We launched the cloudonaut blog in 2015. Since then, we have published 390 articles, 91 podcast episodes, and 99 videos. Our weekly newsletter keeps you up-to-date. Subscribe now!.
Subscribe
Our weekly newsletter keeps you up-to-date. Subscribe now! It's all free.
There is no question that AWS has a strong focus on customer obsession. However, sometimes it takes forever until popular feature requests get implemented. A good example: CodePipeline - the continuous delivery service - does support all kinds of source code repositories: CodeCommit, GitHub, Bitbucket, S3, and ECR. Although a very popular option is missing: GitHub Enterprise.
Luckily, there is a decent workaround to connect GitHub Enterprise with CodePipeline.
A webhook from GitHub Enterprise triggers CodeBuild.
CodeBuild fetches the latest changes (Git over HTTPS or SSH), bundles them into a ZIP file, and uploads the archive to S3.
The S3 bucket with versioning enabled stores the latest version of the repository.
A CloudWatch event rule triggers the pipeline whenever the CodeBuild project succeeded.
The source action of CodePipeline downloads the ZIP file, unpacks the archive, and hands over the source code to the next stage.
Code Example
In the following, I will use Terraform to set up all the needed resources. First of all, we need to get Terraform up and running.
Make sure to fill in the following placeholders:
<GITHUB_ACCESS_TOKEN> a personal access token to access the GitHub Enterprise API. Please note, scope admin:repo_hook is required.
<GITHUB_ORGANIZATON> the name of your GitHub Enterprise organization (e.g., myorg).
<GITHUB_REPOSITORY_NAME> the name of your GitHub Enterprise repository (e.g., myrepo).
<GITHUB_REPOSITORY_URL> the URL of your GitHub Enterprise repository (e.g., https://git.example.com/myorg/myrepo.git).
<GITHUB_API_URL> the URL of the GitHub Enterprise API (e.g., https://git.example.com/api/).
terraform { required_version = ">= 0.12" }
provider "aws" { region = "eu-central-1" version = "~> 3.0" }
In the following step, you will create an S3 bucket to store the source code artifact - a zip file named source.zip. I’m using KMS encryption with the default key here.
That’s it. You are ready to run terraform apply to set up CodePipeline for GitHub Enterprise.
Limitations
The code example only works when GitHub Enterprise is available over the Internet. In theory, it is possible to access GitHub Enterprise over private networks only as well. Doing so requires to configure a network interface to establish access to a VPC for the CodeBuild project.
CodePipeline does not know about the commit hash. It shows the version of the source.zip S3 object instead. However, the example adds a file SOURCE_VERSION to the source.zip archive, which contains the original commit hash.
Copying the source code to S3 adds additional latency (about 1-3 minutes) to your deployment pipeline.
Summary
Unfortunately, CodePipeline does not support GitHub Enterprise yet. Using CodeBuild and S3 is a decent workaround to get CodePipeline running for your GitHub Enterprise repository.
Andreas Wittig
I’ve been building on AWS since 2012 together with my brother Michael. We are sharing our insights into all things AWS on cloudonaut and have written the book AWS in Action. Besides that, we’re currently working on bucketAV,HyperEnv for GitHub Actions, and marbot.
Here are the contact options for feedback and questions.