From b75ce4e5a3685be9d880dbc66c66ace466e45730 Mon Sep 17 00:00:00 2001 From: Somaya Date: Tue, 11 Aug 2020 12:11:39 -0700 Subject: [PATCH 1/2] update eks assignee in github action workflow (#9571) --- .github/workflows/issue-label-assign.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/issue-label-assign.yml b/.github/workflows/issue-label-assign.yml index 8233cd7837cb8..ba60295cd406b 100644 --- a/.github/workflows/issue-label-assign.yml +++ b/.github/workflows/issue-label-assign.yml @@ -72,7 +72,7 @@ jobs: {"keywords":["[@aws-cdk/aws-ecr]","[aws-ecr]","[ecr]"],"labels":["@aws-cdk/aws-ecr"],"assignees":["MrArnoldPalmer"]}, {"keywords":["[@aws-cdk/aws-ecr-assets]","[aws-ecr-assets]","[ecr-assets]","[ecr assets]","[ecrassets]"],"labels":["@aws-cdk/aws-ecr-assets"],"assignees":["eladb"]}, {"keywords":["[@aws-cdk/aws-efs]","[aws-efs]","[efs]"],"labels":["@aws-cdk/aws-efs"],"assignees":["rix0rrr"]}, - {"keywords":["[@aws-cdk/aws-eks]","[aws-eks]","[eks]"],"labels":["@aws-cdk/aws-eks"],"assignees":["eladb"]}, + {"keywords":["[@aws-cdk/aws-eks]","[aws-eks]","[eks]"],"labels":["@aws-cdk/aws-eks"],"assignees":["iliapolo"]}, {"keywords":["[@aws-cdk/aws-elasticache]","[aws-elasticache]","[elasticache]","[elastic cache]","[elastic-cache]"],"labels":["@aws-cdk/aws-elasticache"],"assignees":["iliapolo"]}, {"keywords":["[@aws-cdk/aws-elasticbeanstalk]","[aws-elasticbeanstalk]","[elasticbeanstalk]","[elastic beanstalk]","[elastic-beanstalk]"],"labels":["@aws-cdk/aws-elasticbeanstalk"],"assignees":["skinny85"]}, {"keywords":["[@aws-cdk/aws-elasticloadbalancing]","[aws-elasticloadbalancing]","[elasticloadbalancing]","[elastic loadbalancing]","[elastic-loadbalancing]","[elb]"],"labels":["@aws-cdk/aws-elasticloadbalancing"],"assignees":["rix0rrr"]}, From 908dd69ec6e7d2037e299513e424d88921ebe04f Mon Sep 17 00:00:00 2001 From: Rico Huijbers Date: Tue, 11 Aug 2020 21:33:27 +0200 Subject: [PATCH 2/2] docs(codepipeline): document required GitHub token scopes (#9595) Our documentation here was severely lacking making it hard to set up correctly. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/@aws-cdk/aws-codepipeline-actions/README.md | 8 ++++---- .../lib/github/source-action.ts | 10 ++++++++++ packages/@aws-cdk/pipelines/README.md | 1 - 3 files changed, 14 insertions(+), 5 deletions(-) diff --git a/packages/@aws-cdk/aws-codepipeline-actions/README.md b/packages/@aws-cdk/aws-codepipeline-actions/README.md index 7edd0244bcbcb..3a4497529b38d 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/README.md +++ b/packages/@aws-cdk/aws-codepipeline-actions/README.md @@ -66,7 +66,8 @@ new codepipeline_actions.CodeBuildAction({ If you want to use a GitHub repository as the source, you must create: -* A [GitHub Access Token](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line) +* A [GitHub Access Token](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line), + with scopes **repo** and **admin:repo_hook**. * A [Secrets Manager PlainText Secret](https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_create-basic-secret.html) with the value of the **GitHub Access Token**. Pick whatever name you want (for example `my-github-token`) and pass it as the argument of `oauthToken`. @@ -83,7 +84,6 @@ const sourceAction = new codepipeline_actions.GitHubSourceAction({ oauthToken: cdk.SecretValue.secretsManager('my-github-token'), output: sourceOutput, branch: 'develop', // default: 'master' - trigger: codepipeline_actions.GitHubTrigger.POLL // default: 'WEBHOOK', 'NONE' is also possible for no Source trigger }); pipeline.addStage({ stageName: 'Source', @@ -694,7 +694,7 @@ new codepipeline_actions.AlexaSkillDeployAction({ }); ``` -### AWS Service Catalog +### AWS Service Catalog You can deploy a CloudFormation template to an existing Service Catalog product with the following action: @@ -713,7 +713,7 @@ new codepipeline.Pipeline(this, 'Pipeline', { productId: "prod-XXXXXXXX", }), }, - ], + ], }); ``` diff --git a/packages/@aws-cdk/aws-codepipeline-actions/lib/github/source-action.ts b/packages/@aws-cdk/aws-codepipeline-actions/lib/github/source-action.ts index 4283b7617f010..75d14cf0fbbe9 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/lib/github/source-action.ts +++ b/packages/@aws-cdk/aws-codepipeline-actions/lib/github/source-action.ts @@ -65,6 +65,13 @@ export interface GitHubSourceActionProps extends codepipeline.CommonActionProps * * const oauth = cdk.SecretValue.secretsManager('my-github-token'); * new GitHubSource(this, 'GitHubAction', { oauthToken: oauth, ... }); + * + * The GitHub Personal Access Token should have these scopes: + * + * * **repo** - to read the repository + * * **admin:repo_hook** - if you plan to use webhooks (true by default) + * + * @see https://docs.aws.amazon.com/codepipeline/latest/userguide/GitHub-create-personal-token-CLI.html */ readonly oauthToken: SecretValue; @@ -75,6 +82,9 @@ export interface GitHubSourceActionProps extends codepipeline.CommonActionProps * With "POLL", CodePipeline periodically checks the source for changes * With "None", the action is not triggered through changes in the source * + * To use `WEBHOOK`, your GitHub Personal Access Token should have + * **admin:repo_hook** scope (in addition to the regular **repo** scope). + * * @default GitHubTrigger.WEBHOOK */ readonly trigger?: GitHubTrigger; diff --git a/packages/@aws-cdk/pipelines/README.md b/packages/@aws-cdk/pipelines/README.md index ff92b365d56e0..431016a0d39c3 100644 --- a/packages/@aws-cdk/pipelines/README.md +++ b/packages/@aws-cdk/pipelines/README.md @@ -126,7 +126,6 @@ class MyPipelineStack extends Stack { actionName: 'GitHub', output: sourceArtifact, oauthToken: SecretValue.secretsManager('GITHUB_TOKEN_NAME'), - trigger: codepipeline_actions.GitHubTrigger.POLL, // Replace these with your actual GitHub project name owner: 'OWNER', repo: 'REPO',