Module codebuild

@pulumi/aws > codebuild

class Project

extends CustomResource

Provides a CodeBuild Project resource. See also the aws_codebuild_webhook resource, which manages the webhook to the source (e.g. the “rebuild every time a code change is pushed” option in the CodeBuild web console).

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const exampleRole = new aws.iam.Role("example", {
    assumeRolePolicy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "codebuild.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
`,
});
const exampleBucket = new aws.s3.Bucket("example", {
    acl: "private",
});
const exampleProject = new aws.codebuild.Project("example", {
    artifacts: {
        type: "NO_ARTIFACTS",
    },
    buildTimeout: 5,
    cache: {
        location: exampleBucket.bucket,
        type: "S3",
    },
    description: "test_codebuild_project",
    environment: {
        computeType: "BUILD_GENERAL1_SMALL",
        environmentVariables: [
            {
                name: "SOME_KEY1",
                value: "SOME_VALUE1",
            },
            {
                name: "SOME_KEY2",
                type: "PARAMETER_STORE",
                value: "SOME_VALUE2",
            },
        ],
        image: "aws/codebuild/standard:1.0",
        imagePullCredentialsType: "CODEBUILD",
        type: "LINUX_CONTAINER",
    },
    serviceRole: exampleRole.arn,
    source: {
        gitCloneDepth: 1,
        location: "https://github.com/mitchellh/packer.git",
        type: "GITHUB",
    },
    tags: {
        Environment: "Test",
    },
    vpcConfig: {
        securityGroupIds: [
            "sg-f9f27d91",
            "sg-e4f48g23",
        ],
        subnets: [
            "subnet-ba35d2e0",
            "subnet-ab129af1",
        ],
        vpcId: "vpc-725fca",
    },
});
const project_with_cache = new aws.codebuild.Project("project-with-cache", {
    artifacts: {
        type: "NO_ARTIFACTS",
    },
    buildTimeout: 5,
    cache: {
        modes: [
            "LOCAL_DOCKER_LAYER_CACHE",
            "LOCAL_SOURCE_CACHE",
        ],
        type: "LOCAL",
    },
    description: "test_codebuild_project_cache",
    environment: {
        computeType: "BUILD_GENERAL1_SMALL",
        environmentVariables: [{
            name: "SOME_KEY1",
            value: "SOME_VALUE1",
        }],
        image: "aws/codebuild/standard:1.0",
        imagePullCredentialsType: "CODEBUILD",
        type: "LINUX_CONTAINER",
    },
    serviceRole: exampleRole.arn,
    source: {
        gitCloneDepth: 1,
        location: "https://github.com/mitchellh/packer.git",
        type: "GITHUB",
    },
    tags: {
        Environment: "Test",
    },
});
const exampleRolePolicy = new aws.iam.RolePolicy("example", {
    policy: pulumi.interpolate`{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Resource": [
        "*"
      ],
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "ec2:CreateNetworkInterface",
        "ec2:DescribeDhcpOptions",
        "ec2:DescribeNetworkInterfaces",
        "ec2:DeleteNetworkInterface",
        "ec2:DescribeSubnets",
        "ec2:DescribeSecurityGroups",
        "ec2:DescribeVpcs"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:*"
      ],
      "Resource": [
        "${exampleBucket.arn}",
        "${exampleBucket.arn}/*"
      ]
    }
  ]
}
`,
    role: exampleRole.name,
});

constructor

new Project(name: string, args: ProjectArgs, opts?: pulumi.CustomResourceOptions)

Create a Project resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ProjectState, opts?: pulumi.CustomResourceOptions): Project

Get an existing Project resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

The ARN of the CodeBuild project.

property artifacts

public artifacts: pulumi.Output<{
    encryptionDisabled: undefined | false | true;
    location: undefined | string;
    name: undefined | string;
    namespaceType: undefined | string;
    packaging: undefined | string;
    path: undefined | string;
    type: string;
}>;

Information about the project’s build output artifacts. Artifact blocks are documented below.

property badgeEnabled

public badgeEnabled: pulumi.Output<boolean | undefined>;

Generates a publicly-accessible URL for the projects build badge. Available as badge_url attribute when enabled.

property badgeUrl

public badgeUrl: pulumi.Output<string>;

The URL of the build badge when badge_enabled is enabled.

property buildTimeout

public buildTimeout: pulumi.Output<number | undefined>;

How long in minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait until timing out any related build that does not get marked as completed. The default is 60 minutes.

property cache

public cache: pulumi.Output<{
    location: undefined | string;
    modes: string[];
    type: undefined | string;
} | undefined>;

Information about the cache storage for the project. Cache blocks are documented below.

property description

public description: pulumi.Output<string>;

A short description of the project.

property encryptionKey

public encryptionKey: pulumi.Output<string>;

The AWS Key Management Service (AWS KMS) customer master key (CMK) to be used for encrypting the build project’s build output artifacts.

property environment

public environment: pulumi.Output<{
    certificate: undefined | string;
    computeType: string;
    environmentVariables: {
        name: string;
        type: undefined | string;
        value: string;
    }[];
    image: string;
    imagePullCredentialsType: undefined | string;
    privilegedMode: undefined | false | true;
    type: string;
}>;

Information about the project’s build environment. Environment blocks are documented below.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The name of the project. If type is set to S3, this is the name of the output artifact object

property secondaryArtifacts

public secondaryArtifacts: pulumi.Output<{
    artifactIdentifier: string;
    encryptionDisabled: undefined | false | true;
    location: undefined | string;
    name: undefined | string;
    namespaceType: undefined | string;
    packaging: undefined | string;
    path: undefined | string;
    type: string;
}[] | undefined>;

A set of secondary artifacts to be used inside the build. Secondary artifacts blocks are documented below.

property secondarySources

public secondarySources: pulumi.Output<{
    auths: {
        resource: undefined | string;
        type: string;
    }[];
    buildspec: undefined | string;
    gitCloneDepth: undefined | number;
    insecureSsl: undefined | false | true;
    location: undefined | string;
    reportBuildStatus: undefined | false | true;
    sourceIdentifier: string;
    type: string;
}[] | undefined>;

A set of secondary sources to be used inside the build. Secondary sources blocks are documented below.

property serviceRole

public serviceRole: pulumi.Output<string>;

The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that enables AWS CodeBuild to interact with dependent AWS services on behalf of the AWS account.

property source

public source: pulumi.Output<{
    auths: {
        resource: undefined | string;
        type: string;
    }[];
    buildspec: undefined | string;
    gitCloneDepth: undefined | number;
    insecureSsl: undefined | false | true;
    location: undefined | string;
    reportBuildStatus: undefined | false | true;
    type: string;
}>;

Information about the project’s input source code. Source blocks are documented below.

property tags

public tags: pulumi.Output<{[key: string]: any} | undefined>;

A mapping of tags to assign to the resource.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property vpcConfig

public vpcConfig: pulumi.Output<{
    securityGroupIds: string[];
    subnets: string[];
    vpcId: string;
} | undefined>;

Configuration for the builds to run inside a VPC. VPC config blocks are documented below.

class Webhook

extends CustomResource

Manages a CodeBuild webhook, which is an endpoint accepted by the CodeBuild service to trigger builds from source code repositories. Depending on the source type of the CodeBuild project, the CodeBuild service may also automatically create and delete the actual repository webhook as well.

Example Usage

Bitbucket and GitHub

When working with Bitbucket and GitHub source CodeBuild webhooks, the CodeBuild service will automatically create (on aws_codebuild_webhook resource creation) and delete (on aws_codebuild_webhook resource deletion) the Bitbucket/GitHub repository webhook using its granted OAuth permissions. This behavior cannot be controlled by Terraform.

Note: The AWS account that Terraform uses to create this resource must have authorized CodeBuild to access Bitbucket/GitHub’s OAuth API in each applicable region. This is a manual step that must be done before creating webhooks with this resource. If OAuth is not configured, AWS will return an error similar to ResourceNotFoundException: Could not find access token for server type github. More information can be found in the CodeBuild User Guide for Bitbucket and GitHub.

Note: Further managing the automatically created Bitbucket/GitHub webhook with the bitbucket_hook/github_repository_webhook resource is only possible with importing that resource after creation of the aws_codebuild_webhook resource. The CodeBuild API does not ever provide the secret attribute for the aws_codebuild_webhook resource in this scenario.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.codebuild.Webhook("example", {
    projectName: aws_codebuild_project_example.name,
});

constructor

new Webhook(name: string, args: WebhookArgs, opts?: pulumi.CustomResourceOptions)

Create a Webhook resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: WebhookState, opts?: pulumi.CustomResourceOptions): Webhook

Get an existing Webhook resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property branchFilter

public branchFilter: pulumi.Output<string | undefined>;

A regular expression used to determine which branches get built. Default is all branches are built.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property payloadUrl

public payloadUrl: pulumi.Output<string>;

The CodeBuild endpoint where webhook events are sent.

property projectName

public projectName: pulumi.Output<string>;

The name of the build project.

property secret

public secret: pulumi.Output<string>;

The secret token of the associated repository. Not returned by the CodeBuild API for all source types.

property url

public url: pulumi.Output<string>;

The URL to the webhook.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

interface ProjectArgs

The set of arguments for constructing a Project resource.

property artifacts

artifacts: pulumi.Input<{
    encryptionDisabled: pulumi.Input<boolean>;
    location: pulumi.Input<string>;
    name: pulumi.Input<string>;
    namespaceType: pulumi.Input<string>;
    packaging: pulumi.Input<string>;
    path: pulumi.Input<string>;
    type: pulumi.Input<string>;
}>;

Information about the project’s build output artifacts. Artifact blocks are documented below.

property badgeEnabled

badgeEnabled?: pulumi.Input<boolean>;

Generates a publicly-accessible URL for the projects build badge. Available as badge_url attribute when enabled.

property buildTimeout

buildTimeout?: pulumi.Input<number>;

How long in minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait until timing out any related build that does not get marked as completed. The default is 60 minutes.

property cache

cache?: pulumi.Input<{
    location: pulumi.Input<string>;
    modes: pulumi.Input<pulumi.Input<string>[]>;
    type: pulumi.Input<string>;
}>;

Information about the cache storage for the project. Cache blocks are documented below.

property description

description?: pulumi.Input<string>;

A short description of the project.

property encryptionKey

encryptionKey?: pulumi.Input<string>;

The AWS Key Management Service (AWS KMS) customer master key (CMK) to be used for encrypting the build project’s build output artifacts.

property environment

environment: pulumi.Input<{
    certificate: pulumi.Input<string>;
    computeType: pulumi.Input<string>;
    environmentVariables: pulumi.Input<pulumi.Input<{
        name: pulumi.Input<string>;
        type: pulumi.Input<string>;
        value: pulumi.Input<string>;
    }>[]>;
    image: pulumi.Input<string>;
    imagePullCredentialsType: pulumi.Input<string>;
    privilegedMode: pulumi.Input<boolean>;
    type: pulumi.Input<string>;
}>;

Information about the project’s build environment. Environment blocks are documented below.

property name

name?: pulumi.Input<string>;

The name of the project. If type is set to S3, this is the name of the output artifact object

property secondaryArtifacts

secondaryArtifacts?: pulumi.Input<pulumi.Input<{
    artifactIdentifier: pulumi.Input<string>;
    encryptionDisabled: pulumi.Input<boolean>;
    location: pulumi.Input<string>;
    name: pulumi.Input<string>;
    namespaceType: pulumi.Input<string>;
    packaging: pulumi.Input<string>;
    path: pulumi.Input<string>;
    type: pulumi.Input<string>;
}>[]>;

A set of secondary artifacts to be used inside the build. Secondary artifacts blocks are documented below.

property secondarySources

secondarySources?: pulumi.Input<pulumi.Input<{
    auths: pulumi.Input<pulumi.Input<{
        resource: pulumi.Input<string>;
        type: pulumi.Input<string>;
    }>[]>;
    buildspec: pulumi.Input<string>;
    gitCloneDepth: pulumi.Input<number>;
    insecureSsl: pulumi.Input<boolean>;
    location: pulumi.Input<string>;
    reportBuildStatus: pulumi.Input<boolean>;
    sourceIdentifier: pulumi.Input<string>;
    type: pulumi.Input<string>;
}>[]>;

A set of secondary sources to be used inside the build. Secondary sources blocks are documented below.

property serviceRole

serviceRole: pulumi.Input<string>;

The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that enables AWS CodeBuild to interact with dependent AWS services on behalf of the AWS account.

property source

source: pulumi.Input<{
    auths: pulumi.Input<pulumi.Input<{
        resource: pulumi.Input<string>;
        type: pulumi.Input<string>;
    }>[]>;
    buildspec: pulumi.Input<string>;
    gitCloneDepth: pulumi.Input<number>;
    insecureSsl: pulumi.Input<boolean>;
    location: pulumi.Input<string>;
    reportBuildStatus: pulumi.Input<boolean>;
    type: pulumi.Input<string>;
}>;

Information about the project’s input source code. Source blocks are documented below.

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A mapping of tags to assign to the resource.

property vpcConfig

vpcConfig?: pulumi.Input<{
    securityGroupIds: pulumi.Input<pulumi.Input<string>[]>;
    subnets: pulumi.Input<pulumi.Input<string>[]>;
    vpcId: pulumi.Input<string>;
}>;

Configuration for the builds to run inside a VPC. VPC config blocks are documented below.

interface ProjectState

Input properties used for looking up and filtering Project resources.

property arn

arn?: pulumi.Input<string>;

The ARN of the CodeBuild project.

property artifacts

artifacts?: pulumi.Input<{
    encryptionDisabled: pulumi.Input<boolean>;
    location: pulumi.Input<string>;
    name: pulumi.Input<string>;
    namespaceType: pulumi.Input<string>;
    packaging: pulumi.Input<string>;
    path: pulumi.Input<string>;
    type: pulumi.Input<string>;
}>;

Information about the project’s build output artifacts. Artifact blocks are documented below.

property badgeEnabled

badgeEnabled?: pulumi.Input<boolean>;

Generates a publicly-accessible URL for the projects build badge. Available as badge_url attribute when enabled.

property badgeUrl

badgeUrl?: pulumi.Input<string>;

The URL of the build badge when badge_enabled is enabled.

property buildTimeout

buildTimeout?: pulumi.Input<number>;

How long in minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait until timing out any related build that does not get marked as completed. The default is 60 minutes.

property cache

cache?: pulumi.Input<{
    location: pulumi.Input<string>;
    modes: pulumi.Input<pulumi.Input<string>[]>;
    type: pulumi.Input<string>;
}>;

Information about the cache storage for the project. Cache blocks are documented below.

property description

description?: pulumi.Input<string>;

A short description of the project.

property encryptionKey

encryptionKey?: pulumi.Input<string>;

The AWS Key Management Service (AWS KMS) customer master key (CMK) to be used for encrypting the build project’s build output artifacts.

property environment

environment?: pulumi.Input<{
    certificate: pulumi.Input<string>;
    computeType: pulumi.Input<string>;
    environmentVariables: pulumi.Input<pulumi.Input<{
        name: pulumi.Input<string>;
        type: pulumi.Input<string>;
        value: pulumi.Input<string>;
    }>[]>;
    image: pulumi.Input<string>;
    imagePullCredentialsType: pulumi.Input<string>;
    privilegedMode: pulumi.Input<boolean>;
    type: pulumi.Input<string>;
}>;

Information about the project’s build environment. Environment blocks are documented below.

property name

name?: pulumi.Input<string>;

The name of the project. If type is set to S3, this is the name of the output artifact object

property secondaryArtifacts

secondaryArtifacts?: pulumi.Input<pulumi.Input<{
    artifactIdentifier: pulumi.Input<string>;
    encryptionDisabled: pulumi.Input<boolean>;
    location: pulumi.Input<string>;
    name: pulumi.Input<string>;
    namespaceType: pulumi.Input<string>;
    packaging: pulumi.Input<string>;
    path: pulumi.Input<string>;
    type: pulumi.Input<string>;
}>[]>;

A set of secondary artifacts to be used inside the build. Secondary artifacts blocks are documented below.

property secondarySources

secondarySources?: pulumi.Input<pulumi.Input<{
    auths: pulumi.Input<pulumi.Input<{
        resource: pulumi.Input<string>;
        type: pulumi.Input<string>;
    }>[]>;
    buildspec: pulumi.Input<string>;
    gitCloneDepth: pulumi.Input<number>;
    insecureSsl: pulumi.Input<boolean>;
    location: pulumi.Input<string>;
    reportBuildStatus: pulumi.Input<boolean>;
    sourceIdentifier: pulumi.Input<string>;
    type: pulumi.Input<string>;
}>[]>;

A set of secondary sources to be used inside the build. Secondary sources blocks are documented below.

property serviceRole

serviceRole?: pulumi.Input<string>;

The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that enables AWS CodeBuild to interact with dependent AWS services on behalf of the AWS account.

property source

source?: pulumi.Input<{
    auths: pulumi.Input<pulumi.Input<{
        resource: pulumi.Input<string>;
        type: pulumi.Input<string>;
    }>[]>;
    buildspec: pulumi.Input<string>;
    gitCloneDepth: pulumi.Input<number>;
    insecureSsl: pulumi.Input<boolean>;
    location: pulumi.Input<string>;
    reportBuildStatus: pulumi.Input<boolean>;
    type: pulumi.Input<string>;
}>;

Information about the project’s input source code. Source blocks are documented below.

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A mapping of tags to assign to the resource.

property vpcConfig

vpcConfig?: pulumi.Input<{
    securityGroupIds: pulumi.Input<pulumi.Input<string>[]>;
    subnets: pulumi.Input<pulumi.Input<string>[]>;
    vpcId: pulumi.Input<string>;
}>;

Configuration for the builds to run inside a VPC. VPC config blocks are documented below.

interface WebhookArgs

The set of arguments for constructing a Webhook resource.

property branchFilter

branchFilter?: pulumi.Input<string>;

A regular expression used to determine which branches get built. Default is all branches are built.

property projectName

projectName: pulumi.Input<string>;

The name of the build project.

interface WebhookState

Input properties used for looking up and filtering Webhook resources.

property branchFilter

branchFilter?: pulumi.Input<string>;

A regular expression used to determine which branches get built. Default is all branches are built.

property payloadUrl

payloadUrl?: pulumi.Input<string>;

The CodeBuild endpoint where webhook events are sent.

property projectName

projectName?: pulumi.Input<string>;

The name of the build project.

property secret

secret?: pulumi.Input<string>;

The secret token of the associated repository. Not returned by the CodeBuild API for all source types.

property url

url?: pulumi.Input<string>;

The URL to the webhook.