Open spitfiredd opened 3 years ago
Upon digging through the logs I found:
denied: User: arn:aws:sts::<ACCOUNTID>:assumed-role/DataQualityWorkflowsPipe-IamRoles-JC-CodeBuildRole-27UMBE2B38IO/AWSCodeBuild-5f5cca70-b5d1-4072-abac-ab48b3d387ed is not authorized to perform: ecr:CompleteLayerUpload on resource: arn:aws:ecr:us-west-1:<ACCOUNTID>:repository/dataqualityworkflows-spades
I've added 5 tools, fastp, fastqc, megahit, spades and bbtools and the other will push to ECR but spades will not; and I am not sure why? Any assistance would be grateful.
Here are the sections of the yaml files I create.
StackBuildContainerSpades:
Type: "AWS::CloudFormation::Stack"
Properties:
Parameters:
Project: !Ref ProjectLowerCase
ImageName: spades
ImageTag: "3.15.3"
BuildSpec: ./containers/buildspec.yml
ProjectPath: ./containers/spades
CodeBuildRoleArn: !GetAtt IamRoles.Outputs.CodeBuildRoleArn
UseProjectPrefix: "yes"
TemplateURL:
Fn::Sub:
- ${TemplateRootUrl}/container-buildproject.cfn.yaml
- TemplateRootUrl:
Fn::Sub:
- "https://${ZoneBucket}.s3.${AWS::Region}.amazonaws.com/zone"
- ZoneBucket:
Fn::ImportValue:
!Sub ${ZoneStackName}-ZoneBucket
...
- Name: Spades
ActionTypeId:
Category: Build
Owner: AWS
Provider: CodeBuild
Version: "1"
Configuration:
ProjectName: !GetAtt "StackBuildContainerSpades.Outputs.Name"
InputArtifacts:
- Name: SourceStageOutput
Hey Daniel,
I'm not the developer of this solution but I think that the developers did not planed that you use their solution that way.
Am I right that you are trying to modify directly the files that are present in this repo ?
Here is how I added my private ECR images and how I think the developer would rather do:
Deploy the stacks using the files provided in this repo, without modification, that I think you managed.
Then you will have in your CodeCommit two repos: "Code" and "Pipe". You should clone these repos and make your own customizations there.
"Pipe" is the repo that deploys the resources that are necessary for "Code" to operate. If you have a look into CodePipeline, you have the "CodePipeline" that for the moment only builds the code and the Docker images defined in the vanila project. So you must modify these so that your new Docker images are built.
To do so you modify main.cfn.yaml in "Pipe" CodeCommit and that's where you add your "StackBuildContainerSpades". Then at the end of the same file you modify the code pipeline so that you include the new stack in the build phase. Once pushed you will see that the CodePipeline now has the unbuilt Spades block in the build phase.
Now you need to add a new folder in the "Code" repo: containers/spades/ and write the Dockerfile there. If everything is in order, next time the Pipeline "Code" will run, this file will be read and the spades container built into ECR. As this is use case is already planed in the vanilla project, you should not need to modify any IAM role. (all ecr rights are already included in the CodeBuildSeviceRole of the "Pipe" repo). In the main.cfn.yaml, you will have to define the Batch job definition based on the spades container however.
At least that's how I managed to build my own custumized solution and I think was the intended use. I hope this is more or less clear.
@sachalau
First off thank you so much, I believe I am now on the right path!
However, I am now running into an issue where the new docker containers are not being built and if I trigger them manually by clicking Start Build
from the web UI I get the following error:
Build failed to start. The following error occurred: ArtifactsOverride must be set when using artifacts type CodePipelines
I think you can't build the images from CodeBuild because you have defined an artifact that must come from CodePipelines. Can you push a change to your "Code" CodeCommit" or release a change to the "Pipe" CodePipeline tools ?
@sachalau - I don't think I am following. I followed the PFD guide and first updated the GenomicsWorkflowPipe
repo, I modified main.cfn.yml
like I have shown above by added StackBuildContainerSpades
and then under the Codepipeline
section added a new section for Spades
.
I am not sure what to do next.
Yep. Now if you go to the codepipeline "pipe" you should see in the build s stage the steps for building the docker images you added. However as you have not run the codepipeline "pipe" since you added them, they should appear as grey "did not run". To run this pipeline, you must either push a change to the repo "code" or in the UI, click release change.
Le mer. 8 sept. 2021 à 19:31, Daniel Donovan @.***> a écrit :
@sachalau https://github.com/sachalau - I don't think I am following. I followed the PFD guide and first updated the GenomicsWorkflowPipe repo, I modified main.cfn.yml like I have shown above by added StackBuildContainerSpades and then under the Codepipeline section added a new section for Spades.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/awslabs/genomics-secondary-analysis-using-aws-step-functions-and-aws-batch/issues/6#issuecomment-915432574, or unsubscribe https://github.com/notifications/unsubscribe-auth/AD347NJIBLX7R7OKWYKWRJDUA6MWHANCNFSM5DSYTJOA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
I can get this to run unmodified; however, I made a few modifications:
I updated the policy for the sample bucket to :
I get the following error when building and I am unclear what it means or how to debug it.