customAction support for aws codepipeline

[ghost]

This issue was originally opened by @bsarbhukan as hashicorp/terraform#19696. It was migrated here as a result of the provider split. The original body of the issue is below.

---

Current Terraform Version

Terraform v0.11.10
+ provider.aws v1.52.0
+ provider.null v1.0.0
+ provider.template v1.0.0

Use-cases

We are trying to create a AWS Codepipeline with source->build->deploy->test
We are able to write source and deploy stage using terraform.
For Build and Test stage, we plan to use jenkins (which is custom action or third party)
I had used the same pipeline skeleton using cloudformation and we need to create Custom action for Jenkins followed by codepipeline.

But I dont see any option to create a custom action for jenkins.

I cloned terraform engine code but I dont see anything related to Custom action for aws codepipeline.

I would like to know if such feature is planned to release or anyone has used any work around?

Attempted Solutions

I tried some random option for Owner/Provider (purely guess though) but it keep throwing below error:
Error creating CodePipeline: InvalidActionDeclarationException: ActionType (Category: 'Build', Provider: 'Jenkins', Owner: 'ThirdParty', Version: '1') in action 'Build' is not available
status code: 400

• aws_codepipeline.codepipeline: Error creating CodePipeline: InvalidActionDeclarationException: ActionType (Category: 'Build', Provider: 'Jenkins', Owner: 'Custom', Version: '1') in action 'Build' is not available
  status code: 400

Proposal

Will it be wise to create clousformation stack as resource for this custom action followed by aws code pipeline?

References

[bsarbhukan]

Hello, I dont think this is an issue with aws provider. Because custom action in pipeline is possible to achieve using cloudformation. I am looking for the example how to achieve the same thing using terraform. Any pointers are appreciated. Thank you.

[PraetorianSC4]

@terraformbot @bsarbhukan The issue is with the ActionType. The API page for codepipeline lists out what you need to make a build stage (https://docs.aws.amazon.com/codepipeline/latest/APIReference/API_ListActionTypes.html):

"actionConfigurationProperties": [
                {
                    "secret": false, 
                    "required": true, 
                    "name": "JenkinsBuildProject", 
                    "key": true, 
                    "queryable": true
                }
            ], 
            "outputArtifactDetails": {
                "maximumCount": 5, 
                "minimumCount": 0
            }, 
            "id": {
                "category": "Build", 
                "owner": "Custom", 
                "version": "1", 
                "provider": "JenkinsProviderName"
            }, 
            "settings": {
                "entityUrlTemplate": "http://192.0.2.4/job/{Config:ProjectName}", 
                "executionUrlTemplate": "http://192.0.2.4/job/{Config:ProjectName}/{ExternalExecutionId}"
            }
        }, 
        {
            "inputArtifactDetails": {
                "maximumCount": 5, 
                "minimumCount": 0
            }, 
            "actionConfigurationProperties": [
                {
                    "secret": false, 
                    "required": true, 
                    "name": "JenkinsTestProject", 
                    "key": true, 
                    "queryable": true
                }
            ], 
            "outputArtifactDetails": {
                "maximumCount": 5, 
                "minimumCount": 0
            }, 
            "id": {
                "category": "Test", 
                "owner": "Custom", 
                "version": "1", 
                "provider": "JenkinsProviderName"
            }, 
            "settings": {
                "entityUrlTemplate": "http://192.0.2.4/job/{Config:ProjectName}", 
                "executionUrlTemplate": "http://192.0.2.4/job/{Config:ProjectName}/{ExternalExecutionId}"
            }
        }
    ]

Based on above, I believe the actual stage code should be something like this:

    stage {
            name                                            = "Build"

            action {
                    name                                    = "JenkinsBuilder"
                    category                                = "Build"
                    owner                                   = "Custom"
                    provider                                = "Jenkins"
                    input_artifacts                         = ["SourceArtifact"]
                    output_artifacts                        = ["BuildArtifact"]
                    version                                 = "1"

            configuration {
                    Name                                    = "${var.pipeName["svc1"]}-mainline"
                    ThirdPartyConfigurationUrl              = "http://<jenkins-server-ip>:8080"
                    ProviderName                            = "JenkinsCI"
                    }
            }
    }

Stage = Build << this is valid
Action name = action { name = "JenkinsBuilder" << this is also valid
Action provider = Category:Build > provider = Jenkins << this is where things are going wrong

Because if we swap out owner for AWS and change provider to CodeBuild, the action name can stay the same and terraform builds the pipeline in half a second. The issue remains with why, and unfortunately I've not made any further progress than where you were 20 days ago.

Outcome of Terraform Apply:

• aws_codepipeline.cicdpipeline: Error creating CodePipeline: InvalidActionDeclarationException: ActionType (Category: 'Build', Provider: 'Jenkins', Owner: 'Custom', Version: '1') in action 'JenkinsBuilder' is not available | status code: 400, request id: 573ff9a5-1434-44f9-a54f-26c6d08f5b32

If you do this manually in CodePipeline through the UI, you can enter all of the above:

Action name: JenkinsBuilder
Action provider: Add Jenkins
Provider name: JenkinsCI
Server URL: http://<jenkins-server>:8080
Project name: dummy-project-1
Input artifacts: SourceArtifact
Output artifacts: BuildArtifact

And you get:

As of current, the aws_codepipeline resource provider is incapable of creating a Custom Jenkins Build Stage. This is a massive weakness, as not everyone uses CodeBuild. Not everyone likes putting all their eggs in one basket; some use Jenkins, others GitLab, CircleCI and so on. It's very disappointing that something as basic as this, does not work.

[ennioj]

Hi, @PraetorianSC4 have you found a workaround for this ?
There is a way to ignore the that step, so that can be created manually and it is not deleted at each run ?

[ahmedasimabdelhamid]

i am facing the same issue, any ideas ?

[amribrahim]

Hello All,
any one find solution to make stage in code pipeline for build using jenkins

[DenisBY]

@amribrahim I manually created Custom Action Provider with name 'updater' via AWS Console and then just use it like this:

      actions = [{
        name             = "JenkinsUpdater"
        category         = "Build"
        owner            = "Custom"
        provider         = "updater"
        input_artifacts  = ["SourceArtifact", "SourceArtifactECR"]
        output_artifacts = []
        version          = "1"
        configuration = {
          ProjectName = "updater-dev"
        }
      }]

It works for me. But it would be nice to have aws_codepipeline_custom_action_type (#8123) merged so we can create it once (or several times) via terraform and use it in our pipelines.

[yousef-salman]

Hello,
Here is a work around using local-exec provisioner in a null_resource block, a condition can be added so as to execute this
only when some variable meets that condition:

resource "null_resource" "action_type" {
provisioner "local-exec" {
command = <<EOT
aws codepipeline create-custom-action-type --category Build --provider ${var.Environment}-${var.MicroserviceName} --action-version 4 --input-artifact-details minimumCount=0,maximumCount=5 --output-artifact-details minimumCount=0,maximumCount=5 --settings entityUrlTemplate=\"http://${var.ServerName}/job/{Config:ProjectName}\",executionUrlTemplate=\"http://${var.ServerName}/job/\{Config:ProjectName\}/{ExternalExecutionId}\" --configuration-properties name=ProjectName,required=true,key=true,secret=false,queryable=true
EOT
}
}

The null_resource would have a resource id in the state file and won't be executed again through updates as there is no trigger field included. Further, this resource won't be deleted with terraform destroy but who cares this specific resource (actionType) need not be deleted from AWS, as even if deleted it would be still reserved for some reason and only a new version of that actionType can be created.

[github-actions]

This functionality has been released in v4.35.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.