当前位置: 文江博客话题详情

如何从CodeBuild中查看CodeCommit回购?

发布于 2025-01-24 14:28:29 字数 1340 浏览 0 评论 0原文

我有一个附在CodeCommit Repo“ a”上的AWS编码器。作为构建过程的一部分,我想从repo“ a”中生成一些文物,并将其提交给CodeCommit Repo“ B”。我已经尝试包括

git clone https://git-codecommit.us-west-2.amazonaws.com/v1/repos/RepoB

在buildSpec中,但我在CodeBuild中遇到了此错误:

fatal: could not read Username for 'https://git-codecommit.us-west-2.amazonaws.com': No such device or address

[Container] 2022/04/27 22:26:42 Command did not exit successfully git clone https://git-codecommit.us-west-2.amazonaws.com/v1/repos/RepoB exit status 128

看来它没有凭据。我还尝试了在git命令中包括用户名和密码,例如git克隆https://codepipelineuser-at-- ***:***@git-codecommit.us-west-west-west-2.amazonaws.com/ v1/repos/repob并收到此错误

[Container] 2022/04/27 21:33:45 Command did not exit successfully git clone git clone https://codepipelineuser-at-***:***@git-codecommit.us-west-2.amazonaws.com/v1/repos/RepoB exit status 129
[Container] 2022/04/27 21:33:45 Phase complete: POST_BUILD State: FAILED
[Container] 2022/04/27 21:33:45 Phase context status code: COMMAND_EXECUTION_ERROR Message: Error while executing command: git clone git clone https://codepipelineuser-at-123542344134:***@git-codecommit.us-west-2.amazonaws.com/v1/repos/AmplifySpec-Kotlin. Reason: exit status 129

:已将密码存储在参数存储中)。

如何指定CodeCommit Repo的凭据,以便在CodeBuild中查看它?

原文

I have an AWS CodePipeline that is attached to a codecommit repo "A". As part of the build process, I want to generate some artifacts from repo "A" and commit them to codecommit repo "B". I have tried including

git clone https://git-codecommit.us-west-2.amazonaws.com/v1/repos/RepoB

in the buildspec but I get this error in CodeBuild:

fatal: could not read Username for 'https://git-codecommit.us-west-2.amazonaws.com': No such device or address

[Container] 2022/04/27 22:26:42 Command did not exit successfully git clone https://git-codecommit.us-west-2.amazonaws.com/v1/repos/RepoB exit status 128

It seems like it does not have credentials. I have also tried including the username and password in the git command like this git clone https://codepipelineuser-at-***:***@git-codecommit.us-west-2.amazonaws.com/v1/repos/RepoB and got this error:

[Container] 2022/04/27 21:33:45 Command did not exit successfully git clone git clone https://codepipelineuser-at-***:***@git-codecommit.us-west-2.amazonaws.com/v1/repos/RepoB exit status 129
[Container] 2022/04/27 21:33:45 Phase complete: POST_BUILD State: FAILED
[Container] 2022/04/27 21:33:45 Phase context status code: COMMAND_EXECUTION_ERROR Message: Error while executing command: git clone git clone https://codepipelineuser-at-123542344134:***@git-codecommit.us-west-2.amazonaws.com/v1/repos/AmplifySpec-Kotlin. Reason: exit status 129

(I know you should never check in a password but I just did it as a test and reset the password afterwards, and the repo is empty. If that had worked I would have stored the password in Parameter Store).

How do I specify the credentials of my CodeCommit repo so I can check it out within CodeBuild?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

幸福丶如此 2025-01-31 14:28:29

我能够通过两种方式连接到代码提交
在IAM用户上创建HTTP访问,然后使用您从访问的生成中获得的用户名/密码。

或者,您可以使用AccessKey+SecretAccesskey,但是,您需要在SecretAccesskey上使用签名V4它有点复杂

I was able to connect to code commit in 2 ways
either create HTTP access on the IAM user, and use the username/password that u get from the generation of the access.

or you can use the accessKey+secretAccessKey but, its a bit complicated you need to use Signature V4 on your secretAccessKey

回复 原文
云巢 2025-01-31 14:28:29

您可以为您的CodeBuild项目设置IAM服务角色,该项目允许您的代码从CODECOMMIT存储库中提取代码。
这个角色可能看起来像下面,

{
  "Type": "AWS::IAM::Role",
  "Description": "ServiceRole for CodeBuild",
  "Properties": {
  "AssumeRolePolicyDocument": {
    "Statement": [{
      "Action": "sts:AssumeRole",
      "Effect": "Allow",
      "Principal": {"Service": "codebuild.amazonaws.com"}
     }],
    "Version": "2012-10-17"
  },
  "Policies": [{
    "PolicyName": "CodeCommitAccess",
    "PolicyDocument": {
      "Statement": [{
        "Action": "codecommit:GitPull",
        "Effect": "Allow",
        "Resource": "arn:aws:codecommit:yourregion:yourccount:yourreponame"
      }],
      "Version": "2012-10-17"
    },
  }]
}

然后您需要安装Python,PIP,AWS CLI和GIT。
AWS Linux 2023的规格文件可能包括以下内容:

version: "0.2"
phases:
    install:
        commands:
            - dnf update -y
            - dnf install -y awscli-2 git python3-pip
            - pip install git-remote-codecommit
    pre_build:
        commands:
            - groupadd -g 1000 ec2-user
            - useradd -g ec2-user -u 1000 -m ec2-user
    build:
        run-as: ec2-user
        commands:
            - export HOME=/home/ec2-user
            - aws sts get-caller-identity || true
            - git config --global credential.helper '!aws codecommit credential-helper $@'
            - git config --global credential.UseHttpPath true
            - git clone codecommit::yourregion://yourreponame

它的工作原理:git配置指令git clone以调用aws codecommit codecommit cordecommit cordecommit cordecommit conderenter-helper可与git-remote一起使用-codecommit,并提供访问您存储库的git。您不需要AWS CLI配置文件,您不需要IAM用户。一切都从imdsv2撤出

You can set up IAM service role for your CodeBuild project that allows your code to pull code from your CodeCommit repository.
This role may look like below

{
  "Type": "AWS::IAM::Role",
  "Description": "ServiceRole for CodeBuild",
  "Properties": {
  "AssumeRolePolicyDocument": {
    "Statement": [{
      "Action": "sts:AssumeRole",
      "Effect": "Allow",
      "Principal": {"Service": "codebuild.amazonaws.com"}
     }],
    "Version": "2012-10-17"
  },
  "Policies": [{
    "PolicyName": "CodeCommitAccess",
    "PolicyDocument": {
      "Statement": [{
        "Action": "codecommit:GitPull",
        "Effect": "Allow",
        "Resource": "arn:aws:codecommit:yourregion:yourccount:yourreponame"
      }],
      "Version": "2012-10-17"
    },
  }]
}

Then you need to install python, pip, aws cli and git.
spec file for AWS Linux 2023 may include the following:

version: "0.2"
phases:
    install:
        commands:
            - dnf update -y
            - dnf install -y awscli-2 git python3-pip
            - pip install git-remote-codecommit
    pre_build:
        commands:
            - groupadd -g 1000 ec2-user
            - useradd -g ec2-user -u 1000 -m ec2-user
    build:
        run-as: ec2-user
        commands:
            - export HOME=/home/ec2-user
            - aws sts get-caller-identity || true
            - git config --global credential.helper '!aws codecommit credential-helper $@'
            - git config --global credential.UseHttpPath true
            - git clone codecommit::yourregion://yourreponame

How it works: git configuration instructs git clone to invoke aws codecommit credential-helper that works with git-remote-codecommit and provides git with access to your repository. You don't need aws cli config files, you don't need IAM user. Everything is pulled out from IMDSv2

回复 原文
~没有更多了~

关于作者

月牙弯弯

暂无简介

文章
评论
461 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

尘曦

文章 0 评论 0

在梵高的星空下

文章 0 评论 0

善良天后

文章 0 评论 0

韬韬不绝

文章 0 评论 0

qq_CgiN62

文章 0 评论 0

不美如何

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文