Tutorial: Create a pipeline that publishes your serverless application to the Amazon Serverless Application Repository
You can use Amazon CodePipeline to continuously deliver your Amazon SAM serverless application to the Amazon Serverless Application Repository.
Important
As part of creating a pipeline, an S3 artifact bucket provided by the customer will be used by CodePipeline for artifacts. (This is different from the bucket used for an S3 source action.) If the S3 artifact bucket is in a different account from the account for your pipeline, make sure that the S3 artifact bucket is owned by Amazon Web Services accounts that are safe and will be dependable.
This tutorial shows how to create and configure a pipeline to build your serverless
application that is hosted in GitHub and publish it to the Amazon Serverless Application Repository automatically. The pipeline
uses GitHub as the source provider and CodeBuild as the build provider. To publish your
serverless application to the Amazon Serverless Application Repository, you deploy an application
Important
Many of the actions you add to your pipeline in this procedure involve Amazon resources that you need to create before you create the pipeline. Amazon resources for your source actions must always be created in the same Amazon Region where you create your pipeline. For example, if you create your pipeline in the US East (Ohio) Region, your CodeCommit repository must be in the US East (Ohio) Region.
You can add cross-region actions when you create your pipeline. Amazon resources for cross-region actions must be in the same Amazon Region where you plan to execute the action. For more information, see Add a cross-Region action in CodePipeline.
Before you begin
In this tutorial, we assume the following.
-
You are familiar with Amazon Serverless Application Model (Amazon SAM) and the Amazon Serverless Application Repository.
-
You have a serverless application hosted in GitHub that you have published to the Amazon Serverless Application Repository using the Amazon SAM CLI. To publish an example application to the Amazon Serverless Application Repository, see Quick Start: Publishing Applications in the Amazon Serverless Application Repository Developer Guide. To publish your own application to the Amazon Serverless Application Repository, see Publishing Applications Using the Amazon SAM CLI in the Amazon Serverless Application Model Developer Guide.
Step 1: Create a buildspec.yml file
Create a buildspec.yml
file with the following contents, and add it to
your serverless application's GitHub repository. Replace
template.yml
with your application's Amazon SAM template and
bucketname
with the S3 bucket where your packaged
application is stored.
version: 0.2 phases: install: runtime-versions: python: 3.8 build: commands: - sam package --template-file
template.yml
--s3-bucketbucketname
--output-template-file packaged-template.yml artifacts: files: - packaged-template.yml
Step 2: Create and configure your pipeline
Follow these steps to create your pipeline in the Amazon Web Services Region where you want to publish your serverless application.
Sign in to the Amazon Web Services Management Console and open the CodePipeline console at https://console.amazonaws.cn/codepipeline/
. -
If necessary, switch to the Amazon Web Services Region where you want to publish your serverless application.
-
On the Welcome page, Getting started page, or the Pipelines page, choose Create pipeline.
-
On the Step 1: Choose creation option page, under Creation options, choose the Build custom pipeline option. Choose Next.
-
Choose Create pipeline. On the Step 2: Choose pipeline settings page, in Pipeline name, enter the name for your pipeline.
-
In Pipeline type, choose V2. For more information, see Pipeline types. Choose Next.
-
In Service role, choose New service role to allow CodePipeline to create a service role in IAM.
-
Leave the settings under Advanced settings at their defaults, and then choose Next.
-
On the Step 3: Add source stage page, in Source provider, choose GitHub.
-
Under Connection, choose an existing connection or create a new one. To create or manage a connection for your GitHub source action, see GitHub connections.
-
In Repository, choose your GitHub source repository.
-
In Branch, choose your GitHub branch.
-
Leave the remaining defaults for the source action. Choose Next.
-
On the Step 4: Add build stage page, add a build stage:
-
In Build provider, choose Amazon CodeBuild. For Region, use the pipeline Region.
-
Choose Create project.
-
In Project name, enter a name for this build project.
-
In Environment image, choose Managed image. For Operating system, choose Ubuntu.
-
For Runtime and Runtime version, choose the runtime and version required for your serverless application.
-
For Service role, choose New service role.
-
For Build specifications, choose Use a buildspec file.
-
Choose Continue to CodePipeline. This opens the CodePipeline console and creates a CodeBuild project that uses the
buildspec.yml
in your repository for configuration. The build project uses a service role to manage Amazon Web Services service permissions. This step might take a couple of minutes. -
Choose Next.
-
-
In Step 5: Add test stage, choose Skip test stage, and then accept the warning message by choosing Skip again.
Choose Next.
-
On the Step 6: Add deploy stage page, choose Skip deploy stage, and then accept the warning message by choosing Skip again. Choose Next.
-
On Step 7: Review, choose Create pipeline. You should see a diagram that shows the stages.
-
Grant the CodeBuild service role permission to access the S3 bucket where your packaged application is stored.
-
In the Build stage of your new pipeline, choose CodeBuild.
-
Choose the Build details tab.
-
In Environment, choose the CodeBuild service role to open the IAM console.
-
Expand the selection for
CodeBuildBasePolicy
, and choose Edit policy. -
Choose JSON.
-
Add a new policy statement with the following contents. The statement allows CodeBuild to put objects into the S3 bucket where your packaged application is stored. Replace
bucketname
with the name of your S3 bucket.{ "Effect": "Allow", "Resource": [ "arn:aws:s3:::
bucketname
/*" ], "Action": [ "s3:PutObject" ] } -
Choose Review policy.
-
Choose Save changes.
-
Step 3: Deploy the publish application
Follow these steps to deploy the application that contains the Lambda function that performs the publish to the Amazon Serverless Application Repository. This application is aws-serverless-codepipeline-serverlessrepo-publish.
Note
You must deploy the application to the same Amazon Web Services Region as your pipeline.
-
Go to the application
page, and choose Deploy. -
Select I acknowledge that this app creates custom IAM roles.
-
Choose Deploy.
-
Choose View Amazon CloudFormation Stack to open the Amazon CloudFormation console.
-
Expand the Resources section. You see ServerlessRepoPublish, which is of the type AWS::Lambda::Function. Make a note of the physical ID of this resource for the next step. You use this physical ID when you create the new publish action in CodePipeline.
Step 4: Create the publish action
Follow these steps to create the publish action in your pipeline.
-
Open the CodePipeline console at https://console.amazonaws.cn/codepipeline/
. -
In the left navigation section, choose the pipeline that you want to edit.
-
Choose Edit.
-
After the last stage of your current pipeline, choose + Add stage. In Stage name enter a name, such as
Publish
, and choose Add stage. -
In the new stage, choose + Add action group.
-
Enter an action name. From Action provider, in Invoke, choose Amazon Lambda.
-
From Input artifacts, choose BuildArtifact.
-
From Function name, choose the physical ID of the Lambda function that you noted in the previous step.
-
Choose Save for the action.
-
Choose Done for the stage.
-
In the upper right, choose Save.
-
To verify your pipeline, make a change to your application in GitHub. For example, change the application's description in the
Metadata
section of your Amazon SAM template file. Commit the change and push it to your GitHub branch. This triggers your pipeline to run. When the pipeline is complete, check that your application has been updated with your change in the Amazon Serverless Application Repository.