This page describes how to modify the steps listed in the Calling Synopsys Detect from AWS CodeBuild page to leverage the AWS command-line interface.
Prerequisites:
- Valid Black Duck server instance.
Output S3 bucket configured in AWS.
AWS command line interface (CLI) installed and configured.
Info Click Installing AWS CLI to learn about installing the AWS CLI.
- Follow the steps referenced in Before You Begin.
- Create a policy file to access the tags created in the previous step, and configure logging with Amazon CloudWatch.
- Create a file named <policy name>.json on the local computer or instance where the AWS CLI is installed.
Copy and paste the following code into the <policy name>.json file.
Code Block theme RDark collapse true { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ssm:GetParameters" ], "Resource": "arn:aws:ssm:us-east-1:<account id>:parameter/BLACKDUCK_*" }, { "Effect": "Allow", "Resource": [ "arn:aws:logs:us-east-1:<account id>:log-group:/aws/codebuild/<project name>", "arn:aws:logs:us-east-1:<account id>:log-group:/aws/codebuild/<project name>:*" ], "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ] }, { "Effect": "Allow", "Resource": [ "arn:aws:s3:::codepipeline-us-east-1-*" ], "Action": [ "s3:PutObject", "s3:GetObject", "s3:GetObjectVersion" ] }, { "Effect": "Allow", "Resource": [ "arn:aws:s3:::<output bucket name>/*" ], "Action": [ "s3:PutObject" ] } ] }
Info Verify that the region and account ID are correct in the policy document. Your parameters, buckets, policies, and buildspec.yml file must have the same region configured.
- Create a role AWS CodeBuild service role file.
- Use the same location that you placed the policy file in the previous step, to create a file named <role name>.json.
Copy and paste the following code into the <role name>.json file.
Code Block theme RDark { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "codebuild.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }
- Attach the policy that you created in Step 2 to the service role that you created in Step 3.
- In the directory where you saved the preceding files, run the command aws iam create-role that is shown in the first code block.
In the same directory, run the aws iam put-role-policy that is shown in the second code block.
Code Block theme RDark aws iam create-role --role-name <role name> --assume-role-policy-document file://<role name>.json
Code Block theme RDark aws iam put-role-policy --role-name <role name> --policy-name <policy name> --policy-document file://<policy name>.json
- Create the buildspec.yml file and add it to the root directory of your source code by clicking here and following the instructions.
- Create and Run the AWS CodeBuild project.
If you are using CodeStar, the project is already created, and you can skip to the step (f) to run the build.- Create a file named <project name>.json.
Copy and paste the following code into the <project name>.json file.
Code Block theme RDark { "name": "<project name>", "source": { "type": "GITHUB", "location": "<HTTPS clone url to source code repository>" }, "artifacts": { "type": "S3", "location": "<output bucket name>" }, "environment": { "type": "LINUX_CONTAINER", "image": "aws/codebuild/java:openjdk-8", "computeType": "BUILD_GENERAL1_SMALL" }, "serviceRole": "arn:aws:iam::<account id>:role/<role name>" }
Detailed explanations on each field, including optional fields are at: http://docs.aws.amazon.com/codebuild/latest/userguide/create-project.html#create-project-cli.
You can also get the service role ARN by running the following command:
Code Block theme RDark aws iam get-role --role-name <role name>
In the same directory containing the <project name>.json, run the following command:
Code Block theme RDark aws codebuild create-project --cli-input-json file://<project name>.json
To update a project that exists already, replace create-project (step d.) with update-project as shown in the following command:
Code Block theme RDark aws codebuild update-project --cli-input-json file://<project name>.json
Use the following command to run the build:
Code Block theme RDark aws codebuild start-build --project-name <project name>
- Check the status of the build by using either of the following methods:
- Go to https://console.aws.amazon.com/codebuild and locate it under the given project name.
or Run the following command:
Code Block theme RDark aws codebuild batch-get-builds --ids <project id>
- Go to https://console.aws.amazon.com/codebuild and locate it under the given project name.
- Click here to see the steps you take to view the Black Duck results.