Reputation: 1882
What GitHub permissions does CodePipeline need to work with a repository?
I noticed that AWS CodeBuild only needs read-only permissions to rely on a GitHub repository. AWS CodePipeline did not with no substantive error. Instead the repositories would just not show up.
What permissions does CodePipeline need to work with a GitHub repository?
Upvotes: 2
Views: 3553
Answers (3)
Reputation: 6685
If you want to use a GitHub repository as the source, you must create:
- A GitHub Access Token, with scopes
repoandadmin:repo_hook.
Source: https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_codepipeline_actions-readme.html#github
Upvotes: 0
Reputation: 4885
Alternatively you can provide a Personal Authorization Token that only has Public Repo Read In a CloudFormation Template.
Setup in GitHub and copy the Personal Authorization Token
Then In your CloudFormation for CodePipeline
### Builds CI/CD pipeline Stages and Actions
Pipeline:
Type: AWS::CodePipeline::Pipeline
Properties:
ArtifactStore:
Type: S3
Location: !Join ["-", ["byu", !Ref "AWS::AccountId", !Ref "AWS::Region", "code-build-artifacts" ]]
#RoleArn: !Ref CodePipelineServiceRole
RoleArn: !Join ["",["arn:aws:iam::", !Ref "AWS::AccountId", ":role/CodePipelineServiceRole"]]
Stages:
### Defines Source repository via params
- Name: !Join ["-",["Source", !Ref GitHubBranch, !Ref GitHubRepository]]
Actions:
- InputArtifacts: []
Name: Source
ActionTypeId:
Category: Source
Owner: ThirdParty
Version: '1'
Provider: GitHub
OutputArtifacts:
- Name: MyApp
Configuration:
Owner: !Ref GitHubUser
Repo: !Ref GitHubRepository
Branch: !Ref GitHubBranch
OAuthToken: !Ref GitHubToken
RunOrder: 1
We are using !Ref to access CloudFormation Parameters that can be passed in via the cli - this keeps us from having access keys in code :O
Parameters:
GitHubUser:
Type: String
Description: GitHub user name or organization name - whichever prepends the repo name
GitHubRepository:
Type: String
Description: GitHub repository name (not url)
GitHubBranch:
Type: String
Description: GitHub repository branch
GitHubToken:
Type: String
Description: GitHub personal-access-token - see
https://help.github.com/articles/creating-an-access-token-for-command-line-use/
The GitHub username is either the username or organization name - whichever show up before your repo name.
Upvotes: 2
Reputation: 1882
Turns out the GitHub account being used with AWS CodePipeline needs full admin access in order for CodePipeline to be able to use it.
Upvotes: 2
Related Questions
- AWS CodePipeline: source action has insufficient permissions for CodeStar connection
- AWS CodePipeline - artifact file permission denied
- AWS CodePipeline not able to access Organization's repositories
- 401 Bad credentials when try to hook code pipeline with GitHub
- How to access my organisation's GitHub repos with "AWS Connector for GitHub" in CodePipeline?
- Integrating Github Enterprise with AWS Codepipeline
- Commit a file in Github in AWS CodePipeline
- AWS CodePipeline - Insufficient permissions Unable to access the artifact error
- AWS CodePipeline recognizes my new GitHub commit fine - but how?
- AWS codebuild is not gaining access to repos even after allowing it