Code Pipeline

Structure reference

https://docs.aws.amazon.com/codepipeline/latest/userguide/reference-pipeline-structure.html

Pipeline structure

• roleArn - service role
• stages
  • at least two
  • first & only first stage contain source action(s) & only source actions
  • other stages contain non-source actions
• artifactStore
• name - cannot change
• version - auto managed

Action structure

• name - action name
• inputArtifacts - a JSON structure, must match a (not necessarily immediate) previous action's output
• region - cross region action must use this
• actionTypeId
  • category - Source,Build,Approval,Deploy,Test,Invoke
  • owner - "AWS", "ThirdParty", "Custom"
  • version (currently only support "1")
  • provider - for example "S3" (owner "AWS")
• outputArtifacts - names must be unique
• configuration
  • depends on the type, see above reference
  • **** - secret value
• runOrder - positive number, not necessarily sequential, same number for parallel

Concepts

Code Pipeline is a Continual Deployment (CI - build & unit test, CD - build, unit test, test, approve, deploy) solution.

• Source
  • Integrate with CloudWatch event
  • Event based or poll based
    • Event based (CloudWatch) is recommended
    • poll based is the default when pipeline created with CLI but not recommended
• Stage
  • Include actions
  • Transition between stages
  • Transition can be manually controlled
• Action
  • In sequence or parallel
  • If fail the pipeline will stop & the failed action can be retied manually with console or CLI
  • Integrate with various products
  • Types:
    • Source (versioned S3, CodeCommit, Github, ECR)
    • Build (CodeBuild, Jenkins.....)
    • Test (CodeBuild, DeviceFarm, ....)
    • Deploy (CodeDeploy - EC2&on-premise, CloudFormation, ECS, Beanstalk, OpsWorks - chef....)
    • Approve (manual, SNS)
    • Invoke (lambda) - call lambda, and require lambda call back with result
  • Custom actions - for a custom, external worker (perhaps running on an EC2 instance) to pickup task, complete and feed back
• Artifact
  • Is input & output of actions
  • Must have a name & referred to by name
• How it works
  • Execution - can be automatic or manual
  • Product S3 bucket (by default created with name codepipeline-region-12345randomno), each pipeline creates a folder for storage of product
  • Revision - detected, processed through each stages of pipeline (one stage process one revision at one time, always process the latest revision)

Security

• AWSCodePipelineFullAccess - grant to IAM user so the user can manage pipeline
• Pipeline's service role - allow pipeline service to manage resources for user
• Cross-account possible, see document

Other Integration

• Cloudtrail - capture API call & events, feed to S3 bucket
• CloudWatch
• CloudWatch Events - use pipeline as target of event, or just keep user notified
• Key Management Service - for cross account pipeline, for encryption of artifact