From 3f393fdca36e2314b4986bf4e95ee25f1683ccce Mon Sep 17 00:00:00 2001 From: Brett Kochendorfer Date: Thu, 9 Jun 2022 12:28:02 -0500 Subject: [PATCH] chore(codebuild): Login to dockerhub --- buildspec.yml | 2 +- terraform/codebuild/main.tf | 17 +++++++++++++---- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/buildspec.yml b/buildspec.yml index 1c2b7147..00ccd723 100644 --- a/buildspec.yml +++ b/buildspec.yml @@ -17,7 +17,7 @@ phases: - echo "running for ${COMMIT_SHA} in ${DEPLOY_ENV}" - aws ecr get-login --region us-west-2 --no-include-email | bash - echo "Logging Into Docker Hub" - - echo $DOCKERHUB_PASSWORD | docker login --username $DOCKERHUB_USERNAME --password-stdin registry-1.docker.io + - echo $DOCKERHUB_PASSWORD | docker login --username $DOCKERHUB_USERNAME --password-stdin build: commands: - if [ "$PR" = 1 ]; then myke docker; fi diff --git a/terraform/codebuild/main.tf b/terraform/codebuild/main.tf index 9ffc825b..fdee2bfc 100644 --- a/terraform/codebuild/main.tf +++ b/terraform/codebuild/main.tf @@ -32,14 +32,14 @@ resource "aws_codebuild_project" "build" { environment_variable { name = "DOCKERHUB_USERNAME" - type = "PARAMETER_STORE" - value = " /iam/dino-park-front-end/mozilla/DOCKERHUB_USERNAME" + type = "SECRETS_MANAGER" + value = "/CodeBuild/dockerhub:username" } environment_variable { name = "DOCKERHUB_PASSWORD" - type = "PARAMETER_STORE" - value = "/iam/dino-park-front-end/mozilla/DOCKERHUB_PASSWORD" + type = "SECRETS_MANAGER" + value = "/CodeBuild/dockerhub:password" } } @@ -127,6 +127,15 @@ resource "aws_iam_role_policy" "codebuild" { "eks:DescribeCluster" ], "Resource": "*" + }, + { + "Effect": "Allow", + "Resource": [ + "arn:aws:secretsmanager:*:*:secret:/CodeBuild/dockerhub*" + ], + "Action": [ + "secretsmanager:GetSecretValue" + ] } ] }