https://pulumi.com logo
#general
Title
# general
f

fancy-ice-8211

04/26/2020, 5:16 AM
Does anyone have a working codepipeline example in python? I've tried to translate https://www.pulumi.com/docs/reference/pkg/aws/codepipeline/pipeline/ and get a very unhelpful
TypeError: startswith first arg must be bytes or a tuple of bytes, not str
So I guess I'm doing something wrong with the config, but I can't see it (fixed, see thread).
Fixed, it was a couple of things.
Copy code
import pulumi
from pulumi_aws import s3, iam, kms, codepipeline


config = pulumi.Config()

kms_key = kms.Key('code-pipeline')

code_pipeline_artifact_store_bucket = s3.Bucket(
    'code-pipeline-artifact-store-bucket',
    acl='private'
)

code_pipeline_service_role = iam.Role(
    'code-pipeline-service-role',
    assume_role_policy={
        'Version': '2012-10-17',
        'Statement': [
            {
                'Effect': 'Allow',
                'Principal': {
                    'Service': '<http://codepipeline.amazonaws.com|codepipeline.amazonaws.com>'
                },
                'Action': 'sts:AssumeRole'
            }
        ]
    }
)

code_pipeline_policy = iam.RolePolicy(
    'code-pipeline-policy',
    policy={
        'Version': '2012-10-17',
        'Statement': [
            {
                'Effect': 'Allow',
                'Action': [
                    's3:GetObject',
                    's3:GetObjectVersion',
                    's3:GetBucketVersioning',
                    's3:PutObject'
                ],
                'Resource': [
                    code_pipeline_artifact_store_bucket.arn,
                    code_pipeline_artifact_store_bucket.arn.apply(lambda arn: f'{arn}/*')
                ]
            },
            {
                'Effect': 'Allow',
                'Action': [
                    'codebuild:BatchGetBuilds',
                    'codebuild:StartBuild'
                ],
                'Resource': '*'
            }
        ]
    },
    role=code_pipeline_service_role.id
)

code_pipeline = codepipeline.Pipeline(
    'code-pipeline',
    artifact_store={
        'encryption_key': {
            'id': kms_key.id,
            'type': 'KMS'
        },
        'location': code_pipeline_artifact_store_bucket.bucket,
        'type': 'S3'
    },
    role_arn=code_pipeline_service_role.arn,
    stages=[
        {
            'Actions': [{
                'Category': 'Source',
                'Configuration': {
                    'Branch': config.require('branch'),
                    'Owner': config.require('owner'),
                    'Repo': config.require('repo'),
                    'OAuthToken': config.require('githubtoken')
                },
                'Name': 'Source',
                'OutputArtifacts': ['source_output'],
                'Owner': 'ThirdParty',
                'Provider': 'GitHub',
                'Version': '1'
            }],
            'Name': 'Source'
        },
        {
            'Actions': [{
                'Category': 'Build',
                'Configuration': {
                    'ProjectName': 'test',
                },
                'InputArtifacts': ['source_output'],
                'Name': 'Build',
                'OutputArtifacts': ['build_output'],
                'Owner': 'AWS',
                'Provider': 'CodeBuild',
                'Version': '1'
            }],
            'Name': 'Build'
        },
        {
            'Actions': [{
                'Category': 'Deploy',
                'Configuration': {
                    'ActionMode': 'REPLACE_ON_FAILURE',
                    'Capabilities': 'CAPABILITY_AUTO_EXPAND,CAPABILITY_IAM',
                    'OutputFileName': 'CreateStackOutput.json',
                    'StackName': 'MyStack',
                    'TemplatePath': 'build_output::sam-templated.yaml'
                },
                'InputArtifacts': ['build_output'],
                'Name': 'Deploy',
                'Owner': 'AWS',
                'Provider': 'CloudFormation',
                'Version': '1'
            }],
            'Name': 'Deploy'
        }
    ]
)
if anyone is curious
FWIW: The typescript demo doesn't work out of the box, there's a syntax error and some aws resource naming problems.
m

mammoth-caravan-51104

08/24/2020, 2:34 PM
Hey @fancy-ice-8211 when you are running
up
is your pipeline showing with as a
to update
resource? For me every time i run
up
it update the pipeline as well. That's probably because of AWS config setup, where token is being returned as "true" instead of a token itself. it's a quite annoying behavior and i'm not sure how to solve it yet