Code Pipeline 101
AWS Code Pipeline
AWS Code Pipeline is a fully managed Continuous Integration and Continuous Delivery service
CodePipeline can orchestrate the Build, Test, and even Deployment of your application every time there is a change to your code - all based on a user defined software release process.
Traditional manual approaches to code delivery can be slow and prone to errors, whereas an automated process allows developers to frequently release new features and bug fixes in a fast and reliable way.
Code Pipeline allows you to model your release process as a workflow or pipeline made up of different tasks.
Code Update -> Build -> Test -> Deploy
You define what happens and where for each of the different stages of the workflow, and this can be modelled using the CodePipeline GUI or CLI.
Integrates with CodeCommit, CodeBuild, CodeDeploy, Lambda, Elastic Beanstalk, CloudFormation, Elastic Container Service, as well as third party tools like GitHub and Jenkins
Every code change pushed to your code repository (S3 or CodeCommit) automatically enters the workflow and triggers the set of actions defined for each stage of the pipeline.
The pipeline automatically stops if one of the stages fails. For example, if one of your automated unit tests fails. This means that bugs are caught before the code is deployed while they are still easy to fix.
User updates code stored in S3. This triggers a CloudWatch alert that triggers the CodePipeline workflow. CodeDeploy fetches updated code and deploys.
AWS CodePipeline Exam Tips
- Continuous Integration / Continuous Delivery Service
- Automates your end-to-end software release process based on a user defined workflow
- Can be configured to automatically trigger your pipeline as soon as a change is detected in your source code repository
- Integrates with other services from AWS like CodeBuild and CodeDeploy, as well as third party and custom plug-ins.
Manual Approval
In CodePipeline, you can add an approval action to a stage in a pipeline at the point where you want the pipeline execution to stop so that someone with the required AWS IAM permissions can approve or reject the action.
If the action is approved, the pipeline execution resumes. If the action is rejected - or if no one approves or rejects the action within seven days of the pipeline reaching the action and stopping - trhe result is the same as an action failing, and the pipeline execution does not continue.
You might use manual approval for these reasons:
- You want someone to performa code review or change management review before a revision is allowed into the next stage of a pipeline.
- You want someone to perform manual quality assurance testing on the latest version of an application, or to confirm the integrity of a build artifact, before it is released.
- You want someone to review new or updated text before it is published to a company website.
You can configure an approval action to publish a message to an SNS topic when the pipeline stops at each action. SNS delivers the message to every endpoint subscribed to the topic. You must use a topic created in the same AWS region as the pipeline that will include the approval action. When you create a topic, it is recommended that you give it a name that will identify its purpose, in formats such as tutorialsdojoManualApprovalPHL-us-east-2-approval.
Extras
- CodeBuild default timeout is 60 minutes. Can be configured to lower it.
- For AWS CodeBuild to encrypt its build output artifacts, it needs access to an AWS KMS customer master key (CMK). By default, AWS CodeBuild uses the AWS-managed CMK for Amazon S3 in your AWS account.
- Specify a KMS key to use here.
- If dependencies are taking a long time to resolve during the CodeBuild stage:
- Bundle the dependencies in the source code during the last stage of CodeBuild
- Allows the code bundle to be deployed to Elastic Beanstalk to have both the dependencies and the code, hence speeding up the deployment time to Elastic Beanstalk
- you wouldn't want to bundle them in the Repo because it could make the repo huge
- if you stored in S3, there would still be a time issue because of the retrieval time
- Bundle the dependencies in the source code during the last stage of CodeBuild
- If there is any build output, the build environment uploads its output to an Amazon S3 bucket. While the build is running, you can use the AWS CodeBuild console, AWS CLI, or AWS SDKs, to get summarized build information from AWS CodeBuild and detailed build information from Amazon CloudWatch Logs.