n this post, I explain how to use the Jenkins open-source automation server to deploy AWS CodeBuild artifacts with AWS CodeDeploy, creating a functioning CI/CD pipeline. When properly implemented, the CI/CD pipeline is triggered by code changes pushed to your GitHub repo, automatically fed into CodeBuild, then the output is deployed on CodeDeploy.
Solution overview
The functioning pipeline creates a fully managed build service that compiles your source code. It then produces code artifacts that can be used by CodeDeploy to deploy to your production environment automatically.
There are some specifics when using Jenkins with PHP – see Jenkins & PHP for details.
The deployment workflow starts by placing the application code on the GitHub repository. To automate this scenario, I added source code management to the Jenkins project under the Source Code section. I chose the GitHub option, which by design clones a copy from the GitHub repo content in the Jenkins local workspace directory.
In the second step of my automation procedure, I enabled a trigger for the Jenkins server using an “Poll SCM” option. This option makes Jenkins check the configured repository for any new commits/code changes with a specified frequency. In this testing scenario, I configured the trigger to perform every two minutes. The automated Jenkins deployment process works as follows:
- Jenkins checks for any new changes on GitHub every two minutes.
- Change determination:
- If Jenkins finds no changes, Jenkins exits the procedure.
- If it does find changes, Jenkins clones all the files from the GitHub repository to the Jenkins server workspace directory.
- The File Operation plugin deletes all the files cloned from GitHub. This keeps the Jenkins workspace directory clean.
- The AWS CodeBuild plugin zips the files and sends them to a predefined Amazon S3 bucket location then initiates the CodeBuild project, which obtains the code from the S3 bucket. The project then creates the output artifact zip file, and stores that file again on the S3 bucket.
- The HTTP Request plugin downloads the CodeBuild output artifacts from the S3 bucket.
I edited the S3 bucket policy to allow access from the Jenkins server IP address. See the following example policy:{ "Version": "2012-10-17", "Id": "S3PolicyId1", "Statement": [ { "Sid": "IPAllow", "Effect": "Allow", "Principal": "*", "Action": "s3:*", "Resource": "arn:aws:s3:::examplebucket/*", "Condition": { "IpAddress": {"aws:SourceIp": "x.x.x.x/x"}, <--- IP of the Jenkins server } } ] }
JSONThis policy enables the HTTP request plugin to access the S3 bucket. This plugin doesn’t use the IAM instance profile or the AWS access keys (access key ID and secret access key).
- The output artifact is a compressed ZIP file. The CodeDeploy plugin by design requires the files to be unzipped to zip them and send them over to the S3 bucket for the CodeDeploy deployment. For that, I used the File Operation plugin to perform the following:
- Unzip the CodeBuild zipped artifact output in the Jenkins root workspace directory. At this point, the workspace directory should include the original zip file downloaded from the S3 bucket from Step 5 and the files extracted from this archive.
- Delete the original .zip file, and leave only the source bundle contents for the deployment.
- The CodeDeploy plugin selects and zips all workspace directory files. This plugin uses the CodeDeploy application name, deployment group name, and deployment configurations that you configured to initiate a new CodeDeploy deployment. The CodeDeploy plugin then uploads the newly zipped file according to the S3 bucket location provided to CodeDeploy as a source code for its new deployment operation.
Walkthrough
In this post, I walk you through the following steps:
- Creating resources to build the infrastructure, including the Jenkins server, CodeBuild project, and CodeDeploy application.
- Accessing and unlocking the Jenkins server.
- Creating a project and configuring the CodeDeploy Jenkins plugin.
- Testing the whole CI/CD pipeline.
Create the resources
In this section, I show you how to launch an AWS CloudFormation template, a tool that creates the following resources:
- Amazon S3 bucket—Stores the GitHub repository files and the CodeBuild artifact application file that CodeDeploy uses.
- IAM S3 bucket policy—Allows the Jenkins server access to the S3 bucket.
- JenkinsRole—An IAM role and instance profile for the Amazon EC2 instance for use as a Jenkins server. This role allows Jenkins on the EC2 instance to access the S3 bucket to write files and access to create CodeDeploy deployments.
- CodeDeploy application and CodeDeploy deployment group.
- CodeDeploy service role—An IAM role to enable CodeDeploy to read the tags applied to the instances or the EC2 Auto Scaling group names associated with the instances.
- CodeDeployRole—An IAM role and instance profile for the EC2 instances of CodeDeploy. This role has permissions to write files to the S3 bucket created by this template and to create deployments in CodeDeploy.
- CodeBuildRole—An IAM role to be used by CodeBuild to access the S3 bucket and create the build projects.
- Jenkins server—An EC2 instance running Jenkins.
- CodeBuild project—This is configured with the S3 bucket and S3 artifact.
- Auto Scaling group—Contains EC2 instances running Apache and the CodeDeploy agent fronted by an Elastic Load Balancer.
- Auto Scaling launch configurations—For use by the Auto Scaling group.
- Security groups—For the Jenkins server, the load balancer, and the CodeDeploy EC2 instances.
- To create the CloudFormation stack (for example in the AWS Frankfurt Region) click the below link:
.
. - Choose Next and provide the following values on the Specify Details page:
- For Stack name, name your stack as you prefer.
- For CodedeployInstanceCount, choose the default of t2.medium.
To check the supported instance types by AWS Region, see Supported Regions. - For InstanceCount, keep the default of 3, to launch three EC2 instances for CodeDeploy.
- For JenkinsInstanceType, keep the default of t2.medium.
- For KeyName, choose an existing EC2 key pair in your AWS account. Use this to connect by using SSH to the Jenkins server and the CodeDeploy EC2 instances. Make sure that you have access to the private key of this key pair.
- For PublicSubnet1, choose a public subnet from which the load balancer, Jenkins server, and CodeDeploy web servers launch.
- For PublicSubnet2, choose a public subnet from which the load balancers and CodeDeploy web servers launch.
- For VpcId, choose the VPC for the public subnets you used in PublicSubnet1 and PublicSubnet2.
- For YourIPRange, enter the CIDR block of the network from which you connect to the Jenkins server using HTTP and SSH. If your local machine has a static public IP address, go to https://www.whatismyip.com/ to find your IP address, and then enter your IP address followed by /32. If you don’t have a static IP address (or aren’t sure if you have one), enter 0.0.0.0/0. Then, any address can reach your Jenkins server.
.
- Choose Next.
- On the Review page, select the I acknowledge that this template might cause AWS CloudFormation to create IAM resources check box.
- Choose Create and wait for the CloudFormation stack status to change to CREATE_COMPLETE. This takes approximately 6–10 minutes.
- Check the resulting values on the Outputs tab. You need them later.
.
- Browse to the ELBDNSName value from the Outputs tab, verifying that you can see the Sample page. You should see a congratulatory message.
- Your Jenkins server should be ready to deploy.
Access and unlock your Jenkins server
In this section, I discuss how to access, unlock, and customize your Jenkins server.
- Copy the JenkinsServerDNSName value from the Outputs tab of the CloudFormation stack, and paste it into your browser.
- To unlock the Jenkins server, SSH to the server using the IP address and key pair, following the instructions from Unlocking Jenkins.
- Use the root user to Cat the log file (/var/log/jenkins/jenkins.log) and copy the automatically generated alphanumeric password (between the two sets of asterisks). Then, use the password to unlock your Jenkins server, as shown in the following screenshots.
.
- On the Customize Jenkins page, choose Install suggested plugins.
- Wait until Jenkins installs all the suggested plugins. When the process completes, you should see the check marks alongside all of the installed plugins.
.
. - On the Create First Admin User page, enter a user name, password, full name, and email address of the Jenkins user.
- Choose Save and continue, Save and finish, and Start using Jenkins.
.
After you install all the needed Jenkins plugins along with their required dependencies, the Jenkins server restarts. This step should take about two minutes. After Jenkins restarts, refresh the page. Your Jenkins server should be ready to use.
Create a project and configure the CodeDeploy Jenkins plugin
Now, to create our project in Jenkins we need to configure the required Jenkins plugin.
- Sign in to Jenkins with the user name and password that you created earlier and click on Manage Jenkins then Manage Plugins.
- From the Available tab search for and select the below plugins then choose Install without restart:
.
AWS CodeDeploy
AWS CodeBuild
Http Request
File Operations
.
- Select the Restart Jenkins when installation is complete and no jobs are running.
Jenkins will take couple of minutes to download the plugins along with their dependencies then will restart. - Login then choose New Item, Freestyle project.
- Enter a name for the project (for example, CodeDeployApp), and choose OK.
.
. - On the project configuration page, under Source Code Management, choose Git. For Repository URL, enter the URL of your GitHub repository.
.
. - For Build Triggers, select the Poll SCM check box. In the Schedule, for testing enter H/2 * * * *. This entry tells Jenkins to poll GitHub every two minutes for updates.
.
. - Under Build Environment, select the Delete workspace before build starts check box. Each Jenkins project has a dedicated workspace directory. This option allows you to wipe out your workspace directory with each new Jenkins build, to keep it clean.
.
. - Under Build Actions, add a Build Step, and AWS CodeBuild. On the AWS Configurations, choose Manually specify access and secret keys and provide the keys.
.
. - From the CloudFormation stack Outputs tab, copy the AWS CodeBuild project name (myProjectName) and paste it in the Project Name field. Also, set the Region that you are using and choose Use Jenkins source.
It is a best practice is to store AWS credentials for CodeBuild in the native Jenkins credential store. For more information, see the Jenkins AWS CodeBuild Plugin wiki.
.
. - To make sure that all files cloned from the GitHub repository are deleted choose Add build step and select File Operation plugin, then click Add and select File Delete. Under File Delete operation in the Include File Pattern, type an asterisk.
.
. - Under Build, configure the following:
- Choose Add a Build step.
- Choose HTTP Request.
- Copy the S3 bucket name from the CloudFormation stack Outputs tab and paste it after (http://s3-eu-central-1.amazonaws.com/) along with the name of the zip file codebuild-artifact.zip as the value for HTTP Plugin URL.
Example: (http://s3-eu-central-1.amazonaws.com/mybucketname/codebuild-artifact.zip) - For Ignore SSL errors?, choose Yes.
.
.
- Under HTTP Request, choose Advanced and leave the default values for Authorization, Headers, and Body. Under Response, for Output response to file, enter the codebuild-artifact.zip file name.
.
. - Add the two build steps for the File Operations plugin, in the following order:
- Unzip action: This build step unzips the codebuild-artifact.zip file and places the contents in the root workspace directory.
- File Delete action: This build step deletes the codebuild-artifact.zip file, leaving only the source bundle contents for deployment.
.
.
- On the Post-build Actions, choose Add post-build actions and select the Deploy an application to AWS CodeDeploy check box.
- Enter the following values from the Outputs tab of your CloudFormation stack and leave the other settings at their default (blank):
- For AWS CodeDeploy Application Name, enter the value of CodeDeployApplicationName.
- For AWS CodeDeploy Deployment Group, enter the value of CodeDeployDeploymentGroup.
- For AWS CodeDeploy Deployment Config, enter CodeDeployDefault.OneAtATime.
- For AWS Region, choose the Region where you created the CodeDeploy environment.
- For S3 Bucket, enter the value of S3BucketName.
The CodeDeploy plugin uses the Include Files option to filter the files based on specific file names existing in your current Jenkins deployment workspace directory. The plugin zips specified files into one file. It then sends them to the location specified in the S3 Bucket parameter for CodeDeploy to download and use in the new deployment.
.
As shown below, in the optional Include Files field, I used (**) so all files in the workspace directory get zipped.
.
.
- Choose Deploy Revision. This option registers the newly created revision to your CodeDeploy application and gets it ready for deployment.
- Select the Wait for deployment to finish? check box. This option allows you to view the CodeDeploy deployments logs and events on your Jenkins server console output.
.
.
Now that you have created a project, you are ready to test deployment.
Testing the whole CI/CD pipeline
To test the whole solution, put an application on your GitHub repository. You can download the sample from here.
The following screenshot shows an application tree containing the application source files, including text and binary files, executables, and packages:
In this example, the application files are the templates directory, test_app.py file, and web.py file.
The appspec.yml file is the main application specification file telling CodeDeploy how to deploy your application. Jenkins uses the AppSpec file to manage each deployment as a series of lifecycle event “hooks”, as defined in the file. For information about how to create a well-formed AppSpec file, see AWS CodeDeploy AppSpec File Reference.
The buildspec.yml file is a collection of build commands and related settings, in YAML format, that CodeBuild uses to run a build. You can include a build spec as part of the source code, or you can define a build spec when you create a build project. For more information, see How AWS CodeBuild Works.
The scripts folder contains the scripts that you would like to run during the CodeDeploy LifecycleHooks execution with respect to your application requirements. For more information, see Plan a Revision for AWS CodeDeploy.
To test this solution, perform the following steps:
- Unzip the application files and send them to your GitHub repository, run the following git commands from the path where you placed your sample application:
$ git add -A $ git commit -m 'Your first application' $ git push
Bash - On the Jenkins server dashboard, wait for two minutes until the previously set project trigger starts working. After the trigger starts working, you should see a new build taking place.
.
. - In the Jenkins server Console Output page, check the build events and review the steps performed by each Jenkins plugin. You can also review the CodeDeploy deployment in detail, as shown in the following screenshot:
.
On completion, Jenkins should report that you have successfully deployed a web application. You can also use your ELBDNSName value to confirm that the deployed application is running successfully.
.
.Conclusion
In this post, I outlined how you can use a Jenkins open-source automation server to deploy CodeBuild artifacts with CodeDeploy. I showed you how to construct a functioning CI/CD pipeline with these tools. I walked you through how to build the deployment infrastructure and automatically deploy application version changes from GitHub to your production environment.