serverless-application-model icon indicating copy to clipboard operation
serverless-application-model copied to clipboard
verified publisher icon aws

CodeCommit Event

Open mindrunner opened this issue 6 years ago • 8 comments

Description:

I am writing a lambda function which is supposed to be triggered by CodeCommit. However, I cannot figure out how to add the permissions for CodeCommit. If I configure it via GUI (screenshot), it works without a problem. 2019-06-08-221854_1370x745_scrot

I saw, that there has been discussions about that.

https://github.com/awslabs/serverless-application-model/issues/60 https://github.com/awslabs/serverless-application-model/issues/920

I do not see a reason, why we should use workarounds like SNS (I haven't even seen a full example for this), if there is direct support for CodeCommit Events.

Observed result:

CodeCommit has no permission to invoke Lambda.

Expected result:

SAM accepts something like the following in template.yaml

Resources:
  CodePipelineTriggerFunction:
    Type: AWS::Serverless::Function # More info about Function Resource: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction
    Properties:
      CodeUri: src/
      Handler: app.lambda_handler
      Runtime: python3.7
      Tracing: "Active"
      Policies:
        - AWSCodePipelineFullAccess
      Events:
        CodeCommitTrigger:
          Type: CodeCommit
          Properties:
            RepositoryName: back-end
            TriggerName: back-end-trigger

mindrunner avatar Jun 09 '19 04:06 mindrunner

I found the docs that talk about adding a code commit trigger to lambda manually.

I think that the implementation would be similar to the Cloudwatch Log event, which can be found here: https://github.com/awslabs/serverless-application-model/blob/master/samtranslator/model/eventsources/cloudwatchlogs.py

keetonian avatar Jun 11 '19 17:06 keetonian

Yeah, I added the thing manually for now. However, I actually only need that because of another weird restriction in AWS. I want to build/test every pushed branch in a repo with amazons integrated CI CodePipeline/CodeBuild. This seems impossible without adding additional functionality. (Which is super odd in my opinion.) Thus, I am registering a post push trigger which fires up a Lambda to create a pipeline on demand....

mindrunner avatar Jun 11 '19 21:06 mindrunner

Hi @keetonian, can I work on implementing this feature?

sivarosh avatar Jul 31 '19 01:07 sivarosh

@sivarosh Absolutely! Looking forward to your PR. 😊

jlhood avatar Aug 02 '19 19:08 jlhood

Hi @sivarosh, I would like to submit a PR on this issue. Please let me know if you're still working on it. Thanks

eduardovra avatar Jan 26 '20 20:01 eduardovra

Hi @eduardovra, please go ahead! I've been caught up with work and haven't been able to work on it so far :( Looking forward to it!

sivarosh avatar Jan 27 '20 03:01 sivarosh

I did a little bit of research, and found 2 ways of setting up this trigger:

1 - If the repository is being created by the same cfn template as the function, it's possible to use the RepositoryTrigger resource (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-codecommit-repository-repositorytrigger.html). In this case I belive there is nothing to be done by SAM.

2 - If the repository is created outside the function's template, we could use EventBridge to set up the trigger between the two (https://docs.aws.amazon.com/codepipeline/latest/userguide/pipelines-trigger-source-repo-changes-cfn.html)

Is there any other options that I'm missing ?

eduardovra avatar Jan 31 '20 12:01 eduardovra

Just checking in, the project I was working for does not exist anymore, so my personal interest in this vanished for now. Happy to see progress happening here, though! :)

mindrunner avatar Feb 02 '20 02:02 mindrunner