- Version control is the ability to understand the various changes that
happened to the code over time (and possibly roll back). - All these are enabled by using a version control system such as Git
- A Git repository can live on one’s machine, but it usually lives on a
central online repository - Benefits are:
- Collaborate with other developers
- Make sure the code is backed-up somewhere
- Make sure it’s fully viewable and auditable
- Git repositories can be expensive.
- The industry includes:
- GitHub: free public repositories, paid private ones
- BitBucket
- Etc…
- And AWS CodeCommit:
- private Git repositories
- No size limit on repositories (scale seamlessly)
- Fully managed, highly available
- Code only in AWS Cloud account => increased security and compliance
- Secure (encrypted, access control, etc…)
- Integrated with Jenkins / CodeBuild / other CI tools
Credentials for connecting to the CodeCommit we can find at:
IAM -> users -> user_name -> Security Credentials -> HTTPS Git credentials for AWS CodeCommit -> Generate credentials
To create a repository we go to:
CodeCommit -> Create Repository -> repository name -> Create
To get an URL to repo we click on Clone HTTPS.
On linux instance install git:
|
1 |
yum -y install git |
Configure git
|
1 |
git config --global user.email your@email |
First commit
|
1 2 3 4 |
git status git add . git commit -m "first commit" git push origin master |
W need to change index.html file and then second commit
|
1 2 3 4 5 |
git status git add index.html git commit -m "Modified index.html to v2" git config --global user.email mborodziuk@gmail.com git push origin master |
Changing the index.html and changing a branch to “my-feature”.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
git checkout -b my-feature git status # On branch master # Changes not staged for commit: # (use "git add <file>..." to update what will be committed) # (use "git checkout -- <file>..." to discard changes in working directory) # # modified: index.html # no changes added to commit (use "git add" and/or "git commit -a") git add . git commit -m "modified index.html to v3" git push --set-upstream origin my-feature Username for 'https://git-codecommit.eu-central-1.amazonaws.com': stephane-at-840037588702 Password for 'https://stephane-at-840037588702@git-codecommit.eu-central-1.amazonaws.com': |
If we want to put some new features to the master branch we should merge branches on AWS console by pull request:
CodeCommit -> pull request -> create pull request -> Destination -> Source -> Compare -> Title -> Create pull request -> Merge (if we happy with the changes) -> Merge pull request
New branch with new features will be merged with master branch and new branch will be deleted from CodeCommit.
Junior developers should not have ability to push to the master branch.
In AWS console:
1. Create a group junior-devs
2. Add inline policy for this group
Copy from
https://docs.aws.amazon.com/codecommit/latest/userguide/how-to-conditional-branch.html
And paste to:
IAM -> groups -> junior-devs -> inline policies -> click here ->
-> custom policy -> select -> paste to Policy Dokument -> policy name = CannotPushToMasterInCodecommit -> ApplyPolicy
Modify the policy:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Deny", "Action": [ "codecommit:GitPush", "codecommit:DeleteBranch", "codecommit:PutFile", "codecommit:MergeBranchesByFastForward", "codecommit:MergeBranchesBySquash", "codecommit:MergeBranchesByThreeWay", "codecommit:MergePullRequestByFastForward", "codecommit:MergePullRequestBySquash", "codecommit:MergePullRequestByThreeWay" ], "Resource": "arn:aws:codecommit:*:*:*", "Condition": { "StringEqualsIfExists": { "codecommit:References": [ "refs/heads/master" ] }, "Null": { "codecommit:References": false } } } ] } |
3. Add user to the junior-devs group
After user is added to the junior-devs group with attached policy he can’t push to the master branch:
# switch to master branch
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
git checkout -f master mc (editing index.html file) git status # On branch master # Changes not staged for commit: # (use "git add <file>..." to update what will be committed) # (use "git checkout -- <file>..." to discard changes in working directory) # # modified: index.html # no changes added to commit (use "git add" and/or "git commit -a") [root@miro my-webpage]# git add index.html [root@miro my-webpage]# git commit -m "modified index to 4" [master eccfeda] modified index to 4 1 file changed, 1 insertion(+), 1 deletion(-) [root@miro my-webpage]# git push origin master Username for 'https://git-codecommit.eu-central-1.amazonaws.com': stephane-at-840037588702 Password for 'https://stephane-at-840037588702@git-codecommit.eu-central-1.amazonaws.com': Counting objects: 5, done. Delta compression using up to 2 threads. Compressing objects: 100% (3/3), done. Writing objects: 100% (3/3), 289 bytes | 0 bytes/s, done. Total 3 (delta 2), reused 0 (delta 0) To https://git-codecommit.eu-central-1.amazonaws.com/v1/repos/my-webpage ! [remote rejected] master -> master (You don't have permission to push changes to this branch.) error: failed to push some refs to 'https://git-codecommit.eu-central-1.amazonaws.com/v1/repos/my-webpage' |
Triggers and notifications
To create a notification we click on:
Repostitory_name -> Settings -> Notifications -> Create Notification rule -> Notification name -> Events that trigger notification -> Create target -> Tarhet type (SNS Topic) -> Topic Name -> Create -> Submmit
To create trigger:
Repostitory_name -> Settings -> Triggers -> Create trigger -> Trigger name -> Events -> Push to existing branch -> Service details -> choose Amazon SNS -> SNS Topic (choose name) -> Create trigger
After creating a trigger we can see our rule in the CloudWatch -> Events -> Rules.This one CloudWatch notification rule (awscodestarnotifications-rule) is what allows for all notification rules in CodeCommit.
To create a rrule in CloudWatch:
Events->Rules -> Create rule -> Service Name (CodeCommit) -> Event Type (for ex. Repository State Change)
Targets -> SNS Topic -> Topic -> name
By creating a notification rules in CodeCommit we can automate whatever is happening in our repository stright to automation pipeline which is SNS, SQS, Lambda etc. From CodeCommit you are able to setup notification, triggers and cloud watch events rules to build some automation directly to SNS, Lambda etc.
Lambda
We will create a function from scratch:
Lambda -> Create function -> Function name (lambda-codecommit) -> Runtime (Python 2.7) -> Change default execution role -> Execution role -> Create a new role with basic Lambda permissions -> Create function
Creating a trigger:
Lambda -> Functions ->
Let’s add some code. To do that refresh the lambda page.
From refrence link (6) copy code of lambda for python:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
import json import boto3 codecommit = boto3.client('codecommit') def lambda_handler(event, context): #Log the updated references from the event references = { reference['ref'] for reference in event['Records'][0]['codecommit']['references'] } print("References: " + str(references)) #Get the repository from the event and show its git clone URL repository = event['Records'][0]['eventSourceARN'].split(':')[5] try: response = codecommit.get_repository(repositoryName=repository) print("Clone URL: " +response['repositoryMetadata']['cloneUrlHttp']) return response['repositoryMetadata']['cloneUrlHttp'] except Exception as e: print(e) print('Error getting repository {}. Make sure it exists and that your repository is in the same region as this function.'.format(repository)) raise e |
Now click on Deploy and then Test.
Event template (AWS Code Commit Repository) -> Event name -> MySampleCodeCommit -> Create
Now click again Test. There is an error in test but everything is ok.
Reference links: