0
0
mirror of https://github.com/renovatebot/renovate.git synced 2024-12-22 21:48:32 +00:00
renovatebot_renovate/lib/modules/platform/codecommit/readme.md

208 lines
6.5 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# AWS CodeCommit
<!-- prettier-ignore -->
!!! warning "No new features for the Codecommit platform"
Amazon has deprecated the Codecommit platform.
We will not work on new features for the Codecommit platform.
Read the [AWS blog, how to migrate your AWS Codecommit repository](https://aws.amazon.com/blogs/devops/how-to-migrate-your-aws-codecommit-repository-to-another-git-provider/) to learn more.
<!-- prettier-ignore -->
!!! warning "This feature is flagged as experimental"
Experimental features might be changed or even removed at any time.
## Authentication
### IAM Role
#### Machine pre-requisites
<!--
TODO: remove ignore
prettier & markdownlint conflicting nested list format
see: https://github.com/renovatebot/renovate/pull/30608
-->
<!-- prettier-ignore -->
1. Install the `aws-cli` program on the machine.
2. Set up the environment with the `git-credentials-helper`:
- For EC2 or Linux: [EC2 codecommit git integration](https://aws.amazon.com/premiumsupport/knowledge-center/codecommit-git-repositories-ec2/).
- For Windows: [windows codecommit git integration](https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-https-windows.html).
3. Set the environment variable `AWS_REGION`.
#### Codebuild Configuration
```yaml title="Add git-credential helper to your buildspec.yml file"
env: git-credential-helper:yes
```
### IAM User
First, you must get an AWS [IAM Access Key id and a Secret access key id](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html).
After that, let Renovate use the AWS CodeCommit authentication keys, by picking _one_ of these methods:
- Create a Renovate config file (`config.js`)
- Set the environment with all required AWS environment variables
- Set AWS credentials with CLI parameters
#### Method 1: Create a Renovate config file (`config.js`)
```
username: AWS IAM access key id
password: AWS Secret access key
endpoint: the URL endpoint e.g https://git-codecommit.us-east-1.amazonaws.com/
token: AWS session token, if you have one
```
#### Method 2: Set the environment with all required AWS environment variables
```
AWS_ACCESS_KEY_ID: AWS IAM access key id
AWS_SECRET_ACCESS_KEY: AWS Secret access key
AWS_REGION: the AWS region e.g us-east-1
AWS_SESSION_TOKEN: AWS session token, if you have one
```
#### Method 3: Set AWS credentials with CLI parameters
```
--username: AWS IAM access key id
--password: AWS Secret access key
--endpoint: the URL endpoint for example https://git-codecommit.us-east-1.amazonaws.com/
--token: AWS session token, if you have one
```
## Permissions
Create a new AWS policy for Renovate with these permissions, then attach it to the user/role.
Change the `Resource` value to the resources you want to use:
```json title="Example policy JSON file"
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "RenovatePolicy",
"Effect": "Allow",
"Action": [
"codecommit:DeleteCommentContent",
"codecommit:UpdatePullRequestDescription",
"codecommit:GitPull",
"codecommit:ListPullRequests",
"codecommit:GetCommentsForPullRequest",
"codecommit:ListRepositories",
"codecommit:UpdatePullRequestTitle",
"codecommit:GetFile",
"codecommit:UpdateComment",
"codecommit:GetRepository",
"codecommit:CreatePullRequest",
"codecommit:CreatePullRequestApprovalRule",
"codecommit:GitPush",
"codecommit:UpdatePullRequestStatus",
"codecommit:GetPullRequest"
],
"Resource": "*"
}
]
}
```
## Running Renovate
Once you have followed method 1, 2 or 3, _and_ have set up the permissions, you're ready to configure Renovate:
- Set `platform: 'codecommit'`
- Set `repositories: ['{repository, names, separated, by, comma}']`, or use [Renovates `autodiscover` feature](../../../self-hosted-configuration.md#autodiscover)
You're ready to run Renovate now, and it will process your repositories.
## Unsupported platform features/concepts
These Renovate features are not supported on Codecommit:
- Adding assignees to PRs
- Automerge
- [`rebaseLabel`](../../../configuration-options.md#rebaselabel) (request a rebase for Renovate)
## Recommendations
Limit the number of open Renovate PRs by setting a `prConcurrentLimit`.
If you close a PR but dont want Renovate to recreate the PR later, then use [package rules](../../../configuration-options.md#packagerules) with the `"enabled": false` key.
This workaround is needed due to platform limitations.
## Example configuration
```js title="Example config.js file"
module.exports = {
endpoint: 'https://git-codecommit.us-east-1.amazonaws.com/',
platform: 'codecommit',
repositories: ['abc/def', 'abc/ghi'],
username: 'ACCESS_KEY_ID_GOES_HERE',
password: 'SECRET_ACCESS_KEY_GOES_HERE',
token: 'AWS_SESSION_TOKEN_GOES_HERE',
gitAuthor: 'your_email@domain',
packageRules: [
{
matchPackageNames: ['package_name', 'package_name2'],
enabled: false,
},
],
};
```
## CodeBuild examples
Create a repository with a `buildspec.yml` file in it.
This repository will be your BuildProject job repository to run Renovate on your repositories.
### Renovate Docker `buildspec.yml`
```yml title="Example buildspec.yml file"
version: 0.2
env:
shell: bash
git-credential-helper: yes
variables:
RENOVATE_PLATFORM: 'codecommit'
RENOVATE_REPOSITORIES: '["repoName1", "repoName2"]'
RENOVATE_CONFIG: '{"extends":["config:recommended"]}'
LOG_LEVEL: 'debug'
AWS_REGION: 'us-east-1'
phases:
build:
on-failure: CONTINUE
commands:
- docker run --rm -e AWS_REGION -e RENOVATE_CONFIG -e RENOVATE_PLATFORM -e RENOVATE_REPOSITORIES -e LOG_LEVEL renovate/renovate
```
### Renovate CLI `buildspec.yml`
```yml title="Example buildspec.yml file"
version: 0.2
env:
shell: bash
git-credential-helper: yes
variables:
RENOVATE_PLATFORM: 'codecommit'
RENOVATE_REPOSITORIES: '["repoName1", "repoName2"]'
RENOVATE_CONFIG: '{"extends":["config:recommended"]}'
LOG_LEVEL: 'debug'
AWS_REGION: 'us-east-1'
phases:
build:
on-failure: CONTINUE
commands:
- npm install -g renovate
- renovate
```
### Notes
To keep BuildProject processing times reasonable, we recommend that you install Renovate on the BuildProject Renovate job repository.
This also avoids running the `npm install` command.
You can add the `config.js` global config to the repository.
You can add the BuildProject repository to the `RENOVATE_REPOSITORIES` variable and get updates on new Renovate versions.