(圖說:每每會對城市規劃師 塞爾達 Ildefons Cerdà 所打造的巴塞隆納城市讚嘆不已。圖片來源:Photo by Logan Armstrong on Unsplash。)
概覽摘要 Briefing
AWS CodeBuild 是個雲端全託管的 Build 服務。支援一些主流的 build 工具們,例如 Apache Maven, Gradle 等等,也可以拿來 build Docker images。可以使用 AWS CodeBuild 或 AWS CodePipeline 觸發 CodeBuild 開始運作。可以使用 CodeBuild 來完成「Build」和「Test」這兩個動作,然後將產出物存放到對應的位置,例如 S3 或 ECR,再請對應的部署工具如 CodeDeploy 完成部署。
歷史考古 History
古往今來,縱橫脈絡。
- 2017-0509: A new version of the buildspec format has been released. Version 0.2 addresses the issue of CodeBuild running each build command in a separate instance of the default shell.
名詞定義 Terms
這裡整理有出場的名詞清單,並註記原文全名、名詞定義與來源。
- Cucumber JSON
- JUnit XML
- NUnit XML
- NUnit3 XML
- TestNG XML
- Visual Studio TRX
使用情境 Use Cases
- 需要 CI/CD,且想整合帳單。
- 需要全託管 build service 者。
限制條件 Limits
These quotas are for each supported AWS Region for each AWS account, unless otherwise specified.
Build projects
| Resource | Default |
|---|---|
| Allowed characters in a build project description | Any |
| Allowed characters in a build project name | The letters A-Z and a-z, the numbers 0-9, and the special characters - and _ |
| Length of a build project name | 2 to 255 characters, inclusive |
| Maximum length of a build project description | 255 characters |
| Maximum number of build projects | 5,000 |
| Maximum number of build projects you can request information about at one time using the AWS CLI or AWS SDKs | 100 |
| Maximum number of reports you can add to a project | 5 |
| Maximum number of tags you can associate with a build project | 50 |
| Number of minutes you can specify in a build project for the build timeout of all related builds | 5 to 480 (8 hours) |
| Number of security groups you can add under VPC configuration | 1 to 5 |
| Number of subnets you can add under VPC configuration | 1 to 16 |
Builds
| Resource | Default |
|---|---|
| Maximum number of builds you can request information about at one time using the AWS CLI or AWS SDKs | 100 |
| Maximum number of concurrent running builds* | 60 |
| Maximum time the history of a build is retained | 1 year |
| Number of minutes you can specify for the build timeout of a single build | 5 to 480 (8 hours) |
- Depending on the compute type. Contact support for higher quota.
收費結構 Pricing
請參考最新官方文件。這裡僅為速記。
- 以分鐘計費。從送交到 build 結束。
- 依照不同機型、不同記憶體大小、不同作業系統(Linux, Windows)、不同 region 有不同單價。有支援 ARM 和 GPU 的機型。
- AWS CodeBuild free tier 包含有每個月 build.general1.small 機型 100 個 build 分鐘可以使用。新客人、老客人,都有。
- 延伸使用到的 S3、AWS KMS、AWS CodePipeline、流量等等,對應各種 AWS Products 則依照各個產品收費規則收費。
細節概念 Concepts
基本架構
- 建立 build project,描述在哪裡取得程式原始碼。程式原始碼中應包含至少一個 build specification (buildspec) 描述檔案。
- 運行起來後會產生一個 build environment,會包含作業系統、程式語言 runtime、以及 CodeBuild 運作 build 所需的相關工具等等。
- CodeBuild 產生的 log 都會送往 Amazon CloudWatch Logs。
- CodeBuild 產生的產物 (output, artifact),可以送往 S3 bucket。
- CodeBuild 可送通知給 Amazon SNS topic。
計畫 Plan a build in AWS CodeBuild
- Where is the source code stored?
The source code must contain a build specification (buildspec) file.
- CodeCommit
- Amazon S3
- GitHub
- Bitbucket
- Which build commands do you need to run and in what order?
- Which runtimes and tools do you need to run the build?
- Do you need AWS resources that aren’t provided automatically by CodeBuild? If so, which security policies do those resources need?
- Do you want CodeBuild to work with your VPC?
If so, see Use AWS CodeBuild with Amazon Virtual Private Cloud.
Buildspec
Buildspec file name and storage location
- If you include a buildspec as part of the source code, by default, the buildspec file must be named
buildspec.ymland placed in the root of your source directory. - You can override the default buildspec file name and location:
CODEBUILD_SRC_DIR.- e.g.
buildspec_debug.yml,buildspec_release.yml. 適合不同部署環境要處理的細節不同。 - e.g.
config/buildspec.ymlor in an S3 bucket (arn:aws:s3:::my-codebuild-sample2/buildspec.yml).
- e.g.
- You can specify only one buildspec for a build project.
Buildspec syntax
Docs, 記得對照看這份文件。- In YAML format.
version: 0.2
run-as: Linux-user-name
env:
shell: shell-tag
variables:
key: "value"
key: "value"
parameter-store:
key: "value"
key: "value"
exported-variables:
- variable
- variable
secrets-manager:
key: secret-id:json-key:version-stage:version-id
git-credential-helper: no | yes
proxy:
upload-artifacts: no | yes
logs: no | yes
batch:
fast-fail: false | true
# build-list:
# build-matrix:
# build-graph:
phases:
install:
run-as: Linux-user-name
runtime-versions:
runtime: version
runtime: version
commands:
- command
- command
finally:
- command
- command
pre_build:
run-as: Linux-user-name
commands:
- command
- command
finally:
- command
- command
build:
run-as: Linux-user-name
commands:
- command
- command
finally:
- command
- command
post_build:
run-as: Linux-user-name
commands:
- command
- command
finally:
- command
- command
reports:
report-group-name-or-arn:
files:
- location
- location
base-directory: location
discard-paths: no | yes
file-format: report-format
artifacts:
files:
- location
- location
name: artifact-name
discard-paths: no | yes
base-directory: location
secondary-artifacts:
artifactIdentifier:
files:
- location
- location
name: secondary-artifact-name
discard-paths: no | yes
base-directory: location
artifactIdentifier:
files:
- location
- location
discard-paths: no | yes
base-directory: location
cache:
paths:
- path
- path
Build environment reference
Docs- Docker images provided by CodeBuild
- Build environment compute types
- Shells and commands in build environments
- Environment variables in build environments
- e.g.
AWS_DEFAULT_REGION,AWS_REGION,CODEBUILD_BUILD_ID,CODEBUILD_BUILD_SUCCEEDING, and more.
- e.g.
- Background tasks in build environments
VPC Support
Docs- Typically, AWS CodeBuild cannot access resources in a VPC. To enable access, you must provide additional VPC-specific configuration information in your CodeBuild project configuration. This includes the VPC ID, the VPC subnet IDs, and the VPC security group IDs.
- 通常是測試的時候需要用到在 VPC private subnet 裡頭的 RDS, ElastiCache, 或自家服務位於 VPC 內的 EC2/ECS/EKS、或是存取自家內部的 artifact repositories 等等。
深入討論 Deep Dive
大方向是為圭臬,但小心地上有坑。
(待補充)