GitHub Action samples with Amazon CodeBuild - Amazon CodeBuild
Super-Linter GitHub Action sampleBatch build graph sampleAmazon CodeGuru Reviewer sampleAmazon Secrets Manager sampleEnvironment variable sampleExported environment variable sample
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

GitHub Action samples with Amazon CodeBuild

These groups of samples can be used to experiment with GitHub Actions in CodeBuild.

Super-Linter GitHub Action sample

This sample demonstrates how to add the Super-Linter GitHub Action to a CodeBuild project. The Super-Linter action inspects code, finds areas where the code has errors, formatting issues, and suspicious constructs, and then outputs the results to the CodeBuild console.

You can add the Super-Linter GitHub Action to your CodeBuild project by updating the phase section of your buildspec file.

version: 0.2
phases:
  build:
    steps:
      - name: Lint Code Base
        uses: github/super-linter@v5
        env:
          VALIDATE_ALL_CODEBASE: true

The Super-Linter logs will look similar to the following:

/github/workspace/hello-world/app.js:3:13: Extra semicolon.
/github/workspace/hello-world/app.js:9:92: Trailing spaces not allowed.
/github/workspace/hello-world/app.js:21:7: Unnecessarily quoted property 'body' found.
/github/workspace/hello-world/app.js:31:1: Expected indentation of 2 spaces but found 4.
/github/workspace/hello-world/app.js:32:2: Newline required at end of file but not found.

Batch build graph sample

The following example defines a build graph that creates a dependency chain and runs commands using steps. In this example, build1 runs first because it has no dependencies. Since build2 has a dependency on build1, so build2 runs after build1 completes. For information, see Build graph.

version: 0.2
batch:
  fast-fail: false
  build-graph:
    - identifier: build1
      env:
        variables:
          BUILD_ID: build1
      ignore-failure: false
    - identifier: build2
      env:
        variables:
          BUILD_ID: build2
      depend-on:
        - build1

phases:
  build:
    steps:
      - run: echo $BUILD_ID

Amazon CodeGuru Reviewer sample

Amazon CodeGuru Reviewer finds issues in your Java and Python code and recommends how to remediate them. The following example uses CodeGuru Reviewer to provide full repository analysis code reviews. These code reviews scan all the code in a specified branch. For information, see Create code reviews with GitHub Actions in the Amazon CodeGuru Reviewer User Guide.

version: 0.2
phases:
  build:
    steps:
        - name: Amazon CodeGuru Reviewer Scanner
          if: ${{ always() }}
          uses: aws-actions/codeguru-reviewer@v1.1
          with:
            s3_bucket: codeguru-reviewer-user

artifacts:
  files:
    - codeguru-results.sarif.json
Note

Your Amazon S3 bucket must start with the codeguru-reviewer- prefix.

The logs will look similar to the following:

INFO CodeReview created with arn=arn:aws:codeguru-reviewer:region:account-id:association:id:code-review:RepositoryAnalysis-job for job=job
INFO SARIF persisted to /github/workspace/codeguru-results.sarif.json
INFO Amazon CodeGuru Reviewer job execution completed

After the Amazon CodeGuru Reviewer job is complete, a sarif report is generated as CodeBuild artifact. For information, see Full repository analysis in the Amazon CodeGuru Reviewer User Guide.

Amazon Secrets Manager sample

Amazon Secrets Manager helps you manage, retrieve, and rotate database credentials, application credentials, OAuth tokens, API keys, and other secrets throughout their lifecycles. The following example defines a secret using Secrets Manager and runs commands using steps. For information, see What is Amazon Secrets Manager? in the Amazon Secrets Manager User Guide.

version: 0.2
env:
  secrets-manager:
    SECRET_VALUE: "arn:aws:secretsmanager:us-east-1:xxxx:secret:/secret-l3IJg9:my_super_secret_key"
phases:
  build:
    steps:
      - run: echo $SECRET_VALUE

The logs will look similar to the following:

echo $SECRET_VALUE
env:
  SECRET_VALUE: ***
***

Environment variable sample

The following example defines environment variables under the env sequence. A S3_BUCKET variable is defined in the buildspec and assigned <bucket-name> as its value. This variable is referenced in the if conditional like a regular environment variable by using the dollar sign ($) to access the GitHub Action env context. For more information, see env sequence.

version: 0.2
env:
  variables:
    S3_BUCKET: "<bucket-name>"
phases:
  build:
    steps:
      - if: ${{ env.S3_BUCKET == '<bucket-name>' }}
        run: echo "S3 bucket is $S3_BUCKET"

The logs will look similar to the following:

echo "S3 bucket is $S3_BUCKET"
env:
  S3_BUCKET: my-s3-bucket
S3 bucket is my-s3-bucket

Exported environment variable sample

Exported environment variables are used in conjunction with CodePipeline to export environment variables from the current build stage to subsequent stages in the pipeline. The following example defines an exported environment variable under the env sequence named MY_VARIABLE and writes to the GITHUB_ENV environment file. 

version: 0.2
env:
  exported-variables:
    - MY_VARIABLE
phases:
  build:
    steps:
      - run: echo "MY_VARIABLE=my-value" >> $GITHUB_ENV

For more information, see ExportedEnvironmentVariable in the Amazon CodeBuild API Reference.