Adding Github support, refactoring (#41)

* Addin Github support, refactoring

* Adding github sample

* Fix for #35

* Adding instructions for Github integration

Co-authored-by: Srijit Mitra <srijit@amazon.com>

Author: srijitm

architecture.png

@@ -20,7 +20,8 @@
 import configFile from "../project-config.json"
 
 export enum TriggerType {
-  CodeCommit = "CodeCommit"
+  CodeCommit = "CodeCommit",
+  GitHub = "GitHub"
 }
 
 export enum Regions {
@@ -35,10 +36,12 @@ export enum StageName {
 
 export type ProjectRepo = {
   pipelineName: string,
-  ccRepoName: string,
+  repository: string,
   branch: string,
   type: TriggerType,
-  cron: string
+  owner?: any,
+  secret?: any,
+  cron?: any
 }
 
 export interface ProjectConfig {

config/config.ts

@@ -95,29 +95,52 @@ This will generate resources prefixed with ***acme-markets-roadrunner***
 - The sample provides a single TriggerType - CodeCommit. This can be extended to add Github, BitBucket etc.
 - An SNS Topic is generated for the pipeline. Subscribers receive notifications on status of each pipeline stage. Emails are sent by a Lambda function.
 - A Parameter Store parameter is generated which stores the semantic version and automatically increments (uses python semver library) on every successful build.
-- A Cron parameter can be set to trigger the pipeline on a schedule managed by CloudWatch.
+- A Cron parameter can be set to trigger the pipeline on a schedule managed by CloudWatch. (optional)
+- An AWS Secrets Manager secret storing the Github personal access token. (optional)
 
 ```text
 {
   pipelineName: string,
   ccRepoName: string,
   branch: string,
   type: TriggerType,
-  cron: string
+  cron: string,
+  secret: string
 }
 ```
 
-Example:
+### GitHub Example
+
+**Note** GitHub integration uses personal access tokens. See: [https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token](https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token)
+
+In AWS Secrets Manager create a plain text secret where the value is your Github personal access token. In this example the secret is called ***github-token***
+
+![New Secret](images/new_secret_01.png "New Secret")
+
+
+This sample will generate a pipeline called ***acme-markets-roadrunner-infra-eks-main***
+
+```json
+    {
+      "pipelineName": "infra-eks",
+      "repository": "acme-infra-eks",
+      "branch": "main",
+      "type": "GitHub",
+      "owner": "srijitm",
+      "secret": "github-token"
+    }
+```
+
+### CodeCommit Example
 
-The following sample will generate a pipeline called ***acme-markets-roadrunner-rocket-powered-skates-master***
+This sample will generate a pipeline called ***acme-markets-roadrunner-rocket-powered-skates-master***
 
 ```json
 {
   "pipelineName": "rocket-powered-skates",
   "ccRepoName": "rocket-powered-skates",
   "branch": "master",
   "type": "CodeCommit",
-  "cron": ""
 }
 ```
 

docs/admin.md

@@ -22,10 +22,10 @@ import ssm = require('@aws-cdk/aws-ssm')
 import lambda = require('@aws-cdk/aws-lambda')
 import s3deploy = require('@aws-cdk/aws-s3-deployment')
 import { Bucket } from '@aws-cdk/aws-s3'
-import { CodeCommitPipeline } from './pipelines/codecommit-pipeline'
+import { SimpleCicdPipeline } from './pipelines/simple-cicd-pipeline'
 import PipelineRole from './iam/pipeline-role';
 
-import { ProjectRepo, TriggerType } from '../config/config';
+import { ProjectRepo } from '../config/config';
 
 interface CicdStackProps extends cdk.StackProps {
   prefix: string,
@@ -44,10 +44,12 @@ export class CicdStack extends cdk.Stack {
     const artifactsBucket = Bucket.fromBucketName(this, 'artifactsBucket', artifactsBucketName.stringValue)
 
     // Push assume-cross-account-role.env to S3
+    let ts = Date.now()
     new s3deploy.BucketDeployment(this, 'DeployAssumeRole', {
       sources: [s3deploy.Source.asset('./scripts')],
       destinationBucket: artifactsBucket,
-      destinationKeyPrefix: 'admin/cross-account'
+      destinationKeyPrefix: 'admin/cross-account',
+      metadata: { 'timestamp': ts.toString() }
     });
 
     // Get Lambda email handler function
@@ -65,27 +67,16 @@ export class CicdStack extends cdk.Stack {
       const pipelineName = `${props.prefix}-${repo.pipelineName}-${repo.branch}`.replace(/\/|_/g, '-')
       const modulePipelineRole = new PipelineRole(this, `${pipelineName}PipelineRole`)
 
-      switch (repo.type) {
-        case TriggerType.CodeCommit: {
-            const repoName = repo.ccRepoName
-            const repoBranch = repo.branch
-            const cronTrigger = repo.cron
-    
-            new CodeCommitPipeline(this, `${pipelineName}-pipeline`, {
-              artifactsBucket,
-              prefix: props.prefix,
-              ssmRoot: props.ssmRoot,
-              repoName,
-              repoBranch,
-              cronTrigger,
-              pipelineName,
-              modulePipelineRole,
-              emailHandler,
-              semverHandler
-            })
-            break;
-          }
-      }
+      new SimpleCicdPipeline(this, `${pipelineName}-pipeline`, {
+        artifactsBucket,
+        prefix: props.prefix,
+        ssmRoot: props.ssmRoot,
+        repo: repo,
+        pipelineName,
+        modulePipelineRole,
+        emailHandler,
+        semverHandler
+      })
     }
   }
 }

docs/images/new_secret_01.png

@@ -18,16 +18,17 @@
 
 
 import { Pipeline, Artifact } from '@aws-cdk/aws-codepipeline'
-import { Construct } from '@aws-cdk/core'
+import { Construct, SecretValue } from '@aws-cdk/core'
 import { IBucket } from '@aws-cdk/aws-s3'
 import {
   CodeBuildAction,
   CodeCommitSourceAction,
   ManualApprovalAction,
-  LambdaInvokeAction
+  LambdaInvokeAction,
+  GitHubSourceAction
 } from '@aws-cdk/aws-codepipeline-actions'
 import config from '../../config/config'
-import { StageName } from '../../config/config';
+import { StageName, TriggerType, ProjectRepo } from '../../config/config';
 import CodeBuildRole from '../iam/code-build-role'
 import { DeployProject } from '../projects/deploy-project'
 import { Role } from '@aws-cdk/aws-iam'
@@ -40,28 +41,24 @@ import ssm = require('@aws-cdk/aws-ssm');
 import sns = require('@aws-cdk/aws-sns');
 import targets = require('@aws-cdk/aws-events-targets');
 
-export interface CodeCommitPipelineProps {
+export interface SimpleCicdPipelineProps {
   artifactsBucket: IBucket
   prefix: string
   ssmRoot: string
-  repoName: string
-  repoBranch: string,
-  cronTrigger?: string,
+  repo: ProjectRepo
   pipelineName: string,
   modulePipelineRole: Role
   emailHandler: IFunction
   semverHandler: IFunction
 }
 
-export class CodeCommitPipeline extends Pipeline {
-  constructor(scope: Construct, id: string, props: CodeCommitPipelineProps) {
+export class SimpleCicdPipeline extends Pipeline {
+  constructor(scope: Construct, id: string, props: SimpleCicdPipelineProps) {
     const {
       artifactsBucket,
       prefix,
       ssmRoot,
-      repoName,
-      repoBranch,
-      cronTrigger,
+      repo,
       pipelineName,
       modulePipelineRole, 
       emailHandler,
@@ -76,6 +73,9 @@ export class CodeCommitPipeline extends Pipeline {
       ...rest
     })
 
+    let repoName = repo.repository
+    let repoBranch = repo.branch
+    
     // Provision SNS Topic for notifications
     const notificationTopic = new sns.Topic(this, 'Topic', {
       displayName: `${prefix}-${repoName}-${repoBranch}-cicd-topic` ,
@@ -90,28 +90,52 @@ export class CodeCommitPipeline extends Pipeline {
 
     // Source Control Stage (CodeCommit)
     const sourceOutputArtifact = new Artifact('SourceArtifact')
-    const codeCommitRepo = Repository.fromRepositoryName(
-      scope,
-      `${repoName}${repoBranch}CodeCommitRepo`,
-      repoName
-    )
-
-    codeCommitRepo.onCommit('OnCommit', {
-      target: new targets.CodePipeline(this),
-      branches: [`${repoBranch}`]
-    })
+    switch (repo.type) {
+      case TriggerType.CodeCommit: {
+        const codeCommitRepo = Repository.fromRepositoryName(
+          scope,
+          `${repoName}${repoBranch}CodeCommitRepo`,
+          repoName
+        )
+    
+        codeCommitRepo.onCommit('OnCommit', {
+          target: new targets.CodePipeline(this),
+          branches: [`${repoBranch}`]
+        })
+    
+        const sourceAction = new CodeCommitSourceAction({
+          repository: codeCommitRepo,
+          branch: repoBranch,
+          output: sourceOutputArtifact,
+          actionName: 'Source'
+        })
 
-    const sourceAction = new CodeCommitSourceAction({
-      repository: codeCommitRepo,
-      branch: repoBranch,
-      output: sourceOutputArtifact,
-      actionName: 'Source'
-    })
+        this.addStage({
+          stageName: 'Source',
+          actions: [sourceAction]
+        })
+        break
+      }
+      case TriggerType.GitHub: {
+        const oauth = SecretValue.secretsManager(repo.secret)
 
-    this.addStage({
-      stageName: 'Source',
-      actions: [sourceAction]
-    })
+        const sourceAction = new GitHubSourceAction({
+          actionName: 'Source',
+          oauthToken: oauth,
+          owner: repo.owner,
+          repo: repoName,
+          branch: repoBranch,
+          output: sourceOutputArtifact,
+        })
+
+        this.addStage({
+          stageName: 'Source',
+          actions: [sourceAction]
+        })
+        break
+      }
+    }
+    
 
     // Building Stage
     const buildOutputArtifact = new Artifact('BuildArtifact')
@@ -221,11 +245,11 @@ export class CodeCommitPipeline extends Pipeline {
       }
     })      
 
-    if (props.cronTrigger) {
+    if (repo.cron) {
       const cwRule = new Rule(this, `${pipelineName}-cronTrigger`, {
         ruleName: `${pipelineName}-trigger`,
         enabled: true,
-        schedule: Schedule.expression(`cron(${props.cronTrigger})`)
+        schedule: Schedule.expression(`cron(${repo.cron})`)
       })
       cwRule.addTarget(new targets.CodePipeline(this))
     }