Create Codebuild module for hugo

Author: tabletcorry

.gitignore

@@ -1,6 +1,8 @@
 # Local .terraform directories
 **/.terraform/*
 
+/.idea
+
 # .tfstate files
 *.tfstate
 *.tfstate.*

buildspec.yml

@@ -0,0 +1,41 @@
+version: 0.2
+
+env:
+  variables:
+    HUGO_VERSION: "0.105.0"
+
+phases:
+  install:
+    commands:
+      - echo Entered the install phase...
+      - |
+        [[ -e hugo-$HUGO_VERSION ]] || wget https://github.com/gohugoio/hugo/releases/download/v${HUGO_VERSION}/hugo_extended_${HUGO_VERSION}_linux-arm64.tar.gz
+      - |
+        [[ -e hugo-$HUGO_VERSION ]] || tar xaf hugo_extended_${HUGO_VERSION}_linux-arm64.tar.gz
+      - |
+        [[ -e hugo-$HUGO_VERSION ]] || mv hugo hugo-$HUGO_VERSION
+    finally:
+      - echo This always runs even if the update or install command fails
+  pre_build:
+    commands:
+      - echo Entered the pre_build phase...
+    finally:
+      - echo This always runs even if the login command fails
+  build:
+    commands:
+      - echo Entered the build phase...
+      - echo Build started on `date`
+      - ./hugo-$HUGO_VERSION --cleanDestinationDir
+    finally:
+      - echo This always runs even if the install command fails
+  post_build:
+    commands:
+      - echo Entered the post_build phase...
+      - ./hugo-$HUGO_VERSION deploy
+      - echo Build completed on `date`
+
+cache:
+  paths:
+    - hugo-*
+    - public/**/*
+    - resources/_gen/**/*

codebuild.tf

@@ -0,0 +1,62 @@
+resource "aws_codebuild_project" "self" {
+  name          = var.name
+  build_timeout = "5"
+  service_role  = aws_iam_role.codebuild.arn
+
+  artifacts {
+    type = "NO_ARTIFACTS"
+  }
+
+  cache {
+    type     = "S3"
+    location = aws_s3_bucket.cache.bucket
+  }
+
+  environment {
+    compute_type                = "BUILD_GENERAL1_SMALL"
+    image                       = "aws/codebuild/amazonlinux2-aarch64-standard:2.0"
+    type                        = "ARM_CONTAINER"
+    image_pull_credentials_type = "CODEBUILD"
+  }
+
+  concurrent_build_limit = 1
+
+  /*logs_config {
+    cloudwatch_logs {
+      group_name  = "log-group"
+      stream_name = "log-stream"
+    }
+  }*/
+
+  source {
+    type            = "GITHUB"
+    location        = "https://github.com/tabletcorry/web_hugo.git"
+    git_clone_depth = 1
+
+    report_build_status = true
+
+    git_submodules_config {
+      fetch_submodules = true
+    }
+
+    buildspec = file("${path.module}/buildspec.yml")
+  }
+
+  source_version = "main"
+}
+
+resource "aws_codebuild_webhook" "self" {
+  project_name = aws_codebuild_project.self.name
+  build_type   = "BUILD"
+  filter_group {
+    filter {
+      type    = "EVENT"
+      pattern = "PUSH"
+    }
+
+    filter {
+      type    = "HEAD_REF"
+      pattern = "main"
+    }
+  }
+}

iam.tf

@@ -0,0 +1,89 @@
+resource "aws_iam_role" "codebuild" {
+  name_prefix = var.name
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "codebuild.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+EOF
+}
+
+data "aws_s3_bucket" "target" {
+  bucket = var.s3_deploy_target
+}
+
+data "aws_cloudfront_distribution" "target" {
+  id = var.cloudfront_deploy_target
+}
+
+resource "aws_iam_role_policy" "codebuild" {
+  role = aws_iam_role.codebuild.name
+
+  policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Resource": [
+        "*"
+      ],
+      "Action": [
+        "logs:CreateLogGroup",
+        "logs:CreateLogStream",
+        "logs:PutLogEvents"
+      ]
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:GetObject",
+        "s3:PutObject",
+        "s3:List*",
+        "s3:GetBucketAcl",
+        "s3:GetBucketLocation",
+        "s3:GetObjectVersion"
+      ],
+      "Resource": [
+        "${aws_s3_bucket.cache.arn}",
+        "${aws_s3_bucket.cache.arn}/*"
+      ]
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:GetObject",
+        "s3:PutObject",
+        "s3:List*",
+        "s3:GetBucketAcl",
+        "s3:GetBucketLocation",
+        "s3:GetObjectVersion"
+      ],
+      "Resource": [
+        "${data.aws_s3_bucket.target.arn}",
+        "${data.aws_s3_bucket.target.arn}/*"
+      ]
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+                "cloudfront:GetDistribution",
+                "cloudfront:CreateInvalidation"
+      ],
+      "Resource": [
+        "${data.aws_cloudfront_distribution.target.arn}"
+      ]
+    }
+  ]
+}
+POLICY
+}

inputs.tf

@@ -0,0 +1,16 @@
+variable "name" {
+  type = string
+}
+
+variable "tags" {
+  type    = map(string)
+  default = {}
+}
+
+variable "s3_deploy_target" {
+  type = string
+}
+
+variable "cloudfront_deploy_target" {
+  type = string
+}

locals.tf

@@ -0,0 +1,7 @@
+locals {
+  module_tags = {
+    module          = "tf-aws-codebuild-hugo"
+    module_var_name = var.name
+  }
+  tags = merge(local.module_tags, var.tags)
+}

provider.tf

@@ -0,0 +1,14 @@
+provider "aws" {
+  alias  = "us-east-1"
+  region = "us-east-1"
+
+  default_tags {
+    tags = local.tags
+  }
+}
+
+provider "aws" {
+  default_tags {
+    tags = local.tags
+  }
+}

s3.tf

@@ -0,0 +1,15 @@
+resource "aws_s3_bucket" "cache" {
+  bucket_prefix = var.name
+}
+
+resource "aws_s3_bucket_acl" "cache" {
+  bucket = aws_s3_bucket.cache.id
+  acl    = "private"
+}
+
+resource "aws_s3_bucket_public_access_block" "cache" {
+  bucket = aws_s3_bucket.cache.id
+
+  block_public_acls   = true
+  block_public_policy = true
+}

versions.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.36.1"
+    }
+  }
+
+  required_version = ">= 0.15"
+}