creating fully featured codepipeline

Author: damienjburks

terraform/pipelines/modules/codepipeline/buildspecs/formatcheck.yml

@@ -0,0 +1,26 @@
+version: 0.2
+
+phases:
+  install:
+    runtime-versions:
+      python: 3.12  # Specify the desired Python version
+    commands:
+      - echo "Installing required dependencies..."
+      - pip install --upgrade pip
+      - pip install -r requirements.txt
+      - pip install black  # Install black
+  pre_build:
+    commands:
+      - echo "Starting format check with black..."
+  build:
+    commands:
+      - echo "Running black format check..."
+      - black --check src/  # Check formatting without modifying files
+  post_build:
+    commands:
+      - echo "Format check completed."
+
+artifacts:
+  files:
+    - "**/*"  # Include all files
+  discard-paths: yes

terraform/pipelines/modules/codepipeline/buildspecs/lintcheck.yml

@@ -0,0 +1,27 @@
+version: 0.2
+
+phases:
+  install:
+    runtime-versions:
+      python: 3.12  # Specify the desired Python version
+    commands:
+      - echo "Installing required dependencies..."
+      - pip install --upgrade pip
+      - pip install -r requirements.txt
+      - pip install pylint  # Install pylint
+  pre_build:
+    commands:
+      - echo "Starting pylint checks..."
+  build:
+    commands:
+      - echo "Running pylint documentation check..."
+      - pylint src/ # Check for missing docstrings
+      - echo "Documentation check completed."
+  post_build:
+    commands:
+      - echo "Pylint documentation check completed successfully."
+
+artifacts:
+  files:
+    - "**/*"  # Include all files
+  discard-paths: yes

terraform/pipelines/modules/codepipeline/buildspecs/ossdepscan.yml

@@ -3,7 +3,7 @@ version: 0.2
 phases:
   install:
     runtime-versions:
-      python: 3.9
+      python: 3.12
     commands:
       - echo "Installing container scanning tools..."
       - pip install --upgrade pip

terraform/pipelines/modules/codepipeline/buildspecs/sastscanning.yml

@@ -12,6 +12,7 @@ phases:
   pre_build:
     commands:
       - echo "Installing dependencies..."
+      - pip install --upgrade pip
       - pip install -r requirements.txt
   build:
     commands:

terraform/pipelines/modules/codepipeline/buildspecs/unittests.yml

@@ -0,0 +1,27 @@
+version: 0.2
+
+phases:
+  install:
+    runtime-versions:
+      python: 3.12  # Specify the desired Python version
+    commands:
+      - echo "Installing required dependencies..."
+      - pip install --upgrade pip
+      - pip install -r requirements.txt
+      - pip install pytest pytest-cov  # Install pytest and pytest-cov for coverage reporting
+  pre_build:
+    commands:
+      - echo "Starting unit test process..."
+  build:
+    commands:
+      - echo "Running pytest with coverage reporting..."
+      # Run tests and generate coverage report
+      - pytest --cov=src --cov-report=xml --cov-report=term-missing --cov-fail-under=80
+  post_build:
+    commands:
+      - echo "Unit testing and coverage reporting completed."
+
+artifacts:
+  files:
+    - "coverage.xml"  # Include the coverage report as an artifact
+  discard-paths: yes

terraform/pipelines/modules/codepipeline/main.tf

@@ -240,25 +240,69 @@ resource "aws_codepipeline" "pipeline" {
     name = "Test"
 
     action {
-      name            = "StaticCodeAnalysis"
+      name            = "FormatCheck"
       category        = "Test"
       owner           = "AWS"
       provider        = "CodeBuild"
       version         = "1"
       input_artifacts = ["BuildArtifact"]
+      run_order       = 1
+
+      configuration = {
+        ProjectName = aws_codebuild_project.format_check_project.name
+      }
+    }
+
+    action {
+      name            = "LintCheck"
+      category        = "Test"
+      owner           = "AWS"
+      provider        = "CodeBuild"
+      version         = "1"
+      input_artifacts = ["BuildArtifact"]
+      run_order       = 1
+
+      configuration = {
+        ProjectName = aws_codebuild_project.lint_check_project.name
+      }
+    }
+
+    action {
+      name            = "RunUnitTests"
+      category        = "Test"
+      owner           = "AWS"
+      provider        = "CodeBuild"
+      version         = "1"
+      input_artifacts = ["BuildArtifact"]
+      run_order       = 2
+
+      configuration = {
+        ProjectName = aws_codebuild_project.unittest_project.name
+      }
+    }
+
+    action {
+      name            = "SnykSecurityScan"
+      category        = "Test"
+      owner           = "AWS"
+      provider        = "CodeBuild"
+      version         = "1"
+      input_artifacts = ["BuildArtifact"]
+      run_order       = 3
 
       configuration = {
         ProjectName = aws_codebuild_project.static_analysis_project.name
       }
     }
 
     action {
-      name            = "OSSDependencyScan"
+      name            = "ContainerSecurityScan"
       category        = "Test"
       owner           = "AWS"
       provider        = "CodeBuild"
       version         = "1"
       input_artifacts = ["BuildArtifact"]
+      run_order       = 3
 
       configuration = {
         ProjectName = aws_codebuild_project.oss_scanning_project.name
@@ -313,6 +357,88 @@ resource "aws_codebuild_project" "build_project" {
   }
 }
 
+resource "aws_codebuild_project" "format_check_project" {
+  name         = "${var.repo_name}-formatcheck-project"
+  service_role = aws_iam_role.codebuild_role.arn
+
+  environment {
+    compute_type    = var.compute_type
+    image           = var.build_image
+    type            = var.environment_type
+    privileged_mode = var.privileged_mode
+
+    environment_variable {
+      name  = "IMAGE_REPO_NAME"
+      value = aws_ecr_repository.this.name
+    }
+  }
+
+  source {
+    type      = "NO_SOURCE"
+    buildspec = file("${path.module}/buildspecs/formatcheck.yml")
+  }
+
+  artifacts {
+    type     = "S3"
+    location = var.s3_bucket_name
+  }
+}
+
+resource "aws_codebuild_project" "unittest_project" {
+  name         = "${var.repo_name}-unittest-project"
+  service_role = aws_iam_role.codebuild_role.arn
+
+  environment {
+    compute_type    = var.compute_type
+    image           = var.build_image
+    type            = var.environment_type
+    privileged_mode = var.privileged_mode
+
+    environment_variable {
+      name  = "IMAGE_REPO_NAME"
+      value = aws_ecr_repository.this.name
+    }
+  }
+
+  source {
+    type      = "NO_SOURCE"
+    buildspec = file("${path.module}/buildspecs/unittests.yml")
+  }
+
+  artifacts {
+    type     = "S3"
+    location = var.s3_bucket_name
+  }
+}
+
+
+resource "aws_codebuild_project" "lint_check_project" {
+  name         = "${var.repo_name}-lintcheck-project"
+  service_role = aws_iam_role.codebuild_role.arn
+
+  environment {
+    compute_type    = var.compute_type
+    image           = var.build_image
+    type            = var.environment_type
+    privileged_mode = var.privileged_mode
+
+    environment_variable {
+      name  = "IMAGE_REPO_NAME"
+      value = aws_ecr_repository.this.name
+    }
+  }
+
+  source {
+    type      = "NO_SOURCE"
+    buildspec = file("${path.module}/buildspecs/lintcheck.yml")
+  }
+
+  artifacts {
+    type     = "S3"
+    location = var.s3_bucket_name
+  }
+}
+
 resource "aws_codebuild_project" "deploy_project" {
   name         = "${var.repo_name}-deploy-prj"
   service_role = aws_iam_role.codebuild_role.arn