aws-codebuild-run-build icon indicating copy to clipboard operation
aws-codebuild-run-build copied to clipboard

Published 20 hours ago verified publisher icon aws-actions

Investigate support for GitHub Enterprise

Open mattsb42-aws opened this issue 5 years ago • 7 comments

The URL that we pass to CodeBuild to check out the code is currently hard-coded to use https://github.com. Because GitHub Actions is available in GitHub Enterprise, it would be nice if this action worked there too.

mattsb42-aws avatar Jan 16 '20 20:01 mattsb42-aws

The current implementation is also incompatible with private repositories on GitHub.

I have an idea to solve this by having the option to push a source archive (zip/tarball) from GitHub Actions to an S3 bucket, and using this as the source for CodeBuild — rather than having CodeBuild clone from GitHub itself.

This wouldn't require any additional authentication/authorisation pieces on the GitHub Actions side, and would require a user to give IAM permissions to an S3 bucket in addition to the CodeBuild/Cloudwatch Logs permissions already required.

Is this something you'd consider for this issue, or would you like me to separate this into a new separate issue?

ctd avatar Mar 20 '20 11:03 ctd

I think that this should go into a separate issue. CodeBuild has a lot of options for source delivery, and I want to try and balance completeness with ease of use.

If you could throw into that issue, how you see this working, and what underling CodeBuild APIs you are wanting to call that would be great!

seebees avatar Mar 24 '20 16:03 seebees

I’m wondering - as an alternative, could one set the codebuild project to NO_SOURCE, and pass in the GITHUB_TOKEN and GITHUB_ACTOR is a environment variables? This would require the project to manually clone the repo, though.

You would also need to fork this action and change the overrides... but it would probably work.

matt-tyler avatar Apr 01 '20 11:04 matt-tyler

I gave it a go and can confirm that passing GITHUB_ACTOR and the secret variable GITHUB_TOKEN, you can configure a codebuild job with source configured as NO_SOURCE to pull from github. The only issue is that you have to write the step to pull the code within the codebuild buildspec and you miss out on the built-in source caching capabilities of codebuild.

I also hacked it a bit and provided the token as a PLAIN_TEXT environment variable because it was the least amount of work - the current implementation is propogating all environment variables prepend with 'GITHUB_' the environment variable overrides. Tokens are valid for roughly 60 minutes according to github documentation, but ideally, they would be configured as secrets in the codebuild startBuild overrides.

matt-tyler avatar Apr 05 '20 01:04 matt-tyler

Glad there seems to be a workaround, but leaving this open as a valid feature request for the future.

robin-aws avatar Nov 27 '20 00:11 robin-aws

For one approach see https://github.com/aws-actions/aws-codebuild-run-build/issues/57#issuecomment-985850580

sciurus avatar Dec 03 '21 21:12 sciurus

Is this something that will still be done as a feature?

aura-herrera-sonarsource avatar Oct 11 '22 10:10 aura-herrera-sonarsource