AWS是否在ECR推送操作上触发管道？

Question

可以在对AWS CodeCommit的提交操作中触发AWS CodePipeline。

---

我没有看到在向AWS ECR进行推送操作时触发AWS CodePipeline的选项/方式。有这样的选择吗？

Answer 1

如果您通过AWS CodePipeline控制台创建管道并选择Amazon ECR作为源提供者，它将创建一个CloudWatch事件

{
  "source": [
    "aws.ecr"
  ],
  "detail": {
    "eventName": [
      "PutImage"
    ],
    "requestParameters": {
      "repositoryName": [
        "my-repo/nginx"
      ],
      "imageTag": [
        "0.1"
      ]
    }
  }

此事件的目标将是CodePipeline。您可以在AWS CloudWatch控制台中查看事件详细信息。每当在ECR存储库上发生Push（PutImage）时，都会执行管道操作。

Answer 2

因此，Cloudwatch Events是per here的实现方式。对于那些想通过CFN方法做到这一点的人-下面的CFN模板会有所帮助。

{
"AWSTemplateFormatVersion": "2010-09-09",
"Parameters": {
    "CodePipelineName": {
        "Type": "String",
        "Description": "Name of the CodePipeline Project that needs to be triggered. NOTE: CodePipeline does not support ARN output but AWS::Events::Rule target expects an ARN"
    },
    "ECRRepoName": {
        "Type": "String",
        "Description": "Name of the ECR Repo on which the Trigger needs to be set-up"
    },
    "ECRImageTagName": {
        "Type": "String",
        "Description": "Name of the ECR Image tag on which the Trigger needs to be set-up",
        "Default": "latest"
    }
},
"Resources": {
    "AmazonCloudWatchEventRole": {
        "Type": "AWS::IAM::Role",
        "Properties": {
            "AssumeRolePolicyDocument": {
                "Version": "2012-10-17",
                "Statement": [
                    {
                        "Effect": "Allow",
                        "Principal": {
                            "Service": [
                                "events.amazonaws.com"
                            ]
                        },
                        "Action": "sts:AssumeRole"
                    }
                ]
            },
            "Path": "/",
            "Policies": [
                {
                    "PolicyName": "cwe-pipeline-execution",
                    "PolicyDocument": {
                        "Version": "2012-10-17",
                        "Statement": [
                            {
                                "Effect": "Allow",
                                "Action": "codepipeline:StartPipelineExecution",
                                "Resource": {
                                    "Fn::Sub": "arn:aws:codepipeline:${AWS::Region}:${AWS::AccountId}:${CodePipelineName}"
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "AmazonCloudWatchEventRule": {
        "Type": "AWS::Events::Rule",
        "Properties": {
            "EventPattern": {
                "detail": {
                    "action-type": [
                        "PUSH"
                    ],
                    "image-tag": [
                        {
                            "Ref": "ECRImageTagName"
                        }
                    ],
                    "repository-name": [
                        {
                            "Ref": "ECRRepoName"
                        }
                    ],
                    "result": [
                        "SUCCESS"
                    ]
                },
                "detail-type": [
                    "ECR Image Action"
                ],
                "source": [
                    "aws.ecr"
                ]
            },
            "Targets": [
                {
                    "Arn": {
                        "Fn::Sub": "arn:aws:codepipeline:${AWS::Region}:${AWS::AccountId}:${CodePipelineName}"
                    },
                    "RoleArn": {
                        "Fn::GetAtt": [
                            "AmazonCloudWatchEventRole",
                            "Arn"
                        ]
                    },
                    "Id": {
                        "Ref": "CodePipelineName"
                    }
                }
            ]
        }
    }
}

} enter code here