amazon-web-services - AWS 在 ECR 推送操作上触发管道？

Question

可以在对 AWS CodeCommit 的提交操作上触发 AWS CodePipeline。

---

我看不到在对 AWS ECR 的推送操作中触发 AWS CodePipeline 的选项/方式。有这样的选择吗？

Answer 1

如果您从 AWS CodePipeline 控制台创建管道并选择 Amazon ECR 作为源提供商，它将创建一个 CloudWatch 事件

{
  "source": [
    "aws.ecr"
  ],
  "detail": {
    "eventName": [
      "PutImage"
    ],
    "requestParameters": {
      "repositoryName": [
        "my-repo/nginx"
      ],
      "imageTag": [
        "0.1"
      ]
    }
  }

此事件的目标将是 CodePipeline。您可以在 AWS CloudWatch 控制台中检查事件详细信息。每当 ECR repo 上发生 Push (PutImage) 时，Pipeline 就会被执行。

Answer 2

因此，Cloudwatch Events 是这里的方法。对于那些想通过 CFN 方法进行操作的人 - 下面的 CFN 模板会有所帮助。

{
"AWSTemplateFormatVersion": "2010-09-09",
"Parameters": {
    "CodePipelineName": {
        "Type": "String",
        "Description": "Name of the CodePipeline Project that needs to be triggered. NOTE: CodePipeline does not support ARN output but AWS::Events::Rule target expects an ARN"
    },
    "ECRRepoName": {
        "Type": "String",
        "Description": "Name of the ECR Repo on which the Trigger needs to be set-up"
    },
    "ECRImageTagName": {
        "Type": "String",
        "Description": "Name of the ECR Image tag on which the Trigger needs to be set-up",
        "Default": "latest"
    }
},
"Resources": {
    "AmazonCloudWatchEventRole": {
        "Type": "AWS::IAM::Role",
        "Properties": {
            "AssumeRolePolicyDocument": {
                "Version": "2012-10-17",
                "Statement": [
                    {
                        "Effect": "Allow",
                        "Principal": {
                            "Service": [
                                "events.amazonaws.com"
                            ]
                        },
                        "Action": "sts:AssumeRole"
                    }
                ]
            },
            "Path": "/",
            "Policies": [
                {
                    "PolicyName": "cwe-pipeline-execution",
                    "PolicyDocument": {
                        "Version": "2012-10-17",
                        "Statement": [
                            {
                                "Effect": "Allow",
                                "Action": "codepipeline:StartPipelineExecution",
                                "Resource": {
                                    "Fn::Sub": "arn:aws:codepipeline:${AWS::Region}:${AWS::AccountId}:${CodePipelineName}"
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "AmazonCloudWatchEventRule": {
        "Type": "AWS::Events::Rule",
        "Properties": {
            "EventPattern": {
                "detail": {
                    "action-type": [
                        "PUSH"
                    ],
                    "image-tag": [
                        {
                            "Ref": "ECRImageTagName"
                        }
                    ],
                    "repository-name": [
                        {
                            "Ref": "ECRRepoName"
                        }
                    ],
                    "result": [
                        "SUCCESS"
                    ]
                },
                "detail-type": [
                    "ECR Image Action"
                ],
                "source": [
                    "aws.ecr"
                ]
            },
            "Targets": [
                {
                    "Arn": {
                        "Fn::Sub": "arn:aws:codepipeline:${AWS::Region}:${AWS::AccountId}:${CodePipelineName}"
                    },
                    "RoleArn": {
                        "Fn::GetAtt": [
                            "AmazonCloudWatchEventRole",
                            "Arn"
                        ]
                    },
                    "Id": {
                        "Ref": "CodePipelineName"
                    }
                }
            ]
        }
    }
}

}enter code here