,13 @@ jobs: - name: "Checkout commit" uses: actions/checkout@v2 - name: "Run tests" - uses: cloudposse/actions/github/slash-command-dispatch@0.15.0 + uses: cloudposse/actions/github/slash-command-dispatch@0.22.0 with: token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }} reaction-token: ${{ secrets.GITHUB_TOKEN }} repository: cloudposse/actions commands: test - permission: none + permission: triage issue-type: pull-request reactions: false diff --git a/.github/workflows/validate-codeowners.yml b/.github/workflows/validate-codeowners.yml new file mode 100644 index 0000000..386eb28 --- /dev/null +++ b/.github/workflows/validate-codeowners.yml @@ -0,0 +1,25 @@ +name: Validate Codeowners +on: + pull_request: + +jobs: + validate-codeowners: + runs-on: ubuntu-latest + steps: + - name: "Checkout source code at current commit" + uses: actions/checkout@v2 + - uses: mszostok/codeowners-validator@v0.5.0 + if: github.event.pull_request.head.repo.full_name == github.repository + name: "Full check of CODEOWNERS" + with: + # For now, remove "files" check to allow CODEOWNERS to specify non-existent + # files so we can use the same CODEOWNERS file for Terraform and non-Terraform repos + # checks: "files,syntax,owners,duppatterns" + checks: "syntax,owners,duppatterns" + # GitHub access token is required only if the `owners` check is enabled + github_access_token: "${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}" + - uses: mszostok/codeowners-validator@v0.5.0 + if: github.event.pull_request.head.repo.full_name != github.repository + name: "Syntax check of CODEOWNERS" + with: + checks: "syntax,duppatterns" diff --git a/README.md b/README.md index c74b9a2..48c55bd 100644 --- a/README.md +++ b/README.md @@ -1,24 +1,23 @@ - +# terraform-aws-ecs-codepipeline [![GitHub Action Tests](https://github.com/cloudposse/terraform-aws-ecs-codepipeline/workflows/test/badge.svg?branch=master)](https://github.com/cloudposse/terraform-aws-ecs-codepipeline/actions) [![Latest Release](https://img.shields.io/github/release/cloudposse/terraform-aws-ecs-codepipeline.svg)](https://github.com/cloudposse/terraform-aws-ecs-codepipeline/releases/latest) [![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com) + +[![README Header][readme_header_img]][readme_header_link] +[![Cloud Posse][logo]](https://cpco.io/homepage) + -[![README Header][readme_header_img]][readme_header_link] - -[![Cloud Posse][logo]](https://cpco.io/homepage) - -# terraform-aws-ecs-codepipeline [![GitHub Action Tests](https://github.com/cloudposse/terraform-aws-ecs-codepipeline/workflows/test/badge.svg?branch=master)](https://github.com/cloudposse/terraform-aws-ecs-codepipeline/actions) [![Latest Release](https://img.shields.io/github/release/cloudposse/terraform-aws-ecs-codepipeline.svg)](https://github.com/cloudposse/terraform-aws-ecs-codepipeline/releases/latest) [![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com) - +--> Terraform Module for CI/CD with AWS Code Pipeline using GitHub webhook triggers and Code Build for ECS. - --- -This project is part of our comprehensive ["SweetOps"](https://cpco.io/sweetops) approach towards DevOps. +This project is part of our comprehensive ["SweetOps"](https://cpco.io/sweetops) approach towards DevOps. [][share_email] [][share_googleplus] [][share_facebook] @@ -71,19 +53,44 @@ It's 100% Open Source and licensed under the [APACHE2](LICENSE). -We literally have [*hundreds of terraform modules*][terraform_modules] that are Open Source and well-maintained. Check them out! +We literally have [*hundreds of terraform modules*][terraform_modules] that are Open Source and well-maintained. Check them out! + + + +## Security & Compliance [](https://bridgecrew.io/) +Security scanning is graciously provided by Bridgecrew. Bridgecrew is the leading fully hosted, cloud-native solution providing continuous Terraform security and compliance. + +| Benchmark | Description | +|--------|---------------| +| [![Infrastructure Security](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-ecs-codepipeline/general)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-ecs-codepipeline&benchmark=INFRASTRUCTURE+SECURITY) | Infrastructure Security Compliance | +| [![CIS KUBERNETES](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-ecs-codepipeline/cis_kubernetes)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-ecs-codepipeline&benchmark=CIS+KUBERNETES+V1.5) | Center for Internet Security, KUBERNETES Compliance | +| [![CIS AWS](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-ecs-codepipeline/cis_aws)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-ecs-codepipeline&benchmark=CIS+AWS+V1.2) | Center for Internet Security, AWS Compliance | +| [![CIS AZURE](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-ecs-codepipeline/cis_azure)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-ecs-codepipeline&benchmark=CIS+AZURE+V1.1) | Center for Internet Security, AZURE Compliance | +| [![PCI-DSS](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-ecs-codepipeline/pci)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-ecs-codepipeline&benchmark=PCI-DSS+V3.2) | Payment Card Industry Data Security Standards Compliance | +| [![NIST-800-53](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-ecs-codepipeline/nist)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-ecs-codepipeline&benchmark=NIST-800-53) | National Institute of Standards and Technology Compliance | +| [![ISO27001](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-ecs-codepipeline/iso)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-ecs-codepipeline&benchmark=ISO27001) | Information Security Management System, ISO/IEC 27001 Compliance | +| [![SOC2](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-ecs-codepipeline/soc2)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-ecs-codepipeline&benchmark=SOC2)| Service Organization Control 2 Compliance | +| [![CIS GCP](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-ecs-codepipeline/cis_gcp)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-ecs-codepipeline&benchmark=CIS+GCP+V1.1) | Center for Internet Security, GCP Compliance | +| [![HIPAA](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-ecs-codepipeline/hipaa)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-ecs-codepipeline&benchmark=HIPAA) | Health Insurance Portability and Accountability Compliance | ## Usage -**IMPORTANT:** The `master` branch is used in `source` just as an example. In your code, do not pin to `master` because there may be breaking changes between releases. -Instead pin to the release tag (e.g. `?ref=tags/x.y.z`) of one of our [latest releases](https://github.com/cloudposse/terraform-aws-ecs-codepipeline/releases). +**IMPORTANT:** We do not pin modules to versions in our examples because of the +difficulty of keeping the versions in the documentation in sync with the latest released versions. +We highly recommend that in your code you pin the version to the exact version you are +using so that your infrastructure remains stable, and update versions in a +systematic way so that they do not catch you by surprise. + +Also, because of a bug in the Terraform registry ([hashicorp/terraform#21417](https://github.com/hashicorp/terraform/issues/21417)), +the registry shows many of our inputs as required when in fact they are optional. +The table below correctly indicates which inputs are required. @@ -96,7 +103,9 @@ For automated tests of the complete example using `bats` and `Terratest`, see [t In this example, we'll trigger the pipeline anytime the `master` branch is updated. ```hcl module "ecs_push_pipeline" { - source = "git::https://github.com/cloudposse/terraform-aws-ecs-codepipeline.git?ref=master" + source = "cloudposse/ecs-codepipeline/aws" + # Cloud Posse recommends pinning every module to a specific version + # version = "x.x.x" name = "app" namespace = "eg" stage = "staging" @@ -117,7 +126,9 @@ In this example, we'll trigger anytime a new GitHub release is cut by setting th ```hcl module "ecs_release_pipeline" { - source = "git::https://github.com/cloudposse/terraform-aws-ecs-codepipeline.git?ref=master" + source = "cloudposse/ecs-codepipeline/aws" + # Cloud Posse recommends pinning every module to a specific version + # version = "x.x.x" name = "app" namespace = "eg" stage = "staging" @@ -180,8 +191,9 @@ artifacts: + ## Makefile Targets -``` +```text Available targets: help Help screen @@ -189,93 +201,149 @@ Available targets: help/short This help short screen ``` + + ## Requirements | Name | Version | |------|---------| -| terraform | ~> 0.12.0 | -| aws | ~> 2.0 | -| local | ~> 1.2 | -| null | ~> 2.0 | -| random | ~> 2.1 | -| template | ~> 2.0 | +| [terraform](#requirement\_terraform) | >= 0.13.0 | +| [aws](#requirement\_aws) | >= 2.0 | +| [local](#requirement\_local) | >= 1.2 | +| [null](#requirement\_null) | >= 2.0 | +| [random](#requirement\_random) | >= 2.1 | +| [template](#requirement\_template) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| aws | ~> 2.0 | -| random | ~> 2.1 | +| [aws](#provider\_aws) | >= 2.0 | +| [random](#provider\_random) | >= 2.1 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [codebuild](#module\_codebuild) | cloudposse/codebuild/aws | 0.36.0 | +| [codebuild\_label](#module\_codebuild\_label) | cloudposse/label/null | 0.24.1 | +| [codepipeline\_assume\_role\_label](#module\_codepipeline\_assume\_role\_label) | cloudposse/label/null | 0.24.1 | +| [codepipeline\_label](#module\_codepipeline\_label) | cloudposse/label/null | 0.24.1 | +| [codepipeline\_s3\_policy\_label](#module\_codepipeline\_s3\_policy\_label) | cloudposse/label/null | 0.24.1 | +| [codestar\_label](#module\_codestar\_label) | cloudposse/label/null | 0.24.1 | +| [github\_webhooks](#module\_github\_webhooks) | cloudposse/repository-webhooks/github | 0.12.0 | +| [this](#module\_this) | cloudposse/label/null | 0.24.1 | + +## Resources + +| Name | Type | +|------|------| +| [aws_codepipeline.bitbucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codepipeline) | resource | +| [aws_codepipeline.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codepipeline) | resource | +| [aws_codepipeline_webhook.webhook](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codepipeline_webhook) | resource | +| [aws_iam_policy.codebuild](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_policy.codestar](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_policy.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_policy.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_role.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy_attachment.codebuild](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.codebuild_s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.codestar](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_s3_bucket.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource | +| [random_string.webhook_secret](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource | +| [aws_caller_identity.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | +| [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.codebuild](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.codestar](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_region.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| attributes | Additional attributes (\_e.g.\_ "1") | `list(string)` | `[]` | no | -| aws\_account\_id | AWS Account ID. Used as CodeBuild ENV variable when building Docker images. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html) | `string` | `""` | no | -| badge\_enabled | Generates a publicly-accessible URL for the projects build badge. Available as badge\_url attribute when enabled | `bool` | `false` | no | -| branch | Branch of the GitHub repository, _e.g._ `master` | `string` | n/a | yes | -| build\_compute\_type | `CodeBuild` instance size. Possible values are: `BUILD_GENERAL1_SMALL` `BUILD_GENERAL1_MEDIUM` `BUILD_GENERAL1_LARGE` | `string` | `"BUILD_GENERAL1_SMALL"` | no | -| build\_image | Docker image for build environment, _e.g._ `aws/codebuild/docker:docker:17.09.0` | `string` | `"aws/codebuild/docker:17.09.0"` | no | -| build\_timeout | How long in minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait until timing out any related build that does not get marked as completed | `number` | `60` | no | -| buildspec | Declaration to use for building the project. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html) | `string` | `""` | no | -| cache\_type | The type of storage that will be used for the AWS CodeBuild project cache. Valid values: NO\_CACHE, LOCAL, and S3. Defaults to S3. If cache\_type is S3, it will create an S3 bucket for storing codebuild cache inside | `string` | `"S3"` | no | -| codestar\_connection\_arn | CodeStar connection ARN required for Bitbucket integration with CodePipeline | `string` | `""` | no | -| delimiter | Delimiter between `namespace`, `stage`, `name` and `attributes` | `string` | `"-"` | no | -| ecs\_cluster\_name | ECS Cluster Name | `string` | n/a | yes | -| enabled | Enable `CodePipeline` creation | `bool` | `true` | no | -| environment\_variables | A list of maps, that contain both the key 'name' and the key 'value' to be used as additional environment variables for the build | 
list(object(
    {
      name  = string
      value = string
  }))
| `[]` | no | -| github\_anonymous | Github Anonymous API (if `true`, token must not be set as GITHUB\_TOKEN or `github_token`) | `bool` | `false` | no | -| github\_oauth\_token | GitHub OAuth Token with permissions to access private repositories | `string` | `""` | no | -| github\_webhook\_events | A list of events which should trigger the webhook. See a list of [available events](https://developer.github.com/v3/activity/events/types/) | `list(string)` | 
[
  "push"
]
| no | -| github\_webhooks\_token | GitHub OAuth Token with permissions to create webhooks. If not provided, can be sourced from the `GITHUB_TOKEN` environment variable | `string` | `""` | no | -| image\_repo\_name | ECR repository name to store the Docker image built by this module. Used as CodeBuild ENV variable when building Docker images. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html) | `string` | n/a | yes | -| image\_tag | Docker image tag in the ECR repository, e.g. 'latest'. Used as CodeBuild ENV variable when building Docker images. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html) | `string` | `"latest"` | no | -| local\_cache\_modes | Specifies settings that AWS CodeBuild uses to store and reuse build dependencies. Valid values: LOCAL\_SOURCE\_CACHE, LOCAL\_DOCKER\_LAYER\_CACHE, and LOCAL\_CUSTOM\_CACHE | `list(string)` | `[]` | no | -| name | Name of the application | `string` | n/a | yes | -| namespace | Namespace (e.g. `eg` or `cp`) | `string` | `""` | no | -| poll\_source\_changes | Periodically check the location of your source content and run the pipeline if changes are detected | `bool` | `false` | no | -| privileged\_mode | If set to true, enables running the Docker daemon inside a Docker container on the CodeBuild instance. Used when building Docker images | `bool` | `false` | no | -| region | AWS Region, e.g. us-east-1. Used as CodeBuild ENV variable when building Docker images. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html) | `string` | n/a | yes | -| repo\_name | GitHub repository name of the application to be built and deployed to ECS | `string` | n/a | yes | -| repo\_owner | GitHub Organization or Username | `string` | n/a | yes | -| s3\_bucket\_force\_destroy | A boolean that indicates all objects should be deleted from the CodePipeline artifact store S3 bucket so that the bucket can be destroyed without error | `bool` | `false` | no | -| service\_name | ECS Service Name | `string` | n/a | yes | -| stage | Stage (e.g. `prod`, `dev`, `staging`) | `string` | `""` | no | -| tags | Additional tags (\_e.g.\_ { BusinessUnit : ABC }) | `map(string)` | `{}` | no | -| webhook\_authentication | The type of authentication to use. One of IP, GITHUB\_HMAC, or UNAUTHENTICATED | `string` | `"GITHUB_HMAC"` | no | -| webhook\_enabled | Set to false to prevent the module from creating any webhook resources | `bool` | `true` | no | -| webhook\_filter\_json\_path | The JSON path to filter on | `string` | `"$.ref"` | no | -| webhook\_filter\_match\_equals | The value to match on (e.g. refs/heads/{Branch}) | `string` | `"refs/heads/{Branch}"` | no | -| webhook\_target\_action | The name of the action in a pipeline you want to connect to the webhook. The action must be from the source (first) stage of the pipeline | `string` | `"Source"` | no | +| [additional\_tag\_map](#input\_additional\_tag\_map) | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no | +| [attributes](#input\_attributes) | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no | +| [aws\_account\_id](#input\_aws\_account\_id) | AWS Account ID. Used as CodeBuild ENV variable when building Docker images. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html) | `string` | `""` | no | +| [badge\_enabled](#input\_badge\_enabled) | Generates a publicly-accessible URL for the projects build badge. Available as badge\_url attribute when enabled | `bool` | `false` | no | +| [branch](#input\_branch) | Branch of the GitHub repository, _e.g._ `master` | `string` | n/a | yes | +| [build\_compute\_type](#input\_build\_compute\_type) | `CodeBuild` instance size. Possible values are: `BUILD_GENERAL1_SMALL` `BUILD_GENERAL1_MEDIUM` `BUILD_GENERAL1_LARGE` | `string` | `"BUILD_GENERAL1_SMALL"` | no | +| [build\_image](#input\_build\_image) | Docker image for build environment, _e.g._ `aws/codebuild/docker:docker:17.09.0` | `string` | `"aws/codebuild/docker:17.09.0"` | no | +| [build\_timeout](#input\_build\_timeout) | How long in minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait until timing out any related build that does not get marked as completed | `number` | `60` | no | +| [buildspec](#input\_buildspec) | Declaration to use for building the project. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html) | `string` | `""` | no | +| [cache\_bucket\_suffix\_enabled](#input\_cache\_bucket\_suffix\_enabled) | The cache bucket generates a random 13 character string to generate a unique bucket name. If set to false it uses terraform-null-label's id value. It only works when cache\_type is 'S3' | `bool` | `true` | no | +| [cache\_type](#input\_cache\_type) | The type of storage that will be used for the AWS CodeBuild project cache. Valid values: NO\_CACHE, LOCAL, and S3. Defaults to S3. If cache\_type is S3, it will create an S3 bucket for storing codebuild cache inside | `string` | `"S3"` | no | +| [codebuild\_vpc\_config](#input\_codebuild\_vpc\_config) | Configuration for the builds to run inside a VPC. | `any` | `{}` | no | +| [codestar\_connection\_arn](#input\_codestar\_connection\_arn) | CodeStar connection ARN required for Bitbucket integration with CodePipeline | `string` | `""` | no | +| [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | +| [delimiter](#input\_delimiter) | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | +| [ecs\_cluster\_name](#input\_ecs\_cluster\_name) | ECS Cluster Name | `string` | n/a | yes | +| [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no | +| [environment](#input\_environment) | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | +| [environment\_variables](#input\_environment\_variables) | A list of maps, that contain the keys 'name', 'value', and 'type' to be used as additional environment variables for the build. Valid types are 'PLAINTEXT', 'PARAMETER\_STORE', or 'SECRETS\_MANAGER' | 
list(object(
    {
      name  = string
      value = string
      type  = string
  }))
| `[]` | no | +| [github\_oauth\_token](#input\_github\_oauth\_token) | GitHub OAuth Token with permissions to access private repositories | `string` | `""` | no | +| [github\_webhook\_events](#input\_github\_webhook\_events) | A list of events which should trigger the webhook. See a list of [available events](https://developer.github.com/v3/activity/events/types/) | `list(string)` | 
[
  "push"
]
| no | +| [github\_webhooks\_token](#input\_github\_webhooks\_token) | GitHub OAuth Token with permissions to create webhooks. If not provided, can be sourced from the `GITHUB_TOKEN` environment variable | `string` | `""` | no | +| [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no | +| [image\_repo\_name](#input\_image\_repo\_name) | ECR repository name to store the Docker image built by this module. Used as CodeBuild ENV variable when building Docker images. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html) | `string` | n/a | yes | +| [image\_tag](#input\_image\_tag) | Docker image tag in the ECR repository, e.g. 'latest'. Used as CodeBuild ENV variable when building Docker images. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html) | `string` | `"latest"` | no | +| [label\_key\_case](#input\_label\_key\_case) | The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | +| [label\_order](#input\_label\_order) | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no | +| [label\_value\_case](#input\_label\_value\_case) | The letter case of output label values (also used in `tags` and `id`).
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Default value: `lower`. | `string` | `null` | no | +| [local\_cache\_modes](#input\_local\_cache\_modes) | Specifies settings that AWS CodeBuild uses to store and reuse build dependencies. Valid values: LOCAL\_SOURCE\_CACHE, LOCAL\_DOCKER\_LAYER\_CACHE, and LOCAL\_CUSTOM\_CACHE | `list(string)` | `[]` | no | +| [name](#input\_name) | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no | +| [namespace](#input\_namespace) | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no | +| [poll\_source\_changes](#input\_poll\_source\_changes) | Periodically check the location of your source content and run the pipeline if changes are detected | `bool` | `false` | no | +| [privileged\_mode](#input\_privileged\_mode) | If set to true, enables running the Docker daemon inside a Docker container on the CodeBuild instance. Used when building Docker images | `bool` | `false` | no | +| [regex\_replace\_chars](#input\_regex\_replace\_chars) | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | +| [region](#input\_region) | AWS Region, e.g. us-east-1. Used as CodeBuild ENV variable when building Docker images. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html) | `string` | n/a | yes | +| [repo\_name](#input\_repo\_name) | GitHub repository name of the application to be built and deployed to ECS | `string` | n/a | yes | +| [repo\_owner](#input\_repo\_owner) | GitHub Organization or Username | `string` | n/a | yes | +| [s3\_bucket\_force\_destroy](#input\_s3\_bucket\_force\_destroy) | A boolean that indicates all objects should be deleted from the CodePipeline artifact store S3 bucket so that the bucket can be destroyed without error | `bool` | `false` | no | +| [secondary\_artifact\_bucket\_id](#input\_secondary\_artifact\_bucket\_id) | Optional bucket for secondary artifact deployment. If specified, the buildspec must include a secondary artifacts section which controls the artifacts deployed to the bucket [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html) | `string` | `null` | no | +| [secondary\_artifact\_encryption\_enabled](#input\_secondary\_artifact\_encryption\_enabled) | If set to true, enable encryption on the secondary artifact bucket | `bool` | `false` | no | +| [secondary\_artifact\_identifier](#input\_secondary\_artifact\_identifier) | Identifier for optional secondary artifact deployment. If specified, the identifier must appear in the buildspec as the name of the section which controls the artifacts deployed to the secondary artifact bucket [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html) | `string` | `null` | no | +| [service\_name](#input\_service\_name) | ECS Service Name | `string` | n/a | yes | +| [stage](#input\_stage) | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | +| [tags](#input\_tags) | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no | +| [webhook\_authentication](#input\_webhook\_authentication) | The type of authentication to use. One of IP, GITHUB\_HMAC, or UNAUTHENTICATED | `string` | `"GITHUB_HMAC"` | no | +| [webhook\_enabled](#input\_webhook\_enabled) | Set to false to prevent the module from creating any webhook resources | `bool` | `true` | no | +| [webhook\_filter\_json\_path](#input\_webhook\_filter\_json\_path) | The JSON path to filter on | `string` | `"$.ref"` | no | +| [webhook\_filter\_match\_equals](#input\_webhook\_filter\_match\_equals) | The value to match on (e.g. refs/heads/{Branch}) | `string` | `"refs/heads/{Branch}"` | no | +| [webhook\_target\_action](#input\_webhook\_target\_action) | The name of the action in a pipeline you want to connect to the webhook. The action must be from the source (first) stage of the pipeline | `string` | `"Source"` | no | ## Outputs | Name | Description | |------|-------------| -| badge\_url | The URL of the build badge when badge\_enabled is enabled | -| codebuild\_badge\_url | The URL of the build badge when badge\_enabled is enabled | -| codebuild\_cache\_bucket\_arn | CodeBuild cache S3 bucket ARN | -| codebuild\_cache\_bucket\_name | CodeBuild cache S3 bucket name | -| codebuild\_project\_id | CodeBuild project ID | -| codebuild\_project\_name | CodeBuild project name | -| codebuild\_role\_arn | CodeBuild IAM Role ARN | -| codebuild\_role\_id | CodeBuild IAM Role ID | -| codepipeline\_arn | CodePipeline ARN | -| codepipeline\_id | CodePipeline ID | -| webhook\_id | The CodePipeline webhook's ID | -| webhook\_url | The CodePipeline webhook's URL. POST events to this endpoint to trigger the target | +| [badge\_url](#output\_badge\_url) | The URL of the build badge when badge\_enabled is enabled | +| [codebuild\_badge\_url](#output\_codebuild\_badge\_url) | The URL of the build badge when badge\_enabled is enabled | +| [codebuild\_cache\_bucket\_arn](#output\_codebuild\_cache\_bucket\_arn) | CodeBuild cache S3 bucket ARN | +| [codebuild\_cache\_bucket\_name](#output\_codebuild\_cache\_bucket\_name) | CodeBuild cache S3 bucket name | +| [codebuild\_project\_id](#output\_codebuild\_project\_id) | CodeBuild project ID | +| [codebuild\_project\_name](#output\_codebuild\_project\_name) | CodeBuild project name | +| [codebuild\_role\_arn](#output\_codebuild\_role\_arn) | CodeBuild IAM Role ARN | +| [codebuild\_role\_id](#output\_codebuild\_role\_id) | CodeBuild IAM Role ID | +| [codepipeline\_arn](#output\_codepipeline\_arn) | CodePipeline ARN | +| [codepipeline\_id](#output\_codepipeline\_id) | CodePipeline ID | +| [codepipeline\_resource](#output\_codepipeline\_resource) | CodePipeline resource | +| [webhook\_id](#output\_webhook\_id) | The CodePipeline webhook's ID | +| [webhook\_url](#output\_webhook\_url) | The CodePipeline webhook's URL. POST events to this endpoint to trigger the target | + +## Share the Love -## Share the Love - -Like this project? Please give it a ★ on [our GitHub](https://github.com/cloudposse/terraform-aws-ecs-codepipeline)! (it helps us **a lot**) +Like this project? Please give it a ★ on [our GitHub](https://github.com/cloudposse/terraform-aws-ecs-codepipeline)! (it helps us **a lot**) Are you using this project or any of our other projects? Consider [leaving a testimonial][testimonial]. =) + ## Related Projects Check out these related projects. @@ -289,18 +357,16 @@ Check out these related projects. - [terraform-aws-lb-s3-bucket](https://github.com/cloudposse/terraform-aws-lb-s3-bucket) - Terraform module to provision an S3 bucket with built in IAM policy to allow AWS Load Balancers to ship access logs. - - ## References -For additional context, refer to some of these links. +For additional context, refer to some of these links. - [aws_codepipeline_webhook](https://www.terraform.io/docs/providers/aws/r/codepipeline_webhook.html) - Provides a CodePipeline Webhook ## Help -**Got a question?** We got answers. +**Got a question?** We got answers. File a GitHub [issue](https://github.com/cloudposse/terraform-aws-ecs-codepipeline/issues), send us an [email][email] or join our [Slack Community][slack]. @@ -309,7 +375,7 @@ File a GitHub [issue](https://github.com/cloudposse/terraform-aws-ecs-codepipeli ## DevOps Accelerator for Startups -We are a [**DevOps Accelerator**][commercial_support]. We'll help you build your cloud infrastructure from the ground up so you can own it. Then we'll show you how to operate it and stick around for as long as you need us. +We are a [**DevOps Accelerator**][commercial_support]. We'll help you build your cloud infrastructure from the ground up so you can own it. Then we'll show you how to operate it and stick around for as long as you need us. [![Learn More](https://img.shields.io/badge/learn%20more-success.svg?style=for-the-badge)][commercial_support] @@ -338,11 +404,11 @@ Participate in our [Discourse Forums][discourse]. Here you'll find answers to co ## Newsletter -Sign up for [our newsletter][newsletter] that covers everything on our technology radar. Receive updates on what we're up to on GitHub as well as awesome new projects we discover. +Sign up for [our newsletter][newsletter] that covers everything on our technology radar. Receive updates on what we're up to on GitHub as well as awesome new projects we discover. ## Office Hours -[Join us every Wednesday via Zoom][office_hours] for our weekly "Lunch & Learn" sessions. It's **FREE** for everyone! +[Join us every Wednesday via Zoom][office_hours] for our weekly "Lunch & Learn" sessions. It's **FREE** for everyone! [![zoom](https://img.cloudposse.com/fit-in/200x200/https://cloudposse.com/wp-content/uploads/2019/08/Powered-by-Zoom.png")][office_hours] @@ -369,32 +435,34 @@ In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow. ## Copyright -Copyright © 2017-2020 [Cloud Posse, LLC](https://cpco.io/copyright) +Copyright © 2017-2021 [Cloud Posse, LLC](https://cpco.io/copyright) -## License +## License -[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) +[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) See [LICENSE](LICENSE) for full details. - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - https://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. +```text +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + https://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +``` @@ -416,7 +484,7 @@ This project is maintained and funded by [Cloud Posse, LLC][website]. Like it? P We're a [DevOps Professional Services][hire] company based in Los Angeles, CA. We ❤️ [Open Source Software][we_love_open_source]. -We offer [paid support][commercial_support] on all of our projects. +We offer [paid support][commercial_support] on all of our projects. Check out [our other projects][github], [follow us on twitter][twitter], [apply for a job][jobs], or [hire us][hire] to help with your cloud strategy and implementation. @@ -424,8 +492,10 @@ Check out [our other projects][github], [follow us on twitter][twitter], [apply ### Contributors -| [![Erik Osterman][osterman_avatar]][osterman_homepage]
[Erik Osterman][osterman_homepage] | [![Igor Rodionov][goruha_avatar]][goruha_homepage]
[Igor Rodionov][goruha_homepage] | [![Andriy Knysh][aknysh_avatar]][aknysh_homepage]
[Andriy Knysh][aknysh_homepage] | [![Sarkis Varozian][sarkis_avatar]][sarkis_homepage]
[Sarkis Varozian][sarkis_homepage] | -|---|---|---|---| + +| [![Erik Osterman][osterman_avatar]][osterman_homepage]
[Erik Osterman][osterman_homepage] | [![Igor Rodionov][goruha_avatar]][goruha_homepage]
[Igor Rodionov][goruha_homepage] | [![Andriy Knysh][aknysh_avatar]][aknysh_homepage]
[Andriy Knysh][aknysh_homepage] | [![Sarkis Varozian][sarkis_avatar]][sarkis_homepage]
[Sarkis Varozian][sarkis_homepage] | [![Joe Niland][joe-niland_avatar]][joe-niland_homepage]
[Joe Niland][joe-niland_homepage] | +|---|---|---|---|---| + [osterman_homepage]: https://github.com/osterman [osterman_avatar]: https://img.cloudposse.com/150x150/https://github.com/osterman.png @@ -435,6 +505,8 @@ Check out [our other projects][github], [follow us on twitter][twitter], [apply [aknysh_avatar]: https://img.cloudposse.com/150x150/https://github.com/aknysh.png [sarkis_homepage]: https://github.com/sarkis [sarkis_avatar]: https://img.cloudposse.com/150x150/https://github.com/sarkis.png + [joe-niland_homepage]: https://github.com/joe-niland + [joe-niland_avatar]: https://img.cloudposse.com/150x150/https://github.com/joe-niland.png [![README Footer][readme_footer_img]][readme_footer_link] [![Beacon][beacon]][website] diff --git a/README.yaml b/README.yaml index 45948f3..8d7513a 100644 --- a/README.yaml +++ b/README.yaml @@ -67,7 +67,9 @@ usage: |- In this example, we'll trigger the pipeline anytime the `master` branch is updated. ```hcl module "ecs_push_pipeline" { - source = "git::https://github.com/cloudposse/terraform-aws-ecs-codepipeline.git?ref=master" + source = "cloudposse/ecs-codepipeline/aws" + # Cloud Posse recommends pinning every module to a specific version + # version = "x.x.x" name = "app" namespace = "eg" stage = "staging" @@ -88,7 +90,9 @@ usage: |- ```hcl module "ecs_release_pipeline" { - source = "git::https://github.com/cloudposse/terraform-aws-ecs-codepipeline.git?ref=master" + source = "cloudposse/ecs-codepipeline/aws" + # Cloud Posse recommends pinning every module to a specific version + # version = "x.x.x" name = "app" namespace = "eg" stage = "staging" @@ -171,3 +175,5 @@ contributors: github: "aknysh" - name: "Sarkis Varozian" github: "sarkis" + - name: "Joe Niland" + github: "joe-niland" diff --git a/context.tf b/context.tf new file mode 100644 index 0000000..81f99b4 --- /dev/null +++ b/context.tf @@ -0,0 +1,202 @@ +# +# ONLY EDIT THIS FILE IN github.com/cloudposse/terraform-null-label +# All other instances of this file should be a copy of that one +# +# +# Copy this file from https://github.com/cloudposse/terraform-null-label/blob/master/exports/context.tf +# and then place it in your Terraform module to automatically get +# Cloud Posse's standard configuration inputs suitable for passing +# to Cloud Posse modules. +# +# Modules should access the whole context as `module.this.context` +# to get the input variables with nulls for defaults, +# for example `context = module.this.context`, +# and access individual variables as `module.this.`, +# with final values filled in. +# +# For example, when using defaults, `module.this.context.delimiter` +# will be null, and `module.this.delimiter` will be `-` (hyphen). +# + +module "this" { + source = "cloudposse/label/null" + version = "0.24.1" # requires Terraform >= 0.13.0 + + enabled = var.enabled + namespace = var.namespace + environment = var.environment + stage = var.stage + name = var.name + delimiter = var.delimiter + attributes = var.attributes + tags = var.tags + additional_tag_map = var.additional_tag_map + label_order = var.label_order + regex_replace_chars = var.regex_replace_chars + id_length_limit = var.id_length_limit + label_key_case = var.label_key_case + label_value_case = var.label_value_case + + context = var.context +} + +# Copy contents of cloudposse/terraform-null-label/variables.tf here + +variable "context" { + type = any + default = { + enabled = true + namespace = null + environment = null + stage = null + name = null + delimiter = null + attributes = [] + tags = {} + additional_tag_map = {} + regex_replace_chars = null + label_order = [] + id_length_limit = null + label_key_case = null + label_value_case = null + } + description = <<-EOT + Single object for setting entire context at once. + See description of individual variables for details. + Leave string and numeric variables as `null` to use default value. + Individual variable settings (non-null) override settings in context object, + except for attributes, tags, and additional_tag_map, which are merged. + EOT + + validation { + condition = lookup(var.context, "label_key_case", null) == null ? true : contains(["lower", "title", "upper"], var.context["label_key_case"]) + error_message = "Allowed values: `lower`, `title`, `upper`." + } + + validation { + condition = lookup(var.context, "label_value_case", null) == null ? true : contains(["lower", "title", "upper", "none"], var.context["label_value_case"]) + error_message = "Allowed values: `lower`, `title`, `upper`, `none`." + } +} + +variable "enabled" { + type = bool + default = null + description = "Set to false to prevent the module from creating any resources" +} + +variable "namespace" { + type = string + default = null + description = "Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp'" +} + +variable "environment" { + type = string + default = null + description = "Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT'" +} + +variable "stage" { + type = string + default = null + description = "Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release'" +} + +variable "name" { + type = string + default = null + description = "Solution name, e.g. 'app' or 'jenkins'" +} + +variable "delimiter" { + type = string + default = null + description = <<-EOT + Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`. + Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. + EOT +} + +variable "attributes" { + type = list(string) + default = [] + description = "Additional attributes (e.g. `1`)" +} + +variable "tags" { + type = map(string) + default = {} + description = "Additional tags (e.g. `map('BusinessUnit','XYZ')`" +} + +variable "additional_tag_map" { + type = map(string) + default = {} + description = "Additional tags for appending to tags_as_list_of_maps. Not added to `tags`." +} + +variable "label_order" { + type = list(string) + default = null + description = <<-EOT + The naming order of the id output and Name tag. + Defaults to ["namespace", "environment", "stage", "name", "attributes"]. + You can omit any of the 5 elements, but at least one must be present. + EOT +} + +variable "regex_replace_chars" { + type = string + default = null + description = <<-EOT + Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`. + If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. + EOT +} + +variable "id_length_limit" { + type = number + default = null + description = <<-EOT + Limit `id` to this many characters (minimum 6). + Set to `0` for unlimited length. + Set to `null` for default, which is `0`. + Does not affect `id_full`. + EOT + validation { + condition = var.id_length_limit == null ? true : var.id_length_limit >= 6 || var.id_length_limit == 0 + error_message = "The id_length_limit must be >= 6 if supplied (not null), or 0 for unlimited length." + } +} + +variable "label_key_case" { + type = string + default = null + description = <<-EOT + The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`. + Possible values: `lower`, `title`, `upper`. + Default value: `title`. + EOT + + validation { + condition = var.label_key_case == null ? true : contains(["lower", "title", "upper"], var.label_key_case) + error_message = "Allowed values: `lower`, `title`, `upper`." + } +} + +variable "label_value_case" { + type = string + default = null + description = <<-EOT + The letter case of output label values (also used in `tags` and `id`). + Possible values: `lower`, `title`, `upper` and `none` (no transformation). + Default value: `lower`. + EOT + + validation { + condition = var.label_value_case == null ? true : contains(["lower", "title", "upper", "none"], var.label_value_case) + error_message = "Allowed values: `lower`, `title`, `upper`, `none`." + } +} +#### End of copy of cloudposse/terraform-null-label/variables.tf diff --git a/docs/targets.md b/docs/targets.md index 4bcaea5..12782f7 100644 --- a/docs/targets.md +++ b/docs/targets.md @@ -1,5 +1,6 @@ + ## Makefile Targets -``` +```text Available targets: help Help screen @@ -7,3 +8,4 @@ Available targets: help/short This help short screen ``` + diff --git a/docs/terraform.md b/docs/terraform.md index be87325..650ca5d 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -1,77 +1,131 @@ + ## Requirements | Name | Version | |------|---------| -| terraform | ~> 0.12.0 | -| aws | ~> 2.0 | -| local | ~> 1.2 | -| null | ~> 2.0 | -| random | ~> 2.1 | -| template | ~> 2.0 | +| [terraform](#requirement\_terraform) | >= 0.13.0 | +| [aws](#requirement\_aws) | >= 2.0 | +| [local](#requirement\_local) | >= 1.2 | +| [null](#requirement\_null) | >= 2.0 | +| [random](#requirement\_random) | >= 2.1 | +| [template](#requirement\_template) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| aws | ~> 2.0 | -| random | ~> 2.1 | +| [aws](#provider\_aws) | >= 2.0 | +| [random](#provider\_random) | >= 2.1 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [codebuild](#module\_codebuild) | cloudposse/codebuild/aws | 0.36.0 | +| [codebuild\_label](#module\_codebuild\_label) | cloudposse/label/null | 0.24.1 | +| [codepipeline\_assume\_role\_label](#module\_codepipeline\_assume\_role\_label) | cloudposse/label/null | 0.24.1 | +| [codepipeline\_label](#module\_codepipeline\_label) | cloudposse/label/null | 0.24.1 | +| [codepipeline\_s3\_policy\_label](#module\_codepipeline\_s3\_policy\_label) | cloudposse/label/null | 0.24.1 | +| [codestar\_label](#module\_codestar\_label) | cloudposse/label/null | 0.24.1 | +| [github\_webhooks](#module\_github\_webhooks) | cloudposse/repository-webhooks/github | 0.12.0 | +| [this](#module\_this) | cloudposse/label/null | 0.24.1 | + +## Resources + +| Name | Type | +|------|------| +| [aws_codepipeline.bitbucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codepipeline) | resource | +| [aws_codepipeline.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codepipeline) | resource | +| [aws_codepipeline_webhook.webhook](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codepipeline_webhook) | resource | +| [aws_iam_policy.codebuild](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_policy.codestar](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_policy.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_policy.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_role.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy_attachment.codebuild](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.codebuild_s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.codestar](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_s3_bucket.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource | +| [random_string.webhook_secret](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource | +| [aws_caller_identity.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | +| [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.codebuild](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.codestar](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_region.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| attributes | Additional attributes (\_e.g.\_ "1") | `list(string)` | `[]` | no | -| aws\_account\_id | AWS Account ID. Used as CodeBuild ENV variable when building Docker images. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html) | `string` | `""` | no | -| badge\_enabled | Generates a publicly-accessible URL for the projects build badge. Available as badge\_url attribute when enabled | `bool` | `false` | no | -| branch | Branch of the GitHub repository, _e.g._ `master` | `string` | n/a | yes | -| build\_compute\_type | `CodeBuild` instance size. Possible values are: `BUILD_GENERAL1_SMALL` `BUILD_GENERAL1_MEDIUM` `BUILD_GENERAL1_LARGE` | `string` | `"BUILD_GENERAL1_SMALL"` | no | -| build\_image | Docker image for build environment, _e.g._ `aws/codebuild/docker:docker:17.09.0` | `string` | `"aws/codebuild/docker:17.09.0"` | no | -| build\_timeout | How long in minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait until timing out any related build that does not get marked as completed | `number` | `60` | no | -| buildspec | Declaration to use for building the project. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html) | `string` | `""` | no | -| cache\_type | The type of storage that will be used for the AWS CodeBuild project cache. Valid values: NO\_CACHE, LOCAL, and S3. Defaults to S3. If cache\_type is S3, it will create an S3 bucket for storing codebuild cache inside | `string` | `"S3"` | no | -| codestar\_connection\_arn | CodeStar connection ARN required for Bitbucket integration with CodePipeline | `string` | `""` | no | -| delimiter | Delimiter between `namespace`, `stage`, `name` and `attributes` | `string` | `"-"` | no | -| ecs\_cluster\_name | ECS Cluster Name | `string` | n/a | yes | -| enabled | Enable `CodePipeline` creation | `bool` | `true` | no | -| environment\_variables | A list of maps, that contain both the key 'name' and the key 'value' to be used as additional environment variables for the build | 
list(object(
    {
      name  = string
      value = string
  }))
| `[]` | no | -| github\_anonymous | Github Anonymous API (if `true`, token must not be set as GITHUB\_TOKEN or `github_token`) | `bool` | `false` | no | -| github\_oauth\_token | GitHub OAuth Token with permissions to access private repositories | `string` | `""` | no | -| github\_webhook\_events | A list of events which should trigger the webhook. See a list of [available events](https://developer.github.com/v3/activity/events/types/) | `list(string)` | 
[
  "push"
]
| no | -| github\_webhooks\_token | GitHub OAuth Token with permissions to create webhooks. If not provided, can be sourced from the `GITHUB_TOKEN` environment variable | `string` | `""` | no | -| image\_repo\_name | ECR repository name to store the Docker image built by this module. Used as CodeBuild ENV variable when building Docker images. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html) | `string` | n/a | yes | -| image\_tag | Docker image tag in the ECR repository, e.g. 'latest'. Used as CodeBuild ENV variable when building Docker images. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html) | `string` | `"latest"` | no | -| local\_cache\_modes | Specifies settings that AWS CodeBuild uses to store and reuse build dependencies. Valid values: LOCAL\_SOURCE\_CACHE, LOCAL\_DOCKER\_LAYER\_CACHE, and LOCAL\_CUSTOM\_CACHE | `list(string)` | `[]` | no | -| name | Name of the application | `string` | n/a | yes | -| namespace | Namespace (e.g. `eg` or `cp`) | `string` | `""` | no | -| poll\_source\_changes | Periodically check the location of your source content and run the pipeline if changes are detected | `bool` | `false` | no | -| privileged\_mode | If set to true, enables running the Docker daemon inside a Docker container on the CodeBuild instance. Used when building Docker images | `bool` | `false` | no | -| region | AWS Region, e.g. us-east-1. Used as CodeBuild ENV variable when building Docker images. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html) | `string` | n/a | yes | -| repo\_name | GitHub repository name of the application to be built and deployed to ECS | `string` | n/a | yes | -| repo\_owner | GitHub Organization or Username | `string` | n/a | yes | -| s3\_bucket\_force\_destroy | A boolean that indicates all objects should be deleted from the CodePipeline artifact store S3 bucket so that the bucket can be destroyed without error | `bool` | `false` | no | -| service\_name | ECS Service Name | `string` | n/a | yes | -| stage | Stage (e.g. `prod`, `dev`, `staging`) | `string` | `""` | no | -| tags | Additional tags (\_e.g.\_ { BusinessUnit : ABC }) | `map(string)` | `{}` | no | -| webhook\_authentication | The type of authentication to use. One of IP, GITHUB\_HMAC, or UNAUTHENTICATED | `string` | `"GITHUB_HMAC"` | no | -| webhook\_enabled | Set to false to prevent the module from creating any webhook resources | `bool` | `true` | no | -| webhook\_filter\_json\_path | The JSON path to filter on | `string` | `"$.ref"` | no | -| webhook\_filter\_match\_equals | The value to match on (e.g. refs/heads/{Branch}) | `string` | `"refs/heads/{Branch}"` | no | -| webhook\_target\_action | The name of the action in a pipeline you want to connect to the webhook. The action must be from the source (first) stage of the pipeline | `string` | `"Source"` | no | +| [additional\_tag\_map](#input\_additional\_tag\_map) | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no | +| [attributes](#input\_attributes) | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no | +| [aws\_account\_id](#input\_aws\_account\_id) | AWS Account ID. Used as CodeBuild ENV variable when building Docker images. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html) | `string` | `""` | no | +| [badge\_enabled](#input\_badge\_enabled) | Generates a publicly-accessible URL for the projects build badge. Available as badge\_url attribute when enabled | `bool` | `false` | no | +| [branch](#input\_branch) | Branch of the GitHub repository, _e.g._ `master` | `string` | n/a | yes | +| [build\_compute\_type](#input\_build\_compute\_type) | `CodeBuild` instance size. Possible values are: `BUILD_GENERAL1_SMALL` `BUILD_GENERAL1_MEDIUM` `BUILD_GENERAL1_LARGE` | `string` | `"BUILD_GENERAL1_SMALL"` | no | +| [build\_image](#input\_build\_image) | Docker image for build environment, _e.g._ `aws/codebuild/docker:docker:17.09.0` | `string` | `"aws/codebuild/docker:17.09.0"` | no | +| [build\_timeout](#input\_build\_timeout) | How long in minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait until timing out any related build that does not get marked as completed | `number` | `60` | no | +| [buildspec](#input\_buildspec) | Declaration to use for building the project. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html) | `string` | `""` | no | +| [cache\_bucket\_suffix\_enabled](#input\_cache\_bucket\_suffix\_enabled) | The cache bucket generates a random 13 character string to generate a unique bucket name. If set to false it uses terraform-null-label's id value. It only works when cache\_type is 'S3' | `bool` | `true` | no | +| [cache\_type](#input\_cache\_type) | The type of storage that will be used for the AWS CodeBuild project cache. Valid values: NO\_CACHE, LOCAL, and S3. Defaults to S3. If cache\_type is S3, it will create an S3 bucket for storing codebuild cache inside | `string` | `"S3"` | no | +| [codebuild\_vpc\_config](#input\_codebuild\_vpc\_config) | Configuration for the builds to run inside a VPC. | `any` | `{}` | no | +| [codestar\_connection\_arn](#input\_codestar\_connection\_arn) | CodeStar connection ARN required for Bitbucket integration with CodePipeline | `string` | `""` | no | +| [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | +| [delimiter](#input\_delimiter) | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | +| [ecs\_cluster\_name](#input\_ecs\_cluster\_name) | ECS Cluster Name | `string` | n/a | yes | +| [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no | +| [environment](#input\_environment) | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | +| [environment\_variables](#input\_environment\_variables) | A list of maps, that contain the keys 'name', 'value', and 'type' to be used as additional environment variables for the build. Valid types are 'PLAINTEXT', 'PARAMETER\_STORE', or 'SECRETS\_MANAGER' | 
list(object(
    {
      name  = string
      value = string
      type  = string
  }))
| `[]` | no | +| [github\_oauth\_token](#input\_github\_oauth\_token) | GitHub OAuth Token with permissions to access private repositories | `string` | `""` | no | +| [github\_webhook\_events](#input\_github\_webhook\_events) | A list of events which should trigger the webhook. See a list of [available events](https://developer.github.com/v3/activity/events/types/) | `list(string)` | 
[
  "push"
]
| no | +| [github\_webhooks\_token](#input\_github\_webhooks\_token) | GitHub OAuth Token with permissions to create webhooks. If not provided, can be sourced from the `GITHUB_TOKEN` environment variable | `string` | `""` | no | +| [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no | +| [image\_repo\_name](#input\_image\_repo\_name) | ECR repository name to store the Docker image built by this module. Used as CodeBuild ENV variable when building Docker images. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html) | `string` | n/a | yes | +| [image\_tag](#input\_image\_tag) | Docker image tag in the ECR repository, e.g. 'latest'. Used as CodeBuild ENV variable when building Docker images. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html) | `string` | `"latest"` | no | +| [label\_key\_case](#input\_label\_key\_case) | The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | +| [label\_order](#input\_label\_order) | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no | +| [label\_value\_case](#input\_label\_value\_case) | The letter case of output label values (also used in `tags` and `id`).
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Default value: `lower`. | `string` | `null` | no | +| [local\_cache\_modes](#input\_local\_cache\_modes) | Specifies settings that AWS CodeBuild uses to store and reuse build dependencies. Valid values: LOCAL\_SOURCE\_CACHE, LOCAL\_DOCKER\_LAYER\_CACHE, and LOCAL\_CUSTOM\_CACHE | `list(string)` | `[]` | no | +| [name](#input\_name) | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no | +| [namespace](#input\_namespace) | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no | +| [poll\_source\_changes](#input\_poll\_source\_changes) | Periodically check the location of your source content and run the pipeline if changes are detected | `bool` | `false` | no | +| [privileged\_mode](#input\_privileged\_mode) | If set to true, enables running the Docker daemon inside a Docker container on the CodeBuild instance. Used when building Docker images | `bool` | `false` | no | +| [regex\_replace\_chars](#input\_regex\_replace\_chars) | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | +| [region](#input\_region) | AWS Region, e.g. us-east-1. Used as CodeBuild ENV variable when building Docker images. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html) | `string` | n/a | yes | +| [repo\_name](#input\_repo\_name) | GitHub repository name of the application to be built and deployed to ECS | `string` | n/a | yes | +| [repo\_owner](#input\_repo\_owner) | GitHub Organization or Username | `string` | n/a | yes | +| [s3\_bucket\_force\_destroy](#input\_s3\_bucket\_force\_destroy) | A boolean that indicates all objects should be deleted from the CodePipeline artifact store S3 bucket so that the bucket can be destroyed without error | `bool` | `false` | no | +| [secondary\_artifact\_bucket\_id](#input\_secondary\_artifact\_bucket\_id) | Optional bucket for secondary artifact deployment. If specified, the buildspec must include a secondary artifacts section which controls the artifacts deployed to the bucket [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html) | `string` | `null` | no | +| [secondary\_artifact\_encryption\_enabled](#input\_secondary\_artifact\_encryption\_enabled) | If set to true, enable encryption on the secondary artifact bucket | `bool` | `false` | no | +| [secondary\_artifact\_identifier](#input\_secondary\_artifact\_identifier) | Identifier for optional secondary artifact deployment. If specified, the identifier must appear in the buildspec as the name of the section which controls the artifacts deployed to the secondary artifact bucket [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html) | `string` | `null` | no | +| [service\_name](#input\_service\_name) | ECS Service Name | `string` | n/a | yes | +| [stage](#input\_stage) | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | +| [tags](#input\_tags) | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no | +| [webhook\_authentication](#input\_webhook\_authentication) | The type of authentication to use. One of IP, GITHUB\_HMAC, or UNAUTHENTICATED | `string` | `"GITHUB_HMAC"` | no | +| [webhook\_enabled](#input\_webhook\_enabled) | Set to false to prevent the module from creating any webhook resources | `bool` | `true` | no | +| [webhook\_filter\_json\_path](#input\_webhook\_filter\_json\_path) | The JSON path to filter on | `string` | `"$.ref"` | no | +| [webhook\_filter\_match\_equals](#input\_webhook\_filter\_match\_equals) | The value to match on (e.g. refs/heads/{Branch}) | `string` | `"refs/heads/{Branch}"` | no | +| [webhook\_target\_action](#input\_webhook\_target\_action) | The name of the action in a pipeline you want to connect to the webhook. The action must be from the source (first) stage of the pipeline | `string` | `"Source"` | no | ## Outputs | Name | Description | |------|-------------| -| badge\_url | The URL of the build badge when badge\_enabled is enabled | -| codebuild\_badge\_url | The URL of the build badge when badge\_enabled is enabled | -| codebuild\_cache\_bucket\_arn | CodeBuild cache S3 bucket ARN | -| codebuild\_cache\_bucket\_name | CodeBuild cache S3 bucket name | -| codebuild\_project\_id | CodeBuild project ID | -| codebuild\_project\_name | CodeBuild project name | -| codebuild\_role\_arn | CodeBuild IAM Role ARN | -| codebuild\_role\_id | CodeBuild IAM Role ID | -| codepipeline\_arn | CodePipeline ARN | -| codepipeline\_id | CodePipeline ID | -| webhook\_id | The CodePipeline webhook's ID | -| webhook\_url | The CodePipeline webhook's URL. POST events to this endpoint to trigger the target | - +| [badge\_url](#output\_badge\_url) | The URL of the build badge when badge\_enabled is enabled | +| [codebuild\_badge\_url](#output\_codebuild\_badge\_url) | The URL of the build badge when badge\_enabled is enabled | +| [codebuild\_cache\_bucket\_arn](#output\_codebuild\_cache\_bucket\_arn) | CodeBuild cache S3 bucket ARN | +| [codebuild\_cache\_bucket\_name](#output\_codebuild\_cache\_bucket\_name) | CodeBuild cache S3 bucket name | +| [codebuild\_project\_id](#output\_codebuild\_project\_id) | CodeBuild project ID | +| [codebuild\_project\_name](#output\_codebuild\_project\_name) | CodeBuild project name | +| [codebuild\_role\_arn](#output\_codebuild\_role\_arn) | CodeBuild IAM Role ARN | +| [codebuild\_role\_id](#output\_codebuild\_role\_id) | CodeBuild IAM Role ID | +| [codepipeline\_arn](#output\_codepipeline\_arn) | CodePipeline ARN | +| [codepipeline\_id](#output\_codepipeline\_id) | CodePipeline ID | +| [codepipeline\_resource](#output\_codepipeline\_resource) | CodePipeline resource | +| [webhook\_id](#output\_webhook\_id) | The CodePipeline webhook's ID | +| [webhook\_url](#output\_webhook\_url) | The CodePipeline webhook's URL. POST events to this endpoint to trigger the target | + diff --git a/examples/complete/context.tf b/examples/complete/context.tf new file mode 100644 index 0000000..81f99b4 --- /dev/null +++ b/examples/complete/context.tf @@ -0,0 +1,202 @@ +# +# ONLY EDIT THIS FILE IN github.com/cloudposse/terraform-null-label +# All other instances of this file should be a copy of that one +# +# +# Copy this file from https://github.com/cloudposse/terraform-null-label/blob/master/exports/context.tf +# and then place it in your Terraform module to automatically get +# Cloud Posse's standard configuration inputs suitable for passing +# to Cloud Posse modules. +# +# Modules should access the whole context as `module.this.context` +# to get the input variables with nulls for defaults, +# for example `context = module.this.context`, +# and access individual variables as `module.this.`, +# with final values filled in. +# +# For example, when using defaults, `module.this.context.delimiter` +# will be null, and `module.this.delimiter` will be `-` (hyphen). +# + +module "this" { + source = "cloudposse/label/null" + version = "0.24.1" # requires Terraform >= 0.13.0 + + enabled = var.enabled + namespace = var.namespace + environment = var.environment + stage = var.stage + name = var.name + delimiter = var.delimiter + attributes = var.attributes + tags = var.tags + additional_tag_map = var.additional_tag_map + label_order = var.label_order + regex_replace_chars = var.regex_replace_chars + id_length_limit = var.id_length_limit + label_key_case = var.label_key_case + label_value_case = var.label_value_case + + context = var.context +} + +# Copy contents of cloudposse/terraform-null-label/variables.tf here + +variable "context" { + type = any + default = { + enabled = true + namespace = null + environment = null + stage = null + name = null + delimiter = null + attributes = [] + tags = {} + additional_tag_map = {} + regex_replace_chars = null + label_order = [] + id_length_limit = null + label_key_case = null + label_value_case = null + } + description = <<-EOT + Single object for setting entire context at once. + See description of individual variables for details. + Leave string and numeric variables as `null` to use default value. + Individual variable settings (non-null) override settings in context object, + except for attributes, tags, and additional_tag_map, which are merged. + EOT + + validation { + condition = lookup(var.context, "label_key_case", null) == null ? true : contains(["lower", "title", "upper"], var.context["label_key_case"]) + error_message = "Allowed values: `lower`, `title`, `upper`." + } + + validation { + condition = lookup(var.context, "label_value_case", null) == null ? true : contains(["lower", "title", "upper", "none"], var.context["label_value_case"]) + error_message = "Allowed values: `lower`, `title`, `upper`, `none`." + } +} + +variable "enabled" { + type = bool + default = null + description = "Set to false to prevent the module from creating any resources" +} + +variable "namespace" { + type = string + default = null + description = "Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp'" +} + +variable "environment" { + type = string + default = null + description = "Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT'" +} + +variable "stage" { + type = string + default = null + description = "Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release'" +} + +variable "name" { + type = string + default = null + description = "Solution name, e.g. 'app' or 'jenkins'" +} + +variable "delimiter" { + type = string + default = null + description = <<-EOT + Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`. + Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. + EOT +} + +variable "attributes" { + type = list(string) + default = [] + description = "Additional attributes (e.g. `1`)" +} + +variable "tags" { + type = map(string) + default = {} + description = "Additional tags (e.g. `map('BusinessUnit','XYZ')`" +} + +variable "additional_tag_map" { + type = map(string) + default = {} + description = "Additional tags for appending to tags_as_list_of_maps. Not added to `tags`." +} + +variable "label_order" { + type = list(string) + default = null + description = <<-EOT + The naming order of the id output and Name tag. + Defaults to ["namespace", "environment", "stage", "name", "attributes"]. + You can omit any of the 5 elements, but at least one must be present. + EOT +} + +variable "regex_replace_chars" { + type = string + default = null + description = <<-EOT + Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`. + If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. + EOT +} + +variable "id_length_limit" { + type = number + default = null + description = <<-EOT + Limit `id` to this many characters (minimum 6). + Set to `0` for unlimited length. + Set to `null` for default, which is `0`. + Does not affect `id_full`. + EOT + validation { + condition = var.id_length_limit == null ? true : var.id_length_limit >= 6 || var.id_length_limit == 0 + error_message = "The id_length_limit must be >= 6 if supplied (not null), or 0 for unlimited length." + } +} + +variable "label_key_case" { + type = string + default = null + description = <<-EOT + The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`. + Possible values: `lower`, `title`, `upper`. + Default value: `title`. + EOT + + validation { + condition = var.label_key_case == null ? true : contains(["lower", "title", "upper"], var.label_key_case) + error_message = "Allowed values: `lower`, `title`, `upper`." + } +} + +variable "label_value_case" { + type = string + default = null + description = <<-EOT + The letter case of output label values (also used in `tags` and `id`). + Possible values: `lower`, `title`, `upper` and `none` (no transformation). + Default value: `lower`. + EOT + + validation { + condition = var.label_value_case == null ? true : contains(["lower", "title", "upper", "none"], var.label_value_case) + error_message = "Allowed values: `lower`, `title`, `upper`, `none`." + } +} +#### End of copy of cloudposse/terraform-null-label/variables.tf diff --git a/examples/complete/fixtures.us-east-2.tfvars b/examples/complete/fixtures.us-east-2.tfvars index 3a1c570..2a96301 100644 --- a/examples/complete/fixtures.us-east-2.tfvars +++ b/examples/complete/fixtures.us-east-2.tfvars @@ -104,20 +104,21 @@ webhook_enabled = false s3_bucket_force_destroy = true -cache_type = "S3" - environment_variables = [ { name = "APP_URL" value = "https://app.example.com" + type = "PLAINTEXT" }, { name = "COMPANY_NAME" value = "Cloud Posse" + type = "PLAINTEXT" }, { name = "TIME_ZONE" value = "America/Los_Angeles" + type = "PLAINTEXT" } ] diff --git a/examples/complete/main.tf b/examples/complete/main.tf index f2754d2..1fbbb16 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -2,50 +2,35 @@ provider "aws" { region = var.region } -module "label" { - source = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.16.0" - namespace = var.namespace - name = var.name - stage = var.stage - delimiter = var.delimiter - attributes = var.attributes - tags = var.tags -} - module "vpc" { - source = "git::https://github.com/cloudposse/terraform-aws-vpc.git?ref=tags/0.8.1" - namespace = var.namespace - stage = var.stage - name = var.name - delimiter = var.delimiter - attributes = var.attributes + source = "cloudposse/vpc/aws" + version = "0.18.1" cidr_block = var.vpc_cidr_block - tags = var.tags + + context = module.this.context } module "subnets" { - source = "git::https://github.com/cloudposse/terraform-aws-dynamic-subnets.git?ref=tags/0.19.0" + source = "cloudposse/dynamic-subnets/aws" + version = "0.39.3" availability_zones = var.availability_zones - namespace = var.namespace - stage = var.stage - name = var.name - attributes = var.attributes - delimiter = var.delimiter vpc_id = module.vpc.vpc_id igw_id = module.vpc.igw_id cidr_block = module.vpc.vpc_cidr_block nat_gateway_enabled = true nat_instance_enabled = false - tags = var.tags + + context = module.this.context } resource "aws_ecs_cluster" "default" { - name = module.label.id - tags = module.label.tags + name = module.this.id + tags = module.this.tags } module "container_definition" { - source = "git::https://github.com/cloudposse/terraform-aws-ecs-container-definition.git?ref=tags/0.21.0" + source = "cloudposse/ecs-container-definition/aws" + version = "0.46.1" container_name = var.container_name container_image = var.container_image container_memory = var.container_memory @@ -58,20 +43,16 @@ module "container_definition" { } module "ecs_alb_service_task" { - source = "git::https://github.com/cloudposse/terraform-aws-ecs-alb-service-task.git?ref=tags/0.17.0" - namespace = var.namespace - stage = var.stage - name = var.name - attributes = var.attributes - delimiter = var.delimiter + source = "cloudposse/ecs-alb-service-task/aws" + version = "0.42.3" alb_security_group = module.vpc.vpc_default_security_group_id - container_definition_json = module.container_definition.json + container_definition_json = module.container_definition.json_map_encoded_list ecs_cluster_arn = aws_ecs_cluster.default.arn launch_type = var.ecs_launch_type vpc_id = module.vpc.vpc_id security_group_ids = [module.vpc.vpc_default_security_group_id] subnet_ids = module.subnets.public_subnet_ids - tags = var.tags + tags = module.this.tags ignore_changes_task_definition = var.ignore_changes_task_definition network_mode = var.network_mode assign_public_ip = var.assign_public_ip @@ -82,13 +63,12 @@ module "ecs_alb_service_task" { desired_count = var.desired_count task_memory = var.task_memory task_cpu = var.task_cpu + + context = module.this.context } module "ecs_codepipeline" { source = "../../" - namespace = var.namespace - stage = var.stage - name = var.name region = var.region github_oauth_token = var.github_oauth_token repo_owner = var.repo_owner @@ -106,4 +86,6 @@ module "ecs_codepipeline" { environment_variables = var.environment_variables ecs_cluster_name = aws_ecs_cluster.default.name service_name = module.ecs_alb_service_task.service_name + + context = module.this.context } diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf index 042eafd..f72bba8 100644 --- a/examples/complete/outputs.tf +++ b/examples/complete/outputs.tf @@ -14,13 +14,13 @@ output "vpc_cidr" { } output "container_definition_json" { - value = module.container_definition.json - description = "JSON encoded list of container definitions for use with other terraform resources such as aws_ecs_task_definition" + value = module.container_definition.json_map_encoded_list + description = "JSON encoded list of container definitions for use with other terraform resources such as `aws_ecs_task_definition`" } output "container_definition_json_map" { - value = module.container_definition.json_map - description = "JSON encoded container definitions for use with other terraform resources such as aws_ecs_task_definition" + value = module.container_definition.json_map_encoded + description = "JSON encoded container definitions for use with other terraform resources such as `aws_ecs_task_definition`" } output "ecs_cluster_id" { diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf index 52fa3d6..0dbe4f3 100644 --- a/examples/complete/variables.tf +++ b/examples/complete/variables.tf @@ -1,6 +1,6 @@ variable "region" { type = string - description = "AWS Region for S3 bucket" + description = "AWS Region" } variable "availability_zones" { @@ -13,39 +13,6 @@ variable "vpc_cidr_block" { description = "VPC CIDR block" } -variable "namespace" { - type = string - description = "Namespace (e.g. `eg` or `cp`)" -} - -variable "stage" { - type = string - description = "Stage (e.g. `prod`, `dev`, `staging`)" -} - -variable "name" { - type = string - description = "Name of the application" -} - -variable "delimiter" { - type = string - default = "-" - description = "Delimiter between `namespace`, `stage`, `name` and `attributes`" -} - -variable "attributes" { - type = list(string) - description = "Additional attributes (_e.g._ \"1\")" - default = [] -} - -variable "tags" { - type = map(string) - description = "Additional tags (_e.g._ { BusinessUnit : ABC })" - default = {} -} - variable "ecs_launch_type" { type = string description = "ECS launch type" @@ -216,9 +183,10 @@ variable "environment_variables" { { name = string value = string + type = string })) - description = "A list of maps, that contain both the key 'name' and the key 'value' to be used as additional environment variables for the build" + description = "A list of maps, that contain the keys 'name', 'value', and 'type' to be used as additional environment variables for the build. Valid types are 'PLAINTEXT', 'PARAMETER_STORE', or 'SECRETS_MANAGER'" } variable "webhook_enabled" { diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf index 517cebf..5240dea 100644 --- a/examples/complete/versions.tf +++ b/examples/complete/versions.tf @@ -1,11 +1,26 @@ terraform { - required_version = "~> 0.12.0" + required_version = ">= 0.12.26" required_providers { - aws = "~> 2.0" - template = "~> 2.0" - local = "~> 1.2" - random = "~> 2.1" - null = "~> 2.0" + aws = { + source = "hashicorp/aws" + version = ">= 2.0" + } + template = { + source = "hashicorp/template" + version = ">= 2.0" + } + local = { + source = "hashicorp/local" + version = ">= 1.2" + } + random = { + source = "hashicorp/random" + version = ">= 2.1" + } + null = { + source = "hashicorp/null" + version = ">= 2.0" + } } } diff --git a/main.tf b/main.tf index 502d44a..afda652 100644 --- a/main.tf +++ b/main.tf @@ -1,16 +1,13 @@ module "codepipeline_label" { - source = "github.com/cloudposse/terraform-null-label.git?ref=0.16.0" - enabled = var.enabled - attributes = compact(concat(var.attributes, ["codepipeline"])) - delimiter = var.delimiter - name = var.name - namespace = var.namespace - stage = var.stage - tags = var.tags + source = "cloudposse/label/null" + version = "0.24.1" + attributes = ["codepipeline"] + + context = module.this.context } resource "aws_s3_bucket" "default" { - count = var.enabled ? 1 : 0 + count = module.this.enabled ? 1 : 0 bucket = module.codepipeline_label.id acl = "private" force_destroy = var.s3_bucket_force_destroy @@ -18,18 +15,15 @@ resource "aws_s3_bucket" "default" { } module "codepipeline_assume_role_label" { - source = "github.com/cloudposse/terraform-null-label.git?ref=0.16.0" - enabled = var.enabled - attributes = compact(concat(var.attributes, ["codepipeline", "assume"])) - delimiter = var.delimiter - name = var.name - namespace = var.namespace - stage = var.stage - tags = var.tags + source = "cloudposse/label/null" + version = "0.24.1" + attributes = ["codepipeline", "assume"] + + context = module.this.context } resource "aws_iam_role" "default" { - count = var.enabled ? 1 : 0 + count = module.this.enabled ? 1 : 0 name = module.codepipeline_assume_role_label.id assume_role_policy = data.aws_iam_policy_document.assume_role.json } @@ -52,13 +46,13 @@ data "aws_iam_policy_document" "assume_role" { } resource "aws_iam_role_policy_attachment" "default" { - count = var.enabled ? 1 : 0 + count = module.this.enabled ? 1 : 0 role = join("", aws_iam_role.default.*.id) policy_arn = join("", aws_iam_policy.default.*.arn) } resource "aws_iam_policy" "default" { - count = var.enabled ? 1 : 0 + count = module.this.enabled ? 1 : 0 name = module.codepipeline_label.id policy = data.aws_iam_policy_document.default.json } @@ -87,30 +81,27 @@ data "aws_iam_policy_document" "default" { } resource "aws_iam_role_policy_attachment" "s3" { - count = var.enabled ? 1 : 0 + count = module.this.enabled ? 1 : 0 role = join("", aws_iam_role.default.*.id) policy_arn = join("", aws_iam_policy.s3.*.arn) } module "codepipeline_s3_policy_label" { - source = "github.com/cloudposse/terraform-null-label.git?ref=0.16.0" - enabled = var.enabled - attributes = compact(concat(var.attributes, ["codepipeline", "s3"])) - delimiter = var.delimiter - name = var.name - namespace = var.namespace - stage = var.stage - tags = var.tags + source = "cloudposse/label/null" + version = "0.24.1" + attributes = ["codepipeline", "s3"] + + context = module.this.context } resource "aws_iam_policy" "s3" { - count = var.enabled ? 1 : 0 + count = module.this.enabled ? 1 : 0 name = module.codepipeline_s3_policy_label.id policy = join("", data.aws_iam_policy_document.s3.*.json) } data "aws_iam_policy_document" "s3" { - count = var.enabled ? 1 : 0 + count = module.this.enabled ? 1 : 0 statement { sid = "" @@ -132,24 +123,21 @@ data "aws_iam_policy_document" "s3" { } resource "aws_iam_role_policy_attachment" "codebuild" { - count = var.enabled ? 1 : 0 + count = module.this.enabled ? 1 : 0 role = join("", aws_iam_role.default.*.id) policy_arn = join("", aws_iam_policy.codebuild.*.arn) } module "codebuild_label" { - source = "github.com/cloudposse/terraform-null-label.git?ref=0.16.0" - enabled = var.enabled - attributes = compact(concat(var.attributes, ["codebuild"])) - delimiter = var.delimiter - name = var.name - namespace = var.namespace - stage = var.stage - tags = var.tags + source = "cloudposse/label/null" + version = "0.24.1" + attributes = ["codebuild"] + + context = module.this.context } resource "aws_iam_policy" "codebuild" { - count = var.enabled ? 1 : 0 + count = module.this.enabled ? 1 : 0 name = module.codebuild_label.id policy = data.aws_iam_policy_document.codebuild.json } @@ -169,30 +157,28 @@ data "aws_iam_policy_document" "codebuild" { # https://docs.aws.amazon.com/codepipeline/latest/userguide/connections-permissions.html resource "aws_iam_role_policy_attachment" "codestar" { - count = var.enabled && var.codestar_connection_arn != "" ? 1 : 0 + count = module.this.enabled && var.codestar_connection_arn != "" ? 1 : 0 role = join("", aws_iam_role.default.*.id) policy_arn = join("", aws_iam_policy.codestar.*.arn) } module "codestar_label" { - source = "github.com/cloudposse/terraform-null-label.git?ref=0.16.0" - enabled = var.enabled && var.codestar_connection_arn != "" - attributes = compact(concat(var.attributes, ["codestar"])) - delimiter = var.delimiter - name = var.name - namespace = var.namespace - stage = var.stage - tags = var.tags + source = "cloudposse/label/null" + version = "0.24.1" + enabled = module.this.enabled && var.codestar_connection_arn != "" + attributes = ["codestar"] + + context = module.this.context } resource "aws_iam_policy" "codestar" { - count = var.enabled && var.codestar_connection_arn != "" ? 1 : 0 + count = module.this.enabled && var.codestar_connection_arn != "" ? 1 : 0 name = module.codestar_label.id policy = join("", data.aws_iam_policy_document.codestar.*.json) } data "aws_iam_policy_document" "codestar" { - count = var.enabled && var.codestar_connection_arn != "" ? 1 : 0 + count = module.this.enabled && var.codestar_connection_arn != "" ? 1 : 0 statement { sid = "" @@ -201,7 +187,7 @@ data "aws_iam_policy_document" "codestar" { ] condition { - test = "StringLike" + test = "ForAllValues:StringEquals" variable = "codestar-connections:FullRepositoryId" values = [ format("%s/%s", var.repo_owner, var.repo_name) @@ -221,38 +207,41 @@ data "aws_region" "default" { } module "codebuild" { - source = "git::https://github.com/cloudposse/terraform-aws-codebuild.git?ref=tags/0.21.0" - enabled = var.enabled - namespace = var.namespace - name = var.name - stage = var.stage - build_image = var.build_image - build_compute_type = var.build_compute_type - build_timeout = var.build_timeout - buildspec = var.buildspec - delimiter = var.delimiter - attributes = concat(var.attributes, ["build"]) - tags = var.tags - privileged_mode = var.privileged_mode - aws_region = var.region != "" ? var.region : data.aws_region.default.name - aws_account_id = var.aws_account_id != "" ? var.aws_account_id : data.aws_caller_identity.default.account_id - image_repo_name = var.image_repo_name - image_tag = var.image_tag - github_token = var.github_oauth_token - environment_variables = var.environment_variables - badge_enabled = var.badge_enabled - cache_type = var.cache_type - local_cache_modes = var.local_cache_modes + source = "cloudposse/codebuild/aws" + version = "0.36.0" + build_image = var.build_image + build_compute_type = var.build_compute_type + build_timeout = var.build_timeout + buildspec = var.buildspec + delimiter = module.this.delimiter + attributes = ["build"] + privileged_mode = var.privileged_mode + aws_region = var.region != "" ? var.region : data.aws_region.default.name + aws_account_id = var.aws_account_id != "" ? var.aws_account_id : data.aws_caller_identity.default.account_id + image_repo_name = var.image_repo_name + image_tag = var.image_tag + github_token = var.github_oauth_token + environment_variables = var.environment_variables + badge_enabled = var.badge_enabled + cache_type = var.cache_type + local_cache_modes = var.local_cache_modes + secondary_artifact_location = var.secondary_artifact_bucket_id + secondary_artifact_identifier = var.secondary_artifact_identifier + secondary_artifact_encryption_enabled = var.secondary_artifact_encryption_enabled + vpc_config = var.codebuild_vpc_config + cache_bucket_suffix_enabled = var.cache_bucket_suffix_enabled + + context = module.this.context } resource "aws_iam_role_policy_attachment" "codebuild_s3" { - count = var.enabled ? 1 : 0 + count = module.this.enabled ? 1 : 0 role = module.codebuild.role_id policy_arn = join("", aws_iam_policy.s3.*.arn) } resource "aws_codepipeline" "default" { - count = var.enabled && var.github_oauth_token != "" ? 1 : 0 + count = module.this.enabled && var.github_oauth_token != "" ? 1 : 0 name = module.codepipeline_label.id role_arn = join("", aws_iam_role.default.*.arn) @@ -325,11 +314,16 @@ resource "aws_codepipeline" "default" { # } # } # } + + lifecycle { + # prevent github OAuthToken from causing updates, since it's removed from state file + ignore_changes = [stage[0].action[0].configuration] + } } # https://docs.aws.amazon.com/codepipeline/latest/userguide/action-reference-CodestarConnectionSource.html#action-reference-CodestarConnectionSource-example resource "aws_codepipeline" "bitbucket" { - count = var.enabled && var.codestar_connection_arn != "" ? 1 : 0 + count = module.this.enabled && var.codestar_connection_arn != "" ? 1 : 0 name = module.codepipeline_label.id role_arn = join("", aws_iam_role.default.*.arn) @@ -405,7 +399,7 @@ resource "aws_codepipeline" "bitbucket" { } resource "random_string" "webhook_secret" { - count = var.enabled && var.webhook_enabled ? 1 : 0 + count = module.this.enabled && var.webhook_enabled ? 1 : 0 length = 32 # Special characters are not allowed in webhook secret (AWS silently ignores webhook callbacks) @@ -418,7 +412,7 @@ locals { } resource "aws_codepipeline_webhook" "webhook" { - count = var.enabled && var.webhook_enabled ? 1 : 0 + count = module.this.enabled && var.webhook_enabled ? 1 : 0 name = module.codepipeline_label.id authentication = var.webhook_authentication target_action = var.webhook_target_action @@ -435,9 +429,10 @@ resource "aws_codepipeline_webhook" "webhook" { } module "github_webhooks" { - source = "git::https://github.com/cloudposse/terraform-github-repository-webhooks.git?ref=tags/0.8.0" - enabled = var.enabled && var.webhook_enabled ? true : false - github_anonymous = var.github_anonymous + source = "cloudposse/repository-webhooks/github" + version = "0.12.0" + + enabled = module.this.enabled && var.webhook_enabled ? true : false github_organization = var.repo_owner github_repositories = [var.repo_name] github_token = var.github_webhooks_token @@ -445,4 +440,6 @@ module "github_webhooks" { webhook_secret = local.webhook_secret webhook_content_type = "json" events = var.github_webhook_events + + context = module.this.context } diff --git a/outputs.tf b/outputs.tf index 223be52..652de5d 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,3 +1,7 @@ +locals { + codepipeline_resource = try(element(concat(aws_codepipeline.default.*, aws_codepipeline.bitbucket.*), 0), {}) +} + output "badge_url" { description = "The URL of the build badge when badge_enabled is enabled" value = module.codebuild.badge_url @@ -51,10 +55,15 @@ output "codebuild_badge_url" { output "codepipeline_id" { description = "CodePipeline ID" - value = join("", aws_codepipeline.default.*.id) + value = lookup(local.codepipeline_resource, "id", "") } output "codepipeline_arn" { description = "CodePipeline ARN" - value = join("", aws_codepipeline.default.*.arn) + value = lookup(local.codepipeline_resource, "arn", "") +} + +output "codepipeline_resource" { + description = "CodePipeline resource" + value = local.codepipeline_resource } diff --git a/test/src/Gopkg.lock b/test/src/Gopkg.lock deleted file mode 100644 index 87bb6bd..0000000 --- a/test/src/Gopkg.lock +++ /dev/null @@ -1,92 +0,0 @@ -# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'. - - -[[projects]] - digest = "1:ffe9824d294da03b391f44e1ae8281281b4afc1bdaa9588c9097785e3af10cec" - name = "github.com/davecgh/go-spew" - packages = ["spew"] - pruneopts = "UT" - revision = "8991bc29aa16c548c550c7ff78260e27b9ab7c73" - version = "v1.1.1" - -[[projects]] - digest = "1:75d6042fc66aebc974cc49b0c6c7cc3b9adb5f8130fbfa0dbec0820d990afa25" - name = "github.com/gruntwork-io/terratest" - packages = [ - "modules/collections", - "modules/customerrors", - "modules/files", - "modules/logger", - "modules/retry", - "modules/shell", - "modules/ssh", - "modules/terraform", - ] - pruneopts = "UT" - revision = "892abb2c35878d0808101bbfe6559e931dc2d354" - version = "v0.16.0" - -[[projects]] - digest = "1:0028cb19b2e4c3112225cd871870f2d9cf49b9b4276531f03438a88e94be86fe" - name = "github.com/pmezard/go-difflib" - packages = ["difflib"] - pruneopts = "UT" - revision = "792786c7400a136282c1664665ae0a8db921c6c2" - version = "v1.0.0" - -[[projects]] - digest = "1:5da8ce674952566deae4dbc23d07c85caafc6cfa815b0b3e03e41979cedb8750" - name = "github.com/stretchr/testify" - packages = [ - "assert", - "require", - ] - pruneopts = "UT" - revision = "ffdc059bfe9ce6a4e144ba849dbedead332c6053" - version = "v1.3.0" - -[[projects]] - branch = "master" - digest = "1:831470c2758c8b733941144f2803a0ccad0632c5a767415b777ebd296b5f463e" - name = "golang.org/x/crypto" - packages = [ - "curve25519", - "ed25519", - "ed25519/internal/edwards25519", - "internal/chacha20", - "internal/subtle", - "poly1305", - "ssh", - "ssh/agent", - ] - pruneopts = "UT" - revision = "22d7a77e9e5f409e934ed268692e56707cd169e5" - -[[projects]] - branch = "master" - digest = "1:76ee51c3f468493aff39dbacc401e8831fbb765104cbf613b89bef01cf4bad70" - name = "golang.org/x/net" - packages = ["context"] - pruneopts = "UT" - revision = "f3200d17e092c607f615320ecaad13d87ad9a2b3" - -[[projects]] - branch = "master" - digest = "1:181f3fd33e620b958b5ab77da177cf775cdcccd7db82963607875fbd09ae995e" - name = "golang.org/x/sys" - packages = [ - "cpu", - "unix", - ] - pruneopts = "UT" - revision = "9cd6430ef91e39e1a0ec0470cf1321a33ef1b887" - -[solve-meta] - analyzer-name = "dep" - analyzer-version = 1 - input-imports = [ - "github.com/gruntwork-io/terratest/modules/terraform", - "github.com/stretchr/testify/assert", - ] - solver-name = "gps-cdcl" - solver-version = 1 diff --git a/test/src/Gopkg.toml b/test/src/Gopkg.toml deleted file mode 100644 index 995bac5..0000000 --- a/test/src/Gopkg.toml +++ /dev/null @@ -1,7 +0,0 @@ -[[constraint]] - name = "github.com/stretchr/testify" - version = "1.2.2" - -[prune] - go-tests = true - unused-packages = true diff --git a/test/src/Makefile b/test/src/Makefile index 7b2e074..2707cd2 100644 --- a/test/src/Makefile +++ b/test/src/Makefile @@ -1,50 +1,30 @@ -PACKAGE = terraform-aws-ecs-codepipeline -GOEXE ?= /usr/bin/go -GOPATH = $(CURDIR)/.gopath -GOBIN = $(GOPATH)/bin -BASE = $(GOPATH)/src/$(PACKAGE) -PATH := $(PATH):$(GOBIN) - -export TF_DATA_DIR ?= $(CURDIR)/.terraform export TF_CLI_ARGS_init ?= -get-plugins=true -export GOPATH +export TERRAFORM_VERSION ?= $(shell curl -s https://checkpoint-api.hashicorp.com/v1/check/terraform | jq -r -M '.current_version' | cut -d. -f1-2) + +.DEFAULT_GOAL : all .PHONY: all ## Default target all: test -ifneq (,$(wildcard /sbin/apk)) -## Install go, if not installed -$(GOEXE): - apk add --update go -endif - -ifeq ($(shell uname -s),Linux) -## Install all `dep`, if not installed -$(GOBIN)/dep: - @mkdir -p $(GOBIN) - @curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh -endif - -## Prepare the GOPATH -$(BASE): $(GOEXE) - @mkdir -p $(dir $@) - @ln -sf $(CURDIR) $@ - -## Download vendor dependencies to vendor/ -$(BASE)/vendor: $(BASE) $(GOBIN)/dep - cd $(BASE) && dep ensure - .PHONY : init ## Initialize tests -init: $(BASE)/vendor +init: + @exit 0 .PHONY : test ## Run tests test: init - cd $(BASE) && go test -v -timeout 30m -run TestExamplesComplete + go mod download + go test -v -timeout 60m -run TestExamplesComplete + +## Run tests in docker container +docker/test: + docker run --name terratest --rm -it -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -e AWS_SESSION_TOKEN -e GITHUB_TOKEN \ + -e PATH="/usr/local/terraform/$(TERRAFORM_VERSION)/bin:/go/bin:/usr/local/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" \ + -v $(CURDIR)/../../:/module/ cloudposse/test-harness:latest -C /module/test/src test .PHONY : clean ## Clean up files clean: - rm -rf .gopath/ vendor/ $(TF_DATA_DIR) + rm -rf ../../examples/complete/*.tfstate* diff --git a/test/src/examples_complete_test.go b/test/src/examples_complete_test.go index cbc65fb..b97ac2d 100644 --- a/test/src/examples_complete_test.go +++ b/test/src/examples_complete_test.go @@ -58,12 +58,12 @@ func TestExamplesComplete(t *testing.T) { // Run `terraform output` to get the value of an output variable ecsClusterId := terraform.Output(t, terraformOptions, "ecs_cluster_id") // Verify we're getting back the outputs we expect - assert.Equal(t, "arn:aws:ecs:us-east-2:126450723953:cluster/eg-test-ecs-codepipeline", ecsClusterId) + assert.Contains(t, ecsClusterId, "cluster/eg-test-ecs-codepipeline") // Run `terraform output` to get the value of an output variable ecsClusterArn := terraform.Output(t, terraformOptions, "ecs_cluster_arn") // Verify we're getting back the outputs we expect - assert.Equal(t, "arn:aws:ecs:us-east-2:126450723953:cluster/eg-test-ecs-codepipeline", ecsClusterArn) + assert.Contains(t, ecsClusterArn, "cluster/eg-test-ecs-codepipeline") // Run `terraform output` to get the value of an output variable ecsExecRolePolicyName := terraform.Output(t, terraformOptions, "ecs_exec_role_policy_name") @@ -75,11 +75,6 @@ func TestExamplesComplete(t *testing.T) { // Verify we're getting back the outputs we expect assert.Equal(t, "eg-test-ecs-codepipeline", serviceName) - // Run `terraform output` to get the value of an output variable - serviceRoleArn := terraform.Output(t, terraformOptions, "service_role_arn") - // Verify we're getting back the outputs we expect - assert.Equal(t, "arn:aws:iam::126450723953:role/eg-test-ecs-codepipeline-service", serviceRoleArn) - // Run `terraform output` to get the value of an output variable taskDefinitionFamily := terraform.Output(t, terraformOptions, "task_definition_family") // Verify we're getting back the outputs we expect @@ -93,7 +88,7 @@ func TestExamplesComplete(t *testing.T) { // Run `terraform output` to get the value of an output variable taskExecRoleArn := terraform.Output(t, terraformOptions, "task_exec_role_arn") // Verify we're getting back the outputs we expect - assert.Equal(t, "arn:aws:iam::126450723953:role/eg-test-ecs-codepipeline-exec", taskExecRoleArn) + assert.Contains(t, taskExecRoleArn, "role/eg-test-ecs-codepipeline-exec") // Run `terraform output` to get the value of an output variable taskRoleName := terraform.Output(t, terraformOptions, "task_role_name") @@ -103,7 +98,7 @@ func TestExamplesComplete(t *testing.T) { // Run `terraform output` to get the value of an output variable taskRoleArn := terraform.Output(t, terraformOptions, "task_role_arn") // Verify we're getting back the outputs we expect - assert.Equal(t, "arn:aws:iam::126450723953:role/eg-test-ecs-codepipeline-task", taskRoleArn) + assert.Contains(t, taskRoleArn, "role/eg-test-ecs-codepipeline-task") // Run `terraform output` to get the value of an output variable codebuildProjectName := terraform.Output(t, terraformOptions, "codebuild_project_name") diff --git a/test/src/go.mod b/test/src/go.mod new file mode 100644 index 0000000..fa6b7bb --- /dev/null +++ b/test/src/go.mod @@ -0,0 +1,14 @@ +module github.com/cloudposse/terraform-aws-ecs-codepipeline + +go 1.13 + +require ( + github.com/aws/aws-sdk-go v1.34.7 // indirect + github.com/davecgh/go-spew v1.1.1 // indirect + github.com/google/uuid v1.1.1 // indirect + github.com/gruntwork-io/terratest v0.16.0 + github.com/pquerna/otp v1.2.0 // indirect + github.com/stretchr/testify v1.5.1 + golang.org/x/crypto v0.0.0-20190513172903-22d7a77e9e5f // indirect + golang.org/x/sys v0.0.0-20190527104216-9cd6430ef91e // indirect +) diff --git a/test/src/go.sum b/test/src/go.sum new file mode 100644 index 0000000..0cb89a2 --- /dev/null +++ b/test/src/go.sum @@ -0,0 +1,41 @@ +github.com/aws/aws-sdk-go v1.34.7 h1:74UoHD376AS93rcGRr2Ec6hG/mTJEKT9373xiGijWzI= +github.com/aws/aws-sdk-go v1.34.7/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= +github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc h1:biVzkmvwrH8WK8raXaxBx6fRVTlJILwEwQGL1I/ByEI= +github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/go-sql-driver/mysql v1.5.0 h1:ozyZYNQW3x3HtqT1jira07DN2PArx2v7/mN66gGcHOs= +github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= +github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY= +github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/gruntwork-io/terratest v0.16.0 h1:8dDdkAzqwVDclmefcy//oBPWs5bVrWuKYCUwG0WFG4c= +github.com/gruntwork-io/terratest v0.16.0/go.mod h1:NjUn6YXA5Skxt8Rs20t3isYx5Rl+EgvGB8/+RRXddqk= +github.com/jmespath/go-jmespath v0.3.0 h1:OS12ieG61fsCg5+qLJ+SsW9NicxNkg3b25OyT2yCeUc= +github.com/jmespath/go-jmespath v0.3.0/go.mod h1:9QtRXoHjLGCJ5IBSaohpXITPlowMeeYCZ7fLUTSywik= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pquerna/otp v1.2.0 h1:/A3+Jn+cagqayeR3iHs/L62m5ue7710D35zl1zJ1kok= +github.com/pquerna/otp v1.2.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4= +github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20190513172903-22d7a77e9e5f h1:R423Cnkcp5JABoeemiGEPlt9tHXFfw5kvc0yqlxRPWo= +golang.org/x/crypto v0.0.0-20190513172903-22d7a77e9e5f/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20200202094626-16171245cfb2 h1:CCH4IOTTfewWjGOlSp+zGcjutRKlBEZQ6wTn8ozI/nI= +golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190527104216-9cd6430ef91e h1:Pzdi8HRppinixnWWzN6KSa0QkBM+GKsTJaWwwfJskNw= +golang.org/x/sys v0.0.0-20190527104216-9cd6430ef91e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= diff --git a/variables.tf b/variables.tf index 571817d..d016cae 100644 --- a/variables.tf +++ b/variables.tf @@ -1,44 +1,3 @@ -variable "namespace" { - type = string - description = "Namespace (e.g. `eg` or `cp`)" - default = "" -} - -variable "stage" { - type = string - description = "Stage (e.g. `prod`, `dev`, `staging`)" - default = "" -} - -variable "name" { - type = string - description = "Name of the application" -} - -variable "delimiter" { - type = string - default = "-" - description = "Delimiter between `namespace`, `stage`, `name` and `attributes`" -} - -variable "attributes" { - type = list(string) - description = "Additional attributes (_e.g._ \"1\")" - default = [] -} - -variable "tags" { - type = map(string) - description = "Additional tags (_e.g._ { BusinessUnit : ABC })" - default = {} -} - -variable "enabled" { - type = bool - default = true - description = "Enable `CodePipeline` creation" -} - variable "ecs_cluster_name" { type = string description = "ECS Cluster Name" @@ -49,12 +8,6 @@ variable "service_name" { description = "ECS Service Name" } -variable "github_anonymous" { - type = bool - description = "Github Anonymous API (if `true`, token must not be set as GITHUB_TOKEN or `github_token`)" - default = false -} - variable "github_oauth_token" { type = string description = "GitHub OAuth Token with permissions to access private repositories" @@ -118,6 +71,25 @@ variable "buildspec" { description = "Declaration to use for building the project. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html)" } +variable "secondary_artifact_bucket_id" { + type = string + default = null + description = "Optional bucket for secondary artifact deployment. If specified, the buildspec must include a secondary artifacts section which controls the artifacts deployed to the bucket [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html)" +} + +variable "secondary_artifact_encryption_enabled" { + type = bool + default = false + description = "If set to true, enable encryption on the secondary artifact bucket" +} + +variable "secondary_artifact_identifier" { + type = string + default = null + description = "Identifier for optional secondary artifact deployment. If specified, the identifier must appear in the buildspec as the name of the section which controls the artifacts deployed to the secondary artifact bucket [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html)" +} + + # https://www.terraform.io/docs/configuration/variables.html # It is recommended you avoid using boolean values and use explicit strings variable "poll_source_changes" { @@ -159,10 +131,11 @@ variable "environment_variables" { { name = string value = string + type = string })) default = [] - description = "A list of maps, that contain both the key 'name' and the key 'value' to be used as additional environment variables for the build" + description = "A list of maps, that contain the keys 'name', 'value', and 'type' to be used as additional environment variables for the build. Valid types are 'PLAINTEXT', 'PARAMETER_STORE', or 'SECRETS_MANAGER'" } variable "webhook_enabled" { @@ -213,9 +186,21 @@ variable "cache_type" { description = "The type of storage that will be used for the AWS CodeBuild project cache. Valid values: NO_CACHE, LOCAL, and S3. Defaults to S3. If cache_type is S3, it will create an S3 bucket for storing codebuild cache inside" } +variable "cache_bucket_suffix_enabled" { + type = bool + default = true + description = "The cache bucket generates a random 13 character string to generate a unique bucket name. If set to false it uses terraform-null-label's id value. It only works when cache_type is 'S3'" +} + variable "local_cache_modes" { type = list(string) default = [] description = "Specifies settings that AWS CodeBuild uses to store and reuse build dependencies. Valid values: LOCAL_SOURCE_CACHE, LOCAL_DOCKER_LAYER_CACHE, and LOCAL_CUSTOM_CACHE" } +# https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codebuild_project#vpc_config +variable "codebuild_vpc_config" { + type = any + default = {} + description = "Configuration for the builds to run inside a VPC." +} diff --git a/versions.tf b/versions.tf index 517cebf..5ffa722 100644 --- a/versions.tf +++ b/versions.tf @@ -1,11 +1,26 @@ terraform { - required_version = "~> 0.12.0" + required_version = ">= 0.13.0" required_providers { - aws = "~> 2.0" - template = "~> 2.0" - local = "~> 1.2" - random = "~> 2.1" - null = "~> 2.0" + aws = { + source = "hashicorp/aws" + version = ">= 2.0" + } + template = { + source = "hashicorp/template" + version = ">= 2.0" + } + local = { + source = "hashicorp/local" + version = ">= 1.2" + } + random = { + source = "hashicorp/random" + version = ">= 2.1" + } + null = { + source = "hashicorp/null" + version = ">= 2.0" + } } }