Add codebuild support

[gsoria]

This PR includes new modules to handle Codebuild builds, build batches, report groups, and source credentials. Adding support for webhooks and reports was not needed as these resources depend on the project and project's builds respectively.

Testing

After creating the codebuild resources using the script mentioned below, run aws-nuke specifying the following resources:

• CodeBuildBuild
• CodeBuildProject
• CodeBuildSourceCredential
• CodeBuildBuildBatch
• CodeBuildReportGroup

Once aws-nuke finishes, verify that there are no resources left with the following commands:

echo "Listing projects"
aws codebuild list-projects 
echo "Listing report groups"
aws codebuild list-report-groups 
echo "Listing source credentials"
aws codebuild list-source-credentials
echo "Listing builds"
aws codebuild list-builds
echo "Listing build batches"
aws codebuild list-build-batches

Setup

#!/bin/bash

# Get AWS account ID
AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query "Account" --output text)
echo "AWS Account ID: $AWS_ACCOUNT_ID"

# Generate a random number
randomNum=$(cat /dev/urandom | LANG=c tr -dc '0-9' | head -c 12)
echo "Random number: $randomNum"

# create a service role for codebuild
aws iam create-role --role-name CodeBuildServiceRole --assume-role-policy-document '{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "codebuild.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}'

# attach policies to the codebuild service role
aws iam attach-role-policy --role-name CodeBuildServiceRole --policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess
aws iam attach-role-policy --role-name CodeBuildServiceRole --policy-arn arn:aws:iam::aws:policy/AmazonEC2FullAccess

# create source code 
mkdir -p src/main/java
mkdir -p src/test/java

cat <<EOF >./src/main/java/MessageUtil.java
public class MessageUtil {
  private String message;

  public MessageUtil(String message) {
    this.message = message;
  }

  public String printMessage() {
    System.out.println(message);
    return message;
  }

  public String salutationMessage() {
    message = "Hi!" + message;
    System.out.println(message);
    return message;
  }
}
EOF

cat <<EOF >./src/test/java/TestMessageUtil.java
import org.junit.Test;
import org.junit.Ignore;
import static org.junit.Assert.assertEquals;

public class TestMessageUtil {

  String message = "Robert";    
  MessageUtil messageUtil = new MessageUtil(message);
   
  @Test
  public void testPrintMessage() {      
    System.out.println("Inside testPrintMessage()");     
    assertEquals(message,messageUtil.printMessage());
  }

  @Test
  public void testSalutationMessage() {
    System.out.println("Inside testSalutationMessage()");
    message = "Hi!" + "Robert";
    assertEquals(message,messageUtil.salutationMessage());
  }
}
EOF

cat <<EOF >pom.xml
<project xmlns="http://maven.apache.org/POM/4.0.0" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
  <modelVersion>4.0.0</modelVersion>
  <groupId>org.example</groupId>
  <artifactId>messageUtil</artifactId>
  <version>1.0</version>
  <packaging>jar</packaging>
  <name>Message Utility Java Sample App</name>
  <dependencies>
    <dependency>
      <groupId>junit</groupId>
      <artifactId>junit</artifactId>
      <version>4.11</version>
      <scope>test</scope>
    </dependency>	
  </dependencies>
  <build>
    <plugins>
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-compiler-plugin</artifactId>
        <version>3.8.0</version>
      </plugin>
    </plugins>
  </build>
</project>
EOF

# create the buildspec file
cat <<EOF >buildspec.yml
version: 0.2

phases:
  install:
    runtime-versions:
      java: corretto11
  pre_build:
    commands:
      - echo Nothing to do in the pre_build phase...
  build:
    commands:
      - echo Build started on `date`
      - mvn install
  post_build:
    commands:
      - echo Build completed on `date`
artifacts:
  files:
    - target/messageUtil-1.0.jar
EOF

# create a codebuild project spec
cat <<EOF >create-project.json
{
  "name": "codebuild-demo-project",
  "source": {
    "type": "S3",
    "location": "codebuild-$randomNum-input/MessageUtil.zip"
  },
  "artifacts": {
    "type": "S3",
    "location": "codebuild-$randomNum-output"
  },
  "environment": {
    "type": "LINUX_CONTAINER",
    "image": "aws/codebuild/standard:5.0",
    "computeType": "BUILD_GENERAL1_SMALL"
  },
  "serviceRole": "arn:aws:iam::$AWS_ACCOUNT_ID:role/CodeBuildServiceRole",
  "buildBatchConfig": {
    "serviceRole": "arn:aws:iam::$AWS_ACCOUNT_ID:role/CodeBuildServiceRole",
    "combineArtifacts": false,
    "restrictions": {
        "maximumBuildsAllowed": 2,
        "computeTypesAllowed": ["BUILD_GENERAL1_SMALL"]
    },
    "timeoutInMins": 10
  }
}
EOF

# create two S3 buckets
aws s3api create-bucket --bucket codebuild-$randomNum-input --no-cli-pager
aws s3api create-bucket --bucket codebuild-$randomNum-output --no-cli-pager

# Create a zip file of the source code
zip -r  MessageUtil.zip ./src/* pom.xml buildspec.yml

# Upload the source code to the S3 bucket
aws s3 cp MessageUtil.zip s3://codebuild-$randomNum-input

aws codebuild create-project --cli-input-json file://create-project.json --no-cli-pager

# create a codebuild report group
cat <<EOF >create-report-group-source.json
{
    "name": "cli-created-report-group",
    "type": "TEST",
    "exportConfig": {
        "exportConfigType": "S3",
        "s3Destination": {
            "bucket": "codebuild-$randomNum-output",
            "path": "",
            "packaging": "ZIP",
            "encryptionDisabled": true
        }
    }
}
EOF
aws codebuild create-report-group \
    --cli-input-json file://create-report-group-source.json \
    --no-cli-pager

# import source credentials
aws codebuild import-source-credentials --server-type BITBUCKET --auth-type BASIC_AUTH --token my-Bitbucket-password --username my-Bitbucket-username

# start a codebuild build
aws codebuild start-build --project-name codebuild-demo-project

# start a codebuild build batch
aws codebuild start-build-batch --project-name codebuild-demo-project

[bjoernhaeuser]

Is there no pagination here required?

[gsoria]

@bjoernhaeuser this endpoint is not paginated, SourceCredentialsInfo doesn't have a NextToken field.

[sstoops]

@svenwltr @der-eismann These changes have been running in our production environment since last year. Would it be possible to merge so we can sync our build with upstream?

[ekristen]

This is being implemented via ekristen/aws-nuke#358

---

Please see the copy of the notice from the README about the deprecation of this project. Sven was kind enough to grant me access to help triage and close issues and pull requests that have already been addressed in the actively maintained fork. Some additional information is located in the welcome issue for more information.

Caution

This repository for aws-nuke is no longer being actively maintained. We recommend users to switch to the actively maintained fork of this project at ekristen/aws-nuke.
We appreciate all the support and contributions we've received throughout the life of this project. We believe that the fork will continue to provide the functionality and support that you have come to expect from aws-nuke.
Please note that this deprecation means we will not be addressing issues, accepting pull requests, or making future releases from this repository.
Thank you for your understanding and support.