amazon-web-services - CodePipeline 需要哪些 GitHub 权限才能使用存储库？

Question

我注意到 AWS CodeBuild 只需要只读权限即可依赖 GitHub 存储库。AWS CodePipeline 没有出现实质性错误。相反，存储库不会出现。

CodePipeline 需要哪些权限才能使用 GitHub 存储库？

Answer 1

事实证明，与 AWS CodePipeline 一起使用的 GitHub 帐户需要完全的管理员访问权限才能使 CodePipeline 能够使用它。

Answer 2

或者，您可以提供一个个人授权令牌，该令牌只有在 CloudFormation 模板中读取公共回购。

在 GitHub 中设置并复制个人授权令牌

然后在您的 CloudFormation for CodePipeline

### Builds CI/CD pipeline Stages and Actions
Pipeline:
Type: AWS::CodePipeline::Pipeline
Properties:
  ArtifactStore: 
    Type: S3
    Location: !Join ["-", ["byu", !Ref "AWS::AccountId", !Ref "AWS::Region", "code-build-artifacts" ]]
  #RoleArn: !Ref CodePipelineServiceRole
  RoleArn: !Join ["",["arn:aws:iam::", !Ref "AWS::AccountId", ":role/CodePipelineServiceRole"]]
  Stages:
  ### Defines Source repository via params
  - Name: !Join ["-",["Source", !Ref GitHubBranch, !Ref GitHubRepository]]
    Actions:
    - InputArtifacts: []
      Name: Source
      ActionTypeId:
        Category: Source
        Owner: ThirdParty
        Version: '1'
        Provider: GitHub
      OutputArtifacts:
      - Name: MyApp
      Configuration:
        Owner: !Ref GitHubUser
        Repo: !Ref GitHubRepository
        Branch: !Ref GitHubBranch
        OAuthToken: !Ref GitHubToken
      RunOrder: 1

我们正在使用 !Ref 访问可以通过 cli 传入的 CloudFormation 参数 - 这使我们无法在代码中获得访问密钥：O

Parameters:
  GitHubUser:
    Type: String
    Description: GitHub user name or organization name - whichever prepends the repo name
  GitHubRepository:
    Type: String
    Description: GitHub repository name (not url)
  GitHubBranch:
    Type: String
    Description: GitHub repository branch
  GitHubToken:
    Type: String
    Description: GitHub personal-access-token - see 

https://help.github.com/articles/creating-an-access-token-for-command-line-use/

GitHub 用户名是用户名或组织名称 - 以您的存储库名称之前显示的为准。

完整示例