4
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

CodePipelineでGitHubを利用したCI/CD構築

Last updated at Posted at 2024-12-24

2024年7月25日をもって、CodeCommitが新規お客様向けのアクセスを閉じる事が決まった為、CodeCommitの代替え案としてGitHubを使用したCI/CDを構築しています。

  • このCI/CDは、CodePipelineを使用してアプリケーションをビルドし、ECSへデプロイしてサービスとして起動させる想定で作成したものの中から、代替え時に必要なファイルなどを抜粋して記載しています。
  • 接続部分はマネジメントコンソールで作成

1.自分のGitHubでリポジトリを作る

私が今回作ったリポジトリ

image.png

  • CFnを作っているVScodeとは別のVScodeを新しいウィンドウで開き、
    手元にcloneしてREADMEを作成し、mainブランチにpushしておく。

2.AWSとGitHubの連携をする

今回はマネジメントコンソールから作成しました

image.png

  1. 左側のナビゲーションペインで『設定』>『接続』から接続を作成

  2. プロバイダーを『GitHub

  3. 接続名を決める

  4. GitHubに接続する を選択し次のページ
    新しいアプリをインストールする』を押す
    ⇒GitHubの画面に切り替わるので、自分のGitHubと連携する


3.CodePiplineの設定

codepipeline.yml
AWSTemplateFormatVersion: 2010-09-09
Description: CodePipeline for CI/CD

Parameters:
  SystemName:
    Type: String
  EnvType:
    Type: String
  GitHubRepo:
    Type: String
  GithubConnectionArn:
    Type: String
  GitHubBranch:
    Type: String

Mappings:
  AzMap:
    ap-northeast-1:
      1st: ap-northeast-1a
      2nd: ap-northeast-1c
      3rd: ap-northeast-1d

Resources:
  CodePipelineEcs:
    Type: AWS::CodePipeline::Pipeline
    Properties:
      Name:  !Sub
        - ${SystemName}-${EnvType}-codepipeline-ecs
        - {SystemName: !Ref SystemName, EnvType: !Ref EnvType}
      RoleArn: 
        Fn::ImportValue: !Sub
          - ${SystemName}-${EnvType}-role-codepipeline
          - {SystemName: !Ref SystemName, EnvType: !Ref EnvType}
      ArtifactStore: 
        Type: S3
        Location: !Sub
          - ${SystemName}-${EnvType}-s3-cicd
          - {SystemName: !Ref SystemName, EnvType: !Ref EnvType}
      Stages: 
      # GitHubを使用する際に必要な要素
        - Name: Source
          Actions: 
            - InputArtifacts: []
              Name: Source
              ActionTypeId:
                Category: Source
                Owner: AWS
                Version: 1
                Provider: CodeStarSourceConnection
              OutputArtifacts:
                - Name: SourceArtifact
              Configuration:
                FullRepositoryId: !Ref GitHubRepo
                ConnectionArn: !Ref GithubConnectionArn
                BranchName: !Ref GitHubBranch
                DetectChanges: false
              RunOrder: 1
            
            # CodeCommitがあった時に必要だったもの  
            # - Name: CodeCommit
            #   Region: !Ref AWS::Region
            #   RunOrder: 1
            #   ActionTypeId: 
            #     Category: Source
            #     Owner: AWS
            #     Provider: CodeCommit
            #     Version: 1
            #   Configuration: 
            #     RepositoryName: !Sub
            #       - ${SystemName}-${EnvType}-codecommit-ecs
            #       - {SystemName: !Ref SystemName, EnvType: !Ref EnvType}
            #     BranchName: main
            #     PollForSourceChanges: true
            #     OutputArtifactFormat: CODE_ZIP
            #   OutputArtifacts: 
            #     - Name: SourceArtifact
            #   Namespace: SourceVariables 

        - Name: Build
          Actions: 
            - Name: CodeBuild
              Region: !Ref AWS::Region
              RunOrder: 1
              ActionTypeId: 
                Category: Build
                Owner: AWS
                Provider: CodeBuild
                Version: 1
              Configuration: 
                ProjectName: !Sub
                  - ${SystemName}-${EnvType}-codebuild-ecs
                  - {SystemName: !Ref SystemName, EnvType: !Ref EnvType}
              InputArtifacts: 
                - Name: SourceArtifact
              OutputArtifacts: 
                - Name: BuildArtifact
              Namespace: BuildVariables 

        - Name: Deploy
          Actions: 
          - Name: CodeDeploy
            Region: !Ref AWS::Region
            RunOrder: 1
            ActionTypeId: 
              Category: Deploy
              Owner: AWS
              Provider: CodeDeployToECS
              Version: 1
            InputArtifacts: 
              - Name: BuildArtifact
            Configuration: 
              ApplicationName: !Sub 
                - ${SystemName}-${EnvType}-codedeploy-ecs
                - {SystemName: !Ref SystemName, EnvType: !Ref EnvType}
              DeploymentGroupName: !Sub 
                - ${SystemName}-${EnvType}-deploygroup-ecs
                - {SystemName: !Ref SystemName, EnvType: !Ref EnvType}
              TaskDefinitionTemplateArtifact: BuildArtifact
              TaskDefinitionTemplatePath: taskdef.json
              AppSpecTemplateArtifact: BuildArtifact
              AppSpecTemplatePath: appspec.yml

      Tags: 
        - Key: Name
          Value: !Sub
            - ${SystemName}-${EnvType}-codepipeline-ecs
            - {SystemName: !Ref SystemName, EnvType: !Ref EnvType}
        - Key: SystemName
          Value: !Ref SystemName
        - Key: EnvType
          Value: !Ref EnvType

dev-parameters.json
{
    "Parameters": [
        {
            "ParameterKey": "SystemName",
            "ParameterValue": "cicd"
        },
        {
            "ParameterKey": "EnvType",
            "ParameterValue": "dev"
        },
        {
            "ParameterKey": "GitHubRepo",
            "ParameterValue": "GitHubユーザー名/リポジトリ名"
        },
        {
            "ParameterKey": "GithubConnectionArn",
            "ParameterValue": "arn:aws:codestar-connections:<region>:<account-id>:connection/<connection-id>"
        },
        {
            "ParameterKey": "GitHubBranch",
            "ParameterValue": "main"
        }
    ]
}

GitHubRepo

  • GitHubユーザー名/リポジトリ名

GithubConnectionArn

  • 2で作った接続部分のARN
arn:aws:codestar-connections:<region>:<account-id>:connection/<connection-id>

GitHubBranch

  • どこのブランチを使うか

4.CodePipline用のIAMロールの設定

RoleCodePipeline: の部分を変更しています

  • Connectionへのアクセス権限を追加
iam.yml
AWSTemplateFormatVersion: 2010-09-09
Description: IAM for CI/CD

Parameters:
  SystemName:
    Type: String
  EnvType:
    Type: String
  GithubConnectionArn:
    Type: String
Mappings:
  AzMap:
    ap-northeast-1:
      1st: ap-northeast-1a
      2nd: ap-northeast-1c
      3rd: ap-northeast-1d

Resources:
  RoleEcsExecution:
    Type: AWS::IAM::Role
    Properties:
      RoleName: !Sub
        - ${SystemName}-${EnvType}-role-ecs-execution
        - {SystemName: !Ref SystemName, EnvType: !Ref EnvType}
      Description: !Sub
        - ${SystemName}-${EnvType}-role-ecs-execution
        - {SystemName: !Ref SystemName, EnvType: !Ref EnvType}
      Path: /
      # AssumeRolePolicyDocument: {\Version\:\2012-10-17\,\Statement\:[{\Effect\:\Allow\,\Principal\:{\Service\:\ec2.amazonaws.com\},\Action\:\sts:AssumeRole\}]}
      AssumeRolePolicyDocument:
        Version: 2012-10-17
        Statement: 
          - Effect: Allow
            Principal:
              Service: ecs-tasks.amazonaws.com
            Action: sts:AssumeRole
      ManagedPolicyArns: 
        - arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy
      Tags: 
        - Key: Name
          Value: !Sub
            - ${SystemName}-${EnvType}-role-ecs-execution
            - {SystemName: !Ref SystemName, EnvType: !Ref EnvType}
        - Key: SystemName
          Value: !Ref SystemName
        - Key: EnvType
          Value: !Ref EnvType

  RoleEcsAutoScaling:
    Type: AWS::IAM::Role
    Properties:
      RoleName: !Sub
        - ${SystemName}-${EnvType}-role-ecs-autoscaling
        - {SystemName: !Ref SystemName, EnvType: !Ref EnvType}
      Description: !Sub
        - ${SystemName}-${EnvType}-role-ecs-autoscaling
        - {SystemName: !Ref SystemName, EnvType: !Ref EnvType}
      Path: /
      AssumeRolePolicyDocument:
        Version: 2012-10-17
        Statement: 
          - Effect: Allow
            Principal:
              Service: ecs.application-autoscaling.amazonaws.com
            Action: sts:AssumeRole
      ManagedPolicyArns: 
        - arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceAutoscaleRole
      Tags: 
        - Key: Name
          Value: !Sub
            - ${SystemName}-${EnvType}-role-ecs-autoscaling
            - {SystemName: !Ref SystemName, EnvType: !Ref EnvType}
        - Key: SystemName
          Value: !Ref SystemName
        - Key: EnvType
          Value: !Ref EnvType

  RoleCodeBuild:
    Type: AWS::IAM::Role
    Properties:
      RoleName: !Sub
        - ${SystemName}-${EnvType}-role-codebuild
        - {SystemName: !Ref SystemName, EnvType: !Ref EnvType}
      Description: !Sub
        - ${SystemName}-${EnvType}-role-codebuild
        - {SystemName: !Ref SystemName, EnvType: !Ref EnvType}
      Path: /
      AssumeRolePolicyDocument:
        Version: 2012-10-17
        Statement: 
          - Effect: Allow
            Principal:
              Service: codebuild.amazonaws.com
            Action: sts:AssumeRole
      ManagedPolicyArns: 
        - arn:aws:iam::aws:policy/AWSCodeBuildDeveloperAccess
        - arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryFullAccess
        - arn:aws:iam::aws:policy/AmazonS3FullAccess
        - arn:aws:iam::aws:policy/AmazonECS_FullAccess
        - arn:aws:iam::aws:policy/CloudWatchFullAccess
      Tags: 
        - Key: Name
          Value: !Sub
            - ${SystemName}-${EnvType}-role-codebuild
            - {SystemName: !Ref SystemName, EnvType: !Ref EnvType}
        - Key: SystemName
          Value: !Ref SystemName
        - Key: EnvType
          Value: !Ref EnvType

  RoleCodeDeploy:
    Type: AWS::IAM::Role
    Properties:
      RoleName: !Sub
        - ${SystemName}-${EnvType}-role-codedeploy
        - {SystemName: !Ref SystemName, EnvType: !Ref EnvType}
      Description: !Sub
        - ${SystemName}-${EnvType}-role-codedeploy
        - {SystemName: !Ref SystemName, EnvType: !Ref EnvType}
      Path: /
      AssumeRolePolicyDocument:
        Version: 2012-10-17
        Statement: 
          - Effect: Allow
            Principal:
              Service: codedeploy.amazonaws.com
            Action: sts:AssumeRole
      ManagedPolicyArns: 
        - arn:aws:iam::aws:policy/AWSCodeDeployRoleForECS
      Tags: 
        - Key: Name
          Value: !Sub
            - ${SystemName}-${EnvType}-role-codedeploy
            - {SystemName: !Ref SystemName, EnvType: !Ref EnvType}
        - Key: SystemName
          Value: !Ref SystemName
        - Key: EnvType
          Value: !Ref EnvType
          
          
# CodePipelineのIAM設定/Connectionへのアクセス権限を追加
  RoleCodePipeline:
    Type: AWS::IAM::Role
    Properties:
      RoleName: !Sub
        - ${SystemName}-${EnvType}-role-codepipeline
        - {SystemName: !Ref SystemName, EnvType: !Ref EnvType}
      Description: !Sub
        - ${SystemName}-${EnvType}-role-codepipeline
        - {SystemName: !Ref SystemName, EnvType: !Ref EnvType}
      Path: /
      AssumeRolePolicyDocument:
        Version: 2012-10-17
        Statement: 
          - Effect: Allow
            Principal:
              Service: codepipeline.amazonaws.com
            Action: sts:AssumeRole
      ManagedPolicyArns: 
        - arn:aws:iam::aws:policy/AWSCodePipeline_FullAccess
        - arn:aws:iam::aws:policy/AWSCodeCommitFullAccess
        - arn:aws:iam::aws:policy/AWSCodeBuildDeveloperAccess
        - arn:aws:iam::aws:policy/AmazonS3FullAccess
        - arn:aws:iam::aws:policy/AWSCodeDeployFullAccess
        - arn:aws:iam::aws:policy/AmazonECS_FullAccess
      Policies:
        - PolicyName: CodeStarConnectionsAccess
          PolicyDocument:
            Version: 2012-10-17
            Statement:
              - Effect: Allow
                Action: 
                  - codestar-connections:UseConnection
                  - codestar-connections:GetConnection
                  - codestar-connections:ListConnections
                Resource: !Ref GithubConnectionArn
      Tags: 
        - Key: Name
          Value: !Sub
            - ${SystemName}-${EnvType}-role-codepipeline
            - {SystemName: !Ref SystemName, EnvType: !Ref EnvType}
        - Key: SystemName
          Value: !Ref SystemName
        - Key: EnvType
          Value: !Ref EnvType


Outputs:
  RoleEcsExecution:
    Value: !GetAtt RoleEcsExecution.Arn
    Export:
      Name: !Sub
        - ${SystemName}-${EnvType}-role-ecs-execution
        - {SystemName: !Ref SystemName, EnvType: !Ref EnvType}
  RoleEcsAutoScaling:
    Value: !GetAtt RoleEcsAutoScaling.Arn
    Export:
      Name: !Sub
        - ${SystemName}-${EnvType}-role-ecs-autoscaling
        - {SystemName: !Ref SystemName, EnvType: !Ref EnvType}
  RoleCodeBuild:
    Value: !GetAtt RoleCodeBuild.Arn
    Export:
      Name: !Sub
        - ${SystemName}-${EnvType}-role-codebuild
        - {SystemName: !Ref SystemName, EnvType: !Ref EnvType}
  RoleCodeDeploy:
    Value: !GetAtt RoleCodeDeploy.Arn
    Export:
      Name: !Sub
        - ${SystemName}-${EnvType}-role-codedeploy
        - {SystemName: !Ref SystemName, EnvType: !Ref EnvType}
  RoleCodePipeline:
    Value: !GetAtt RoleCodePipeline.Arn
    Export:
      Name: !Sub
        - ${SystemName}-${EnvType}-role-codepipeline
        - {SystemName: !Ref SystemName, EnvType: !Ref EnvType}
dev-parameters.json
{
    "Parameters": [
        {
            "ParameterKey": "SystemName",
            "ParameterValue": "cicd"
        },
        {
            "ParameterKey": "EnvType",
            "ParameterValue": "dev"
        },
        {
            "ParameterKey": "GithubConnectionArn",
            "ParameterValue": "arn:aws:codestar-connections:<region>:<account-id>:connection/<connection-id>"
        }
    ],
    "Capabilities": [
        "CAPABILITY_NAMED_IAM"
    ]
}

GithubConnectionArn

  • 2で作った接続部分のARN
arn:aws:codestar-connections:<region>:<account-id>:connection/<connection-id>

5.完成

  • GitHubと連携したリポジトリにpushを行う

image (1).png

  • 完成後、Dockerfile・buildspec.ymlなどもリポジトリに格納し、CodeBuild→CodeDeploy~と構築していく

参考

CodePipelineとGiuhubを連携させてECS自動デプロイするCloudformation - Qiita

CloudFormation CodePipeline で Github v2 用コネクションを使ってGithubからソースコードを取得する - Qiita

CodePipelineのソースにGitHubのリポジトリを利用する方法@CloudFormation

CodeStarSourceConnection for Bitbucket Cloud, GitHub, GitHub Enterprise Server, GitLab.com, and GitLab self-managed actions - AWS CodePipeline

4
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
4
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?