Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

AWS CloudFormation CodePipeline: Could not fetch the contents of the repository from GitHub

I'm attempting to setup an AWS CloudFormation configuration using CodePipeline and GitHub.

I've failed both at my own example project and the tutorial: Create a GitHub Pipeline with AWS CloudFormation.

All resources are created, but in CodePipeline I continuously get the following error during the initial "Source" stage.

Could not fetch the contents of the repository from GitHub.

See image below:

CodePipeline with Github failing with "Could not fetch the contents of the repository from Github."

Note that this is not a permissions error. It's something else that does not exist on Google until now.

GitHub can be configured to work if I stop using CloudFormation and create a CodePipeline through the console, but for my purposes, I need to use CloudFormation. Need to stick to a template.

Here is the template from the CloudFormation template copied from the tutorial:

Parameters:
  BranchName:
    Description: GitHub branch name
    Type: String
    Default: master
  RepositoryName:
    Description: GitHub repository name
    Type: String
    Default: test
  GitHubOwner:
    Type: String
  GitHubSecret:
    Type: String
    NoEcho: true
  GitHubOAuthToken:
    Type: String
    NoEcho: true
  ApplicationName:
    Description: CodeDeploy application name
    Type: String
    Default: DemoApplication
  BetaFleet:
    Description: Fleet configured in CodeDeploy
    Type: String
    Default: DemoFleet
Resources:
  CodePipelineArtifactStoreBucket:
    Type: "AWS::S3::Bucket"
  CodePipelineArtifactStoreBucketPolicy:
    Type: "AWS::S3::BucketPolicy"
    Properties:
      Bucket: !Ref CodePipelineArtifactStoreBucket
      PolicyDocument:
        Version: 2012-10-17
        Statement:
          - Sid: DenyUnEncryptedObjectUploads
            Effect: Deny
            Principal: "*"
            Action: "s3:PutObject"
            Resource: !Join
              - ""
              - - !GetAtt
                  - CodePipelineArtifactStoreBucket
                  - Arn
                - /*
            Condition:
              StringNotEquals:
                "s3:x-amz-server-side-encryption": "aws:kms"
          - Sid: DenyInsecureConnections
            Effect: Deny
            Principal: "*"
            Action: "s3:*"
            Resource: !Join
              - ""
              - - !GetAtt
                  - CodePipelineArtifactStoreBucket
                  - Arn
                - /*
            Condition:
              Bool:
                "aws:SecureTransport": false
  AppPipelineWebhook:
    Type: "AWS::CodePipeline::Webhook"
    Properties:
      Authentication: GITHUB_HMAC
      AuthenticationConfiguration:
        SecretToken: !Ref GitHubSecret
      Filters:
        - JsonPath: $.ref
          MatchEquals: "refs/heads/{Branch}"
      TargetPipeline: !Ref AppPipeline
      TargetAction: SourceAction
      Name: AppPipelineWebhook
      TargetPipelineVersion: !GetAtt
        - AppPipeline
        - Version
      RegisterWithThirdParty: true
  AppPipeline:
    Type: "AWS::CodePipeline::Pipeline"
    Properties:
      Name: github-events-pipeline
      RoleArn: !GetAtt
        - CodePipelineServiceRole
        - Arn
      Stages:
        - Name: Source
          Actions:
            - Name: SourceAction
              ActionTypeId:
                Category: Source
                Owner: ThirdParty
                Version: 1
                Provider: GitHub
              OutputArtifacts:
                - Name: SourceOutput
              Configuration:
                Owner: !Ref GitHubOwner
                Repo: !Ref RepositoryName
                Branch: !Ref BranchName
                OAuthToken: !Ref GitHubOAuthToken
                PollForSourceChanges: false
              RunOrder: 1
        - Name: Beta
          Actions:
            - Name: BetaAction
              InputArtifacts:
                - Name: SourceOutput
              ActionTypeId:
                Category: Deploy
                Owner: AWS
                Version: 1
                Provider: CodeDeploy
              Configuration:
                ApplicationName: !Ref ApplicationName
                DeploymentGroupName: !Ref BetaFleet
              RunOrder: 1
      ArtifactStore:
        Type: S3
        Location: !Ref CodePipelineArtifactStoreBucket
  CodePipelineServiceRole:
    Type: "AWS::IAM::Role"
    Properties:
      AssumeRolePolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: Allow
            Principal:
              Service:
                - codepipeline.amazonaws.com
            Action: "sts:AssumeRole"
      Path: /
      Policies:
        - PolicyName: AWS-CodePipeline-Service-3
          PolicyDocument:
            Version: 2012-10-17
            Statement:
              - Effect: Allow
                Action:
                  - "codecommit:CancelUploadArchive"
                  - "codecommit:GetBranch"
                  - "codecommit:GetCommit"
                  - "codecommit:GetUploadArchiveStatus"
                  - "codecommit:UploadArchive"
                Resource: "*"
              - Effect: Allow
                Action:
                  - "codedeploy:CreateDeployment"
                  - "codedeploy:GetApplicationRevision"
                  - "codedeploy:GetDeployment"
                  - "codedeploy:GetDeploymentConfig"
                  - "codedeploy:RegisterApplicationRevision"
                Resource: "*"
              - Effect: Allow
                Action:
                  - "codebuild:BatchGetBuilds"
                  - "codebuild:StartBuild"
                Resource: "*"
              - Effect: Allow
                Action:
                  - "devicefarm:ListProjects"
                  - "devicefarm:ListDevicePools"
                  - "devicefarm:GetRun"
                  - "devicefarm:GetUpload"
                  - "devicefarm:CreateUpload"
                  - "devicefarm:ScheduleRun"
                Resource: "*"
              - Effect: Allow
                Action:
                  - "lambda:InvokeFunction"
                  - "lambda:ListFunctions"
                Resource: "*"
              - Effect: Allow
                Action:
                  - "iam:PassRole"
                Resource: "*"
              - Effect: Allow
                Action:
                  - "elasticbeanstalk:*"
                  - "ec2:*"
                  - "elasticloadbalancing:*"
                  - "autoscaling:*"
                  - "cloudwatch:*"
                  - "s3:*"
                  - "sns:*"
                  - "cloudformation:*"
                  - "rds:*"
                  - "sqs:*"
                  - "ecs:*"
                Resource: "*"

I've have taken the following steps:

  • provided Github Organization, Repo & Branch
  • setup a personal access token on GitHub and supplied it to the template GitHubOAuthToken parameter with access to repo:all & admin:repo_hook
  • setup a random string and provided it to the GitHubSecret
  • tried not including a GitHubSecret as in many other examples
  • verified that AWS CodePipeline for my region is listed in Github Applications under "Authorized OAuth Applications"

In attempts to start from a clear slate, I've also done the following:

  • cleared all GitHub webhooks before starting aws codepipeline list-webhooks & aws codepipeline delete-webhook --name
  • added a new personal access token
  • tried multiple repos & branches

Any ideas how I can get GitHub to work with CloudFormation & CodePipeline?

like image 742
shmck Avatar asked Mar 07 '19 04:03

shmck


1 Answers

Found the solution. The Github organization name is case sensitive.

like image 59
shmck Avatar answered Sep 20 '22 15:09

shmck