Hacking Cloudbuild

CodeBuild

Codebuild is a fully managed continious integration service that compiles code, run tests and produces packages to be used for deployment.

Components

Source

Source in CodeBuild acts as source provider for application code which is used for building it. Source can be anything from S3 bucket to OpenSource Repository hosting platforms like Github/Bitbucket and even AWS's own CodeCommit.

In this case, source is S3 bucket and inside S3 bucket called securitylabs-articles, file called code.zip contains all the code for application.

This means that once the build is started, it would fetch code.zip file present in securitylabs-articles bucket.

Environment

Environment defines the Operating System and its preferences where the building would take place. This controls things like OS,architecture and instance specifications like RAM and vCPU to be used for building application. You can also define fields like Environment variables and VPC that can be used for building the application.

Buildspec

Buildspec defines the rules i.e steps that needs to be taken to create the application from code. This is the heart of CodeBuild which create applications ready for deployment.

The below buildspec.yml file indicates the build steps to be taken.

version: 0.2
env:
  variables:
      Argument: "Value"
phases:
  pre_build:
    commands:
       - aws ecr get-login-password --region us-east-2 | docker login --username AWS --password-stdin 584358494719.dkr.ecr.us-east-2.amazonaws.com
  build:
    commands:
       - docker build -t securitylabs-article .
       - docker tag securitylabs-article:latest 584358494719.dkr.ecr.us-east-2.amazonaws.com/securitylabs-article:latest
       - docker push 584358494719.dkr.ecr.us-east-2.amazonaws.com/securitylabs-article:latest
  post_build:
    commands:
       - echo "Build ready!"
artifacts:
  files:
     - "artifact.txt"
  name: $(date +%Y-%m-%d)
  discard-paths: yes
  base-directory: "/uploads"

Artifacts

Artifacts define the upload location for artifcats that are generated during build. For instance, here we inform CodeBuild that artifcats generated during build would be uploaded to S3 bucket called securitylabs-article

You can also configure the path and the filename of the file containing the artifacts that would be uploaded. In the below screenshot, we see that artifacts will be uploaded at path/artifact.zip in the S3 bucket. Artifact package indicates that artifacts need to be ziped before uploading.

Build triggers

Build Triggers acts as cron job for scheduling execution of CodeBuild projects. In the below case, we are scheduling once in a week build.

Running Build

To start the build process, simply click on the Start Build button to initiate the building process.

PreviousLambda - API CallsNextCloudbuild - Security

Last updated