Skip to content

Commit 61dd301

Browse files
HarrisonDuffieldHarrisonDuffield
committed
feat(ci): Change pipeline to use GIthub App auth
1 parent 1e4086c commit 61dd301

File tree

2 files changed

+23
-11
lines changed

2 files changed

+23
-11
lines changed

infrastructure/lib/pipeline-stack.ts

Lines changed: 22 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,6 @@ import {
1515
aws_kms as kms,
1616
} from "aws-cdk-lib";
1717
import { DocTranAppStage } from "./pipeline-app-stage";
18-
import { GitHubTrigger } from "aws-cdk-lib/aws-codepipeline-actions";
1918
import { Config } from "./types";
2019
import { loadConfig } from "../util/loadConfig";
2120

@@ -78,21 +77,21 @@ export class pipelineStack extends cdk.Stack {
7877
});
7978

8079
// SOURCE
81-
const oauthToken = cdk.SecretValue.secretsManager(
82-
`doctran-${config.common.instance.name}-oauth-token`,
83-
);
84-
const pipelineTrigger: GitHubTrigger = config.pipeline.source.repoHook
85-
.enable
86-
? GitHubTrigger.WEBHOOK
87-
: GitHubTrigger.POLL;
80+
if (!config.pipeline.source.connectionArn) {
81+
throw new Error(
82+
`Connection ARN is required. Please set it in SSM Parameter Store at: /doctran/${config.common.instance.name}/pipeline/source/connectionArn`
83+
);
84+
}
85+
const connectionArn = config.pipeline.source.connectionArn;
86+
8887
const actionName = "Source";
89-
const pipelineSource = cdkpipelines.CodePipelineSource.gitHub(
88+
const pipelineSource = cdkpipelines.CodePipelineSource.connection(
9089
sourceRepo,
9190
config.pipeline.source.repoBranch,
9291
{
9392
actionName: actionName,
94-
trigger: pipelineTrigger,
95-
authentication: oauthToken,
93+
connectionArn: connectionArn,
94+
triggerOnPush: config.pipeline.source.repoHook.enable,
9695
},
9796
);
9897

@@ -110,6 +109,18 @@ export class pipelineStack extends cdk.Stack {
110109
pipelineType: codepipeline.PipelineType.V2,
111110
});
112111

112+
// Add CodeConnections permissions to the pipeline role
113+
pipeline.role.addToPrincipalPolicy(
114+
new iam.PolicyStatement({
115+
effect: iam.Effect.ALLOW,
116+
actions: [
117+
"codeconnections:UseConnection",
118+
"codestar-connections:UseConnection"
119+
],
120+
resources: [connectionArn],
121+
}),
122+
);
123+
113124
const getConfigOutput = new codepipeline.Artifact("GetConfigOutput");
114125

115126
const dirPipeline = "infrastructure";

infrastructure/lib/types.ts

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@ export type PipelineConfig = {
2222
};
2323
repoName: string;
2424
repoOwner: string;
25+
connectionArn?: string;
2526
};
2627
};
2728

0 commit comments

Comments
 (0)