Skip to content

Commit 7069a40

Browse files
jakebarkjakebark
authored
codebuild overrides (#27)
optional codebuild overrides for buildspec, image, and terraform directory.
1 parent 75871e9 commit 7069a40

File tree

13 files changed

+36
-13
lines changed

13 files changed

+36
-13
lines changed

README.md

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -91,6 +91,14 @@ module "pipeline" {
9191
checkov_version = "3.2.0"
9292
tflint_version = "0.55.0"
9393
94+
build_override = {
95+
directory - "./terraform"
96+
plan_buildspec = file("./my_plan.yml")
97+
plan_image = "aws/codebuild/amazonlinux2-x86_64-standard:5.0"
98+
apply_buildspec = file("./my_apply.yml")
99+
apply_image = "hashicorp/terraform:latest"
100+
}
101+
94102
vpc = {
95103
vpc_id = "vpc-011a22334455bb66c",
96104
subnets = ["subnet-011aabbcc2233d4ef"],

codebuild.tf

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ module "validation" {
88
codebuild_role = aws_iam_role.codebuild.arn
99
environment_variables = var.tags == "" ? local.env_var : local.conditional_env_var
1010
build_timeout = var.build_timeout
11-
build_spec = "${each.key}.yml"
11+
build_spec = file("${path.module}/modules/codebuild/buildspecs/${each.key}.yml")
1212
log_group = aws_cloudwatch_log_group.this.name
1313
image = each.value
1414
vpc = var.vpc
@@ -20,9 +20,9 @@ module "plan" {
2020
codebuild_role = aws_iam_role.codebuild.arn
2121
environment_variables = local.env_var
2222
build_timeout = var.build_timeout
23-
build_spec = "plan.yml"
23+
build_spec = var.build_override["plan_buildspec"] != null ? var.build_override["plan_buildspec"] : file("${path.module}/modules/codebuild/buildspecs/plan.yml")
2424
log_group = aws_cloudwatch_log_group.this.name
25-
image = "hashicorp/terraform:${var.terraform_version}"
25+
image = var.build_override["plan_image"] != null ? var.build_override["plan_image"] : "hashicorp/terraform:${var.terraform_version}"
2626
vpc = var.vpc
2727
}
2828

@@ -32,9 +32,9 @@ module "apply" {
3232
codebuild_role = aws_iam_role.codebuild.arn
3333
environment_variables = local.env_var
3434
build_timeout = var.build_timeout
35-
build_spec = "apply.yml"
35+
build_spec = var.build_override["apply_buildspec"] != null ? var.build_override["apply_buildspec"] : file("${path.module}/modules/codebuild/buildspecs/apply.yml")
3636
log_group = aws_cloudwatch_log_group.this.name
37-
image = "hashicorp/terraform:${var.terraform_version}"
37+
image = var.build_override["apply_image"] != null ? var.build_override["apply_image"] : "hashicorp/terraform:${var.terraform_version}"
3838
vpc = var.vpc
3939
}
4040

docs/optional_inputs.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,8 @@
1616

1717
`build_timeout` is the CodeBuild project build timeout. It defaults to 10 (minutes).
1818

19+
`build_override` can replace the existing CodeBuild buildspecs and images with your own. The `directory` argument sets the path of the terraform (eg. `./terraform`), if its not in the root of your directory structure.
20+
1921
`terraform_version` controls the terraform version. It defaults to 1.5.7.
2022

2123
`checkov_version` controls the [Checkov](https://www.checkov.io/) version. It defaults to latest.

locals.tf

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@ locals {
1919
TF_VERSION = var.terraform_version
2020
TFLINT_VERSION = var.tflint_version
2121
WORKSPACE_DIRECTORY = var.workspace_directory
22+
TERRAFORM_DIRECTORY = var.build_override["directory"]
2223
}
2324
conditional_env_var = merge(local.env_var, {
2425
TAGS = var.tags

modules/codebuild/buildspecs/apply.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ version: 0.2
33
phases:
44
build:
55
commands:
6-
- cd "$CODEBUILD_SRC_DIR"
6+
- cd "$CODEBUILD_SRC_DIR/$TERRAFORM_DIRECTORY"
77
- terraform init -lock=false -input=false
88
- terraform workspace select -or-create ${WORKSPACE}
99

modules/codebuild/buildspecs/fmt.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,6 @@ version: 0.2
33
phases:
44
build:
55
commands:
6-
- cd "$CODEBUILD_SRC_DIR"
6+
- cd "$CODEBUILD_SRC_DIR/$TERRAFORM_DIRECTORY"
77
- terraform init -backend=false
88
- terraform fmt --recursive --check

modules/codebuild/buildspecs/lint.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ phases:
1515

1616
build:
1717
commands:
18-
- cd "$CODEBUILD_SRC_DIR"
18+
- cd "$CODEBUILD_SRC_DIR/$TERRAFORM_DIRECTORY"
1919
- terraform init -backend=false
2020
- tflint --init
2121
- tflint

modules/codebuild/buildspecs/plan.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ version: 0.2
33
phases:
44
build:
55
commands:
6-
- cd "$CODEBUILD_SRC_DIR"
6+
- cd "$CODEBUILD_SRC_DIR/$TERRAFORM_DIRECTORY"
77
- terraform init -lock=false -input=false
88
- terraform workspace select -or-create ${WORKSPACE}
99

modules/codebuild/buildspecs/sast.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ phases:
1414

1515
build:
1616
commands:
17-
- cd "$CODEBUILD_SRC_DIR"
17+
- cd "$CODEBUILD_SRC_DIR/$TERRAFORM_DIRECTORY"
1818
- |
1919
if [ -z "${CHECKOV_SKIPS}" ]; then
2020
checkov --directory ./ --skip-path ./deploy -o junitxml > checkov.xml

modules/codebuild/buildspecs/tags.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,6 @@ phases:
1010

1111
build:
1212
commands:
13-
- cd "$CODEBUILD_SRC_DIR"
13+
- cd "$CODEBUILD_SRC_DIR/$TERRAFORM_DIRECTORY"
1414
- tag-nag . --tags $TAGS
1515

0 commit comments

Comments
 (0)