2020/05/07 - AWS CodeBuild - 5 updated api methods
Changes Update codebuild client to latest version
{'projects': {'webhook': {'filterGroups': {'type': {'COMMIT_MESSAGE'}}}}}
Gets information about one or more build projects.
See also: AWS API Documentation
Request Syntax
client.batch_get_projects( names=[ 'string', ] )
list
[REQUIRED]
The names or ARNs of the build projects. To get information about a project shared with your AWS account, its ARN must be specified. You cannot specify a shared project using its name.
(string) --
dict
Response Syntax
{ 'projects': [ { 'name': 'string', 'arn': 'string', 'description': 'string', 'source': { 'type': 'CODECOMMIT'|'CODEPIPELINE'|'GITHUB'|'S3'|'BITBUCKET'|'GITHUB_ENTERPRISE'|'NO_SOURCE', 'location': 'string', 'gitCloneDepth': 123, 'gitSubmodulesConfig': { 'fetchSubmodules': True|False }, 'buildspec': 'string', 'auth': { 'type': 'OAUTH', 'resource': 'string' }, 'reportBuildStatus': True|False, 'insecureSsl': True|False, 'sourceIdentifier': 'string' }, 'secondarySources': [ { 'type': 'CODECOMMIT'|'CODEPIPELINE'|'GITHUB'|'S3'|'BITBUCKET'|'GITHUB_ENTERPRISE'|'NO_SOURCE', 'location': 'string', 'gitCloneDepth': 123, 'gitSubmodulesConfig': { 'fetchSubmodules': True|False }, 'buildspec': 'string', 'auth': { 'type': 'OAUTH', 'resource': 'string' }, 'reportBuildStatus': True|False, 'insecureSsl': True|False, 'sourceIdentifier': 'string' }, ], 'sourceVersion': 'string', 'secondarySourceVersions': [ { 'sourceIdentifier': 'string', 'sourceVersion': 'string' }, ], 'artifacts': { 'type': 'CODEPIPELINE'|'S3'|'NO_ARTIFACTS', 'location': 'string', 'path': 'string', 'namespaceType': 'NONE'|'BUILD_ID', 'name': 'string', 'packaging': 'NONE'|'ZIP', 'overrideArtifactName': True|False, 'encryptionDisabled': True|False, 'artifactIdentifier': 'string' }, 'secondaryArtifacts': [ { 'type': 'CODEPIPELINE'|'S3'|'NO_ARTIFACTS', 'location': 'string', 'path': 'string', 'namespaceType': 'NONE'|'BUILD_ID', 'name': 'string', 'packaging': 'NONE'|'ZIP', 'overrideArtifactName': True|False, 'encryptionDisabled': True|False, 'artifactIdentifier': 'string' }, ], 'cache': { 'type': 'NO_CACHE'|'S3'|'LOCAL', 'location': 'string', 'modes': [ 'LOCAL_DOCKER_LAYER_CACHE'|'LOCAL_SOURCE_CACHE'|'LOCAL_CUSTOM_CACHE', ] }, 'environment': { 'type': 'WINDOWS_CONTAINER'|'LINUX_CONTAINER'|'LINUX_GPU_CONTAINER'|'ARM_CONTAINER', 'image': 'string', 'computeType': 'BUILD_GENERAL1_SMALL'|'BUILD_GENERAL1_MEDIUM'|'BUILD_GENERAL1_LARGE'|'BUILD_GENERAL1_2XLARGE', 'environmentVariables': [ { 'name': 'string', 'value': 'string', 'type': 'PLAINTEXT'|'PARAMETER_STORE'|'SECRETS_MANAGER' }, ], 'privilegedMode': True|False, 'certificate': 'string', 'registryCredential': { 'credential': 'string', 'credentialProvider': 'SECRETS_MANAGER' }, 'imagePullCredentialsType': 'CODEBUILD'|'SERVICE_ROLE' }, 'serviceRole': 'string', 'timeoutInMinutes': 123, 'queuedTimeoutInMinutes': 123, 'encryptionKey': 'string', 'tags': [ { 'key': 'string', 'value': 'string' }, ], 'created': datetime(2015, 1, 1), 'lastModified': datetime(2015, 1, 1), 'webhook': { 'url': 'string', 'payloadUrl': 'string', 'secret': 'string', 'branchFilter': 'string', 'filterGroups': [ [ { 'type': 'EVENT'|'BASE_REF'|'HEAD_REF'|'ACTOR_ACCOUNT_ID'|'FILE_PATH'|'COMMIT_MESSAGE', 'pattern': 'string', 'excludeMatchedPattern': True|False }, ], ], 'lastModifiedSecret': datetime(2015, 1, 1) }, 'vpcConfig': { 'vpcId': 'string', 'subnets': [ 'string', ], 'securityGroupIds': [ 'string', ] }, 'badge': { 'badgeEnabled': True|False, 'badgeRequestUrl': 'string' }, 'logsConfig': { 'cloudWatchLogs': { 'status': 'ENABLED'|'DISABLED', 'groupName': 'string', 'streamName': 'string' }, 's3Logs': { 'status': 'ENABLED'|'DISABLED', 'location': 'string', 'encryptionDisabled': True|False } }, 'fileSystemLocations': [ { 'type': 'EFS', 'location': 'string', 'mountPoint': 'string', 'identifier': 'string', 'mountOptions': 'string' }, ] }, ], 'projectsNotFound': [ 'string', ] }
Response Structure
(dict) --
projects (list) --
Information about the requested build projects.
(dict) --
Information about a build project.
name (string) --
The name of the build project.
arn (string) --
The Amazon Resource Name (ARN) of the build project.
description (string) --
A description that makes the build project easy to identify.
source (dict) --
Information about the build input source code for this build project.
type (string) --
The type of repository that contains the source code to be built. Valid values include:
BITBUCKET: The source code is in a Bitbucket repository.
CODECOMMIT: The source code is in an AWS CodeCommit repository.
CODEPIPELINE: The source code settings are specified in the source action of a pipeline in AWS CodePipeline.
GITHUB: The source code is in a GitHub repository.
GITHUB_ENTERPRISE: The source code is in a GitHub Enterprise repository.
NO_SOURCE: The project does not have input source code.
S3: The source code is in an Amazon Simple Storage Service (Amazon S3) input bucket.
location (string) --
Information about the location of the source code to be built. Valid values include:
For source code settings that are specified in the source action of a pipeline in AWS CodePipeline, location should not be specified. If it is specified, AWS CodePipeline ignores it. This is because AWS CodePipeline uses the settings in a pipeline's source action instead of this value.
For source code in an AWS CodeCommit repository, the HTTPS clone URL to the repository that contains the source code and the buildspec file (for example, ``https://git-codecommit.region-ID.amazonaws.com/v1/repos/repo-name ``).
For source code in an Amazon Simple Storage Service (Amazon S3) input bucket, one of the following.
The path to the ZIP file that contains the source code (for example, bucket-name/path/to/object-name.zip).
The path to the folder that contains the source code (for example, bucket-name/path/to/source-code/folder/).
For source code in a GitHub repository, the HTTPS clone URL to the repository that contains the source and the buildspec file. You must connect your AWS account to your GitHub account. Use the AWS CodeBuild console to start creating a build project. When you use the console to connect (or reconnect) with GitHub, on the GitHub Authorize application page, for Organization access, choose Request access next to each repository you want to allow AWS CodeBuild to have access to, and then choose Authorize application. (After you have connected to your GitHub account, you do not need to finish creating the build project. You can leave the AWS CodeBuild console.) To instruct AWS CodeBuild to use this connection, in the source object, set the auth object's type value to OAUTH.
For source code in a Bitbucket repository, the HTTPS clone URL to the repository that contains the source and the buildspec file. You must connect your AWS account to your Bitbucket account. Use the AWS CodeBuild console to start creating a build project. When you use the console to connect (or reconnect) with Bitbucket, on the Bitbucket Confirm access to your account page, choose Grant access. (After you have connected to your Bitbucket account, you do not need to finish creating the build project. You can leave the AWS CodeBuild console.) To instruct AWS CodeBuild to use this connection, in the source object, set the auth object's type value to OAUTH.
gitCloneDepth (integer) --
Information about the Git clone depth for the build project.
gitSubmodulesConfig (dict) --
Information about the Git submodules configuration for the build project.
fetchSubmodules (boolean) --
Set to true to fetch Git submodules for your AWS CodeBuild build project.
buildspec (string) --
The buildspec file declaration to use for the builds in this build project.
If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in CODEBUILD_SRC_DIR environment variable, or the path to an S3 bucket. The bucket must be in the same AWS Region as the build project. Specify the buildspec file using its ARN (for example, arn:aws:s3:::my-codebuild-sample2/buildspec.yml). If this value is not provided or is set to an empty string, the source code must contain a buildspec file in its root directory. For more information, see Buildspec File Name and Storage Location.
auth (dict) --
Information about the authorization settings for AWS CodeBuild to access the source code to be built.
This information is for the AWS CodeBuild console's use only. Your code should not get or set this information directly.
type (string) --
The authorization type to use. The only valid value is OAUTH, which represents the OAuth authorization type.
resource (string) --
The resource value that applies to the specified authorization type.
reportBuildStatus (boolean) --
Set to true to report the status of a build's start and finish to your source provider. This option is valid only when your source provider is GitHub, GitHub Enterprise, or Bitbucket. If this is set and you use a different source provider, an invalidInputException is thrown.
insecureSsl (boolean) --
Enable this flag to ignore SSL warnings while connecting to the project source code.
sourceIdentifier (string) --
An identifier for this project source.
secondarySources (list) --
An array of ProjectSource objects.
(dict) --
Information about the build input source code for the build project.
type (string) --
The type of repository that contains the source code to be built. Valid values include:
BITBUCKET: The source code is in a Bitbucket repository.
CODECOMMIT: The source code is in an AWS CodeCommit repository.
CODEPIPELINE: The source code settings are specified in the source action of a pipeline in AWS CodePipeline.
GITHUB: The source code is in a GitHub repository.
GITHUB_ENTERPRISE: The source code is in a GitHub Enterprise repository.
NO_SOURCE: The project does not have input source code.
S3: The source code is in an Amazon Simple Storage Service (Amazon S3) input bucket.
location (string) --
Information about the location of the source code to be built. Valid values include:
For source code settings that are specified in the source action of a pipeline in AWS CodePipeline, location should not be specified. If it is specified, AWS CodePipeline ignores it. This is because AWS CodePipeline uses the settings in a pipeline's source action instead of this value.
For source code in an AWS CodeCommit repository, the HTTPS clone URL to the repository that contains the source code and the buildspec file (for example, ``https://git-codecommit.region-ID.amazonaws.com/v1/repos/repo-name ``).
For source code in an Amazon Simple Storage Service (Amazon S3) input bucket, one of the following.
The path to the ZIP file that contains the source code (for example, bucket-name/path/to/object-name.zip).
The path to the folder that contains the source code (for example, bucket-name/path/to/source-code/folder/).
For source code in a GitHub repository, the HTTPS clone URL to the repository that contains the source and the buildspec file. You must connect your AWS account to your GitHub account. Use the AWS CodeBuild console to start creating a build project. When you use the console to connect (or reconnect) with GitHub, on the GitHub Authorize application page, for Organization access, choose Request access next to each repository you want to allow AWS CodeBuild to have access to, and then choose Authorize application. (After you have connected to your GitHub account, you do not need to finish creating the build project. You can leave the AWS CodeBuild console.) To instruct AWS CodeBuild to use this connection, in the source object, set the auth object's type value to OAUTH.
For source code in a Bitbucket repository, the HTTPS clone URL to the repository that contains the source and the buildspec file. You must connect your AWS account to your Bitbucket account. Use the AWS CodeBuild console to start creating a build project. When you use the console to connect (or reconnect) with Bitbucket, on the Bitbucket Confirm access to your account page, choose Grant access. (After you have connected to your Bitbucket account, you do not need to finish creating the build project. You can leave the AWS CodeBuild console.) To instruct AWS CodeBuild to use this connection, in the source object, set the auth object's type value to OAUTH.
gitCloneDepth (integer) --
Information about the Git clone depth for the build project.
gitSubmodulesConfig (dict) --
Information about the Git submodules configuration for the build project.
fetchSubmodules (boolean) --
Set to true to fetch Git submodules for your AWS CodeBuild build project.
buildspec (string) --
The buildspec file declaration to use for the builds in this build project.
If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in CODEBUILD_SRC_DIR environment variable, or the path to an S3 bucket. The bucket must be in the same AWS Region as the build project. Specify the buildspec file using its ARN (for example, arn:aws:s3:::my-codebuild-sample2/buildspec.yml). If this value is not provided or is set to an empty string, the source code must contain a buildspec file in its root directory. For more information, see Buildspec File Name and Storage Location.
auth (dict) --
Information about the authorization settings for AWS CodeBuild to access the source code to be built.
This information is for the AWS CodeBuild console's use only. Your code should not get or set this information directly.
type (string) --
The authorization type to use. The only valid value is OAUTH, which represents the OAuth authorization type.
resource (string) --
The resource value that applies to the specified authorization type.
reportBuildStatus (boolean) --
Set to true to report the status of a build's start and finish to your source provider. This option is valid only when your source provider is GitHub, GitHub Enterprise, or Bitbucket. If this is set and you use a different source provider, an invalidInputException is thrown.
insecureSsl (boolean) --
Enable this flag to ignore SSL warnings while connecting to the project source code.
sourceIdentifier (string) --
An identifier for this project source.
sourceVersion (string) --
A version of the build input to be built for this project. If not specified, the latest version is used. If specified, it must be one of:
For AWS CodeCommit: the commit ID, branch, or Git tag to use.
For GitHub: the commit ID, pull request ID, branch name, or tag name that corresponds to the version of the source code you want to build. If a pull request ID is specified, it must use the format pr/pull-request-ID (for example pr/25). If a branch name is specified, the branch's HEAD commit ID is used. If not specified, the default branch's HEAD commit ID is used.
For Bitbucket: the commit ID, branch name, or tag name that corresponds to the version of the source code you want to build. If a branch name is specified, the branch's HEAD commit ID is used. If not specified, the default branch's HEAD commit ID is used.
For Amazon Simple Storage Service (Amazon S3): the version ID of the object that represents the build input ZIP file to use.
If sourceVersion is specified at the build level, then that version takes precedence over this sourceVersion (at the project level).
For more information, see Source Version Sample with CodeBuild in the AWS CodeBuild User Guide.
secondarySourceVersions (list) --
An array of ProjectSourceVersion objects. If secondarySourceVersions is specified at the build level, then they take over these secondarySourceVersions (at the project level).
(dict) --
A source identifier and its corresponding version.
sourceIdentifier (string) --
An identifier for a source in the build project.
sourceVersion (string) --
The source version for the corresponding source identifier. If specified, must be one of:
For AWS CodeCommit: the commit ID, branch, or Git tag to use.
For GitHub: the commit ID, pull request ID, branch name, or tag name that corresponds to the version of the source code you want to build. If a pull request ID is specified, it must use the format pr/pull-request-ID (for example, pr/25). If a branch name is specified, the branch's HEAD commit ID is used. If not specified, the default branch's HEAD commit ID is used.
For Bitbucket: the commit ID, branch name, or tag name that corresponds to the version of the source code you want to build. If a branch name is specified, the branch's HEAD commit ID is used. If not specified, the default branch's HEAD commit ID is used.
For Amazon Simple Storage Service (Amazon S3): the version ID of the object that represents the build input ZIP file to use.
For more information, see Source Version Sample with CodeBuild in the AWS CodeBuild User Guide.
artifacts (dict) --
Information about the build output artifacts for the build project.
type (string) --
The type of build output artifact. Valid values include:
CODEPIPELINE: The build project has build output generated through AWS CodePipeline.
NO_ARTIFACTS: The build project does not produce any build output.
S3: The build project stores build output in Amazon Simple Storage Service (Amazon S3).
location (string) --
Information about the build output artifact location:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output locations instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, this is the name of the output bucket.
path (string) --
Along with namespaceType and name, the pattern that AWS CodeBuild uses to name and store the output artifact:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output names instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, this is the path to the output artifact. If path is not specified, path is not used.
For example, if path is set to MyArtifacts, namespaceType is set to NONE, and name is set to MyArtifact.zip, the output artifact is stored in the output bucket at MyArtifacts/MyArtifact.zip.
namespaceType (string) --
Along with path and name, the pattern that AWS CodeBuild uses to determine the name and location to store the output artifact:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output names instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, valid values include:
BUILD_ID: Include the build ID in the location of the build output artifact.
NONE: Do not include the build ID. This is the default if namespaceType is not specified.
For example, if path is set to MyArtifacts, namespaceType is set to BUILD_ID, and name is set to MyArtifact.zip, the output artifact is stored in MyArtifacts/build-ID/MyArtifact.zip.
name (string) --
Along with path and namespaceType, the pattern that AWS CodeBuild uses to name and store the output artifact:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output names instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, this is the name of the output artifact object. If you set the name to be a forward slash ("/"), the artifact is stored in the root of the output bucket.
For example:
If path is set to MyArtifacts, namespaceType is set to BUILD_ID, and name is set to MyArtifact.zip, then the output artifact is stored in MyArtifacts/build-ID/MyArtifact.zip.
If path is empty, namespaceType is set to NONE, and name is set to " /", the output artifact is stored in the root of the output bucket.
If path is set to MyArtifacts, namespaceType is set to BUILD_ID, and name is set to " /", the output artifact is stored in ``MyArtifacts/build-ID ``.
packaging (string) --
The type of build output artifact to create:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output artifacts instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, valid values include:
NONE: AWS CodeBuild creates in the output bucket a folder that contains the build output. This is the default if packaging is not specified.
ZIP: AWS CodeBuild creates in the output bucket a ZIP file that contains the build output.
overrideArtifactName (boolean) --
If this flag is set, a name specified in the buildspec file overrides the artifact name. The name specified in a buildspec file is calculated at build time and uses the Shell Command Language. For example, you can append a date and time to your artifact name so that it is always unique.
encryptionDisabled (boolean) --
Set to true if you do not want your output artifacts encrypted. This option is valid only if your artifacts type is Amazon Simple Storage Service (Amazon S3). If this is set with another artifacts type, an invalidInputException is thrown.
artifactIdentifier (string) --
An identifier for this artifact definition.
secondaryArtifacts (list) --
An array of ProjectArtifacts objects.
(dict) --
Information about the build output artifacts for the build project.
type (string) --
The type of build output artifact. Valid values include:
CODEPIPELINE: The build project has build output generated through AWS CodePipeline.
NO_ARTIFACTS: The build project does not produce any build output.
S3: The build project stores build output in Amazon Simple Storage Service (Amazon S3).
location (string) --
Information about the build output artifact location:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output locations instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, this is the name of the output bucket.
path (string) --
Along with namespaceType and name, the pattern that AWS CodeBuild uses to name and store the output artifact:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output names instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, this is the path to the output artifact. If path is not specified, path is not used.
For example, if path is set to MyArtifacts, namespaceType is set to NONE, and name is set to MyArtifact.zip, the output artifact is stored in the output bucket at MyArtifacts/MyArtifact.zip.
namespaceType (string) --
Along with path and name, the pattern that AWS CodeBuild uses to determine the name and location to store the output artifact:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output names instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, valid values include:
BUILD_ID: Include the build ID in the location of the build output artifact.
NONE: Do not include the build ID. This is the default if namespaceType is not specified.
For example, if path is set to MyArtifacts, namespaceType is set to BUILD_ID, and name is set to MyArtifact.zip, the output artifact is stored in MyArtifacts/build-ID/MyArtifact.zip.
name (string) --
Along with path and namespaceType, the pattern that AWS CodeBuild uses to name and store the output artifact:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output names instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, this is the name of the output artifact object. If you set the name to be a forward slash ("/"), the artifact is stored in the root of the output bucket.
For example:
If path is set to MyArtifacts, namespaceType is set to BUILD_ID, and name is set to MyArtifact.zip, then the output artifact is stored in MyArtifacts/build-ID/MyArtifact.zip.
If path is empty, namespaceType is set to NONE, and name is set to " /", the output artifact is stored in the root of the output bucket.
If path is set to MyArtifacts, namespaceType is set to BUILD_ID, and name is set to " /", the output artifact is stored in ``MyArtifacts/build-ID ``.
packaging (string) --
The type of build output artifact to create:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output artifacts instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, valid values include:
NONE: AWS CodeBuild creates in the output bucket a folder that contains the build output. This is the default if packaging is not specified.
ZIP: AWS CodeBuild creates in the output bucket a ZIP file that contains the build output.
overrideArtifactName (boolean) --
If this flag is set, a name specified in the buildspec file overrides the artifact name. The name specified in a buildspec file is calculated at build time and uses the Shell Command Language. For example, you can append a date and time to your artifact name so that it is always unique.
encryptionDisabled (boolean) --
Set to true if you do not want your output artifacts encrypted. This option is valid only if your artifacts type is Amazon Simple Storage Service (Amazon S3). If this is set with another artifacts type, an invalidInputException is thrown.
artifactIdentifier (string) --
An identifier for this artifact definition.
cache (dict) --
Information about the cache for the build project.
type (string) --
The type of cache used by the build project. Valid values include:
NO_CACHE: The build project does not use any cache.
S3: The build project reads and writes from and to S3.
LOCAL: The build project stores a cache locally on a build host that is only available to that build host.
location (string) --
Information about the cache location:
NO_CACHE or LOCAL: This value is ignored.
S3: This is the S3 bucket name/prefix.
modes (list) --
If you use a LOCAL cache, the local cache mode. You can use one or more local cache modes at the same time.
LOCAL_SOURCE_CACHE mode caches Git metadata for primary and secondary sources. After the cache is created, subsequent builds pull only the change between commits. This mode is a good choice for projects with a clean working directory and a source that is a large Git repository. If you choose this option and your project does not use a Git repository (GitHub, GitHub Enterprise, or Bitbucket), the option is ignored.
LOCAL_DOCKER_LAYER_CACHE mode caches existing Docker layers. This mode is a good choice for projects that build or pull large Docker images. It can prevent the performance issues caused by pulling large Docker images down from the network.
LOCAL_CUSTOM_CACHE mode caches directories you specify in the buildspec file. This mode is a good choice if your build scenario is not suited to one of the other three local cache modes. If you use a custom cache:
Only directories can be specified for caching. You cannot specify individual files.
Symlinks are used to reference cached directories.
Cached directories are linked to your build before it downloads its project sources. Cached items are overridden if a source item has the same name. Directories are specified using cache paths in the buildspec file.
(string) --
environment (dict) --
Information about the build environment for this build project.
type (string) --
The type of build environment to use for related builds.
The environment type ARM_CONTAINER is available only in regions US East (N. Virginia), US East (Ohio), US West (Oregon), EU (Ireland), Asia Pacific (Mumbai), Asia Pacific (Tokyo), Asia Pacific (Sydney), and EU (Frankfurt).
The environment type LINUX_CONTAINER with compute type build.general1.2xlarge is available only in regions US East (N. Virginia), US East (Ohio), US West (Oregon), Canada (Central), EU (Ireland), EU (London), EU (Frankfurt), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), China (Beijing), and China (Ningxia).
The environment type LINUX_GPU_CONTAINER is available only in regions US East (N. Virginia), US East (Ohio), US West (Oregon), Canada (Central), EU (Ireland), EU (London), EU (Frankfurt), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney) , China (Beijing), and China (Ningxia).
image (string) --
The image tag or image digest that identifies the Docker image to use for this build project. Use the following formats:
For an image tag: registry/repository:tag. For example, to specify an image with the tag "latest," use registry/repository:latest.
For an image digest: registry/repository@digest. For example, to specify an image with the digest "sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf," use registry/repository@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf.
computeType (string) --
Information about the compute resources the build project uses. Available values include:
BUILD_GENERAL1_SMALL: Use up to 3 GB memory and 2 vCPUs for builds.
BUILD_GENERAL1_MEDIUM: Use up to 7 GB memory and 4 vCPUs for builds.
BUILD_GENERAL1_LARGE: Use up to 16 GB memory and 8 vCPUs for builds, depending on your environment type.
BUILD_GENERAL1_2XLARGE: Use up to 145 GB memory, 72 vCPUs, and 824 GB of SSD storage for builds. This compute type supports Docker images up to 100 GB uncompressed.
If you use BUILD_GENERAL1_LARGE:
For environment type LINUX_CONTAINER, you can use up to 15 GB memory and 8 vCPUs for builds.
For environment type LINUX_GPU_CONTAINER, you can use up to 255 GB memory, 32 vCPUs, and 4 NVIDIA Tesla V100 GPUs for builds.
For environment type ARM_CONTAINER, you can use up to 16 GB memory and 8 vCPUs on ARM-based processors for builds.
For more information, see Build Environment Compute Types in the AWS CodeBuild User Guide.
environmentVariables (list) --
A set of environment variables to make available to builds for this build project.
(dict) --
Information about an environment variable for a build project or a build.
name (string) --
The name or key of the environment variable.
value (string) --
The value of the environment variable.
type (string) --
The type of environment variable. Valid values include:
PARAMETER_STORE: An environment variable stored in Amazon EC2 Systems Manager Parameter Store. To learn how to specify a parameter store environment variable, see parameter store reference-key in the buildspec file.
PLAINTEXT: An environment variable in plain text format. This is the default value.
SECRETS_MANAGER: An environment variable stored in AWS Secrets Manager. To learn how to specify a secrets manager environment variable, see secrets manager reference-key in the buildspec file.
privilegedMode (boolean) --
Enables running the Docker daemon inside a Docker container. Set to true only if the build project is used to build Docker images. Otherwise, a build that attempts to interact with the Docker daemon fails. The default setting is false.
You can initialize the Docker daemon during the install phase of your build by adding one of the following sets of commands to the install phase of your buildspec file:
If the operating system's base image is Ubuntu Linux:
- nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 --storage-driver=overlay&
- timeout 15 sh -c "until docker info; do echo .; sleep 1; done"
If the operating system's base image is Alpine Linux and the previous command does not work, add the -t argument to timeout:
- nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 --storage-driver=overlay&
- timeout -t 15 sh -c "until docker info; do echo .; sleep 1; done"
certificate (string) --
The certificate to use with this build project.
registryCredential (dict) --
The credentials for access to a private registry.
credential (string) --
The Amazon Resource Name (ARN) or name of credentials created using AWS Secrets Manager.
credentialProvider (string) --
The service that created the credentials to access a private Docker registry. The valid value, SECRETS_MANAGER, is for AWS Secrets Manager.
imagePullCredentialsType (string) --
The type of credentials AWS CodeBuild uses to pull images in your build. There are two valid values:
CODEBUILD specifies that AWS CodeBuild uses its own credentials. This requires that you modify your ECR repository policy to trust AWS CodeBuild's service principal.
SERVICE_ROLE specifies that AWS CodeBuild uses your build project's service role.
When you use a cross-account or private registry image, you must use SERVICE_ROLE credentials. When you use an AWS CodeBuild curated image, you must use CODEBUILD credentials.
serviceRole (string) --
The ARN of the AWS Identity and Access Management (IAM) role that enables AWS CodeBuild to interact with dependent AWS services on behalf of the AWS account.
timeoutInMinutes (integer) --
How long, in minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait before timing out any related build that did not get marked as completed. The default is 60 minutes.
queuedTimeoutInMinutes (integer) --
The number of minutes a build is allowed to be queued before it times out.
encryptionKey (string) --
The AWS Key Management Service (AWS KMS) customer master key (CMK) to be used for encrypting the build output artifacts.
You can specify either the Amazon Resource Name (ARN) of the CMK or, if available, the CMK's alias (using the format ``alias/alias-name ``).
tags (list) --
The tags for this build project.
These tags are available for use by AWS services that support AWS CodeBuild build project tags.
(dict) --
A tag, consisting of a key and a value.
This tag is available for use by AWS services that support tags in AWS CodeBuild.
key (string) --
The tag's key.
value (string) --
The tag's value.
created (datetime) --
When the build project was created, expressed in Unix time format.
lastModified (datetime) --
When the build project's settings were last modified, expressed in Unix time format.
webhook (dict) --
Information about a webhook that connects repository events to a build project in AWS CodeBuild.
url (string) --
The URL to the webhook.
payloadUrl (string) --
The AWS CodeBuild endpoint where webhook events are sent.
secret (string) --
The secret token of the associated repository.
branchFilter (string) --
A regular expression used to determine which repository branches are built when a webhook is triggered. If the name of a branch matches the regular expression, then it is built. If branchFilter is empty, then all branches are built.
filterGroups (list) --
An array of arrays of WebhookFilter objects used to determine which webhooks are triggered. At least one WebhookFilter in the array must specify EVENT as its type.
For a build to be triggered, at least one filter group in the filterGroups array must pass. For a filter group to pass, each of its filters must pass.
(list) --
(dict) --
A filter used to determine which webhooks trigger a build.
type (string) --
The type of webhook filter. There are six webhook filter types: EVENT, ACTOR_ACCOUNT_ID, HEAD_REF, BASE_REF, FILE_PATH, and COMMIT_MESSAGE.
EVENT
A webhook event triggers a build when the provided pattern matches one of five event types: PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED, PULL_REQUEST_REOPENED, and PULL_REQUEST_MERGED. The EVENT patterns are specified as a comma-separated string. For example, PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED filters all push, pull request created, and pull request updated events.
A webhook event triggers a build when a GitHub, GitHub Enterprise, or Bitbucket account ID matches the regular expression pattern.
HEAD_REF
A webhook event triggers a build when the head reference matches the regular expression pattern. For example, refs/heads/branch-name and refs/tags/tag-name.
Works with GitHub and GitHub Enterprise push, GitHub and GitHub Enterprise pull request, Bitbucket push, and Bitbucket pull request events.
BASE_REF
A webhook event triggers a build when the base reference matches the regular expression pattern. For example, refs/heads/branch-name.
A webhook triggers a build when the path of a changed file matches the regular expression pattern.
A webhook triggers a build when the head commit message matches the regular expression pattern.
pattern (string) --
For a WebHookFilter that uses EVENT type, a comma-separated string that specifies one or more events. For example, the webhook filter PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED allows all push, pull request created, and pull request updated events to trigger a build.
For a WebHookFilter that uses any of the other filter types, a regular expression pattern. For example, a WebHookFilter that uses HEAD_REF for its type and the pattern ^refs/heads/ triggers a build when the head reference is a branch with a reference name refs/heads/branch-name.
excludeMatchedPattern (boolean) --
Used to indicate that the pattern determines which webhook events do not trigger a build. If true, then a webhook event that does not match the pattern triggers a build. If false, then a webhook event that matches the pattern triggers a build.
lastModifiedSecret (datetime) --
A timestamp that indicates the last time a repository's secret token was modified.
vpcConfig (dict) --
Information about the VPC configuration that AWS CodeBuild accesses.
vpcId (string) --
The ID of the Amazon VPC.
subnets (list) --
A list of one or more subnet IDs in your Amazon VPC.
(string) --
securityGroupIds (list) --
A list of one or more security groups IDs in your Amazon VPC.
(string) --
badge (dict) --
Information about the build badge for the build project.
badgeEnabled (boolean) --
Set this to true to generate a publicly accessible URL for your project's build badge.
badgeRequestUrl (string) --
The publicly-accessible URL through which you can access the build badge for your project.
The publicly accessible URL through which you can access the build badge for your project.
logsConfig (dict) --
Information about logs for the build project. A project can create logs in Amazon CloudWatch Logs, an S3 bucket, or both.
cloudWatchLogs (dict) --
Information about Amazon CloudWatch Logs for a build project. Amazon CloudWatch Logs are enabled by default.
status (string) --
The current status of the logs in Amazon CloudWatch Logs for a build project. Valid values are:
ENABLED: Amazon CloudWatch Logs are enabled for this build project.
DISABLED: Amazon CloudWatch Logs are not enabled for this build project.
groupName (string) --
The group name of the logs in Amazon CloudWatch Logs. For more information, see Working with Log Groups and Log Streams.
streamName (string) --
The prefix of the stream name of the Amazon CloudWatch Logs. For more information, see Working with Log Groups and Log Streams.
s3Logs (dict) --
Information about logs built to an S3 bucket for a build project. S3 logs are not enabled by default.
status (string) --
The current status of the S3 build logs. Valid values are:
ENABLED: S3 build logs are enabled for this build project.
DISABLED: S3 build logs are not enabled for this build project.
location (string) --
The ARN of an S3 bucket and the path prefix for S3 logs. If your Amazon S3 bucket name is my-bucket, and your path prefix is build-log, then acceptable formats are my-bucket/build-log or arn:aws:s3:::my-bucket/build-log.
encryptionDisabled (boolean) --
Set to true if you do not want your S3 build log output encrypted. By default S3 build logs are encrypted.
fileSystemLocations (list) --
An array of ProjectFileSystemLocation objects for a CodeBuild build project. A ProjectFileSystemLocation object specifies the identifier, location, mountOptions, mountPoint, and type of a file system created using Amazon Elastic File System.
(dict) --
Information about a file system created by Amazon Elastic File System (EFS). For more information, see What Is Amazon Elastic File System?
type (string) --
The type of the file system. The one supported type is EFS.
location (string) --
A string that specifies the location of the file system created by Amazon EFS. Its format is efs-dns-name:/directory-path. You can find the DNS name of file system when you view it in the AWS EFS console. The directory path is a path to a directory in the file system that CodeBuild mounts. For example, if the DNS name of a file system is fs-abcd1234.efs.us-west-2.amazonaws.com, and its mount directory is my-efs-mount-directory, then the location is fs-abcd1234.efs.us-west-2.amazonaws.com:/my-efs-mount-directory.
The directory path in the format efs-dns-name:/directory-path is optional. If you do not specify a directory path, the location is only the DNS name and CodeBuild mounts the entire file system.
mountPoint (string) --
The location in the container where you mount the file system.
identifier (string) --
The name used to access a file system created by Amazon EFS. CodeBuild creates an environment variable by appending the identifier in all capital letters to CODEBUILD_. For example, if you specify my-efs for identifier, a new environment variable is create named CODEBUILD_MY-EFS.
The identifier is used to mount your file system.
mountOptions (string) --
The mount options for a file system created by AWS EFS. The default mount options used by CodeBuild are nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2. For more information, see Recommended NFS Mount Options.
projectsNotFound (list) --
The names of build projects for which information could not be found.
(string) --
{'project': {'webhook': {'filterGroups': {'type': {'COMMIT_MESSAGE'}}}}}
Creates a build project.
See also: AWS API Documentation
Request Syntax
client.create_project( name='string', description='string', source={ 'type': 'CODECOMMIT'|'CODEPIPELINE'|'GITHUB'|'S3'|'BITBUCKET'|'GITHUB_ENTERPRISE'|'NO_SOURCE', 'location': 'string', 'gitCloneDepth': 123, 'gitSubmodulesConfig': { 'fetchSubmodules': True|False }, 'buildspec': 'string', 'auth': { 'type': 'OAUTH', 'resource': 'string' }, 'reportBuildStatus': True|False, 'insecureSsl': True|False, 'sourceIdentifier': 'string' }, secondarySources=[ { 'type': 'CODECOMMIT'|'CODEPIPELINE'|'GITHUB'|'S3'|'BITBUCKET'|'GITHUB_ENTERPRISE'|'NO_SOURCE', 'location': 'string', 'gitCloneDepth': 123, 'gitSubmodulesConfig': { 'fetchSubmodules': True|False }, 'buildspec': 'string', 'auth': { 'type': 'OAUTH', 'resource': 'string' }, 'reportBuildStatus': True|False, 'insecureSsl': True|False, 'sourceIdentifier': 'string' }, ], sourceVersion='string', secondarySourceVersions=[ { 'sourceIdentifier': 'string', 'sourceVersion': 'string' }, ], artifacts={ 'type': 'CODEPIPELINE'|'S3'|'NO_ARTIFACTS', 'location': 'string', 'path': 'string', 'namespaceType': 'NONE'|'BUILD_ID', 'name': 'string', 'packaging': 'NONE'|'ZIP', 'overrideArtifactName': True|False, 'encryptionDisabled': True|False, 'artifactIdentifier': 'string' }, secondaryArtifacts=[ { 'type': 'CODEPIPELINE'|'S3'|'NO_ARTIFACTS', 'location': 'string', 'path': 'string', 'namespaceType': 'NONE'|'BUILD_ID', 'name': 'string', 'packaging': 'NONE'|'ZIP', 'overrideArtifactName': True|False, 'encryptionDisabled': True|False, 'artifactIdentifier': 'string' }, ], cache={ 'type': 'NO_CACHE'|'S3'|'LOCAL', 'location': 'string', 'modes': [ 'LOCAL_DOCKER_LAYER_CACHE'|'LOCAL_SOURCE_CACHE'|'LOCAL_CUSTOM_CACHE', ] }, environment={ 'type': 'WINDOWS_CONTAINER'|'LINUX_CONTAINER'|'LINUX_GPU_CONTAINER'|'ARM_CONTAINER', 'image': 'string', 'computeType': 'BUILD_GENERAL1_SMALL'|'BUILD_GENERAL1_MEDIUM'|'BUILD_GENERAL1_LARGE'|'BUILD_GENERAL1_2XLARGE', 'environmentVariables': [ { 'name': 'string', 'value': 'string', 'type': 'PLAINTEXT'|'PARAMETER_STORE'|'SECRETS_MANAGER' }, ], 'privilegedMode': True|False, 'certificate': 'string', 'registryCredential': { 'credential': 'string', 'credentialProvider': 'SECRETS_MANAGER' }, 'imagePullCredentialsType': 'CODEBUILD'|'SERVICE_ROLE' }, serviceRole='string', timeoutInMinutes=123, queuedTimeoutInMinutes=123, encryptionKey='string', tags=[ { 'key': 'string', 'value': 'string' }, ], vpcConfig={ 'vpcId': 'string', 'subnets': [ 'string', ], 'securityGroupIds': [ 'string', ] }, badgeEnabled=True|False, logsConfig={ 'cloudWatchLogs': { 'status': 'ENABLED'|'DISABLED', 'groupName': 'string', 'streamName': 'string' }, 's3Logs': { 'status': 'ENABLED'|'DISABLED', 'location': 'string', 'encryptionDisabled': True|False } }, fileSystemLocations=[ { 'type': 'EFS', 'location': 'string', 'mountPoint': 'string', 'identifier': 'string', 'mountOptions': 'string' }, ] )
string
[REQUIRED]
The name of the build project.
string
A description that makes the build project easy to identify.
dict
[REQUIRED]
Information about the build input source code for the build project.
type (string) -- [REQUIRED]
The type of repository that contains the source code to be built. Valid values include:
BITBUCKET: The source code is in a Bitbucket repository.
CODECOMMIT: The source code is in an AWS CodeCommit repository.
CODEPIPELINE: The source code settings are specified in the source action of a pipeline in AWS CodePipeline.
GITHUB: The source code is in a GitHub repository.
GITHUB_ENTERPRISE: The source code is in a GitHub Enterprise repository.
NO_SOURCE: The project does not have input source code.
S3: The source code is in an Amazon Simple Storage Service (Amazon S3) input bucket.
location (string) --
Information about the location of the source code to be built. Valid values include:
For source code settings that are specified in the source action of a pipeline in AWS CodePipeline, location should not be specified. If it is specified, AWS CodePipeline ignores it. This is because AWS CodePipeline uses the settings in a pipeline's source action instead of this value.
For source code in an AWS CodeCommit repository, the HTTPS clone URL to the repository that contains the source code and the buildspec file (for example, ``https://git-codecommit.region-ID.amazonaws.com/v1/repos/repo-name ``).
For source code in an Amazon Simple Storage Service (Amazon S3) input bucket, one of the following.
The path to the ZIP file that contains the source code (for example, bucket-name/path/to/object-name.zip).
The path to the folder that contains the source code (for example, bucket-name/path/to/source-code/folder/).
For source code in a GitHub repository, the HTTPS clone URL to the repository that contains the source and the buildspec file. You must connect your AWS account to your GitHub account. Use the AWS CodeBuild console to start creating a build project. When you use the console to connect (or reconnect) with GitHub, on the GitHub Authorize application page, for Organization access, choose Request access next to each repository you want to allow AWS CodeBuild to have access to, and then choose Authorize application. (After you have connected to your GitHub account, you do not need to finish creating the build project. You can leave the AWS CodeBuild console.) To instruct AWS CodeBuild to use this connection, in the source object, set the auth object's type value to OAUTH.
For source code in a Bitbucket repository, the HTTPS clone URL to the repository that contains the source and the buildspec file. You must connect your AWS account to your Bitbucket account. Use the AWS CodeBuild console to start creating a build project. When you use the console to connect (or reconnect) with Bitbucket, on the Bitbucket Confirm access to your account page, choose Grant access. (After you have connected to your Bitbucket account, you do not need to finish creating the build project. You can leave the AWS CodeBuild console.) To instruct AWS CodeBuild to use this connection, in the source object, set the auth object's type value to OAUTH.
gitCloneDepth (integer) --
Information about the Git clone depth for the build project.
gitSubmodulesConfig (dict) --
Information about the Git submodules configuration for the build project.
fetchSubmodules (boolean) -- [REQUIRED]
Set to true to fetch Git submodules for your AWS CodeBuild build project.
buildspec (string) --
The buildspec file declaration to use for the builds in this build project.
If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in CODEBUILD_SRC_DIR environment variable, or the path to an S3 bucket. The bucket must be in the same AWS Region as the build project. Specify the buildspec file using its ARN (for example, arn:aws:s3:::my-codebuild-sample2/buildspec.yml). If this value is not provided or is set to an empty string, the source code must contain a buildspec file in its root directory. For more information, see Buildspec File Name and Storage Location.
auth (dict) --
Information about the authorization settings for AWS CodeBuild to access the source code to be built.
This information is for the AWS CodeBuild console's use only. Your code should not get or set this information directly.
type (string) -- [REQUIRED]
The authorization type to use. The only valid value is OAUTH, which represents the OAuth authorization type.
resource (string) --
The resource value that applies to the specified authorization type.
reportBuildStatus (boolean) --
Set to true to report the status of a build's start and finish to your source provider. This option is valid only when your source provider is GitHub, GitHub Enterprise, or Bitbucket. If this is set and you use a different source provider, an invalidInputException is thrown.
insecureSsl (boolean) --
Enable this flag to ignore SSL warnings while connecting to the project source code.
sourceIdentifier (string) --
An identifier for this project source.
list
An array of ProjectSource objects.
(dict) --
Information about the build input source code for the build project.
type (string) -- [REQUIRED]
The type of repository that contains the source code to be built. Valid values include:
BITBUCKET: The source code is in a Bitbucket repository.
CODECOMMIT: The source code is in an AWS CodeCommit repository.
CODEPIPELINE: The source code settings are specified in the source action of a pipeline in AWS CodePipeline.
GITHUB: The source code is in a GitHub repository.
GITHUB_ENTERPRISE: The source code is in a GitHub Enterprise repository.
NO_SOURCE: The project does not have input source code.
S3: The source code is in an Amazon Simple Storage Service (Amazon S3) input bucket.
location (string) --
Information about the location of the source code to be built. Valid values include:
For source code settings that are specified in the source action of a pipeline in AWS CodePipeline, location should not be specified. If it is specified, AWS CodePipeline ignores it. This is because AWS CodePipeline uses the settings in a pipeline's source action instead of this value.
For source code in an AWS CodeCommit repository, the HTTPS clone URL to the repository that contains the source code and the buildspec file (for example, ``https://git-codecommit.region-ID.amazonaws.com/v1/repos/repo-name ``).
For source code in an Amazon Simple Storage Service (Amazon S3) input bucket, one of the following.
The path to the ZIP file that contains the source code (for example, bucket-name/path/to/object-name.zip).
The path to the folder that contains the source code (for example, bucket-name/path/to/source-code/folder/).
For source code in a GitHub repository, the HTTPS clone URL to the repository that contains the source and the buildspec file. You must connect your AWS account to your GitHub account. Use the AWS CodeBuild console to start creating a build project. When you use the console to connect (or reconnect) with GitHub, on the GitHub Authorize application page, for Organization access, choose Request access next to each repository you want to allow AWS CodeBuild to have access to, and then choose Authorize application. (After you have connected to your GitHub account, you do not need to finish creating the build project. You can leave the AWS CodeBuild console.) To instruct AWS CodeBuild to use this connection, in the source object, set the auth object's type value to OAUTH.
For source code in a Bitbucket repository, the HTTPS clone URL to the repository that contains the source and the buildspec file. You must connect your AWS account to your Bitbucket account. Use the AWS CodeBuild console to start creating a build project. When you use the console to connect (or reconnect) with Bitbucket, on the Bitbucket Confirm access to your account page, choose Grant access. (After you have connected to your Bitbucket account, you do not need to finish creating the build project. You can leave the AWS CodeBuild console.) To instruct AWS CodeBuild to use this connection, in the source object, set the auth object's type value to OAUTH.
gitCloneDepth (integer) --
Information about the Git clone depth for the build project.
gitSubmodulesConfig (dict) --
Information about the Git submodules configuration for the build project.
fetchSubmodules (boolean) -- [REQUIRED]
Set to true to fetch Git submodules for your AWS CodeBuild build project.
buildspec (string) --
The buildspec file declaration to use for the builds in this build project.
If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in CODEBUILD_SRC_DIR environment variable, or the path to an S3 bucket. The bucket must be in the same AWS Region as the build project. Specify the buildspec file using its ARN (for example, arn:aws:s3:::my-codebuild-sample2/buildspec.yml). If this value is not provided or is set to an empty string, the source code must contain a buildspec file in its root directory. For more information, see Buildspec File Name and Storage Location.
auth (dict) --
Information about the authorization settings for AWS CodeBuild to access the source code to be built.
This information is for the AWS CodeBuild console's use only. Your code should not get or set this information directly.
type (string) -- [REQUIRED]
The authorization type to use. The only valid value is OAUTH, which represents the OAuth authorization type.
resource (string) --
The resource value that applies to the specified authorization type.
reportBuildStatus (boolean) --
Set to true to report the status of a build's start and finish to your source provider. This option is valid only when your source provider is GitHub, GitHub Enterprise, or Bitbucket. If this is set and you use a different source provider, an invalidInputException is thrown.
insecureSsl (boolean) --
Enable this flag to ignore SSL warnings while connecting to the project source code.
sourceIdentifier (string) --
An identifier for this project source.
string
A version of the build input to be built for this project. If not specified, the latest version is used. If specified, it must be one of:
For AWS CodeCommit: the commit ID, branch, or Git tag to use.
For GitHub: the commit ID, pull request ID, branch name, or tag name that corresponds to the version of the source code you want to build. If a pull request ID is specified, it must use the format pr/pull-request-ID (for example pr/25). If a branch name is specified, the branch's HEAD commit ID is used. If not specified, the default branch's HEAD commit ID is used.
For Bitbucket: the commit ID, branch name, or tag name that corresponds to the version of the source code you want to build. If a branch name is specified, the branch's HEAD commit ID is used. If not specified, the default branch's HEAD commit ID is used.
For Amazon Simple Storage Service (Amazon S3): the version ID of the object that represents the build input ZIP file to use.
If sourceVersion is specified at the build level, then that version takes precedence over this sourceVersion (at the project level).
For more information, see Source Version Sample with CodeBuild in the AWS CodeBuild User Guide.
list
An array of ProjectSourceVersion objects. If secondarySourceVersions is specified at the build level, then they take precedence over these secondarySourceVersions (at the project level).
(dict) --
A source identifier and its corresponding version.
sourceIdentifier (string) -- [REQUIRED]
An identifier for a source in the build project.
sourceVersion (string) -- [REQUIRED]
The source version for the corresponding source identifier. If specified, must be one of:
For AWS CodeCommit: the commit ID, branch, or Git tag to use.
For GitHub: the commit ID, pull request ID, branch name, or tag name that corresponds to the version of the source code you want to build. If a pull request ID is specified, it must use the format pr/pull-request-ID (for example, pr/25). If a branch name is specified, the branch's HEAD commit ID is used. If not specified, the default branch's HEAD commit ID is used.
For Bitbucket: the commit ID, branch name, or tag name that corresponds to the version of the source code you want to build. If a branch name is specified, the branch's HEAD commit ID is used. If not specified, the default branch's HEAD commit ID is used.
For Amazon Simple Storage Service (Amazon S3): the version ID of the object that represents the build input ZIP file to use.
For more information, see Source Version Sample with CodeBuild in the AWS CodeBuild User Guide.
dict
[REQUIRED]
Information about the build output artifacts for the build project.
type (string) -- [REQUIRED]
The type of build output artifact. Valid values include:
CODEPIPELINE: The build project has build output generated through AWS CodePipeline.
NO_ARTIFACTS: The build project does not produce any build output.
S3: The build project stores build output in Amazon Simple Storage Service (Amazon S3).
location (string) --
Information about the build output artifact location:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output locations instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, this is the name of the output bucket.
path (string) --
Along with namespaceType and name, the pattern that AWS CodeBuild uses to name and store the output artifact:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output names instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, this is the path to the output artifact. If path is not specified, path is not used.
For example, if path is set to MyArtifacts, namespaceType is set to NONE, and name is set to MyArtifact.zip, the output artifact is stored in the output bucket at MyArtifacts/MyArtifact.zip.
namespaceType (string) --
Along with path and name, the pattern that AWS CodeBuild uses to determine the name and location to store the output artifact:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output names instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, valid values include:
BUILD_ID: Include the build ID in the location of the build output artifact.
NONE: Do not include the build ID. This is the default if namespaceType is not specified.
For example, if path is set to MyArtifacts, namespaceType is set to BUILD_ID, and name is set to MyArtifact.zip, the output artifact is stored in MyArtifacts/build-ID/MyArtifact.zip.
name (string) --
Along with path and namespaceType, the pattern that AWS CodeBuild uses to name and store the output artifact:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output names instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, this is the name of the output artifact object. If you set the name to be a forward slash ("/"), the artifact is stored in the root of the output bucket.
For example:
If path is set to MyArtifacts, namespaceType is set to BUILD_ID, and name is set to MyArtifact.zip, then the output artifact is stored in MyArtifacts/build-ID/MyArtifact.zip.
If path is empty, namespaceType is set to NONE, and name is set to " /", the output artifact is stored in the root of the output bucket.
If path is set to MyArtifacts, namespaceType is set to BUILD_ID, and name is set to " /", the output artifact is stored in ``MyArtifacts/build-ID ``.
packaging (string) --
The type of build output artifact to create:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output artifacts instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, valid values include:
NONE: AWS CodeBuild creates in the output bucket a folder that contains the build output. This is the default if packaging is not specified.
ZIP: AWS CodeBuild creates in the output bucket a ZIP file that contains the build output.
overrideArtifactName (boolean) --
If this flag is set, a name specified in the buildspec file overrides the artifact name. The name specified in a buildspec file is calculated at build time and uses the Shell Command Language. For example, you can append a date and time to your artifact name so that it is always unique.
encryptionDisabled (boolean) --
Set to true if you do not want your output artifacts encrypted. This option is valid only if your artifacts type is Amazon Simple Storage Service (Amazon S3). If this is set with another artifacts type, an invalidInputException is thrown.
artifactIdentifier (string) --
An identifier for this artifact definition.
list
An array of ProjectArtifacts objects.
(dict) --
Information about the build output artifacts for the build project.
type (string) -- [REQUIRED]
The type of build output artifact. Valid values include:
CODEPIPELINE: The build project has build output generated through AWS CodePipeline.
NO_ARTIFACTS: The build project does not produce any build output.
S3: The build project stores build output in Amazon Simple Storage Service (Amazon S3).
location (string) --
Information about the build output artifact location:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output locations instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, this is the name of the output bucket.
path (string) --
Along with namespaceType and name, the pattern that AWS CodeBuild uses to name and store the output artifact:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output names instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, this is the path to the output artifact. If path is not specified, path is not used.
For example, if path is set to MyArtifacts, namespaceType is set to NONE, and name is set to MyArtifact.zip, the output artifact is stored in the output bucket at MyArtifacts/MyArtifact.zip.
namespaceType (string) --
Along with path and name, the pattern that AWS CodeBuild uses to determine the name and location to store the output artifact:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output names instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, valid values include:
BUILD_ID: Include the build ID in the location of the build output artifact.
NONE: Do not include the build ID. This is the default if namespaceType is not specified.
For example, if path is set to MyArtifacts, namespaceType is set to BUILD_ID, and name is set to MyArtifact.zip, the output artifact is stored in MyArtifacts/build-ID/MyArtifact.zip.
name (string) --
Along with path and namespaceType, the pattern that AWS CodeBuild uses to name and store the output artifact:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output names instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, this is the name of the output artifact object. If you set the name to be a forward slash ("/"), the artifact is stored in the root of the output bucket.
For example:
If path is set to MyArtifacts, namespaceType is set to BUILD_ID, and name is set to MyArtifact.zip, then the output artifact is stored in MyArtifacts/build-ID/MyArtifact.zip.
If path is empty, namespaceType is set to NONE, and name is set to " /", the output artifact is stored in the root of the output bucket.
If path is set to MyArtifacts, namespaceType is set to BUILD_ID, and name is set to " /", the output artifact is stored in ``MyArtifacts/build-ID ``.
packaging (string) --
The type of build output artifact to create:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output artifacts instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, valid values include:
NONE: AWS CodeBuild creates in the output bucket a folder that contains the build output. This is the default if packaging is not specified.
ZIP: AWS CodeBuild creates in the output bucket a ZIP file that contains the build output.
overrideArtifactName (boolean) --
If this flag is set, a name specified in the buildspec file overrides the artifact name. The name specified in a buildspec file is calculated at build time and uses the Shell Command Language. For example, you can append a date and time to your artifact name so that it is always unique.
encryptionDisabled (boolean) --
Set to true if you do not want your output artifacts encrypted. This option is valid only if your artifacts type is Amazon Simple Storage Service (Amazon S3). If this is set with another artifacts type, an invalidInputException is thrown.
artifactIdentifier (string) --
An identifier for this artifact definition.
dict
Stores recently used information so that it can be quickly accessed at a later time.
type (string) -- [REQUIRED]
The type of cache used by the build project. Valid values include:
NO_CACHE: The build project does not use any cache.
S3: The build project reads and writes from and to S3.
LOCAL: The build project stores a cache locally on a build host that is only available to that build host.
location (string) --
Information about the cache location:
NO_CACHE or LOCAL: This value is ignored.
S3: This is the S3 bucket name/prefix.
modes (list) --
If you use a LOCAL cache, the local cache mode. You can use one or more local cache modes at the same time.
LOCAL_SOURCE_CACHE mode caches Git metadata for primary and secondary sources. After the cache is created, subsequent builds pull only the change between commits. This mode is a good choice for projects with a clean working directory and a source that is a large Git repository. If you choose this option and your project does not use a Git repository (GitHub, GitHub Enterprise, or Bitbucket), the option is ignored.
LOCAL_DOCKER_LAYER_CACHE mode caches existing Docker layers. This mode is a good choice for projects that build or pull large Docker images. It can prevent the performance issues caused by pulling large Docker images down from the network.
LOCAL_CUSTOM_CACHE mode caches directories you specify in the buildspec file. This mode is a good choice if your build scenario is not suited to one of the other three local cache modes. If you use a custom cache:
Only directories can be specified for caching. You cannot specify individual files.
Symlinks are used to reference cached directories.
Cached directories are linked to your build before it downloads its project sources. Cached items are overridden if a source item has the same name. Directories are specified using cache paths in the buildspec file.
(string) --
dict
[REQUIRED]
Information about the build environment for the build project.
type (string) -- [REQUIRED]
The type of build environment to use for related builds.
The environment type ARM_CONTAINER is available only in regions US East (N. Virginia), US East (Ohio), US West (Oregon), EU (Ireland), Asia Pacific (Mumbai), Asia Pacific (Tokyo), Asia Pacific (Sydney), and EU (Frankfurt).
The environment type LINUX_CONTAINER with compute type build.general1.2xlarge is available only in regions US East (N. Virginia), US East (Ohio), US West (Oregon), Canada (Central), EU (Ireland), EU (London), EU (Frankfurt), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), China (Beijing), and China (Ningxia).
The environment type LINUX_GPU_CONTAINER is available only in regions US East (N. Virginia), US East (Ohio), US West (Oregon), Canada (Central), EU (Ireland), EU (London), EU (Frankfurt), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney) , China (Beijing), and China (Ningxia).
image (string) -- [REQUIRED]
The image tag or image digest that identifies the Docker image to use for this build project. Use the following formats:
For an image tag: registry/repository:tag. For example, to specify an image with the tag "latest," use registry/repository:latest.
For an image digest: registry/repository@digest. For example, to specify an image with the digest "sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf," use registry/repository@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf.
computeType (string) -- [REQUIRED]
Information about the compute resources the build project uses. Available values include:
BUILD_GENERAL1_SMALL: Use up to 3 GB memory and 2 vCPUs for builds.
BUILD_GENERAL1_MEDIUM: Use up to 7 GB memory and 4 vCPUs for builds.
BUILD_GENERAL1_LARGE: Use up to 16 GB memory and 8 vCPUs for builds, depending on your environment type.
BUILD_GENERAL1_2XLARGE: Use up to 145 GB memory, 72 vCPUs, and 824 GB of SSD storage for builds. This compute type supports Docker images up to 100 GB uncompressed.
If you use BUILD_GENERAL1_LARGE:
For environment type LINUX_CONTAINER, you can use up to 15 GB memory and 8 vCPUs for builds.
For environment type LINUX_GPU_CONTAINER, you can use up to 255 GB memory, 32 vCPUs, and 4 NVIDIA Tesla V100 GPUs for builds.
For environment type ARM_CONTAINER, you can use up to 16 GB memory and 8 vCPUs on ARM-based processors for builds.
For more information, see Build Environment Compute Types in the AWS CodeBuild User Guide.
environmentVariables (list) --
A set of environment variables to make available to builds for this build project.
(dict) --
Information about an environment variable for a build project or a build.
name (string) -- [REQUIRED]
The name or key of the environment variable.
value (string) -- [REQUIRED]
The value of the environment variable.
type (string) --
The type of environment variable. Valid values include:
PARAMETER_STORE: An environment variable stored in Amazon EC2 Systems Manager Parameter Store. To learn how to specify a parameter store environment variable, see parameter store reference-key in the buildspec file.
PLAINTEXT: An environment variable in plain text format. This is the default value.
SECRETS_MANAGER: An environment variable stored in AWS Secrets Manager. To learn how to specify a secrets manager environment variable, see secrets manager reference-key in the buildspec file.
privilegedMode (boolean) --
Enables running the Docker daemon inside a Docker container. Set to true only if the build project is used to build Docker images. Otherwise, a build that attempts to interact with the Docker daemon fails. The default setting is false.
You can initialize the Docker daemon during the install phase of your build by adding one of the following sets of commands to the install phase of your buildspec file:
If the operating system's base image is Ubuntu Linux:
- nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 --storage-driver=overlay&
- timeout 15 sh -c "until docker info; do echo .; sleep 1; done"
If the operating system's base image is Alpine Linux and the previous command does not work, add the -t argument to timeout:
- nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 --storage-driver=overlay&
- timeout -t 15 sh -c "until docker info; do echo .; sleep 1; done"
certificate (string) --
The certificate to use with this build project.
registryCredential (dict) --
The credentials for access to a private registry.
credential (string) -- [REQUIRED]
The Amazon Resource Name (ARN) or name of credentials created using AWS Secrets Manager.
credentialProvider (string) -- [REQUIRED]
The service that created the credentials to access a private Docker registry. The valid value, SECRETS_MANAGER, is for AWS Secrets Manager.
imagePullCredentialsType (string) --
The type of credentials AWS CodeBuild uses to pull images in your build. There are two valid values:
CODEBUILD specifies that AWS CodeBuild uses its own credentials. This requires that you modify your ECR repository policy to trust AWS CodeBuild's service principal.
SERVICE_ROLE specifies that AWS CodeBuild uses your build project's service role.
When you use a cross-account or private registry image, you must use SERVICE_ROLE credentials. When you use an AWS CodeBuild curated image, you must use CODEBUILD credentials.
string
[REQUIRED]
The ARN of the AWS Identity and Access Management (IAM) role that enables AWS CodeBuild to interact with dependent AWS services on behalf of the AWS account.
integer
How long, in minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait before it times out any build that has not been marked as completed. The default is 60 minutes.
integer
The number of minutes a build is allowed to be queued before it times out.
string
The AWS Key Management Service (AWS KMS) customer master key (CMK) to be used for encrypting the build output artifacts.
You can specify either the Amazon Resource Name (ARN) of the CMK or, if available, the CMK's alias (using the format ``alias/alias-name ``).
list
A set of tags for this build project.
These tags are available for use by AWS services that support AWS CodeBuild build project tags.
(dict) --
A tag, consisting of a key and a value.
This tag is available for use by AWS services that support tags in AWS CodeBuild.
key (string) --
The tag's key.
value (string) --
The tag's value.
dict
VpcConfig enables AWS CodeBuild to access resources in an Amazon VPC.
vpcId (string) --
The ID of the Amazon VPC.
subnets (list) --
A list of one or more subnet IDs in your Amazon VPC.
(string) --
securityGroupIds (list) --
A list of one or more security groups IDs in your Amazon VPC.
(string) --
boolean
Set this to true to generate a publicly accessible URL for your project's build badge.
dict
Information about logs for the build project. These can be logs in Amazon CloudWatch Logs, logs uploaded to a specified S3 bucket, or both.
cloudWatchLogs (dict) --
Information about Amazon CloudWatch Logs for a build project. Amazon CloudWatch Logs are enabled by default.
status (string) -- [REQUIRED]
The current status of the logs in Amazon CloudWatch Logs for a build project. Valid values are:
ENABLED: Amazon CloudWatch Logs are enabled for this build project.
DISABLED: Amazon CloudWatch Logs are not enabled for this build project.
groupName (string) --
The group name of the logs in Amazon CloudWatch Logs. For more information, see Working with Log Groups and Log Streams.
streamName (string) --
The prefix of the stream name of the Amazon CloudWatch Logs. For more information, see Working with Log Groups and Log Streams.
s3Logs (dict) --
Information about logs built to an S3 bucket for a build project. S3 logs are not enabled by default.
status (string) -- [REQUIRED]
The current status of the S3 build logs. Valid values are:
ENABLED: S3 build logs are enabled for this build project.
DISABLED: S3 build logs are not enabled for this build project.
location (string) --
The ARN of an S3 bucket and the path prefix for S3 logs. If your Amazon S3 bucket name is my-bucket, and your path prefix is build-log, then acceptable formats are my-bucket/build-log or arn:aws:s3:::my-bucket/build-log.
encryptionDisabled (boolean) --
Set to true if you do not want your S3 build log output encrypted. By default S3 build logs are encrypted.
list
An array of ProjectFileSystemLocation objects for a CodeBuild build project. A ProjectFileSystemLocation object specifies the identifier, location, mountOptions, mountPoint, and type of a file system created using Amazon Elastic File System.
(dict) --
Information about a file system created by Amazon Elastic File System (EFS). For more information, see What Is Amazon Elastic File System?
type (string) --
The type of the file system. The one supported type is EFS.
location (string) --
A string that specifies the location of the file system created by Amazon EFS. Its format is efs-dns-name:/directory-path. You can find the DNS name of file system when you view it in the AWS EFS console. The directory path is a path to a directory in the file system that CodeBuild mounts. For example, if the DNS name of a file system is fs-abcd1234.efs.us-west-2.amazonaws.com, and its mount directory is my-efs-mount-directory, then the location is fs-abcd1234.efs.us-west-2.amazonaws.com:/my-efs-mount-directory.
The directory path in the format efs-dns-name:/directory-path is optional. If you do not specify a directory path, the location is only the DNS name and CodeBuild mounts the entire file system.
mountPoint (string) --
The location in the container where you mount the file system.
identifier (string) --
The name used to access a file system created by Amazon EFS. CodeBuild creates an environment variable by appending the identifier in all capital letters to CODEBUILD_. For example, if you specify my-efs for identifier, a new environment variable is create named CODEBUILD_MY-EFS.
The identifier is used to mount your file system.
mountOptions (string) --
The mount options for a file system created by AWS EFS. The default mount options used by CodeBuild are nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2. For more information, see Recommended NFS Mount Options.
dict
Response Syntax
{ 'project': { 'name': 'string', 'arn': 'string', 'description': 'string', 'source': { 'type': 'CODECOMMIT'|'CODEPIPELINE'|'GITHUB'|'S3'|'BITBUCKET'|'GITHUB_ENTERPRISE'|'NO_SOURCE', 'location': 'string', 'gitCloneDepth': 123, 'gitSubmodulesConfig': { 'fetchSubmodules': True|False }, 'buildspec': 'string', 'auth': { 'type': 'OAUTH', 'resource': 'string' }, 'reportBuildStatus': True|False, 'insecureSsl': True|False, 'sourceIdentifier': 'string' }, 'secondarySources': [ { 'type': 'CODECOMMIT'|'CODEPIPELINE'|'GITHUB'|'S3'|'BITBUCKET'|'GITHUB_ENTERPRISE'|'NO_SOURCE', 'location': 'string', 'gitCloneDepth': 123, 'gitSubmodulesConfig': { 'fetchSubmodules': True|False }, 'buildspec': 'string', 'auth': { 'type': 'OAUTH', 'resource': 'string' }, 'reportBuildStatus': True|False, 'insecureSsl': True|False, 'sourceIdentifier': 'string' }, ], 'sourceVersion': 'string', 'secondarySourceVersions': [ { 'sourceIdentifier': 'string', 'sourceVersion': 'string' }, ], 'artifacts': { 'type': 'CODEPIPELINE'|'S3'|'NO_ARTIFACTS', 'location': 'string', 'path': 'string', 'namespaceType': 'NONE'|'BUILD_ID', 'name': 'string', 'packaging': 'NONE'|'ZIP', 'overrideArtifactName': True|False, 'encryptionDisabled': True|False, 'artifactIdentifier': 'string' }, 'secondaryArtifacts': [ { 'type': 'CODEPIPELINE'|'S3'|'NO_ARTIFACTS', 'location': 'string', 'path': 'string', 'namespaceType': 'NONE'|'BUILD_ID', 'name': 'string', 'packaging': 'NONE'|'ZIP', 'overrideArtifactName': True|False, 'encryptionDisabled': True|False, 'artifactIdentifier': 'string' }, ], 'cache': { 'type': 'NO_CACHE'|'S3'|'LOCAL', 'location': 'string', 'modes': [ 'LOCAL_DOCKER_LAYER_CACHE'|'LOCAL_SOURCE_CACHE'|'LOCAL_CUSTOM_CACHE', ] }, 'environment': { 'type': 'WINDOWS_CONTAINER'|'LINUX_CONTAINER'|'LINUX_GPU_CONTAINER'|'ARM_CONTAINER', 'image': 'string', 'computeType': 'BUILD_GENERAL1_SMALL'|'BUILD_GENERAL1_MEDIUM'|'BUILD_GENERAL1_LARGE'|'BUILD_GENERAL1_2XLARGE', 'environmentVariables': [ { 'name': 'string', 'value': 'string', 'type': 'PLAINTEXT'|'PARAMETER_STORE'|'SECRETS_MANAGER' }, ], 'privilegedMode': True|False, 'certificate': 'string', 'registryCredential': { 'credential': 'string', 'credentialProvider': 'SECRETS_MANAGER' }, 'imagePullCredentialsType': 'CODEBUILD'|'SERVICE_ROLE' }, 'serviceRole': 'string', 'timeoutInMinutes': 123, 'queuedTimeoutInMinutes': 123, 'encryptionKey': 'string', 'tags': [ { 'key': 'string', 'value': 'string' }, ], 'created': datetime(2015, 1, 1), 'lastModified': datetime(2015, 1, 1), 'webhook': { 'url': 'string', 'payloadUrl': 'string', 'secret': 'string', 'branchFilter': 'string', 'filterGroups': [ [ { 'type': 'EVENT'|'BASE_REF'|'HEAD_REF'|'ACTOR_ACCOUNT_ID'|'FILE_PATH'|'COMMIT_MESSAGE', 'pattern': 'string', 'excludeMatchedPattern': True|False }, ], ], 'lastModifiedSecret': datetime(2015, 1, 1) }, 'vpcConfig': { 'vpcId': 'string', 'subnets': [ 'string', ], 'securityGroupIds': [ 'string', ] }, 'badge': { 'badgeEnabled': True|False, 'badgeRequestUrl': 'string' }, 'logsConfig': { 'cloudWatchLogs': { 'status': 'ENABLED'|'DISABLED', 'groupName': 'string', 'streamName': 'string' }, 's3Logs': { 'status': 'ENABLED'|'DISABLED', 'location': 'string', 'encryptionDisabled': True|False } }, 'fileSystemLocations': [ { 'type': 'EFS', 'location': 'string', 'mountPoint': 'string', 'identifier': 'string', 'mountOptions': 'string' }, ] } }
Response Structure
(dict) --
project (dict) --
Information about the build project that was created.
name (string) --
The name of the build project.
arn (string) --
The Amazon Resource Name (ARN) of the build project.
description (string) --
A description that makes the build project easy to identify.
source (dict) --
Information about the build input source code for this build project.
type (string) --
The type of repository that contains the source code to be built. Valid values include:
BITBUCKET: The source code is in a Bitbucket repository.
CODECOMMIT: The source code is in an AWS CodeCommit repository.
CODEPIPELINE: The source code settings are specified in the source action of a pipeline in AWS CodePipeline.
GITHUB: The source code is in a GitHub repository.
GITHUB_ENTERPRISE: The source code is in a GitHub Enterprise repository.
NO_SOURCE: The project does not have input source code.
S3: The source code is in an Amazon Simple Storage Service (Amazon S3) input bucket.
location (string) --
Information about the location of the source code to be built. Valid values include:
For source code settings that are specified in the source action of a pipeline in AWS CodePipeline, location should not be specified. If it is specified, AWS CodePipeline ignores it. This is because AWS CodePipeline uses the settings in a pipeline's source action instead of this value.
For source code in an AWS CodeCommit repository, the HTTPS clone URL to the repository that contains the source code and the buildspec file (for example, ``https://git-codecommit.region-ID.amazonaws.com/v1/repos/repo-name ``).
For source code in an Amazon Simple Storage Service (Amazon S3) input bucket, one of the following.
The path to the ZIP file that contains the source code (for example, bucket-name/path/to/object-name.zip).
The path to the folder that contains the source code (for example, bucket-name/path/to/source-code/folder/).
For source code in a GitHub repository, the HTTPS clone URL to the repository that contains the source and the buildspec file. You must connect your AWS account to your GitHub account. Use the AWS CodeBuild console to start creating a build project. When you use the console to connect (or reconnect) with GitHub, on the GitHub Authorize application page, for Organization access, choose Request access next to each repository you want to allow AWS CodeBuild to have access to, and then choose Authorize application. (After you have connected to your GitHub account, you do not need to finish creating the build project. You can leave the AWS CodeBuild console.) To instruct AWS CodeBuild to use this connection, in the source object, set the auth object's type value to OAUTH.
For source code in a Bitbucket repository, the HTTPS clone URL to the repository that contains the source and the buildspec file. You must connect your AWS account to your Bitbucket account. Use the AWS CodeBuild console to start creating a build project. When you use the console to connect (or reconnect) with Bitbucket, on the Bitbucket Confirm access to your account page, choose Grant access. (After you have connected to your Bitbucket account, you do not need to finish creating the build project. You can leave the AWS CodeBuild console.) To instruct AWS CodeBuild to use this connection, in the source object, set the auth object's type value to OAUTH.
gitCloneDepth (integer) --
Information about the Git clone depth for the build project.
gitSubmodulesConfig (dict) --
Information about the Git submodules configuration for the build project.
fetchSubmodules (boolean) --
Set to true to fetch Git submodules for your AWS CodeBuild build project.
buildspec (string) --
The buildspec file declaration to use for the builds in this build project.
If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in CODEBUILD_SRC_DIR environment variable, or the path to an S3 bucket. The bucket must be in the same AWS Region as the build project. Specify the buildspec file using its ARN (for example, arn:aws:s3:::my-codebuild-sample2/buildspec.yml). If this value is not provided or is set to an empty string, the source code must contain a buildspec file in its root directory. For more information, see Buildspec File Name and Storage Location.
auth (dict) --
Information about the authorization settings for AWS CodeBuild to access the source code to be built.
This information is for the AWS CodeBuild console's use only. Your code should not get or set this information directly.
type (string) --
The authorization type to use. The only valid value is OAUTH, which represents the OAuth authorization type.
resource (string) --
The resource value that applies to the specified authorization type.
reportBuildStatus (boolean) --
Set to true to report the status of a build's start and finish to your source provider. This option is valid only when your source provider is GitHub, GitHub Enterprise, or Bitbucket. If this is set and you use a different source provider, an invalidInputException is thrown.
insecureSsl (boolean) --
Enable this flag to ignore SSL warnings while connecting to the project source code.
sourceIdentifier (string) --
An identifier for this project source.
secondarySources (list) --
An array of ProjectSource objects.
(dict) --
Information about the build input source code for the build project.
type (string) --
The type of repository that contains the source code to be built. Valid values include:
BITBUCKET: The source code is in a Bitbucket repository.
CODECOMMIT: The source code is in an AWS CodeCommit repository.
CODEPIPELINE: The source code settings are specified in the source action of a pipeline in AWS CodePipeline.
GITHUB: The source code is in a GitHub repository.
GITHUB_ENTERPRISE: The source code is in a GitHub Enterprise repository.
NO_SOURCE: The project does not have input source code.
S3: The source code is in an Amazon Simple Storage Service (Amazon S3) input bucket.
location (string) --
Information about the location of the source code to be built. Valid values include:
For source code settings that are specified in the source action of a pipeline in AWS CodePipeline, location should not be specified. If it is specified, AWS CodePipeline ignores it. This is because AWS CodePipeline uses the settings in a pipeline's source action instead of this value.
For source code in an AWS CodeCommit repository, the HTTPS clone URL to the repository that contains the source code and the buildspec file (for example, ``https://git-codecommit.region-ID.amazonaws.com/v1/repos/repo-name ``).
For source code in an Amazon Simple Storage Service (Amazon S3) input bucket, one of the following.
The path to the ZIP file that contains the source code (for example, bucket-name/path/to/object-name.zip).
The path to the folder that contains the source code (for example, bucket-name/path/to/source-code/folder/).
For source code in a GitHub repository, the HTTPS clone URL to the repository that contains the source and the buildspec file. You must connect your AWS account to your GitHub account. Use the AWS CodeBuild console to start creating a build project. When you use the console to connect (or reconnect) with GitHub, on the GitHub Authorize application page, for Organization access, choose Request access next to each repository you want to allow AWS CodeBuild to have access to, and then choose Authorize application. (After you have connected to your GitHub account, you do not need to finish creating the build project. You can leave the AWS CodeBuild console.) To instruct AWS CodeBuild to use this connection, in the source object, set the auth object's type value to OAUTH.
For source code in a Bitbucket repository, the HTTPS clone URL to the repository that contains the source and the buildspec file. You must connect your AWS account to your Bitbucket account. Use the AWS CodeBuild console to start creating a build project. When you use the console to connect (or reconnect) with Bitbucket, on the Bitbucket Confirm access to your account page, choose Grant access. (After you have connected to your Bitbucket account, you do not need to finish creating the build project. You can leave the AWS CodeBuild console.) To instruct AWS CodeBuild to use this connection, in the source object, set the auth object's type value to OAUTH.
gitCloneDepth (integer) --
Information about the Git clone depth for the build project.
gitSubmodulesConfig (dict) --
Information about the Git submodules configuration for the build project.
fetchSubmodules (boolean) --
Set to true to fetch Git submodules for your AWS CodeBuild build project.
buildspec (string) --
The buildspec file declaration to use for the builds in this build project.
If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in CODEBUILD_SRC_DIR environment variable, or the path to an S3 bucket. The bucket must be in the same AWS Region as the build project. Specify the buildspec file using its ARN (for example, arn:aws:s3:::my-codebuild-sample2/buildspec.yml). If this value is not provided or is set to an empty string, the source code must contain a buildspec file in its root directory. For more information, see Buildspec File Name and Storage Location.
auth (dict) --
Information about the authorization settings for AWS CodeBuild to access the source code to be built.
This information is for the AWS CodeBuild console's use only. Your code should not get or set this information directly.
type (string) --
The authorization type to use. The only valid value is OAUTH, which represents the OAuth authorization type.
resource (string) --
The resource value that applies to the specified authorization type.
reportBuildStatus (boolean) --
Set to true to report the status of a build's start and finish to your source provider. This option is valid only when your source provider is GitHub, GitHub Enterprise, or Bitbucket. If this is set and you use a different source provider, an invalidInputException is thrown.
insecureSsl (boolean) --
Enable this flag to ignore SSL warnings while connecting to the project source code.
sourceIdentifier (string) --
An identifier for this project source.
sourceVersion (string) --
A version of the build input to be built for this project. If not specified, the latest version is used. If specified, it must be one of:
For AWS CodeCommit: the commit ID, branch, or Git tag to use.
For GitHub: the commit ID, pull request ID, branch name, or tag name that corresponds to the version of the source code you want to build. If a pull request ID is specified, it must use the format pr/pull-request-ID (for example pr/25). If a branch name is specified, the branch's HEAD commit ID is used. If not specified, the default branch's HEAD commit ID is used.
For Bitbucket: the commit ID, branch name, or tag name that corresponds to the version of the source code you want to build. If a branch name is specified, the branch's HEAD commit ID is used. If not specified, the default branch's HEAD commit ID is used.
For Amazon Simple Storage Service (Amazon S3): the version ID of the object that represents the build input ZIP file to use.
If sourceVersion is specified at the build level, then that version takes precedence over this sourceVersion (at the project level).
For more information, see Source Version Sample with CodeBuild in the AWS CodeBuild User Guide.
secondarySourceVersions (list) --
An array of ProjectSourceVersion objects. If secondarySourceVersions is specified at the build level, then they take over these secondarySourceVersions (at the project level).
(dict) --
A source identifier and its corresponding version.
sourceIdentifier (string) --
An identifier for a source in the build project.
sourceVersion (string) --
The source version for the corresponding source identifier. If specified, must be one of:
For AWS CodeCommit: the commit ID, branch, or Git tag to use.
For GitHub: the commit ID, pull request ID, branch name, or tag name that corresponds to the version of the source code you want to build. If a pull request ID is specified, it must use the format pr/pull-request-ID (for example, pr/25). If a branch name is specified, the branch's HEAD commit ID is used. If not specified, the default branch's HEAD commit ID is used.
For Bitbucket: the commit ID, branch name, or tag name that corresponds to the version of the source code you want to build. If a branch name is specified, the branch's HEAD commit ID is used. If not specified, the default branch's HEAD commit ID is used.
For Amazon Simple Storage Service (Amazon S3): the version ID of the object that represents the build input ZIP file to use.
For more information, see Source Version Sample with CodeBuild in the AWS CodeBuild User Guide.
artifacts (dict) --
Information about the build output artifacts for the build project.
type (string) --
The type of build output artifact. Valid values include:
CODEPIPELINE: The build project has build output generated through AWS CodePipeline.
NO_ARTIFACTS: The build project does not produce any build output.
S3: The build project stores build output in Amazon Simple Storage Service (Amazon S3).
location (string) --
Information about the build output artifact location:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output locations instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, this is the name of the output bucket.
path (string) --
Along with namespaceType and name, the pattern that AWS CodeBuild uses to name and store the output artifact:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output names instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, this is the path to the output artifact. If path is not specified, path is not used.
For example, if path is set to MyArtifacts, namespaceType is set to NONE, and name is set to MyArtifact.zip, the output artifact is stored in the output bucket at MyArtifacts/MyArtifact.zip.
namespaceType (string) --
Along with path and name, the pattern that AWS CodeBuild uses to determine the name and location to store the output artifact:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output names instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, valid values include:
BUILD_ID: Include the build ID in the location of the build output artifact.
NONE: Do not include the build ID. This is the default if namespaceType is not specified.
For example, if path is set to MyArtifacts, namespaceType is set to BUILD_ID, and name is set to MyArtifact.zip, the output artifact is stored in MyArtifacts/build-ID/MyArtifact.zip.
name (string) --
Along with path and namespaceType, the pattern that AWS CodeBuild uses to name and store the output artifact:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output names instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, this is the name of the output artifact object. If you set the name to be a forward slash ("/"), the artifact is stored in the root of the output bucket.
For example:
If path is set to MyArtifacts, namespaceType is set to BUILD_ID, and name is set to MyArtifact.zip, then the output artifact is stored in MyArtifacts/build-ID/MyArtifact.zip.
If path is empty, namespaceType is set to NONE, and name is set to " /", the output artifact is stored in the root of the output bucket.
If path is set to MyArtifacts, namespaceType is set to BUILD_ID, and name is set to " /", the output artifact is stored in ``MyArtifacts/build-ID ``.
packaging (string) --
The type of build output artifact to create:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output artifacts instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, valid values include:
NONE: AWS CodeBuild creates in the output bucket a folder that contains the build output. This is the default if packaging is not specified.
ZIP: AWS CodeBuild creates in the output bucket a ZIP file that contains the build output.
overrideArtifactName (boolean) --
If this flag is set, a name specified in the buildspec file overrides the artifact name. The name specified in a buildspec file is calculated at build time and uses the Shell Command Language. For example, you can append a date and time to your artifact name so that it is always unique.
encryptionDisabled (boolean) --
Set to true if you do not want your output artifacts encrypted. This option is valid only if your artifacts type is Amazon Simple Storage Service (Amazon S3). If this is set with another artifacts type, an invalidInputException is thrown.
artifactIdentifier (string) --
An identifier for this artifact definition.
secondaryArtifacts (list) --
An array of ProjectArtifacts objects.
(dict) --
Information about the build output artifacts for the build project.
type (string) --
The type of build output artifact. Valid values include:
CODEPIPELINE: The build project has build output generated through AWS CodePipeline.
NO_ARTIFACTS: The build project does not produce any build output.
S3: The build project stores build output in Amazon Simple Storage Service (Amazon S3).
location (string) --
Information about the build output artifact location:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output locations instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, this is the name of the output bucket.
path (string) --
Along with namespaceType and name, the pattern that AWS CodeBuild uses to name and store the output artifact:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output names instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, this is the path to the output artifact. If path is not specified, path is not used.
For example, if path is set to MyArtifacts, namespaceType is set to NONE, and name is set to MyArtifact.zip, the output artifact is stored in the output bucket at MyArtifacts/MyArtifact.zip.
namespaceType (string) --
Along with path and name, the pattern that AWS CodeBuild uses to determine the name and location to store the output artifact:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output names instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, valid values include:
BUILD_ID: Include the build ID in the location of the build output artifact.
NONE: Do not include the build ID. This is the default if namespaceType is not specified.
For example, if path is set to MyArtifacts, namespaceType is set to BUILD_ID, and name is set to MyArtifact.zip, the output artifact is stored in MyArtifacts/build-ID/MyArtifact.zip.
name (string) --
Along with path and namespaceType, the pattern that AWS CodeBuild uses to name and store the output artifact:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output names instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, this is the name of the output artifact object. If you set the name to be a forward slash ("/"), the artifact is stored in the root of the output bucket.
For example:
If path is set to MyArtifacts, namespaceType is set to BUILD_ID, and name is set to MyArtifact.zip, then the output artifact is stored in MyArtifacts/build-ID/MyArtifact.zip.
If path is empty, namespaceType is set to NONE, and name is set to " /", the output artifact is stored in the root of the output bucket.
If path is set to MyArtifacts, namespaceType is set to BUILD_ID, and name is set to " /", the output artifact is stored in ``MyArtifacts/build-ID ``.
packaging (string) --
The type of build output artifact to create:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output artifacts instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, valid values include:
NONE: AWS CodeBuild creates in the output bucket a folder that contains the build output. This is the default if packaging is not specified.
ZIP: AWS CodeBuild creates in the output bucket a ZIP file that contains the build output.
overrideArtifactName (boolean) --
If this flag is set, a name specified in the buildspec file overrides the artifact name. The name specified in a buildspec file is calculated at build time and uses the Shell Command Language. For example, you can append a date and time to your artifact name so that it is always unique.
encryptionDisabled (boolean) --
Set to true if you do not want your output artifacts encrypted. This option is valid only if your artifacts type is Amazon Simple Storage Service (Amazon S3). If this is set with another artifacts type, an invalidInputException is thrown.
artifactIdentifier (string) --
An identifier for this artifact definition.
cache (dict) --
Information about the cache for the build project.
type (string) --
The type of cache used by the build project. Valid values include:
NO_CACHE: The build project does not use any cache.
S3: The build project reads and writes from and to S3.
LOCAL: The build project stores a cache locally on a build host that is only available to that build host.
location (string) --
Information about the cache location:
NO_CACHE or LOCAL: This value is ignored.
S3: This is the S3 bucket name/prefix.
modes (list) --
If you use a LOCAL cache, the local cache mode. You can use one or more local cache modes at the same time.
LOCAL_SOURCE_CACHE mode caches Git metadata for primary and secondary sources. After the cache is created, subsequent builds pull only the change between commits. This mode is a good choice for projects with a clean working directory and a source that is a large Git repository. If you choose this option and your project does not use a Git repository (GitHub, GitHub Enterprise, or Bitbucket), the option is ignored.
LOCAL_DOCKER_LAYER_CACHE mode caches existing Docker layers. This mode is a good choice for projects that build or pull large Docker images. It can prevent the performance issues caused by pulling large Docker images down from the network.
LOCAL_CUSTOM_CACHE mode caches directories you specify in the buildspec file. This mode is a good choice if your build scenario is not suited to one of the other three local cache modes. If you use a custom cache:
Only directories can be specified for caching. You cannot specify individual files.
Symlinks are used to reference cached directories.
Cached directories are linked to your build before it downloads its project sources. Cached items are overridden if a source item has the same name. Directories are specified using cache paths in the buildspec file.
(string) --
environment (dict) --
Information about the build environment for this build project.
type (string) --
The type of build environment to use for related builds.
The environment type ARM_CONTAINER is available only in regions US East (N. Virginia), US East (Ohio), US West (Oregon), EU (Ireland), Asia Pacific (Mumbai), Asia Pacific (Tokyo), Asia Pacific (Sydney), and EU (Frankfurt).
The environment type LINUX_CONTAINER with compute type build.general1.2xlarge is available only in regions US East (N. Virginia), US East (Ohio), US West (Oregon), Canada (Central), EU (Ireland), EU (London), EU (Frankfurt), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), China (Beijing), and China (Ningxia).
The environment type LINUX_GPU_CONTAINER is available only in regions US East (N. Virginia), US East (Ohio), US West (Oregon), Canada (Central), EU (Ireland), EU (London), EU (Frankfurt), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney) , China (Beijing), and China (Ningxia).
image (string) --
The image tag or image digest that identifies the Docker image to use for this build project. Use the following formats:
For an image tag: registry/repository:tag. For example, to specify an image with the tag "latest," use registry/repository:latest.
For an image digest: registry/repository@digest. For example, to specify an image with the digest "sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf," use registry/repository@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf.
computeType (string) --
Information about the compute resources the build project uses. Available values include:
BUILD_GENERAL1_SMALL: Use up to 3 GB memory and 2 vCPUs for builds.
BUILD_GENERAL1_MEDIUM: Use up to 7 GB memory and 4 vCPUs for builds.
BUILD_GENERAL1_LARGE: Use up to 16 GB memory and 8 vCPUs for builds, depending on your environment type.
BUILD_GENERAL1_2XLARGE: Use up to 145 GB memory, 72 vCPUs, and 824 GB of SSD storage for builds. This compute type supports Docker images up to 100 GB uncompressed.
If you use BUILD_GENERAL1_LARGE:
For environment type LINUX_CONTAINER, you can use up to 15 GB memory and 8 vCPUs for builds.
For environment type LINUX_GPU_CONTAINER, you can use up to 255 GB memory, 32 vCPUs, and 4 NVIDIA Tesla V100 GPUs for builds.
For environment type ARM_CONTAINER, you can use up to 16 GB memory and 8 vCPUs on ARM-based processors for builds.
For more information, see Build Environment Compute Types in the AWS CodeBuild User Guide.
environmentVariables (list) --
A set of environment variables to make available to builds for this build project.
(dict) --
Information about an environment variable for a build project or a build.
name (string) --
The name or key of the environment variable.
value (string) --
The value of the environment variable.
type (string) --
The type of environment variable. Valid values include:
PARAMETER_STORE: An environment variable stored in Amazon EC2 Systems Manager Parameter Store. To learn how to specify a parameter store environment variable, see parameter store reference-key in the buildspec file.
PLAINTEXT: An environment variable in plain text format. This is the default value.
SECRETS_MANAGER: An environment variable stored in AWS Secrets Manager. To learn how to specify a secrets manager environment variable, see secrets manager reference-key in the buildspec file.
privilegedMode (boolean) --
Enables running the Docker daemon inside a Docker container. Set to true only if the build project is used to build Docker images. Otherwise, a build that attempts to interact with the Docker daemon fails. The default setting is false.
You can initialize the Docker daemon during the install phase of your build by adding one of the following sets of commands to the install phase of your buildspec file:
If the operating system's base image is Ubuntu Linux:
- nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 --storage-driver=overlay&
- timeout 15 sh -c "until docker info; do echo .; sleep 1; done"
If the operating system's base image is Alpine Linux and the previous command does not work, add the -t argument to timeout:
- nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 --storage-driver=overlay&
- timeout -t 15 sh -c "until docker info; do echo .; sleep 1; done"
certificate (string) --
The certificate to use with this build project.
registryCredential (dict) --
The credentials for access to a private registry.
credential (string) --
The Amazon Resource Name (ARN) or name of credentials created using AWS Secrets Manager.
credentialProvider (string) --
The service that created the credentials to access a private Docker registry. The valid value, SECRETS_MANAGER, is for AWS Secrets Manager.
imagePullCredentialsType (string) --
The type of credentials AWS CodeBuild uses to pull images in your build. There are two valid values:
CODEBUILD specifies that AWS CodeBuild uses its own credentials. This requires that you modify your ECR repository policy to trust AWS CodeBuild's service principal.
SERVICE_ROLE specifies that AWS CodeBuild uses your build project's service role.
When you use a cross-account or private registry image, you must use SERVICE_ROLE credentials. When you use an AWS CodeBuild curated image, you must use CODEBUILD credentials.
serviceRole (string) --
The ARN of the AWS Identity and Access Management (IAM) role that enables AWS CodeBuild to interact with dependent AWS services on behalf of the AWS account.
timeoutInMinutes (integer) --
How long, in minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait before timing out any related build that did not get marked as completed. The default is 60 minutes.
queuedTimeoutInMinutes (integer) --
The number of minutes a build is allowed to be queued before it times out.
encryptionKey (string) --
The AWS Key Management Service (AWS KMS) customer master key (CMK) to be used for encrypting the build output artifacts.
You can specify either the Amazon Resource Name (ARN) of the CMK or, if available, the CMK's alias (using the format ``alias/alias-name ``).
tags (list) --
The tags for this build project.
These tags are available for use by AWS services that support AWS CodeBuild build project tags.
(dict) --
A tag, consisting of a key and a value.
This tag is available for use by AWS services that support tags in AWS CodeBuild.
key (string) --
The tag's key.
value (string) --
The tag's value.
created (datetime) --
When the build project was created, expressed in Unix time format.
lastModified (datetime) --
When the build project's settings were last modified, expressed in Unix time format.
webhook (dict) --
Information about a webhook that connects repository events to a build project in AWS CodeBuild.
url (string) --
The URL to the webhook.
payloadUrl (string) --
The AWS CodeBuild endpoint where webhook events are sent.
secret (string) --
The secret token of the associated repository.
branchFilter (string) --
A regular expression used to determine which repository branches are built when a webhook is triggered. If the name of a branch matches the regular expression, then it is built. If branchFilter is empty, then all branches are built.
filterGroups (list) --
An array of arrays of WebhookFilter objects used to determine which webhooks are triggered. At least one WebhookFilter in the array must specify EVENT as its type.
For a build to be triggered, at least one filter group in the filterGroups array must pass. For a filter group to pass, each of its filters must pass.
(list) --
(dict) --
A filter used to determine which webhooks trigger a build.
type (string) --
The type of webhook filter. There are six webhook filter types: EVENT, ACTOR_ACCOUNT_ID, HEAD_REF, BASE_REF, FILE_PATH, and COMMIT_MESSAGE.
EVENT
A webhook event triggers a build when the provided pattern matches one of five event types: PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED, PULL_REQUEST_REOPENED, and PULL_REQUEST_MERGED. The EVENT patterns are specified as a comma-separated string. For example, PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED filters all push, pull request created, and pull request updated events.
A webhook event triggers a build when a GitHub, GitHub Enterprise, or Bitbucket account ID matches the regular expression pattern.
HEAD_REF
A webhook event triggers a build when the head reference matches the regular expression pattern. For example, refs/heads/branch-name and refs/tags/tag-name.
Works with GitHub and GitHub Enterprise push, GitHub and GitHub Enterprise pull request, Bitbucket push, and Bitbucket pull request events.
BASE_REF
A webhook event triggers a build when the base reference matches the regular expression pattern. For example, refs/heads/branch-name.
A webhook triggers a build when the path of a changed file matches the regular expression pattern.
A webhook triggers a build when the head commit message matches the regular expression pattern.
pattern (string) --
For a WebHookFilter that uses EVENT type, a comma-separated string that specifies one or more events. For example, the webhook filter PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED allows all push, pull request created, and pull request updated events to trigger a build.
For a WebHookFilter that uses any of the other filter types, a regular expression pattern. For example, a WebHookFilter that uses HEAD_REF for its type and the pattern ^refs/heads/ triggers a build when the head reference is a branch with a reference name refs/heads/branch-name.
excludeMatchedPattern (boolean) --
Used to indicate that the pattern determines which webhook events do not trigger a build. If true, then a webhook event that does not match the pattern triggers a build. If false, then a webhook event that matches the pattern triggers a build.
lastModifiedSecret (datetime) --
A timestamp that indicates the last time a repository's secret token was modified.
vpcConfig (dict) --
Information about the VPC configuration that AWS CodeBuild accesses.
vpcId (string) --
The ID of the Amazon VPC.
subnets (list) --
A list of one or more subnet IDs in your Amazon VPC.
(string) --
securityGroupIds (list) --
A list of one or more security groups IDs in your Amazon VPC.
(string) --
badge (dict) --
Information about the build badge for the build project.
badgeEnabled (boolean) --
Set this to true to generate a publicly accessible URL for your project's build badge.
badgeRequestUrl (string) --
The publicly-accessible URL through which you can access the build badge for your project.
The publicly accessible URL through which you can access the build badge for your project.
logsConfig (dict) --
Information about logs for the build project. A project can create logs in Amazon CloudWatch Logs, an S3 bucket, or both.
cloudWatchLogs (dict) --
Information about Amazon CloudWatch Logs for a build project. Amazon CloudWatch Logs are enabled by default.
status (string) --
The current status of the logs in Amazon CloudWatch Logs for a build project. Valid values are:
ENABLED: Amazon CloudWatch Logs are enabled for this build project.
DISABLED: Amazon CloudWatch Logs are not enabled for this build project.
groupName (string) --
The group name of the logs in Amazon CloudWatch Logs. For more information, see Working with Log Groups and Log Streams.
streamName (string) --
The prefix of the stream name of the Amazon CloudWatch Logs. For more information, see Working with Log Groups and Log Streams.
s3Logs (dict) --
Information about logs built to an S3 bucket for a build project. S3 logs are not enabled by default.
status (string) --
The current status of the S3 build logs. Valid values are:
ENABLED: S3 build logs are enabled for this build project.
DISABLED: S3 build logs are not enabled for this build project.
location (string) --
The ARN of an S3 bucket and the path prefix for S3 logs. If your Amazon S3 bucket name is my-bucket, and your path prefix is build-log, then acceptable formats are my-bucket/build-log or arn:aws:s3:::my-bucket/build-log.
encryptionDisabled (boolean) --
Set to true if you do not want your S3 build log output encrypted. By default S3 build logs are encrypted.
fileSystemLocations (list) --
An array of ProjectFileSystemLocation objects for a CodeBuild build project. A ProjectFileSystemLocation object specifies the identifier, location, mountOptions, mountPoint, and type of a file system created using Amazon Elastic File System.
(dict) --
Information about a file system created by Amazon Elastic File System (EFS). For more information, see What Is Amazon Elastic File System?
type (string) --
The type of the file system. The one supported type is EFS.
location (string) --
A string that specifies the location of the file system created by Amazon EFS. Its format is efs-dns-name:/directory-path. You can find the DNS name of file system when you view it in the AWS EFS console. The directory path is a path to a directory in the file system that CodeBuild mounts. For example, if the DNS name of a file system is fs-abcd1234.efs.us-west-2.amazonaws.com, and its mount directory is my-efs-mount-directory, then the location is fs-abcd1234.efs.us-west-2.amazonaws.com:/my-efs-mount-directory.
The directory path in the format efs-dns-name:/directory-path is optional. If you do not specify a directory path, the location is only the DNS name and CodeBuild mounts the entire file system.
mountPoint (string) --
The location in the container where you mount the file system.
identifier (string) --
The name used to access a file system created by Amazon EFS. CodeBuild creates an environment variable by appending the identifier in all capital letters to CODEBUILD_. For example, if you specify my-efs for identifier, a new environment variable is create named CODEBUILD_MY-EFS.
The identifier is used to mount your file system.
mountOptions (string) --
The mount options for a file system created by AWS EFS. The default mount options used by CodeBuild are nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2. For more information, see Recommended NFS Mount Options.
{'filterGroups': {'type': {'COMMIT_MESSAGE'}}}Response
{'webhook': {'filterGroups': {'type': {'COMMIT_MESSAGE'}}}}
For an existing AWS CodeBuild build project that has its source code stored in a GitHub or Bitbucket repository, enables AWS CodeBuild to start rebuilding the source code every time a code change is pushed to the repository.
See also: AWS API Documentation
Request Syntax
client.create_webhook( projectName='string', branchFilter='string', filterGroups=[ [ { 'type': 'EVENT'|'BASE_REF'|'HEAD_REF'|'ACTOR_ACCOUNT_ID'|'FILE_PATH'|'COMMIT_MESSAGE', 'pattern': 'string', 'excludeMatchedPattern': True|False }, ], ] )
string
[REQUIRED]
The name of the AWS CodeBuild project.
string
A regular expression used to determine which repository branches are built when a webhook is triggered. If the name of a branch matches the regular expression, then it is built. If branchFilter is empty, then all branches are built.
list
An array of arrays of WebhookFilter objects used to determine which webhooks are triggered. At least one WebhookFilter in the array must specify EVENT as its type.
For a build to be triggered, at least one filter group in the filterGroups array must pass. For a filter group to pass, each of its filters must pass.
(list) --
(dict) --
A filter used to determine which webhooks trigger a build.
type (string) -- [REQUIRED]
The type of webhook filter. There are six webhook filter types: EVENT, ACTOR_ACCOUNT_ID, HEAD_REF, BASE_REF, FILE_PATH, and COMMIT_MESSAGE.
EVENT
A webhook event triggers a build when the provided pattern matches one of five event types: PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED, PULL_REQUEST_REOPENED, and PULL_REQUEST_MERGED. The EVENT patterns are specified as a comma-separated string. For example, PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED filters all push, pull request created, and pull request updated events.
A webhook event triggers a build when a GitHub, GitHub Enterprise, or Bitbucket account ID matches the regular expression pattern.
HEAD_REF
A webhook event triggers a build when the head reference matches the regular expression pattern. For example, refs/heads/branch-name and refs/tags/tag-name.
Works with GitHub and GitHub Enterprise push, GitHub and GitHub Enterprise pull request, Bitbucket push, and Bitbucket pull request events.
BASE_REF
A webhook event triggers a build when the base reference matches the regular expression pattern. For example, refs/heads/branch-name.
A webhook triggers a build when the path of a changed file matches the regular expression pattern.
A webhook triggers a build when the head commit message matches the regular expression pattern.
pattern (string) -- [REQUIRED]
For a WebHookFilter that uses EVENT type, a comma-separated string that specifies one or more events. For example, the webhook filter PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED allows all push, pull request created, and pull request updated events to trigger a build.
For a WebHookFilter that uses any of the other filter types, a regular expression pattern. For example, a WebHookFilter that uses HEAD_REF for its type and the pattern ^refs/heads/ triggers a build when the head reference is a branch with a reference name refs/heads/branch-name.
excludeMatchedPattern (boolean) --
Used to indicate that the pattern determines which webhook events do not trigger a build. If true, then a webhook event that does not match the pattern triggers a build. If false, then a webhook event that matches the pattern triggers a build.
dict
Response Syntax
{ 'webhook': { 'url': 'string', 'payloadUrl': 'string', 'secret': 'string', 'branchFilter': 'string', 'filterGroups': [ [ { 'type': 'EVENT'|'BASE_REF'|'HEAD_REF'|'ACTOR_ACCOUNT_ID'|'FILE_PATH'|'COMMIT_MESSAGE', 'pattern': 'string', 'excludeMatchedPattern': True|False }, ], ], 'lastModifiedSecret': datetime(2015, 1, 1) } }
Response Structure
(dict) --
webhook (dict) --
Information about a webhook that connects repository events to a build project in AWS CodeBuild.
url (string) --
The URL to the webhook.
payloadUrl (string) --
The AWS CodeBuild endpoint where webhook events are sent.
secret (string) --
The secret token of the associated repository.
branchFilter (string) --
A regular expression used to determine which repository branches are built when a webhook is triggered. If the name of a branch matches the regular expression, then it is built. If branchFilter is empty, then all branches are built.
filterGroups (list) --
An array of arrays of WebhookFilter objects used to determine which webhooks are triggered. At least one WebhookFilter in the array must specify EVENT as its type.
For a build to be triggered, at least one filter group in the filterGroups array must pass. For a filter group to pass, each of its filters must pass.
(list) --
(dict) --
A filter used to determine which webhooks trigger a build.
type (string) --
The type of webhook filter. There are six webhook filter types: EVENT, ACTOR_ACCOUNT_ID, HEAD_REF, BASE_REF, FILE_PATH, and COMMIT_MESSAGE.
EVENT
A webhook event triggers a build when the provided pattern matches one of five event types: PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED, PULL_REQUEST_REOPENED, and PULL_REQUEST_MERGED. The EVENT patterns are specified as a comma-separated string. For example, PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED filters all push, pull request created, and pull request updated events.
A webhook event triggers a build when a GitHub, GitHub Enterprise, or Bitbucket account ID matches the regular expression pattern.
HEAD_REF
A webhook event triggers a build when the head reference matches the regular expression pattern. For example, refs/heads/branch-name and refs/tags/tag-name.
Works with GitHub and GitHub Enterprise push, GitHub and GitHub Enterprise pull request, Bitbucket push, and Bitbucket pull request events.
BASE_REF
A webhook event triggers a build when the base reference matches the regular expression pattern. For example, refs/heads/branch-name.
A webhook triggers a build when the path of a changed file matches the regular expression pattern.
A webhook triggers a build when the head commit message matches the regular expression pattern.
pattern (string) --
For a WebHookFilter that uses EVENT type, a comma-separated string that specifies one or more events. For example, the webhook filter PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED allows all push, pull request created, and pull request updated events to trigger a build.
For a WebHookFilter that uses any of the other filter types, a regular expression pattern. For example, a WebHookFilter that uses HEAD_REF for its type and the pattern ^refs/heads/ triggers a build when the head reference is a branch with a reference name refs/heads/branch-name.
excludeMatchedPattern (boolean) --
Used to indicate that the pattern determines which webhook events do not trigger a build. If true, then a webhook event that does not match the pattern triggers a build. If false, then a webhook event that matches the pattern triggers a build.
lastModifiedSecret (datetime) --
A timestamp that indicates the last time a repository's secret token was modified.
{'project': {'webhook': {'filterGroups': {'type': {'COMMIT_MESSAGE'}}}}}
Changes the settings of a build project.
See also: AWS API Documentation
Request Syntax
client.update_project( name='string', description='string', source={ 'type': 'CODECOMMIT'|'CODEPIPELINE'|'GITHUB'|'S3'|'BITBUCKET'|'GITHUB_ENTERPRISE'|'NO_SOURCE', 'location': 'string', 'gitCloneDepth': 123, 'gitSubmodulesConfig': { 'fetchSubmodules': True|False }, 'buildspec': 'string', 'auth': { 'type': 'OAUTH', 'resource': 'string' }, 'reportBuildStatus': True|False, 'insecureSsl': True|False, 'sourceIdentifier': 'string' }, secondarySources=[ { 'type': 'CODECOMMIT'|'CODEPIPELINE'|'GITHUB'|'S3'|'BITBUCKET'|'GITHUB_ENTERPRISE'|'NO_SOURCE', 'location': 'string', 'gitCloneDepth': 123, 'gitSubmodulesConfig': { 'fetchSubmodules': True|False }, 'buildspec': 'string', 'auth': { 'type': 'OAUTH', 'resource': 'string' }, 'reportBuildStatus': True|False, 'insecureSsl': True|False, 'sourceIdentifier': 'string' }, ], sourceVersion='string', secondarySourceVersions=[ { 'sourceIdentifier': 'string', 'sourceVersion': 'string' }, ], artifacts={ 'type': 'CODEPIPELINE'|'S3'|'NO_ARTIFACTS', 'location': 'string', 'path': 'string', 'namespaceType': 'NONE'|'BUILD_ID', 'name': 'string', 'packaging': 'NONE'|'ZIP', 'overrideArtifactName': True|False, 'encryptionDisabled': True|False, 'artifactIdentifier': 'string' }, secondaryArtifacts=[ { 'type': 'CODEPIPELINE'|'S3'|'NO_ARTIFACTS', 'location': 'string', 'path': 'string', 'namespaceType': 'NONE'|'BUILD_ID', 'name': 'string', 'packaging': 'NONE'|'ZIP', 'overrideArtifactName': True|False, 'encryptionDisabled': True|False, 'artifactIdentifier': 'string' }, ], cache={ 'type': 'NO_CACHE'|'S3'|'LOCAL', 'location': 'string', 'modes': [ 'LOCAL_DOCKER_LAYER_CACHE'|'LOCAL_SOURCE_CACHE'|'LOCAL_CUSTOM_CACHE', ] }, environment={ 'type': 'WINDOWS_CONTAINER'|'LINUX_CONTAINER'|'LINUX_GPU_CONTAINER'|'ARM_CONTAINER', 'image': 'string', 'computeType': 'BUILD_GENERAL1_SMALL'|'BUILD_GENERAL1_MEDIUM'|'BUILD_GENERAL1_LARGE'|'BUILD_GENERAL1_2XLARGE', 'environmentVariables': [ { 'name': 'string', 'value': 'string', 'type': 'PLAINTEXT'|'PARAMETER_STORE'|'SECRETS_MANAGER' }, ], 'privilegedMode': True|False, 'certificate': 'string', 'registryCredential': { 'credential': 'string', 'credentialProvider': 'SECRETS_MANAGER' }, 'imagePullCredentialsType': 'CODEBUILD'|'SERVICE_ROLE' }, serviceRole='string', timeoutInMinutes=123, queuedTimeoutInMinutes=123, encryptionKey='string', tags=[ { 'key': 'string', 'value': 'string' }, ], vpcConfig={ 'vpcId': 'string', 'subnets': [ 'string', ], 'securityGroupIds': [ 'string', ] }, badgeEnabled=True|False, logsConfig={ 'cloudWatchLogs': { 'status': 'ENABLED'|'DISABLED', 'groupName': 'string', 'streamName': 'string' }, 's3Logs': { 'status': 'ENABLED'|'DISABLED', 'location': 'string', 'encryptionDisabled': True|False } }, fileSystemLocations=[ { 'type': 'EFS', 'location': 'string', 'mountPoint': 'string', 'identifier': 'string', 'mountOptions': 'string' }, ] )
string
[REQUIRED]
The name of the build project.
string
A new or replacement description of the build project.
dict
Information to be changed about the build input source code for the build project.
type (string) -- [REQUIRED]
The type of repository that contains the source code to be built. Valid values include:
BITBUCKET: The source code is in a Bitbucket repository.
CODECOMMIT: The source code is in an AWS CodeCommit repository.
CODEPIPELINE: The source code settings are specified in the source action of a pipeline in AWS CodePipeline.
GITHUB: The source code is in a GitHub repository.
GITHUB_ENTERPRISE: The source code is in a GitHub Enterprise repository.
NO_SOURCE: The project does not have input source code.
S3: The source code is in an Amazon Simple Storage Service (Amazon S3) input bucket.
location (string) --
Information about the location of the source code to be built. Valid values include:
For source code settings that are specified in the source action of a pipeline in AWS CodePipeline, location should not be specified. If it is specified, AWS CodePipeline ignores it. This is because AWS CodePipeline uses the settings in a pipeline's source action instead of this value.
For source code in an AWS CodeCommit repository, the HTTPS clone URL to the repository that contains the source code and the buildspec file (for example, ``https://git-codecommit.region-ID.amazonaws.com/v1/repos/repo-name ``).
For source code in an Amazon Simple Storage Service (Amazon S3) input bucket, one of the following.
The path to the ZIP file that contains the source code (for example, bucket-name/path/to/object-name.zip).
The path to the folder that contains the source code (for example, bucket-name/path/to/source-code/folder/).
For source code in a GitHub repository, the HTTPS clone URL to the repository that contains the source and the buildspec file. You must connect your AWS account to your GitHub account. Use the AWS CodeBuild console to start creating a build project. When you use the console to connect (or reconnect) with GitHub, on the GitHub Authorize application page, for Organization access, choose Request access next to each repository you want to allow AWS CodeBuild to have access to, and then choose Authorize application. (After you have connected to your GitHub account, you do not need to finish creating the build project. You can leave the AWS CodeBuild console.) To instruct AWS CodeBuild to use this connection, in the source object, set the auth object's type value to OAUTH.
For source code in a Bitbucket repository, the HTTPS clone URL to the repository that contains the source and the buildspec file. You must connect your AWS account to your Bitbucket account. Use the AWS CodeBuild console to start creating a build project. When you use the console to connect (or reconnect) with Bitbucket, on the Bitbucket Confirm access to your account page, choose Grant access. (After you have connected to your Bitbucket account, you do not need to finish creating the build project. You can leave the AWS CodeBuild console.) To instruct AWS CodeBuild to use this connection, in the source object, set the auth object's type value to OAUTH.
gitCloneDepth (integer) --
Information about the Git clone depth for the build project.
gitSubmodulesConfig (dict) --
Information about the Git submodules configuration for the build project.
fetchSubmodules (boolean) -- [REQUIRED]
Set to true to fetch Git submodules for your AWS CodeBuild build project.
buildspec (string) --
The buildspec file declaration to use for the builds in this build project.
If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in CODEBUILD_SRC_DIR environment variable, or the path to an S3 bucket. The bucket must be in the same AWS Region as the build project. Specify the buildspec file using its ARN (for example, arn:aws:s3:::my-codebuild-sample2/buildspec.yml). If this value is not provided or is set to an empty string, the source code must contain a buildspec file in its root directory. For more information, see Buildspec File Name and Storage Location.
auth (dict) --
Information about the authorization settings for AWS CodeBuild to access the source code to be built.
This information is for the AWS CodeBuild console's use only. Your code should not get or set this information directly.
type (string) -- [REQUIRED]
The authorization type to use. The only valid value is OAUTH, which represents the OAuth authorization type.
resource (string) --
The resource value that applies to the specified authorization type.
reportBuildStatus (boolean) --
Set to true to report the status of a build's start and finish to your source provider. This option is valid only when your source provider is GitHub, GitHub Enterprise, or Bitbucket. If this is set and you use a different source provider, an invalidInputException is thrown.
insecureSsl (boolean) --
Enable this flag to ignore SSL warnings while connecting to the project source code.
sourceIdentifier (string) --
An identifier for this project source.
list
An array of ProjectSource objects.
(dict) --
Information about the build input source code for the build project.
type (string) -- [REQUIRED]
The type of repository that contains the source code to be built. Valid values include:
BITBUCKET: The source code is in a Bitbucket repository.
CODECOMMIT: The source code is in an AWS CodeCommit repository.
CODEPIPELINE: The source code settings are specified in the source action of a pipeline in AWS CodePipeline.
GITHUB: The source code is in a GitHub repository.
GITHUB_ENTERPRISE: The source code is in a GitHub Enterprise repository.
NO_SOURCE: The project does not have input source code.
S3: The source code is in an Amazon Simple Storage Service (Amazon S3) input bucket.
location (string) --
Information about the location of the source code to be built. Valid values include:
For source code settings that are specified in the source action of a pipeline in AWS CodePipeline, location should not be specified. If it is specified, AWS CodePipeline ignores it. This is because AWS CodePipeline uses the settings in a pipeline's source action instead of this value.
For source code in an AWS CodeCommit repository, the HTTPS clone URL to the repository that contains the source code and the buildspec file (for example, ``https://git-codecommit.region-ID.amazonaws.com/v1/repos/repo-name ``).
For source code in an Amazon Simple Storage Service (Amazon S3) input bucket, one of the following.
The path to the ZIP file that contains the source code (for example, bucket-name/path/to/object-name.zip).
The path to the folder that contains the source code (for example, bucket-name/path/to/source-code/folder/).
For source code in a GitHub repository, the HTTPS clone URL to the repository that contains the source and the buildspec file. You must connect your AWS account to your GitHub account. Use the AWS CodeBuild console to start creating a build project. When you use the console to connect (or reconnect) with GitHub, on the GitHub Authorize application page, for Organization access, choose Request access next to each repository you want to allow AWS CodeBuild to have access to, and then choose Authorize application. (After you have connected to your GitHub account, you do not need to finish creating the build project. You can leave the AWS CodeBuild console.) To instruct AWS CodeBuild to use this connection, in the source object, set the auth object's type value to OAUTH.
For source code in a Bitbucket repository, the HTTPS clone URL to the repository that contains the source and the buildspec file. You must connect your AWS account to your Bitbucket account. Use the AWS CodeBuild console to start creating a build project. When you use the console to connect (or reconnect) with Bitbucket, on the Bitbucket Confirm access to your account page, choose Grant access. (After you have connected to your Bitbucket account, you do not need to finish creating the build project. You can leave the AWS CodeBuild console.) To instruct AWS CodeBuild to use this connection, in the source object, set the auth object's type value to OAUTH.
gitCloneDepth (integer) --
Information about the Git clone depth for the build project.
gitSubmodulesConfig (dict) --
Information about the Git submodules configuration for the build project.
fetchSubmodules (boolean) -- [REQUIRED]
Set to true to fetch Git submodules for your AWS CodeBuild build project.
buildspec (string) --
The buildspec file declaration to use for the builds in this build project.
If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in CODEBUILD_SRC_DIR environment variable, or the path to an S3 bucket. The bucket must be in the same AWS Region as the build project. Specify the buildspec file using its ARN (for example, arn:aws:s3:::my-codebuild-sample2/buildspec.yml). If this value is not provided or is set to an empty string, the source code must contain a buildspec file in its root directory. For more information, see Buildspec File Name and Storage Location.
auth (dict) --
Information about the authorization settings for AWS CodeBuild to access the source code to be built.
This information is for the AWS CodeBuild console's use only. Your code should not get or set this information directly.
type (string) -- [REQUIRED]
The authorization type to use. The only valid value is OAUTH, which represents the OAuth authorization type.
resource (string) --
The resource value that applies to the specified authorization type.
reportBuildStatus (boolean) --
Set to true to report the status of a build's start and finish to your source provider. This option is valid only when your source provider is GitHub, GitHub Enterprise, or Bitbucket. If this is set and you use a different source provider, an invalidInputException is thrown.
insecureSsl (boolean) --
Enable this flag to ignore SSL warnings while connecting to the project source code.
sourceIdentifier (string) --
An identifier for this project source.
string
A version of the build input to be built for this project. If not specified, the latest version is used. If specified, it must be one of:
For AWS CodeCommit: the commit ID, branch, or Git tag to use.
For GitHub: the commit ID, pull request ID, branch name, or tag name that corresponds to the version of the source code you want to build. If a pull request ID is specified, it must use the format pr/pull-request-ID (for example pr/25). If a branch name is specified, the branch's HEAD commit ID is used. If not specified, the default branch's HEAD commit ID is used.
For Bitbucket: the commit ID, branch name, or tag name that corresponds to the version of the source code you want to build. If a branch name is specified, the branch's HEAD commit ID is used. If not specified, the default branch's HEAD commit ID is used.
For Amazon Simple Storage Service (Amazon S3): the version ID of the object that represents the build input ZIP file to use.
If sourceVersion is specified at the build level, then that version takes precedence over this sourceVersion (at the project level).
For more information, see Source Version Sample with CodeBuild in the AWS CodeBuild User Guide.
list
An array of ProjectSourceVersion objects. If secondarySourceVersions is specified at the build level, then they take over these secondarySourceVersions (at the project level).
(dict) --
A source identifier and its corresponding version.
sourceIdentifier (string) -- [REQUIRED]
An identifier for a source in the build project.
sourceVersion (string) -- [REQUIRED]
The source version for the corresponding source identifier. If specified, must be one of:
For AWS CodeCommit: the commit ID, branch, or Git tag to use.
For GitHub: the commit ID, pull request ID, branch name, or tag name that corresponds to the version of the source code you want to build. If a pull request ID is specified, it must use the format pr/pull-request-ID (for example, pr/25). If a branch name is specified, the branch's HEAD commit ID is used. If not specified, the default branch's HEAD commit ID is used.
For Bitbucket: the commit ID, branch name, or tag name that corresponds to the version of the source code you want to build. If a branch name is specified, the branch's HEAD commit ID is used. If not specified, the default branch's HEAD commit ID is used.
For Amazon Simple Storage Service (Amazon S3): the version ID of the object that represents the build input ZIP file to use.
For more information, see Source Version Sample with CodeBuild in the AWS CodeBuild User Guide.
dict
Information to be changed about the build output artifacts for the build project.
type (string) -- [REQUIRED]
The type of build output artifact. Valid values include:
CODEPIPELINE: The build project has build output generated through AWS CodePipeline.
NO_ARTIFACTS: The build project does not produce any build output.
S3: The build project stores build output in Amazon Simple Storage Service (Amazon S3).
location (string) --
Information about the build output artifact location:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output locations instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, this is the name of the output bucket.
path (string) --
Along with namespaceType and name, the pattern that AWS CodeBuild uses to name and store the output artifact:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output names instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, this is the path to the output artifact. If path is not specified, path is not used.
For example, if path is set to MyArtifacts, namespaceType is set to NONE, and name is set to MyArtifact.zip, the output artifact is stored in the output bucket at MyArtifacts/MyArtifact.zip.
namespaceType (string) --
Along with path and name, the pattern that AWS CodeBuild uses to determine the name and location to store the output artifact:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output names instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, valid values include:
BUILD_ID: Include the build ID in the location of the build output artifact.
NONE: Do not include the build ID. This is the default if namespaceType is not specified.
For example, if path is set to MyArtifacts, namespaceType is set to BUILD_ID, and name is set to MyArtifact.zip, the output artifact is stored in MyArtifacts/build-ID/MyArtifact.zip.
name (string) --
Along with path and namespaceType, the pattern that AWS CodeBuild uses to name and store the output artifact:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output names instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, this is the name of the output artifact object. If you set the name to be a forward slash ("/"), the artifact is stored in the root of the output bucket.
For example:
If path is set to MyArtifacts, namespaceType is set to BUILD_ID, and name is set to MyArtifact.zip, then the output artifact is stored in MyArtifacts/build-ID/MyArtifact.zip.
If path is empty, namespaceType is set to NONE, and name is set to " /", the output artifact is stored in the root of the output bucket.
If path is set to MyArtifacts, namespaceType is set to BUILD_ID, and name is set to " /", the output artifact is stored in ``MyArtifacts/build-ID ``.
packaging (string) --
The type of build output artifact to create:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output artifacts instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, valid values include:
NONE: AWS CodeBuild creates in the output bucket a folder that contains the build output. This is the default if packaging is not specified.
ZIP: AWS CodeBuild creates in the output bucket a ZIP file that contains the build output.
overrideArtifactName (boolean) --
If this flag is set, a name specified in the buildspec file overrides the artifact name. The name specified in a buildspec file is calculated at build time and uses the Shell Command Language. For example, you can append a date and time to your artifact name so that it is always unique.
encryptionDisabled (boolean) --
Set to true if you do not want your output artifacts encrypted. This option is valid only if your artifacts type is Amazon Simple Storage Service (Amazon S3). If this is set with another artifacts type, an invalidInputException is thrown.
artifactIdentifier (string) --
An identifier for this artifact definition.
list
An array of ProjectSource objects.
(dict) --
Information about the build output artifacts for the build project.
type (string) -- [REQUIRED]
The type of build output artifact. Valid values include:
CODEPIPELINE: The build project has build output generated through AWS CodePipeline.
NO_ARTIFACTS: The build project does not produce any build output.
S3: The build project stores build output in Amazon Simple Storage Service (Amazon S3).
location (string) --
Information about the build output artifact location:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output locations instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, this is the name of the output bucket.
path (string) --
Along with namespaceType and name, the pattern that AWS CodeBuild uses to name and store the output artifact:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output names instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, this is the path to the output artifact. If path is not specified, path is not used.
For example, if path is set to MyArtifacts, namespaceType is set to NONE, and name is set to MyArtifact.zip, the output artifact is stored in the output bucket at MyArtifacts/MyArtifact.zip.
namespaceType (string) --
Along with path and name, the pattern that AWS CodeBuild uses to determine the name and location to store the output artifact:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output names instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, valid values include:
BUILD_ID: Include the build ID in the location of the build output artifact.
NONE: Do not include the build ID. This is the default if namespaceType is not specified.
For example, if path is set to MyArtifacts, namespaceType is set to BUILD_ID, and name is set to MyArtifact.zip, the output artifact is stored in MyArtifacts/build-ID/MyArtifact.zip.
name (string) --
Along with path and namespaceType, the pattern that AWS CodeBuild uses to name and store the output artifact:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output names instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, this is the name of the output artifact object. If you set the name to be a forward slash ("/"), the artifact is stored in the root of the output bucket.
For example:
If path is set to MyArtifacts, namespaceType is set to BUILD_ID, and name is set to MyArtifact.zip, then the output artifact is stored in MyArtifacts/build-ID/MyArtifact.zip.
If path is empty, namespaceType is set to NONE, and name is set to " /", the output artifact is stored in the root of the output bucket.
If path is set to MyArtifacts, namespaceType is set to BUILD_ID, and name is set to " /", the output artifact is stored in ``MyArtifacts/build-ID ``.
packaging (string) --
The type of build output artifact to create:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output artifacts instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, valid values include:
NONE: AWS CodeBuild creates in the output bucket a folder that contains the build output. This is the default if packaging is not specified.
ZIP: AWS CodeBuild creates in the output bucket a ZIP file that contains the build output.
overrideArtifactName (boolean) --
If this flag is set, a name specified in the buildspec file overrides the artifact name. The name specified in a buildspec file is calculated at build time and uses the Shell Command Language. For example, you can append a date and time to your artifact name so that it is always unique.
encryptionDisabled (boolean) --
Set to true if you do not want your output artifacts encrypted. This option is valid only if your artifacts type is Amazon Simple Storage Service (Amazon S3). If this is set with another artifacts type, an invalidInputException is thrown.
artifactIdentifier (string) --
An identifier for this artifact definition.
dict
Stores recently used information so that it can be quickly accessed at a later time.
type (string) -- [REQUIRED]
The type of cache used by the build project. Valid values include:
NO_CACHE: The build project does not use any cache.
S3: The build project reads and writes from and to S3.
LOCAL: The build project stores a cache locally on a build host that is only available to that build host.
location (string) --
Information about the cache location:
NO_CACHE or LOCAL: This value is ignored.
S3: This is the S3 bucket name/prefix.
modes (list) --
If you use a LOCAL cache, the local cache mode. You can use one or more local cache modes at the same time.
LOCAL_SOURCE_CACHE mode caches Git metadata for primary and secondary sources. After the cache is created, subsequent builds pull only the change between commits. This mode is a good choice for projects with a clean working directory and a source that is a large Git repository. If you choose this option and your project does not use a Git repository (GitHub, GitHub Enterprise, or Bitbucket), the option is ignored.
LOCAL_DOCKER_LAYER_CACHE mode caches existing Docker layers. This mode is a good choice for projects that build or pull large Docker images. It can prevent the performance issues caused by pulling large Docker images down from the network.
LOCAL_CUSTOM_CACHE mode caches directories you specify in the buildspec file. This mode is a good choice if your build scenario is not suited to one of the other three local cache modes. If you use a custom cache:
Only directories can be specified for caching. You cannot specify individual files.
Symlinks are used to reference cached directories.
Cached directories are linked to your build before it downloads its project sources. Cached items are overridden if a source item has the same name. Directories are specified using cache paths in the buildspec file.
(string) --
dict
Information to be changed about the build environment for the build project.
type (string) -- [REQUIRED]
The type of build environment to use for related builds.
The environment type ARM_CONTAINER is available only in regions US East (N. Virginia), US East (Ohio), US West (Oregon), EU (Ireland), Asia Pacific (Mumbai), Asia Pacific (Tokyo), Asia Pacific (Sydney), and EU (Frankfurt).
The environment type LINUX_CONTAINER with compute type build.general1.2xlarge is available only in regions US East (N. Virginia), US East (Ohio), US West (Oregon), Canada (Central), EU (Ireland), EU (London), EU (Frankfurt), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), China (Beijing), and China (Ningxia).
The environment type LINUX_GPU_CONTAINER is available only in regions US East (N. Virginia), US East (Ohio), US West (Oregon), Canada (Central), EU (Ireland), EU (London), EU (Frankfurt), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney) , China (Beijing), and China (Ningxia).
image (string) -- [REQUIRED]
The image tag or image digest that identifies the Docker image to use for this build project. Use the following formats:
For an image tag: registry/repository:tag. For example, to specify an image with the tag "latest," use registry/repository:latest.
For an image digest: registry/repository@digest. For example, to specify an image with the digest "sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf," use registry/repository@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf.
computeType (string) -- [REQUIRED]
Information about the compute resources the build project uses. Available values include:
BUILD_GENERAL1_SMALL: Use up to 3 GB memory and 2 vCPUs for builds.
BUILD_GENERAL1_MEDIUM: Use up to 7 GB memory and 4 vCPUs for builds.
BUILD_GENERAL1_LARGE: Use up to 16 GB memory and 8 vCPUs for builds, depending on your environment type.
BUILD_GENERAL1_2XLARGE: Use up to 145 GB memory, 72 vCPUs, and 824 GB of SSD storage for builds. This compute type supports Docker images up to 100 GB uncompressed.
If you use BUILD_GENERAL1_LARGE:
For environment type LINUX_CONTAINER, you can use up to 15 GB memory and 8 vCPUs for builds.
For environment type LINUX_GPU_CONTAINER, you can use up to 255 GB memory, 32 vCPUs, and 4 NVIDIA Tesla V100 GPUs for builds.
For environment type ARM_CONTAINER, you can use up to 16 GB memory and 8 vCPUs on ARM-based processors for builds.
For more information, see Build Environment Compute Types in the AWS CodeBuild User Guide.
environmentVariables (list) --
A set of environment variables to make available to builds for this build project.
(dict) --
Information about an environment variable for a build project or a build.
name (string) -- [REQUIRED]
The name or key of the environment variable.
value (string) -- [REQUIRED]
The value of the environment variable.
type (string) --
The type of environment variable. Valid values include:
PARAMETER_STORE: An environment variable stored in Amazon EC2 Systems Manager Parameter Store. To learn how to specify a parameter store environment variable, see parameter store reference-key in the buildspec file.
PLAINTEXT: An environment variable in plain text format. This is the default value.
SECRETS_MANAGER: An environment variable stored in AWS Secrets Manager. To learn how to specify a secrets manager environment variable, see secrets manager reference-key in the buildspec file.
privilegedMode (boolean) --
Enables running the Docker daemon inside a Docker container. Set to true only if the build project is used to build Docker images. Otherwise, a build that attempts to interact with the Docker daemon fails. The default setting is false.
You can initialize the Docker daemon during the install phase of your build by adding one of the following sets of commands to the install phase of your buildspec file:
If the operating system's base image is Ubuntu Linux:
- nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 --storage-driver=overlay&
- timeout 15 sh -c "until docker info; do echo .; sleep 1; done"
If the operating system's base image is Alpine Linux and the previous command does not work, add the -t argument to timeout:
- nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 --storage-driver=overlay&
- timeout -t 15 sh -c "until docker info; do echo .; sleep 1; done"
certificate (string) --
The certificate to use with this build project.
registryCredential (dict) --
The credentials for access to a private registry.
credential (string) -- [REQUIRED]
The Amazon Resource Name (ARN) or name of credentials created using AWS Secrets Manager.
credentialProvider (string) -- [REQUIRED]
The service that created the credentials to access a private Docker registry. The valid value, SECRETS_MANAGER, is for AWS Secrets Manager.
imagePullCredentialsType (string) --
The type of credentials AWS CodeBuild uses to pull images in your build. There are two valid values:
CODEBUILD specifies that AWS CodeBuild uses its own credentials. This requires that you modify your ECR repository policy to trust AWS CodeBuild's service principal.
SERVICE_ROLE specifies that AWS CodeBuild uses your build project's service role.
When you use a cross-account or private registry image, you must use SERVICE_ROLE credentials. When you use an AWS CodeBuild curated image, you must use CODEBUILD credentials.
string
The replacement ARN of the AWS Identity and Access Management (IAM) role that enables AWS CodeBuild to interact with dependent AWS services on behalf of the AWS account.
integer
The replacement value in minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait before timing out any related build that did not get marked as completed.
integer
The number of minutes a build is allowed to be queued before it times out.
string
The AWS Key Management Service (AWS KMS) customer master key (CMK) to be used for encrypting the build output artifacts.
You can specify either the Amazon Resource Name (ARN) of the CMK or, if available, the CMK's alias (using the format ``alias/alias-name ``).
list
The replacement set of tags for this build project.
These tags are available for use by AWS services that support AWS CodeBuild build project tags.
(dict) --
A tag, consisting of a key and a value.
This tag is available for use by AWS services that support tags in AWS CodeBuild.
key (string) --
The tag's key.
value (string) --
The tag's value.
dict
VpcConfig enables AWS CodeBuild to access resources in an Amazon VPC.
vpcId (string) --
The ID of the Amazon VPC.
subnets (list) --
A list of one or more subnet IDs in your Amazon VPC.
(string) --
securityGroupIds (list) --
A list of one or more security groups IDs in your Amazon VPC.
(string) --
boolean
Set this to true to generate a publicly accessible URL for your project's build badge.
dict
Information about logs for the build project. A project can create logs in Amazon CloudWatch Logs, logs in an S3 bucket, or both.
cloudWatchLogs (dict) --
Information about Amazon CloudWatch Logs for a build project. Amazon CloudWatch Logs are enabled by default.
status (string) -- [REQUIRED]
The current status of the logs in Amazon CloudWatch Logs for a build project. Valid values are:
ENABLED: Amazon CloudWatch Logs are enabled for this build project.
DISABLED: Amazon CloudWatch Logs are not enabled for this build project.
groupName (string) --
The group name of the logs in Amazon CloudWatch Logs. For more information, see Working with Log Groups and Log Streams.
streamName (string) --
The prefix of the stream name of the Amazon CloudWatch Logs. For more information, see Working with Log Groups and Log Streams.
s3Logs (dict) --
Information about logs built to an S3 bucket for a build project. S3 logs are not enabled by default.
status (string) -- [REQUIRED]
The current status of the S3 build logs. Valid values are:
ENABLED: S3 build logs are enabled for this build project.
DISABLED: S3 build logs are not enabled for this build project.
location (string) --
The ARN of an S3 bucket and the path prefix for S3 logs. If your Amazon S3 bucket name is my-bucket, and your path prefix is build-log, then acceptable formats are my-bucket/build-log or arn:aws:s3:::my-bucket/build-log.
encryptionDisabled (boolean) --
Set to true if you do not want your S3 build log output encrypted. By default S3 build logs are encrypted.
list
An array of ProjectFileSystemLocation objects for a CodeBuild build project. A ProjectFileSystemLocation object specifies the identifier, location, mountOptions, mountPoint, and type of a file system created using Amazon Elastic File System.
(dict) --
Information about a file system created by Amazon Elastic File System (EFS). For more information, see What Is Amazon Elastic File System?
type (string) --
The type of the file system. The one supported type is EFS.
location (string) --
A string that specifies the location of the file system created by Amazon EFS. Its format is efs-dns-name:/directory-path. You can find the DNS name of file system when you view it in the AWS EFS console. The directory path is a path to a directory in the file system that CodeBuild mounts. For example, if the DNS name of a file system is fs-abcd1234.efs.us-west-2.amazonaws.com, and its mount directory is my-efs-mount-directory, then the location is fs-abcd1234.efs.us-west-2.amazonaws.com:/my-efs-mount-directory.
The directory path in the format efs-dns-name:/directory-path is optional. If you do not specify a directory path, the location is only the DNS name and CodeBuild mounts the entire file system.
mountPoint (string) --
The location in the container where you mount the file system.
identifier (string) --
The name used to access a file system created by Amazon EFS. CodeBuild creates an environment variable by appending the identifier in all capital letters to CODEBUILD_. For example, if you specify my-efs for identifier, a new environment variable is create named CODEBUILD_MY-EFS.
The identifier is used to mount your file system.
mountOptions (string) --
The mount options for a file system created by AWS EFS. The default mount options used by CodeBuild are nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2. For more information, see Recommended NFS Mount Options.
dict
Response Syntax
{ 'project': { 'name': 'string', 'arn': 'string', 'description': 'string', 'source': { 'type': 'CODECOMMIT'|'CODEPIPELINE'|'GITHUB'|'S3'|'BITBUCKET'|'GITHUB_ENTERPRISE'|'NO_SOURCE', 'location': 'string', 'gitCloneDepth': 123, 'gitSubmodulesConfig': { 'fetchSubmodules': True|False }, 'buildspec': 'string', 'auth': { 'type': 'OAUTH', 'resource': 'string' }, 'reportBuildStatus': True|False, 'insecureSsl': True|False, 'sourceIdentifier': 'string' }, 'secondarySources': [ { 'type': 'CODECOMMIT'|'CODEPIPELINE'|'GITHUB'|'S3'|'BITBUCKET'|'GITHUB_ENTERPRISE'|'NO_SOURCE', 'location': 'string', 'gitCloneDepth': 123, 'gitSubmodulesConfig': { 'fetchSubmodules': True|False }, 'buildspec': 'string', 'auth': { 'type': 'OAUTH', 'resource': 'string' }, 'reportBuildStatus': True|False, 'insecureSsl': True|False, 'sourceIdentifier': 'string' }, ], 'sourceVersion': 'string', 'secondarySourceVersions': [ { 'sourceIdentifier': 'string', 'sourceVersion': 'string' }, ], 'artifacts': { 'type': 'CODEPIPELINE'|'S3'|'NO_ARTIFACTS', 'location': 'string', 'path': 'string', 'namespaceType': 'NONE'|'BUILD_ID', 'name': 'string', 'packaging': 'NONE'|'ZIP', 'overrideArtifactName': True|False, 'encryptionDisabled': True|False, 'artifactIdentifier': 'string' }, 'secondaryArtifacts': [ { 'type': 'CODEPIPELINE'|'S3'|'NO_ARTIFACTS', 'location': 'string', 'path': 'string', 'namespaceType': 'NONE'|'BUILD_ID', 'name': 'string', 'packaging': 'NONE'|'ZIP', 'overrideArtifactName': True|False, 'encryptionDisabled': True|False, 'artifactIdentifier': 'string' }, ], 'cache': { 'type': 'NO_CACHE'|'S3'|'LOCAL', 'location': 'string', 'modes': [ 'LOCAL_DOCKER_LAYER_CACHE'|'LOCAL_SOURCE_CACHE'|'LOCAL_CUSTOM_CACHE', ] }, 'environment': { 'type': 'WINDOWS_CONTAINER'|'LINUX_CONTAINER'|'LINUX_GPU_CONTAINER'|'ARM_CONTAINER', 'image': 'string', 'computeType': 'BUILD_GENERAL1_SMALL'|'BUILD_GENERAL1_MEDIUM'|'BUILD_GENERAL1_LARGE'|'BUILD_GENERAL1_2XLARGE', 'environmentVariables': [ { 'name': 'string', 'value': 'string', 'type': 'PLAINTEXT'|'PARAMETER_STORE'|'SECRETS_MANAGER' }, ], 'privilegedMode': True|False, 'certificate': 'string', 'registryCredential': { 'credential': 'string', 'credentialProvider': 'SECRETS_MANAGER' }, 'imagePullCredentialsType': 'CODEBUILD'|'SERVICE_ROLE' }, 'serviceRole': 'string', 'timeoutInMinutes': 123, 'queuedTimeoutInMinutes': 123, 'encryptionKey': 'string', 'tags': [ { 'key': 'string', 'value': 'string' }, ], 'created': datetime(2015, 1, 1), 'lastModified': datetime(2015, 1, 1), 'webhook': { 'url': 'string', 'payloadUrl': 'string', 'secret': 'string', 'branchFilter': 'string', 'filterGroups': [ [ { 'type': 'EVENT'|'BASE_REF'|'HEAD_REF'|'ACTOR_ACCOUNT_ID'|'FILE_PATH'|'COMMIT_MESSAGE', 'pattern': 'string', 'excludeMatchedPattern': True|False }, ], ], 'lastModifiedSecret': datetime(2015, 1, 1) }, 'vpcConfig': { 'vpcId': 'string', 'subnets': [ 'string', ], 'securityGroupIds': [ 'string', ] }, 'badge': { 'badgeEnabled': True|False, 'badgeRequestUrl': 'string' }, 'logsConfig': { 'cloudWatchLogs': { 'status': 'ENABLED'|'DISABLED', 'groupName': 'string', 'streamName': 'string' }, 's3Logs': { 'status': 'ENABLED'|'DISABLED', 'location': 'string', 'encryptionDisabled': True|False } }, 'fileSystemLocations': [ { 'type': 'EFS', 'location': 'string', 'mountPoint': 'string', 'identifier': 'string', 'mountOptions': 'string' }, ] } }
Response Structure
(dict) --
project (dict) --
Information about the build project that was changed.
name (string) --
The name of the build project.
arn (string) --
The Amazon Resource Name (ARN) of the build project.
description (string) --
A description that makes the build project easy to identify.
source (dict) --
Information about the build input source code for this build project.
type (string) --
The type of repository that contains the source code to be built. Valid values include:
BITBUCKET: The source code is in a Bitbucket repository.
CODECOMMIT: The source code is in an AWS CodeCommit repository.
CODEPIPELINE: The source code settings are specified in the source action of a pipeline in AWS CodePipeline.
GITHUB: The source code is in a GitHub repository.
GITHUB_ENTERPRISE: The source code is in a GitHub Enterprise repository.
NO_SOURCE: The project does not have input source code.
S3: The source code is in an Amazon Simple Storage Service (Amazon S3) input bucket.
location (string) --
Information about the location of the source code to be built. Valid values include:
For source code settings that are specified in the source action of a pipeline in AWS CodePipeline, location should not be specified. If it is specified, AWS CodePipeline ignores it. This is because AWS CodePipeline uses the settings in a pipeline's source action instead of this value.
For source code in an AWS CodeCommit repository, the HTTPS clone URL to the repository that contains the source code and the buildspec file (for example, ``https://git-codecommit.region-ID.amazonaws.com/v1/repos/repo-name ``).
For source code in an Amazon Simple Storage Service (Amazon S3) input bucket, one of the following.
The path to the ZIP file that contains the source code (for example, bucket-name/path/to/object-name.zip).
The path to the folder that contains the source code (for example, bucket-name/path/to/source-code/folder/).
For source code in a GitHub repository, the HTTPS clone URL to the repository that contains the source and the buildspec file. You must connect your AWS account to your GitHub account. Use the AWS CodeBuild console to start creating a build project. When you use the console to connect (or reconnect) with GitHub, on the GitHub Authorize application page, for Organization access, choose Request access next to each repository you want to allow AWS CodeBuild to have access to, and then choose Authorize application. (After you have connected to your GitHub account, you do not need to finish creating the build project. You can leave the AWS CodeBuild console.) To instruct AWS CodeBuild to use this connection, in the source object, set the auth object's type value to OAUTH.
For source code in a Bitbucket repository, the HTTPS clone URL to the repository that contains the source and the buildspec file. You must connect your AWS account to your Bitbucket account. Use the AWS CodeBuild console to start creating a build project. When you use the console to connect (or reconnect) with Bitbucket, on the Bitbucket Confirm access to your account page, choose Grant access. (After you have connected to your Bitbucket account, you do not need to finish creating the build project. You can leave the AWS CodeBuild console.) To instruct AWS CodeBuild to use this connection, in the source object, set the auth object's type value to OAUTH.
gitCloneDepth (integer) --
Information about the Git clone depth for the build project.
gitSubmodulesConfig (dict) --
Information about the Git submodules configuration for the build project.
fetchSubmodules (boolean) --
Set to true to fetch Git submodules for your AWS CodeBuild build project.
buildspec (string) --
The buildspec file declaration to use for the builds in this build project.
If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in CODEBUILD_SRC_DIR environment variable, or the path to an S3 bucket. The bucket must be in the same AWS Region as the build project. Specify the buildspec file using its ARN (for example, arn:aws:s3:::my-codebuild-sample2/buildspec.yml). If this value is not provided or is set to an empty string, the source code must contain a buildspec file in its root directory. For more information, see Buildspec File Name and Storage Location.
auth (dict) --
Information about the authorization settings for AWS CodeBuild to access the source code to be built.
This information is for the AWS CodeBuild console's use only. Your code should not get or set this information directly.
type (string) --
The authorization type to use. The only valid value is OAUTH, which represents the OAuth authorization type.
resource (string) --
The resource value that applies to the specified authorization type.
reportBuildStatus (boolean) --
Set to true to report the status of a build's start and finish to your source provider. This option is valid only when your source provider is GitHub, GitHub Enterprise, or Bitbucket. If this is set and you use a different source provider, an invalidInputException is thrown.
insecureSsl (boolean) --
Enable this flag to ignore SSL warnings while connecting to the project source code.
sourceIdentifier (string) --
An identifier for this project source.
secondarySources (list) --
An array of ProjectSource objects.
(dict) --
Information about the build input source code for the build project.
type (string) --
The type of repository that contains the source code to be built. Valid values include:
BITBUCKET: The source code is in a Bitbucket repository.
CODECOMMIT: The source code is in an AWS CodeCommit repository.
CODEPIPELINE: The source code settings are specified in the source action of a pipeline in AWS CodePipeline.
GITHUB: The source code is in a GitHub repository.
GITHUB_ENTERPRISE: The source code is in a GitHub Enterprise repository.
NO_SOURCE: The project does not have input source code.
S3: The source code is in an Amazon Simple Storage Service (Amazon S3) input bucket.
location (string) --
Information about the location of the source code to be built. Valid values include:
For source code settings that are specified in the source action of a pipeline in AWS CodePipeline, location should not be specified. If it is specified, AWS CodePipeline ignores it. This is because AWS CodePipeline uses the settings in a pipeline's source action instead of this value.
For source code in an AWS CodeCommit repository, the HTTPS clone URL to the repository that contains the source code and the buildspec file (for example, ``https://git-codecommit.region-ID.amazonaws.com/v1/repos/repo-name ``).
For source code in an Amazon Simple Storage Service (Amazon S3) input bucket, one of the following.
The path to the ZIP file that contains the source code (for example, bucket-name/path/to/object-name.zip).
The path to the folder that contains the source code (for example, bucket-name/path/to/source-code/folder/).
For source code in a GitHub repository, the HTTPS clone URL to the repository that contains the source and the buildspec file. You must connect your AWS account to your GitHub account. Use the AWS CodeBuild console to start creating a build project. When you use the console to connect (or reconnect) with GitHub, on the GitHub Authorize application page, for Organization access, choose Request access next to each repository you want to allow AWS CodeBuild to have access to, and then choose Authorize application. (After you have connected to your GitHub account, you do not need to finish creating the build project. You can leave the AWS CodeBuild console.) To instruct AWS CodeBuild to use this connection, in the source object, set the auth object's type value to OAUTH.
For source code in a Bitbucket repository, the HTTPS clone URL to the repository that contains the source and the buildspec file. You must connect your AWS account to your Bitbucket account. Use the AWS CodeBuild console to start creating a build project. When you use the console to connect (or reconnect) with Bitbucket, on the Bitbucket Confirm access to your account page, choose Grant access. (After you have connected to your Bitbucket account, you do not need to finish creating the build project. You can leave the AWS CodeBuild console.) To instruct AWS CodeBuild to use this connection, in the source object, set the auth object's type value to OAUTH.
gitCloneDepth (integer) --
Information about the Git clone depth for the build project.
gitSubmodulesConfig (dict) --
Information about the Git submodules configuration for the build project.
fetchSubmodules (boolean) --
Set to true to fetch Git submodules for your AWS CodeBuild build project.
buildspec (string) --
The buildspec file declaration to use for the builds in this build project.
If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in CODEBUILD_SRC_DIR environment variable, or the path to an S3 bucket. The bucket must be in the same AWS Region as the build project. Specify the buildspec file using its ARN (for example, arn:aws:s3:::my-codebuild-sample2/buildspec.yml). If this value is not provided or is set to an empty string, the source code must contain a buildspec file in its root directory. For more information, see Buildspec File Name and Storage Location.
auth (dict) --
Information about the authorization settings for AWS CodeBuild to access the source code to be built.
This information is for the AWS CodeBuild console's use only. Your code should not get or set this information directly.
type (string) --
The authorization type to use. The only valid value is OAUTH, which represents the OAuth authorization type.
resource (string) --
The resource value that applies to the specified authorization type.
reportBuildStatus (boolean) --
Set to true to report the status of a build's start and finish to your source provider. This option is valid only when your source provider is GitHub, GitHub Enterprise, or Bitbucket. If this is set and you use a different source provider, an invalidInputException is thrown.
insecureSsl (boolean) --
Enable this flag to ignore SSL warnings while connecting to the project source code.
sourceIdentifier (string) --
An identifier for this project source.
sourceVersion (string) --
A version of the build input to be built for this project. If not specified, the latest version is used. If specified, it must be one of:
For AWS CodeCommit: the commit ID, branch, or Git tag to use.
For GitHub: the commit ID, pull request ID, branch name, or tag name that corresponds to the version of the source code you want to build. If a pull request ID is specified, it must use the format pr/pull-request-ID (for example pr/25). If a branch name is specified, the branch's HEAD commit ID is used. If not specified, the default branch's HEAD commit ID is used.
For Bitbucket: the commit ID, branch name, or tag name that corresponds to the version of the source code you want to build. If a branch name is specified, the branch's HEAD commit ID is used. If not specified, the default branch's HEAD commit ID is used.
For Amazon Simple Storage Service (Amazon S3): the version ID of the object that represents the build input ZIP file to use.
If sourceVersion is specified at the build level, then that version takes precedence over this sourceVersion (at the project level).
For more information, see Source Version Sample with CodeBuild in the AWS CodeBuild User Guide.
secondarySourceVersions (list) --
An array of ProjectSourceVersion objects. If secondarySourceVersions is specified at the build level, then they take over these secondarySourceVersions (at the project level).
(dict) --
A source identifier and its corresponding version.
sourceIdentifier (string) --
An identifier for a source in the build project.
sourceVersion (string) --
The source version for the corresponding source identifier. If specified, must be one of:
For AWS CodeCommit: the commit ID, branch, or Git tag to use.
For GitHub: the commit ID, pull request ID, branch name, or tag name that corresponds to the version of the source code you want to build. If a pull request ID is specified, it must use the format pr/pull-request-ID (for example, pr/25). If a branch name is specified, the branch's HEAD commit ID is used. If not specified, the default branch's HEAD commit ID is used.
For Bitbucket: the commit ID, branch name, or tag name that corresponds to the version of the source code you want to build. If a branch name is specified, the branch's HEAD commit ID is used. If not specified, the default branch's HEAD commit ID is used.
For Amazon Simple Storage Service (Amazon S3): the version ID of the object that represents the build input ZIP file to use.
For more information, see Source Version Sample with CodeBuild in the AWS CodeBuild User Guide.
artifacts (dict) --
Information about the build output artifacts for the build project.
type (string) --
The type of build output artifact. Valid values include:
CODEPIPELINE: The build project has build output generated through AWS CodePipeline.
NO_ARTIFACTS: The build project does not produce any build output.
S3: The build project stores build output in Amazon Simple Storage Service (Amazon S3).
location (string) --
Information about the build output artifact location:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output locations instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, this is the name of the output bucket.
path (string) --
Along with namespaceType and name, the pattern that AWS CodeBuild uses to name and store the output artifact:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output names instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, this is the path to the output artifact. If path is not specified, path is not used.
For example, if path is set to MyArtifacts, namespaceType is set to NONE, and name is set to MyArtifact.zip, the output artifact is stored in the output bucket at MyArtifacts/MyArtifact.zip.
namespaceType (string) --
Along with path and name, the pattern that AWS CodeBuild uses to determine the name and location to store the output artifact:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output names instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, valid values include:
BUILD_ID: Include the build ID in the location of the build output artifact.
NONE: Do not include the build ID. This is the default if namespaceType is not specified.
For example, if path is set to MyArtifacts, namespaceType is set to BUILD_ID, and name is set to MyArtifact.zip, the output artifact is stored in MyArtifacts/build-ID/MyArtifact.zip.
name (string) --
Along with path and namespaceType, the pattern that AWS CodeBuild uses to name and store the output artifact:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output names instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, this is the name of the output artifact object. If you set the name to be a forward slash ("/"), the artifact is stored in the root of the output bucket.
For example:
If path is set to MyArtifacts, namespaceType is set to BUILD_ID, and name is set to MyArtifact.zip, then the output artifact is stored in MyArtifacts/build-ID/MyArtifact.zip.
If path is empty, namespaceType is set to NONE, and name is set to " /", the output artifact is stored in the root of the output bucket.
If path is set to MyArtifacts, namespaceType is set to BUILD_ID, and name is set to " /", the output artifact is stored in ``MyArtifacts/build-ID ``.
packaging (string) --
The type of build output artifact to create:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output artifacts instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, valid values include:
NONE: AWS CodeBuild creates in the output bucket a folder that contains the build output. This is the default if packaging is not specified.
ZIP: AWS CodeBuild creates in the output bucket a ZIP file that contains the build output.
overrideArtifactName (boolean) --
If this flag is set, a name specified in the buildspec file overrides the artifact name. The name specified in a buildspec file is calculated at build time and uses the Shell Command Language. For example, you can append a date and time to your artifact name so that it is always unique.
encryptionDisabled (boolean) --
Set to true if you do not want your output artifacts encrypted. This option is valid only if your artifacts type is Amazon Simple Storage Service (Amazon S3). If this is set with another artifacts type, an invalidInputException is thrown.
artifactIdentifier (string) --
An identifier for this artifact definition.
secondaryArtifacts (list) --
An array of ProjectArtifacts objects.
(dict) --
Information about the build output artifacts for the build project.
type (string) --
The type of build output artifact. Valid values include:
CODEPIPELINE: The build project has build output generated through AWS CodePipeline.
NO_ARTIFACTS: The build project does not produce any build output.
S3: The build project stores build output in Amazon Simple Storage Service (Amazon S3).
location (string) --
Information about the build output artifact location:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output locations instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, this is the name of the output bucket.
path (string) --
Along with namespaceType and name, the pattern that AWS CodeBuild uses to name and store the output artifact:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output names instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, this is the path to the output artifact. If path is not specified, path is not used.
For example, if path is set to MyArtifacts, namespaceType is set to NONE, and name is set to MyArtifact.zip, the output artifact is stored in the output bucket at MyArtifacts/MyArtifact.zip.
namespaceType (string) --
Along with path and name, the pattern that AWS CodeBuild uses to determine the name and location to store the output artifact:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output names instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, valid values include:
BUILD_ID: Include the build ID in the location of the build output artifact.
NONE: Do not include the build ID. This is the default if namespaceType is not specified.
For example, if path is set to MyArtifacts, namespaceType is set to BUILD_ID, and name is set to MyArtifact.zip, the output artifact is stored in MyArtifacts/build-ID/MyArtifact.zip.
name (string) --
Along with path and namespaceType, the pattern that AWS CodeBuild uses to name and store the output artifact:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output names instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, this is the name of the output artifact object. If you set the name to be a forward slash ("/"), the artifact is stored in the root of the output bucket.
For example:
If path is set to MyArtifacts, namespaceType is set to BUILD_ID, and name is set to MyArtifact.zip, then the output artifact is stored in MyArtifacts/build-ID/MyArtifact.zip.
If path is empty, namespaceType is set to NONE, and name is set to " /", the output artifact is stored in the root of the output bucket.
If path is set to MyArtifacts, namespaceType is set to BUILD_ID, and name is set to " /", the output artifact is stored in ``MyArtifacts/build-ID ``.
packaging (string) --
The type of build output artifact to create:
If type is set to CODEPIPELINE, AWS CodePipeline ignores this value if specified. This is because AWS CodePipeline manages its build output artifacts instead of AWS CodeBuild.
If type is set to NO_ARTIFACTS, this value is ignored if specified, because no build output is produced.
If type is set to S3, valid values include:
NONE: AWS CodeBuild creates in the output bucket a folder that contains the build output. This is the default if packaging is not specified.
ZIP: AWS CodeBuild creates in the output bucket a ZIP file that contains the build output.
overrideArtifactName (boolean) --
If this flag is set, a name specified in the buildspec file overrides the artifact name. The name specified in a buildspec file is calculated at build time and uses the Shell Command Language. For example, you can append a date and time to your artifact name so that it is always unique.
encryptionDisabled (boolean) --
Set to true if you do not want your output artifacts encrypted. This option is valid only if your artifacts type is Amazon Simple Storage Service (Amazon S3). If this is set with another artifacts type, an invalidInputException is thrown.
artifactIdentifier (string) --
An identifier for this artifact definition.
cache (dict) --
Information about the cache for the build project.
type (string) --
The type of cache used by the build project. Valid values include:
NO_CACHE: The build project does not use any cache.
S3: The build project reads and writes from and to S3.
LOCAL: The build project stores a cache locally on a build host that is only available to that build host.
location (string) --
Information about the cache location:
NO_CACHE or LOCAL: This value is ignored.
S3: This is the S3 bucket name/prefix.
modes (list) --
If you use a LOCAL cache, the local cache mode. You can use one or more local cache modes at the same time.
LOCAL_SOURCE_CACHE mode caches Git metadata for primary and secondary sources. After the cache is created, subsequent builds pull only the change between commits. This mode is a good choice for projects with a clean working directory and a source that is a large Git repository. If you choose this option and your project does not use a Git repository (GitHub, GitHub Enterprise, or Bitbucket), the option is ignored.
LOCAL_DOCKER_LAYER_CACHE mode caches existing Docker layers. This mode is a good choice for projects that build or pull large Docker images. It can prevent the performance issues caused by pulling large Docker images down from the network.
LOCAL_CUSTOM_CACHE mode caches directories you specify in the buildspec file. This mode is a good choice if your build scenario is not suited to one of the other three local cache modes. If you use a custom cache:
Only directories can be specified for caching. You cannot specify individual files.
Symlinks are used to reference cached directories.
Cached directories are linked to your build before it downloads its project sources. Cached items are overridden if a source item has the same name. Directories are specified using cache paths in the buildspec file.
(string) --
environment (dict) --
Information about the build environment for this build project.
type (string) --
The type of build environment to use for related builds.
The environment type ARM_CONTAINER is available only in regions US East (N. Virginia), US East (Ohio), US West (Oregon), EU (Ireland), Asia Pacific (Mumbai), Asia Pacific (Tokyo), Asia Pacific (Sydney), and EU (Frankfurt).
The environment type LINUX_CONTAINER with compute type build.general1.2xlarge is available only in regions US East (N. Virginia), US East (Ohio), US West (Oregon), Canada (Central), EU (Ireland), EU (London), EU (Frankfurt), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), China (Beijing), and China (Ningxia).
The environment type LINUX_GPU_CONTAINER is available only in regions US East (N. Virginia), US East (Ohio), US West (Oregon), Canada (Central), EU (Ireland), EU (London), EU (Frankfurt), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney) , China (Beijing), and China (Ningxia).
image (string) --
The image tag or image digest that identifies the Docker image to use for this build project. Use the following formats:
For an image tag: registry/repository:tag. For example, to specify an image with the tag "latest," use registry/repository:latest.
For an image digest: registry/repository@digest. For example, to specify an image with the digest "sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf," use registry/repository@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf.
computeType (string) --
Information about the compute resources the build project uses. Available values include:
BUILD_GENERAL1_SMALL: Use up to 3 GB memory and 2 vCPUs for builds.
BUILD_GENERAL1_MEDIUM: Use up to 7 GB memory and 4 vCPUs for builds.
BUILD_GENERAL1_LARGE: Use up to 16 GB memory and 8 vCPUs for builds, depending on your environment type.
BUILD_GENERAL1_2XLARGE: Use up to 145 GB memory, 72 vCPUs, and 824 GB of SSD storage for builds. This compute type supports Docker images up to 100 GB uncompressed.
If you use BUILD_GENERAL1_LARGE:
For environment type LINUX_CONTAINER, you can use up to 15 GB memory and 8 vCPUs for builds.
For environment type LINUX_GPU_CONTAINER, you can use up to 255 GB memory, 32 vCPUs, and 4 NVIDIA Tesla V100 GPUs for builds.
For environment type ARM_CONTAINER, you can use up to 16 GB memory and 8 vCPUs on ARM-based processors for builds.
For more information, see Build Environment Compute Types in the AWS CodeBuild User Guide.
environmentVariables (list) --
A set of environment variables to make available to builds for this build project.
(dict) --
Information about an environment variable for a build project or a build.
name (string) --
The name or key of the environment variable.
value (string) --
The value of the environment variable.
type (string) --
The type of environment variable. Valid values include:
PARAMETER_STORE: An environment variable stored in Amazon EC2 Systems Manager Parameter Store. To learn how to specify a parameter store environment variable, see parameter store reference-key in the buildspec file.
PLAINTEXT: An environment variable in plain text format. This is the default value.
SECRETS_MANAGER: An environment variable stored in AWS Secrets Manager. To learn how to specify a secrets manager environment variable, see secrets manager reference-key in the buildspec file.
privilegedMode (boolean) --
Enables running the Docker daemon inside a Docker container. Set to true only if the build project is used to build Docker images. Otherwise, a build that attempts to interact with the Docker daemon fails. The default setting is false.
You can initialize the Docker daemon during the install phase of your build by adding one of the following sets of commands to the install phase of your buildspec file:
If the operating system's base image is Ubuntu Linux:
- nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 --storage-driver=overlay&
- timeout 15 sh -c "until docker info; do echo .; sleep 1; done"
If the operating system's base image is Alpine Linux and the previous command does not work, add the -t argument to timeout:
- nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 --storage-driver=overlay&
- timeout -t 15 sh -c "until docker info; do echo .; sleep 1; done"
certificate (string) --
The certificate to use with this build project.
registryCredential (dict) --
The credentials for access to a private registry.
credential (string) --
The Amazon Resource Name (ARN) or name of credentials created using AWS Secrets Manager.
credentialProvider (string) --
The service that created the credentials to access a private Docker registry. The valid value, SECRETS_MANAGER, is for AWS Secrets Manager.
imagePullCredentialsType (string) --
The type of credentials AWS CodeBuild uses to pull images in your build. There are two valid values:
CODEBUILD specifies that AWS CodeBuild uses its own credentials. This requires that you modify your ECR repository policy to trust AWS CodeBuild's service principal.
SERVICE_ROLE specifies that AWS CodeBuild uses your build project's service role.
When you use a cross-account or private registry image, you must use SERVICE_ROLE credentials. When you use an AWS CodeBuild curated image, you must use CODEBUILD credentials.
serviceRole (string) --
The ARN of the AWS Identity and Access Management (IAM) role that enables AWS CodeBuild to interact with dependent AWS services on behalf of the AWS account.
timeoutInMinutes (integer) --
How long, in minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait before timing out any related build that did not get marked as completed. The default is 60 minutes.
queuedTimeoutInMinutes (integer) --
The number of minutes a build is allowed to be queued before it times out.
encryptionKey (string) --
The AWS Key Management Service (AWS KMS) customer master key (CMK) to be used for encrypting the build output artifacts.
You can specify either the Amazon Resource Name (ARN) of the CMK or, if available, the CMK's alias (using the format ``alias/alias-name ``).
tags (list) --
The tags for this build project.
These tags are available for use by AWS services that support AWS CodeBuild build project tags.
(dict) --
A tag, consisting of a key and a value.
This tag is available for use by AWS services that support tags in AWS CodeBuild.
key (string) --
The tag's key.
value (string) --
The tag's value.
created (datetime) --
When the build project was created, expressed in Unix time format.
lastModified (datetime) --
When the build project's settings were last modified, expressed in Unix time format.
webhook (dict) --
Information about a webhook that connects repository events to a build project in AWS CodeBuild.
url (string) --
The URL to the webhook.
payloadUrl (string) --
The AWS CodeBuild endpoint where webhook events are sent.
secret (string) --
The secret token of the associated repository.
branchFilter (string) --
A regular expression used to determine which repository branches are built when a webhook is triggered. If the name of a branch matches the regular expression, then it is built. If branchFilter is empty, then all branches are built.
filterGroups (list) --
An array of arrays of WebhookFilter objects used to determine which webhooks are triggered. At least one WebhookFilter in the array must specify EVENT as its type.
For a build to be triggered, at least one filter group in the filterGroups array must pass. For a filter group to pass, each of its filters must pass.
(list) --
(dict) --
A filter used to determine which webhooks trigger a build.
type (string) --
The type of webhook filter. There are six webhook filter types: EVENT, ACTOR_ACCOUNT_ID, HEAD_REF, BASE_REF, FILE_PATH, and COMMIT_MESSAGE.
EVENT
A webhook event triggers a build when the provided pattern matches one of five event types: PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED, PULL_REQUEST_REOPENED, and PULL_REQUEST_MERGED. The EVENT patterns are specified as a comma-separated string. For example, PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED filters all push, pull request created, and pull request updated events.
A webhook event triggers a build when a GitHub, GitHub Enterprise, or Bitbucket account ID matches the regular expression pattern.
HEAD_REF
A webhook event triggers a build when the head reference matches the regular expression pattern. For example, refs/heads/branch-name and refs/tags/tag-name.
Works with GitHub and GitHub Enterprise push, GitHub and GitHub Enterprise pull request, Bitbucket push, and Bitbucket pull request events.
BASE_REF
A webhook event triggers a build when the base reference matches the regular expression pattern. For example, refs/heads/branch-name.
A webhook triggers a build when the path of a changed file matches the regular expression pattern.
A webhook triggers a build when the head commit message matches the regular expression pattern.
pattern (string) --
For a WebHookFilter that uses EVENT type, a comma-separated string that specifies one or more events. For example, the webhook filter PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED allows all push, pull request created, and pull request updated events to trigger a build.
For a WebHookFilter that uses any of the other filter types, a regular expression pattern. For example, a WebHookFilter that uses HEAD_REF for its type and the pattern ^refs/heads/ triggers a build when the head reference is a branch with a reference name refs/heads/branch-name.
excludeMatchedPattern (boolean) --
Used to indicate that the pattern determines which webhook events do not trigger a build. If true, then a webhook event that does not match the pattern triggers a build. If false, then a webhook event that matches the pattern triggers a build.
lastModifiedSecret (datetime) --
A timestamp that indicates the last time a repository's secret token was modified.
vpcConfig (dict) --
Information about the VPC configuration that AWS CodeBuild accesses.
vpcId (string) --
The ID of the Amazon VPC.
subnets (list) --
A list of one or more subnet IDs in your Amazon VPC.
(string) --
securityGroupIds (list) --
A list of one or more security groups IDs in your Amazon VPC.
(string) --
badge (dict) --
Information about the build badge for the build project.
badgeEnabled (boolean) --
Set this to true to generate a publicly accessible URL for your project's build badge.
badgeRequestUrl (string) --
The publicly-accessible URL through which you can access the build badge for your project.
The publicly accessible URL through which you can access the build badge for your project.
logsConfig (dict) --
Information about logs for the build project. A project can create logs in Amazon CloudWatch Logs, an S3 bucket, or both.
cloudWatchLogs (dict) --
Information about Amazon CloudWatch Logs for a build project. Amazon CloudWatch Logs are enabled by default.
status (string) --
The current status of the logs in Amazon CloudWatch Logs for a build project. Valid values are:
ENABLED: Amazon CloudWatch Logs are enabled for this build project.
DISABLED: Amazon CloudWatch Logs are not enabled for this build project.
groupName (string) --
The group name of the logs in Amazon CloudWatch Logs. For more information, see Working with Log Groups and Log Streams.
streamName (string) --
The prefix of the stream name of the Amazon CloudWatch Logs. For more information, see Working with Log Groups and Log Streams.
s3Logs (dict) --
Information about logs built to an S3 bucket for a build project. S3 logs are not enabled by default.
status (string) --
The current status of the S3 build logs. Valid values are:
ENABLED: S3 build logs are enabled for this build project.
DISABLED: S3 build logs are not enabled for this build project.
location (string) --
The ARN of an S3 bucket and the path prefix for S3 logs. If your Amazon S3 bucket name is my-bucket, and your path prefix is build-log, then acceptable formats are my-bucket/build-log or arn:aws:s3:::my-bucket/build-log.
encryptionDisabled (boolean) --
Set to true if you do not want your S3 build log output encrypted. By default S3 build logs are encrypted.
fileSystemLocations (list) --
An array of ProjectFileSystemLocation objects for a CodeBuild build project. A ProjectFileSystemLocation object specifies the identifier, location, mountOptions, mountPoint, and type of a file system created using Amazon Elastic File System.
(dict) --
Information about a file system created by Amazon Elastic File System (EFS). For more information, see What Is Amazon Elastic File System?
type (string) --
The type of the file system. The one supported type is EFS.
location (string) --
A string that specifies the location of the file system created by Amazon EFS. Its format is efs-dns-name:/directory-path. You can find the DNS name of file system when you view it in the AWS EFS console. The directory path is a path to a directory in the file system that CodeBuild mounts. For example, if the DNS name of a file system is fs-abcd1234.efs.us-west-2.amazonaws.com, and its mount directory is my-efs-mount-directory, then the location is fs-abcd1234.efs.us-west-2.amazonaws.com:/my-efs-mount-directory.
The directory path in the format efs-dns-name:/directory-path is optional. If you do not specify a directory path, the location is only the DNS name and CodeBuild mounts the entire file system.
mountPoint (string) --
The location in the container where you mount the file system.
identifier (string) --
The name used to access a file system created by Amazon EFS. CodeBuild creates an environment variable by appending the identifier in all capital letters to CODEBUILD_. For example, if you specify my-efs for identifier, a new environment variable is create named CODEBUILD_MY-EFS.
The identifier is used to mount your file system.
mountOptions (string) --
The mount options for a file system created by AWS EFS. The default mount options used by CodeBuild are nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2. For more information, see Recommended NFS Mount Options.
{'filterGroups': {'type': {'COMMIT_MESSAGE'}}}Response
{'webhook': {'filterGroups': {'type': {'COMMIT_MESSAGE'}}}}
Updates the webhook associated with an AWS CodeBuild build project.
See also: AWS API Documentation
Request Syntax
client.update_webhook( projectName='string', branchFilter='string', rotateSecret=True|False, filterGroups=[ [ { 'type': 'EVENT'|'BASE_REF'|'HEAD_REF'|'ACTOR_ACCOUNT_ID'|'FILE_PATH'|'COMMIT_MESSAGE', 'pattern': 'string', 'excludeMatchedPattern': True|False }, ], ] )
string
[REQUIRED]
The name of the AWS CodeBuild project.
string
A regular expression used to determine which repository branches are built when a webhook is triggered. If the name of a branch matches the regular expression, then it is built. If branchFilter is empty, then all branches are built.
boolean
A boolean value that specifies whether the associated GitHub repository's secret token should be updated. If you use Bitbucket for your repository, rotateSecret is ignored.
list
An array of arrays of WebhookFilter objects used to determine if a webhook event can trigger a build. A filter group must contain at least one EVENT WebhookFilter.
(list) --
(dict) --
A filter used to determine which webhooks trigger a build.
type (string) -- [REQUIRED]
The type of webhook filter. There are six webhook filter types: EVENT, ACTOR_ACCOUNT_ID, HEAD_REF, BASE_REF, FILE_PATH, and COMMIT_MESSAGE.
EVENT
A webhook event triggers a build when the provided pattern matches one of five event types: PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED, PULL_REQUEST_REOPENED, and PULL_REQUEST_MERGED. The EVENT patterns are specified as a comma-separated string. For example, PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED filters all push, pull request created, and pull request updated events.
A webhook event triggers a build when a GitHub, GitHub Enterprise, or Bitbucket account ID matches the regular expression pattern.
HEAD_REF
A webhook event triggers a build when the head reference matches the regular expression pattern. For example, refs/heads/branch-name and refs/tags/tag-name.
Works with GitHub and GitHub Enterprise push, GitHub and GitHub Enterprise pull request, Bitbucket push, and Bitbucket pull request events.
BASE_REF
A webhook event triggers a build when the base reference matches the regular expression pattern. For example, refs/heads/branch-name.
A webhook triggers a build when the path of a changed file matches the regular expression pattern.
A webhook triggers a build when the head commit message matches the regular expression pattern.
pattern (string) -- [REQUIRED]
For a WebHookFilter that uses EVENT type, a comma-separated string that specifies one or more events. For example, the webhook filter PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED allows all push, pull request created, and pull request updated events to trigger a build.
For a WebHookFilter that uses any of the other filter types, a regular expression pattern. For example, a WebHookFilter that uses HEAD_REF for its type and the pattern ^refs/heads/ triggers a build when the head reference is a branch with a reference name refs/heads/branch-name.
excludeMatchedPattern (boolean) --
Used to indicate that the pattern determines which webhook events do not trigger a build. If true, then a webhook event that does not match the pattern triggers a build. If false, then a webhook event that matches the pattern triggers a build.
dict
Response Syntax
{ 'webhook': { 'url': 'string', 'payloadUrl': 'string', 'secret': 'string', 'branchFilter': 'string', 'filterGroups': [ [ { 'type': 'EVENT'|'BASE_REF'|'HEAD_REF'|'ACTOR_ACCOUNT_ID'|'FILE_PATH'|'COMMIT_MESSAGE', 'pattern': 'string', 'excludeMatchedPattern': True|False }, ], ], 'lastModifiedSecret': datetime(2015, 1, 1) } }
Response Structure
(dict) --
webhook (dict) --
Information about a repository's webhook that is associated with a project in AWS CodeBuild.
url (string) --
The URL to the webhook.
payloadUrl (string) --
The AWS CodeBuild endpoint where webhook events are sent.
secret (string) --
The secret token of the associated repository.
branchFilter (string) --
A regular expression used to determine which repository branches are built when a webhook is triggered. If the name of a branch matches the regular expression, then it is built. If branchFilter is empty, then all branches are built.
filterGroups (list) --
An array of arrays of WebhookFilter objects used to determine which webhooks are triggered. At least one WebhookFilter in the array must specify EVENT as its type.
For a build to be triggered, at least one filter group in the filterGroups array must pass. For a filter group to pass, each of its filters must pass.
(list) --
(dict) --
A filter used to determine which webhooks trigger a build.
type (string) --
The type of webhook filter. There are six webhook filter types: EVENT, ACTOR_ACCOUNT_ID, HEAD_REF, BASE_REF, FILE_PATH, and COMMIT_MESSAGE.
EVENT
A webhook event triggers a build when the provided pattern matches one of five event types: PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED, PULL_REQUEST_REOPENED, and PULL_REQUEST_MERGED. The EVENT patterns are specified as a comma-separated string. For example, PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED filters all push, pull request created, and pull request updated events.
A webhook event triggers a build when a GitHub, GitHub Enterprise, or Bitbucket account ID matches the regular expression pattern.
HEAD_REF
A webhook event triggers a build when the head reference matches the regular expression pattern. For example, refs/heads/branch-name and refs/tags/tag-name.
Works with GitHub and GitHub Enterprise push, GitHub and GitHub Enterprise pull request, Bitbucket push, and Bitbucket pull request events.
BASE_REF
A webhook event triggers a build when the base reference matches the regular expression pattern. For example, refs/heads/branch-name.
A webhook triggers a build when the path of a changed file matches the regular expression pattern.
A webhook triggers a build when the head commit message matches the regular expression pattern.
pattern (string) --
For a WebHookFilter that uses EVENT type, a comma-separated string that specifies one or more events. For example, the webhook filter PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED allows all push, pull request created, and pull request updated events to trigger a build.
For a WebHookFilter that uses any of the other filter types, a regular expression pattern. For example, a WebHookFilter that uses HEAD_REF for its type and the pattern ^refs/heads/ triggers a build when the head reference is a branch with a reference name refs/heads/branch-name.
excludeMatchedPattern (boolean) --
Used to indicate that the pattern determines which webhook events do not trigger a build. If true, then a webhook event that does not match the pattern triggers a build. If false, then a webhook event that matches the pattern triggers a build.
lastModifiedSecret (datetime) --
A timestamp that indicates the last time a repository's secret token was modified.