Calling Synopsys Detect from AWS CodePipeline using the AWS command-line interface
You must satisfy the following prerequisites before you complete any of the steps described:
Prerequisites:
- CodeBuild project that was created by using the steps in Calling Synopsys Detect from AWS CodeBuild.
- Valid Black Duck server instance set up.
Output bucket configured in S3.
- Valid AWS CodePipeline service role to give AWS CodePipeline access to the other resources in your account.
Note: this service role is different from the service role that was used for CodeBuild. AWS command-line interface (CLI) installed and configured.
Refer to: http://docs.aws.amazon.com/cli/latest/userguide/installing.html
The AWS CodeBuild project that was created and verified in Calling Synopsys Detect from AWS CodeBuild is referenced in the following steps:
Create a Pipeline in AWS CodePipeline by following the procedures in http://docs.aws.amazon.com/codepipeline/latest/userguide/pipelines-create.html#pipelines-create-cli.
When you edit your pipeline.json file, ensure your build stage is configured to use CodeBuild and that the Project Name is configured with the name of the project that was previously created and verified by using AWS CodeBuild.
The following example is a pipeline.json file with source and build stages that uses GitHub as the source:
Note: Ensure that your AWS account info, region and output bucket, match your CodeBuild project information.{ "pipeline": { "roleArn": "arn:aws:iam::<account id>:role/<CodePipeline service role name>", "stages": [ { "name": "Source", "actions": [ { "inputArtifacts": [], "name": "Source", "actionTypeId": { "category": "Source", "owner": "ThirdParty", "version": "1", "provider": "GitHub" }, "outputArtifacts": [ { "name": "MyApp" } ], "configuration": { "Owner": "<GitHub username>", "Repo": "<repo name>", "PollForSourceChanges": "true", "Branch": "master", "OAuthToken": "****" }, "runOrder": 1 } ] }, { "name": "Build", "actions": [ { "inputArtifacts": [ { "name": "MyApp" } ], "name": "CodeBuild", "actionTypeId": { "category": "Build", "owner": "AWS", "version": "1", "provider": "CodeBuild" }, "outputArtifacts": [ { "name": "target" } ], "configuration": { "ProjectName": "<project name>" }, "runOrder": 1 } ] } ], "artifactStore": { "type": "S3", "location": "<output bucket name>" }, "name": "<pipeline name>", "version": 1 } }- After a new pipeline is created, a pipeline job starts automatically.
Following a successful build, you can download and view the artifacts from S3.
The artifacts are pushed to S3 by using archive (.zip) files. The artifact contains the built artifact and a PDF of the risk profile report. - The scan results are pushed to Black Duck.
- View the console logs and check the pipeline job status.
- The console logs for CodeBuild are at https://console.aws.amazon.com under Services > Management Tools > CloudWatch > Logs.
Select the corresponding CodeBuild project and view the latest log. - Check the status of the pipeline job by navigating to the corresponding pipeline in https://console.aws.amazon.com/codepipeline, and click View pipeline history.
- The console logs for CodeBuild are at https://console.aws.amazon.com under Services > Management Tools > CloudWatch > Logs.
If there are changes in the source code, the AWS CodePipeline runs those changes through the pipeline and starts a new pipeline job.
The AWS CodeBuild project is invoked during the build stage.
.
©2020 Synopsys, Inc. All Rights Reserved