Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

AWS CodeBuild and CodeCommit repo as npm dependency

We have 2 reports

  1. Repo 1
  2. Repo 2

Inside Repo 1 > package.json there is a dependency

"dependencies": {
    "repo-2": "git+https://git-codecommit.us-east-1.amazonaws.com/v1/repos/repo-2/"
}

Then, inside CodeBuild for "repo-1", we have the following buildspec

version: 0.2

phases:
  install:
    runtime-versions:
      nodejs: 10
    commands:
      - mkdir -p ./deploy
  build:
    commands:
      - echo "Server copy START $(date)"
      - cp -r ./index.js ./deploy/index.js
      - cp -r ./package.json ./deploy/package.json
      - cp -r ./buildspec.yml ./deploy/buildspec.yml
      - echo "Server copy END $(date)"
      - echo "Server npm install START $(date)"
      - cd ./deploy && npm install --production
      - echo "Server npm install END $(date)"
  post_build:
    commands:
artifacts:
  files:
        - '**/*'
  base-directory: 'deploy'

The error CodeBuild throws is the following

npm ERR! fatal: unable to access 'https://git-codecommit.us-east-1.amazonaws.com/v1/repos/repo-2/': The requested URL returned error: 403 

Basically, the question is: Can I use CodeCommit repo as npm dependency and what is the proper way to do it?

Try #1

I tried to add this (and similar variations) but no success https://medium.com/@ngchiwang/aws-npm-install-private-codecommit-module-8512c3203c37

#Try 2

I also tried to change the dependency URL to this

"repo-2": "git://git-codecommit.us-east-1.amazonaws.com/v1/repos/repo-2"

But gettings the following error

npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fatal: unable to connect to git-codecommit.us-east-1.amazonaws.com: 
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: git-codecommit.us-east-1.amazonaws.com[0: 52.94.233.146]: errno=Connection refused
like image 265
Andrej Kaurin Avatar asked Aug 29 '19 11:08

Andrej Kaurin


Video Answer


2 Answers

I ran into this same issue today and got it working by enabling git-credential-helper in the env section of the buildspec file.

Example:

version: 0.2
env:
  git-credential-helper: yes
phases:
  install:
    runtime-versions:
      nodejs: 10
    commands:
      - npm install
  build:
    commands:
      - npm run build

This combined with CodeCommit privileges in the policy (that you said you already have) results in working builds with private npm packages from CodeCommit.

like image 108
Covalence Avatar answered Sep 19 '22 13:09

Covalence


I had a similar issue last week so will share the solution recommended for Amazon Team.

The better approach for this would be to set "git-credential-helper" to yes [1] in the env section of your buildspec file and then can use https to access the repository. Please refer the below BuildSpec example for the same.

================Buildspec Snippet=================

version: 0.2

env:
    git-credential-helper: yes

phases:
    pre_build:
        commands:
        - /usr/bin/git ls-remote -h -t https://git-codecommit.us-east-1.amazonaws.com/v1/repos/repo-2/

================Buildspec Snippet=================

Also, please make sure you have provided the required permissions to access CodeCommit repository in the CodeBuild IAM Role. I am providing sample IAM policies below for the same which you can refer to provide permissions depending on your use-case:

===========IAM Policy example=============

   {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Sid": "VisualEditor0",
                "Effect": "Allow",
                "Action": [
                    "codecommit:GetRepository",
                    "codecommit:GitPull",
                    "codecommit:GetFolder"
                ],
                "Resource": "arn:aws:codecommit:us-east-1:<put repo Name or *>"
            },
            {
                "Sid": "VisualEditor1",
                "Effect": "Allow",
                "Action": "codecommit:ListRepositories",
                "Resource": "*"
            }
        ]
    }

===========IAM Policy example=============

Please check if the above approach helps in achieving your use-case.

Kindly note that the above buildspec snippet is just an example to explain how you can access the CodeCommit repo, and it needs to be modified as per your requirement. For example, you can describe your repository dependency in package.json like below which I assume you are already doing and run npm install through your buildspec file in codebuild.

"dependencies": {
    "my-npm": "git+https://git-codecommit.us-east-1.amazonaws.com/v1/repos/<repo name>"
},
like image 36
Willian Avatar answered Sep 19 '22 13:09

Willian