AWS Codeartifact local system setup

AWS Codeartifact Setup for npm packages

AWS Codeartifact local system setup

Generate Commands to automate codeartifact login

Note: This step has to be done by RPs

Run the below-attached script codeartifact_auth_automation_cmds_generator.py to generate commands which automate the codeartifact authentication.

For npm Auth

python3 codeartifact_auth_automation_cmds_generator.py --aws-profile ibuild-dev  --codeartifact-domain ibuild-dev --npm-namespaces "ib rn" --npm-auth --pypi-auth

For pypi Auth

python3 codeartifact_auth_automation_cmds_generator.py --aws-profile ibuild-dev  --codeartifact-domain ibuild-dev --pypi-auth

For both npm and pypi:

python3 codeartifact_auth_automation_cmds_generator.py --aws-profile ibuild-dev  --codeartifact-domain ibuild-dev --npm-namespaces "ib nw" --npm-auth --pypi-auth

Script Args:

--aws-profile: AWS Profile

--codeartifact-domain: codeartifact domain name (specific to AWS account)

--npm-namespaces: space separated npm namespaces to authenticate( for example: "ib rn")

--npm-auth: bool field to specify to generate npm auth-related commands

--pypi-auth: bool field to specify to generate pypi auth-related commands

Run the commands to automate authentication

Prerequisites:

  • Make sure aws cli is up to date, run the below command to update the aws cli.

    pip3 install -U awscli

  • Setup AWS profile with a common profile name (which we will use in the script below), you can follow the steps in AWS Profile Setup Guide.md

Run the commands generated in the above script or commands shared by RP to automate the codeartifact authentication.

Configure Codebuild project

CodeArtifact Read Perms for Codebuild Project Role

To add the codeartifact perms to the codebuild project role :

  • For normal projects:

    • In Devops Console, CodeBuild Projects -> select project -> choose action reset project default policy role and then approve the action (permissions for reading codeartifact packages will be added to build role policy, for newly created projects this will be automatically added, no need to reset policy)

  • For Package publishing projects:

    • In the devops console Admin panel fill Code Artifact Packages section

      • Codeartifact domain: ibuild-dev

      • Codeartifact repo: npm

      • Codeartifact package: <your package-name>

    • then approve the action to get required permissions.

Updates in Codebuild Project Config

Note: If your project is using Custom Docker Image, steps will be different, ping DevOps Team if you're using custom docker image for build project

  • Changes for normal Project:

    • Remove JFROG related env vars and add below env vars:

      • CODEARTIFACT_DOMAIN

      • CODEARTIFACT_REPO

    • remove the below lines from buildspec if exists

- mkdir -p /root/scripts/
- wget https://s3-eu-west-1.amazonaws.com/ibconsole/util_scipts/codeship_artifactory_npmrc_project.py -P /root/scripts/
- python3 /root/scripts/codeship_artifactory_npmrc_project.py

  • in buildspec, add the below lines at the top of pre_build or before npm install command.

- env --unset=AWS_ACCESS_KEY_ID --unset=AWS_SECRET_ACCESS_KEY aws codeartifact login --tool npm --repository $CODEARTIFACT_REPO --domain $CODEARTIFACT_DOMAIN

  • Changes for Package publishing Project:

    • Remove JFROG related env vars and add below env vars:

      • CODEARTIFACT_DOMAIN

      • CODEARTIFACT_REPO

    • remove the below lines from buildspec if exists

- mkdir -p /root/scripts/
- wget https://s3-eu-west-1.amazonaws.com/ibconsole/util_scipts/codeship_artifactory_npmrc_project.py -P /root/scripts/
- python3 /root/scripts/codeship_artifactory_npmrc_project.py

  • in buildspec, add the below lines at the top of pre_build or before npm install command (refer to the attached buildspec_sample_npm_publish.yaml file)

    - env --unset=AWS_ACCESS_KEY_ID --unset=AWS_SECRET_ACCESS_KEY aws codeartifact login --tool npm --repository $CODEARTIFACT_REPO --domain $CODEARTIFACT_DOMAIN

  • [Optional] In codeartifact you cannot override the existing version with update code directly, so if you want to update the package without changing the version, you've to delete an existing version, use the below commands to do that. (above npm upload command)

- package_name_with_namespace=$(node -p "require('./package.json').name")
- package_namespace=$(echo $package_name_with_namespace | cut -d / -f1 | sed 's/^@//')
- package_name=$(echo $package_name_with_namespace | cut -d / -f2)
- package_version=$(node -p "require('./package.json').version")
- if delete_logs=$(env --unset=AWS_ACCESS_KEY_ID --unset=AWS_SECRET_ACCESS_KEY aws codeartifact delete-package-versions --domain $CODEARTIFACT_DOMAIN --repository $CODEARTIFACT_REPO --format npm --package $package_name --namespace $package_namespace --versions $package_version); then echo "$delete_logs"; else echo "$delete_logs"; fi

#CodeArtifact #npm

PreviousBest PracticesNextAWS Profile Setup Guide

Last updated