CodePipelineでCodeCommitとCodeBuildを利用してはまる

AWS

CodePipeline、CodeCommit、CodeBuildで遊んでみたのですが、CodePipeline利用するときにハマったのでメモ。

前提

  • 最初CodePipelineを利用せずに、CodeCommitとCodeBuildでBuildできるか等々試していた
  • CodeBuildで利用してたbuildspec.ymlはこんな感じ
    • やっていることはdocker buildしてECRに突っ込んでいるだけ
    • イメージのタグとして、commit idを利用している
    • CodePipelineを使わない状況では上手く動いていた
version: 0.2

phases:
  pre_build:
    commands:
      - echo "Login to Amazon ECR"
      - aws ecr get-login-password --region ${AWS_REGION} | docker login --username AWS --password-stdin ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com
      - IMAGE_TAG=$(git rev-parse --short HEAD)
      - echo "IMAGE_TAG=${IMAGE_TAG}"
  build:
    commands:
      - echo "Build started in $(date)"
      - echo "Building a docker image..."
      - docker build -t ${IMAGE_REPO_NAME}:${IMAGE_TAG} .
      - docker tag ${IMAGE_REPO_NAME}:${IMAGE_TAG} ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/${IMAGE_REPO_NAME}:${IMAGE_TAG}
      - docker tag ${IMAGE_REPO_NAME}:${IMAGE_TAG} ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/${IMAGE_REPO_NAME}:latest
  post_build:
    commands:
      - echo "Build completed in $(date)"
      - echo "Pushing the docker image..."
      - docker push ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/${IMAGE_REPO_NAME}:${IMAGE_TAG}
      - docker push ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/${IMAGE_REPO_NAME}:latest

問題

  • CodePipelineを利用して、Pipelineを作成

    • Source Stage --> CodeCommit
    • Build Stage --> CodeBuild

  • CodeBuildでエラー

[Container] Running command aws ecr get-login-password --region ${AWS_REGION} | docker login --username AWS --password-stdin ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

[Container] Running command IMAGE_TAG=$(git rev-parse --short HEAD)
fatal: not a git repository (or any parent up to mount point /codebuild)
Stopping at filesystem boundary (GIT_DISCOVERY_ACROSS_FILESYSTEM not set).

結果

  • いろいろ調べた結果、どうも source stageのartifactはgitリポジトリでなくなるらしい
  • .gitがなかった
  • じゃあcommit idどうやって取るの?と思って調べてみたら CODEBUILD_RESOLVED_SOURCE_VERSION が求めているものっぽいので、そちらを利用するように変更 
version: 0.2

phases:
  pre_build:
    commands:
      - echo "Login to Amazon ECR"
      - aws ecr get-login-password --region ${AWS_REGION} | docker login --username AWS --password-stdin ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com
      - COMMIT_HASH=$(echo ${CODEBUILD_RESOLVED_SOURCE_VERSION} | cut -c 1-7)
      - IMAGE_TAG=${COMMIT_HASH}
  build:
    commands:
      - echo "Build started in $(date)"
      - echo "Building a docker image..."
      - docker build -t ${IMAGE_REPO_NAME}:${IMAGE_TAG} .
      - docker tag ${IMAGE_REPO_NAME}:${IMAGE_TAG} ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/${IMAGE_REPO_NAME}:${IMAGE_TAG}
      - docker tag ${IMAGE_REPO_NAME}:${IMAGE_TAG} ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/${IMAGE_REPO_NAME}:latest
  post_build:
    commands:
      - echo "Build completed in $(date)"
      - echo "Pushing the docker image..."
      - docker push ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/${IMAGE_REPO_NAME}:${IMAGE_TAG}
      - docker push ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/${IMAGE_REPO_NAME}:latest

エラー出ずに動きましたとさ。