- Newest
- Most votes
- Most comments
ended up putting the user:password of the .gitmodule in secretsmanager and then just before getting the submodules replacing git@ with user:password@ it works, just a bit disappointed in CodeBuild not supporting git modules out of the box. so the buildspec.yml file looks something like:
version: 0.2
env:
git-credential-helper: yes
secrets-manager:
BB_USER_PASSWORD: "BitbucketAppUserPassword:BitbucketAppUserPassword"
phases:
pre_build:
commands:
- echo replacing git credentials with BB_USER_PASSWORD in the shape of user:password
- sed -i "s/git@/${BB_USER_PASSWORD}@/g" .gitmodules
- git submodule update --init --recursive
- git submodule update --remote --merge
.....
build:
commands:
- echo Build started on `date`
- ./build2.sh
.....
remember to add a policy to the codebuild role to allow access the secrets manager key:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"secretsmanager:GetResourcePolicy",
"secretsmanager:GetSecretValue",
"secretsmanager:DescribeSecret",
"secretsmanager:ListSecretVersionIds"
],
"Resource": "<INSERT ARN of BitbucketAppUserPassword here>"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "secretsmanager:GetRandomPassword",
"Resource": "*"
}
]
}
Unfortunately, I don't think there is currently a way to get further details from the DOWNLOAD_SOURCE
stage in CodeBuild.
That said, you might want to consider using CodePipeline here. With CodePipeline, the source stage can be configured as a full clone, which will then be passed into a build stage running CodeBuild. From here, you should be able to issue the needed git submodule
commands in the install section in your buildspec.yml
file.
The advantage of this is that since you are then moving the submodule init process into the build phases of your project, you should have full console output in the build logs, and you also have a bit more control over how the submodules are pulled. In doing this, you may need to enable git-credential-helper (1).
Thank you for that @Wayne_G I have a feeling that CodeBuild source doesn't support submodules at all.. Is there a know bug ?
I have been able to get it working late last night by
- switching of the submodule option in the CodeBuild source and specifying 1 level
- specifying the user/password inside the .gitmodule file for each git module
- in the build stage calling :
git submodule update --init --recursive
git submodule update --remote --merge
This, of coarse, is less than optimal for security purposes.
I've seen one other article where someone has this issue where they have switched to CodePipelines, but if this is a limitation of CodeBuild then at least remove the option to indicate that git modules are supported or allow the CodeStart connections to be used directly in CodeBuild.
I have seen this WooCommerce Custom Checkout Fields Plugin https://woocommerce.com/products/conditional-checkout-fields-for-woocommerce/
Relevant content
- Accepted Answerasked 7 months ago
- asked 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago