2

AWS Codebuild createProject method is missing OAuth token parameter for Github auth?

I would like to avoid using CodePipeline. I would like to programmatically create a code build project with Github token but I can't seem to find a way to include a GitHub token. As anyone experienced this? 

var params = {
    artifacts: {
      /* required */
      type: 'S3',
      location: 'STRING_VALUE',
      packaging: 'ZIP'
    },
    environment: {
      /* required */
      computeType: 'BUILD_GENERAL1_LARGE',
      image: 'aws/codebuild/nodejs:4.3.2', /* required */
      type: "LINUX_CONTAINER",
    },
    name: key, /* required */
    source: {
      /* required */
      type: "GITHUB",
      auth: {
        type: "OAUTH"
      },
      buildspec: 'echo "test";',
      location: `https://github.com/${original.organizations.name}/${original.repos.name}.git`,

    },
    description: 'STRING_VALUE',
    serviceRole: 'arn:aws:iam::171566796811:role/tmmmm6',
    timeoutInMinutes: 5
  };
  codebuild.createProject(params, function (err, data) {
    if (err) console.log(err, err.stack); // an error occurred
    else     console.log(data);           // successful response


    console.log("WEBHOOK")
    var params = {
      projectName: key /* required */
    };
    codebuild.createWebhook(params, function(err, data) {
      if (err) console.log(err, err.stack); // an error occurred
      else     console.log(data);           // successful response
    });


  });

I tried with the following URL format : https://${original.github.token}:@github.com/${original.organizations.name}/${original.repos.name}.git but that does not work. Codebuild would not allow me to create a webhook.

Here is the documentation. http://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/CodeBuild.html Is it possible to create a code build with GitHub access token? I know how to do it with code pipeline but I would like to avoid using code pipeline if possible.

Improve this question

4 Answers 4

Reset to default
5

There is no programmatic way to do this. You can use AWS CodeBuild console to connect your GitHub account. This is one time setup. Once connected, all future CodeBuild projects using source from your GitHub account will be able to use the stored token.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

This is no longer true. See below.
1

You are missing a parameter in your template. The source should look like this:

    source: {
      /* required */
      type: "GITHUB",
      auth: {
        type: "OAUTH",
        resource: "GITHUB"
      },
      buildspec: 'echo "test";',
      location: `https://github.com/${original.organizations.name}/${original.repos.name}.git`,

    },

As Zhen Li stated, you must first authorize your AWS account with Github through the console (create auth resource like this) once and then you can programmatically create as many authorized build projects for your Github as you want!

Improve this answer

Comments

1

This is no longer the case. See: How do you specify GitHub access token with CodeBuild from CloudFormation

In essence:

  • Create a PAT and put it in secrets manager
  • Create an AWS::CodeBuild::SourceCredential in CloudFormation and dynamically link the secret.
  • Reference this resource in the project defn.

Details above. Token should have repo and admin:repo_hook (if you want to use webhooks) permissions.

Improve this answer

Comments

0

I just found this thread... So follow up question: If you have to do this one-time setup for GH, then if I have multiple teams - each with their own GH org, I can't use separate tokens then?

I have to use a token from a user that has rights to all GH orgs? Is that correct?

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.