I'm very new to cloudformation templates, and I'm trying to create a template to build AWS ECS codepipelines.
The pipelines will need a CodeBuild stage with a fairly complex buildspec.
I would like to be able specify the buildspec for the build project as a template parameter. However when creating the stack from the template, CloudFormation only seems to allow a single line text box for providing the value for the parameters.
Is there some way to tell it that a particular parameter is a "long text" string, to allow it to show a larger multi-line edit box?
This does not seem to be possible at the moment.
As a workaround, consider uploading your buildspec to S3 and specify S3 ARN as parameter in your CF template.
Related
Occasionally in our codebase we need to use an //eslint-disable to bypass a styleguide rule on a line. I would like to somehow automatically add a comment on each new instance of that in PRs, requiring the developer to explain why they bypassed the styleguide.
I've found this question referencing how to create a comment programmatically, but what I'm not sure how to do is identify the new code and parse it for a certain piece of text, then add comments on those particular lines where the text was found.
This is one of the approaches to ingest scripts & achieve what you want, wherein Expected outcome is:
On every pull request, a pre build validation pipeline kicks off & adds comments on the PR.
Create a script (powershell/python/bash) with following logic:
Find file names in the given branch which contains //eslint-disable
In the files above (1.), get the location/line number of //eslint-disable
Foreach file.LineNumber (wrote like that just for representation): add comment on file.LineNumber using Pull Request Threads API. See line parameter
Create a pipeline containing above script & add that pipeline as build validation or if you have an existing build validation process, add these scripts as tasks in that pipeline.
Hope this helps :)
In Azure yaml file defining pipeline. I would like imageRepository contain name of the branch from which pipeline was executed. For example,
if I run from branch_A, I would like to have imageRepository:branch_A_image
if I run from branch_B, I would like to have imageRepository:branch_B_image
How does this conditional statement in yaml would look like? I found different bits and pieces, but could not find everything 'Build.SourceBranch'???
My ultimate goal is to have different container images for different branches. I am planning to trigger pipeline manually for now.
Maybe you are searching the Build.SourceBranch and Build.SourceBranchName. You can get more details here. It looks like this:
So the right image name should be set like this:
imageRegistory:$(Build.SourceBranchName)
I was trying this scenario but I am not able to figure out
I have a name and value in parameter store in SSM, now I am running the CF template from CLI using code pipeline, and I want the CF template take values directly from parameter store and should not prompt
on screen asking me to give the value.
I tried this but it prompt me .
AWS::SSM::Parameter::value
this is prompting when I used to upload a template in screen. how to avoid it and make the script take the value from parameter store directly
You have two choices for that:
Provide a default value for the parameter.
Use ParameterOverrides in your CodePiepline to provide the required value for the parameter.
TL;DR: Search and replace placeholders in a text file with the decrypted values of secrets in a variable group.
I would like to use a PowerShell script to receive a variable group in a release pipeline and then iterate through the list, performing search-and-replace on a file being released.
The variables in the variable list are secrets so I want to overwrite the placeholders in the file with the decrypted value of the variables.
The values of the variables are environment specific, so I do not want to provide the values at build time and do not want to include the decrypted values in a stored artifact.
The file being search-replaced will be used in an execution at release time but will not be deployed to a host, so will be destroyed upon completion of the pipeline execution.
The Tokenization task from the Visual Studio Marketplace does this job well. You'll need to install it into your Azure DevOps organisation, it's available at https://marketplace.visualstudio.com/items?itemName=TotalALM.totalalm-tokenization
By default the Tokenization task uses double underscores to identify the placeholders. It will replace any text that that matches the name of a variable in your release definition as long as it's surrounded by double underscores.
So if you want to write the value of a variable called MySecretVariable into your file you'll need to add a place holder like __MySecretVariable__ into the file where ever you want that value to be written.
The Tokenization task will write any encrypted values into the file in plain text but in the release logs they will be obfuscated.
If you're storing your variables in a variable group just link that to the release definition and set the scope to the appropriate environment.
So, I've found that, as long as I have a Base64 token configured for Variable Groups (click 'Show all scopes' when creating a new PAT) then I can call GET https://dev.azure.com/{organization}/{project}/_apis/distributedtask/variablegroups/{groupId}?api-version=5.1-preview.1 to get the variable group I need.
The above, however, will not return a value for secrets, although there is a hack/workaround for this (involving multiple pipeline steps).
The advisable route is to create a Key Vault in Azure and perform the processing either in Powershell or code.
As I need the decrypted key values passed into my application via a repeated find-replace, I have implemented a Powershell script in one Release pipeline step and consume the output in the next step.
I'm using serverless-stack-output to save my serverless output to a file with some custom values that I setup. Works well, but serverless has some other default outputs such as these:
FunctionQualifiedArn (one for each function)
ServiceEndpoint
ServerlessDeploymentBucketName
I don't want these to show on my file, how to disable serverless/cloudformation from outputting them?
This is not possible at this stage.
I've dug through the code and there's no switch that to suppress outputs.
Unfortunate, as I have the exact same requirement.