forked from cloudposse/terraform-aws-codebuild
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvariables.tf
338 lines (284 loc) · 11.3 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
variable "environment_variables" {
type = list(object(
{
name = string
value = string
type = string
}
))
default = [
{
name = "NO_ADDITIONAL_BUILD_VARS"
value = "TRUE"
type = "PLAINTEXT"
}
]
description = "A list of maps, that contain the keys 'name', 'value', and 'type' to be used as additional environment variables for the build. Valid types are 'PLAINTEXT', 'PARAMETER_STORE', or 'SECRETS_MANAGER'"
}
variable "description" {
type = string
default = "Managed by Terraform"
description = "Short description of the CodeBuild project"
}
variable "concurrent_build_limit" {
type = number
default = null
description = "Specify a maximum number of concurrent builds for the project. The value specified must be greater than 0 and less than the account concurrent running builds limit."
}
variable "cache_expiration_days" {
default = 7
description = "How many days should the build cache be kept. It only works when cache_type is 'S3'"
}
variable "cache_bucket_suffix_enabled" {
type = bool
default = true
description = "The cache bucket generates a random 13 character string to generate a unique bucket name. If set to false it uses terraform-null-label's id value. It only works when cache_type is 'S3"
}
variable "cache_type" {
type = string
default = "NO_CACHE"
description = "The type of storage that will be used for the AWS CodeBuild project cache. Valid values: NO_CACHE, LOCAL, and S3. Defaults to NO_CACHE. If cache_type is S3, it will create an S3 bucket for storing codebuild cache inside"
}
variable "local_cache_modes" {
type = list(string)
default = []
description = "Specifies settings that AWS CodeBuild uses to store and reuse build dependencies. Valid values: LOCAL_SOURCE_CACHE, LOCAL_DOCKER_LAYER_CACHE, and LOCAL_CUSTOM_CACHE"
}
variable "badge_enabled" {
type = bool
default = false
description = "Generates a publicly-accessible URL for the projects build badge. Available as badge_url attribute when enabled"
}
variable "build_image" {
type = string
default = "aws/codebuild/standard:2.0"
description = "Docker image for build environment, e.g. 'aws/codebuild/standard:2.0' or 'aws/codebuild/eb-nodejs-6.10.0-amazonlinux-64:4.0.0'. For more info: http://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref.html"
}
variable "build_compute_type" {
type = string
default = "BUILD_GENERAL1_SMALL"
description = "Instance type of the build instance"
}
variable "build_timeout" {
default = 60
description = "How long in minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait until timing out any related build that does not get marked as completed"
}
variable "build_type" {
type = string
default = "LINUX_CONTAINER"
description = "The type of build environment, e.g. 'LINUX_CONTAINER' or 'WINDOWS_CONTAINER'"
}
variable "buildspec" {
type = string
default = ""
description = "Optional buildspec declaration to use for building the project"
}
variable "privileged_mode" {
type = bool
default = false
description = "(Optional) If set to true, enables running the Docker daemon inside a Docker container on the CodeBuild instance. Used when building Docker images"
}
variable "github_token" {
type = string
default = ""
description = "(Optional) GitHub auth token environment variable (`GITHUB_TOKEN`)"
}
variable "github_token_type" {
type = string
default = "PARAMETER_STORE"
description = "Storage type of GITHUB_TOKEN environment variable (`PARAMETER_STORE`, `PLAINTEXT`, `SECRETS_MANAGER`)"
}
variable "aws_region" {
type = string
default = ""
description = "(Optional) AWS Region, e.g. us-east-1. Used as CodeBuild ENV variable when building Docker images. For more info: http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html"
}
variable "aws_account_id" {
type = string
default = ""
description = "(Optional) AWS Account ID. Used as CodeBuild ENV variable when building Docker images. For more info: http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html"
}
variable "image_repo_name" {
type = string
default = "UNSET"
description = "(Optional) ECR repository name to store the Docker image built by this module. Used as CodeBuild ENV variable when building Docker images. For more info: http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html"
}
variable "image_tag" {
type = string
default = "latest"
description = "(Optional) Docker image tag in the ECR repository, e.g. 'latest'. Used as CodeBuild ENV variable when building Docker images. For more info: http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html"
}
variable "secondary_sources" {
type = list(object(
{
git_clone_depth = number
location = string
source_identifier = string
type = string
fetch_submodules = bool
insecure_ssl = bool
report_build_status = bool
}))
default = []
description = "(Optional) secondary source for the codebuild project in addition to the primary location"
}
variable "source_type" {
type = string
default = "CODEPIPELINE"
description = "The type of repository that contains the source code to be built. Valid values for this parameter are: CODECOMMIT, CODEPIPELINE, GITHUB, GITHUB_ENTERPRISE, BITBUCKET or S3"
}
variable "source_location" {
type = string
default = ""
description = "The location of the source code from git or s3"
}
variable "artifact_type" {
type = string
default = "CODEPIPELINE"
description = "The build output artifact's type. Valid values for this parameter are: CODEPIPELINE, NO_ARTIFACTS or S3"
}
variable "artifact_location" {
type = string
default = ""
description = "Location of artifact. Applies only for artifact of type S3"
}
variable "secondary_artifact_location" {
type = string
default = null
description = "Location of secondary artifact. Must be an S3 reference"
}
variable "secondary_artifact_identifier" {
type = string
default = null
description = "Secondary artifact identifier. Must match the identifier in the build spec"
}
variable "secondary_artifact_encryption_enabled" {
type = bool
default = false
description = "Set to true to enable encryption on the secondary artifact bucket"
}
variable "report_build_status" {
type = bool
default = false
description = "Set to true to report the status of a build's start and finish to your source provider. This option is only valid when the source_type is BITBUCKET or GITHUB"
}
variable "git_clone_depth" {
type = number
default = null
description = "Truncate git history to this many commits."
}
variable "private_repository" {
type = bool
default = false
description = "Set to true to login into private repository with credentials supplied in source_credential variable."
}
variable "source_credential_auth_type" {
type = string
default = "PERSONAL_ACCESS_TOKEN"
description = "The type of authentication used to connect to a GitHub, GitHub Enterprise, or Bitbucket repository."
}
variable "source_credential_server_type" {
type = string
default = "GITHUB"
description = "The source provider used for this project."
}
variable "source_credential_token" {
type = string
default = ""
description = "For GitHub or GitHub Enterprise, this is the personal access token. For Bitbucket, this is the app password."
}
variable "source_credential_user_name" {
type = string
default = ""
description = "The Bitbucket username when the authType is BASIC_AUTH. This parameter is not valid for other types of source providers or connections."
}
variable "source_version" {
type = string
default = ""
description = "A version of the build input to be built for this project. If not specified, the latest version is used."
}
variable "fetch_git_submodules" {
type = bool
default = false
description = "If set to true, fetches Git submodules for the AWS CodeBuild build project."
}
# https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codebuild_project#vpc_config
variable "vpc_config" {
type = any
default = {}
description = "Configuration for the builds to run inside a VPC."
}
variable "logs_config" {
type = any
default = {}
description = "Configuration for the builds to store log data to CloudWatch or S3."
}
variable "default_permissions_enabled" {
type = bool
default = true
description = "When 'true' default base IAM permissions to get up and running with CodeBuild are attached. Those who want a least privileged policy can instead set to `false` and use the `custom_policy` variable."
}
variable "extra_permissions" {
type = list(string)
default = []
description = "List of action strings which will be added to IAM service account permissions. Only used if `default_permissions_enabled` is set to true."
}
variable "custom_policy" {
type = list(string)
description = "JSON encoded IAM policy to add to the IAM service account permissions."
default = []
validation {
condition = length(var.custom_policy) <= 1
error_message = "Only 1 custom policy can be included."
}
}
variable "iam_role_path" {
type = string
default = null
description = "Path to the role."
}
variable "iam_policy_path" {
type = string
default = "/service-role/"
description = "Path to the policy."
}
variable "iam_permissions_boundary" {
type = string
default = null
description = "ARN of the policy that is used to set the permissions boundary for the role."
}
variable "encryption_enabled" {
type = bool
default = false
description = "When set to 'true' the resource will have AES256 encryption enabled by default"
}
variable "versioning_enabled" {
type = bool
default = true
description = "A state of versioning. Versioning is a means of keeping multiple variants of an object in the same bucket"
}
variable "access_log_bucket_name" {
type = string
default = ""
description = "Name of the S3 bucket where s3 access log will be sent to"
}
variable "file_system_locations" {
type = any
default = {}
description = "A set of file system locations to to mount inside the build. File system locations are documented below."
}
variable "encryption_key" {
type = string
default = null
description = "AWS Key Management Service (AWS KMS) customer master key (CMK) to be used for encrypting the build project's build output artifacts."
}
variable "build_image_pull_credentials_type" {
type = string
default = "CODEBUILD"
description = "Type of credentials AWS CodeBuild uses to pull images in your build.Valid values: CODEBUILD, SERVICE_ROLE. When you use a cross-account or private registry image, you must use SERVICE_ROLE credentials."
}
variable "s3_cache_bucket_name" {
type = string
default = null
description = "Use an existing s3 bucket name for cache. Relevant if `cache_type` is set to `S3`."
}