amazon-bedrock-agentcore-samples/04-infrastructure-as-code/terraform/basic-runtime/codebuild.tf at main · madhununna/amazon-bedrock-agentcore-samples · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
# ============================================================================
# CodeBuild Project - Build and Push Docker Image
# ============================================================================

resource "aws_codebuild_project" "agent_image" {
  name          = "${var.stack_name}-basic-agent-build"
  description   = "Build basic agent Docker image for ${var.stack_name}"
  service_role  = aws_iam_role.image_build.arn
  build_timeout = 60

  artifacts {
    type = "NO_ARTIFACTS"
  }

  environment {
    compute_type                = "BUILD_GENERAL1_LARGE"
    image                       = "aws/codebuild/amazonlinux2-aarch64-standard:3.0"
    type                        = "ARM_CONTAINER"
    privileged_mode             = true
    image_pull_credentials_type = "CODEBUILD"

    environment_variable {
      name  = "AWS_DEFAULT_REGION"
      value = data.aws_region.current.id
    }

    environment_variable {
      name  = "AWS_ACCOUNT_ID"
      value = data.aws_caller_identity.current.id
    }

    environment_variable {
      name  = "IMAGE_REPO_NAME"
      value = aws_ecr_repository.agent_ecr.name
    }

    environment_variable {
      name  = "IMAGE_TAG"
      value = var.image_tag
    }

    environment_variable {
      name  = "STACK_NAME"
      value = var.stack_name
    }
  }

  source {
    type      = "S3"
    location  = "${aws_s3_bucket.agent_source.id}/${aws_s3_object.agent_source.key}"
    buildspec = file("${path.module}/buildspec.yml")
  }

  logs_config {
    cloudwatch_logs {
      group_name = "/aws/codebuild/${var.stack_name}-basic-agent-build"
    }
  }

  tags = {
    Name   = "${var.stack_name}-basic-build"
    Module = "CodeBuild"
  }
}

# ============================================================================
# Trigger CodeBuild - Build Image Before Creating Runtime
# ============================================================================

resource "null_resource" "trigger_build" {
  triggers = {
    build_project = aws_codebuild_project.agent_image.id
    image_tag     = var.image_tag
    # Trigger rebuild if ECR repository changes
    ecr_repository = aws_ecr_repository.agent_ecr.id
    # Trigger rebuild when source code changes (MD5 hash)
    source_code_md5 = data.archive_file.agent_source.output_md5
  }

  provisioner "local-exec" {
    command = "${path.module}/scripts/build-image.sh \"${aws_codebuild_project.agent_image.name}\" \"${data.aws_region.current.id}\" \"${aws_ecr_repository.agent_ecr.name}\" \"${var.image_tag}\" \"${aws_ecr_repository.agent_ecr.repository_url}\""
  }

  depends_on = [
    aws_codebuild_project.agent_image,
    aws_ecr_repository.agent_ecr,
    aws_iam_role_policy.image_build,
    aws_s3_object.agent_source
  ]
}