search

awslabs / aws-deployment-framework

The AWS Deployment Framework (ADF) is an extensive and flexible framework to manage and deploy resources across multiple AWS accounts and regions based on AWS Organizations.
Apache License 2.0
662 stars 226 forks source link

GitHub support for the -pipelines and -bootstrap repositories #405

Open crestid opened 2 years ago

crestid commented 2 years ago

This is a proposal for new feature/feature enhancement: supporting GitHub for the -pipelines and -bootstrap repositories.

Customers with codebase in GitHub now have to setup the pipelines and boostrap repos in codecommit, and this means usually setting up a new set of access control policies to allow access to new repositories.

Would be great if ADF could natively integrate with GitHub repos, so to simplify customer architectures.

sbkok commented 2 years ago

Thanks for raising this request. This would definitely be useful to our customers that use GitHub internally.

Unfortunately, at this moment, this feature is not on the roadmap yet. If a lot of customers would like to see this we can reconsider. Please +1 this issue so we can track that.

For anyone interested to contribute on this and/or to understand the complexity involved:

Both repositories, -pipelines, and -bootstrap, are created/updated when we install ADF or update it.

As both processes (install/update) directly talk to CodeCommit to perform commits, create a PR, etc. It will not be as easy to include this support as with the generic pipeline GitHub integration.

The logic required needs to be modular, so both CodeCommit and GitHub integrations can co-exist.

If someone would like to contribute this feature, please reach out to us in this issue first. That way we can sync-up to talk about the structure, required changes, and other requirements in more detail.

leoneperdigao commented 2 years ago

This is something that we are also starting internally in our company. Due to the limits of CodePipeline, we are building an integration to delegate the aws-deployment-framework-pipelines capability towards GitHub Actions. This is intended mainly because CodePipeline limits us to 400 custom actions, which means 400 accounts (1 stage for source, another stage for build, and other 8 stages with 50 actions each) under the same OU. This is a hard limit and for us, this is not workable.

In summary, our idea is to have a single pipeline definition on aws-deployment-framework-pipelines that triggers a state machine. Then, this state machine will orchestrate and dispatch the deployment that will take place via GitHub. On the GitHub side, we want to use OpenID to be able to assume the ADF roles and deploy towards the targets we have.

For now, we will have a hybrid situation where the ADF repositories will stay in AWS CodeCommit, and the others will be placed on GitHub.

I'm also keen to contribute, so let me know if we can/should sync up.