Page Comparison

This page describes how to modify the steps listed in the Calling Synopsys Detect from AWS CodeBuild page to leverage the AWS command-line interface.

Prerequisites:

Valid Black Duck server instance.
Output S3 bucket configured in AWS.
AWS command line interface (CLI) installed and configured.
Info
Click Installing AWS CLI to learn about installing the AWS CLI.

Follow the steps referenced in Before You Begin.

Create a policy file to access the tags created in the previous step, and configure logging with Amazon CloudWatch.

Create a file named <policy name>.json on the local computer or instance where the AWS CLI is installed.

Copy and paste the following code into the <policy name>.json file.

Code Block

theme	RDark	collapse	true

{
  "Version": "2012-10-17",
  "Statement": [
    {
       "Effect": "Allow", 
        "Action": [ 
            "ssm:GetParameters"
            ],
            "Resource": "arn:aws:ssm:us-east-1:<account id>:parameter/BLACKDUCK_*"
    },        
    {            
            "Effect": "Allow",            
            "Resource": [                
                "arn:aws:logs:us-east-1:<account id>:log-group:/aws/codebuild/<project name>",                 
                "arn:aws:logs:us-east-1:<account id>:log-group:/aws/codebuild/<project name>:*"            
            ],            
            "Action": [                
                "logs:CreateLogGroup",                
                "logs:CreateLogStream",                
                "logs:PutLogEvents"            
            ]        
    },        
    {            
            "Effect": "Allow",            
            "Resource": [                
                "arn:aws:s3:::codepipeline-us-east-1-*"            
            ],            
            "Action": [                
                "s3:PutObject",                
                "s3:GetObject",                
                "s3:GetObjectVersion"            
            ]        
    },        
    {       "Effect": "Allow",            
            "Resource": [                
                "arn:aws:s3:::<output bucket name>/*"            
            ],            
            "Action": [                
                "s3:PutObject"            
            ]        
    }    
  ]
}

Info
Verify that the region and account ID are correct in the policy document. Your parameters, buckets, policies, and buildspec.yml file must have the same region configured.

Create a role AWS CodeBuild service role file.

Use the same location that you placed the policy file in the previous step, to create a file named <role name>.json.

Copy and paste the following code into the <role name>.json file.

Code Block

theme	RDark

{  
  "Version": "2012-10-17",
  "Statement": [    
    {      
      "Effect": "Allow",      
      "Principal": {        
        "Service": "codebuild.amazonaws.com"
      },      
      "Action": "sts:AssumeRole"    
    }  
  ]
}

Attach the policy that you created in Step 2 to the service role that you created in Step 3.
1. In the directory where you saved the preceding files, run the command aws iam create-role that is shown in the first code block.
2. In the same directory, run the aws iam put-role-policy that is shown in the second code block.
  Code Block
  theme RDark
  aws iam create-role --role-name <role name> --assume-role-policy-document file://<role name>.json
  Code Block
  theme RDark
  aws iam put-role-policy --role-name <role name> --policy-name <policy name> --policy-document file://<policy name>.json
Create the buildspec.yml file and add it to the root directory of your source code by clicking here and following the instructions.

Create and Run the AWS CodeBuild project.
If you are using CodeStar, the project is already created, and you can skip to the step (f) to run the build.

Create a file named <project name>.json.

Copy and paste the following code into the <project name>.json file.

Code Block

theme	RDark

{  
  "name": "<project name>",  
  "source": {    
    "type": "GITHUB",    
    "location": "<HTTPS clone url to source code repository>"  
  },  
  "artifacts": {
    "type": "S3",    
    "location": "<output bucket name>"  
  },  
  "environment": {
    "type": "LINUX_CONTAINER",    
    "image": "aws/codebuild/java:openjdk-8",    
    "computeType": "BUILD_GENERAL1_SMALL"  
  },  
    "serviceRole": "arn:aws:iam::<account id>:role/<role name>"
}

Detailed explanations on each field, including optional fields are at: http://docs.aws.amazon.com/codebuild/latest/userguide/create-project.html#create-project-cli.

You can also get the service role ARN by running the following command:
Code Block
theme RDark
aws iam get-role --role-name <role name>
In the same directory containing the <project name>.json, run the following command:
Code Block
theme RDark
aws codebuild create-project --cli-input-json file://<project name>.json
To update a project that exists already, replace create-project (step d.) with update-project as shown in the following command:
Code Block
theme RDark
aws codebuild update-project --cli-input-json file://<project name>.json
Use the following command to run the build:
Code Block
theme RDark
aws codebuild start-build --project-name <project name>

Check the status of the build by using either of the following methods:
1. Go to https://console.aws.amazon.com/codebuild and locate it under the given project name.
  or
2. Run the following command:
  Code Block
  theme RDark
  aws codebuild batch-get-builds --ids <project id>
Click here to see the steps you take to view the Black Duck results.

Versions Compared

Old Version 5

New Version Current

Key