Menu
We have 2 reports
Inside Repo 1 > package.json there is a dependency
"dependencies": {
"repo-2": "git+https://git-codecommit.us-east-1.amazonaws.com/v1/repos/repo-2/"
}
Then, inside CodeBuild for "repo-1", we have the following buildspec
version: 0.2
phases:
install:
runtime-versions:
nodejs: 10
commands:
- mkdir -p ./deploy
build:
commands:
- echo "Server copy START $(date)"
- cp -r ./index.js ./deploy/index.js
- cp -r ./package.json ./deploy/package.json
- cp -r ./buildspec.yml ./deploy/buildspec.yml
- echo "Server copy END $(date)"
- echo "Server npm install START $(date)"
- cd ./deploy && npm install --production
- echo "Server npm install END $(date)"
post_build:
commands:
artifacts:
files:
- '**/*'
base-directory: 'deploy'
The error CodeBuild throws is the following
npm ERR! fatal: unable to access 'https://git-codecommit.us-east-1.amazonaws.com/v1/repos/repo-2/': The requested URL returned error: 403
Basically, the question is: Can I use CodeCommit repo as npm dependency and what is the proper way to do it?
Try #1
I tried to add this (and similar variations) but no success https://medium.com/@ngchiwang/aws-npm-install-private-codecommit-module-8512c3203c37
#Try 2
I also tried to change the dependency URL to this
"repo-2": "git://git-codecommit.us-east-1.amazonaws.com/v1/repos/repo-2"
But gettings the following error
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fatal: unable to connect to git-codecommit.us-east-1.amazonaws.com:
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: git-codecommit.us-east-1.amazonaws.com[0: 52.94.233.146]: errno=Connection refused
265
I ran into this same issue today and got it working by enabling git-credential-helper in the env section of the buildspec file.
Example:
version: 0.2
env:
git-credential-helper: yes
phases:
install:
runtime-versions:
nodejs: 10
commands:
- npm install
build:
commands:
- npm run build
This combined with CodeCommit privileges in the policy (that you said you already have) results in working builds with private npm packages from CodeCommit.
108
I had a similar issue last week so will share the solution recommended for Amazon Team.
The better approach for this would be to set "git-credential-helper" to yes [1] in the env section of your buildspec file and then can use https to access the repository. Please refer the below BuildSpec example for the same.
================Buildspec Snippet=================
version: 0.2
env:
git-credential-helper: yes
phases:
pre_build:
commands:
- /usr/bin/git ls-remote -h -t https://git-codecommit.us-east-1.amazonaws.com/v1/repos/repo-2/
================Buildspec Snippet=================
Also, please make sure you have provided the required permissions to access CodeCommit repository in the CodeBuild IAM Role. I am providing sample IAM policies below for the same which you can refer to provide permissions depending on your use-case:
===========IAM Policy example=============
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"codecommit:GetRepository",
"codecommit:GitPull",
"codecommit:GetFolder"
],
"Resource": "arn:aws:codecommit:us-east-1:<put repo Name or *>"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "codecommit:ListRepositories",
"Resource": "*"
}
]
}
===========IAM Policy example=============
Please check if the above approach helps in achieving your use-case.
Kindly note that the above buildspec snippet is just an example to explain how you can access the CodeCommit repo, and it needs to be modified as per your requirement. For example, you can describe your repository dependency in package.json like below which I assume you are already doing and run npm install through your buildspec file in codebuild.
"dependencies": {
"my-npm": "git+https://git-codecommit.us-east-1.amazonaws.com/v1/repos/<repo name>"
},
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
