Zenn
🙆

AWS SAM の AWS CodePipeline 向けのスターターパイプラインの生成を試す

2023/06/26に公開
AWS
#
sam
CodePipeline
tech

今回やること

前回は、チュートリアルの Hello World アプリケーションに対して、独自ドメインを設定しました。

https://zenn.dev/gami113/articles/e55efbe06f976c

今回は、CodePipelineを構築し、アプリケーションを自動でテスト・ビルド・デプロイ出来るようにしていきます。

環境

OS

  • エディション Windows 10 Pro
  • バージョン 21H2
  • OS ビルド 19044.2965

ソフトウェア

  • Python 3.9.13
  • aws-cli/2.11.25 Python/3.11.3 Windows/10 exe/AMD64 prompt/off
  • SAM CLI, version 1.85.0
  • PSVersion 5.1.19041.2673
  • git version 2.40.0.windows.1

CodePipeline を作成する

AWS CodePipeline 向けのスターターパイプラインの生成を参考に、CodePipelineを作っていきます。

パイプラインのためリソースを作成する

手順に従いsam pipeline bootstrapを実行し、デプロイ用のリソースを作成します。デプロイが2ステージ あるようで、それぞれのためにリソースを作成していきます。

Stage 1

PS E:\prog\sam-hello-world> sam pipeline bootstrap

sam pipeline bootstrap generates the required AWS infrastructure resources to connect
to your CI/CD system. This step must be run for each deployment stage in your pipeline,
prior to running the sam pipeline init command.

We will ask for [1] stage definition, [2] account details, and
[3] references to existing resources in order to bootstrap these pipeline resources.

[1] Stage definition
Enter a configuration name for this stage. This will be referenced later when you use the sam pipeline init command:
Stage configuration name: sam-hello-world-staging

[2] Account details
The following AWS credential sources are available to use.
To know more about configuration AWS credentials, visit the link below:
https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html
        1 - Environment variables (not available)
        2 - default (named profile)
        q - Quit and configure AWS credentials
Select a credential source to associate with this stage: 2
Associated account xxxxxxxxxxxx with configuration sam-hello-world-staging.

Enter the region in which you want these resources to be created [ap-northeast-1]:
Select a user permissions provider:
        1 - IAM (default)
        2 - OpenID Connect (OIDC)
Choice (1, 2): 1
Enter the pipeline IAM user ARN if you have previously created one, or we will create one for you []:

[3] Reference application build resources
Enter the pipeline execution role ARN if you have previously created one, or we will create one for you []:
Enter the CloudFormation execution role ARN if you have previously created one, or we will create one for you []:
Please enter the artifact bucket ARN for your Lambda function. If you do not have a bucket, we will create one for you []:
Does your application contain any IMAGE type Lambda functions? [y/N]:

[4] Summary
Below is the summary of the answers:
        1 - Account: xxxxxxxxxxxx
        2 - Stage configuration name: sam-hello-world-staging
        3 - Region: ap-northeast-1
        4 - Pipeline user: [to be created]
        5 - Pipeline execution role: [to be created]
        6 - CloudFormation execution role: [to be created]
        7 - Artifacts bucket: [to be created]
        8 - ECR image repository: [skipped]
Press enter to confirm the values above, or select an item to edit the value:

This will create the following required resources for the 'sam-hello-world-staging' configuration:
        - Pipeline IAM user
        - Pipeline execution role
        - CloudFormation execution role
        - Artifact bucket
Should we proceed with the creation? [y/N]: y

stage2

PS E:\prog\sam-hello-world> sam pipeline bootstrap

sam pipeline bootstrap generates the required AWS infrastructure resources to connect
to your CI/CD system. This step must be run for each deployment stage in your pipeline,
prior to running the sam pipeline init command.

We will ask for [1] stage definition, [2] account details, and
[3] references to existing resources in order to bootstrap these pipeline resources.

[1] Stage definition
Enter a configuration name for this stage. This will be referenced later when you use the sam pipeline init command:
Stage configuration name: sam-hello-world-production

[2] Account details
The following AWS credential sources are available to use.
To know more about configuration AWS credentials, visit the link below:
https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html
        1 - Environment variables (not available)
        2 - default (named profile)
        q - Quit and configure AWS credentials
Select a credential source to associate with this stage: 2
Associated account xxxxxxxxxxxx with configuration sam-hello-world-production.

Enter the region in which you want these resources to be created [ap-northeast-1]:
Pipeline IAM user ARN: arn:aws:iam::xxxxxxxxxxxx:user/aws-sam-cli-managed-sam-hello-world-s-PipelineUser-89N5RMAJ9K5M

[3] Reference application build resources
Enter the pipeline execution role ARN if you have previously created one, or we will create one for you []:
Enter the CloudFormation execution role ARN if you have previously created one, or we will create one for you []:
Please enter the artifact bucket ARN for your Lambda function. If you do not have a bucket, we will create one for you []:
Does your application contain any IMAGE type Lambda functions? [y/N]:

[4] Summary
Below is the summary of the answers:
        1 - Account: xxxxxxxxxxxx
        2 - Stage configuration name: sam-hello-world-production
        3 - Region: ap-northeast-1
        4 - Pipeline user ARN: arn:aws:iam::xxxxxxxxxxxx:user/aws-sam-cli-managed-sam-hello-world-s-PipelineUser-89N5RMAJ9K5M
        5 - Pipeline execution role: [to be created]
        6 - CloudFormation execution role: [to be created]
        7 - Artifacts bucket: [to be created]
        8 - ECR image repository: [skipped]
Press enter to confirm the values above, or select an item to edit the value:

This will create the following required resources for the 'sam-hello-world-production' configuration:
        - Pipeline execution role
        - CloudFormation execution role
        - Artifact bucket
Should we proceed with the creation? [y/N]: y

パイプラインの設定を生成する

前手順で作成したリソースを利用し、パイプライン設定を作成します。

PS E:\prog\sam-hello-world> sam pipeline init

sam pipeline init generates a pipeline configuration file that your CI/CD system
can use to deploy serverless applications using AWS SAM.
We will guide you through the process to bootstrap resources for each stage,
then walk through the details necessary for creating the pipeline config file.

Please ensure you are in the root folder of your SAM application before you begin.

Select a pipeline template to get started:
        1 - AWS Quick Start Pipeline Templates
        2 - Custom Pipeline Template Location
Choice: 1

Cloning from https://github.com/aws/aws-sam-cli-pipeline-init-templates.git (process may take a moment)
Select CI/CD system
        1 - Jenkins
        2 - GitLab CI/CD
        3 - GitHub Actions
        4 - Bitbucket Pipelines
        5 - AWS CodePipeline
Choice: 5
Which pipeline template would you like to use?
        1 - Two-stage pipeline
        2 - Two-stage pipeline with monorepo
Choice []: 1
You are using the 2-stage pipeline template.
 _________    _________
|         |  |         |
| Stage 1 |->| Stage 2 |
|_________|  |_________|

Checking for existing stages...

2 stage(s) were detected, matching the template requirements. If these are incorrect, delete .aws-sam/pipeline/pipelineconfig.toml and rerun
What is the Git provider?
        1 - Bitbucket
        2 - CodeCommit
        3 - GitHub
        4 - GitHubEnterpriseServer
Choice []: 2
What is the CodeCommit repository name?: sam-hello-world
What is the Git branch used for production deployments? [main]: master
What is the template file path? [template.yaml]:
We use the stage configuration name to automatically retrieve the bootstrapped resources created when you ran `sam pipeline bootstrap`.

Here are the stage configuration names detected in .aws-sam\pipeline\pipelineconfig.toml:
        1 - sam-hello-world-staging
        2 - sam-hello-world-production
Select an index or enter the stage 1's configuration name (as provided during the bootstrapping): 1
What is the sam application stack name for stage 1? [sam-app]: sam-hello-world-staging
Stage 1 configured successfully, configuring stage 2.

Here are the stage configuration names detected in .aws-sam\pipeline\pipelineconfig.toml:
        1 - sam-hello-world-staging
        2 - sam-hello-world-production
Select an index or enter the stage 2's configuration name (as provided during the bootstrapping): 2
What is the sam application stack name for stage 2? [sam-app]: sam-hello-world-production
Stage 2 configured successfully.

To deploy this template and connect to the main git branch, run this against the leading account:
`sam deploy -t codepipeline.yaml --stack-name <stack-name> --capabilities=CAPABILITY_IAM`.
SUMMARY
We will generate a pipeline config file based on the following information:
        What is the Git provider?: CodeCommit
        What is the CodeCommit repository name?: sam-hello-world
        What is the Git branch used for production deployments?: master
        What is the template file path?: template.yaml
        Select an index or enter the stage 1's configuration name (as provided during the bootstrapping): 1
        What is the sam application stack name for stage 1?: sam-hello-world-staging
        What is the pipeline execution role ARN for stage 1?: arn:aws:iam::xxxxxxxxxxxx:role/aws-sam-cli-managed-sam-hell-PipelineExecutionRole-19MBZQRU472CR
        What is the CloudFormation execution role ARN for stage 1?: arn:aws:iam::xxxxxxxxxxxx:role/aws-sam-cli-managed-sam-h-CloudFormationExecutionR-LV314IJ5X4P1
        What is the S3 bucket name for artifacts for stage 1?: aws-sam-cli-managed-sam-hello-wor-artifactsbucket-1bvpdmvda0of
        What is the ECR repository URI for stage 1?:
        What is the AWS region for stage 1?: ap-northeast-1
        Select an index or enter the stage 2's configuration name (as provided during the bootstrapping): 2
        What is the sam application stack name for stage 2?: sam-hello-world-production
        What is the pipeline execution role ARN for stage 2?: arn:aws:iam::xxxxxxxxxxxx:role/aws-sam-cli-managed-sam-hell-PipelineExecutionRole-XLICX2UJD071
        What is the CloudFormation execution role ARN for stage 2?: arn:aws:iam::xxxxxxxxxxxx:role/aws-sam-cli-managed-sam-h-CloudFormationExecutionR-1SH1E0BABRNI0
        What is the S3 bucket name for artifacts for stage 2?: aws-sam-cli-managed-sam-hello-wor-artifactsbucket-ej5p8ukdgobs
        What is the ECR repository URI for stage 2?:
        What is the AWS region for stage 2?: ap-northeast-1
Successfully created the pipeline configuration file(s):
        - assume-role.sh
        - codepipeline.yaml
        - pipeline\buildspec_build_package.yml
        - pipeline\buildspec_deploy.yml
        - pipeline\buildspec_feature.yml
        - pipeline\buildspec_integration_test.yml
        - pipeline\buildspec_unit_test.yml

パイプラインの設定をGitへコミットする

設定ファイルをgitリポジトリに上げます。codepipelineをデプロイしてしまえば、gitに上がっている内容でデプロイしてくれます。

ここで、重大な事実に気づきました。前回カスタムドメイン名を設定しましたが、環境毎に設定を変えるなどを行っていないため、おそらくデプロイでエラーになります。ドメインの設定部分は削除して実施します。

パイプライン設定の追加

Git リポジトリを CI/CD システムに接続する

下記のコマンドを実行していきます。masterブランチのデプロイなので、masterという名前を記載しています。

PS E:\prog\sam-hello-world> sam deploy -t codepipeline.yaml --stack-name sam-hello-world-pipeline-master --capabilities=CAPABILITY_IAM --region ap-northeast-1

ビルドに失敗しました。

ビルド失敗

内容的には、一緒に使えないパラメータを一緒に使っちゃってるみたいです。

[Container] 2023/06/18 15:31:48 Running command sam package --s3-bucket ${TESTING_ARTIFACT_BUCKET} --region ${TESTING_REGION} --output-template-file packaged-test.yaml
Error: Cannot use both --resolve-s3 and --s3-bucket parameters. Please use only one.

設定ファイルの下記項目がtrueになっていることで、デフォルトでオプションが指定されてしまうようです。falseに切り替えてもう一度実施します。

samconfig.toml
[default.package.parameters]
resolve_s3 = true

デプロイが問題なく完了しました。

異常なく終了

異常なく終了はしたのですが、環境の差分とかまったく記載をしていないため、同じ名前でAPIが作成されてしまいました。設定ファイルを少し操作して名前に差分を作っていきます。

同じ名前で生成

まとめ

Hello World アプリケーションに対して、CodePipelineを設定することに成功しました。しかし、環境差分を考慮していなかったため、色々なリソースが同じ名前で作成されてしまいました。次回は環境差分を設定します。

Discussion