This page describes how to modify the steps listed in the Calling Synopsys Detect from AWS CodeBuild page to leverage the AWS command-line interface.
Prerequisites:
Output S3 bucket configured in AWS.
AWS command line interface (CLI) installed and configured.
Click Installing AWS CLI to learn about installing the AWS CLI. |
Copy and paste the following code into the <policy name>.json file.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ssm:GetParameters" ], "Resource": "arn:aws:ssm:us-east-1:<account id>:parameter/BLACKDUCK_*" }, { "Effect": "Allow", "Resource": [ "arn:aws:logs:us-east-1:<account id>:log-group:/aws/codebuild/<project name>", "arn:aws:logs:us-east-1:<account id>:log-group:/aws/codebuild/<project name>:*" ], "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ] }, { "Effect": "Allow", "Resource": [ "arn:aws:s3:::codepipeline-us-east-1-*" ], "Action": [ "s3:PutObject", "s3:GetObject", "s3:GetObjectVersion" ] }, { "Effect": "Allow", "Resource": [ "arn:aws:s3:::<output bucket name>/*" ], "Action": [ "s3:PutObject" ] } ] } |
Verify that the region and account ID are correct in the policy document. Your parameters, buckets, policies, and buildspec.yml file must have the same region configured. |
Copy and paste the following code into the <role name>.json file.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "codebuild.amazonaws.com" }, "Action": "sts:AssumeRole" } ] } |
In the same directory, run the aws iam put-role-policy that is shown in the second code block.
aws iam create-role --role-name <role name> --assume-role-policy-document file://<role name>.json |
aws iam put-role-policy --role-name <role name> --policy-name <policy name> --policy-document file://<policy name>.json |
Copy and paste the following code into the <project name>.json file.
{ "name": "<project name>", "source": { "type": "GITHUB", "location": "<HTTPS clone url to source code repository>" }, "artifacts": { "type": "S3", "location": "<output bucket name>" }, "environment": { "type": "LINUX_CONTAINER", "image": "aws/codebuild/java:openjdk-8", "computeType": "BUILD_GENERAL1_SMALL" }, "serviceRole": "arn:aws:iam::<account id>:role/<role name>" } |
Detailed explanations on each field, including optional fields are at: http://docs.aws.amazon.com/codebuild/latest/userguide/create-project.html#create-project-cli.
You can also get the service role ARN by running the following command:
aws iam get-role --role-name <role name> |
In the same directory containing the <project name>.json, run the following command:
aws codebuild create-project --cli-input-json file://<project name>.json |
To update a project that exists already, replace create-project (step d.) with update-project as shown in the following command:
aws codebuild update-project --cli-input-json file://<project name>.json |
Use the following command to run the build:
aws codebuild start-build --project-name <project name> |
Run the following command:
aws codebuild batch-get-builds --ids <project id> |