-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: add buildspec.yml for CodeBuild repo-creator project
Buildspec used by the 'eks-terragrunt-repo-creator' CodeBuild project triggered by the Lambda function. Downloads Terraform from S3 assets bucket, clones this repo using GITHUB_TOKEN env var, then runs: terraform init -no-color terraform apply -auto-approve -no-color TF_VAR_* env vars are injected by the Lambda as CodeBuild environment variable overrides.
- Loading branch information
Your Name
committed
Apr 6, 2026
1 parent
91202ff
commit ec4d861
Showing
1 changed file
with
69 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,69 @@ | ||
| version: 0.2 | ||
| # buildspec.yml — terraform-eks-deployment / eks-terragrunt-repo-creator | ||
| # | ||
| # This buildspec is used by the CodeBuild project that is triggered by the | ||
| # Lambda function (eks-terragrunt-repo-gen-template-automation) to create an | ||
| # EKS cluster GitHub repository. | ||
| # | ||
| # Required environment variables (injected by the Lambda as overrides): | ||
| # TF_VAR_name — cluster / repo name | ||
| # TF_VAR_environment — environment (dev / nonprod / prod) | ||
| # TF_VAR_region — AWS region (e.g. us-gov-west-1) | ||
| # TF_VAR_cluster_config — JSON object with account_name, aws_account_id, etc. | ||
| # TF_VAR_finops — JSON object with finops project_name / project_number | ||
| # GITHUB_TOKEN — GitHub PAT (passed from Lambda's Secrets Manager read) | ||
| # GITHUB_OWNER — GitHub org (default: SCT-Engineering) | ||
| # GITHUB_BASE_URL — GHE base URL (e.g. https://github.e.it.census.gov) | ||
|
|
||
| env: | ||
| variables: | ||
| TF_VERSION: "1.9.0" | ||
| ASSETS_BUCKET: "csvd-packer-pipeline-assets" | ||
| REPO_HOST: "github.e.it.census.gov" | ||
| REPO_ORG: "CSVD" | ||
| REPO_NAME: "terraform-eks-deployment" | ||
| # Disable TLS verification for Census GHE (Census CA cert not trusted by default) | ||
| GIT_SSL_NO_VERIFY: "true" | ||
| TF_CLI_ARGS: "-no-color" | ||
|
|
||
| phases: | ||
| install: | ||
| commands: | ||
| # ── Install Terraform ───────────────────────────────────────────────── | ||
| - | | ||
| if ! command -v terraform &>/dev/null; then | ||
| TF_ZIP="terraform_${TF_VERSION}_linux_amd64.zip" | ||
| echo "Installing Terraform ${TF_VERSION}..." | ||
| aws s3 cp "s3://${ASSETS_BUCKET}/terraform/${TF_ZIP}" /tmp/${TF_ZIP} 2>/dev/null \ | ||
| || curl -fsSL "https://releases.hashicorp.com/terraform/${TF_VERSION}/${TF_ZIP}" -o /tmp/${TF_ZIP} | ||
| unzip -oq /tmp/${TF_ZIP} -d /usr/local/bin/ | ||
| chmod +x /usr/local/bin/terraform | ||
| rm /tmp/${TF_ZIP} | ||
| fi | ||
| - terraform version | ||
|
|
||
| # ── Clone terraform-eks-deployment ─────────────────────────────────── | ||
| - | | ||
| git config --global credential.helper \ | ||
| "!f() { echo username=x-access-token; echo password=${GITHUB_TOKEN}; }; f" | ||
| git clone --depth 1 \ | ||
| "https://${REPO_HOST}/${REPO_ORG}/${REPO_NAME}.git" \ | ||
| /tmp/eks-deploy | ||
| - echo "Cloned ${REPO_ORG}/${REPO_NAME} @ $(git -C /tmp/eks-deploy rev-parse --short HEAD)" | ||
|
|
||
| build: | ||
| commands: | ||
| - cd /tmp/eks-deploy | ||
| - echo "=== terraform init ===" | ||
| - terraform init -no-color | ||
| - echo "=== terraform apply ===" | ||
| - terraform apply -auto-approve -no-color | ||
|
|
||
| post_build: | ||
| commands: | ||
| - | | ||
| if [ "${CODEBUILD_BUILD_SUCCEEDING}" = "0" ]; then | ||
| echo "Build FAILED — check logs above" | ||
| else | ||
| echo "Build SUCCEEDED — repository created" | ||
| fi |