7

We have 2 reports

  1. Repo 1
  2. Repo 2

Inside Repo 1 > package.json there is a dependency

"dependencies": {
    "repo-2": "git+https://git-codecommit.us-east-1.amazonaws.com/v1/repos/repo-2/"
}

Then, inside CodeBuild for "repo-1", we have the following buildspec

version: 0.2

phases:
  install:
    runtime-versions:
      nodejs: 10
    commands:
      - mkdir -p ./deploy
  build:
    commands:
      - echo "Server copy START $(date)"
      - cp -r ./index.js ./deploy/index.js
      - cp -r ./package.json ./deploy/package.json
      - cp -r ./buildspec.yml ./deploy/buildspec.yml
      - echo "Server copy END $(date)"
      - echo "Server npm install START $(date)"
      - cd ./deploy && npm install --production
      - echo "Server npm install END $(date)"
  post_build:
    commands:
artifacts:
  files:
        - '**/*'
  base-directory: 'deploy'

The error CodeBuild throws is the following

npm ERR! fatal: unable to access 'https://git-codecommit.us-east-1.amazonaws.com/v1/repos/repo-2/': The requested URL returned error: 403

Basically, the question is: Can I use CodeCommit repo as npm dependency and what is the proper way to do it?

Try #1

I tried to add this (and similar variations) but no success https://medium.com/@ngchiwang/aws-npm-install-private-codecommit-module-8512c3203c37

#Try 2

I also tried to change the dependency URL to this

"repo-2": "git://git-codecommit.us-east-1.amazonaws.com/v1/repos/repo-2"

But gettings the following error

npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fatal: unable to connect to git-codecommit.us-east-1.amazonaws.com: 
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: git-codecommit.us-east-1.amazonaws.com[0: 52.94.233.146]: errno=Connection refused
Improve this question
6
  • 403 is “Forbidden”. Your CodeBuild role needs permission to access the repo. Commented Aug 29, 2019 at 11:57
  • 1
    CodeBuild assigned role has access to the repo. Commented Aug 29, 2019 at 12:01
  • My fault @AndrejKaurin, its actually an NPM error; have you configured your NPM credentials inside the CodeBuild environment? You need to login to NPM so you can access the private package. Commented Aug 29, 2019 at 12:07
  • 1
    But the private package is on CodeCommit. Commented Aug 29, 2019 at 15:00
  • 1
    I am using "dependencies", but posted "devDependencies" by mistake. Tried your suggestion but no success. I updated the question with the error. Commented Aug 30, 2019 at 0:30

3 Answers 3

Reset to default
8

I ran into this same issue today and got it working by enabling git-credential-helper in the env section of the buildspec file.

Example:

version: 0.2
env:
  git-credential-helper: yes
phases:
  install:
    runtime-versions:
      nodejs: 10
    commands:
      - npm install
  build:
    commands:
      - npm run build

This combined with CodeCommit privileges in the policy (that you said you already have) results in working builds with private npm packages from CodeCommit.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

This was the last piece of the puzzle for me. I had to do the following: 1. Have the dependency defined in package.json as git+https://... 2. Give the CodeBuild role CodeCommit read access 3. This comment
This fix my issue as well. with this line git-credential-helper: yes codebuild can use access token in config to install private repo
2

I had a similar issue last week so will share the solution recommended for Amazon Team.

The better approach for this would be to set "git-credential-helper" to yes [1] in the env section of your buildspec file and then can use https to access the repository. Please refer the below BuildSpec example for the same.

================Buildspec Snippet=================

version: 0.2

env:
    git-credential-helper: yes

phases:
    pre_build:
        commands:
        - /usr/bin/git ls-remote -h -t https://git-codecommit.us-east-1.amazonaws.com/v1/repos/repo-2/

================Buildspec Snippet=================

Also, please make sure you have provided the required permissions to access CodeCommit repository in the CodeBuild IAM Role. I am providing sample IAM policies below for the same which you can refer to provide permissions depending on your use-case:

===========IAM Policy example=============

   {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Sid": "VisualEditor0",
                "Effect": "Allow",
                "Action": [
                    "codecommit:GetRepository",
                    "codecommit:GitPull",
                    "codecommit:GetFolder"
                ],
                "Resource": "arn:aws:codecommit:us-east-1:<put repo Name or *>"
            },
            {
                "Sid": "VisualEditor1",
                "Effect": "Allow",
                "Action": "codecommit:ListRepositories",
                "Resource": "*"
            }
        ]
    }

===========IAM Policy example=============

Please check if the above approach helps in achieving your use-case.

Kindly note that the above buildspec snippet is just an example to explain how you can access the CodeCommit repo, and it needs to be modified as per your requirement. For example, you can describe your repository dependency in package.json like below which I assume you are already doing and run npm install through your buildspec file in codebuild.

"dependencies": {
    "my-npm": "git+https://git-codecommit.us-east-1.amazonaws.com/v1/repos/<repo name>"
},
Improve this answer

Comments

0

Try using your private AWS CodeCommit repo as your npm module using following commands:

git config --global credential.helper '!aws codecommit credential-helper $@'
git config --global credential.UseHttpPath true
git config --global url."ssh://".insteadOf https://
npm install --save git+https://<your_repo_url>#master

If you want to use npm dependency instead, check out the answers on a similar question here: npm install private github repositories by dependency in package.json

Improve this answer

1 Comment

I already tried this (see link in my question) and it didn't work

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.