validate.buildspec.yml

version: 0.2
env:
  variables:
    CFN_PATH: build/
  parameter-store:
    VALIDATE_API_URL: /CodeBuild/validate-api-url
    VALIDATE_HOST_HEADER: /CodeBuild/validate-host
phases:
  install:
    runtime-versions:
      python: '3.8'
  build:
    commands: 
      - |
        #!bin/bash
        set -e
        ls -al build

        cat << EOF > pyscript.py
        #!/usr/bin/python
        import os
        import urllib3
        import json
        import boto3
        import re
        from pathlib import Path

        http = urllib3.PoolManager()
        url = os.environ['VALIDATE_API_URL']
        hostHeader = os.environ['VALIDATE_HOST_HEADER']

        accountId = re.search(r'arn:aws:codebuild:[a-z0-9-]+:(\d{12}):build', os.environ['CODEBUILD_BUILD_ARN']).group(1)

        templates = []
        failuresFound = 0
        folder = os.environ['CFN_PATH']
        with os.scandir(os.environ['CFN_PATH']) as it:
            for entry in it:
                print(entry.name, entry.path)
                if entry.name.endswith(".yml") or entry.name.endswith(".yaml") or entry.name.endswith(".template") or entry.name.endswith(".json") and entry.is_file():
                    cfn = Path(entry.path).read_text()
                    templates.append( { 'template': cfn, 'filename': entry.name } )

        payload = { 'accountId': accountId, 'templates': templates, 'filename': entry.name }
        try:
            resp = http.request("POST", url, headers={'Content-Type':'application/json', 'Host':hostHeader}, body=json.dumps(payload), timeout=30.0)
        except urllib3.exceptions.NewConnectionError:
            print(f'Connection failed to {url}')

        rawResp = resp.data.decode('utf-8')
        print(f'Raw response from Validate API:\n{rawResp}')

        if (resp.status != 200):
            print(f'Validate API returned {resp.status}, marking as failure. Ask Cloud Ops team to investigate')
            print(rawResp)
            exit(255)

        responseObj = json.loads(resp.data.decode('utf-8'))
        results = []
        results.extend(json.loads(responseObj['results']))
        with open('results.json', 'w') as f:
            json.dump(results, f)

        if (int(responseObj['failures']['VERY_HIGH']) > 1):
            exit(255)

        EOF
        
        python3 pyscript.py
        
        echo after script
        ls -al
        cat results.json
artifacts:
  files:
    - build/**
reports:
  cloudConformityReportGroup:
    files:
      - 'results.json'
    file-format: CUCUMBERJSON