amazon-archives
diff --git a/‎Makefile‎
Lines changed: 10 additions & 2 deletions b/‎Makefile‎
Lines changed: 10 additions & 2 deletions
diff --git a/‎sam/app.yml‎
Lines changed: 8 additions & 5 deletions b/‎sam/app.yml‎
Lines changed: 8 additions & 5 deletions
diff --git a/‎test/integration/test_environment.yml‎
Lines changed: 190 additions & 0 deletions b/‎test/integration/test_environment.yml‎
Lines changed: 190 additions & 0 deletions
@@ -7,11 +7,14 @@ SRC_DIR := src
 TEST_DIR := test
 SAM_DIR := .aws-sam
 TEMPLATE_DIR := sam
+TESTAPP_DIR := test/integration/testdata/
 
 # Required environment variables (user must override)
 
 # S3 bucket used for packaging SAM templates
 PACKAGE_BUCKET ?= aws-sar-publishing
+INTEG_TEST_BUCKET ?= codepipeline-sar-publish-integ-tests
+
 
 # user can optionally override the following by setting environment variables with the same names before running make
 
@@ -37,6 +40,7 @@ PYTHON := $(shell /usr/bin/which python$(PY_VERSION))
 clean:
 	rm -f $(SRC_DIR)/requirements.txt
 	rm -rf $(SAM_DIR)
+	rm -f test/integration/testdata/testapp.zip
 
 # used by CI build to install dependencies
 init:
@@ -54,8 +58,12 @@ compile:
 	pipenv lock --requirements > $(SRC_DIR)/requirements.txt
 	pipenv run sam build -t $(TEMPLATE_DIR)/app.yml -m $(SRC_DIR)/requirements.txt --debug
 
-integ-test:
-	pipenv run py.test --cov=$(SRC_DIR) --cov-fail-under=85 -vv test/integration
+integ-test: compile
+	pipenv run sam package --template-file $(SAM_DIR)/build/template.yaml --s3-bucket $(INTEG_TEST_BUCKET) --output-template-file $(SAM_DIR)/packaged-app.yml
+	pipenv run aws s3api put-object --bucket $(INTEG_TEST_BUCKET) --key template.yml --body $(SAM_DIR)/packaged-app.yml
+	cd $(TESTAPP_DIR); \
+	zip -r testapp.zip *; cd -
+	pipenv run py.test --cov=$(SRC_DIR) -s -vv test/integration
 
 build: compile
 
 
@@ -21,9 +21,6 @@ Parameters:
     Type: String
     Description: Log level for Lambda function logging, e.g., ERROR, INFO, DEBUG, etc
     Default: INFO
-  ArtifactStoreBucket:
-    Type: String
-    Description: The S3 bucket name that CodePipeline uses to store artifacts
 
 Resources:
   ServerlessRepoPublish:
@@ -39,8 +36,6 @@ Resources:
         Variables:
           LOG_LEVEL: !Ref LogLevel
       Policies:
-        - S3ReadPolicy:
-            BucketName: !Ref ArtifactStoreBucket
         - Version: '2012-10-17'
           Statement:
             - Effect: 'Allow'
@@ -57,3 +52,11 @@ Resources:
                 - serverlessrepo:UpdateApplication
               Resource:
                 !Sub 'arn:${AWS::Partition}:serverlessrepo:${AWS::Region}:${AWS::AccountId}:applications/*'
+
+Outputs:
+  ServerlessRepoPublishFunctionName:
+    Description: Name of ServerlessRepoPublish lambda function
+    Value: !Ref ServerlessRepoPublish
+  ServerlessRepoPublishFunctionArn:
+    Description: ARN of ServerlessRepoPublish lambda function
+    Value: !GetAtt ServerlessRepoPublish.Arn
@@ -0,0 +1,190 @@
+AWSTemplateFormatVersion: '2010-09-09'
+Transform: 'AWS::Serverless-2016-10-31'
+
+Resources:
+  CodePipelineServerlessRepoPublishApp:
+    Type: 'AWS::Serverless::Application'
+    Properties:
+      Location:
+        ApplicationId: ${PUBLISH_APP_ARN}
+        SemanticVersion: 0.0.1
+
+  Pipeline:
+    Type: AWS::CodePipeline::Pipeline
+    Properties:
+      ArtifactStore:
+        Type: S3
+        Location:
+          Ref: ArtifactStoreBucket
+      RoleArn: !GetAtt PipelineRole.Arn
+      Stages:
+        - Name: Source
+          Actions:
+            - Name: Source
+              ActionTypeId:
+                Category: Source
+                Owner: AWS
+                Provider: S3
+                Version: '1'
+              Configuration:
+                S3Bucket: !Ref SourceBucket
+                S3ObjectKey: testapp.zip
+              OutputArtifacts:
+                - Name: SourceArtifact
+              RunOrder: '1'
+        - Name: Build
+          Actions:
+            - Name: Build
+              ActionTypeId:
+                Category: Build
+                Owner: AWS
+                Provider: CodeBuild
+                Version: '1'
+              Configuration:
+                ProjectName: !Ref CICodeBuildProject
+              InputArtifacts:
+                - Name: SourceArtifact
+              OutputArtifacts:
+                - Name: BuildArtifact
+              RunOrder: '1'
+        - Name: Deploy
+          Actions:
+            - Name: DeployToServerlessRepo
+              ActionTypeId:
+                Category: Invoke
+                Owner: AWS
+                Provider: Lambda
+                Version: '1'
+              Configuration:
+                FunctionName: !GetAtt CodePipelineServerlessRepoPublishApp.Outputs.ServerlessRepoPublishFunctionName
+              InputArtifacts:
+                - Name: BuildArtifact
+              RunOrder: '1'
+
+  ArtifactStoreBucket:
+    Type: AWS::S3::Bucket
+    Properties:
+      VersioningConfiguration:
+        Status: Enabled
+
+  ArtifactStoreBucketPolicy:
+    Type: AWS::S3::BucketPolicy
+    Properties:
+      Bucket:
+        Ref: ArtifactStoreBucket
+      PolicyDocument:
+        Version: '2012-10-17'
+        Statement:
+        - Action: ['s3:GetObject']
+          Effect: Allow
+          Principal:
+            Service: 'serverlessrepo.amazonaws.com'
+          Resource: 
+          - !Sub ${ArtifactStoreBucket.Arn}/*
+
+  SourceBucket:
+    Type: AWS::S3::Bucket
+    Properties:
+      VersioningConfiguration:
+        Status: Enabled
+
+  PipelineRole:
+    Type: AWS::IAM::Role
+    Properties:
+      AssumeRolePolicyDocument:
+        Statement:
+        - Action: ['sts:AssumeRole']
+          Effect: Allow
+          Principal:
+            Service: [codepipeline.amazonaws.com]
+        Version: '2012-10-17'
+      Path: /
+      Policies:
+        - PolicyName: CodePipelineAccess
+          PolicyDocument:
+            Version: '2012-10-17'
+            Statement:
+            - Action:
+              - 'iam:PassRole'
+              Effect: Allow
+              Resource: '*'
+            - Effect: Allow
+              Action:
+              - "codebuild:BatchGetBuilds"
+              - "codebuild:StartBuild"
+              Resource:
+              - !GetAtt CICodeBuildProject.Arn
+            - Effect: Allow
+              Action:
+              - "lambda:InvokeFunction"
+              Resource:
+              - !GetAtt CodePipelineServerlessRepoPublishApp.Outputs.ServerlessRepoPublishFunctionArn
+            - Action:
+              - 's3:ListBucket'
+              - 's3:GetBucketVersioning'
+              Effect: Allow
+              Resource:
+              - !Sub ${ArtifactStoreBucket.Arn}
+              - !Sub ${SourceBucket.Arn}
+            - Action:
+              - 's3:PutObject'
+              - 's3:GetObject'
+              - 's3:GetObjectVersion'
+              Effect: Allow
+              Resource:
+              - !Sub ${ArtifactStoreBucket.Arn}/*
+              - !Sub ${SourceBucket.Arn}/*
+
+  CICodeBuildProject:
+    Type: AWS::CodeBuild::Project
+    Properties:
+      ServiceRole: !GetAtt CICodeBuildRole.Arn
+      Source:
+        Type: CODEPIPELINE
+      Artifacts:
+        Type: CODEPIPELINE
+      Environment:
+        ComputeType: BUILD_GENERAL1_SMALL
+        Image: aws/codebuild/python:3.7.1
+        Type: LINUX_CONTAINER
+        EnvironmentVariables:
+        - Name: PACKAGE_BUCKET
+          Value: !Ref ArtifactStoreBucket
+
+  CICodeBuildRole:
+    Type: AWS::IAM::Role
+    Properties:
+      AssumeRolePolicyDocument:
+        Version: "2012-10-17"
+        Statement:
+        - Effect: Allow
+          Principal:
+            Service:
+            - "codebuild.amazonaws.com"
+          Action:
+          - "sts:AssumeRole"
+      Path: /service-role/
+      Policies:
+      - PolicyName: CICodeBuildRolePolicy
+        PolicyDocument:
+          Version: "2012-10-17"
+          Statement:
+          - Effect: Allow
+            Action:
+            - "logs:CreateLogGroup"
+            - "logs:CreateLogStream"
+            - "logs:PutLogEvents"
+            Resource:
+            - !Sub arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/*
+          - Effect: Allow
+            Action:
+            - "s3:PutObject"
+            - "s3:GetObject"
+            - "s3:GetObjectVersion"
+            Resource:
+            - !Sub ${ArtifactStoreBucket.Arn}/*
+          - Effect: Allow
+            Action:
+            - "s3:ListBucket"
+            Resource:
+            - !Sub ${ArtifactStoreBucket.Arn}