CODEWITHSUNDEEP
amazon-web-servicesaws-cdkaws-codebuild
redigaffi
redigaffi

Reputation: 449

How to connect to github with AWS CDK using codebuild?

I have the following github source:

const gitHubSource = cb.Source.gitHub({
    owner: 'me',
    repo: 'repo',
    webhook: true,
    OAuthToken: '',
    webhookFilters: [
      cb.FilterGroup
        .inEventOf(cb.EventAction.PUSH, cb.EventAction.PULL_REQUEST_MERGED)
        .andBranchIs('dev')
    ],
});

Here is the codebuild project:

new cb.Project(this, 'MyProject', {
    environmentVariables: {
      "BUCKET_NAME": { value: bucket.bucketName },
      "CF_DIST_ID": { value: distribution.distributionId }
    },
    source: gitHubSource
});

It fails because its unable to find the oauth token:

    10:49:45 | CREATE_FAILED        | AWS::CodeBuild::Project                         | 
    MyProject39F7B0AE
    Failed to call CreateWebhook, reason: Could not find access token for server type 
    github (Service: AWSCo
    deBuild; Status Code: 400; Error Code: ResourceNotFoundException; Request ID: 
    99d1fd6d-bd2c-49b8-bbed-82
    06636055b5; Proxy: null)

Reading the docs I dont find a way to pass oauth tokens to cb.Source.gitHub neither to cb.Project (cb stands for codebuild btw).

I already have a github connection in my aws account: enter image description here

Is there some way to use this existing connection? if not, how can I pass the oauthtoken to codebuild or github source?

Upvotes: 2

Views: 3278

Answers (1)

fedonev
fedonev

Reputation: 25649

Codebuild uses your github personal access token to access github. You give Codebuild your token one time only. It's not added to each project:

CDK Docs: the credentials are global to a given account in a given region - they are not defined per CodeBuild project. CodeBuild only allows storing a single credential of a given type (GitHub, GitHub Enterprise or BitBucket) in a given account in a given region - any attempt to save more than one will result in an error. You can use the list-source-credentials AWS CLI operation to inspect what credentials are stored in your account.

You can use the CDK for the one-time credential adding step:

new codebuild.GitHubSourceCredentials(this, 'CodeBuildGitHubCreds', {
  accessToken: SecretValue.secretsManager('my-token'),
});

Upvotes: 4

Related Questions