-
-
Notifications
You must be signed in to change notification settings - Fork 115
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. Weβll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Most variable empty when building with Git clone depth 1 #3
Comments
@thanosexcite Oh right π |
I don't think this is the right place to document this (maybe I should open a new "Issue"). I did some tests with CodeBuild, and also I have some opinions about the way How CodeBuild worksHow CodeBuild gets the source:
How CodeBuild builds the source:
Also, when starting an build in CodeBuild, there are 3 possibilities for choosing the reference (via build overrides):
They are valid for CodeCommit, but other sources like GitHub allows more:
I only made tests with CodeBuild directly pulling CodeCommit as a source. In my tests, I tested both single and batch builds. That's what I discovered... Single build - clone depth of 1 - specifying a branchI had the following env vars:
I also had the following output for some useful git commands:
For this case, I could use
Also observe that Although we may use Batch build - clone depth of 5 - specifying a branch
And:
The results are similar, but unfortunately, I lost the source reference information. It seems that the first batch job (which pulls the code) sends the We can confirm this here: We can see that the parent build knows the branch, but all the children only knows the commit ID. So it's pretty hard to discover the branch reference on the children builds (I'll explain later why I disagree from I tried to, as a workaround, evaluate
And this doesn't work either:
My suggestion would be to pick the Other suggestion is to look for variable Single build - clone depth of 1 - specifying a commit that exists into 2 different branches:Now I run a single build, but specifying a commit instead...
And:
Now, we can see that we lost all reference information. For this case, I think it doesn't make any sense to say that this build is related to a given branch, because it wasn't. |
Opinion about the way aws-codebuild-extras calculates CODEBUILD_GIT_BRANCHHere it's all about what (1) I asked to build a given branch (e.g. I would expect (2) I asked to build the commit I would expect (3) I asked to build a tag (e.g. One may argue that
I didn't though about the expected results for multiple other test cases, specially when running CodeBuild from CodePipeline. I need to reflect more about all of them. However, for now, I don't think the current behavior of Of course, they work for the straightforward use case, which is when we're running a CI/CD at branch master just after a merge/pull, and when the master is the default branch. For the other non-trivial cases, the current behavior sounds strange for me. |
By the way, in case you are not familiar with, I just discovered that CodeBuild allows the use of Session Manager to access the container environment: https://docs.aws.amazon.com/codebuild/latest/userguide/session-manager.html After some tests, it seems that it doesn't support batch builds:
The This is not documented as well. It seems to me that the "batch build" feature has some bugs or non-documented behavior. |
I did some reverse engineering using the Session Manager integration, but now using single builds (I still want to test again batch builds w/ session manager, but trying to fix my IAM Role permissions - this may be the issue for batch builds)... My case was: I used Single build - clone depth of 1 - specifying a non-HEAD commit that exists into 2 different branches:
Some notes:
I also have a question:
Single build - clone depth of 1 - specifying a HEAD commit for a branch:
Single build - clone depth of 1 - specifying a TAG:
Quick insight:
I'll try to create a GIT gist that recalculates There is a good example here: https://community.opengroup.org/osdu/platform/system/notification/-/blob/fix-error-code/provider/notification-aws/build-aws/buildspec.yaml For builds that come from CodePipeline, yeeeeh, it's complicated. A need to test a lot to understand. Need to check And I guess if user uses But even using |
Update - Batch build - clone depth of 1 - specifying a branch - Commit belongs to 2 branches, and has an associated tag
This is bad news. Although in previous tests, the reference to 2 branches didn't occur, now it did. So, it is not possible to discover the original reference (which branch is correct). The workaround I created minutes ago is not working because of this. Maybe the best approach is really to use The same will occur for tags. If there are 2 tags pointing to the same commit, I use one of the tags (let's say, Using AWS CLI to get the source reference seems to be the best idea. Something like:
The issue is that no env var has the So we can do:
I'll test and share the results later. -- It worked :) Code follows:
My personal opinion: the env variables Github Actions provide is much better: We could evolve this project to calculate similar variables... |
I found a good workaround. See: thii/aws-codebuild-extras#3
I found a good workaround. See: thii/aws-codebuild-extras#3
Update - Single build triggered by Code Pipeline- CODEBUILD_CLONE_REF - from branch developNow I also tested how CodeBuild behaves for builds started from CodePipeline. I'm triggering the Pipeline for pushes on the develop branch to make easier to test. I'm starting w/ mode The first discovery was that it's not possible to set "Enable session connection" from CodePipeline, so I couldn't use the integration w/ session manager (which makes the debug much easier). So I had to put the debug commands directly on the buildspec (like when I tested batch builds). This is the source artifact (passed to CodeBuild by CodePipeline via S3):
So instead of be the source code zipped, it's a JSON w/ info to allow CodeBuild to directly clone the repo ( And this is the output of the debug commands on the build:
It's similar to the build batch, as we lost the source reference here (
Just like when we run CodeBuild Batch Builds against a non-head commit, now we have plenty of references (e.g. You can also see other variables (e.g.
So the only real solution I found to recover the source reference in a secure way (without the risk of any side case) was to:
The only drawback is that it's a design oriented by convention (the user should follow a convention of always exporting the variable In my case, one workaround could be:
Update: It's not really easy to just use CodeBuild / CodePipeline. I observed that the code above doesn't work if we use CodePipeline to start a batch build. The reason is because So, for this case, I came up with the following workaround:
Some additional side info: At least for CodeCommit, it's possible to start the CodePipeline after a tag push (you can customize the EventBridge Event that triggers the pipeline, and it may be a tag push as CodeCommit publishes these events). However, the tag value doesn't matter for CodePipeline, as it was always use the configuration for the source stage, which is always a branch. Also there is no such a thing like In my case, my goals was to build my project every time I pushed a tag of format Also, when starting a build via CodePipeline that runs all of my tests, I can't send the tag information in |
- Now we have proper branch information (used by Coveralls) when builds are started via CodePiline. - In order to use this integration, `SOURCEVARIABLES_BRANCH_NAME` MUST be set to `#{SourceVariables.BranchName}`. - Add EventBridge rule template to trigger CodePipeline on tag pushes (instead of the default, which is on branch pushes). - Note that, regardless of triggering on tag push (format `v*`), CodePipeline will not use this tag as source reference. It'll use the HEAD of branch name configured on the source stage instead. See: thii/aws-codebuild-extras#3
Very sorry for the high number of comments on this issue (sorry if I am pollute too much the discussion). So just to summarize everything (my personal point of view):
|
Thanks for your script πββοΈ . Makes working with codebuild more bearable.
When building with Git clone depth set to 1, most of the variables like commit hash, branch etc are empty. If building with clone depth set to some other value, everything works fine.
I think it's worth mentioning it in the readme.
The text was updated successfully, but these errors were encountered: