12

我正在尝试使用 CodePipeline 和 GitHub 设置 AWS CloudFormation 配置。

我在自己的示例项目和教程中都失败了:使用 AWS CloudFormation 创建 GitHub 管道

所有资源都已创建,但在 CodePipeline 中,我在初始“源”阶段不断收到以下错误。

Could not fetch the contents of the repository from GitHub.

见下图:

带有 Github 的 CodePipeline 失败

请注意,这不是权限错误。这是迄今为止在 Google 上不存在的其他东西。

如果我停止使用 CloudFormation 并通过控制台创建 CodePipeline,GitHub 可以配置为工作,但出于我的目的,我需要使用 CloudFormation。需要坚持一个模板。

这是从教程中复制的 CloudFormation 模板中的模板:

Parameters:
  BranchName:
    Description: GitHub branch name
    Type: String
    Default: master
  RepositoryName:
    Description: GitHub repository name
    Type: String
    Default: test
  GitHubOwner:
    Type: String
  GitHubSecret:
    Type: String
    NoEcho: true
  GitHubOAuthToken:
    Type: String
    NoEcho: true
  ApplicationName:
    Description: CodeDeploy application name
    Type: String
    Default: DemoApplication
  BetaFleet:
    Description: Fleet configured in CodeDeploy
    Type: String
    Default: DemoFleet
Resources:
  CodePipelineArtifactStoreBucket:
    Type: "AWS::S3::Bucket"
  CodePipelineArtifactStoreBucketPolicy:
    Type: "AWS::S3::BucketPolicy"
    Properties:
      Bucket: !Ref CodePipelineArtifactStoreBucket
      PolicyDocument:
        Version: 2012-10-17
        Statement:
          - Sid: DenyUnEncryptedObjectUploads
            Effect: Deny
            Principal: "*"
            Action: "s3:PutObject"
            Resource: !Join
              - ""
              - - !GetAtt
                  - CodePipelineArtifactStoreBucket
                  - Arn
                - /*
            Condition:
              StringNotEquals:
                "s3:x-amz-server-side-encryption": "aws:kms"
          - Sid: DenyInsecureConnections
            Effect: Deny
            Principal: "*"
            Action: "s3:*"
            Resource: !Join
              - ""
              - - !GetAtt
                  - CodePipelineArtifactStoreBucket
                  - Arn
                - /*
            Condition:
              Bool:
                "aws:SecureTransport": false
  AppPipelineWebhook:
    Type: "AWS::CodePipeline::Webhook"
    Properties:
      Authentication: GITHUB_HMAC
      AuthenticationConfiguration:
        SecretToken: !Ref GitHubSecret
      Filters:
        - JsonPath: $.ref
          MatchEquals: "refs/heads/{Branch}"
      TargetPipeline: !Ref AppPipeline
      TargetAction: SourceAction
      Name: AppPipelineWebhook
      TargetPipelineVersion: !GetAtt
        - AppPipeline
        - Version
      RegisterWithThirdParty: true
  AppPipeline:
    Type: "AWS::CodePipeline::Pipeline"
    Properties:
      Name: github-events-pipeline
      RoleArn: !GetAtt
        - CodePipelineServiceRole
        - Arn
      Stages:
        - Name: Source
          Actions:
            - Name: SourceAction
              ActionTypeId:
                Category: Source
                Owner: ThirdParty
                Version: 1
                Provider: GitHub
              OutputArtifacts:
                - Name: SourceOutput
              Configuration:
                Owner: !Ref GitHubOwner
                Repo: !Ref RepositoryName
                Branch: !Ref BranchName
                OAuthToken: !Ref GitHubOAuthToken
                PollForSourceChanges: false
              RunOrder: 1
        - Name: Beta
          Actions:
            - Name: BetaAction
              InputArtifacts:
                - Name: SourceOutput
              ActionTypeId:
                Category: Deploy
                Owner: AWS
                Version: 1
                Provider: CodeDeploy
              Configuration:
                ApplicationName: !Ref ApplicationName
                DeploymentGroupName: !Ref BetaFleet
              RunOrder: 1
      ArtifactStore:
        Type: S3
        Location: !Ref CodePipelineArtifactStoreBucket
  CodePipelineServiceRole:
    Type: "AWS::IAM::Role"
    Properties:
      AssumeRolePolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: Allow
            Principal:
              Service:
                - codepipeline.amazonaws.com
            Action: "sts:AssumeRole"
      Path: /
      Policies:
        - PolicyName: AWS-CodePipeline-Service-3
          PolicyDocument:
            Version: 2012-10-17
            Statement:
              - Effect: Allow
                Action:
                  - "codecommit:CancelUploadArchive"
                  - "codecommit:GetBranch"
                  - "codecommit:GetCommit"
                  - "codecommit:GetUploadArchiveStatus"
                  - "codecommit:UploadArchive"
                Resource: "*"
              - Effect: Allow
                Action:
                  - "codedeploy:CreateDeployment"
                  - "codedeploy:GetApplicationRevision"
                  - "codedeploy:GetDeployment"
                  - "codedeploy:GetDeploymentConfig"
                  - "codedeploy:RegisterApplicationRevision"
                Resource: "*"
              - Effect: Allow
                Action:
                  - "codebuild:BatchGetBuilds"
                  - "codebuild:StartBuild"
                Resource: "*"
              - Effect: Allow
                Action:
                  - "devicefarm:ListProjects"
                  - "devicefarm:ListDevicePools"
                  - "devicefarm:GetRun"
                  - "devicefarm:GetUpload"
                  - "devicefarm:CreateUpload"
                  - "devicefarm:ScheduleRun"
                Resource: "*"
              - Effect: Allow
                Action:
                  - "lambda:InvokeFunction"
                  - "lambda:ListFunctions"
                Resource: "*"
              - Effect: Allow
                Action:
                  - "iam:PassRole"
                Resource: "*"
              - Effect: Allow
                Action:
                  - "elasticbeanstalk:*"
                  - "ec2:*"
                  - "elasticloadbalancing:*"
                  - "autoscaling:*"
                  - "cloudwatch:*"
                  - "s3:*"
                  - "sns:*"
                  - "cloudformation:*"
                  - "rds:*"
                  - "sqs:*"
                  - "ecs:*"
                Resource: "*"

我已采取以下步骤:

  • 提供 Github Organization, Repo & Branch
  • 在 GitHub 上设置个人访问令牌并将其提供给具有&GitHubOAuthToken访问权限的模板参数repo:alladmin:repo_hook
  • 设置一个随机字符串并将其提供给GitHubSecret
  • 尝试GitHubSecret在许多其他示例中不包括 a
  • 验证我所在区域的 AWS CodePipeline 列在 Github 应用程序的“授权 OAuth 应用程序”下

在尝试从一个清晰的石板开始,我还做了以下事情:

  • 在开始之前清除所有 GitHub webhook aws codepipeline list-webhooks&aws codepipeline delete-webhook --name
  • 添加了新的个人访问令牌
  • 尝试了多个回购和分支

有什么想法可以让 GitHub 与 CloudFormation 和 CodePipeline 一起工作吗?

4

1 回答 1

16

找到了解决方案。Github 组织名称区分大小写。

于 2019-04-16T05:49:19.103 回答