| By Abdulrahman Alamri, Senior Cloud Infrastructure Consultant at HeleCloud |
Version control hosting services such as GitHub and BitBucket have developed tools to help with Continuous Integration (CI). This is an example in GitHub.
We found existing solutions to be overly complex (braided). This article is created to help others in similar situations. With AWS, we composed a few basic building blocks to fulfill our needs. This blog is about enabling branch protection rules with AWS CodeCommit to guide us when working with pull requests.
- Works with AWS CodeCommit.
- Use AWS technologies.
- Works on feature branches.
- As little braiding as possible.
- As little undifferentiated heavy lifting as possible.
- Has the ability to run common review chores such as cfn-lint, cfn-guard, and git checks.
Pull Request changes
When a new pull request (PR) is created or changed, AWS Event Rule receives an event.
We only care about a subset of the pull request changes; we use AWS Event Rule to filter the events further. We also need to tell CodeBuild which PR to check, we do that via input transformers.
If all the tests pass, the reviewer will approve the pull request. Otherwise, it will post a comment with the logs. The PR cannot be merged without the specified number of approvals.
Head over to this GitHub repository to read the code or just run the following to apply it to your account.
set -eufo pipefail
aws configure # Alternatively, set AWS_PROFILE and AWS_DEFAULT_REGION
git clone email@example.com:Amri91/aws-codecommit-ci.git && cd aws-codecommit-ci && ./deploy.sh
To remove everything, run ./remove.sh
As this solution is using a consumption model, cost depends on usage. The following is an example to help with understanding the costs.
The cost of this solution scales with CodeBuild usage. Reviewing a PR change costs $0.005*. For a 100 people, each making 10 relevant PR changes / day, this solution will cost $5 / month.
* Based on the cost of a small CodeBuild Linux machine (3 GB RAM/2 vCPU) in us-east-1 when reviewing takes <= 1 minute, which is our use case.
New pull request
PR from a feature branch to master.
When passing the review
One minute later, the reviewer checked it and approved it. Notice I still cannot merge yet because the rule requires one more approval.
When failing the review
The review will send a link to the logs so the developer can fix the issues.
We tried to resist the urge to use the nearest solution, we also tried our best to create a solution that focused on one problem and one that can be composed with others. I hope this helps. Please feel free to create a PR, I am sure there are ways to simplify this further.
To find out more about our work at HeleCloud check out this case study where we helped CGI build a secure, trusted, repeatable and immutable DevOps / Continued Integration and Continuous Delivery (CI/CD) solution.