AWS CloudFormation CodePipeline:无法从 GitHub 获取存储库的内容
Posted
技术标签:
【中文标题】AWS CloudFormation CodePipeline:无法从 GitHub 获取存储库的内容【英文标题】:AWS CloudFormation CodePipeline: Could not fetch the contents of the repository from GitHub 【发布时间】:2019-07-28 21:07:39 【问题描述】:我正在尝试使用 CodePipeline 和 GitHub 设置 AWS CloudFormation 配置。
我自己的示例项目和教程都失败了:Create a GitHub Pipeline with AWS CloudFormation。
所有资源都已创建,但在 CodePipeline 中,我在初始“源”阶段不断收到以下错误。
Could not fetch the contents of the repository from GitHub.
见下图:
请注意,这不是权限错误。直到现在,它才在 Google 上存在。
如果我停止使用 CloudFormation 并通过控制台创建 CodePipeline,GitHub 可以配置为工作,但出于我的目的,我需要使用 CloudFormation。需要坚持一个模板。
这是从教程中复制的 CloudFormation 模板中的模板:
Parameters:
BranchName:
Description: GitHub branch name
Type: String
Default: master
RepositoryName:
Description: GitHub repository name
Type: String
Default: test
GitHubOwner:
Type: String
GitHubSecret:
Type: String
NoEcho: true
GitHubOAuthToken:
Type: String
NoEcho: true
ApplicationName:
Description: CodeDeploy application name
Type: String
Default: DemoApplication
BetaFleet:
Description: Fleet configured in CodeDeploy
Type: String
Default: DemoFleet
Resources:
CodePipelineArtifactStoreBucket:
Type: "AWS::S3::Bucket"
CodePipelineArtifactStoreBucketPolicy:
Type: "AWS::S3::BucketPolicy"
Properties:
Bucket: !Ref CodePipelineArtifactStoreBucket
PolicyDocument:
Version: 2012-10-17
Statement:
- Sid: DenyUnEncryptedObjectUploads
Effect: Deny
Principal: "*"
Action: "s3:PutObject"
Resource: !Join
- ""
- - !GetAtt
- CodePipelineArtifactStoreBucket
- Arn
- /*
Condition:
StringNotEquals:
"s3:x-amz-server-side-encryption": "aws:kms"
- Sid: DenyInsecureConnections
Effect: Deny
Principal: "*"
Action: "s3:*"
Resource: !Join
- ""
- - !GetAtt
- CodePipelineArtifactStoreBucket
- Arn
- /*
Condition:
Bool:
"aws:SecureTransport": false
AppPipelineWebhook:
Type: "AWS::CodePipeline::Webhook"
Properties:
Authentication: GITHUB_HMAC
AuthenticationConfiguration:
SecretToken: !Ref GitHubSecret
Filters:
- JsonPath: $.ref
MatchEquals: "refs/heads/Branch"
TargetPipeline: !Ref AppPipeline
TargetAction: SourceAction
Name: AppPipelineWebhook
TargetPipelineVersion: !GetAtt
- AppPipeline
- Version
RegisterWithThirdParty: true
AppPipeline:
Type: "AWS::CodePipeline::Pipeline"
Properties:
Name: github-events-pipeline
RoleArn: !GetAtt
- CodePipelineServiceRole
- Arn
Stages:
- Name: Source
Actions:
- Name: SourceAction
ActionTypeId:
Category: Source
Owner: ThirdParty
Version: 1
Provider: GitHub
OutputArtifacts:
- Name: SourceOutput
Configuration:
Owner: !Ref GitHubOwner
Repo: !Ref RepositoryName
Branch: !Ref BranchName
OAuthToken: !Ref GitHubOAuthToken
PollForSourceChanges: false
RunOrder: 1
- Name: Beta
Actions:
- Name: BetaAction
InputArtifacts:
- Name: SourceOutput
ActionTypeId:
Category: Deploy
Owner: AWS
Version: 1
Provider: CodeDeploy
Configuration:
ApplicationName: !Ref ApplicationName
DeploymentGroupName: !Ref BetaFleet
RunOrder: 1
ArtifactStore:
Type: S3
Location: !Ref CodePipelineArtifactStoreBucket
CodePipelineServiceRole:
Type: "AWS::IAM::Role"
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- codepipeline.amazonaws.com
Action: "sts:AssumeRole"
Path: /
Policies:
- PolicyName: AWS-CodePipeline-Service-3
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- "codecommit:CancelUploadArchive"
- "codecommit:GetBranch"
- "codecommit:GetCommit"
- "codecommit:GetUploadArchiveStatus"
- "codecommit:UploadArchive"
Resource: "*"
- Effect: Allow
Action:
- "codedeploy:CreateDeployment"
- "codedeploy:GetApplicationRevision"
- "codedeploy:GetDeployment"
- "codedeploy:GetDeploymentConfig"
- "codedeploy:RegisterApplicationRevision"
Resource: "*"
- Effect: Allow
Action:
- "codebuild:BatchGetBuilds"
- "codebuild:StartBuild"
Resource: "*"
- Effect: Allow
Action:
- "devicefarm:ListProjects"
- "devicefarm:ListDevicePools"
- "devicefarm:GetRun"
- "devicefarm:GetUpload"
- "devicefarm:CreateUpload"
- "devicefarm:ScheduleRun"
Resource: "*"
- Effect: Allow
Action:
- "lambda:InvokeFunction"
- "lambda:ListFunctions"
Resource: "*"
- Effect: Allow
Action:
- "iam:PassRole"
Resource: "*"
- Effect: Allow
Action:
- "elasticbeanstalk:*"
- "ec2:*"
- "elasticloadbalancing:*"
- "autoscaling:*"
- "cloudwatch:*"
- "s3:*"
- "sns:*"
- "cloudformation:*"
- "rds:*"
- "sqs:*"
- "ecs:*"
Resource: "*"
我已采取以下步骤:
提供 Github 组织、回购和分支 在 GitHub 上设置个人访问令牌并将其提供给模板GitHubOAuthToken 参数,并访问 repo:all 和 admin:repo_hook
设置一个随机字符串并提供给GitHubSecret
尝试在许多其他示例中不包括 GitHubSecret
已验证我所在区域的 AWS CodePipeline 已列在 Github 应用程序的“授权 OAuth 应用程序”下
为了从头开始,我还做了以下工作:
在启动aws codepipeline list-webhooks 和 aws codepipeline delete-webhook --name 之前清除了所有 GitHub webhook
添加了新的个人访问令牌
尝试了多个存储库和分支
有什么想法可以让 GitHub 与 CloudFormation 和 CodePipeline 一起工作吗?
【问题讨论】:
【参考方案1】:找到了解决办法。 Github 组织名称区分大小写。
【讨论】:
愚蠢的错误,非常感谢您回答您的问题 谢谢你,你救了我几个小时的痛苦和沮丧:) 这里也一样!节省了我几个小时:-)以上是关于AWS CloudFormation CodePipeline:无法从 GitHub 获取存储库的内容的主要内容,如果未能解决你的问题,请参考以下文章
将现有 AWS 资源整合到 CloudFormation 堆栈中
CloudFormation - 将标签应用于其他 AWS 资源
AWS CloudFormation:Cognito LambdaTrigger CustomEmailSender - 属性“AWS CloudFormation 目前不支持。”和 CDK 的使用