A project template for Orbs.
This repository is designed to be automatically ingested and modified by the CircleCI CLI's orb init
command.
Use this orb to build NodeJS projects and publish to AWS ECR.
CircleCI Orb Registry Page - The official registry page of this orb for all versions, executors, commands, and jobs described.
CircleCI Orb Docs - Docs for using, creating, and publishing CircleCI Orbs.
The job installs dependencies and runs npm build script. When the build is finished, the files are stored as CircleCI artifacts and persisted to workspace.
Persisting the files to workspace makes it easier to fetch the files in a following job, for example when we want to upload the frontend to S3 or other hosting service.
Instead of using AWS access key, we use OpenID for AWS auth. We want to use OpenID credentials because they expire soon after the job is completed and we don't need to set up AWS keys and keep them secret.
CircleCI Guide is available here https://circleci.com/docs/openid-connect-tokens/
- Go to https://app.circleci.com and copy your
Organization ID
which is listed on theOrganization Settings
page in CircleCI app. - Log into AWS, go to IAM, then Identity providers page and click
Add provider
. - In the "Add an Identity Provider" form, select
OpenID Connect
type. Under "Provider URL", writehttps://oidc.circleci.com/org/<organization-id>
with org ID obtained in step 1. ClickGet thumbprint
button. Under Audience input, paste the same org ID (but just the ID, without URL or anything else). ClickAdd provider
button to save this provider. - Go back to IAM, to Roles page and click
Create role
button. - In the create role form, select
Web identity
, then in "Identity provider" select URL of the provider from step 3, and for "Audience", select the only available option which is your CircleCI organization ID. Click Next. - On the Add permissions page, select permission you want to add. Click Next. TODO - create permissions only for the scope of this orb.
- Finally, add name and description to the role, review permissions and save.
- Back in IAM, Roles page, click on the newly created role and copy its ARN.
Use that ARN when calling
build_server
job from this orb.