Table of Contents
A low-level client representing AWS CodeBuild
CodeBuild is a fully managed build service in the cloud. CodeBuild compiles your source code, runs unit tests, and produces artifacts that are ready to deploy. CodeBuild eliminates the need to provision, manage, and scale your own build servers. It provides prepackaged build environments for the most popular programming languages and build tools, such as Apache Maven, Gradle, and more. You can also fully customize build environments in CodeBuild to use your own build tools. CodeBuild scales automatically to meet peak build requests. You pay only for the build time you consume. For more information about CodeBuild, see the * CodeBuild User Guide .*
import boto3
client = boto3.client('codebuild')
These are the available methods:
Deletes one or more builds.
See also: AWS API Documentation
Request Syntax
response = client.batch_delete_builds(
ids=[
'string',
]
)
[REQUIRED]
The IDs of the builds to delete.
{
'buildsDeleted': [
'string',
],
'buildsNotDeleted': [
{
'id': 'string',
'statusCode': 'string'
},
]
}
Response Structure
The IDs of the builds that were successfully deleted.
Information about any builds that could not be successfully deleted.
Information about a build that could not be successfully deleted.
The ID of the build that could not be successfully deleted.
Additional information about the build that could not be successfully deleted.
Exceptions
Retrieves information about one or more batch builds.
See also: AWS API Documentation
Request Syntax
response = client.batch_get_build_batches(
ids=[
'string',
]
)
[REQUIRED]
An array that contains the batch build identifiers to retrieve.
{
'buildBatches': [
{
'id': 'string',
'arn': 'string',
'startTime': datetime(2015, 1, 1),
'endTime': datetime(2015, 1, 1),
'currentPhase': 'string',
'buildBatchStatus': 'SUCCEEDED'|'FAILED'|'FAULT'|'TIMED_OUT'|'IN_PROGRESS'|'STOPPED',
'sourceVersion': 'string',
'resolvedSourceVersion': 'string',
'projectName': 'string',
'phases': [
{
'phaseType': 'SUBMITTED'|'DOWNLOAD_BATCHSPEC'|'IN_PROGRESS'|'COMBINE_ARTIFACTS'|'SUCCEEDED'|'FAILED'|'STOPPED',
'phaseStatus': 'SUCCEEDED'|'FAILED'|'FAULT'|'TIMED_OUT'|'IN_PROGRESS'|'STOPPED',
'startTime': datetime(2015, 1, 1),
'endTime': datetime(2015, 1, 1),
'durationInSeconds': 123,
'contexts': [
{
'statusCode': 'string',
'message': 'string'
},
]
},
],
'source': {
'type': 'CODECOMMIT'|'CODEPIPELINE'|'GITHUB'|'S3'|'BITBUCKET'|'GITHUB_ENTERPRISE'|'NO_SOURCE',
'location': 'string',
'gitCloneDepth': 123,
'gitSubmodulesConfig': {
'fetchSubmodules': True|False
},
'buildspec': 'string',
'auth': {
'type': 'OAUTH',
'resource': 'string'
},
'reportBuildStatus': True|False,
'buildStatusConfig': {
'context': 'string',
'targetUrl': 'string'
},
'insecureSsl': True|False,
'sourceIdentifier': 'string'
},
'secondarySources': [
{
'type': 'CODECOMMIT'|'CODEPIPELINE'|'GITHUB'|'S3'|'BITBUCKET'|'GITHUB_ENTERPRISE'|'NO_SOURCE',
'location': 'string',
'gitCloneDepth': 123,
'gitSubmodulesConfig': {
'fetchSubmodules': True|False
},
'buildspec': 'string',
'auth': {
'type': 'OAUTH',
'resource': 'string'
},
'reportBuildStatus': True|False,
'buildStatusConfig': {
'context': 'string',
'targetUrl': 'string'
},
'insecureSsl': True|False,
'sourceIdentifier': 'string'
},
],
'secondarySourceVersions': [
{
'sourceIdentifier': 'string',
'sourceVersion': 'string'
},
],
'artifacts': {
'location': 'string',
'sha256sum': 'string',
'md5sum': 'string',
'overrideArtifactName': True|False,
'encryptionDisabled': True|False,
'artifactIdentifier': 'string',
'bucketOwnerAccess': 'NONE'|'READ_ONLY'|'FULL'
},
'secondaryArtifacts': [
{
'location': 'string',
'sha256sum': 'string',
'md5sum': 'string',
'overrideArtifactName': True|False,
'encryptionDisabled': True|False,
'artifactIdentifier': 'string',
'bucketOwnerAccess': 'NONE'|'READ_ONLY'|'FULL'
},
],
'cache': {
'type': 'NO_CACHE'|'S3'|'LOCAL',
'location': 'string',
'modes': [
'LOCAL_DOCKER_LAYER_CACHE'|'LOCAL_SOURCE_CACHE'|'LOCAL_CUSTOM_CACHE',
]
},
'environment': {
'type': 'WINDOWS_CONTAINER'|'LINUX_CONTAINER'|'LINUX_GPU_CONTAINER'|'ARM_CONTAINER'|'WINDOWS_SERVER_2019_CONTAINER',
'image': 'string',
'computeType': 'BUILD_GENERAL1_SMALL'|'BUILD_GENERAL1_MEDIUM'|'BUILD_GENERAL1_LARGE'|'BUILD_GENERAL1_2XLARGE',
'environmentVariables': [
{
'name': 'string',
'value': 'string',
'type': 'PLAINTEXT'|'PARAMETER_STORE'|'SECRETS_MANAGER'
},
],
'privilegedMode': True|False,
'certificate': 'string',
'registryCredential': {
'credential': 'string',
'credentialProvider': 'SECRETS_MANAGER'
},
'imagePullCredentialsType': 'CODEBUILD'|'SERVICE_ROLE'
},
'serviceRole': 'string',
'logConfig': {
'cloudWatchLogs': {
'status': 'ENABLED'|'DISABLED',
'groupName': 'string',
'streamName': 'string'
},
's3Logs': {
'status': 'ENABLED'|'DISABLED',
'location': 'string',
'encryptionDisabled': True|False,
'bucketOwnerAccess': 'NONE'|'READ_ONLY'|'FULL'
}
},
'buildTimeoutInMinutes': 123,
'queuedTimeoutInMinutes': 123,
'complete': True|False,
'initiator': 'string',
'vpcConfig': {
'vpcId': 'string',
'subnets': [
'string',
],
'securityGroupIds': [
'string',
]
},
'encryptionKey': 'string',
'buildBatchNumber': 123,
'fileSystemLocations': [
{
'type': 'EFS',
'location': 'string',
'mountPoint': 'string',
'identifier': 'string',
'mountOptions': 'string'
},
],
'buildBatchConfig': {
'serviceRole': 'string',
'combineArtifacts': True|False,
'restrictions': {
'maximumBuildsAllowed': 123,
'computeTypesAllowed': [
'string',
]
},
'timeoutInMins': 123,
'batchReportMode': 'REPORT_INDIVIDUAL_BUILDS'|'REPORT_AGGREGATED_BATCH'
},
'buildGroups': [
{
'identifier': 'string',
'dependsOn': [
'string',
],
'ignoreFailure': True|False,
'currentBuildSummary': {
'arn': 'string',
'requestedOn': datetime(2015, 1, 1),
'buildStatus': 'SUCCEEDED'|'FAILED'|'FAULT'|'TIMED_OUT'|'IN_PROGRESS'|'STOPPED',
'primaryArtifact': {
'type': 'CODEPIPELINE'|'S3'|'NO_ARTIFACTS',
'location': 'string',
'identifier': 'string'
},
'secondaryArtifacts': [
{
'type': 'CODEPIPELINE'|'S3'|'NO_ARTIFACTS',
'location': 'string',
'identifier': 'string'
},
]
},
'priorBuildSummaryList': [
{
'arn': 'string',
'requestedOn': datetime(2015, 1, 1),
'buildStatus': 'SUCCEEDED'|'FAILED'|'FAULT'|'TIMED_OUT'|'IN_PROGRESS'|'STOPPED',
'primaryArtifact': {
'type': 'CODEPIPELINE'|'S3'|'NO_ARTIFACTS',
'location': 'string',
'identifier': 'string'
},
'secondaryArtifacts': [
{
'type': 'CODEPIPELINE'|'S3'|'NO_ARTIFACTS',
'location': 'string',
'identifier': 'string'
},
]
},
]
},
],
'debugSessionEnabled': True|False
},
],
'buildBatchesNotFound': [
'string',
]
}
Response Structure
An array of BuildBatch objects that represent the retrieved batch builds.
Contains information about a batch build.
The identifier of the batch build.
The ARN of the batch build.
The date and time that the batch build started.
The date and time that the batch build ended.
The current phase of the batch build.
The status of the batch build.
The identifier of the version of the source code to be built.
The identifier of the resolved version of this batch build's source code.
The name of the batch build project.
An array of BuildBatchPhase objects the specify the phases of the batch build.
Contains information about a stage for a batch build.
The name of the batch build phase. Valid values include:
COMBINE_ARTIFACTS
Build output artifacts are being combined and uploaded to the output location.
DOWNLOAD_BATCHSPEC
The batch build specification is being downloaded.
FAILED
One or more of the builds failed.
IN_PROGRESS
The batch build is in progress.
STOPPED
The batch build was stopped.
SUBMITTED
The btach build has been submitted.
SUCCEEDED
The batch build succeeded.
The current status of the batch build phase. Valid values include:
FAILED
The build phase failed.
FAULT
The build phase faulted.
IN_PROGRESS
The build phase is still in progress.
STOPPED
The build phase stopped.
SUCCEEDED
The build phase succeeded.
TIMED_OUT
The build phase timed out.
When the batch build phase started, expressed in Unix time format.
When the batch build phase ended, expressed in Unix time format.
How long, in seconds, between the starting and ending times of the batch build's phase.
Additional information about the batch build phase. Especially to help troubleshoot a failed batch build.
Additional information about a build phase that has an error. You can use this information for troubleshooting.
The status code for the context of the build phase.
An explanation of the build phase's context. This might include a command ID and an exit code.
Information about the build input source code for the build project.
The type of repository that contains the source code to be built. Valid values include:
Information about the location of the source code to be built. Valid values include:
If you specify CODEPIPELINE for the Type property, don't specify this property. For all of the other types, you must specify Location .
Information about the Git clone depth for the build project.
Information about the Git submodules configuration for the build project.
Set to true to fetch Git submodules for your CodeBuild build project.
The buildspec file declaration to use for the builds in this build project.
If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in CODEBUILD_SRC_DIR environment variable, or the path to an S3 bucket. The bucket must be in the same Amazon Web Services Region as the build project. Specify the buildspec file using its ARN (for example, arn:aws:s3:::my-codebuild-sample2/buildspec.yml ). If this value is not provided or is set to an empty string, the source code must contain a buildspec file in its root directory. For more information, see Buildspec File Name and Storage Location .
Information about the authorization settings for CodeBuild to access the source code to be built.
This information is for the CodeBuild console's use only. Your code should not get or set this information directly.
Note
This data type is deprecated and is no longer accurate or used.
The authorization type to use. The only valid value is OAUTH , which represents the OAuth authorization type.
The resource value that applies to the specified authorization type.
Set to true to report the status of a build's start and finish to your source provider. This option is valid only when your source provider is GitHub, GitHub Enterprise, or Bitbucket. If this is set and you use a different source provider, an invalidInputException is thrown.
To be able to report the build status to the source provider, the user associated with the source provider must have write access to the repo. If the user does not have write access, the build status cannot be updated. For more information, see Source provider access in the CodeBuild User Guide .
The status of a build triggered by a webhook is always reported to your source provider.
If your project's builds are triggered by a webhook, you must push a new commit to the repo for a change to this property to take effect.
Contains information that defines how the build project reports the build status to the source provider. This option is only used when the source provider is GITHUB , GITHUB_ENTERPRISE , or BITBUCKET .
Specifies the context of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the name parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the context parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
Specifies the target url of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the url parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the target_url parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
Enable this flag to ignore SSL warnings while connecting to the project source code.
An identifier for this project source. The identifier can only contain alphanumeric characters and underscores, and must be less than 128 characters in length.
An array of ProjectSource objects that define the sources for the batch build.
Information about the build input source code for the build project.
The type of repository that contains the source code to be built. Valid values include:
Information about the location of the source code to be built. Valid values include:
If you specify CODEPIPELINE for the Type property, don't specify this property. For all of the other types, you must specify Location .
Information about the Git clone depth for the build project.
Information about the Git submodules configuration for the build project.
Set to true to fetch Git submodules for your CodeBuild build project.
The buildspec file declaration to use for the builds in this build project.
If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in CODEBUILD_SRC_DIR environment variable, or the path to an S3 bucket. The bucket must be in the same Amazon Web Services Region as the build project. Specify the buildspec file using its ARN (for example, arn:aws:s3:::my-codebuild-sample2/buildspec.yml ). If this value is not provided or is set to an empty string, the source code must contain a buildspec file in its root directory. For more information, see Buildspec File Name and Storage Location .
Information about the authorization settings for CodeBuild to access the source code to be built.
This information is for the CodeBuild console's use only. Your code should not get or set this information directly.
Note
This data type is deprecated and is no longer accurate or used.
The authorization type to use. The only valid value is OAUTH , which represents the OAuth authorization type.
The resource value that applies to the specified authorization type.
Set to true to report the status of a build's start and finish to your source provider. This option is valid only when your source provider is GitHub, GitHub Enterprise, or Bitbucket. If this is set and you use a different source provider, an invalidInputException is thrown.
To be able to report the build status to the source provider, the user associated with the source provider must have write access to the repo. If the user does not have write access, the build status cannot be updated. For more information, see Source provider access in the CodeBuild User Guide .
The status of a build triggered by a webhook is always reported to your source provider.
If your project's builds are triggered by a webhook, you must push a new commit to the repo for a change to this property to take effect.
Contains information that defines how the build project reports the build status to the source provider. This option is only used when the source provider is GITHUB , GITHUB_ENTERPRISE , or BITBUCKET .
Specifies the context of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the name parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the context parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
Specifies the target url of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the url parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the target_url parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
Enable this flag to ignore SSL warnings while connecting to the project source code.
An identifier for this project source. The identifier can only contain alphanumeric characters and underscores, and must be less than 128 characters in length.
An array of ProjectSourceVersion objects. Each ProjectSourceVersion must be one of:
A source identifier and its corresponding version.
An identifier for a source in the build project. The identifier can only contain alphanumeric characters and underscores, and must be less than 128 characters in length.
The source version for the corresponding source identifier. If specified, must be one of:
For more information, see Source Version Sample with CodeBuild in the CodeBuild User Guide .
A BuildArtifacts object the defines the build artifacts for this batch build.
Information about the location of the build artifacts.
The SHA-256 hash of the build artifact.
You can use this hash along with a checksum tool to confirm file integrity and authenticity.
Note
This value is available only if the build project's packaging value is set to ZIP .
The MD5 hash of the build artifact.
You can use this hash along with a checksum tool to confirm file integrity and authenticity.
Note
This value is available only if the build project's packaging value is set to ZIP .
If this flag is set, a name specified in the buildspec file overrides the artifact name. The name specified in a buildspec file is calculated at build time and uses the Shell Command Language. For example, you can append a date and time to your artifact name so that it is always unique.
Information that tells you if encryption for build artifacts is disabled.
An identifier for this artifact definition.
Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects.
Note
To use this property, your CodeBuild service role must have the s3:PutBucketAcl permission. This permission allows CodeBuild to modify the access control list for the bucket.
This property can be one of the following values:
NONE
The bucket owner does not have access to the objects. This is the default.
READ_ONLY
The bucket owner has read-only access to the objects. The uploading account retains ownership of the objects.
FULL
The bucket owner has full access to the objects. Object ownership is determined by the following criteria:
For more information about Amazon S3 object ownership, see Controlling ownership of uploaded objects using S3 Object Ownership in the Amazon Simple Storage Service User Guide .
An array of BuildArtifacts objects the define the build artifacts for this batch build.
Information about build output artifacts.
Information about the location of the build artifacts.
The SHA-256 hash of the build artifact.
You can use this hash along with a checksum tool to confirm file integrity and authenticity.
Note
This value is available only if the build project's packaging value is set to ZIP .
The MD5 hash of the build artifact.
You can use this hash along with a checksum tool to confirm file integrity and authenticity.
Note
This value is available only if the build project's packaging value is set to ZIP .
If this flag is set, a name specified in the buildspec file overrides the artifact name. The name specified in a buildspec file is calculated at build time and uses the Shell Command Language. For example, you can append a date and time to your artifact name so that it is always unique.
Information that tells you if encryption for build artifacts is disabled.
An identifier for this artifact definition.
Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects.
Note
To use this property, your CodeBuild service role must have the s3:PutBucketAcl permission. This permission allows CodeBuild to modify the access control list for the bucket.
This property can be one of the following values:
NONE
The bucket owner does not have access to the objects. This is the default.
READ_ONLY
The bucket owner has read-only access to the objects. The uploading account retains ownership of the objects.
FULL
The bucket owner has full access to the objects. Object ownership is determined by the following criteria:
For more information about Amazon S3 object ownership, see Controlling ownership of uploaded objects using S3 Object Ownership in the Amazon Simple Storage Service User Guide .
Information about the cache for the build project.
The type of cache used by the build project. Valid values include:
Information about the cache location:
An array of strings that specify the local cache modes. You can use one or more local cache modes at the same time. This is only used for LOCAL cache types.
Possible values are:
LOCAL_SOURCE_CACHE
Caches Git metadata for primary and secondary sources. After the cache is created, subsequent builds pull only the change between commits. This mode is a good choice for projects with a clean working directory and a source that is a large Git repository. If you choose this option and your project does not use a Git repository (GitHub, GitHub Enterprise, or Bitbucket), the option is ignored.
LOCAL_DOCKER_LAYER_CACHE
Caches existing Docker layers. This mode is a good choice for projects that build or pull large Docker images. It can prevent the performance issues caused by pulling large Docker images down from the network.
Note
LOCAL_CUSTOM_CACHE
Caches directories you specify in the buildspec file. This mode is a good choice if your build scenario is not suited to one of the other three local cache modes. If you use a custom cache:
Information about the build environment of the build project.
The type of build environment to use for related builds.
For more information, see Build environment compute types in the CodeBuild user guide .
The image tag or image digest that identifies the Docker image to use for this build project. Use the following formats:
For more information, see Docker images provided by CodeBuild in the CodeBuild user guide .
Information about the compute resources the build project uses. Available values include:
If you use BUILD_GENERAL1_LARGE :
For more information, see Build Environment Compute Types in the CodeBuild User Guide.
A set of environment variables to make available to builds for this build project.
Information about an environment variable for a build project or a build.
The name or key of the environment variable.
The value of the environment variable.
Warning
We strongly discourage the use of PLAINTEXT environment variables to store sensitive values, especially Amazon Web Services secret key IDs and secret access keys. PLAINTEXT environment variables can be displayed in plain text using the CodeBuild console and the CLI. For sensitive values, we recommend you use an environment variable of type PARAMETER_STORE or SECRETS_MANAGER .
The type of environment variable. Valid values include:
Enables running the Docker daemon inside a Docker container. Set to true only if the build project is used to build Docker images. Otherwise, a build that attempts to interact with the Docker daemon fails. The default setting is false .
You can initialize the Docker daemon during the install phase of your build by adding one of the following sets of commands to the install phase of your buildspec file:
If the operating system's base image is Ubuntu Linux:
- nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 --storage-driver=overlay&- timeout 15 sh -c "until docker info; do echo .; sleep 1; done"
If the operating system's base image is Alpine Linux and the previous command does not work, add the -t argument to timeout :
- nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 --storage-driver=overlay&- timeout -t 15 sh -c "until docker info; do echo .; sleep 1; done"
The ARN of the Amazon S3 bucket, path prefix, and object key that contains the PEM-encoded certificate for the build project. For more information, see certificate in the CodeBuild User Guide .
The credentials for access to a private registry.
The Amazon Resource Name (ARN) or name of credentials created using Secrets Manager.
Note
The credential can use the name of the credentials only if they exist in your current Amazon Web Services Region.
The service that created the credentials to access a private Docker registry. The valid value, SECRETS_MANAGER, is for Secrets Manager.
The type of credentials CodeBuild uses to pull images in your build. There are two valid values:
When you use a cross-account or private registry image, you must use SERVICE_ROLE credentials. When you use an CodeBuild curated image, you must use CODEBUILD credentials.
The name of a service role used for builds in the batch.
Information about logs for a build project. These can be logs in CloudWatch Logs, built in a specified S3 bucket, or both.
Information about CloudWatch Logs for a build project. CloudWatch Logs are enabled by default.
The current status of the logs in CloudWatch Logs for a build project. Valid values are:
The group name of the logs in CloudWatch Logs. For more information, see Working with Log Groups and Log Streams .
The prefix of the stream name of the CloudWatch Logs. For more information, see Working with Log Groups and Log Streams .
Information about logs built to an S3 bucket for a build project. S3 logs are not enabled by default.
The current status of the S3 build logs. Valid values are:
The ARN of an S3 bucket and the path prefix for S3 logs. If your Amazon S3 bucket name is my-bucket , and your path prefix is build-log , then acceptable formats are my-bucket/build-log or arn:aws:s3:::my-bucket/build-log .
Set to true if you do not want your S3 build log output encrypted. By default S3 build logs are encrypted.
Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects.
Note
To use this property, your CodeBuild service role must have the s3:PutBucketAcl permission. This permission allows CodeBuild to modify the access control list for the bucket.
This property can be one of the following values:
NONE
The bucket owner does not have access to the objects. This is the default.
READ_ONLY
The bucket owner has read-only access to the objects. The uploading account retains ownership of the objects.
FULL
The bucket owner has full access to the objects. Object ownership is determined by the following criteria:
For more information about Amazon S3 object ownership, see Controlling ownership of uploaded objects using S3 Object Ownership in the Amazon Simple Storage Service User Guide .
Specifies the maximum amount of time, in minutes, that the build in a batch must be completed in.
Specifies the amount of time, in minutes, that the batch build is allowed to be queued before it times out.
Indicates if the batch build is complete.
The entity that started the batch build. Valid values include:
Information about the VPC configuration that CodeBuild accesses.
The ID of the Amazon VPC.
A list of one or more subnet IDs in your Amazon VPC.
A list of one or more security groups IDs in your Amazon VPC.
The Key Management Service customer master key (CMK) to be used for encrypting the batch build output artifacts.
Note
You can use a cross-account KMS key to encrypt the build output artifacts if your service role has permission to that key.
You can specify either the Amazon Resource Name (ARN) of the CMK or, if available, the CMK's alias (using the format alias/<alias-name> ).
The number of the batch build. For each project, the buildBatchNumber of its first batch build is 1 . The buildBatchNumber of each subsequent batch build is incremented by 1 . If a batch build is deleted, the buildBatchNumber of other batch builds does not change.
An array of ProjectFileSystemLocation objects for the batch build project. A ProjectFileSystemLocation object specifies the identifier , location , mountOptions , mountPoint , and type of a file system created using Amazon Elastic File System.
Information about a file system created by Amazon Elastic File System (EFS). For more information, see What Is Amazon Elastic File System?
The type of the file system. The one supported type is EFS .
A string that specifies the location of the file system created by Amazon EFS. Its format is efs-dns-name:/directory-path . You can find the DNS name of file system when you view it in the Amazon EFS console. The directory path is a path to a directory in the file system that CodeBuild mounts. For example, if the DNS name of a file system is fs-abcd1234.efs.us-west-2.amazonaws.com , and its mount directory is my-efs-mount-directory , then the location is fs-abcd1234.efs.us-west-2.amazonaws.com:/my-efs-mount-directory .
The directory path in the format efs-dns-name:/directory-path is optional. If you do not specify a directory path, the location is only the DNS name and CodeBuild mounts the entire file system.
The location in the container where you mount the file system.
The name used to access a file system created by Amazon EFS. CodeBuild creates an environment variable by appending the identifier in all capital letters to CODEBUILD_ . For example, if you specify my_efs for identifier , a new environment variable is create named CODEBUILD_MY_EFS .
The identifier is used to mount your file system.
The mount options for a file system created by Amazon EFS. The default mount options used by CodeBuild are nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 . For more information, see Recommended NFS Mount Options .
Contains configuration information about a batch build project.
Specifies the service role ARN for the batch build project.
Specifies if the build artifacts for the batch build should be combined into a single artifact location.
A BatchRestrictions object that specifies the restrictions for the batch build.
Specifies the maximum number of builds allowed.
An array of strings that specify the compute types that are allowed for the batch build. See Build environment compute types in the CodeBuild User Guide for these values.
Specifies the maximum amount of time, in minutes, that the batch build must be completed in.
Specifies how build status reports are sent to the source provider for the batch build. This property is only used when the source provider for your project is Bitbucket, GitHub, or GitHub Enterprise, and your project is configured to report build statuses to the source provider.
REPORT_AGGREGATED_BATCH
(Default) Aggregate all of the build statuses into a single status report.
REPORT_INDIVIDUAL_BUILDS
Send a separate status report for each individual build.
An array of BuildGroup objects that define the build groups for the batch build.
Contains information about a batch build build group. Build groups are used to combine builds that can run in parallel, while still being able to set dependencies on other build groups.
Contains the identifier of the build group.
An array of strings that contain the identifiers of the build groups that this build group depends on.
Specifies if failures in this build group can be ignored.
A BuildSummary object that contains a summary of the current build group.
The batch build ARN.
When the build was started, expressed in Unix time format.
The status of the build group.
FAILED
The build group failed.
FAULT
The build group faulted.
IN_PROGRESS
The build group is still in progress.
STOPPED
The build group stopped.
SUCCEEDED
The build group succeeded.
TIMED_OUT
The build group timed out.
A ResolvedArtifact object that represents the primary build artifacts for the build group.
Specifies the type of artifact.
The location of the artifact.
The identifier of the artifact.
An array of ResolvedArtifact objects that represents the secondary build artifacts for the build group.
Represents a resolved build artifact. A resolved artifact is an artifact that is built and deployed to the destination, such as Amazon S3.
Specifies the type of artifact.
The location of the artifact.
The identifier of the artifact.
An array of BuildSummary objects that contain summaries of previous build groups.
Contains summary information about a batch build group.
The batch build ARN.
When the build was started, expressed in Unix time format.
The status of the build group.
FAILED
The build group failed.
FAULT
The build group faulted.
IN_PROGRESS
The build group is still in progress.
STOPPED
The build group stopped.
SUCCEEDED
The build group succeeded.
TIMED_OUT
The build group timed out.
A ResolvedArtifact object that represents the primary build artifacts for the build group.
Specifies the type of artifact.
The location of the artifact.
The identifier of the artifact.
An array of ResolvedArtifact objects that represents the secondary build artifacts for the build group.
Represents a resolved build artifact. A resolved artifact is an artifact that is built and deployed to the destination, such as Amazon S3.
Specifies the type of artifact.
The location of the artifact.
The identifier of the artifact.
Specifies if session debugging is enabled for this batch build. For more information, see Viewing a running build in Session Manager . Batch session debugging is not supported for matrix batch builds.
An array that contains the identifiers of any batch builds that are not found.
Exceptions
Gets information about one or more builds.
See also: AWS API Documentation
Request Syntax
response = client.batch_get_builds(
ids=[
'string',
]
)
[REQUIRED]
The IDs of the builds.
{
'builds': [
{
'id': 'string',
'arn': 'string',
'buildNumber': 123,
'startTime': datetime(2015, 1, 1),
'endTime': datetime(2015, 1, 1),
'currentPhase': 'string',
'buildStatus': 'SUCCEEDED'|'FAILED'|'FAULT'|'TIMED_OUT'|'IN_PROGRESS'|'STOPPED',
'sourceVersion': 'string',
'resolvedSourceVersion': 'string',
'projectName': 'string',
'phases': [
{
'phaseType': 'SUBMITTED'|'QUEUED'|'PROVISIONING'|'DOWNLOAD_SOURCE'|'INSTALL'|'PRE_BUILD'|'BUILD'|'POST_BUILD'|'UPLOAD_ARTIFACTS'|'FINALIZING'|'COMPLETED',
'phaseStatus': 'SUCCEEDED'|'FAILED'|'FAULT'|'TIMED_OUT'|'IN_PROGRESS'|'STOPPED',
'startTime': datetime(2015, 1, 1),
'endTime': datetime(2015, 1, 1),
'durationInSeconds': 123,
'contexts': [
{
'statusCode': 'string',
'message': 'string'
},
]
},
],
'source': {
'type': 'CODECOMMIT'|'CODEPIPELINE'|'GITHUB'|'S3'|'BITBUCKET'|'GITHUB_ENTERPRISE'|'NO_SOURCE',
'location': 'string',
'gitCloneDepth': 123,
'gitSubmodulesConfig': {
'fetchSubmodules': True|False
},
'buildspec': 'string',
'auth': {
'type': 'OAUTH',
'resource': 'string'
},
'reportBuildStatus': True|False,
'buildStatusConfig': {
'context': 'string',
'targetUrl': 'string'
},
'insecureSsl': True|False,
'sourceIdentifier': 'string'
},
'secondarySources': [
{
'type': 'CODECOMMIT'|'CODEPIPELINE'|'GITHUB'|'S3'|'BITBUCKET'|'GITHUB_ENTERPRISE'|'NO_SOURCE',
'location': 'string',
'gitCloneDepth': 123,
'gitSubmodulesConfig': {
'fetchSubmodules': True|False
},
'buildspec': 'string',
'auth': {
'type': 'OAUTH',
'resource': 'string'
},
'reportBuildStatus': True|False,
'buildStatusConfig': {
'context': 'string',
'targetUrl': 'string'
},
'insecureSsl': True|False,
'sourceIdentifier': 'string'
},
],
'secondarySourceVersions': [
{
'sourceIdentifier': 'string',
'sourceVersion': 'string'
},
],
'artifacts': {
'location': 'string',
'sha256sum': 'string',
'md5sum': 'string',
'overrideArtifactName': True|False,
'encryptionDisabled': True|False,
'artifactIdentifier': 'string',
'bucketOwnerAccess': 'NONE'|'READ_ONLY'|'FULL'
},
'secondaryArtifacts': [
{
'location': 'string',
'sha256sum': 'string',
'md5sum': 'string',
'overrideArtifactName': True|False,
'encryptionDisabled': True|False,
'artifactIdentifier': 'string',
'bucketOwnerAccess': 'NONE'|'READ_ONLY'|'FULL'
},
],
'cache': {
'type': 'NO_CACHE'|'S3'|'LOCAL',
'location': 'string',
'modes': [
'LOCAL_DOCKER_LAYER_CACHE'|'LOCAL_SOURCE_CACHE'|'LOCAL_CUSTOM_CACHE',
]
},
'environment': {
'type': 'WINDOWS_CONTAINER'|'LINUX_CONTAINER'|'LINUX_GPU_CONTAINER'|'ARM_CONTAINER'|'WINDOWS_SERVER_2019_CONTAINER',
'image': 'string',
'computeType': 'BUILD_GENERAL1_SMALL'|'BUILD_GENERAL1_MEDIUM'|'BUILD_GENERAL1_LARGE'|'BUILD_GENERAL1_2XLARGE',
'environmentVariables': [
{
'name': 'string',
'value': 'string',
'type': 'PLAINTEXT'|'PARAMETER_STORE'|'SECRETS_MANAGER'
},
],
'privilegedMode': True|False,
'certificate': 'string',
'registryCredential': {
'credential': 'string',
'credentialProvider': 'SECRETS_MANAGER'
},
'imagePullCredentialsType': 'CODEBUILD'|'SERVICE_ROLE'
},
'serviceRole': 'string',
'logs': {
'groupName': 'string',
'streamName': 'string',
'deepLink': 'string',
's3DeepLink': 'string',
'cloudWatchLogsArn': 'string',
's3LogsArn': 'string',
'cloudWatchLogs': {
'status': 'ENABLED'|'DISABLED',
'groupName': 'string',
'streamName': 'string'
},
's3Logs': {
'status': 'ENABLED'|'DISABLED',
'location': 'string',
'encryptionDisabled': True|False,
'bucketOwnerAccess': 'NONE'|'READ_ONLY'|'FULL'
}
},
'timeoutInMinutes': 123,
'queuedTimeoutInMinutes': 123,
'buildComplete': True|False,
'initiator': 'string',
'vpcConfig': {
'vpcId': 'string',
'subnets': [
'string',
],
'securityGroupIds': [
'string',
]
},
'networkInterface': {
'subnetId': 'string',
'networkInterfaceId': 'string'
},
'encryptionKey': 'string',
'exportedEnvironmentVariables': [
{
'name': 'string',
'value': 'string'
},
],
'reportArns': [
'string',
],
'fileSystemLocations': [
{
'type': 'EFS',
'location': 'string',
'mountPoint': 'string',
'identifier': 'string',
'mountOptions': 'string'
},
],
'debugSession': {
'sessionEnabled': True|False,
'sessionTarget': 'string'
},
'buildBatchArn': 'string'
},
],
'buildsNotFound': [
'string',
]
}
Response Structure
Information about the requested builds.
Information about a build.
The unique ID for the build.
The Amazon Resource Name (ARN) of the build.
The number of the build. For each project, the buildNumber of its first build is 1 . The buildNumber of each subsequent build is incremented by 1 . If a build is deleted, the buildNumber of other builds does not change.
When the build process started, expressed in Unix time format.
When the build process ended, expressed in Unix time format.
The current build phase.
The current status of the build. Valid values include:
Any version identifier for the version of the source code to be built. If sourceVersion is specified at the project level, then this sourceVersion (at the build level) takes precedence.
For more information, see Source Version Sample with CodeBuild in the CodeBuild User Guide .
An identifier for the version of this build's source code.
The name of the CodeBuild project.
Information about all previous build phases that are complete and information about any current build phase that is not yet complete.
Information about a stage for a build.
The name of the build phase. Valid values include:
BUILD
Core build activities typically occur in this build phase.
COMPLETED
The build has been completed.
DOWNLOAD_SOURCE
Source code is being downloaded in this build phase.
FINALIZING
The build process is completing in this build phase.
INSTALL
Installation activities typically occur in this build phase.
POST_BUILD
Post-build activities typically occur in this build phase.
PRE_BUILD
Pre-build activities typically occur in this build phase.
PROVISIONING
The build environment is being set up.
QUEUED
The build has been submitted and is queued behind other submitted builds.
SUBMITTED
The build has been submitted.
UPLOAD_ARTIFACTS
Build output artifacts are being uploaded to the output location.
The current status of the build phase. Valid values include:
FAILED
The build phase failed.
FAULT
The build phase faulted.
IN_PROGRESS
The build phase is still in progress.
STOPPED
The build phase stopped.
SUCCEEDED
The build phase succeeded.
TIMED_OUT
The build phase timed out.
When the build phase started, expressed in Unix time format.
When the build phase ended, expressed in Unix time format.
How long, in seconds, between the starting and ending times of the build's phase.
Additional information about a build phase, especially to help troubleshoot a failed build.
Additional information about a build phase that has an error. You can use this information for troubleshooting.
The status code for the context of the build phase.
An explanation of the build phase's context. This might include a command ID and an exit code.
Information about the source code to be built.
The type of repository that contains the source code to be built. Valid values include:
Information about the location of the source code to be built. Valid values include:
If you specify CODEPIPELINE for the Type property, don't specify this property. For all of the other types, you must specify Location .
Information about the Git clone depth for the build project.
Information about the Git submodules configuration for the build project.
Set to true to fetch Git submodules for your CodeBuild build project.
The buildspec file declaration to use for the builds in this build project.
If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in CODEBUILD_SRC_DIR environment variable, or the path to an S3 bucket. The bucket must be in the same Amazon Web Services Region as the build project. Specify the buildspec file using its ARN (for example, arn:aws:s3:::my-codebuild-sample2/buildspec.yml ). If this value is not provided or is set to an empty string, the source code must contain a buildspec file in its root directory. For more information, see Buildspec File Name and Storage Location .
Information about the authorization settings for CodeBuild to access the source code to be built.
This information is for the CodeBuild console's use only. Your code should not get or set this information directly.
Note
This data type is deprecated and is no longer accurate or used.
The authorization type to use. The only valid value is OAUTH , which represents the OAuth authorization type.
The resource value that applies to the specified authorization type.
Set to true to report the status of a build's start and finish to your source provider. This option is valid only when your source provider is GitHub, GitHub Enterprise, or Bitbucket. If this is set and you use a different source provider, an invalidInputException is thrown.
To be able to report the build status to the source provider, the user associated with the source provider must have write access to the repo. If the user does not have write access, the build status cannot be updated. For more information, see Source provider access in the CodeBuild User Guide .
The status of a build triggered by a webhook is always reported to your source provider.
If your project's builds are triggered by a webhook, you must push a new commit to the repo for a change to this property to take effect.
Contains information that defines how the build project reports the build status to the source provider. This option is only used when the source provider is GITHUB , GITHUB_ENTERPRISE , or BITBUCKET .
Specifies the context of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the name parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the context parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
Specifies the target url of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the url parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the target_url parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
Enable this flag to ignore SSL warnings while connecting to the project source code.
An identifier for this project source. The identifier can only contain alphanumeric characters and underscores, and must be less than 128 characters in length.
An array of ProjectSource objects.
Information about the build input source code for the build project.
The type of repository that contains the source code to be built. Valid values include:
Information about the location of the source code to be built. Valid values include:
If you specify CODEPIPELINE for the Type property, don't specify this property. For all of the other types, you must specify Location .
Information about the Git clone depth for the build project.
Information about the Git submodules configuration for the build project.
Set to true to fetch Git submodules for your CodeBuild build project.
The buildspec file declaration to use for the builds in this build project.
If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in CODEBUILD_SRC_DIR environment variable, or the path to an S3 bucket. The bucket must be in the same Amazon Web Services Region as the build project. Specify the buildspec file using its ARN (for example, arn:aws:s3:::my-codebuild-sample2/buildspec.yml ). If this value is not provided or is set to an empty string, the source code must contain a buildspec file in its root directory. For more information, see Buildspec File Name and Storage Location .
Information about the authorization settings for CodeBuild to access the source code to be built.
This information is for the CodeBuild console's use only. Your code should not get or set this information directly.
Note
This data type is deprecated and is no longer accurate or used.
The authorization type to use. The only valid value is OAUTH , which represents the OAuth authorization type.
The resource value that applies to the specified authorization type.
Set to true to report the status of a build's start and finish to your source provider. This option is valid only when your source provider is GitHub, GitHub Enterprise, or Bitbucket. If this is set and you use a different source provider, an invalidInputException is thrown.
To be able to report the build status to the source provider, the user associated with the source provider must have write access to the repo. If the user does not have write access, the build status cannot be updated. For more information, see Source provider access in the CodeBuild User Guide .
The status of a build triggered by a webhook is always reported to your source provider.
If your project's builds are triggered by a webhook, you must push a new commit to the repo for a change to this property to take effect.
Contains information that defines how the build project reports the build status to the source provider. This option is only used when the source provider is GITHUB , GITHUB_ENTERPRISE , or BITBUCKET .
Specifies the context of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the name parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the context parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
Specifies the target url of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the url parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the target_url parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
Enable this flag to ignore SSL warnings while connecting to the project source code.
An identifier for this project source. The identifier can only contain alphanumeric characters and underscores, and must be less than 128 characters in length.
An array of ProjectSourceVersion objects. Each ProjectSourceVersion must be one of:
A source identifier and its corresponding version.
An identifier for a source in the build project. The identifier can only contain alphanumeric characters and underscores, and must be less than 128 characters in length.
The source version for the corresponding source identifier. If specified, must be one of:
For more information, see Source Version Sample with CodeBuild in the CodeBuild User Guide .
Information about the output artifacts for the build.
Information about the location of the build artifacts.
The SHA-256 hash of the build artifact.
You can use this hash along with a checksum tool to confirm file integrity and authenticity.
Note
This value is available only if the build project's packaging value is set to ZIP .
The MD5 hash of the build artifact.
You can use this hash along with a checksum tool to confirm file integrity and authenticity.
Note
This value is available only if the build project's packaging value is set to ZIP .
If this flag is set, a name specified in the buildspec file overrides the artifact name. The name specified in a buildspec file is calculated at build time and uses the Shell Command Language. For example, you can append a date and time to your artifact name so that it is always unique.
Information that tells you if encryption for build artifacts is disabled.
An identifier for this artifact definition.
Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects.
Note
To use this property, your CodeBuild service role must have the s3:PutBucketAcl permission. This permission allows CodeBuild to modify the access control list for the bucket.
This property can be one of the following values:
NONE
The bucket owner does not have access to the objects. This is the default.
READ_ONLY
The bucket owner has read-only access to the objects. The uploading account retains ownership of the objects.
FULL
The bucket owner has full access to the objects. Object ownership is determined by the following criteria:
For more information about Amazon S3 object ownership, see Controlling ownership of uploaded objects using S3 Object Ownership in the Amazon Simple Storage Service User Guide .
An array of ProjectArtifacts objects.
Information about build output artifacts.
Information about the location of the build artifacts.
The SHA-256 hash of the build artifact.
You can use this hash along with a checksum tool to confirm file integrity and authenticity.
Note
This value is available only if the build project's packaging value is set to ZIP .
The MD5 hash of the build artifact.
You can use this hash along with a checksum tool to confirm file integrity and authenticity.
Note
This value is available only if the build project's packaging value is set to ZIP .
If this flag is set, a name specified in the buildspec file overrides the artifact name. The name specified in a buildspec file is calculated at build time and uses the Shell Command Language. For example, you can append a date and time to your artifact name so that it is always unique.
Information that tells you if encryption for build artifacts is disabled.
An identifier for this artifact definition.
Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects.
Note
To use this property, your CodeBuild service role must have the s3:PutBucketAcl permission. This permission allows CodeBuild to modify the access control list for the bucket.
This property can be one of the following values:
NONE
The bucket owner does not have access to the objects. This is the default.
READ_ONLY
The bucket owner has read-only access to the objects. The uploading account retains ownership of the objects.
FULL
The bucket owner has full access to the objects. Object ownership is determined by the following criteria:
For more information about Amazon S3 object ownership, see Controlling ownership of uploaded objects using S3 Object Ownership in the Amazon Simple Storage Service User Guide .
Information about the cache for the build.
The type of cache used by the build project. Valid values include:
Information about the cache location:
An array of strings that specify the local cache modes. You can use one or more local cache modes at the same time. This is only used for LOCAL cache types.
Possible values are:
LOCAL_SOURCE_CACHE
Caches Git metadata for primary and secondary sources. After the cache is created, subsequent builds pull only the change between commits. This mode is a good choice for projects with a clean working directory and a source that is a large Git repository. If you choose this option and your project does not use a Git repository (GitHub, GitHub Enterprise, or Bitbucket), the option is ignored.
LOCAL_DOCKER_LAYER_CACHE
Caches existing Docker layers. This mode is a good choice for projects that build or pull large Docker images. It can prevent the performance issues caused by pulling large Docker images down from the network.
Note
LOCAL_CUSTOM_CACHE
Caches directories you specify in the buildspec file. This mode is a good choice if your build scenario is not suited to one of the other three local cache modes. If you use a custom cache:
Information about the build environment for this build.
The type of build environment to use for related builds.
For more information, see Build environment compute types in the CodeBuild user guide .
The image tag or image digest that identifies the Docker image to use for this build project. Use the following formats:
For more information, see Docker images provided by CodeBuild in the CodeBuild user guide .
Information about the compute resources the build project uses. Available values include:
If you use BUILD_GENERAL1_LARGE :
For more information, see Build Environment Compute Types in the CodeBuild User Guide.
A set of environment variables to make available to builds for this build project.
Information about an environment variable for a build project or a build.
The name or key of the environment variable.
The value of the environment variable.
Warning
We strongly discourage the use of PLAINTEXT environment variables to store sensitive values, especially Amazon Web Services secret key IDs and secret access keys. PLAINTEXT environment variables can be displayed in plain text using the CodeBuild console and the CLI. For sensitive values, we recommend you use an environment variable of type PARAMETER_STORE or SECRETS_MANAGER .
The type of environment variable. Valid values include:
Enables running the Docker daemon inside a Docker container. Set to true only if the build project is used to build Docker images. Otherwise, a build that attempts to interact with the Docker daemon fails. The default setting is false .
You can initialize the Docker daemon during the install phase of your build by adding one of the following sets of commands to the install phase of your buildspec file:
If the operating system's base image is Ubuntu Linux:
- nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 --storage-driver=overlay&- timeout 15 sh -c "until docker info; do echo .; sleep 1; done"
If the operating system's base image is Alpine Linux and the previous command does not work, add the -t argument to timeout :
- nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 --storage-driver=overlay&- timeout -t 15 sh -c "until docker info; do echo .; sleep 1; done"
The ARN of the Amazon S3 bucket, path prefix, and object key that contains the PEM-encoded certificate for the build project. For more information, see certificate in the CodeBuild User Guide .
The credentials for access to a private registry.
The Amazon Resource Name (ARN) or name of credentials created using Secrets Manager.
Note
The credential can use the name of the credentials only if they exist in your current Amazon Web Services Region.
The service that created the credentials to access a private Docker registry. The valid value, SECRETS_MANAGER, is for Secrets Manager.
The type of credentials CodeBuild uses to pull images in your build. There are two valid values:
When you use a cross-account or private registry image, you must use SERVICE_ROLE credentials. When you use an CodeBuild curated image, you must use CODEBUILD credentials.
The name of a service role used for this build.
Information about the build's logs in CloudWatch Logs.
The name of the CloudWatch Logs group for the build logs.
The name of the CloudWatch Logs stream for the build logs.
The URL to an individual build log in CloudWatch Logs.
The URL to a build log in an S3 bucket.
The ARN of CloudWatch Logs for a build project. Its format is arn:${Partition}:logs:${Region}:${Account}:log-group:${LogGroupName}:log-stream:${LogStreamName} . For more information, see Resources Defined by CloudWatch Logs .
The ARN of S3 logs for a build project. Its format is arn:${Partition}:s3:::${BucketName}/${ObjectName} . For more information, see Resources Defined by Amazon S3 .
Information about CloudWatch Logs for a build project.
The current status of the logs in CloudWatch Logs for a build project. Valid values are:
The group name of the logs in CloudWatch Logs. For more information, see Working with Log Groups and Log Streams .
The prefix of the stream name of the CloudWatch Logs. For more information, see Working with Log Groups and Log Streams .
Information about S3 logs for a build project.
The current status of the S3 build logs. Valid values are:
The ARN of an S3 bucket and the path prefix for S3 logs. If your Amazon S3 bucket name is my-bucket , and your path prefix is build-log , then acceptable formats are my-bucket/build-log or arn:aws:s3:::my-bucket/build-log .
Set to true if you do not want your S3 build log output encrypted. By default S3 build logs are encrypted.
Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects.
Note
To use this property, your CodeBuild service role must have the s3:PutBucketAcl permission. This permission allows CodeBuild to modify the access control list for the bucket.
This property can be one of the following values:
NONE
The bucket owner does not have access to the objects. This is the default.
READ_ONLY
The bucket owner has read-only access to the objects. The uploading account retains ownership of the objects.
FULL
The bucket owner has full access to the objects. Object ownership is determined by the following criteria:
For more information about Amazon S3 object ownership, see Controlling ownership of uploaded objects using S3 Object Ownership in the Amazon Simple Storage Service User Guide .
How long, in minutes, for CodeBuild to wait before timing out this build if it does not get marked as completed.
The number of minutes a build is allowed to be queued before it times out.
Whether the build is complete. True if complete; otherwise, false.
The entity that started the build. Valid values include:
If your CodeBuild project accesses resources in an Amazon VPC, you provide this parameter that identifies the VPC ID and the list of security group IDs and subnet IDs. The security groups and subnets must belong to the same VPC. You must provide at least one security group and one subnet ID.
The ID of the Amazon VPC.
A list of one or more subnet IDs in your Amazon VPC.
A list of one or more security groups IDs in your Amazon VPC.
Describes a network interface.
The ID of the subnet.
The ID of the network interface.
The Key Management Service customer master key (CMK) to be used for encrypting the build output artifacts.
Note
You can use a cross-account KMS key to encrypt the build output artifacts if your service role has permission to that key.
You can specify either the Amazon Resource Name (ARN) of the CMK or, if available, the CMK's alias (using the format alias/<alias-name> ).
A list of exported environment variables for this build.
Exported environment variables are used in conjunction with CodePipeline to export environment variables from the current build stage to subsequent stages in the pipeline. For more information, see Working with variables in the CodePipeline User Guide .
Contains information about an exported environment variable.
Exported environment variables are used in conjunction with CodePipeline to export environment variables from the current build stage to subsequent stages in the pipeline. For more information, see Working with variables in the CodePipeline User Guide .
Note
During a build, the value of a variable is available starting with the install phase. It can be updated between the start of the install phase and the end of the post_build phase. After the post_build phase ends, the value of exported variables cannot change.
The name of the exported environment variable.
The value assigned to the exported environment variable.
An array of the ARNs associated with this build's reports.
An array of ProjectFileSystemLocation objects for a CodeBuild build project. A ProjectFileSystemLocation object specifies the identifier , location , mountOptions , mountPoint , and type of a file system created using Amazon Elastic File System.
Information about a file system created by Amazon Elastic File System (EFS). For more information, see What Is Amazon Elastic File System?
The type of the file system. The one supported type is EFS .
A string that specifies the location of the file system created by Amazon EFS. Its format is efs-dns-name:/directory-path . You can find the DNS name of file system when you view it in the Amazon EFS console. The directory path is a path to a directory in the file system that CodeBuild mounts. For example, if the DNS name of a file system is fs-abcd1234.efs.us-west-2.amazonaws.com , and its mount directory is my-efs-mount-directory , then the location is fs-abcd1234.efs.us-west-2.amazonaws.com:/my-efs-mount-directory .
The directory path in the format efs-dns-name:/directory-path is optional. If you do not specify a directory path, the location is only the DNS name and CodeBuild mounts the entire file system.
The location in the container where you mount the file system.
The name used to access a file system created by Amazon EFS. CodeBuild creates an environment variable by appending the identifier in all capital letters to CODEBUILD_ . For example, if you specify my_efs for identifier , a new environment variable is create named CODEBUILD_MY_EFS .
The identifier is used to mount your file system.
The mount options for a file system created by Amazon EFS. The default mount options used by CodeBuild are nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 . For more information, see Recommended NFS Mount Options .
Contains information about the debug session for this build.
Specifies if session debugging is enabled for this build.
Contains the identifier of the Session Manager session used for the build. To work with the paused build, you open this session to examine, control, and resume the build.
The ARN of the batch build that this build is a member of, if applicable.
The IDs of builds for which information could not be found.
Exceptions
Examples
The following example gets information about builds with the specified build IDs.
response = client.batch_get_builds(
ids=[
'codebuild-demo-project:9b0ac37f-d19e-4254-9079-f47e9a389eEX',
'codebuild-demo-project:b79a46f7-1473-4636-a23f-da9c45c208EX',
],
)
print(response)
Expected Output:
{
'builds': [
{
'arn': 'arn:aws:codebuild:us-east-1:123456789012:build/codebuild-demo-project:9b0ac37f-d19e-4254-9079-f47e9a389eEX',
'artifacts': {
'location': 'arn:aws:s3:::codebuild-123456789012-output-bucket/codebuild-demo-project',
},
'buildComplete': True,
'buildStatus': 'SUCCEEDED',
'currentPhase': 'COMPLETED',
'endTime': 1479832474.764,
'environment': {
'type': 'LINUX_CONTAINER',
'computeType': 'BUILD_GENERAL1_SMALL',
'environmentVariables': [
],
'image': 'aws/codebuild/java:openjdk-8',
'privilegedMode': False,
},
'id': 'codebuild-demo-project:9b0ac37f-d19e-4254-9079-f47e9a389eEX',
'initiator': 'MyDemoUser',
'logs': {
'deepLink': 'https://console.aws.amazon.com/cloudwatch/home?region=us-east-1#logEvent:group=/aws/codebuild/codebuild-demo-project;stream=9b0ac37f-d19e-4254-9079-f47e9a389eEX',
'groupName': '/aws/codebuild/codebuild-demo-project',
'streamName': '9b0ac37f-d19e-4254-9079-f47e9a389eEX',
},
'phases': [
{
'durationInSeconds': 0,
'endTime': 1479832342.23,
'phaseStatus': 'SUCCEEDED',
'phaseType': 'SUBMITTED',
'startTime': 1479832341.854,
},
{
'contexts': [
],
'durationInSeconds': 72,
'endTime': 1479832415.064,
'phaseStatus': 'SUCCEEDED',
'phaseType': 'PROVISIONING',
'startTime': 1479832342.23,
},
{
'contexts': [
],
'durationInSeconds': 46,
'endTime': 1479832461.261,
'phaseStatus': 'SUCCEEDED',
'phaseType': 'DOWNLOAD_SOURCE',
'startTime': 1479832415.064,
},
{
'contexts': [
],
'durationInSeconds': 0,
'endTime': 1479832461.354,
'phaseStatus': 'SUCCEEDED',
'phaseType': 'INSTALL',
'startTime': 1479832461.261,
},
{
'contexts': [
],
'durationInSeconds': 0,
'endTime': 1479832461.448,
'phaseStatus': 'SUCCEEDED',
'phaseType': 'PRE_BUILD',
'startTime': 1479832461.354,
},
{
'contexts': [
],
'durationInSeconds': 9,
'endTime': 1479832471.115,
'phaseStatus': 'SUCCEEDED',
'phaseType': 'BUILD',
'startTime': 1479832461.448,
},
{
'contexts': [
],
'durationInSeconds': 0,
'endTime': 1479832471.224,
'phaseStatus': 'SUCCEEDED',
'phaseType': 'POST_BUILD',
'startTime': 1479832471.115,
},
{
'contexts': [
],
'durationInSeconds': 0,
'endTime': 1479832471.791,
'phaseStatus': 'SUCCEEDED',
'phaseType': 'UPLOAD_ARTIFACTS',
'startTime': 1479832471.224,
},
{
'contexts': [
],
'durationInSeconds': 2,
'endTime': 1479832474.764,
'phaseStatus': 'SUCCEEDED',
'phaseType': 'FINALIZING',
'startTime': 1479832471.791,
},
{
'phaseType': 'COMPLETED',
'startTime': 1479832474.764,
},
],
'projectName': 'codebuild-demo-project',
'source': {
'type': 'S3',
'buildspec': '',
'location': 'arn:aws:s3:::codebuild-123456789012-input-bucket/MessageUtil.zip',
},
'startTime': 1479832341.854,
'timeoutInMinutes': 60,
},
{
'arn': 'arn:aws:codebuild:us-east-1:123456789012:build/codebuild-demo-project:b79a46f7-1473-4636-a23f-da9c45c208EX',
'artifacts': {
'location': 'arn:aws:s3:::codebuild-123456789012-output-bucket/codebuild-demo-project',
},
'buildComplete': True,
'buildStatus': 'SUCCEEDED',
'currentPhase': 'COMPLETED',
'endTime': 1479401214.239,
'environment': {
'type': 'LINUX_CONTAINER',
'computeType': 'BUILD_GENERAL1_SMALL',
'environmentVariables': [
],
'image': 'aws/codebuild/java:openjdk-8',
'privilegedMode': False,
},
'id': 'codebuild-demo-project:b79a46f7-1473-4636-a23f-da9c45c208EX',
'initiator': 'MyDemoUser',
'logs': {
'deepLink': 'https://console.aws.amazon.com/cloudwatch/home?region=us-east-1#logEvent:group=/aws/codebuild/codebuild-demo-project;stream=b79a46f7-1473-4636-a23f-da9c45c208EX',
'groupName': '/aws/codebuild/codebuild-demo-project',
'streamName': 'b79a46f7-1473-4636-a23f-da9c45c208EX',
},
'phases': [
{
'durationInSeconds': 0,
'endTime': 1479401082.342,
'phaseStatus': 'SUCCEEDED',
'phaseType': 'SUBMITTED',
'startTime': 1479401081.869,
},
{
'contexts': [
],
'durationInSeconds': 71,
'endTime': 1479401154.129,
'phaseStatus': 'SUCCEEDED',
'phaseType': 'PROVISIONING',
'startTime': 1479401082.342,
},
{
'contexts': [
],
'durationInSeconds': 45,
'endTime': 1479401199.136,
'phaseStatus': 'SUCCEEDED',
'phaseType': 'DOWNLOAD_SOURCE',
'startTime': 1479401154.129,
},
{
'contexts': [
],
'durationInSeconds': 0,
'endTime': 1479401199.236,
'phaseStatus': 'SUCCEEDED',
'phaseType': 'INSTALL',
'startTime': 1479401199.136,
},
{
'contexts': [
],
'durationInSeconds': 0,
'endTime': 1479401199.345,
'phaseStatus': 'SUCCEEDED',
'phaseType': 'PRE_BUILD',
'startTime': 1479401199.236,
},
{
'contexts': [
],
'durationInSeconds': 9,
'endTime': 1479401208.68,
'phaseStatus': 'SUCCEEDED',
'phaseType': 'BUILD',
'startTime': 1479401199.345,
},
{
'contexts': [
],
'durationInSeconds': 0,
'endTime': 1479401208.783,
'phaseStatus': 'SUCCEEDED',
'phaseType': 'POST_BUILD',
'startTime': 1479401208.68,
},
{
'contexts': [
],
'durationInSeconds': 0,
'endTime': 1479401209.463,
'phaseStatus': 'SUCCEEDED',
'phaseType': 'UPLOAD_ARTIFACTS',
'startTime': 1479401208.783,
},
{
'contexts': [
],
'durationInSeconds': 4,
'endTime': 1479401214.239,
'phaseStatus': 'SUCCEEDED',
'phaseType': 'FINALIZING',
'startTime': 1479401209.463,
},
{
'phaseType': 'COMPLETED',
'startTime': 1479401214.239,
},
],
'projectName': 'codebuild-demo-project',
'source': {
'type': 'S3',
'location': 'arn:aws:s3:::codebuild-123456789012-input-bucket/MessageUtil.zip',
},
'startTime': 1479401081.869,
'timeoutInMinutes': 60,
},
],
'ResponseMetadata': {
'...': '...',
},
}
Gets information about one or more build projects.
See also: AWS API Documentation
Request Syntax
response = client.batch_get_projects(
names=[
'string',
]
)
[REQUIRED]
The names or ARNs of the build projects. To get information about a project shared with your Amazon Web Services account, its ARN must be specified. You cannot specify a shared project using its name.
{
'projects': [
{
'name': 'string',
'arn': 'string',
'description': 'string',
'source': {
'type': 'CODECOMMIT'|'CODEPIPELINE'|'GITHUB'|'S3'|'BITBUCKET'|'GITHUB_ENTERPRISE'|'NO_SOURCE',
'location': 'string',
'gitCloneDepth': 123,
'gitSubmodulesConfig': {
'fetchSubmodules': True|False
},
'buildspec': 'string',
'auth': {
'type': 'OAUTH',
'resource': 'string'
},
'reportBuildStatus': True|False,
'buildStatusConfig': {
'context': 'string',
'targetUrl': 'string'
},
'insecureSsl': True|False,
'sourceIdentifier': 'string'
},
'secondarySources': [
{
'type': 'CODECOMMIT'|'CODEPIPELINE'|'GITHUB'|'S3'|'BITBUCKET'|'GITHUB_ENTERPRISE'|'NO_SOURCE',
'location': 'string',
'gitCloneDepth': 123,
'gitSubmodulesConfig': {
'fetchSubmodules': True|False
},
'buildspec': 'string',
'auth': {
'type': 'OAUTH',
'resource': 'string'
},
'reportBuildStatus': True|False,
'buildStatusConfig': {
'context': 'string',
'targetUrl': 'string'
},
'insecureSsl': True|False,
'sourceIdentifier': 'string'
},
],
'sourceVersion': 'string',
'secondarySourceVersions': [
{
'sourceIdentifier': 'string',
'sourceVersion': 'string'
},
],
'artifacts': {
'type': 'CODEPIPELINE'|'S3'|'NO_ARTIFACTS',
'location': 'string',
'path': 'string',
'namespaceType': 'NONE'|'BUILD_ID',
'name': 'string',
'packaging': 'NONE'|'ZIP',
'overrideArtifactName': True|False,
'encryptionDisabled': True|False,
'artifactIdentifier': 'string',
'bucketOwnerAccess': 'NONE'|'READ_ONLY'|'FULL'
},
'secondaryArtifacts': [
{
'type': 'CODEPIPELINE'|'S3'|'NO_ARTIFACTS',
'location': 'string',
'path': 'string',
'namespaceType': 'NONE'|'BUILD_ID',
'name': 'string',
'packaging': 'NONE'|'ZIP',
'overrideArtifactName': True|False,
'encryptionDisabled': True|False,
'artifactIdentifier': 'string',
'bucketOwnerAccess': 'NONE'|'READ_ONLY'|'FULL'
},
],
'cache': {
'type': 'NO_CACHE'|'S3'|'LOCAL',
'location': 'string',
'modes': [
'LOCAL_DOCKER_LAYER_CACHE'|'LOCAL_SOURCE_CACHE'|'LOCAL_CUSTOM_CACHE',
]
},
'environment': {
'type': 'WINDOWS_CONTAINER'|'LINUX_CONTAINER'|'LINUX_GPU_CONTAINER'|'ARM_CONTAINER'|'WINDOWS_SERVER_2019_CONTAINER',
'image': 'string',
'computeType': 'BUILD_GENERAL1_SMALL'|'BUILD_GENERAL1_MEDIUM'|'BUILD_GENERAL1_LARGE'|'BUILD_GENERAL1_2XLARGE',
'environmentVariables': [
{
'name': 'string',
'value': 'string',
'type': 'PLAINTEXT'|'PARAMETER_STORE'|'SECRETS_MANAGER'
},
],
'privilegedMode': True|False,
'certificate': 'string',
'registryCredential': {
'credential': 'string',
'credentialProvider': 'SECRETS_MANAGER'
},
'imagePullCredentialsType': 'CODEBUILD'|'SERVICE_ROLE'
},
'serviceRole': 'string',
'timeoutInMinutes': 123,
'queuedTimeoutInMinutes': 123,
'encryptionKey': 'string',
'tags': [
{
'key': 'string',
'value': 'string'
},
],
'created': datetime(2015, 1, 1),
'lastModified': datetime(2015, 1, 1),
'webhook': {
'url': 'string',
'payloadUrl': 'string',
'secret': 'string',
'branchFilter': 'string',
'filterGroups': [
[
{
'type': 'EVENT'|'BASE_REF'|'HEAD_REF'|'ACTOR_ACCOUNT_ID'|'FILE_PATH'|'COMMIT_MESSAGE',
'pattern': 'string',
'excludeMatchedPattern': True|False
},
],
],
'buildType': 'BUILD'|'BUILD_BATCH',
'lastModifiedSecret': datetime(2015, 1, 1)
},
'vpcConfig': {
'vpcId': 'string',
'subnets': [
'string',
],
'securityGroupIds': [
'string',
]
},
'badge': {
'badgeEnabled': True|False,
'badgeRequestUrl': 'string'
},
'logsConfig': {
'cloudWatchLogs': {
'status': 'ENABLED'|'DISABLED',
'groupName': 'string',
'streamName': 'string'
},
's3Logs': {
'status': 'ENABLED'|'DISABLED',
'location': 'string',
'encryptionDisabled': True|False,
'bucketOwnerAccess': 'NONE'|'READ_ONLY'|'FULL'
}
},
'fileSystemLocations': [
{
'type': 'EFS',
'location': 'string',
'mountPoint': 'string',
'identifier': 'string',
'mountOptions': 'string'
},
],
'buildBatchConfig': {
'serviceRole': 'string',
'combineArtifacts': True|False,
'restrictions': {
'maximumBuildsAllowed': 123,
'computeTypesAllowed': [
'string',
]
},
'timeoutInMins': 123,
'batchReportMode': 'REPORT_INDIVIDUAL_BUILDS'|'REPORT_AGGREGATED_BATCH'
},
'concurrentBuildLimit': 123,
'projectVisibility': 'PUBLIC_READ'|'PRIVATE',
'publicProjectAlias': 'string',
'resourceAccessRole': 'string'
},
],
'projectsNotFound': [
'string',
]
}
Response Structure
Information about the requested build projects.
Information about a build project.
The name of the build project.
The Amazon Resource Name (ARN) of the build project.
A description that makes the build project easy to identify.
Information about the build input source code for this build project.
The type of repository that contains the source code to be built. Valid values include:
Information about the location of the source code to be built. Valid values include:
If you specify CODEPIPELINE for the Type property, don't specify this property. For all of the other types, you must specify Location .
Information about the Git clone depth for the build project.
Information about the Git submodules configuration for the build project.
Set to true to fetch Git submodules for your CodeBuild build project.
The buildspec file declaration to use for the builds in this build project.
If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in CODEBUILD_SRC_DIR environment variable, or the path to an S3 bucket. The bucket must be in the same Amazon Web Services Region as the build project. Specify the buildspec file using its ARN (for example, arn:aws:s3:::my-codebuild-sample2/buildspec.yml ). If this value is not provided or is set to an empty string, the source code must contain a buildspec file in its root directory. For more information, see Buildspec File Name and Storage Location .
Information about the authorization settings for CodeBuild to access the source code to be built.
This information is for the CodeBuild console's use only. Your code should not get or set this information directly.
Note
This data type is deprecated and is no longer accurate or used.
The authorization type to use. The only valid value is OAUTH , which represents the OAuth authorization type.
The resource value that applies to the specified authorization type.
Set to true to report the status of a build's start and finish to your source provider. This option is valid only when your source provider is GitHub, GitHub Enterprise, or Bitbucket. If this is set and you use a different source provider, an invalidInputException is thrown.
To be able to report the build status to the source provider, the user associated with the source provider must have write access to the repo. If the user does not have write access, the build status cannot be updated. For more information, see Source provider access in the CodeBuild User Guide .
The status of a build triggered by a webhook is always reported to your source provider.
If your project's builds are triggered by a webhook, you must push a new commit to the repo for a change to this property to take effect.
Contains information that defines how the build project reports the build status to the source provider. This option is only used when the source provider is GITHUB , GITHUB_ENTERPRISE , or BITBUCKET .
Specifies the context of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the name parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the context parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
Specifies the target url of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the url parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the target_url parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
Enable this flag to ignore SSL warnings while connecting to the project source code.
An identifier for this project source. The identifier can only contain alphanumeric characters and underscores, and must be less than 128 characters in length.
An array of ProjectSource objects.
Information about the build input source code for the build project.
The type of repository that contains the source code to be built. Valid values include:
Information about the location of the source code to be built. Valid values include:
If you specify CODEPIPELINE for the Type property, don't specify this property. For all of the other types, you must specify Location .
Information about the Git clone depth for the build project.
Information about the Git submodules configuration for the build project.
Set to true to fetch Git submodules for your CodeBuild build project.
The buildspec file declaration to use for the builds in this build project.
If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in CODEBUILD_SRC_DIR environment variable, or the path to an S3 bucket. The bucket must be in the same Amazon Web Services Region as the build project. Specify the buildspec file using its ARN (for example, arn:aws:s3:::my-codebuild-sample2/buildspec.yml ). If this value is not provided or is set to an empty string, the source code must contain a buildspec file in its root directory. For more information, see Buildspec File Name and Storage Location .
Information about the authorization settings for CodeBuild to access the source code to be built.
This information is for the CodeBuild console's use only. Your code should not get or set this information directly.
Note
This data type is deprecated and is no longer accurate or used.
The authorization type to use. The only valid value is OAUTH , which represents the OAuth authorization type.
The resource value that applies to the specified authorization type.
Set to true to report the status of a build's start and finish to your source provider. This option is valid only when your source provider is GitHub, GitHub Enterprise, or Bitbucket. If this is set and you use a different source provider, an invalidInputException is thrown.
To be able to report the build status to the source provider, the user associated with the source provider must have write access to the repo. If the user does not have write access, the build status cannot be updated. For more information, see Source provider access in the CodeBuild User Guide .
The status of a build triggered by a webhook is always reported to your source provider.
If your project's builds are triggered by a webhook, you must push a new commit to the repo for a change to this property to take effect.
Contains information that defines how the build project reports the build status to the source provider. This option is only used when the source provider is GITHUB , GITHUB_ENTERPRISE , or BITBUCKET .
Specifies the context of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the name parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the context parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
Specifies the target url of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the url parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the target_url parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
Enable this flag to ignore SSL warnings while connecting to the project source code.
An identifier for this project source. The identifier can only contain alphanumeric characters and underscores, and must be less than 128 characters in length.
A version of the build input to be built for this project. If not specified, the latest version is used. If specified, it must be one of:
If sourceVersion is specified at the build level, then that version takes precedence over this sourceVersion (at the project level).
For more information, see Source Version Sample with CodeBuild in the CodeBuild User Guide .
An array of ProjectSourceVersion objects. If secondarySourceVersions is specified at the build level, then they take over these secondarySourceVersions (at the project level).
A source identifier and its corresponding version.
An identifier for a source in the build project. The identifier can only contain alphanumeric characters and underscores, and must be less than 128 characters in length.
The source version for the corresponding source identifier. If specified, must be one of:
For more information, see Source Version Sample with CodeBuild in the CodeBuild User Guide .
Information about the build output artifacts for the build project.
The type of build output artifact. Valid values include:
Note
The CODEPIPELINE type is not supported for secondaryArtifacts .
Information about the build output artifact location:
Along with namespaceType and name , the pattern that CodeBuild uses to name and store the output artifact:
For example, if path is set to MyArtifacts , namespaceType is set to NONE , and name is set to MyArtifact.zip , the output artifact is stored in the output bucket at MyArtifacts/MyArtifact.zip .
Along with path and name , the pattern that CodeBuild uses to determine the name and location to store the output artifact:
For example, if path is set to MyArtifacts , namespaceType is set to BUILD_ID , and name is set to MyArtifact.zip , the output artifact is stored in MyArtifacts/<build-ID>/MyArtifact.zip .
Along with path and namespaceType , the pattern that CodeBuild uses to name and store the output artifact:
For example:
The type of build output artifact to create:
If this flag is set, a name specified in the buildspec file overrides the artifact name. The name specified in a buildspec file is calculated at build time and uses the Shell Command Language. For example, you can append a date and time to your artifact name so that it is always unique.
Set to true if you do not want your output artifacts encrypted. This option is valid only if your artifacts type is Amazon S3. If this is set with another artifacts type, an invalidInputException is thrown.
An identifier for this artifact definition.
Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects.
Note
To use this property, your CodeBuild service role must have the s3:PutBucketAcl permission. This permission allows CodeBuild to modify the access control list for the bucket.
This property can be one of the following values:
NONE
The bucket owner does not have access to the objects. This is the default.
READ_ONLY
The bucket owner has read-only access to the objects. The uploading account retains ownership of the objects.
FULL
The bucket owner has full access to the objects. Object ownership is determined by the following criteria:
For more information about Amazon S3 object ownership, see Controlling ownership of uploaded objects using S3 Object Ownership in the Amazon Simple Storage Service User Guide .
An array of ProjectArtifacts objects.
Information about the build output artifacts for the build project.
The type of build output artifact. Valid values include:
Note
The CODEPIPELINE type is not supported for secondaryArtifacts .
Information about the build output artifact location:
Along with namespaceType and name , the pattern that CodeBuild uses to name and store the output artifact:
For example, if path is set to MyArtifacts , namespaceType is set to NONE , and name is set to MyArtifact.zip , the output artifact is stored in the output bucket at MyArtifacts/MyArtifact.zip .
Along with path and name , the pattern that CodeBuild uses to determine the name and location to store the output artifact:
For example, if path is set to MyArtifacts , namespaceType is set to BUILD_ID , and name is set to MyArtifact.zip , the output artifact is stored in MyArtifacts/<build-ID>/MyArtifact.zip .
Along with path and namespaceType , the pattern that CodeBuild uses to name and store the output artifact:
For example:
The type of build output artifact to create:
If this flag is set, a name specified in the buildspec file overrides the artifact name. The name specified in a buildspec file is calculated at build time and uses the Shell Command Language. For example, you can append a date and time to your artifact name so that it is always unique.
Set to true if you do not want your output artifacts encrypted. This option is valid only if your artifacts type is Amazon S3. If this is set with another artifacts type, an invalidInputException is thrown.
An identifier for this artifact definition.
Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects.
Note
To use this property, your CodeBuild service role must have the s3:PutBucketAcl permission. This permission allows CodeBuild to modify the access control list for the bucket.
This property can be one of the following values:
NONE
The bucket owner does not have access to the objects. This is the default.
READ_ONLY
The bucket owner has read-only access to the objects. The uploading account retains ownership of the objects.
FULL
The bucket owner has full access to the objects. Object ownership is determined by the following criteria:
For more information about Amazon S3 object ownership, see Controlling ownership of uploaded objects using S3 Object Ownership in the Amazon Simple Storage Service User Guide .
Information about the cache for the build project.
The type of cache used by the build project. Valid values include:
Information about the cache location:
An array of strings that specify the local cache modes. You can use one or more local cache modes at the same time. This is only used for LOCAL cache types.
Possible values are:
LOCAL_SOURCE_CACHE
Caches Git metadata for primary and secondary sources. After the cache is created, subsequent builds pull only the change between commits. This mode is a good choice for projects with a clean working directory and a source that is a large Git repository. If you choose this option and your project does not use a Git repository (GitHub, GitHub Enterprise, or Bitbucket), the option is ignored.
LOCAL_DOCKER_LAYER_CACHE
Caches existing Docker layers. This mode is a good choice for projects that build or pull large Docker images. It can prevent the performance issues caused by pulling large Docker images down from the network.
Note
LOCAL_CUSTOM_CACHE
Caches directories you specify in the buildspec file. This mode is a good choice if your build scenario is not suited to one of the other three local cache modes. If you use a custom cache:
Information about the build environment for this build project.
The type of build environment to use for related builds.
For more information, see Build environment compute types in the CodeBuild user guide .
The image tag or image digest that identifies the Docker image to use for this build project. Use the following formats:
For more information, see Docker images provided by CodeBuild in the CodeBuild user guide .
Information about the compute resources the build project uses. Available values include:
If you use BUILD_GENERAL1_LARGE :
For more information, see Build Environment Compute Types in the CodeBuild User Guide.
A set of environment variables to make available to builds for this build project.
Information about an environment variable for a build project or a build.
The name or key of the environment variable.
The value of the environment variable.
Warning
We strongly discourage the use of PLAINTEXT environment variables to store sensitive values, especially Amazon Web Services secret key IDs and secret access keys. PLAINTEXT environment variables can be displayed in plain text using the CodeBuild console and the CLI. For sensitive values, we recommend you use an environment variable of type PARAMETER_STORE or SECRETS_MANAGER .
The type of environment variable. Valid values include:
Enables running the Docker daemon inside a Docker container. Set to true only if the build project is used to build Docker images. Otherwise, a build that attempts to interact with the Docker daemon fails. The default setting is false .
You can initialize the Docker daemon during the install phase of your build by adding one of the following sets of commands to the install phase of your buildspec file:
If the operating system's base image is Ubuntu Linux:
- nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 --storage-driver=overlay&- timeout 15 sh -c "until docker info; do echo .; sleep 1; done"
If the operating system's base image is Alpine Linux and the previous command does not work, add the -t argument to timeout :
- nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 --storage-driver=overlay&- timeout -t 15 sh -c "until docker info; do echo .; sleep 1; done"
The ARN of the Amazon S3 bucket, path prefix, and object key that contains the PEM-encoded certificate for the build project. For more information, see certificate in the CodeBuild User Guide .
The credentials for access to a private registry.
The Amazon Resource Name (ARN) or name of credentials created using Secrets Manager.
Note
The credential can use the name of the credentials only if they exist in your current Amazon Web Services Region.
The service that created the credentials to access a private Docker registry. The valid value, SECRETS_MANAGER, is for Secrets Manager.
The type of credentials CodeBuild uses to pull images in your build. There are two valid values:
When you use a cross-account or private registry image, you must use SERVICE_ROLE credentials. When you use an CodeBuild curated image, you must use CODEBUILD credentials.
The ARN of the IAM role that enables CodeBuild to interact with dependent Amazon Web Services services on behalf of the Amazon Web Services account.
How long, in minutes, from 5 to 480 (8 hours), for CodeBuild to wait before timing out any related build that did not get marked as completed. The default is 60 minutes.
The number of minutes a build is allowed to be queued before it times out.
The Key Management Service customer master key (CMK) to be used for encrypting the build output artifacts.
Note
You can use a cross-account KMS key to encrypt the build output artifacts if your service role has permission to that key.
You can specify either the Amazon Resource Name (ARN) of the CMK or, if available, the CMK's alias (using the format alias/<alias-name> ). If you don't specify a value, CodeBuild uses the managed CMK for Amazon Simple Storage Service (Amazon S3).
A list of tag key and value pairs associated with this build project.
These tags are available for use by Amazon Web Services services that support CodeBuild build project tags.
A tag, consisting of a key and a value.
This tag is available for use by Amazon Web Services services that support tags in CodeBuild.
The tag's key.
The tag's value.
When the build project was created, expressed in Unix time format.
When the build project's settings were last modified, expressed in Unix time format.
Information about a webhook that connects repository events to a build project in CodeBuild.
The URL to the webhook.
The CodeBuild endpoint where webhook events are sent.
The secret token of the associated repository.
Note
A Bitbucket webhook does not support secret .
A regular expression used to determine which repository branches are built when a webhook is triggered. If the name of a branch matches the regular expression, then it is built. If branchFilter is empty, then all branches are built.
Note
It is recommended that you use filterGroups instead of branchFilter .
An array of arrays of WebhookFilter objects used to determine which webhooks are triggered. At least one WebhookFilter in the array must specify EVENT as its type .
For a build to be triggered, at least one filter group in the filterGroups array must pass. For a filter group to pass, each of its filters must pass.
A filter used to determine which webhooks trigger a build.
The type of webhook filter. There are six webhook filter types: EVENT , ACTOR_ACCOUNT_ID , HEAD_REF , BASE_REF , FILE_PATH , and COMMIT_MESSAGE .
EVENT
A webhook event triggers a build when the provided pattern matches one of five event types: PUSH , PULL_REQUEST_CREATED , PULL_REQUEST_UPDATED , PULL_REQUEST_REOPENED , and PULL_REQUEST_MERGED . The EVENT patterns are specified as a comma-separated string. For example, PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED filters all push, pull request created, and pull request updated events.
Note
The PULL_REQUEST_REOPENED works with GitHub and GitHub Enterprise only.
ACTOR_ACCOUNT_ID
A webhook event triggers a build when a GitHub, GitHub Enterprise, or Bitbucket account ID matches the regular expression pattern .
HEAD_REF
A webhook event triggers a build when the head reference matches the regular expression pattern . For example, refs/heads/branch-name and refs/tags/tag-name .
Works with GitHub and GitHub Enterprise push, GitHub and GitHub Enterprise pull request, Bitbucket push, and Bitbucket pull request events.
BASE_REF
A webhook event triggers a build when the base reference matches the regular expression pattern . For example, refs/heads/branch-name .
Note
Works with pull request events only.
FILE_PATH
A webhook triggers a build when the path of a changed file matches the regular expression pattern .
Note
Works with GitHub and Bitbucket events push and pull requests events. Also works with GitHub Enterprise push events, but does not work with GitHub Enterprise pull request events.
COMMIT_MESSAGE
A webhook triggers a build when the head commit message matches the regular expression pattern .
Note
Works with GitHub and Bitbucket events push and pull requests events. Also works with GitHub Enterprise push events, but does not work with GitHub Enterprise pull request events.
For a WebHookFilter that uses EVENT type, a comma-separated string that specifies one or more events. For example, the webhook filter PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED allows all push, pull request created, and pull request updated events to trigger a build.
For a WebHookFilter that uses any of the other filter types, a regular expression pattern. For example, a WebHookFilter that uses HEAD_REF for its type and the pattern ^refs/heads/ triggers a build when the head reference is a branch with a reference name refs/heads/branch-name .
Used to indicate that the pattern determines which webhook events do not trigger a build. If true, then a webhook event that does not match the pattern triggers a build. If false, then a webhook event that matches the pattern triggers a build.
Specifies the type of build this webhook will trigger.
A timestamp that indicates the last time a repository's secret token was modified.
Information about the VPC configuration that CodeBuild accesses.
The ID of the Amazon VPC.
A list of one or more subnet IDs in your Amazon VPC.
A list of one or more security groups IDs in your Amazon VPC.
Information about the build badge for the build project.
Set this to true to generate a publicly accessible URL for your project's build badge.
The publicly-accessible URL through which you can access the build badge for your project.
Information about logs for the build project. A project can create logs in CloudWatch Logs, an S3 bucket, or both.
Information about CloudWatch Logs for a build project. CloudWatch Logs are enabled by default.
The current status of the logs in CloudWatch Logs for a build project. Valid values are:
The group name of the logs in CloudWatch Logs. For more information, see Working with Log Groups and Log Streams .
The prefix of the stream name of the CloudWatch Logs. For more information, see Working with Log Groups and Log Streams .
Information about logs built to an S3 bucket for a build project. S3 logs are not enabled by default.
The current status of the S3 build logs. Valid values are:
The ARN of an S3 bucket and the path prefix for S3 logs. If your Amazon S3 bucket name is my-bucket , and your path prefix is build-log , then acceptable formats are my-bucket/build-log or arn:aws:s3:::my-bucket/build-log .
Set to true if you do not want your S3 build log output encrypted. By default S3 build logs are encrypted.
Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects.
Note
To use this property, your CodeBuild service role must have the s3:PutBucketAcl permission. This permission allows CodeBuild to modify the access control list for the bucket.
This property can be one of the following values:
NONE
The bucket owner does not have access to the objects. This is the default.
READ_ONLY
The bucket owner has read-only access to the objects. The uploading account retains ownership of the objects.
FULL
The bucket owner has full access to the objects. Object ownership is determined by the following criteria:
For more information about Amazon S3 object ownership, see Controlling ownership of uploaded objects using S3 Object Ownership in the Amazon Simple Storage Service User Guide .
An array of ProjectFileSystemLocation objects for a CodeBuild build project. A ProjectFileSystemLocation object specifies the identifier , location , mountOptions , mountPoint , and type of a file system created using Amazon Elastic File System.
Information about a file system created by Amazon Elastic File System (EFS). For more information, see What Is Amazon Elastic File System?
The type of the file system. The one supported type is EFS .
A string that specifies the location of the file system created by Amazon EFS. Its format is efs-dns-name:/directory-path . You can find the DNS name of file system when you view it in the Amazon EFS console. The directory path is a path to a directory in the file system that CodeBuild mounts. For example, if the DNS name of a file system is fs-abcd1234.efs.us-west-2.amazonaws.com , and its mount directory is my-efs-mount-directory , then the location is fs-abcd1234.efs.us-west-2.amazonaws.com:/my-efs-mount-directory .
The directory path in the format efs-dns-name:/directory-path is optional. If you do not specify a directory path, the location is only the DNS name and CodeBuild mounts the entire file system.
The location in the container where you mount the file system.
The name used to access a file system created by Amazon EFS. CodeBuild creates an environment variable by appending the identifier in all capital letters to CODEBUILD_ . For example, if you specify my_efs for identifier , a new environment variable is create named CODEBUILD_MY_EFS .
The identifier is used to mount your file system.
The mount options for a file system created by Amazon EFS. The default mount options used by CodeBuild are nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 . For more information, see Recommended NFS Mount Options .
A ProjectBuildBatchConfig object that defines the batch build options for the project.
Specifies the service role ARN for the batch build project.
Specifies if the build artifacts for the batch build should be combined into a single artifact location.
A BatchRestrictions object that specifies the restrictions for the batch build.
Specifies the maximum number of builds allowed.
An array of strings that specify the compute types that are allowed for the batch build. See Build environment compute types in the CodeBuild User Guide for these values.
Specifies the maximum amount of time, in minutes, that the batch build must be completed in.
Specifies how build status reports are sent to the source provider for the batch build. This property is only used when the source provider for your project is Bitbucket, GitHub, or GitHub Enterprise, and your project is configured to report build statuses to the source provider.
REPORT_AGGREGATED_BATCH
(Default) Aggregate all of the build statuses into a single status report.
REPORT_INDIVIDUAL_BUILDS
Send a separate status report for each individual build.
The maximum number of concurrent builds that are allowed for this project.
New builds are only started if the current number of builds is less than or equal to this limit. If the current build count meets this limit, new builds are throttled and are not run.
Specifies the visibility of the project's builds. Possible values are:
PUBLIC_READ
The project builds are visible to the public.
PRIVATE
The project builds are not visible to the public.
Contains the project identifier used with the public build APIs.
The ARN of the IAM role that enables CodeBuild to access the CloudWatch Logs and Amazon S3 artifacts for the project's builds.
The names of build projects for which information could not be found.
Exceptions
Returns an array of report groups.
See also: AWS API Documentation
Request Syntax
response = client.batch_get_report_groups(
reportGroupArns=[
'string',
]
)
[REQUIRED]
An array of report group ARNs that identify the report groups to return.
{
'reportGroups': [
{
'arn': 'string',
'name': 'string',
'type': 'TEST'|'CODE_COVERAGE',
'exportConfig': {
'exportConfigType': 'S3'|'NO_EXPORT',
's3Destination': {
'bucket': 'string',
'bucketOwner': 'string',
'path': 'string',
'packaging': 'ZIP'|'NONE',
'encryptionKey': 'string',
'encryptionDisabled': True|False
}
},
'created': datetime(2015, 1, 1),
'lastModified': datetime(2015, 1, 1),
'tags': [
{
'key': 'string',
'value': 'string'
},
],
'status': 'ACTIVE'|'DELETING'
},
],
'reportGroupsNotFound': [
'string',
]
}
Response Structure
The array of report groups returned by BatchGetReportGroups .
A series of reports. Each report contains information about the results from running a series of test cases. You specify the test cases for a report group in the buildspec for a build project using one or more paths to the test case files.
The ARN of the ReportGroup .
The name of the ReportGroup .
The type of the ReportGroup . This can be one of the following values:
CODE_COVERAGE
The report group contains code coverage reports.
TEST
The report group contains test reports.
Information about the destination where the raw data of this ReportGroup is exported.
The export configuration type. Valid values are:
A S3ReportExportConfig object that contains information about the S3 bucket where the run of a report is exported.
The name of the S3 bucket where the raw data of a report are exported.
The Amazon Web Services account identifier of the owner of the Amazon S3 bucket. This allows report data to be exported to an Amazon S3 bucket that is owned by an account other than the account running the build.
The path to the exported report's raw data results.
The type of build output artifact to create. Valid values include:
The encryption key for the report's encrypted raw data.
A boolean value that specifies if the results of a report are encrypted.
The date and time this ReportGroup was created.
The date and time this ReportGroup was last modified.
A list of tag key and value pairs associated with this report group.
These tags are available for use by Amazon Web Services services that support CodeBuild report group tags.
A tag, consisting of a key and a value.
This tag is available for use by Amazon Web Services services that support tags in CodeBuild.
The tag's key.
The tag's value.
The status of the report group. This property is read-only.
This can be one of the following values:
ACTIVE
The report group is active.
DELETING
The report group is in the process of being deleted.
An array of ARNs passed to BatchGetReportGroups that are not associated with a ReportGroup .
Exceptions
Returns an array of reports.
See also: AWS API Documentation
Request Syntax
response = client.batch_get_reports(
reportArns=[
'string',
]
)
[REQUIRED]
An array of ARNs that identify the Report objects to return.
{
'reports': [
{
'arn': 'string',
'type': 'TEST'|'CODE_COVERAGE',
'name': 'string',
'reportGroupArn': 'string',
'executionId': 'string',
'status': 'GENERATING'|'SUCCEEDED'|'FAILED'|'INCOMPLETE'|'DELETING',
'created': datetime(2015, 1, 1),
'expired': datetime(2015, 1, 1),
'exportConfig': {
'exportConfigType': 'S3'|'NO_EXPORT',
's3Destination': {
'bucket': 'string',
'bucketOwner': 'string',
'path': 'string',
'packaging': 'ZIP'|'NONE',
'encryptionKey': 'string',
'encryptionDisabled': True|False
}
},
'truncated': True|False,
'testSummary': {
'total': 123,
'statusCounts': {
'string': 123
},
'durationInNanoSeconds': 123
},
'codeCoverageSummary': {
'lineCoveragePercentage': 123.0,
'linesCovered': 123,
'linesMissed': 123,
'branchCoveragePercentage': 123.0,
'branchesCovered': 123,
'branchesMissed': 123
}
},
],
'reportsNotFound': [
'string',
]
}
Response Structure
The array of Report objects returned by BatchGetReports .
Information about the results from running a series of test cases during the run of a build project. The test cases are specified in the buildspec for the build project using one or more paths to the test case files. You can specify any type of tests you want, such as unit tests, integration tests, and functional tests.
The ARN of the report run.
The type of the report that was run.
CODE_COVERAGE
A code coverage report.
TEST
A test report.
The name of the report that was run.
The ARN of the report group associated with this report.
The ARN of the build run that generated this report.
The status of this report.
The date and time this report run occurred.
The date and time a report expires. A report expires 30 days after it is created. An expired report is not available to view in CodeBuild.
Information about where the raw data used to generate this report was exported.
The export configuration type. Valid values are:
A S3ReportExportConfig object that contains information about the S3 bucket where the run of a report is exported.
The name of the S3 bucket where the raw data of a report are exported.
The Amazon Web Services account identifier of the owner of the Amazon S3 bucket. This allows report data to be exported to an Amazon S3 bucket that is owned by an account other than the account running the build.
The path to the exported report's raw data results.
The type of build output artifact to create. Valid values include:
The encryption key for the report's encrypted raw data.
A boolean value that specifies if the results of a report are encrypted.
A boolean that specifies if this report run is truncated. The list of test cases is truncated after the maximum number of test cases is reached.
A TestReportSummary object that contains information about this test report.
The number of test cases in this TestReportSummary . The total includes truncated test cases.
A map that contains the number of each type of status returned by the test results in this TestReportSummary .
The number of nanoseconds it took to run all of the test cases in this report.
A CodeCoverageReportSummary object that contains a code coverage summary for this report.
The percentage of lines that are covered by your tests.
The number of lines that are covered by your tests.
The number of lines that are not covered by your tests.
The percentage of branches that are covered by your tests.
The number of conditional branches that are covered by your tests.
The number of conditional branches that are not covered by your tests.
An array of ARNs passed to BatchGetReportGroups that are not associated with a Report .
Exceptions
Check if an operation can be paginated.
Creates a build project.
See also: AWS API Documentation
Request Syntax
response = client.create_project(
name='string',
description='string',
source={
'type': 'CODECOMMIT'|'CODEPIPELINE'|'GITHUB'|'S3'|'BITBUCKET'|'GITHUB_ENTERPRISE'|'NO_SOURCE',
'location': 'string',
'gitCloneDepth': 123,
'gitSubmodulesConfig': {
'fetchSubmodules': True|False
},
'buildspec': 'string',
'auth': {
'type': 'OAUTH',
'resource': 'string'
},
'reportBuildStatus': True|False,
'buildStatusConfig': {
'context': 'string',
'targetUrl': 'string'
},
'insecureSsl': True|False,
'sourceIdentifier': 'string'
},
secondarySources=[
{
'type': 'CODECOMMIT'|'CODEPIPELINE'|'GITHUB'|'S3'|'BITBUCKET'|'GITHUB_ENTERPRISE'|'NO_SOURCE',
'location': 'string',
'gitCloneDepth': 123,
'gitSubmodulesConfig': {
'fetchSubmodules': True|False
},
'buildspec': 'string',
'auth': {
'type': 'OAUTH',
'resource': 'string'
},
'reportBuildStatus': True|False,
'buildStatusConfig': {
'context': 'string',
'targetUrl': 'string'
},
'insecureSsl': True|False,
'sourceIdentifier': 'string'
},
],
sourceVersion='string',
secondarySourceVersions=[
{
'sourceIdentifier': 'string',
'sourceVersion': 'string'
},
],
artifacts={
'type': 'CODEPIPELINE'|'S3'|'NO_ARTIFACTS',
'location': 'string',
'path': 'string',
'namespaceType': 'NONE'|'BUILD_ID',
'name': 'string',
'packaging': 'NONE'|'ZIP',
'overrideArtifactName': True|False,
'encryptionDisabled': True|False,
'artifactIdentifier': 'string',
'bucketOwnerAccess': 'NONE'|'READ_ONLY'|'FULL'
},
secondaryArtifacts=[
{
'type': 'CODEPIPELINE'|'S3'|'NO_ARTIFACTS',
'location': 'string',
'path': 'string',
'namespaceType': 'NONE'|'BUILD_ID',
'name': 'string',
'packaging': 'NONE'|'ZIP',
'overrideArtifactName': True|False,
'encryptionDisabled': True|False,
'artifactIdentifier': 'string',
'bucketOwnerAccess': 'NONE'|'READ_ONLY'|'FULL'
},
],
cache={
'type': 'NO_CACHE'|'S3'|'LOCAL',
'location': 'string',
'modes': [
'LOCAL_DOCKER_LAYER_CACHE'|'LOCAL_SOURCE_CACHE'|'LOCAL_CUSTOM_CACHE',
]
},
environment={
'type': 'WINDOWS_CONTAINER'|'LINUX_CONTAINER'|'LINUX_GPU_CONTAINER'|'ARM_CONTAINER'|'WINDOWS_SERVER_2019_CONTAINER',
'image': 'string',
'computeType': 'BUILD_GENERAL1_SMALL'|'BUILD_GENERAL1_MEDIUM'|'BUILD_GENERAL1_LARGE'|'BUILD_GENERAL1_2XLARGE',
'environmentVariables': [
{
'name': 'string',
'value': 'string',
'type': 'PLAINTEXT'|'PARAMETER_STORE'|'SECRETS_MANAGER'
},
],
'privilegedMode': True|False,
'certificate': 'string',
'registryCredential': {
'credential': 'string',
'credentialProvider': 'SECRETS_MANAGER'
},
'imagePullCredentialsType': 'CODEBUILD'|'SERVICE_ROLE'
},
serviceRole='string',
timeoutInMinutes=123,
queuedTimeoutInMinutes=123,
encryptionKey='string',
tags=[
{
'key': 'string',
'value': 'string'
},
],
vpcConfig={
'vpcId': 'string',
'subnets': [
'string',
],
'securityGroupIds': [
'string',
]
},
badgeEnabled=True|False,
logsConfig={
'cloudWatchLogs': {
'status': 'ENABLED'|'DISABLED',
'groupName': 'string',
'streamName': 'string'
},
's3Logs': {
'status': 'ENABLED'|'DISABLED',
'location': 'string',
'encryptionDisabled': True|False,
'bucketOwnerAccess': 'NONE'|'READ_ONLY'|'FULL'
}
},
fileSystemLocations=[
{
'type': 'EFS',
'location': 'string',
'mountPoint': 'string',
'identifier': 'string',
'mountOptions': 'string'
},
],
buildBatchConfig={
'serviceRole': 'string',
'combineArtifacts': True|False,
'restrictions': {
'maximumBuildsAllowed': 123,
'computeTypesAllowed': [
'string',
]
},
'timeoutInMins': 123,
'batchReportMode': 'REPORT_INDIVIDUAL_BUILDS'|'REPORT_AGGREGATED_BATCH'
},
concurrentBuildLimit=123
)
[REQUIRED]
The name of the build project.
[REQUIRED]
Information about the build input source code for the build project.
The type of repository that contains the source code to be built. Valid values include:
Information about the location of the source code to be built. Valid values include:
If you specify CODEPIPELINE for the Type property, don't specify this property. For all of the other types, you must specify Location .
Information about the Git clone depth for the build project.
Information about the Git submodules configuration for the build project.
Set to true to fetch Git submodules for your CodeBuild build project.
The buildspec file declaration to use for the builds in this build project.
If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in CODEBUILD_SRC_DIR environment variable, or the path to an S3 bucket. The bucket must be in the same Amazon Web Services Region as the build project. Specify the buildspec file using its ARN (for example, arn:aws:s3:::my-codebuild-sample2/buildspec.yml ). If this value is not provided or is set to an empty string, the source code must contain a buildspec file in its root directory. For more information, see Buildspec File Name and Storage Location .
Information about the authorization settings for CodeBuild to access the source code to be built.
This information is for the CodeBuild console's use only. Your code should not get or set this information directly.
Note
This data type is deprecated and is no longer accurate or used.
The authorization type to use. The only valid value is OAUTH , which represents the OAuth authorization type.
The resource value that applies to the specified authorization type.
Set to true to report the status of a build's start and finish to your source provider. This option is valid only when your source provider is GitHub, GitHub Enterprise, or Bitbucket. If this is set and you use a different source provider, an invalidInputException is thrown.
To be able to report the build status to the source provider, the user associated with the source provider must have write access to the repo. If the user does not have write access, the build status cannot be updated. For more information, see Source provider access in the CodeBuild User Guide .
The status of a build triggered by a webhook is always reported to your source provider.
If your project's builds are triggered by a webhook, you must push a new commit to the repo for a change to this property to take effect.
Contains information that defines how the build project reports the build status to the source provider. This option is only used when the source provider is GITHUB , GITHUB_ENTERPRISE , or BITBUCKET .
Specifies the context of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the name parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the context parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
Specifies the target url of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the url parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the target_url parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
Enable this flag to ignore SSL warnings while connecting to the project source code.
An identifier for this project source. The identifier can only contain alphanumeric characters and underscores, and must be less than 128 characters in length.
An array of ProjectSource objects.
Information about the build input source code for the build project.
The type of repository that contains the source code to be built. Valid values include:
Information about the location of the source code to be built. Valid values include:
If you specify CODEPIPELINE for the Type property, don't specify this property. For all of the other types, you must specify Location .
Information about the Git clone depth for the build project.
Information about the Git submodules configuration for the build project.
Set to true to fetch Git submodules for your CodeBuild build project.
The buildspec file declaration to use for the builds in this build project.
If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in CODEBUILD_SRC_DIR environment variable, or the path to an S3 bucket. The bucket must be in the same Amazon Web Services Region as the build project. Specify the buildspec file using its ARN (for example, arn:aws:s3:::my-codebuild-sample2/buildspec.yml ). If this value is not provided or is set to an empty string, the source code must contain a buildspec file in its root directory. For more information, see Buildspec File Name and Storage Location .
Information about the authorization settings for CodeBuild to access the source code to be built.
This information is for the CodeBuild console's use only. Your code should not get or set this information directly.
Note
This data type is deprecated and is no longer accurate or used.
The authorization type to use. The only valid value is OAUTH , which represents the OAuth authorization type.
The resource value that applies to the specified authorization type.
Set to true to report the status of a build's start and finish to your source provider. This option is valid only when your source provider is GitHub, GitHub Enterprise, or Bitbucket. If this is set and you use a different source provider, an invalidInputException is thrown.
To be able to report the build status to the source provider, the user associated with the source provider must have write access to the repo. If the user does not have write access, the build status cannot be updated. For more information, see Source provider access in the CodeBuild User Guide .
The status of a build triggered by a webhook is always reported to your source provider.
If your project's builds are triggered by a webhook, you must push a new commit to the repo for a change to this property to take effect.
Contains information that defines how the build project reports the build status to the source provider. This option is only used when the source provider is GITHUB , GITHUB_ENTERPRISE , or BITBUCKET .
Specifies the context of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the name parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the context parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
Specifies the target url of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the url parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the target_url parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
Enable this flag to ignore SSL warnings while connecting to the project source code.
An identifier for this project source. The identifier can only contain alphanumeric characters and underscores, and must be less than 128 characters in length.
A version of the build input to be built for this project. If not specified, the latest version is used. If specified, it must be one of:
If sourceVersion is specified at the build level, then that version takes precedence over this sourceVersion (at the project level).
For more information, see Source Version Sample with CodeBuild in the CodeBuild User Guide .
An array of ProjectSourceVersion objects. If secondarySourceVersions is specified at the build level, then they take precedence over these secondarySourceVersions (at the project level).
A source identifier and its corresponding version.
An identifier for a source in the build project. The identifier can only contain alphanumeric characters and underscores, and must be less than 128 characters in length.
The source version for the corresponding source identifier. If specified, must be one of:
For more information, see Source Version Sample with CodeBuild in the CodeBuild User Guide .
[REQUIRED]
Information about the build output artifacts for the build project.
The type of build output artifact. Valid values include:
Note
The CODEPIPELINE type is not supported for secondaryArtifacts .
Information about the build output artifact location:
Along with namespaceType and name , the pattern that CodeBuild uses to name and store the output artifact:
For example, if path is set to MyArtifacts , namespaceType is set to NONE , and name is set to MyArtifact.zip , the output artifact is stored in the output bucket at MyArtifacts/MyArtifact.zip .
Along with path and name , the pattern that CodeBuild uses to determine the name and location to store the output artifact:
For example, if path is set to MyArtifacts , namespaceType is set to BUILD_ID , and name is set to MyArtifact.zip , the output artifact is stored in MyArtifacts/<build-ID>/MyArtifact.zip .
Along with path and namespaceType , the pattern that CodeBuild uses to name and store the output artifact:
For example:
The type of build output artifact to create:
If this flag is set, a name specified in the buildspec file overrides the artifact name. The name specified in a buildspec file is calculated at build time and uses the Shell Command Language. For example, you can append a date and time to your artifact name so that it is always unique.
Set to true if you do not want your output artifacts encrypted. This option is valid only if your artifacts type is Amazon S3. If this is set with another artifacts type, an invalidInputException is thrown.
An identifier for this artifact definition.
Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects.
Note
To use this property, your CodeBuild service role must have the s3:PutBucketAcl permission. This permission allows CodeBuild to modify the access control list for the bucket.
This property can be one of the following values:
NONE
The bucket owner does not have access to the objects. This is the default.
READ_ONLY
The bucket owner has read-only access to the objects. The uploading account retains ownership of the objects.
FULL
The bucket owner has full access to the objects. Object ownership is determined by the following criteria:
For more information about Amazon S3 object ownership, see Controlling ownership of uploaded objects using S3 Object Ownership in the Amazon Simple Storage Service User Guide .
An array of ProjectArtifacts objects.
Information about the build output artifacts for the build project.
The type of build output artifact. Valid values include:
Note
The CODEPIPELINE type is not supported for secondaryArtifacts .
Information about the build output artifact location:
Along with namespaceType and name , the pattern that CodeBuild uses to name and store the output artifact:
For example, if path is set to MyArtifacts , namespaceType is set to NONE , and name is set to MyArtifact.zip , the output artifact is stored in the output bucket at MyArtifacts/MyArtifact.zip .
Along with path and name , the pattern that CodeBuild uses to determine the name and location to store the output artifact:
For example, if path is set to MyArtifacts , namespaceType is set to BUILD_ID , and name is set to MyArtifact.zip , the output artifact is stored in MyArtifacts/<build-ID>/MyArtifact.zip .
Along with path and namespaceType , the pattern that CodeBuild uses to name and store the output artifact:
For example:
The type of build output artifact to create:
If this flag is set, a name specified in the buildspec file overrides the artifact name. The name specified in a buildspec file is calculated at build time and uses the Shell Command Language. For example, you can append a date and time to your artifact name so that it is always unique.
Set to true if you do not want your output artifacts encrypted. This option is valid only if your artifacts type is Amazon S3. If this is set with another artifacts type, an invalidInputException is thrown.
An identifier for this artifact definition.
Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects.
Note
To use this property, your CodeBuild service role must have the s3:PutBucketAcl permission. This permission allows CodeBuild to modify the access control list for the bucket.
This property can be one of the following values:
NONE
The bucket owner does not have access to the objects. This is the default.
READ_ONLY
The bucket owner has read-only access to the objects. The uploading account retains ownership of the objects.
FULL
The bucket owner has full access to the objects. Object ownership is determined by the following criteria:
For more information about Amazon S3 object ownership, see Controlling ownership of uploaded objects using S3 Object Ownership in the Amazon Simple Storage Service User Guide .
Stores recently used information so that it can be quickly accessed at a later time.
The type of cache used by the build project. Valid values include:
Information about the cache location:
An array of strings that specify the local cache modes. You can use one or more local cache modes at the same time. This is only used for LOCAL cache types.
Possible values are:
LOCAL_SOURCE_CACHE
Caches Git metadata for primary and secondary sources. After the cache is created, subsequent builds pull only the change between commits. This mode is a good choice for projects with a clean working directory and a source that is a large Git repository. If you choose this option and your project does not use a Git repository (GitHub, GitHub Enterprise, or Bitbucket), the option is ignored.
LOCAL_DOCKER_LAYER_CACHE
Caches existing Docker layers. This mode is a good choice for projects that build or pull large Docker images. It can prevent the performance issues caused by pulling large Docker images down from the network.
Note
LOCAL_CUSTOM_CACHE
Caches directories you specify in the buildspec file. This mode is a good choice if your build scenario is not suited to one of the other three local cache modes. If you use a custom cache:
[REQUIRED]
Information about the build environment for the build project.
The type of build environment to use for related builds.
For more information, see Build environment compute types in the CodeBuild user guide .
The image tag or image digest that identifies the Docker image to use for this build project. Use the following formats:
For more information, see Docker images provided by CodeBuild in the CodeBuild user guide .
Information about the compute resources the build project uses. Available values include:
If you use BUILD_GENERAL1_LARGE :
For more information, see Build Environment Compute Types in the CodeBuild User Guide.
A set of environment variables to make available to builds for this build project.
Information about an environment variable for a build project or a build.
The name or key of the environment variable.
The value of the environment variable.
Warning
We strongly discourage the use of PLAINTEXT environment variables to store sensitive values, especially Amazon Web Services secret key IDs and secret access keys. PLAINTEXT environment variables can be displayed in plain text using the CodeBuild console and the CLI. For sensitive values, we recommend you use an environment variable of type PARAMETER_STORE or SECRETS_MANAGER .
The type of environment variable. Valid values include:
Enables running the Docker daemon inside a Docker container. Set to true only if the build project is used to build Docker images. Otherwise, a build that attempts to interact with the Docker daemon fails. The default setting is false .
You can initialize the Docker daemon during the install phase of your build by adding one of the following sets of commands to the install phase of your buildspec file:
If the operating system's base image is Ubuntu Linux:
- nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 --storage-driver=overlay&- timeout 15 sh -c "until docker info; do echo .; sleep 1; done"
If the operating system's base image is Alpine Linux and the previous command does not work, add the -t argument to timeout :
- nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 --storage-driver=overlay&- timeout -t 15 sh -c "until docker info; do echo .; sleep 1; done"
The ARN of the Amazon S3 bucket, path prefix, and object key that contains the PEM-encoded certificate for the build project. For more information, see certificate in the CodeBuild User Guide .
The credentials for access to a private registry.
The Amazon Resource Name (ARN) or name of credentials created using Secrets Manager.
Note
The credential can use the name of the credentials only if they exist in your current Amazon Web Services Region.
The service that created the credentials to access a private Docker registry. The valid value, SECRETS_MANAGER, is for Secrets Manager.
The type of credentials CodeBuild uses to pull images in your build. There are two valid values:
When you use a cross-account or private registry image, you must use SERVICE_ROLE credentials. When you use an CodeBuild curated image, you must use CODEBUILD credentials.
[REQUIRED]
The ARN of the IAM role that enables CodeBuild to interact with dependent Amazon Web Services services on behalf of the Amazon Web Services account.
The Key Management Service customer master key (CMK) to be used for encrypting the build output artifacts.
Note
You can use a cross-account KMS key to encrypt the build output artifacts if your service role has permission to that key.
You can specify either the Amazon Resource Name (ARN) of the CMK or, if available, the CMK's alias (using the format alias/<alias-name> ).
A list of tag key and value pairs associated with this build project.
These tags are available for use by Amazon Web Services services that support CodeBuild build project tags.
A tag, consisting of a key and a value.
This tag is available for use by Amazon Web Services services that support tags in CodeBuild.
The tag's key.
The tag's value.
VpcConfig enables CodeBuild to access resources in an Amazon VPC.
The ID of the Amazon VPC.
A list of one or more subnet IDs in your Amazon VPC.
A list of one or more security groups IDs in your Amazon VPC.
Information about logs for the build project. These can be logs in CloudWatch Logs, logs uploaded to a specified S3 bucket, or both.
Information about CloudWatch Logs for a build project. CloudWatch Logs are enabled by default.
The current status of the logs in CloudWatch Logs for a build project. Valid values are:
The group name of the logs in CloudWatch Logs. For more information, see Working with Log Groups and Log Streams .
The prefix of the stream name of the CloudWatch Logs. For more information, see Working with Log Groups and Log Streams .
Information about logs built to an S3 bucket for a build project. S3 logs are not enabled by default.
The current status of the S3 build logs. Valid values are:
The ARN of an S3 bucket and the path prefix for S3 logs. If your Amazon S3 bucket name is my-bucket , and your path prefix is build-log , then acceptable formats are my-bucket/build-log or arn:aws:s3:::my-bucket/build-log .
Set to true if you do not want your S3 build log output encrypted. By default S3 build logs are encrypted.
Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects.
Note
To use this property, your CodeBuild service role must have the s3:PutBucketAcl permission. This permission allows CodeBuild to modify the access control list for the bucket.
This property can be one of the following values:
NONE
The bucket owner does not have access to the objects. This is the default.
READ_ONLY
The bucket owner has read-only access to the objects. The uploading account retains ownership of the objects.
FULL
The bucket owner has full access to the objects. Object ownership is determined by the following criteria:
For more information about Amazon S3 object ownership, see Controlling ownership of uploaded objects using S3 Object Ownership in the Amazon Simple Storage Service User Guide .
An array of ProjectFileSystemLocation objects for a CodeBuild build project. A ProjectFileSystemLocation object specifies the identifier , location , mountOptions , mountPoint , and type of a file system created using Amazon Elastic File System.
Information about a file system created by Amazon Elastic File System (EFS). For more information, see What Is Amazon Elastic File System?
The type of the file system. The one supported type is EFS .
A string that specifies the location of the file system created by Amazon EFS. Its format is efs-dns-name:/directory-path . You can find the DNS name of file system when you view it in the Amazon EFS console. The directory path is a path to a directory in the file system that CodeBuild mounts. For example, if the DNS name of a file system is fs-abcd1234.efs.us-west-2.amazonaws.com , and its mount directory is my-efs-mount-directory , then the location is fs-abcd1234.efs.us-west-2.amazonaws.com:/my-efs-mount-directory .
The directory path in the format efs-dns-name:/directory-path is optional. If you do not specify a directory path, the location is only the DNS name and CodeBuild mounts the entire file system.
The location in the container where you mount the file system.
The name used to access a file system created by Amazon EFS. CodeBuild creates an environment variable by appending the identifier in all capital letters to CODEBUILD_ . For example, if you specify my_efs for identifier , a new environment variable is create named CODEBUILD_MY_EFS .
The identifier is used to mount your file system.
The mount options for a file system created by Amazon EFS. The default mount options used by CodeBuild are nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 . For more information, see Recommended NFS Mount Options .
A ProjectBuildBatchConfig object that defines the batch build options for the project.
Specifies the service role ARN for the batch build project.
Specifies if the build artifacts for the batch build should be combined into a single artifact location.
A BatchRestrictions object that specifies the restrictions for the batch build.
Specifies the maximum number of builds allowed.
An array of strings that specify the compute types that are allowed for the batch build. See Build environment compute types in the CodeBuild User Guide for these values.
Specifies the maximum amount of time, in minutes, that the batch build must be completed in.
Specifies how build status reports are sent to the source provider for the batch build. This property is only used when the source provider for your project is Bitbucket, GitHub, or GitHub Enterprise, and your project is configured to report build statuses to the source provider.
REPORT_AGGREGATED_BATCH
(Default) Aggregate all of the build statuses into a single status report.
REPORT_INDIVIDUAL_BUILDS
Send a separate status report for each individual build.
The maximum number of concurrent builds that are allowed for this project.
New builds are only started if the current number of builds is less than or equal to this limit. If the current build count meets this limit, new builds are throttled and are not run.
dict
Response Syntax
{
'project': {
'name': 'string',
'arn': 'string',
'description': 'string',
'source': {
'type': 'CODECOMMIT'|'CODEPIPELINE'|'GITHUB'|'S3'|'BITBUCKET'|'GITHUB_ENTERPRISE'|'NO_SOURCE',
'location': 'string',
'gitCloneDepth': 123,
'gitSubmodulesConfig': {
'fetchSubmodules': True|False
},
'buildspec': 'string',
'auth': {
'type': 'OAUTH',
'resource': 'string'
},
'reportBuildStatus': True|False,
'buildStatusConfig': {
'context': 'string',
'targetUrl': 'string'
},
'insecureSsl': True|False,
'sourceIdentifier': 'string'
},
'secondarySources': [
{
'type': 'CODECOMMIT'|'CODEPIPELINE'|'GITHUB'|'S3'|'BITBUCKET'|'GITHUB_ENTERPRISE'|'NO_SOURCE',
'location': 'string',
'gitCloneDepth': 123,
'gitSubmodulesConfig': {
'fetchSubmodules': True|False
},
'buildspec': 'string',
'auth': {
'type': 'OAUTH',
'resource': 'string'
},
'reportBuildStatus': True|False,
'buildStatusConfig': {
'context': 'string',
'targetUrl': 'string'
},
'insecureSsl': True|False,
'sourceIdentifier': 'string'
},
],
'sourceVersion': 'string',
'secondarySourceVersions': [
{
'sourceIdentifier': 'string',
'sourceVersion': 'string'
},
],
'artifacts': {
'type': 'CODEPIPELINE'|'S3'|'NO_ARTIFACTS',
'location': 'string',
'path': 'string',
'namespaceType': 'NONE'|'BUILD_ID',
'name': 'string',
'packaging': 'NONE'|'ZIP',
'overrideArtifactName': True|False,
'encryptionDisabled': True|False,
'artifactIdentifier': 'string',
'bucketOwnerAccess': 'NONE'|'READ_ONLY'|'FULL'
},
'secondaryArtifacts': [
{
'type': 'CODEPIPELINE'|'S3'|'NO_ARTIFACTS',
'location': 'string',
'path': 'string',
'namespaceType': 'NONE'|'BUILD_ID',
'name': 'string',
'packaging': 'NONE'|'ZIP',
'overrideArtifactName': True|False,
'encryptionDisabled': True|False,
'artifactIdentifier': 'string',
'bucketOwnerAccess': 'NONE'|'READ_ONLY'|'FULL'
},
],
'cache': {
'type': 'NO_CACHE'|'S3'|'LOCAL',
'location': 'string',
'modes': [
'LOCAL_DOCKER_LAYER_CACHE'|'LOCAL_SOURCE_CACHE'|'LOCAL_CUSTOM_CACHE',
]
},
'environment': {
'type': 'WINDOWS_CONTAINER'|'LINUX_CONTAINER'|'LINUX_GPU_CONTAINER'|'ARM_CONTAINER'|'WINDOWS_SERVER_2019_CONTAINER',
'image': 'string',
'computeType': 'BUILD_GENERAL1_SMALL'|'BUILD_GENERAL1_MEDIUM'|'BUILD_GENERAL1_LARGE'|'BUILD_GENERAL1_2XLARGE',
'environmentVariables': [
{
'name': 'string',
'value': 'string',
'type': 'PLAINTEXT'|'PARAMETER_STORE'|'SECRETS_MANAGER'
},
],
'privilegedMode': True|False,
'certificate': 'string',
'registryCredential': {
'credential': 'string',
'credentialProvider': 'SECRETS_MANAGER'
},
'imagePullCredentialsType': 'CODEBUILD'|'SERVICE_ROLE'
},
'serviceRole': 'string',
'timeoutInMinutes': 123,
'queuedTimeoutInMinutes': 123,
'encryptionKey': 'string',
'tags': [
{
'key': 'string',
'value': 'string'
},
],
'created': datetime(2015, 1, 1),
'lastModified': datetime(2015, 1, 1),
'webhook': {
'url': 'string',
'payloadUrl': 'string',
'secret': 'string',
'branchFilter': 'string',
'filterGroups': [
[
{
'type': 'EVENT'|'BASE_REF'|'HEAD_REF'|'ACTOR_ACCOUNT_ID'|'FILE_PATH'|'COMMIT_MESSAGE',
'pattern': 'string',
'excludeMatchedPattern': True|False
},
],
],
'buildType': 'BUILD'|'BUILD_BATCH',
'lastModifiedSecret': datetime(2015, 1, 1)
},
'vpcConfig': {
'vpcId': 'string',
'subnets': [
'string',
],
'securityGroupIds': [
'string',
]
},
'badge': {
'badgeEnabled': True|False,
'badgeRequestUrl': 'string'
},
'logsConfig': {
'cloudWatchLogs': {
'status': 'ENABLED'|'DISABLED',
'groupName': 'string',
'streamName': 'string'
},
's3Logs': {
'status': 'ENABLED'|'DISABLED',
'location': 'string',
'encryptionDisabled': True|False,
'bucketOwnerAccess': 'NONE'|'READ_ONLY'|'FULL'
}
},
'fileSystemLocations': [
{
'type': 'EFS',
'location': 'string',
'mountPoint': 'string',
'identifier': 'string',
'mountOptions': 'string'
},
],
'buildBatchConfig': {
'serviceRole': 'string',
'combineArtifacts': True|False,
'restrictions': {
'maximumBuildsAllowed': 123,
'computeTypesAllowed': [
'string',
]
},
'timeoutInMins': 123,
'batchReportMode': 'REPORT_INDIVIDUAL_BUILDS'|'REPORT_AGGREGATED_BATCH'
},
'concurrentBuildLimit': 123,
'projectVisibility': 'PUBLIC_READ'|'PRIVATE',
'publicProjectAlias': 'string',
'resourceAccessRole': 'string'
}
}
Response Structure
(dict) --
project (dict) --
Information about the build project that was created.
name (string) --
The name of the build project.
arn (string) --
The Amazon Resource Name (ARN) of the build project.
description (string) --
A description that makes the build project easy to identify.
source (dict) --
Information about the build input source code for this build project.
type (string) --
The type of repository that contains the source code to be built. Valid values include:
location (string) --
Information about the location of the source code to be built. Valid values include:
If you specify CODEPIPELINE for the Type property, don't specify this property. For all of the other types, you must specify Location .
gitCloneDepth (integer) --
Information about the Git clone depth for the build project.
gitSubmodulesConfig (dict) --
Information about the Git submodules configuration for the build project.
fetchSubmodules (boolean) --
Set to true to fetch Git submodules for your CodeBuild build project.
buildspec (string) --
The buildspec file declaration to use for the builds in this build project.
If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in CODEBUILD_SRC_DIR environment variable, or the path to an S3 bucket. The bucket must be in the same Amazon Web Services Region as the build project. Specify the buildspec file using its ARN (for example, arn:aws:s3:::my-codebuild-sample2/buildspec.yml ). If this value is not provided or is set to an empty string, the source code must contain a buildspec file in its root directory. For more information, see Buildspec File Name and Storage Location .
auth (dict) --
Information about the authorization settings for CodeBuild to access the source code to be built.
This information is for the CodeBuild console's use only. Your code should not get or set this information directly.
type (string) --
Note
This data type is deprecated and is no longer accurate or used.
The authorization type to use. The only valid value is OAUTH , which represents the OAuth authorization type.
resource (string) --
The resource value that applies to the specified authorization type.
reportBuildStatus (boolean) --
Set to true to report the status of a build's start and finish to your source provider. This option is valid only when your source provider is GitHub, GitHub Enterprise, or Bitbucket. If this is set and you use a different source provider, an invalidInputException is thrown.
To be able to report the build status to the source provider, the user associated with the source provider must have write access to the repo. If the user does not have write access, the build status cannot be updated. For more information, see Source provider access in the CodeBuild User Guide .
The status of a build triggered by a webhook is always reported to your source provider.
If your project's builds are triggered by a webhook, you must push a new commit to the repo for a change to this property to take effect.
buildStatusConfig (dict) --
Contains information that defines how the build project reports the build status to the source provider. This option is only used when the source provider is GITHUB , GITHUB_ENTERPRISE , or BITBUCKET .
context (string) --
Specifies the context of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the name parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the context parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
targetUrl (string) --
Specifies the target url of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the url parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the target_url parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
insecureSsl (boolean) --
Enable this flag to ignore SSL warnings while connecting to the project source code.
sourceIdentifier (string) --
An identifier for this project source. The identifier can only contain alphanumeric characters and underscores, and must be less than 128 characters in length.
secondarySources (list) --
An array of ProjectSource objects.
(dict) --
Information about the build input source code for the build project.
type (string) --
The type of repository that contains the source code to be built. Valid values include:
location (string) --
Information about the location of the source code to be built. Valid values include:
If you specify CODEPIPELINE for the Type property, don't specify this property. For all of the other types, you must specify Location .
gitCloneDepth (integer) --
Information about the Git clone depth for the build project.
gitSubmodulesConfig (dict) --
Information about the Git submodules configuration for the build project.
fetchSubmodules (boolean) --
Set to true to fetch Git submodules for your CodeBuild build project.
buildspec (string) --
The buildspec file declaration to use for the builds in this build project.
If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in CODEBUILD_SRC_DIR environment variable, or the path to an S3 bucket. The bucket must be in the same Amazon Web Services Region as the build project. Specify the buildspec file using its ARN (for example, arn:aws:s3:::my-codebuild-sample2/buildspec.yml ). If this value is not provided or is set to an empty string, the source code must contain a buildspec file in its root directory. For more information, see Buildspec File Name and Storage Location .
auth (dict) --
Information about the authorization settings for CodeBuild to access the source code to be built.
This information is for the CodeBuild console's use only. Your code should not get or set this information directly.
type (string) --
Note
This data type is deprecated and is no longer accurate or used.
The authorization type to use. The only valid value is OAUTH , which represents the OAuth authorization type.
resource (string) --
The resource value that applies to the specified authorization type.
reportBuildStatus (boolean) --
Set to true to report the status of a build's start and finish to your source provider. This option is valid only when your source provider is GitHub, GitHub Enterprise, or Bitbucket. If this is set and you use a different source provider, an invalidInputException is thrown.
To be able to report the build status to the source provider, the user associated with the source provider must have write access to the repo. If the user does not have write access, the build status cannot be updated. For more information, see Source provider access in the CodeBuild User Guide .
The status of a build triggered by a webhook is always reported to your source provider.
If your project's builds are triggered by a webhook, you must push a new commit to the repo for a change to this property to take effect.
buildStatusConfig (dict) --
Contains information that defines how the build project reports the build status to the source provider. This option is only used when the source provider is GITHUB , GITHUB_ENTERPRISE , or BITBUCKET .
context (string) --
Specifies the context of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the name parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the context parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
targetUrl (string) --
Specifies the target url of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the url parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the target_url parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
insecureSsl (boolean) --
Enable this flag to ignore SSL warnings while connecting to the project source code.
sourceIdentifier (string) --
An identifier for this project source. The identifier can only contain alphanumeric characters and underscores, and must be less than 128 characters in length.
sourceVersion (string) --
A version of the build input to be built for this project. If not specified, the latest version is used. If specified, it must be one of:
If sourceVersion is specified at the build level, then that version takes precedence over this sourceVersion (at the project level).
For more information, see Source Version Sample with CodeBuild in the CodeBuild User Guide .
secondarySourceVersions (list) --
An array of ProjectSourceVersion objects. If secondarySourceVersions is specified at the build level, then they take over these secondarySourceVersions (at the project level).
(dict) --
A source identifier and its corresponding version.
sourceIdentifier (string) --
An identifier for a source in the build project. The identifier can only contain alphanumeric characters and underscores, and must be less than 128 characters in length.
sourceVersion (string) --
The source version for the corresponding source identifier. If specified, must be one of:
For more information, see Source Version Sample with CodeBuild in the CodeBuild User Guide .
artifacts (dict) --
Information about the build output artifacts for the build project.
type (string) --
The type of build output artifact. Valid values include:
Note
The CODEPIPELINE type is not supported for secondaryArtifacts .
location (string) --
Information about the build output artifact location:
path (string) --
Along with namespaceType and name , the pattern that CodeBuild uses to name and store the output artifact:
For example, if path is set to MyArtifacts , namespaceType is set to NONE , and name is set to MyArtifact.zip , the output artifact is stored in the output bucket at MyArtifacts/MyArtifact.zip .
namespaceType (string) --
Along with path and name , the pattern that CodeBuild uses to determine the name and location to store the output artifact:
For example, if path is set to MyArtifacts , namespaceType is set to BUILD_ID , and name is set to MyArtifact.zip , the output artifact is stored in MyArtifacts/<build-ID>/MyArtifact.zip .
name (string) --
Along with path and namespaceType , the pattern that CodeBuild uses to name and store the output artifact:
For example:
packaging (string) --
The type of build output artifact to create:
overrideArtifactName (boolean) --
If this flag is set, a name specified in the buildspec file overrides the artifact name. The name specified in a buildspec file is calculated at build time and uses the Shell Command Language. For example, you can append a date and time to your artifact name so that it is always unique.
encryptionDisabled (boolean) --
Set to true if you do not want your output artifacts encrypted. This option is valid only if your artifacts type is Amazon S3. If this is set with another artifacts type, an invalidInputException is thrown.
artifactIdentifier (string) --
An identifier for this artifact definition.
bucketOwnerAccess (string) --
Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects.
Note
To use this property, your CodeBuild service role must have the s3:PutBucketAcl permission. This permission allows CodeBuild to modify the access control list for the bucket.
This property can be one of the following values:
NONE
The bucket owner does not have access to the objects. This is the default.
READ_ONLY
The bucket owner has read-only access to the objects. The uploading account retains ownership of the objects.
FULL
The bucket owner has full access to the objects. Object ownership is determined by the following criteria:
For more information about Amazon S3 object ownership, see Controlling ownership of uploaded objects using S3 Object Ownership in the Amazon Simple Storage Service User Guide .
secondaryArtifacts (list) --
An array of ProjectArtifacts objects.
(dict) --
Information about the build output artifacts for the build project.
type (string) --
The type of build output artifact. Valid values include:
Note
The CODEPIPELINE type is not supported for secondaryArtifacts .
location (string) --
Information about the build output artifact location:
path (string) --
Along with namespaceType and name , the pattern that CodeBuild uses to name and store the output artifact:
For example, if path is set to MyArtifacts , namespaceType is set to NONE , and name is set to MyArtifact.zip , the output artifact is stored in the output bucket at MyArtifacts/MyArtifact.zip .
namespaceType (string) --
Along with path and name , the pattern that CodeBuild uses to determine the name and location to store the output artifact:
For example, if path is set to MyArtifacts , namespaceType is set to BUILD_ID , and name is set to MyArtifact.zip , the output artifact is stored in MyArtifacts/<build-ID>/MyArtifact.zip .
name (string) --
Along with path and namespaceType , the pattern that CodeBuild uses to name and store the output artifact:
For example:
packaging (string) --
The type of build output artifact to create:
overrideArtifactName (boolean) --
If this flag is set, a name specified in the buildspec file overrides the artifact name. The name specified in a buildspec file is calculated at build time and uses the Shell Command Language. For example, you can append a date and time to your artifact name so that it is always unique.
encryptionDisabled (boolean) --
Set to true if you do not want your output artifacts encrypted. This option is valid only if your artifacts type is Amazon S3. If this is set with another artifacts type, an invalidInputException is thrown.
artifactIdentifier (string) --
An identifier for this artifact definition.
bucketOwnerAccess (string) --
Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects.
Note
To use this property, your CodeBuild service role must have the s3:PutBucketAcl permission. This permission allows CodeBuild to modify the access control list for the bucket.
This property can be one of the following values:
NONE
The bucket owner does not have access to the objects. This is the default.
READ_ONLY
The bucket owner has read-only access to the objects. The uploading account retains ownership of the objects.
FULL
The bucket owner has full access to the objects. Object ownership is determined by the following criteria:
For more information about Amazon S3 object ownership, see Controlling ownership of uploaded objects using S3 Object Ownership in the Amazon Simple Storage Service User Guide .
cache (dict) --
Information about the cache for the build project.
type (string) --
The type of cache used by the build project. Valid values include:
location (string) --
Information about the cache location:
modes (list) --
An array of strings that specify the local cache modes. You can use one or more local cache modes at the same time. This is only used for LOCAL cache types.
Possible values are:
LOCAL_SOURCE_CACHE
Caches Git metadata for primary and secondary sources. After the cache is created, subsequent builds pull only the change between commits. This mode is a good choice for projects with a clean working directory and a source that is a large Git repository. If you choose this option and your project does not use a Git repository (GitHub, GitHub Enterprise, or Bitbucket), the option is ignored.
LOCAL_DOCKER_LAYER_CACHE
Caches existing Docker layers. This mode is a good choice for projects that build or pull large Docker images. It can prevent the performance issues caused by pulling large Docker images down from the network.
Note
LOCAL_CUSTOM_CACHE
Caches directories you specify in the buildspec file. This mode is a good choice if your build scenario is not suited to one of the other three local cache modes. If you use a custom cache:
environment (dict) --
Information about the build environment for this build project.
type (string) --
The type of build environment to use for related builds.
For more information, see Build environment compute types in the CodeBuild user guide .
image (string) --
The image tag or image digest that identifies the Docker image to use for this build project. Use the following formats:
For more information, see Docker images provided by CodeBuild in the CodeBuild user guide .
computeType (string) --
Information about the compute resources the build project uses. Available values include:
If you use BUILD_GENERAL1_LARGE :
For more information, see Build Environment Compute Types in the CodeBuild User Guide.
environmentVariables (list) --
A set of environment variables to make available to builds for this build project.
(dict) --
Information about an environment variable for a build project or a build.
name (string) --
The name or key of the environment variable.
value (string) --
The value of the environment variable.
Warning
We strongly discourage the use of PLAINTEXT environment variables to store sensitive values, especially Amazon Web Services secret key IDs and secret access keys. PLAINTEXT environment variables can be displayed in plain text using the CodeBuild console and the CLI. For sensitive values, we recommend you use an environment variable of type PARAMETER_STORE or SECRETS_MANAGER .
type (string) --
The type of environment variable. Valid values include:
privilegedMode (boolean) --
Enables running the Docker daemon inside a Docker container. Set to true only if the build project is used to build Docker images. Otherwise, a build that attempts to interact with the Docker daemon fails. The default setting is false .
You can initialize the Docker daemon during the install phase of your build by adding one of the following sets of commands to the install phase of your buildspec file:
If the operating system's base image is Ubuntu Linux:
- nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 --storage-driver=overlay&
- timeout 15 sh -c "until docker info; do echo .; sleep 1; done"
If the operating system's base image is Alpine Linux and the previous command does not work, add the -t argument to timeout :
- nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 --storage-driver=overlay&
- timeout -t 15 sh -c "until docker info; do echo .; sleep 1; done"
certificate (string) --
The ARN of the Amazon S3 bucket, path prefix, and object key that contains the PEM-encoded certificate for the build project. For more information, see certificate in the CodeBuild User Guide .
registryCredential (dict) --
The credentials for access to a private registry.
credential (string) --
The Amazon Resource Name (ARN) or name of credentials created using Secrets Manager.
Note
The credential can use the name of the credentials only if they exist in your current Amazon Web Services Region.
credentialProvider (string) --
The service that created the credentials to access a private Docker registry. The valid value, SECRETS_MANAGER, is for Secrets Manager.
imagePullCredentialsType (string) --
The type of credentials CodeBuild uses to pull images in your build. There are two valid values:
When you use a cross-account or private registry image, you must use SERVICE_ROLE credentials. When you use an CodeBuild curated image, you must use CODEBUILD credentials.
serviceRole (string) --
The ARN of the IAM role that enables CodeBuild to interact with dependent Amazon Web Services services on behalf of the Amazon Web Services account.
timeoutInMinutes (integer) --
How long, in minutes, from 5 to 480 (8 hours), for CodeBuild to wait before timing out any related build that did not get marked as completed. The default is 60 minutes.
queuedTimeoutInMinutes (integer) --
The number of minutes a build is allowed to be queued before it times out.
encryptionKey (string) --
The Key Management Service customer master key (CMK) to be used for encrypting the build output artifacts.
Note
You can use a cross-account KMS key to encrypt the build output artifacts if your service role has permission to that key.
You can specify either the Amazon Resource Name (ARN) of the CMK or, if available, the CMK's alias (using the format alias/<alias-name> ). If you don't specify a value, CodeBuild uses the managed CMK for Amazon Simple Storage Service (Amazon S3).
tags (list) --
A list of tag key and value pairs associated with this build project.
These tags are available for use by Amazon Web Services services that support CodeBuild build project tags.
(dict) --
A tag, consisting of a key and a value.
This tag is available for use by Amazon Web Services services that support tags in CodeBuild.
key (string) --
The tag's key.
value (string) --
The tag's value.
created (datetime) --
When the build project was created, expressed in Unix time format.
lastModified (datetime) --
When the build project's settings were last modified, expressed in Unix time format.
webhook (dict) --
Information about a webhook that connects repository events to a build project in CodeBuild.
url (string) --
The URL to the webhook.
payloadUrl (string) --
The CodeBuild endpoint where webhook events are sent.
secret (string) --
The secret token of the associated repository.
Note
A Bitbucket webhook does not support secret .
branchFilter (string) --
A regular expression used to determine which repository branches are built when a webhook is triggered. If the name of a branch matches the regular expression, then it is built. If branchFilter is empty, then all branches are built.
Note
It is recommended that you use filterGroups instead of branchFilter .
filterGroups (list) --
An array of arrays of WebhookFilter objects used to determine which webhooks are triggered. At least one WebhookFilter in the array must specify EVENT as its type .
For a build to be triggered, at least one filter group in the filterGroups array must pass. For a filter group to pass, each of its filters must pass.
(list) --
(dict) --
A filter used to determine which webhooks trigger a build.
type (string) --
The type of webhook filter. There are six webhook filter types: EVENT , ACTOR_ACCOUNT_ID , HEAD_REF , BASE_REF , FILE_PATH , and COMMIT_MESSAGE .
EVENT
A webhook event triggers a build when the provided pattern matches one of five event types: PUSH , PULL_REQUEST_CREATED , PULL_REQUEST_UPDATED , PULL_REQUEST_REOPENED , and PULL_REQUEST_MERGED . The EVENT patterns are specified as a comma-separated string. For example, PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED filters all push, pull request created, and pull request updated events.
Note
The PULL_REQUEST_REOPENED works with GitHub and GitHub Enterprise only.
ACTOR_ACCOUNT_ID
A webhook event triggers a build when a GitHub, GitHub Enterprise, or Bitbucket account ID matches the regular expression pattern .
HEAD_REF
A webhook event triggers a build when the head reference matches the regular expression pattern . For example, refs/heads/branch-name and refs/tags/tag-name .
Works with GitHub and GitHub Enterprise push, GitHub and GitHub Enterprise pull request, Bitbucket push, and Bitbucket pull request events.
BASE_REF
A webhook event triggers a build when the base reference matches the regular expression pattern . For example, refs/heads/branch-name .
Note
Works with pull request events only.
FILE_PATH
A webhook triggers a build when the path of a changed file matches the regular expression pattern .
Note
Works with GitHub and Bitbucket events push and pull requests events. Also works with GitHub Enterprise push events, but does not work with GitHub Enterprise pull request events.
COMMIT_MESSAGE
A webhook triggers a build when the head commit message matches the regular expression pattern .
Note
Works with GitHub and Bitbucket events push and pull requests events. Also works with GitHub Enterprise push events, but does not work with GitHub Enterprise pull request events.
pattern (string) --
For a WebHookFilter that uses EVENT type, a comma-separated string that specifies one or more events. For example, the webhook filter PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED allows all push, pull request created, and pull request updated events to trigger a build.
For a WebHookFilter that uses any of the other filter types, a regular expression pattern. For example, a WebHookFilter that uses HEAD_REF for its type and the pattern ^refs/heads/ triggers a build when the head reference is a branch with a reference name refs/heads/branch-name .
excludeMatchedPattern (boolean) --
Used to indicate that the pattern determines which webhook events do not trigger a build. If true, then a webhook event that does not match the pattern triggers a build. If false, then a webhook event that matches the pattern triggers a build.
buildType (string) --
Specifies the type of build this webhook will trigger.
lastModifiedSecret (datetime) --
A timestamp that indicates the last time a repository's secret token was modified.
vpcConfig (dict) --
Information about the VPC configuration that CodeBuild accesses.
vpcId (string) --
The ID of the Amazon VPC.
subnets (list) --
A list of one or more subnet IDs in your Amazon VPC.
securityGroupIds (list) --
A list of one or more security groups IDs in your Amazon VPC.
badge (dict) --
Information about the build badge for the build project.
badgeEnabled (boolean) --
Set this to true to generate a publicly accessible URL for your project's build badge.
badgeRequestUrl (string) --
The publicly-accessible URL through which you can access the build badge for your project.
logsConfig (dict) --
Information about logs for the build project. A project can create logs in CloudWatch Logs, an S3 bucket, or both.
cloudWatchLogs (dict) --
Information about CloudWatch Logs for a build project. CloudWatch Logs are enabled by default.
status (string) --
The current status of the logs in CloudWatch Logs for a build project. Valid values are:
groupName (string) --
The group name of the logs in CloudWatch Logs. For more information, see Working with Log Groups and Log Streams .
streamName (string) --
The prefix of the stream name of the CloudWatch Logs. For more information, see Working with Log Groups and Log Streams .
s3Logs (dict) --
Information about logs built to an S3 bucket for a build project. S3 logs are not enabled by default.
status (string) --
The current status of the S3 build logs. Valid values are:
location (string) --
The ARN of an S3 bucket and the path prefix for S3 logs. If your Amazon S3 bucket name is my-bucket , and your path prefix is build-log , then acceptable formats are my-bucket/build-log or arn:aws:s3:::my-bucket/build-log .
encryptionDisabled (boolean) --
Set to true if you do not want your S3 build log output encrypted. By default S3 build logs are encrypted.
bucketOwnerAccess (string) --
Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects.
Note
To use this property, your CodeBuild service role must have the s3:PutBucketAcl permission. This permission allows CodeBuild to modify the access control list for the bucket.
This property can be one of the following values:
NONE
The bucket owner does not have access to the objects. This is the default.
READ_ONLY
The bucket owner has read-only access to the objects. The uploading account retains ownership of the objects.
FULL
The bucket owner has full access to the objects. Object ownership is determined by the following criteria:
For more information about Amazon S3 object ownership, see Controlling ownership of uploaded objects using S3 Object Ownership in the Amazon Simple Storage Service User Guide .
fileSystemLocations (list) --
An array of ProjectFileSystemLocation objects for a CodeBuild build project. A ProjectFileSystemLocation object specifies the identifier , location , mountOptions , mountPoint , and type of a file system created using Amazon Elastic File System.
(dict) --
Information about a file system created by Amazon Elastic File System (EFS). For more information, see What Is Amazon Elastic File System?
type (string) --
The type of the file system. The one supported type is EFS .
location (string) --
A string that specifies the location of the file system created by Amazon EFS. Its format is efs-dns-name:/directory-path . You can find the DNS name of file system when you view it in the Amazon EFS console. The directory path is a path to a directory in the file system that CodeBuild mounts. For example, if the DNS name of a file system is fs-abcd1234.efs.us-west-2.amazonaws.com , and its mount directory is my-efs-mount-directory , then the location is fs-abcd1234.efs.us-west-2.amazonaws.com:/my-efs-mount-directory .
The directory path in the format efs-dns-name:/directory-path is optional. If you do not specify a directory path, the location is only the DNS name and CodeBuild mounts the entire file system.
mountPoint (string) --
The location in the container where you mount the file system.
identifier (string) --
The name used to access a file system created by Amazon EFS. CodeBuild creates an environment variable by appending the identifier in all capital letters to CODEBUILD_ . For example, if you specify my_efs for identifier , a new environment variable is create named CODEBUILD_MY_EFS .
The identifier is used to mount your file system.
mountOptions (string) --
The mount options for a file system created by Amazon EFS. The default mount options used by CodeBuild are nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 . For more information, see Recommended NFS Mount Options .
buildBatchConfig (dict) --
A ProjectBuildBatchConfig object that defines the batch build options for the project.
serviceRole (string) --
Specifies the service role ARN for the batch build project.
combineArtifacts (boolean) --
Specifies if the build artifacts for the batch build should be combined into a single artifact location.
restrictions (dict) --
A BatchRestrictions object that specifies the restrictions for the batch build.
maximumBuildsAllowed (integer) --
Specifies the maximum number of builds allowed.
computeTypesAllowed (list) --
An array of strings that specify the compute types that are allowed for the batch build. See Build environment compute types in the CodeBuild User Guide for these values.
timeoutInMins (integer) --
Specifies the maximum amount of time, in minutes, that the batch build must be completed in.
batchReportMode (string) --
Specifies how build status reports are sent to the source provider for the batch build. This property is only used when the source provider for your project is Bitbucket, GitHub, or GitHub Enterprise, and your project is configured to report build statuses to the source provider.
REPORT_AGGREGATED_BATCH
(Default) Aggregate all of the build statuses into a single status report.
REPORT_INDIVIDUAL_BUILDS
Send a separate status report for each individual build.
concurrentBuildLimit (integer) --
The maximum number of concurrent builds that are allowed for this project.
New builds are only started if the current number of builds is less than or equal to this limit. If the current build count meets this limit, new builds are throttled and are not run.
projectVisibility (string) --
Specifies the visibility of the project's builds. Possible values are:
PUBLIC_READ
The project builds are visible to the public.
PRIVATE
The project builds are not visible to the public.
publicProjectAlias (string) --
Contains the project identifier used with the public build APIs.
resourceAccessRole (string) --
The ARN of the IAM role that enables CodeBuild to access the CloudWatch Logs and Amazon S3 artifacts for the project's builds.
Exceptions
Creates a report group. A report group contains a collection of reports.
See also: AWS API Documentation
Request Syntax
response = client.create_report_group(
name='string',
type='TEST'|'CODE_COVERAGE',
exportConfig={
'exportConfigType': 'S3'|'NO_EXPORT',
's3Destination': {
'bucket': 'string',
'bucketOwner': 'string',
'path': 'string',
'packaging': 'ZIP'|'NONE',
'encryptionKey': 'string',
'encryptionDisabled': True|False
}
},
tags=[
{
'key': 'string',
'value': 'string'
},
]
)
[REQUIRED]
The name of the report group.
[REQUIRED]
The type of report group.
[REQUIRED]
A ReportExportConfig object that contains information about where the report group test results are exported.
The export configuration type. Valid values are:
A S3ReportExportConfig object that contains information about the S3 bucket where the run of a report is exported.
The name of the S3 bucket where the raw data of a report are exported.
The Amazon Web Services account identifier of the owner of the Amazon S3 bucket. This allows report data to be exported to an Amazon S3 bucket that is owned by an account other than the account running the build.
The path to the exported report's raw data results.
The type of build output artifact to create. Valid values include:
The encryption key for the report's encrypted raw data.
A boolean value that specifies if the results of a report are encrypted.
A list of tag key and value pairs associated with this report group.
These tags are available for use by Amazon Web Services services that support CodeBuild report group tags.
A tag, consisting of a key and a value.
This tag is available for use by Amazon Web Services services that support tags in CodeBuild.
The tag's key.
The tag's value.
dict
Response Syntax
{
'reportGroup': {
'arn': 'string',
'name': 'string',
'type': 'TEST'|'CODE_COVERAGE',
'exportConfig': {
'exportConfigType': 'S3'|'NO_EXPORT',
's3Destination': {
'bucket': 'string',
'bucketOwner': 'string',
'path': 'string',
'packaging': 'ZIP'|'NONE',
'encryptionKey': 'string',
'encryptionDisabled': True|False
}
},
'created': datetime(2015, 1, 1),
'lastModified': datetime(2015, 1, 1),
'tags': [
{
'key': 'string',
'value': 'string'
},
],
'status': 'ACTIVE'|'DELETING'
}
}
Response Structure
(dict) --
reportGroup (dict) --
Information about the report group that was created.
arn (string) --
The ARN of the ReportGroup .
name (string) --
The name of the ReportGroup .
type (string) --
The type of the ReportGroup . This can be one of the following values:
CODE_COVERAGE
The report group contains code coverage reports.
TEST
The report group contains test reports.
exportConfig (dict) --
Information about the destination where the raw data of this ReportGroup is exported.
exportConfigType (string) --
The export configuration type. Valid values are:
s3Destination (dict) --
A S3ReportExportConfig object that contains information about the S3 bucket where the run of a report is exported.
bucket (string) --
The name of the S3 bucket where the raw data of a report are exported.
bucketOwner (string) --
The Amazon Web Services account identifier of the owner of the Amazon S3 bucket. This allows report data to be exported to an Amazon S3 bucket that is owned by an account other than the account running the build.
path (string) --
The path to the exported report's raw data results.
packaging (string) --
The type of build output artifact to create. Valid values include:
encryptionKey (string) --
The encryption key for the report's encrypted raw data.
encryptionDisabled (boolean) --
A boolean value that specifies if the results of a report are encrypted.
created (datetime) --
The date and time this ReportGroup was created.
lastModified (datetime) --
The date and time this ReportGroup was last modified.
tags (list) --
A list of tag key and value pairs associated with this report group.
These tags are available for use by Amazon Web Services services that support CodeBuild report group tags.
(dict) --
A tag, consisting of a key and a value.
This tag is available for use by Amazon Web Services services that support tags in CodeBuild.
key (string) --
The tag's key.
value (string) --
The tag's value.
status (string) --
The status of the report group. This property is read-only.
This can be one of the following values:
ACTIVE
The report group is active.
DELETING
The report group is in the process of being deleted.
Exceptions
For an existing CodeBuild build project that has its source code stored in a GitHub or Bitbucket repository, enables CodeBuild to start rebuilding the source code every time a code change is pushed to the repository.
Warning
If you enable webhooks for an CodeBuild project, and the project is used as a build step in CodePipeline, then two identical builds are created for each commit. One build is triggered through webhooks, and one through CodePipeline. Because billing is on a per-build basis, you are billed for both builds. Therefore, if you are using CodePipeline, we recommend that you disable webhooks in CodeBuild. In the CodeBuild console, clear the Webhook box. For more information, see step 5 in Change a Build Project's Settings .
See also: AWS API Documentation
Request Syntax
response = client.create_webhook(
projectName='string',
branchFilter='string',
filterGroups=[
[
{
'type': 'EVENT'|'BASE_REF'|'HEAD_REF'|'ACTOR_ACCOUNT_ID'|'FILE_PATH'|'COMMIT_MESSAGE',
'pattern': 'string',
'excludeMatchedPattern': True|False
},
],
],
buildType='BUILD'|'BUILD_BATCH'
)
[REQUIRED]
The name of the CodeBuild project.
A regular expression used to determine which repository branches are built when a webhook is triggered. If the name of a branch matches the regular expression, then it is built. If branchFilter is empty, then all branches are built.
Note
It is recommended that you use filterGroups instead of branchFilter .
An array of arrays of WebhookFilter objects used to determine which webhooks are triggered. At least one WebhookFilter in the array must specify EVENT as its type .
For a build to be triggered, at least one filter group in the filterGroups array must pass. For a filter group to pass, each of its filters must pass.
A filter used to determine which webhooks trigger a build.
The type of webhook filter. There are six webhook filter types: EVENT , ACTOR_ACCOUNT_ID , HEAD_REF , BASE_REF , FILE_PATH , and COMMIT_MESSAGE .
EVENT
A webhook event triggers a build when the provided pattern matches one of five event types: PUSH , PULL_REQUEST_CREATED , PULL_REQUEST_UPDATED , PULL_REQUEST_REOPENED , and PULL_REQUEST_MERGED . The EVENT patterns are specified as a comma-separated string. For example, PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED filters all push, pull request created, and pull request updated events.
Note
The PULL_REQUEST_REOPENED works with GitHub and GitHub Enterprise only.
ACTOR_ACCOUNT_ID
A webhook event triggers a build when a GitHub, GitHub Enterprise, or Bitbucket account ID matches the regular expression pattern .
HEAD_REF
A webhook event triggers a build when the head reference matches the regular expression pattern . For example, refs/heads/branch-name and refs/tags/tag-name .
Works with GitHub and GitHub Enterprise push, GitHub and GitHub Enterprise pull request, Bitbucket push, and Bitbucket pull request events.
BASE_REF
A webhook event triggers a build when the base reference matches the regular expression pattern . For example, refs/heads/branch-name .
Note
Works with pull request events only.
FILE_PATH
A webhook triggers a build when the path of a changed file matches the regular expression pattern .
Note
Works with GitHub and Bitbucket events push and pull requests events. Also works with GitHub Enterprise push events, but does not work with GitHub Enterprise pull request events.
COMMIT_MESSAGE
A webhook triggers a build when the head commit message matches the regular expression pattern .
Note
Works with GitHub and Bitbucket events push and pull requests events. Also works with GitHub Enterprise push events, but does not work with GitHub Enterprise pull request events.
For a WebHookFilter that uses EVENT type, a comma-separated string that specifies one or more events. For example, the webhook filter PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED allows all push, pull request created, and pull request updated events to trigger a build.
For a WebHookFilter that uses any of the other filter types, a regular expression pattern. For example, a WebHookFilter that uses HEAD_REF for its type and the pattern ^refs/heads/ triggers a build when the head reference is a branch with a reference name refs/heads/branch-name .
Used to indicate that the pattern determines which webhook events do not trigger a build. If true, then a webhook event that does not match the pattern triggers a build. If false, then a webhook event that matches the pattern triggers a build.
dict
Response Syntax
{
'webhook': {
'url': 'string',
'payloadUrl': 'string',
'secret': 'string',
'branchFilter': 'string',
'filterGroups': [
[
{
'type': 'EVENT'|'BASE_REF'|'HEAD_REF'|'ACTOR_ACCOUNT_ID'|'FILE_PATH'|'COMMIT_MESSAGE',
'pattern': 'string',
'excludeMatchedPattern': True|False
},
],
],
'buildType': 'BUILD'|'BUILD_BATCH',
'lastModifiedSecret': datetime(2015, 1, 1)
}
}
Response Structure
(dict) --
webhook (dict) --
Information about a webhook that connects repository events to a build project in CodeBuild.
url (string) --
The URL to the webhook.
payloadUrl (string) --
The CodeBuild endpoint where webhook events are sent.
secret (string) --
The secret token of the associated repository.
Note
A Bitbucket webhook does not support secret .
branchFilter (string) --
A regular expression used to determine which repository branches are built when a webhook is triggered. If the name of a branch matches the regular expression, then it is built. If branchFilter is empty, then all branches are built.
Note
It is recommended that you use filterGroups instead of branchFilter .
filterGroups (list) --
An array of arrays of WebhookFilter objects used to determine which webhooks are triggered. At least one WebhookFilter in the array must specify EVENT as its type .
For a build to be triggered, at least one filter group in the filterGroups array must pass. For a filter group to pass, each of its filters must pass.
(list) --
(dict) --
A filter used to determine which webhooks trigger a build.
type (string) --
The type of webhook filter. There are six webhook filter types: EVENT , ACTOR_ACCOUNT_ID , HEAD_REF , BASE_REF , FILE_PATH , and COMMIT_MESSAGE .
EVENT
A webhook event triggers a build when the provided pattern matches one of five event types: PUSH , PULL_REQUEST_CREATED , PULL_REQUEST_UPDATED , PULL_REQUEST_REOPENED , and PULL_REQUEST_MERGED . The EVENT patterns are specified as a comma-separated string. For example, PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED filters all push, pull request created, and pull request updated events.
Note
The PULL_REQUEST_REOPENED works with GitHub and GitHub Enterprise only.
ACTOR_ACCOUNT_ID
A webhook event triggers a build when a GitHub, GitHub Enterprise, or Bitbucket account ID matches the regular expression pattern .
HEAD_REF
A webhook event triggers a build when the head reference matches the regular expression pattern . For example, refs/heads/branch-name and refs/tags/tag-name .
Works with GitHub and GitHub Enterprise push, GitHub and GitHub Enterprise pull request, Bitbucket push, and Bitbucket pull request events.
BASE_REF
A webhook event triggers a build when the base reference matches the regular expression pattern . For example, refs/heads/branch-name .
Note
Works with pull request events only.
FILE_PATH
A webhook triggers a build when the path of a changed file matches the regular expression pattern .
Note
Works with GitHub and Bitbucket events push and pull requests events. Also works with GitHub Enterprise push events, but does not work with GitHub Enterprise pull request events.
COMMIT_MESSAGE
A webhook triggers a build when the head commit message matches the regular expression pattern .
Note
Works with GitHub and Bitbucket events push and pull requests events. Also works with GitHub Enterprise push events, but does not work with GitHub Enterprise pull request events.
pattern (string) --
For a WebHookFilter that uses EVENT type, a comma-separated string that specifies one or more events. For example, the webhook filter PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED allows all push, pull request created, and pull request updated events to trigger a build.
For a WebHookFilter that uses any of the other filter types, a regular expression pattern. For example, a WebHookFilter that uses HEAD_REF for its type and the pattern ^refs/heads/ triggers a build when the head reference is a branch with a reference name refs/heads/branch-name .
excludeMatchedPattern (boolean) --
Used to indicate that the pattern determines which webhook events do not trigger a build. If true, then a webhook event that does not match the pattern triggers a build. If false, then a webhook event that matches the pattern triggers a build.
buildType (string) --
Specifies the type of build this webhook will trigger.
lastModifiedSecret (datetime) --
A timestamp that indicates the last time a repository's secret token was modified.
Exceptions
Deletes a batch build.
See also: AWS API Documentation
Request Syntax
response = client.delete_build_batch(
id='string'
)
[REQUIRED]
The identifier of the batch build to delete.
{
'statusCode': 'string',
'buildsDeleted': [
'string',
],
'buildsNotDeleted': [
{
'id': 'string',
'statusCode': 'string'
},
]
}
Response Structure
The status code.
An array of strings that contain the identifiers of the builds that were deleted.
An array of BuildNotDeleted objects that specify the builds that could not be deleted.
Information about a build that could not be successfully deleted.
The ID of the build that could not be successfully deleted.
Additional information about the build that could not be successfully deleted.
Exceptions
Deletes a build project. When you delete a project, its builds are not deleted.
See also: AWS API Documentation
Request Syntax
response = client.delete_project(
name='string'
)
[REQUIRED]
The name of the build project.
{}
Response Structure
Exceptions
Deletes a report.
See also: AWS API Documentation
Request Syntax
response = client.delete_report(
arn='string'
)
[REQUIRED]
The ARN of the report to delete.
{}
Response Structure
Exceptions
Deletes a report group. Before you delete a report group, you must delete its reports.
See also: AWS API Documentation
Request Syntax
response = client.delete_report_group(
arn='string',
deleteReports=True|False
)
[REQUIRED]
The ARN of the report group to delete.
If true , deletes any reports that belong to a report group before deleting the report group.
If false , you must delete any reports in the report group. Use ListReportsForReportGroup to get the reports in a report group. Use DeleteReport to delete the reports. If you call DeleteReportGroup for a report group that contains one or more reports, an exception is thrown.
dict
Response Syntax
{}
Response Structure
Exceptions
Deletes a resource policy that is identified by its resource ARN.
See also: AWS API Documentation
Request Syntax
response = client.delete_resource_policy(
resourceArn='string'
)
[REQUIRED]
The ARN of the resource that is associated with the resource policy.
{}
Response Structure
Exceptions
Deletes a set of GitHub, GitHub Enterprise, or Bitbucket source credentials.
See also: AWS API Documentation
Request Syntax
response = client.delete_source_credentials(
arn='string'
)
[REQUIRED]
The Amazon Resource Name (ARN) of the token.
{
'arn': 'string'
}
Response Structure
The Amazon Resource Name (ARN) of the token.
Exceptions
For an existing CodeBuild build project that has its source code stored in a GitHub or Bitbucket repository, stops CodeBuild from rebuilding the source code every time a code change is pushed to the repository.
See also: AWS API Documentation
Request Syntax
response = client.delete_webhook(
projectName='string'
)
[REQUIRED]
The name of the CodeBuild project.
{}
Response Structure
Exceptions
Retrieves one or more code coverage reports.
See also: AWS API Documentation
Request Syntax
response = client.describe_code_coverages(
reportArn='string',
nextToken='string',
maxResults=123,
sortOrder='ASCENDING'|'DESCENDING',
sortBy='LINE_COVERAGE_PERCENTAGE'|'FILE_PATH',
minLineCoveragePercentage=123.0,
maxLineCoveragePercentage=123.0
)
[REQUIRED]
The ARN of the report for which test cases are returned.
Specifies how the results are sorted. Possible values are:
FILE_PATH
The results are sorted by file path.
LINE_COVERAGE_PERCENTAGE
The results are sorted by the percentage of lines that are covered.
dict
Response Syntax
{
'nextToken': 'string',
'codeCoverages': [
{
'id': 'string',
'reportARN': 'string',
'filePath': 'string',
'lineCoveragePercentage': 123.0,
'linesCovered': 123,
'linesMissed': 123,
'branchCoveragePercentage': 123.0,
'branchesCovered': 123,
'branchesMissed': 123,
'expired': datetime(2015, 1, 1)
},
]
}
Response Structure
(dict) --
nextToken (string) --
If there are more items to return, this contains a token that is passed to a subsequent call to DescribeCodeCoverages to retrieve the next set of items.
codeCoverages (list) --
An array of CodeCoverage objects that contain the results.
(dict) --
Contains code coverage report information.
Line coverage measures how many statements your tests cover. A statement is a single instruction, not including comments, conditionals, etc.
Branch coverage determines if your tests cover every possible branch of a control structure, such as an if or case statement.
id (string) --
The identifier of the code coverage report.
reportARN (string) --
The ARN of the report.
filePath (string) --
The path of the test report file.
lineCoveragePercentage (float) --
The percentage of lines that are covered by your tests.
linesCovered (integer) --
The number of lines that are covered by your tests.
linesMissed (integer) --
The number of lines that are not covered by your tests.
branchCoveragePercentage (float) --
The percentage of branches that are covered by your tests.
branchesCovered (integer) --
The number of conditional branches that are covered by your tests.
branchesMissed (integer) --
The number of conditional branches that are not covered by your tests.
expired (datetime) --
The date and time that the tests were run.
Exceptions
Returns a list of details about test cases for a report.
See also: AWS API Documentation
Request Syntax
response = client.describe_test_cases(
reportArn='string',
nextToken='string',
maxResults=123,
filter={
'status': 'string',
'keyword': 'string'
}
)
[REQUIRED]
The ARN of the report for which test cases are returned.
A TestCaseFilter object used to filter the returned reports.
The status used to filter test cases. A TestCaseFilter can have one status. Valid values are:
A keyword that is used to filter on the name or the prefix of the test cases. Only test cases where the keyword is a substring of the name or the prefix will be returned.
dict
Response Syntax
{
'nextToken': 'string',
'testCases': [
{
'reportArn': 'string',
'testRawDataPath': 'string',
'prefix': 'string',
'name': 'string',
'status': 'string',
'durationInNanoSeconds': 123,
'message': 'string',
'expired': datetime(2015, 1, 1)
},
]
}
Response Structure
(dict) --
nextToken (string) --
During a previous call, the maximum number of items that can be returned is the value specified in maxResults . If there more items in the list, then a unique string called a nextToken is returned. To get the next batch of items in the list, call this operation again, adding the next token to the call. To get all of the items in the list, keep calling this operation with each subsequent next token that is returned, until no more next tokens are returned.
testCases (list) --
The returned list of test cases.
(dict) --
Information about a test case created using a framework such as NUnit or Cucumber. A test case might be a unit test or a configuration test.
reportArn (string) --
The ARN of the report to which the test case belongs.
testRawDataPath (string) --
The path to the raw data file that contains the test result.
prefix (string) --
A string that is applied to a series of related test cases. CodeBuild generates the prefix. The prefix depends on the framework used to generate the tests.
name (string) --
The name of the test case.
status (string) --
The status returned by the test case after it was run. Valid statuses are SUCCEEDED , FAILED , ERROR , SKIPPED , and UNKNOWN .
durationInNanoSeconds (integer) --
The number of nanoseconds it took to run this test case.
message (string) --
A message associated with a test case. For example, an error message or stack trace.
expired (datetime) --
The date and time a test case expires. A test case expires 30 days after it is created. An expired test case is not available to view in CodeBuild.
Exceptions
Create a paginator for an operation.
Analyzes and accumulates test report values for the specified test reports.
See also: AWS API Documentation
Request Syntax
response = client.get_report_group_trend(
reportGroupArn='string',
numOfReports=123,
trendField='PASS_RATE'|'DURATION'|'TOTAL'|'LINE_COVERAGE'|'LINES_COVERED'|'LINES_MISSED'|'BRANCH_COVERAGE'|'BRANCHES_COVERED'|'BRANCHES_MISSED'
)
[REQUIRED]
The ARN of the report group that contains the reports to analyze.
The number of reports to analyze. This operation always retrieves the most recent reports.
If this parameter is omitted, the most recent 100 reports are analyzed.
[REQUIRED]
The test report value to accumulate. This must be one of the following values:
Test reports: DURATION
Accumulate the test run times for the specified reports.
PASS_RATE
Accumulate the percentage of tests that passed for the specified test reports.
TOTAL
Accumulate the total number of tests for the specified test reports.
Code coverage reports: BRANCH_COVERAGE
Accumulate the branch coverage percentages for the specified test reports.
BRANCHES_COVERED
Accumulate the branches covered values for the specified test reports.
BRANCHES_MISSED
Accumulate the branches missed values for the specified test reports.
LINE_COVERAGE
Accumulate the line coverage percentages for the specified test reports.
LINES_COVERED
Accumulate the lines covered values for the specified test reports.
LINES_MISSED
Accumulate the lines not covered values for the specified test reports.
dict
Response Syntax
{
'stats': {
'average': 'string',
'max': 'string',
'min': 'string'
},
'rawData': [
{
'reportArn': 'string',
'data': 'string'
},
]
}
Response Structure
(dict) --
stats (dict) --
Contains the accumulated trend data.
average (string) --
Contains the average of all values analyzed.
max (string) --
Contains the maximum value analyzed.
min (string) --
Contains the minimum value analyzed.
rawData (list) --
An array that contains the raw data for each report.
(dict) --
Contains the unmodified data for the report. For more information, see .
reportArn (string) --
The ARN of the report.
data (string) --
The value of the requested data field from the report.
Exceptions
Gets a resource policy that is identified by its resource ARN.
See also: AWS API Documentation
Request Syntax
response = client.get_resource_policy(
resourceArn='string'
)
[REQUIRED]
The ARN of the resource that is associated with the resource policy.
{
'policy': 'string'
}
Response Structure
The resource policy for the resource identified by the input ARN parameter.
Exceptions
Returns an object that can wait for some condition.
Imports the source repository credentials for an CodeBuild project that has its source code stored in a GitHub, GitHub Enterprise, or Bitbucket repository.
See also: AWS API Documentation
Request Syntax
response = client.import_source_credentials(
username='string',
token='string',
serverType='GITHUB'|'BITBUCKET'|'GITHUB_ENTERPRISE',
authType='OAUTH'|'BASIC_AUTH'|'PERSONAL_ACCESS_TOKEN',
shouldOverwrite=True|False
)
[REQUIRED]
For GitHub or GitHub Enterprise, this is the personal access token. For Bitbucket, this is the app password.
[REQUIRED]
The source provider used for this project.
[REQUIRED]
The type of authentication used to connect to a GitHub, GitHub Enterprise, or Bitbucket repository. An OAUTH connection is not supported by the API and must be created using the CodeBuild console.
dict
Response Syntax
{
'arn': 'string'
}
Response Structure
(dict) --
arn (string) --
The Amazon Resource Name (ARN) of the token.
Exceptions
Resets the cache for a project.
See also: AWS API Documentation
Request Syntax
response = client.invalidate_project_cache(
projectName='string'
)
[REQUIRED]
The name of the CodeBuild build project that the cache is reset for.
{}
Response Structure
Exceptions
Retrieves the identifiers of your build batches in the current region.
See also: AWS API Documentation
Request Syntax
response = client.list_build_batches(
filter={
'status': 'SUCCEEDED'|'FAILED'|'FAULT'|'TIMED_OUT'|'IN_PROGRESS'|'STOPPED'
},
maxResults=123,
sortOrder='ASCENDING'|'DESCENDING',
nextToken='string'
)
A BuildBatchFilter object that specifies the filters for the search.
The status of the batch builds to retrieve. Only batch builds that have this status will be retrieved.
Specifies the sort order of the returned items. Valid values include:
dict
Response Syntax
{
'ids': [
'string',
],
'nextToken': 'string'
}
Response Structure
(dict) --
ids (list) --
An array of strings that contains the batch build identifiers.
nextToken (string) --
If there are more items to return, this contains a token that is passed to a subsequent call to ListBuildBatches to retrieve the next set of items.
Exceptions
Retrieves the identifiers of the build batches for a specific project.
See also: AWS API Documentation
Request Syntax
response = client.list_build_batches_for_project(
projectName='string',
filter={
'status': 'SUCCEEDED'|'FAILED'|'FAULT'|'TIMED_OUT'|'IN_PROGRESS'|'STOPPED'
},
maxResults=123,
sortOrder='ASCENDING'|'DESCENDING',
nextToken='string'
)
A BuildBatchFilter object that specifies the filters for the search.
The status of the batch builds to retrieve. Only batch builds that have this status will be retrieved.
Specifies the sort order of the returned items. Valid values include:
dict
Response Syntax
{
'ids': [
'string',
],
'nextToken': 'string'
}
Response Structure
(dict) --
ids (list) --
An array of strings that contains the batch build identifiers.
nextToken (string) --
If there are more items to return, this contains a token that is passed to a subsequent call to ListBuildBatchesForProject to retrieve the next set of items.
Exceptions
Gets a list of build IDs, with each build ID representing a single build.
See also: AWS API Documentation
Request Syntax
response = client.list_builds(
sortOrder='ASCENDING'|'DESCENDING',
nextToken='string'
)
The order to list build IDs. Valid values include:
dict
Response Syntax
{
'ids': [
'string',
],
'nextToken': 'string'
}
Response Structure
(dict) --
ids (list) --
A list of build IDs, with each build ID representing a single build.
nextToken (string) --
If there are more than 100 items in the list, only the first 100 items are returned, along with a unique string called a nextToken . To get the next batch of items in the list, call this operation again, adding the next token to the call.
Exceptions
Gets a list of build identifiers for the specified build project, with each build identifier representing a single build.
See also: AWS API Documentation
Request Syntax
response = client.list_builds_for_project(
projectName='string',
sortOrder='ASCENDING'|'DESCENDING',
nextToken='string'
)
[REQUIRED]
The name of the CodeBuild project.
The order to sort the results in. The results are sorted by build number, not the build identifier. If this is not specified, the results are sorted in descending order.
Valid values include:
If the project has more than 100 builds, setting the sort order will result in an error.
dict
Response Syntax
{
'ids': [
'string',
],
'nextToken': 'string'
}
Response Structure
(dict) --
ids (list) --
A list of build identifiers for the specified build project, with each build ID representing a single build.
nextToken (string) --
If there are more than 100 items in the list, only the first 100 items are returned, along with a unique string called a nextToken . To get the next batch of items in the list, call this operation again, adding the next token to the call.
Exceptions
Gets information about Docker images that are managed by CodeBuild.
See also: AWS API Documentation
Request Syntax
response = client.list_curated_environment_images()
{
'platforms': [
{
'platform': 'DEBIAN'|'AMAZON_LINUX'|'UBUNTU'|'WINDOWS_SERVER',
'languages': [
{
'language': 'JAVA'|'PYTHON'|'NODE_JS'|'RUBY'|'GOLANG'|'DOCKER'|'ANDROID'|'DOTNET'|'BASE'|'PHP',
'images': [
{
'name': 'string',
'description': 'string',
'versions': [
'string',
]
},
]
},
]
},
]
}
Response Structure
Information about supported platforms for Docker images that are managed by CodeBuild.
A set of Docker images that are related by platform and are managed by CodeBuild.
The platform's name.
The list of programming languages that are available for the specified platform.
A set of Docker images that are related by programming language and are managed by CodeBuild.
The programming language for the Docker images.
The list of Docker images that are related by the specified programming language.
Information about a Docker image that is managed by CodeBuild.
The name of the Docker image.
The description of the Docker image.
A list of environment image versions.
Gets a list of build project names, with each build project name representing a single build project.
See also: AWS API Documentation
Request Syntax
response = client.list_projects(
sortBy='NAME'|'CREATED_TIME'|'LAST_MODIFIED_TIME',
sortOrder='ASCENDING'|'DESCENDING',
nextToken='string'
)
The criterion to be used to list build project names. Valid values include:
Use sortOrder to specify in what order to list the build project names based on the preceding criteria.
The order in which to list build projects. Valid values include:
Use sortBy to specify the criterion to be used to list build project names.
dict
Response Syntax
{
'nextToken': 'string',
'projects': [
'string',
]
}
Response Structure
(dict) --
nextToken (string) --
If there are more than 100 items in the list, only the first 100 items are returned, along with a unique string called a nextToken . To get the next batch of items in the list, call this operation again, adding the next token to the call.
projects (list) --
The list of build project names, with each build project name representing a single build project.
Exceptions
Gets a list ARNs for the report groups in the current Amazon Web Services account.
See also: AWS API Documentation
Request Syntax
response = client.list_report_groups(
sortOrder='ASCENDING'|'DESCENDING',
sortBy='NAME'|'CREATED_TIME'|'LAST_MODIFIED_TIME',
nextToken='string',
maxResults=123
)
The criterion to be used to list build report groups. Valid values include:
dict
Response Syntax
{
'nextToken': 'string',
'reportGroups': [
'string',
]
}
Response Structure
(dict) --
nextToken (string) --
During a previous call, the maximum number of items that can be returned is the value specified in maxResults . If there more items in the list, then a unique string called a nextToken is returned. To get the next batch of items in the list, call this operation again, adding the next token to the call. To get all of the items in the list, keep calling this operation with each subsequent next token that is returned, until no more next tokens are returned.
reportGroups (list) --
The list of ARNs for the report groups in the current Amazon Web Services account.
Exceptions
Returns a list of ARNs for the reports in the current Amazon Web Services account.
See also: AWS API Documentation
Request Syntax
response = client.list_reports(
sortOrder='ASCENDING'|'DESCENDING',
nextToken='string',
maxResults=123,
filter={
'status': 'GENERATING'|'SUCCEEDED'|'FAILED'|'INCOMPLETE'|'DELETING'
}
)
Specifies the sort order for the list of returned reports. Valid values are:
A ReportFilter object used to filter the returned reports.
The status used to filter reports. You can filter using one status only.
dict
Response Syntax
{
'nextToken': 'string',
'reports': [
'string',
]
}
Response Structure
(dict) --
nextToken (string) --
During a previous call, the maximum number of items that can be returned is the value specified in maxResults . If there more items in the list, then a unique string called a nextToken is returned. To get the next batch of items in the list, call this operation again, adding the next token to the call. To get all of the items in the list, keep calling this operation with each subsequent next token that is returned, until no more next tokens are returned.
reports (list) --
The list of returned ARNs for the reports in the current Amazon Web Services account.
Exceptions
Returns a list of ARNs for the reports that belong to a ReportGroup .
See also: AWS API Documentation
Request Syntax
response = client.list_reports_for_report_group(
reportGroupArn='string',
nextToken='string',
sortOrder='ASCENDING'|'DESCENDING',
maxResults=123,
filter={
'status': 'GENERATING'|'SUCCEEDED'|'FAILED'|'INCOMPLETE'|'DELETING'
}
)
[REQUIRED]
The ARN of the report group for which you want to return report ARNs.
A ReportFilter object used to filter the returned reports.
The status used to filter reports. You can filter using one status only.
dict
Response Syntax
{
'nextToken': 'string',
'reports': [
'string',
]
}
Response Structure
(dict) --
nextToken (string) --
During a previous call, the maximum number of items that can be returned is the value specified in maxResults . If there more items in the list, then a unique string called a nextToken is returned. To get the next batch of items in the list, call this operation again, adding the next token to the call. To get all of the items in the list, keep calling this operation with each subsequent next token that is returned, until no more next tokens are returned.
reports (list) --
The list of report ARNs.
Exceptions
Gets a list of projects that are shared with other Amazon Web Services accounts or users.
See also: AWS API Documentation
Request Syntax
response = client.list_shared_projects(
sortBy='ARN'|'MODIFIED_TIME',
sortOrder='ASCENDING'|'DESCENDING',
maxResults=123,
nextToken='string'
)
The criterion to be used to list build projects shared with the current Amazon Web Services account or user. Valid values include:
The order in which to list shared build projects. Valid values include:
dict
Response Syntax
{
'nextToken': 'string',
'projects': [
'string',
]
}
Response Structure
(dict) --
nextToken (string) --
During a previous call, the maximum number of items that can be returned is the value specified in maxResults . If there more items in the list, then a unique string called a nextToken is returned. To get the next batch of items in the list, call this operation again, adding the next token to the call. To get all of the items in the list, keep calling this operation with each subsequent next token that is returned, until no more next tokens are returned.
projects (list) --
The list of ARNs for the build projects shared with the current Amazon Web Services account or user.
Exceptions
Gets a list of report groups that are shared with other Amazon Web Services accounts or users.
See also: AWS API Documentation
Request Syntax
response = client.list_shared_report_groups(
sortOrder='ASCENDING'|'DESCENDING',
sortBy='ARN'|'MODIFIED_TIME',
nextToken='string',
maxResults=123
)
The order in which to list shared report groups. Valid values include:
The criterion to be used to list report groups shared with the current Amazon Web Services account or user. Valid values include:
dict
Response Syntax
{
'nextToken': 'string',
'reportGroups': [
'string',
]
}
Response Structure
(dict) --
nextToken (string) --
During a previous call, the maximum number of items that can be returned is the value specified in maxResults . If there more items in the list, then a unique string called a nextToken is returned. To get the next batch of items in the list, call this operation again, adding the next token to the call. To get all of the items in the list, keep calling this operation with each subsequent next token that is returned, until no more next tokens are returned.
reportGroups (list) --
The list of ARNs for the report groups shared with the current Amazon Web Services account or user.
Exceptions
Returns a list of SourceCredentialsInfo objects.
See also: AWS API Documentation
Request Syntax
response = client.list_source_credentials()
{
'sourceCredentialsInfos': [
{
'arn': 'string',
'serverType': 'GITHUB'|'BITBUCKET'|'GITHUB_ENTERPRISE',
'authType': 'OAUTH'|'BASIC_AUTH'|'PERSONAL_ACCESS_TOKEN'
},
]
}
Response Structure
A list of SourceCredentialsInfo objects. Each SourceCredentialsInfo object includes the authentication type, token ARN, and type of source provider for one set of credentials.
Information about the credentials for a GitHub, GitHub Enterprise, or Bitbucket repository.
The Amazon Resource Name (ARN) of the token.
The type of source provider. The valid options are GITHUB, GITHUB_ENTERPRISE, or BITBUCKET.
The type of authentication used by the credentials. Valid options are OAUTH, BASIC_AUTH, or PERSONAL_ACCESS_TOKEN.
Exceptions
Stores a resource policy for the ARN of a Project or ReportGroup object.
See also: AWS API Documentation
Request Syntax
response = client.put_resource_policy(
policy='string',
resourceArn='string'
)
[REQUIRED]
A JSON-formatted resource policy. For more information, see Sharing a Project and Sharing a Report Group in the CodeBuild User Guide .
[REQUIRED]
The ARN of the Project or ReportGroup resource you want to associate with a resource policy.
dict
Response Syntax
{
'resourceArn': 'string'
}
Response Structure
(dict) --
resourceArn (string) --
The ARN of the Project or ReportGroup resource that is associated with a resource policy.
Exceptions
Restarts a build.
See also: AWS API Documentation
Request Syntax
response = client.retry_build(
id='string',
idempotencyToken='string'
)
dict
Response Syntax
{
'build': {
'id': 'string',
'arn': 'string',
'buildNumber': 123,
'startTime': datetime(2015, 1, 1),
'endTime': datetime(2015, 1, 1),
'currentPhase': 'string',
'buildStatus': 'SUCCEEDED'|'FAILED'|'FAULT'|'TIMED_OUT'|'IN_PROGRESS'|'STOPPED',
'sourceVersion': 'string',
'resolvedSourceVersion': 'string',
'projectName': 'string',
'phases': [
{
'phaseType': 'SUBMITTED'|'QUEUED'|'PROVISIONING'|'DOWNLOAD_SOURCE'|'INSTALL'|'PRE_BUILD'|'BUILD'|'POST_BUILD'|'UPLOAD_ARTIFACTS'|'FINALIZING'|'COMPLETED',
'phaseStatus': 'SUCCEEDED'|'FAILED'|'FAULT'|'TIMED_OUT'|'IN_PROGRESS'|'STOPPED',
'startTime': datetime(2015, 1, 1),
'endTime': datetime(2015, 1, 1),
'durationInSeconds': 123,
'contexts': [
{
'statusCode': 'string',
'message': 'string'
},
]
},
],
'source': {
'type': 'CODECOMMIT'|'CODEPIPELINE'|'GITHUB'|'S3'|'BITBUCKET'|'GITHUB_ENTERPRISE'|'NO_SOURCE',
'location': 'string',
'gitCloneDepth': 123,
'gitSubmodulesConfig': {
'fetchSubmodules': True|False
},
'buildspec': 'string',
'auth': {
'type': 'OAUTH',
'resource': 'string'
},
'reportBuildStatus': True|False,
'buildStatusConfig': {
'context': 'string',
'targetUrl': 'string'
},
'insecureSsl': True|False,
'sourceIdentifier': 'string'
},
'secondarySources': [
{
'type': 'CODECOMMIT'|'CODEPIPELINE'|'GITHUB'|'S3'|'BITBUCKET'|'GITHUB_ENTERPRISE'|'NO_SOURCE',
'location': 'string',
'gitCloneDepth': 123,
'gitSubmodulesConfig': {
'fetchSubmodules': True|False
},
'buildspec': 'string',
'auth': {
'type': 'OAUTH',
'resource': 'string'
},
'reportBuildStatus': True|False,
'buildStatusConfig': {
'context': 'string',
'targetUrl': 'string'
},
'insecureSsl': True|False,
'sourceIdentifier': 'string'
},
],
'secondarySourceVersions': [
{
'sourceIdentifier': 'string',
'sourceVersion': 'string'
},
],
'artifacts': {
'location': 'string',
'sha256sum': 'string',
'md5sum': 'string',
'overrideArtifactName': True|False,
'encryptionDisabled': True|False,
'artifactIdentifier': 'string',
'bucketOwnerAccess': 'NONE'|'READ_ONLY'|'FULL'
},
'secondaryArtifacts': [
{
'location': 'string',
'sha256sum': 'string',
'md5sum': 'string',
'overrideArtifactName': True|False,
'encryptionDisabled': True|False,
'artifactIdentifier': 'string',
'bucketOwnerAccess': 'NONE'|'READ_ONLY'|'FULL'
},
],
'cache': {
'type': 'NO_CACHE'|'S3'|'LOCAL',
'location': 'string',
'modes': [
'LOCAL_DOCKER_LAYER_CACHE'|'LOCAL_SOURCE_CACHE'|'LOCAL_CUSTOM_CACHE',
]
},
'environment': {
'type': 'WINDOWS_CONTAINER'|'LINUX_CONTAINER'|'LINUX_GPU_CONTAINER'|'ARM_CONTAINER'|'WINDOWS_SERVER_2019_CONTAINER',
'image': 'string',
'computeType': 'BUILD_GENERAL1_SMALL'|'BUILD_GENERAL1_MEDIUM'|'BUILD_GENERAL1_LARGE'|'BUILD_GENERAL1_2XLARGE',
'environmentVariables': [
{
'name': 'string',
'value': 'string',
'type': 'PLAINTEXT'|'PARAMETER_STORE'|'SECRETS_MANAGER'
},
],
'privilegedMode': True|False,
'certificate': 'string',
'registryCredential': {
'credential': 'string',
'credentialProvider': 'SECRETS_MANAGER'
},
'imagePullCredentialsType': 'CODEBUILD'|'SERVICE_ROLE'
},
'serviceRole': 'string',
'logs': {
'groupName': 'string',
'streamName': 'string',
'deepLink': 'string',
's3DeepLink': 'string',
'cloudWatchLogsArn': 'string',
's3LogsArn': 'string',
'cloudWatchLogs': {
'status': 'ENABLED'|'DISABLED',
'groupName': 'string',
'streamName': 'string'
},
's3Logs': {
'status': 'ENABLED'|'DISABLED',
'location': 'string',
'encryptionDisabled': True|False,
'bucketOwnerAccess': 'NONE'|'READ_ONLY'|'FULL'
}
},
'timeoutInMinutes': 123,
'queuedTimeoutInMinutes': 123,
'buildComplete': True|False,
'initiator': 'string',
'vpcConfig': {
'vpcId': 'string',
'subnets': [
'string',
],
'securityGroupIds': [
'string',
]
},
'networkInterface': {
'subnetId': 'string',
'networkInterfaceId': 'string'
},
'encryptionKey': 'string',
'exportedEnvironmentVariables': [
{
'name': 'string',
'value': 'string'
},
],
'reportArns': [
'string',
],
'fileSystemLocations': [
{
'type': 'EFS',
'location': 'string',
'mountPoint': 'string',
'identifier': 'string',
'mountOptions': 'string'
},
],
'debugSession': {
'sessionEnabled': True|False,
'sessionTarget': 'string'
},
'buildBatchArn': 'string'
}
}
Response Structure
(dict) --
build (dict) --
Information about a build.
id (string) --
The unique ID for the build.
arn (string) --
The Amazon Resource Name (ARN) of the build.
buildNumber (integer) --
The number of the build. For each project, the buildNumber of its first build is 1 . The buildNumber of each subsequent build is incremented by 1 . If a build is deleted, the buildNumber of other builds does not change.
startTime (datetime) --
When the build process started, expressed in Unix time format.
endTime (datetime) --
When the build process ended, expressed in Unix time format.
currentPhase (string) --
The current build phase.
buildStatus (string) --
The current status of the build. Valid values include:
sourceVersion (string) --
Any version identifier for the version of the source code to be built. If sourceVersion is specified at the project level, then this sourceVersion (at the build level) takes precedence.
For more information, see Source Version Sample with CodeBuild in the CodeBuild User Guide .
resolvedSourceVersion (string) --
An identifier for the version of this build's source code.
projectName (string) --
The name of the CodeBuild project.
phases (list) --
Information about all previous build phases that are complete and information about any current build phase that is not yet complete.
(dict) --
Information about a stage for a build.
phaseType (string) --
The name of the build phase. Valid values include:
BUILD
Core build activities typically occur in this build phase.
COMPLETED
The build has been completed.
DOWNLOAD_SOURCE
Source code is being downloaded in this build phase.
FINALIZING
The build process is completing in this build phase.
INSTALL
Installation activities typically occur in this build phase.
POST_BUILD
Post-build activities typically occur in this build phase.
PRE_BUILD
Pre-build activities typically occur in this build phase.
PROVISIONING
The build environment is being set up.
QUEUED
The build has been submitted and is queued behind other submitted builds.
SUBMITTED
The build has been submitted.
UPLOAD_ARTIFACTS
Build output artifacts are being uploaded to the output location.
phaseStatus (string) --
The current status of the build phase. Valid values include:
FAILED
The build phase failed.
FAULT
The build phase faulted.
IN_PROGRESS
The build phase is still in progress.
STOPPED
The build phase stopped.
SUCCEEDED
The build phase succeeded.
TIMED_OUT
The build phase timed out.
startTime (datetime) --
When the build phase started, expressed in Unix time format.
endTime (datetime) --
When the build phase ended, expressed in Unix time format.
durationInSeconds (integer) --
How long, in seconds, between the starting and ending times of the build's phase.
contexts (list) --
Additional information about a build phase, especially to help troubleshoot a failed build.
(dict) --
Additional information about a build phase that has an error. You can use this information for troubleshooting.
statusCode (string) --
The status code for the context of the build phase.
message (string) --
An explanation of the build phase's context. This might include a command ID and an exit code.
source (dict) --
Information about the source code to be built.
type (string) --
The type of repository that contains the source code to be built. Valid values include:
location (string) --
Information about the location of the source code to be built. Valid values include:
If you specify CODEPIPELINE for the Type property, don't specify this property. For all of the other types, you must specify Location .
gitCloneDepth (integer) --
Information about the Git clone depth for the build project.
gitSubmodulesConfig (dict) --
Information about the Git submodules configuration for the build project.
fetchSubmodules (boolean) --
Set to true to fetch Git submodules for your CodeBuild build project.
buildspec (string) --
The buildspec file declaration to use for the builds in this build project.
If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in CODEBUILD_SRC_DIR environment variable, or the path to an S3 bucket. The bucket must be in the same Amazon Web Services Region as the build project. Specify the buildspec file using its ARN (for example, arn:aws:s3:::my-codebuild-sample2/buildspec.yml ). If this value is not provided or is set to an empty string, the source code must contain a buildspec file in its root directory. For more information, see Buildspec File Name and Storage Location .
auth (dict) --
Information about the authorization settings for CodeBuild to access the source code to be built.
This information is for the CodeBuild console's use only. Your code should not get or set this information directly.
type (string) --
Note
This data type is deprecated and is no longer accurate or used.
The authorization type to use. The only valid value is OAUTH , which represents the OAuth authorization type.
resource (string) --
The resource value that applies to the specified authorization type.
reportBuildStatus (boolean) --
Set to true to report the status of a build's start and finish to your source provider. This option is valid only when your source provider is GitHub, GitHub Enterprise, or Bitbucket. If this is set and you use a different source provider, an invalidInputException is thrown.
To be able to report the build status to the source provider, the user associated with the source provider must have write access to the repo. If the user does not have write access, the build status cannot be updated. For more information, see Source provider access in the CodeBuild User Guide .
The status of a build triggered by a webhook is always reported to your source provider.
If your project's builds are triggered by a webhook, you must push a new commit to the repo for a change to this property to take effect.
buildStatusConfig (dict) --
Contains information that defines how the build project reports the build status to the source provider. This option is only used when the source provider is GITHUB , GITHUB_ENTERPRISE , or BITBUCKET .
context (string) --
Specifies the context of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the name parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the context parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
targetUrl (string) --
Specifies the target url of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the url parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the target_url parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
insecureSsl (boolean) --
Enable this flag to ignore SSL warnings while connecting to the project source code.
sourceIdentifier (string) --
An identifier for this project source. The identifier can only contain alphanumeric characters and underscores, and must be less than 128 characters in length.
secondarySources (list) --
An array of ProjectSource objects.
(dict) --
Information about the build input source code for the build project.
type (string) --
The type of repository that contains the source code to be built. Valid values include:
location (string) --
Information about the location of the source code to be built. Valid values include:
If you specify CODEPIPELINE for the Type property, don't specify this property. For all of the other types, you must specify Location .
gitCloneDepth (integer) --
Information about the Git clone depth for the build project.
gitSubmodulesConfig (dict) --
Information about the Git submodules configuration for the build project.
fetchSubmodules (boolean) --
Set to true to fetch Git submodules for your CodeBuild build project.
buildspec (string) --
The buildspec file declaration to use for the builds in this build project.
If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in CODEBUILD_SRC_DIR environment variable, or the path to an S3 bucket. The bucket must be in the same Amazon Web Services Region as the build project. Specify the buildspec file using its ARN (for example, arn:aws:s3:::my-codebuild-sample2/buildspec.yml ). If this value is not provided or is set to an empty string, the source code must contain a buildspec file in its root directory. For more information, see Buildspec File Name and Storage Location .
auth (dict) --
Information about the authorization settings for CodeBuild to access the source code to be built.
This information is for the CodeBuild console's use only. Your code should not get or set this information directly.
type (string) --
Note
This data type is deprecated and is no longer accurate or used.
The authorization type to use. The only valid value is OAUTH , which represents the OAuth authorization type.
resource (string) --
The resource value that applies to the specified authorization type.
reportBuildStatus (boolean) --
Set to true to report the status of a build's start and finish to your source provider. This option is valid only when your source provider is GitHub, GitHub Enterprise, or Bitbucket. If this is set and you use a different source provider, an invalidInputException is thrown.
To be able to report the build status to the source provider, the user associated with the source provider must have write access to the repo. If the user does not have write access, the build status cannot be updated. For more information, see Source provider access in the CodeBuild User Guide .
The status of a build triggered by a webhook is always reported to your source provider.
If your project's builds are triggered by a webhook, you must push a new commit to the repo for a change to this property to take effect.
buildStatusConfig (dict) --
Contains information that defines how the build project reports the build status to the source provider. This option is only used when the source provider is GITHUB , GITHUB_ENTERPRISE , or BITBUCKET .
context (string) --
Specifies the context of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the name parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the context parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
targetUrl (string) --
Specifies the target url of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the url parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the target_url parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
insecureSsl (boolean) --
Enable this flag to ignore SSL warnings while connecting to the project source code.
sourceIdentifier (string) --
An identifier for this project source. The identifier can only contain alphanumeric characters and underscores, and must be less than 128 characters in length.
secondarySourceVersions (list) --
An array of ProjectSourceVersion objects. Each ProjectSourceVersion must be one of:
(dict) --
A source identifier and its corresponding version.
sourceIdentifier (string) --
An identifier for a source in the build project. The identifier can only contain alphanumeric characters and underscores, and must be less than 128 characters in length.
sourceVersion (string) --
The source version for the corresponding source identifier. If specified, must be one of:
For more information, see Source Version Sample with CodeBuild in the CodeBuild User Guide .
artifacts (dict) --
Information about the output artifacts for the build.
location (string) --
Information about the location of the build artifacts.
sha256sum (string) --
The SHA-256 hash of the build artifact.
You can use this hash along with a checksum tool to confirm file integrity and authenticity.
Note
This value is available only if the build project's packaging value is set to ZIP .
md5sum (string) --
The MD5 hash of the build artifact.
You can use this hash along with a checksum tool to confirm file integrity and authenticity.
Note
This value is available only if the build project's packaging value is set to ZIP .
overrideArtifactName (boolean) --
If this flag is set, a name specified in the buildspec file overrides the artifact name. The name specified in a buildspec file is calculated at build time and uses the Shell Command Language. For example, you can append a date and time to your artifact name so that it is always unique.
encryptionDisabled (boolean) --
Information that tells you if encryption for build artifacts is disabled.
artifactIdentifier (string) --
An identifier for this artifact definition.
bucketOwnerAccess (string) --
Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects.
Note
To use this property, your CodeBuild service role must have the s3:PutBucketAcl permission. This permission allows CodeBuild to modify the access control list for the bucket.
This property can be one of the following values:
NONE
The bucket owner does not have access to the objects. This is the default.
READ_ONLY
The bucket owner has read-only access to the objects. The uploading account retains ownership of the objects.
FULL
The bucket owner has full access to the objects. Object ownership is determined by the following criteria:
For more information about Amazon S3 object ownership, see Controlling ownership of uploaded objects using S3 Object Ownership in the Amazon Simple Storage Service User Guide .
secondaryArtifacts (list) --
An array of ProjectArtifacts objects.
(dict) --
Information about build output artifacts.
location (string) --
Information about the location of the build artifacts.
sha256sum (string) --
The SHA-256 hash of the build artifact.
You can use this hash along with a checksum tool to confirm file integrity and authenticity.
Note
This value is available only if the build project's packaging value is set to ZIP .
md5sum (string) --
The MD5 hash of the build artifact.
You can use this hash along with a checksum tool to confirm file integrity and authenticity.
Note
This value is available only if the build project's packaging value is set to ZIP .
overrideArtifactName (boolean) --
If this flag is set, a name specified in the buildspec file overrides the artifact name. The name specified in a buildspec file is calculated at build time and uses the Shell Command Language. For example, you can append a date and time to your artifact name so that it is always unique.
encryptionDisabled (boolean) --
Information that tells you if encryption for build artifacts is disabled.
artifactIdentifier (string) --
An identifier for this artifact definition.
bucketOwnerAccess (string) --
Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects.
Note
To use this property, your CodeBuild service role must have the s3:PutBucketAcl permission. This permission allows CodeBuild to modify the access control list for the bucket.
This property can be one of the following values:
NONE
The bucket owner does not have access to the objects. This is the default.
READ_ONLY
The bucket owner has read-only access to the objects. The uploading account retains ownership of the objects.
FULL
The bucket owner has full access to the objects. Object ownership is determined by the following criteria:
For more information about Amazon S3 object ownership, see Controlling ownership of uploaded objects using S3 Object Ownership in the Amazon Simple Storage Service User Guide .
cache (dict) --
Information about the cache for the build.
type (string) --
The type of cache used by the build project. Valid values include:
location (string) --
Information about the cache location:
modes (list) --
An array of strings that specify the local cache modes. You can use one or more local cache modes at the same time. This is only used for LOCAL cache types.
Possible values are:
LOCAL_SOURCE_CACHE
Caches Git metadata for primary and secondary sources. After the cache is created, subsequent builds pull only the change between commits. This mode is a good choice for projects with a clean working directory and a source that is a large Git repository. If you choose this option and your project does not use a Git repository (GitHub, GitHub Enterprise, or Bitbucket), the option is ignored.
LOCAL_DOCKER_LAYER_CACHE
Caches existing Docker layers. This mode is a good choice for projects that build or pull large Docker images. It can prevent the performance issues caused by pulling large Docker images down from the network.
Note
LOCAL_CUSTOM_CACHE
Caches directories you specify in the buildspec file. This mode is a good choice if your build scenario is not suited to one of the other three local cache modes. If you use a custom cache:
environment (dict) --
Information about the build environment for this build.
type (string) --
The type of build environment to use for related builds.
For more information, see Build environment compute types in the CodeBuild user guide .
image (string) --
The image tag or image digest that identifies the Docker image to use for this build project. Use the following formats:
For more information, see Docker images provided by CodeBuild in the CodeBuild user guide .
computeType (string) --
Information about the compute resources the build project uses. Available values include:
If you use BUILD_GENERAL1_LARGE :
For more information, see Build Environment Compute Types in the CodeBuild User Guide.
environmentVariables (list) --
A set of environment variables to make available to builds for this build project.
(dict) --
Information about an environment variable for a build project or a build.
name (string) --
The name or key of the environment variable.
value (string) --
The value of the environment variable.
Warning
We strongly discourage the use of PLAINTEXT environment variables to store sensitive values, especially Amazon Web Services secret key IDs and secret access keys. PLAINTEXT environment variables can be displayed in plain text using the CodeBuild console and the CLI. For sensitive values, we recommend you use an environment variable of type PARAMETER_STORE or SECRETS_MANAGER .
type (string) --
The type of environment variable. Valid values include:
privilegedMode (boolean) --
Enables running the Docker daemon inside a Docker container. Set to true only if the build project is used to build Docker images. Otherwise, a build that attempts to interact with the Docker daemon fails. The default setting is false .
You can initialize the Docker daemon during the install phase of your build by adding one of the following sets of commands to the install phase of your buildspec file:
If the operating system's base image is Ubuntu Linux:
- nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 --storage-driver=overlay&
- timeout 15 sh -c "until docker info; do echo .; sleep 1; done"
If the operating system's base image is Alpine Linux and the previous command does not work, add the -t argument to timeout :
- nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 --storage-driver=overlay&
- timeout -t 15 sh -c "until docker info; do echo .; sleep 1; done"
certificate (string) --
The ARN of the Amazon S3 bucket, path prefix, and object key that contains the PEM-encoded certificate for the build project. For more information, see certificate in the CodeBuild User Guide .
registryCredential (dict) --
The credentials for access to a private registry.
credential (string) --
The Amazon Resource Name (ARN) or name of credentials created using Secrets Manager.
Note
The credential can use the name of the credentials only if they exist in your current Amazon Web Services Region.
credentialProvider (string) --
The service that created the credentials to access a private Docker registry. The valid value, SECRETS_MANAGER, is for Secrets Manager.
imagePullCredentialsType (string) --
The type of credentials CodeBuild uses to pull images in your build. There are two valid values:
When you use a cross-account or private registry image, you must use SERVICE_ROLE credentials. When you use an CodeBuild curated image, you must use CODEBUILD credentials.
serviceRole (string) --
The name of a service role used for this build.
logs (dict) --
Information about the build's logs in CloudWatch Logs.
groupName (string) --
The name of the CloudWatch Logs group for the build logs.
streamName (string) --
The name of the CloudWatch Logs stream for the build logs.
deepLink (string) --
The URL to an individual build log in CloudWatch Logs.
s3DeepLink (string) --
The URL to a build log in an S3 bucket.
cloudWatchLogsArn (string) --
The ARN of CloudWatch Logs for a build project. Its format is arn:${Partition}:logs:${Region}:${Account}:log-group:${LogGroupName}:log-stream:${LogStreamName} . For more information, see Resources Defined by CloudWatch Logs .
s3LogsArn (string) --
The ARN of S3 logs for a build project. Its format is arn:${Partition}:s3:::${BucketName}/${ObjectName} . For more information, see Resources Defined by Amazon S3 .
cloudWatchLogs (dict) --
Information about CloudWatch Logs for a build project.
status (string) --
The current status of the logs in CloudWatch Logs for a build project. Valid values are:
groupName (string) --
The group name of the logs in CloudWatch Logs. For more information, see Working with Log Groups and Log Streams .
streamName (string) --
The prefix of the stream name of the CloudWatch Logs. For more information, see Working with Log Groups and Log Streams .
s3Logs (dict) --
Information about S3 logs for a build project.
status (string) --
The current status of the S3 build logs. Valid values are:
location (string) --
The ARN of an S3 bucket and the path prefix for S3 logs. If your Amazon S3 bucket name is my-bucket , and your path prefix is build-log , then acceptable formats are my-bucket/build-log or arn:aws:s3:::my-bucket/build-log .
encryptionDisabled (boolean) --
Set to true if you do not want your S3 build log output encrypted. By default S3 build logs are encrypted.
bucketOwnerAccess (string) --
Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects.
Note
To use this property, your CodeBuild service role must have the s3:PutBucketAcl permission. This permission allows CodeBuild to modify the access control list for the bucket.
This property can be one of the following values:
NONE
The bucket owner does not have access to the objects. This is the default.
READ_ONLY
The bucket owner has read-only access to the objects. The uploading account retains ownership of the objects.
FULL
The bucket owner has full access to the objects. Object ownership is determined by the following criteria:
For more information about Amazon S3 object ownership, see Controlling ownership of uploaded objects using S3 Object Ownership in the Amazon Simple Storage Service User Guide .
timeoutInMinutes (integer) --
How long, in minutes, for CodeBuild to wait before timing out this build if it does not get marked as completed.
queuedTimeoutInMinutes (integer) --
The number of minutes a build is allowed to be queued before it times out.
buildComplete (boolean) --
Whether the build is complete. True if complete; otherwise, false.
initiator (string) --
The entity that started the build. Valid values include:
vpcConfig (dict) --
If your CodeBuild project accesses resources in an Amazon VPC, you provide this parameter that identifies the VPC ID and the list of security group IDs and subnet IDs. The security groups and subnets must belong to the same VPC. You must provide at least one security group and one subnet ID.
vpcId (string) --
The ID of the Amazon VPC.
subnets (list) --
A list of one or more subnet IDs in your Amazon VPC.
securityGroupIds (list) --
A list of one or more security groups IDs in your Amazon VPC.
networkInterface (dict) --
Describes a network interface.
subnetId (string) --
The ID of the subnet.
networkInterfaceId (string) --
The ID of the network interface.
encryptionKey (string) --
The Key Management Service customer master key (CMK) to be used for encrypting the build output artifacts.
Note
You can use a cross-account KMS key to encrypt the build output artifacts if your service role has permission to that key.
You can specify either the Amazon Resource Name (ARN) of the CMK or, if available, the CMK's alias (using the format alias/<alias-name> ).
exportedEnvironmentVariables (list) --
A list of exported environment variables for this build.
Exported environment variables are used in conjunction with CodePipeline to export environment variables from the current build stage to subsequent stages in the pipeline. For more information, see Working with variables in the CodePipeline User Guide .
(dict) --
Contains information about an exported environment variable.
Exported environment variables are used in conjunction with CodePipeline to export environment variables from the current build stage to subsequent stages in the pipeline. For more information, see Working with variables in the CodePipeline User Guide .
Note
During a build, the value of a variable is available starting with the install phase. It can be updated between the start of the install phase and the end of the post_build phase. After the post_build phase ends, the value of exported variables cannot change.
name (string) --
The name of the exported environment variable.
value (string) --
The value assigned to the exported environment variable.
reportArns (list) --
An array of the ARNs associated with this build's reports.
fileSystemLocations (list) --
An array of ProjectFileSystemLocation objects for a CodeBuild build project. A ProjectFileSystemLocation object specifies the identifier , location , mountOptions , mountPoint , and type of a file system created using Amazon Elastic File System.
(dict) --
Information about a file system created by Amazon Elastic File System (EFS). For more information, see What Is Amazon Elastic File System?
type (string) --
The type of the file system. The one supported type is EFS .
location (string) --
A string that specifies the location of the file system created by Amazon EFS. Its format is efs-dns-name:/directory-path . You can find the DNS name of file system when you view it in the Amazon EFS console. The directory path is a path to a directory in the file system that CodeBuild mounts. For example, if the DNS name of a file system is fs-abcd1234.efs.us-west-2.amazonaws.com , and its mount directory is my-efs-mount-directory , then the location is fs-abcd1234.efs.us-west-2.amazonaws.com:/my-efs-mount-directory .
The directory path in the format efs-dns-name:/directory-path is optional. If you do not specify a directory path, the location is only the DNS name and CodeBuild mounts the entire file system.
mountPoint (string) --
The location in the container where you mount the file system.
identifier (string) --
The name used to access a file system created by Amazon EFS. CodeBuild creates an environment variable by appending the identifier in all capital letters to CODEBUILD_ . For example, if you specify my_efs for identifier , a new environment variable is create named CODEBUILD_MY_EFS .
The identifier is used to mount your file system.
mountOptions (string) --
The mount options for a file system created by Amazon EFS. The default mount options used by CodeBuild are nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 . For more information, see Recommended NFS Mount Options .
debugSession (dict) --
Contains information about the debug session for this build.
sessionEnabled (boolean) --
Specifies if session debugging is enabled for this build.
sessionTarget (string) --
Contains the identifier of the Session Manager session used for the build. To work with the paused build, you open this session to examine, control, and resume the build.
buildBatchArn (string) --
The ARN of the batch build that this build is a member of, if applicable.
Exceptions
Restarts a failed batch build. Only batch builds that have failed can be retried.
See also: AWS API Documentation
Request Syntax
response = client.retry_build_batch(
id='string',
idempotencyToken='string',
retryType='RETRY_ALL_BUILDS'|'RETRY_FAILED_BUILDS'
)
dict
Response Syntax
{
'buildBatch': {
'id': 'string',
'arn': 'string',
'startTime': datetime(2015, 1, 1),
'endTime': datetime(2015, 1, 1),
'currentPhase': 'string',
'buildBatchStatus': 'SUCCEEDED'|'FAILED'|'FAULT'|'TIMED_OUT'|'IN_PROGRESS'|'STOPPED',
'sourceVersion': 'string',
'resolvedSourceVersion': 'string',
'projectName': 'string',
'phases': [
{
'phaseType': 'SUBMITTED'|'DOWNLOAD_BATCHSPEC'|'IN_PROGRESS'|'COMBINE_ARTIFACTS'|'SUCCEEDED'|'FAILED'|'STOPPED',
'phaseStatus': 'SUCCEEDED'|'FAILED'|'FAULT'|'TIMED_OUT'|'IN_PROGRESS'|'STOPPED',
'startTime': datetime(2015, 1, 1),
'endTime': datetime(2015, 1, 1),
'durationInSeconds': 123,
'contexts': [
{
'statusCode': 'string',
'message': 'string'
},
]
},
],
'source': {
'type': 'CODECOMMIT'|'CODEPIPELINE'|'GITHUB'|'S3'|'BITBUCKET'|'GITHUB_ENTERPRISE'|'NO_SOURCE',
'location': 'string',
'gitCloneDepth': 123,
'gitSubmodulesConfig': {
'fetchSubmodules': True|False
},
'buildspec': 'string',
'auth': {
'type': 'OAUTH',
'resource': 'string'
},
'reportBuildStatus': True|False,
'buildStatusConfig': {
'context': 'string',
'targetUrl': 'string'
},
'insecureSsl': True|False,
'sourceIdentifier': 'string'
},
'secondarySources': [
{
'type': 'CODECOMMIT'|'CODEPIPELINE'|'GITHUB'|'S3'|'BITBUCKET'|'GITHUB_ENTERPRISE'|'NO_SOURCE',
'location': 'string',
'gitCloneDepth': 123,
'gitSubmodulesConfig': {
'fetchSubmodules': True|False
},
'buildspec': 'string',
'auth': {
'type': 'OAUTH',
'resource': 'string'
},
'reportBuildStatus': True|False,
'buildStatusConfig': {
'context': 'string',
'targetUrl': 'string'
},
'insecureSsl': True|False,
'sourceIdentifier': 'string'
},
],
'secondarySourceVersions': [
{
'sourceIdentifier': 'string',
'sourceVersion': 'string'
},
],
'artifacts': {
'location': 'string',
'sha256sum': 'string',
'md5sum': 'string',
'overrideArtifactName': True|False,
'encryptionDisabled': True|False,
'artifactIdentifier': 'string',
'bucketOwnerAccess': 'NONE'|'READ_ONLY'|'FULL'
},
'secondaryArtifacts': [
{
'location': 'string',
'sha256sum': 'string',
'md5sum': 'string',
'overrideArtifactName': True|False,
'encryptionDisabled': True|False,
'artifactIdentifier': 'string',
'bucketOwnerAccess': 'NONE'|'READ_ONLY'|'FULL'
},
],
'cache': {
'type': 'NO_CACHE'|'S3'|'LOCAL',
'location': 'string',
'modes': [
'LOCAL_DOCKER_LAYER_CACHE'|'LOCAL_SOURCE_CACHE'|'LOCAL_CUSTOM_CACHE',
]
},
'environment': {
'type': 'WINDOWS_CONTAINER'|'LINUX_CONTAINER'|'LINUX_GPU_CONTAINER'|'ARM_CONTAINER'|'WINDOWS_SERVER_2019_CONTAINER',
'image': 'string',
'computeType': 'BUILD_GENERAL1_SMALL'|'BUILD_GENERAL1_MEDIUM'|'BUILD_GENERAL1_LARGE'|'BUILD_GENERAL1_2XLARGE',
'environmentVariables': [
{
'name': 'string',
'value': 'string',
'type': 'PLAINTEXT'|'PARAMETER_STORE'|'SECRETS_MANAGER'
},
],
'privilegedMode': True|False,
'certificate': 'string',
'registryCredential': {
'credential': 'string',
'credentialProvider': 'SECRETS_MANAGER'
},
'imagePullCredentialsType': 'CODEBUILD'|'SERVICE_ROLE'
},
'serviceRole': 'string',
'logConfig': {
'cloudWatchLogs': {
'status': 'ENABLED'|'DISABLED',
'groupName': 'string',
'streamName': 'string'
},
's3Logs': {
'status': 'ENABLED'|'DISABLED',
'location': 'string',
'encryptionDisabled': True|False,
'bucketOwnerAccess': 'NONE'|'READ_ONLY'|'FULL'
}
},
'buildTimeoutInMinutes': 123,
'queuedTimeoutInMinutes': 123,
'complete': True|False,
'initiator': 'string',
'vpcConfig': {
'vpcId': 'string',
'subnets': [
'string',
],
'securityGroupIds': [
'string',
]
},
'encryptionKey': 'string',
'buildBatchNumber': 123,
'fileSystemLocations': [
{
'type': 'EFS',
'location': 'string',
'mountPoint': 'string',
'identifier': 'string',
'mountOptions': 'string'
},
],
'buildBatchConfig': {
'serviceRole': 'string',
'combineArtifacts': True|False,
'restrictions': {
'maximumBuildsAllowed': 123,
'computeTypesAllowed': [
'string',
]
},
'timeoutInMins': 123,
'batchReportMode': 'REPORT_INDIVIDUAL_BUILDS'|'REPORT_AGGREGATED_BATCH'
},
'buildGroups': [
{
'identifier': 'string',
'dependsOn': [
'string',
],
'ignoreFailure': True|False,
'currentBuildSummary': {
'arn': 'string',
'requestedOn': datetime(2015, 1, 1),
'buildStatus': 'SUCCEEDED'|'FAILED'|'FAULT'|'TIMED_OUT'|'IN_PROGRESS'|'STOPPED',
'primaryArtifact': {
'type': 'CODEPIPELINE'|'S3'|'NO_ARTIFACTS',
'location': 'string',
'identifier': 'string'
},
'secondaryArtifacts': [
{
'type': 'CODEPIPELINE'|'S3'|'NO_ARTIFACTS',
'location': 'string',
'identifier': 'string'
},
]
},
'priorBuildSummaryList': [
{
'arn': 'string',
'requestedOn': datetime(2015, 1, 1),
'buildStatus': 'SUCCEEDED'|'FAILED'|'FAULT'|'TIMED_OUT'|'IN_PROGRESS'|'STOPPED',
'primaryArtifact': {
'type': 'CODEPIPELINE'|'S3'|'NO_ARTIFACTS',
'location': 'string',
'identifier': 'string'
},
'secondaryArtifacts': [
{
'type': 'CODEPIPELINE'|'S3'|'NO_ARTIFACTS',
'location': 'string',
'identifier': 'string'
},
]
},
]
},
],
'debugSessionEnabled': True|False
}
}
Response Structure
(dict) --
buildBatch (dict) --
Contains information about a batch build.
id (string) --
The identifier of the batch build.
arn (string) --
The ARN of the batch build.
startTime (datetime) --
The date and time that the batch build started.
endTime (datetime) --
The date and time that the batch build ended.
currentPhase (string) --
The current phase of the batch build.
buildBatchStatus (string) --
The status of the batch build.
sourceVersion (string) --
The identifier of the version of the source code to be built.
resolvedSourceVersion (string) --
The identifier of the resolved version of this batch build's source code.
projectName (string) --
The name of the batch build project.
phases (list) --
An array of BuildBatchPhase objects the specify the phases of the batch build.
(dict) --
Contains information about a stage for a batch build.
phaseType (string) --
The name of the batch build phase. Valid values include:
COMBINE_ARTIFACTS
Build output artifacts are being combined and uploaded to the output location.
DOWNLOAD_BATCHSPEC
The batch build specification is being downloaded.
FAILED
One or more of the builds failed.
IN_PROGRESS
The batch build is in progress.
STOPPED
The batch build was stopped.
SUBMITTED
The btach build has been submitted.
SUCCEEDED
The batch build succeeded.
phaseStatus (string) --
The current status of the batch build phase. Valid values include:
FAILED
The build phase failed.
FAULT
The build phase faulted.
IN_PROGRESS
The build phase is still in progress.
STOPPED
The build phase stopped.
SUCCEEDED
The build phase succeeded.
TIMED_OUT
The build phase timed out.
startTime (datetime) --
When the batch build phase started, expressed in Unix time format.
endTime (datetime) --
When the batch build phase ended, expressed in Unix time format.
durationInSeconds (integer) --
How long, in seconds, between the starting and ending times of the batch build's phase.
contexts (list) --
Additional information about the batch build phase. Especially to help troubleshoot a failed batch build.
(dict) --
Additional information about a build phase that has an error. You can use this information for troubleshooting.
statusCode (string) --
The status code for the context of the build phase.
message (string) --
An explanation of the build phase's context. This might include a command ID and an exit code.
source (dict) --
Information about the build input source code for the build project.
type (string) --
The type of repository that contains the source code to be built. Valid values include:
location (string) --
Information about the location of the source code to be built. Valid values include:
If you specify CODEPIPELINE for the Type property, don't specify this property. For all of the other types, you must specify Location .
gitCloneDepth (integer) --
Information about the Git clone depth for the build project.
gitSubmodulesConfig (dict) --
Information about the Git submodules configuration for the build project.
fetchSubmodules (boolean) --
Set to true to fetch Git submodules for your CodeBuild build project.
buildspec (string) --
The buildspec file declaration to use for the builds in this build project.
If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in CODEBUILD_SRC_DIR environment variable, or the path to an S3 bucket. The bucket must be in the same Amazon Web Services Region as the build project. Specify the buildspec file using its ARN (for example, arn:aws:s3:::my-codebuild-sample2/buildspec.yml ). If this value is not provided or is set to an empty string, the source code must contain a buildspec file in its root directory. For more information, see Buildspec File Name and Storage Location .
auth (dict) --
Information about the authorization settings for CodeBuild to access the source code to be built.
This information is for the CodeBuild console's use only. Your code should not get or set this information directly.
type (string) --
Note
This data type is deprecated and is no longer accurate or used.
The authorization type to use. The only valid value is OAUTH , which represents the OAuth authorization type.
resource (string) --
The resource value that applies to the specified authorization type.
reportBuildStatus (boolean) --
Set to true to report the status of a build's start and finish to your source provider. This option is valid only when your source provider is GitHub, GitHub Enterprise, or Bitbucket. If this is set and you use a different source provider, an invalidInputException is thrown.
To be able to report the build status to the source provider, the user associated with the source provider must have write access to the repo. If the user does not have write access, the build status cannot be updated. For more information, see Source provider access in the CodeBuild User Guide .
The status of a build triggered by a webhook is always reported to your source provider.
If your project's builds are triggered by a webhook, you must push a new commit to the repo for a change to this property to take effect.
buildStatusConfig (dict) --
Contains information that defines how the build project reports the build status to the source provider. This option is only used when the source provider is GITHUB , GITHUB_ENTERPRISE , or BITBUCKET .
context (string) --
Specifies the context of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the name parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the context parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
targetUrl (string) --
Specifies the target url of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the url parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the target_url parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
insecureSsl (boolean) --
Enable this flag to ignore SSL warnings while connecting to the project source code.
sourceIdentifier (string) --
An identifier for this project source. The identifier can only contain alphanumeric characters and underscores, and must be less than 128 characters in length.
secondarySources (list) --
An array of ProjectSource objects that define the sources for the batch build.
(dict) --
Information about the build input source code for the build project.
type (string) --
The type of repository that contains the source code to be built. Valid values include:
location (string) --
Information about the location of the source code to be built. Valid values include:
If you specify CODEPIPELINE for the Type property, don't specify this property. For all of the other types, you must specify Location .
gitCloneDepth (integer) --
Information about the Git clone depth for the build project.
gitSubmodulesConfig (dict) --
Information about the Git submodules configuration for the build project.
fetchSubmodules (boolean) --
Set to true to fetch Git submodules for your CodeBuild build project.
buildspec (string) --
The buildspec file declaration to use for the builds in this build project.
If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in CODEBUILD_SRC_DIR environment variable, or the path to an S3 bucket. The bucket must be in the same Amazon Web Services Region as the build project. Specify the buildspec file using its ARN (for example, arn:aws:s3:::my-codebuild-sample2/buildspec.yml ). If this value is not provided or is set to an empty string, the source code must contain a buildspec file in its root directory. For more information, see Buildspec File Name and Storage Location .
auth (dict) --
Information about the authorization settings for CodeBuild to access the source code to be built.
This information is for the CodeBuild console's use only. Your code should not get or set this information directly.
type (string) --
Note
This data type is deprecated and is no longer accurate or used.
The authorization type to use. The only valid value is OAUTH , which represents the OAuth authorization type.
resource (string) --
The resource value that applies to the specified authorization type.
reportBuildStatus (boolean) --
Set to true to report the status of a build's start and finish to your source provider. This option is valid only when your source provider is GitHub, GitHub Enterprise, or Bitbucket. If this is set and you use a different source provider, an invalidInputException is thrown.
To be able to report the build status to the source provider, the user associated with the source provider must have write access to the repo. If the user does not have write access, the build status cannot be updated. For more information, see Source provider access in the CodeBuild User Guide .
The status of a build triggered by a webhook is always reported to your source provider.
If your project's builds are triggered by a webhook, you must push a new commit to the repo for a change to this property to take effect.
buildStatusConfig (dict) --
Contains information that defines how the build project reports the build status to the source provider. This option is only used when the source provider is GITHUB , GITHUB_ENTERPRISE , or BITBUCKET .
context (string) --
Specifies the context of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the name parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the context parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
targetUrl (string) --
Specifies the target url of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the url parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the target_url parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
insecureSsl (boolean) --
Enable this flag to ignore SSL warnings while connecting to the project source code.
sourceIdentifier (string) --
An identifier for this project source. The identifier can only contain alphanumeric characters and underscores, and must be less than 128 characters in length.
secondarySourceVersions (list) --
An array of ProjectSourceVersion objects. Each ProjectSourceVersion must be one of:
(dict) --
A source identifier and its corresponding version.
sourceIdentifier (string) --
An identifier for a source in the build project. The identifier can only contain alphanumeric characters and underscores, and must be less than 128 characters in length.
sourceVersion (string) --
The source version for the corresponding source identifier. If specified, must be one of:
For more information, see Source Version Sample with CodeBuild in the CodeBuild User Guide .
artifacts (dict) --
A BuildArtifacts object the defines the build artifacts for this batch build.
location (string) --
Information about the location of the build artifacts.
sha256sum (string) --
The SHA-256 hash of the build artifact.
You can use this hash along with a checksum tool to confirm file integrity and authenticity.
Note
This value is available only if the build project's packaging value is set to ZIP .
md5sum (string) --
The MD5 hash of the build artifact.
You can use this hash along with a checksum tool to confirm file integrity and authenticity.
Note
This value is available only if the build project's packaging value is set to ZIP .
overrideArtifactName (boolean) --
If this flag is set, a name specified in the buildspec file overrides the artifact name. The name specified in a buildspec file is calculated at build time and uses the Shell Command Language. For example, you can append a date and time to your artifact name so that it is always unique.
encryptionDisabled (boolean) --
Information that tells you if encryption for build artifacts is disabled.
artifactIdentifier (string) --
An identifier for this artifact definition.
bucketOwnerAccess (string) --
Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects.
Note
To use this property, your CodeBuild service role must have the s3:PutBucketAcl permission. This permission allows CodeBuild to modify the access control list for the bucket.
This property can be one of the following values:
NONE
The bucket owner does not have access to the objects. This is the default.
READ_ONLY
The bucket owner has read-only access to the objects. The uploading account retains ownership of the objects.
FULL
The bucket owner has full access to the objects. Object ownership is determined by the following criteria:
For more information about Amazon S3 object ownership, see Controlling ownership of uploaded objects using S3 Object Ownership in the Amazon Simple Storage Service User Guide .
secondaryArtifacts (list) --
An array of BuildArtifacts objects the define the build artifacts for this batch build.
(dict) --
Information about build output artifacts.
location (string) --
Information about the location of the build artifacts.
sha256sum (string) --
The SHA-256 hash of the build artifact.
You can use this hash along with a checksum tool to confirm file integrity and authenticity.
Note
This value is available only if the build project's packaging value is set to ZIP .
md5sum (string) --
The MD5 hash of the build artifact.
You can use this hash along with a checksum tool to confirm file integrity and authenticity.
Note
This value is available only if the build project's packaging value is set to ZIP .
overrideArtifactName (boolean) --
If this flag is set, a name specified in the buildspec file overrides the artifact name. The name specified in a buildspec file is calculated at build time and uses the Shell Command Language. For example, you can append a date and time to your artifact name so that it is always unique.
encryptionDisabled (boolean) --
Information that tells you if encryption for build artifacts is disabled.
artifactIdentifier (string) --
An identifier for this artifact definition.
bucketOwnerAccess (string) --
Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects.
Note
To use this property, your CodeBuild service role must have the s3:PutBucketAcl permission. This permission allows CodeBuild to modify the access control list for the bucket.
This property can be one of the following values:
NONE
The bucket owner does not have access to the objects. This is the default.
READ_ONLY
The bucket owner has read-only access to the objects. The uploading account retains ownership of the objects.
FULL
The bucket owner has full access to the objects. Object ownership is determined by the following criteria:
For more information about Amazon S3 object ownership, see Controlling ownership of uploaded objects using S3 Object Ownership in the Amazon Simple Storage Service User Guide .
cache (dict) --
Information about the cache for the build project.
type (string) --
The type of cache used by the build project. Valid values include:
location (string) --
Information about the cache location:
modes (list) --
An array of strings that specify the local cache modes. You can use one or more local cache modes at the same time. This is only used for LOCAL cache types.
Possible values are:
LOCAL_SOURCE_CACHE
Caches Git metadata for primary and secondary sources. After the cache is created, subsequent builds pull only the change between commits. This mode is a good choice for projects with a clean working directory and a source that is a large Git repository. If you choose this option and your project does not use a Git repository (GitHub, GitHub Enterprise, or Bitbucket), the option is ignored.
LOCAL_DOCKER_LAYER_CACHE
Caches existing Docker layers. This mode is a good choice for projects that build or pull large Docker images. It can prevent the performance issues caused by pulling large Docker images down from the network.
Note
LOCAL_CUSTOM_CACHE
Caches directories you specify in the buildspec file. This mode is a good choice if your build scenario is not suited to one of the other three local cache modes. If you use a custom cache:
environment (dict) --
Information about the build environment of the build project.
type (string) --
The type of build environment to use for related builds.
For more information, see Build environment compute types in the CodeBuild user guide .
image (string) --
The image tag or image digest that identifies the Docker image to use for this build project. Use the following formats:
For more information, see Docker images provided by CodeBuild in the CodeBuild user guide .
computeType (string) --
Information about the compute resources the build project uses. Available values include:
If you use BUILD_GENERAL1_LARGE :
For more information, see Build Environment Compute Types in the CodeBuild User Guide.
environmentVariables (list) --
A set of environment variables to make available to builds for this build project.
(dict) --
Information about an environment variable for a build project or a build.
name (string) --
The name or key of the environment variable.
value (string) --
The value of the environment variable.
Warning
We strongly discourage the use of PLAINTEXT environment variables to store sensitive values, especially Amazon Web Services secret key IDs and secret access keys. PLAINTEXT environment variables can be displayed in plain text using the CodeBuild console and the CLI. For sensitive values, we recommend you use an environment variable of type PARAMETER_STORE or SECRETS_MANAGER .
type (string) --
The type of environment variable. Valid values include:
privilegedMode (boolean) --
Enables running the Docker daemon inside a Docker container. Set to true only if the build project is used to build Docker images. Otherwise, a build that attempts to interact with the Docker daemon fails. The default setting is false .
You can initialize the Docker daemon during the install phase of your build by adding one of the following sets of commands to the install phase of your buildspec file:
If the operating system's base image is Ubuntu Linux:
- nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 --storage-driver=overlay&
- timeout 15 sh -c "until docker info; do echo .; sleep 1; done"
If the operating system's base image is Alpine Linux and the previous command does not work, add the -t argument to timeout :
- nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 --storage-driver=overlay&
- timeout -t 15 sh -c "until docker info; do echo .; sleep 1; done"
certificate (string) --
The ARN of the Amazon S3 bucket, path prefix, and object key that contains the PEM-encoded certificate for the build project. For more information, see certificate in the CodeBuild User Guide .
registryCredential (dict) --
The credentials for access to a private registry.
credential (string) --
The Amazon Resource Name (ARN) or name of credentials created using Secrets Manager.
Note
The credential can use the name of the credentials only if they exist in your current Amazon Web Services Region.
credentialProvider (string) --
The service that created the credentials to access a private Docker registry. The valid value, SECRETS_MANAGER, is for Secrets Manager.
imagePullCredentialsType (string) --
The type of credentials CodeBuild uses to pull images in your build. There are two valid values:
When you use a cross-account or private registry image, you must use SERVICE_ROLE credentials. When you use an CodeBuild curated image, you must use CODEBUILD credentials.
serviceRole (string) --
The name of a service role used for builds in the batch.
logConfig (dict) --
Information about logs for a build project. These can be logs in CloudWatch Logs, built in a specified S3 bucket, or both.
cloudWatchLogs (dict) --
Information about CloudWatch Logs for a build project. CloudWatch Logs are enabled by default.
status (string) --
The current status of the logs in CloudWatch Logs for a build project. Valid values are:
groupName (string) --
The group name of the logs in CloudWatch Logs. For more information, see Working with Log Groups and Log Streams .
streamName (string) --
The prefix of the stream name of the CloudWatch Logs. For more information, see Working with Log Groups and Log Streams .
s3Logs (dict) --
Information about logs built to an S3 bucket for a build project. S3 logs are not enabled by default.
status (string) --
The current status of the S3 build logs. Valid values are:
location (string) --
The ARN of an S3 bucket and the path prefix for S3 logs. If your Amazon S3 bucket name is my-bucket , and your path prefix is build-log , then acceptable formats are my-bucket/build-log or arn:aws:s3:::my-bucket/build-log .
encryptionDisabled (boolean) --
Set to true if you do not want your S3 build log output encrypted. By default S3 build logs are encrypted.
bucketOwnerAccess (string) --
Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects.
Note
To use this property, your CodeBuild service role must have the s3:PutBucketAcl permission. This permission allows CodeBuild to modify the access control list for the bucket.
This property can be one of the following values:
NONE
The bucket owner does not have access to the objects. This is the default.
READ_ONLY
The bucket owner has read-only access to the objects. The uploading account retains ownership of the objects.
FULL
The bucket owner has full access to the objects. Object ownership is determined by the following criteria:
For more information about Amazon S3 object ownership, see Controlling ownership of uploaded objects using S3 Object Ownership in the Amazon Simple Storage Service User Guide .
buildTimeoutInMinutes (integer) --
Specifies the maximum amount of time, in minutes, that the build in a batch must be completed in.
queuedTimeoutInMinutes (integer) --
Specifies the amount of time, in minutes, that the batch build is allowed to be queued before it times out.
complete (boolean) --
Indicates if the batch build is complete.
initiator (string) --
The entity that started the batch build. Valid values include:
vpcConfig (dict) --
Information about the VPC configuration that CodeBuild accesses.
vpcId (string) --
The ID of the Amazon VPC.
subnets (list) --
A list of one or more subnet IDs in your Amazon VPC.
securityGroupIds (list) --
A list of one or more security groups IDs in your Amazon VPC.
encryptionKey (string) --
The Key Management Service customer master key (CMK) to be used for encrypting the batch build output artifacts.
Note
You can use a cross-account KMS key to encrypt the build output artifacts if your service role has permission to that key.
You can specify either the Amazon Resource Name (ARN) of the CMK or, if available, the CMK's alias (using the format alias/<alias-name> ).
buildBatchNumber (integer) --
The number of the batch build. For each project, the buildBatchNumber of its first batch build is 1 . The buildBatchNumber of each subsequent batch build is incremented by 1 . If a batch build is deleted, the buildBatchNumber of other batch builds does not change.
fileSystemLocations (list) --
An array of ProjectFileSystemLocation objects for the batch build project. A ProjectFileSystemLocation object specifies the identifier , location , mountOptions , mountPoint , and type of a file system created using Amazon Elastic File System.
(dict) --
Information about a file system created by Amazon Elastic File System (EFS). For more information, see What Is Amazon Elastic File System?
type (string) --
The type of the file system. The one supported type is EFS .
location (string) --
A string that specifies the location of the file system created by Amazon EFS. Its format is efs-dns-name:/directory-path . You can find the DNS name of file system when you view it in the Amazon EFS console. The directory path is a path to a directory in the file system that CodeBuild mounts. For example, if the DNS name of a file system is fs-abcd1234.efs.us-west-2.amazonaws.com , and its mount directory is my-efs-mount-directory , then the location is fs-abcd1234.efs.us-west-2.amazonaws.com:/my-efs-mount-directory .
The directory path in the format efs-dns-name:/directory-path is optional. If you do not specify a directory path, the location is only the DNS name and CodeBuild mounts the entire file system.
mountPoint (string) --
The location in the container where you mount the file system.
identifier (string) --
The name used to access a file system created by Amazon EFS. CodeBuild creates an environment variable by appending the identifier in all capital letters to CODEBUILD_ . For example, if you specify my_efs for identifier , a new environment variable is create named CODEBUILD_MY_EFS .
The identifier is used to mount your file system.
mountOptions (string) --
The mount options for a file system created by Amazon EFS. The default mount options used by CodeBuild are nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 . For more information, see Recommended NFS Mount Options .
buildBatchConfig (dict) --
Contains configuration information about a batch build project.
serviceRole (string) --
Specifies the service role ARN for the batch build project.
combineArtifacts (boolean) --
Specifies if the build artifacts for the batch build should be combined into a single artifact location.
restrictions (dict) --
A BatchRestrictions object that specifies the restrictions for the batch build.
maximumBuildsAllowed (integer) --
Specifies the maximum number of builds allowed.
computeTypesAllowed (list) --
An array of strings that specify the compute types that are allowed for the batch build. See Build environment compute types in the CodeBuild User Guide for these values.
timeoutInMins (integer) --
Specifies the maximum amount of time, in minutes, that the batch build must be completed in.
batchReportMode (string) --
Specifies how build status reports are sent to the source provider for the batch build. This property is only used when the source provider for your project is Bitbucket, GitHub, or GitHub Enterprise, and your project is configured to report build statuses to the source provider.
REPORT_AGGREGATED_BATCH
(Default) Aggregate all of the build statuses into a single status report.
REPORT_INDIVIDUAL_BUILDS
Send a separate status report for each individual build.
buildGroups (list) --
An array of BuildGroup objects that define the build groups for the batch build.
(dict) --
Contains information about a batch build build group. Build groups are used to combine builds that can run in parallel, while still being able to set dependencies on other build groups.
identifier (string) --
Contains the identifier of the build group.
dependsOn (list) --
An array of strings that contain the identifiers of the build groups that this build group depends on.
ignoreFailure (boolean) --
Specifies if failures in this build group can be ignored.
currentBuildSummary (dict) --
A BuildSummary object that contains a summary of the current build group.
arn (string) --
The batch build ARN.
requestedOn (datetime) --
When the build was started, expressed in Unix time format.
buildStatus (string) --
The status of the build group.
FAILED
The build group failed.
FAULT
The build group faulted.
IN_PROGRESS
The build group is still in progress.
STOPPED
The build group stopped.
SUCCEEDED
The build group succeeded.
TIMED_OUT
The build group timed out.
primaryArtifact (dict) --
A ResolvedArtifact object that represents the primary build artifacts for the build group.
type (string) --
Specifies the type of artifact.
location (string) --
The location of the artifact.
identifier (string) --
The identifier of the artifact.
secondaryArtifacts (list) --
An array of ResolvedArtifact objects that represents the secondary build artifacts for the build group.
(dict) --
Represents a resolved build artifact. A resolved artifact is an artifact that is built and deployed to the destination, such as Amazon S3.
type (string) --
Specifies the type of artifact.
location (string) --
The location of the artifact.
identifier (string) --
The identifier of the artifact.
priorBuildSummaryList (list) --
An array of BuildSummary objects that contain summaries of previous build groups.
(dict) --
Contains summary information about a batch build group.
arn (string) --
The batch build ARN.
requestedOn (datetime) --
When the build was started, expressed in Unix time format.
buildStatus (string) --
The status of the build group.
FAILED
The build group failed.
FAULT
The build group faulted.
IN_PROGRESS
The build group is still in progress.
STOPPED
The build group stopped.
SUCCEEDED
The build group succeeded.
TIMED_OUT
The build group timed out.
primaryArtifact (dict) --
A ResolvedArtifact object that represents the primary build artifacts for the build group.
type (string) --
Specifies the type of artifact.
location (string) --
The location of the artifact.
identifier (string) --
The identifier of the artifact.
secondaryArtifacts (list) --
An array of ResolvedArtifact objects that represents the secondary build artifacts for the build group.
(dict) --
Represents a resolved build artifact. A resolved artifact is an artifact that is built and deployed to the destination, such as Amazon S3.
type (string) --
Specifies the type of artifact.
location (string) --
The location of the artifact.
identifier (string) --
The identifier of the artifact.
debugSessionEnabled (boolean) --
Specifies if session debugging is enabled for this batch build. For more information, see Viewing a running build in Session Manager . Batch session debugging is not supported for matrix batch builds.
Exceptions
Starts running a build.
See also: AWS API Documentation
Request Syntax
response = client.start_build(
projectName='string',
secondarySourcesOverride=[
{
'type': 'CODECOMMIT'|'CODEPIPELINE'|'GITHUB'|'S3'|'BITBUCKET'|'GITHUB_ENTERPRISE'|'NO_SOURCE',
'location': 'string',
'gitCloneDepth': 123,
'gitSubmodulesConfig': {
'fetchSubmodules': True|False
},
'buildspec': 'string',
'auth': {
'type': 'OAUTH',
'resource': 'string'
},
'reportBuildStatus': True|False,
'buildStatusConfig': {
'context': 'string',
'targetUrl': 'string'
},
'insecureSsl': True|False,
'sourceIdentifier': 'string'
},
],
secondarySourcesVersionOverride=[
{
'sourceIdentifier': 'string',
'sourceVersion': 'string'
},
],
sourceVersion='string',
artifactsOverride={
'type': 'CODEPIPELINE'|'S3'|'NO_ARTIFACTS',
'location': 'string',
'path': 'string',
'namespaceType': 'NONE'|'BUILD_ID',
'name': 'string',
'packaging': 'NONE'|'ZIP',
'overrideArtifactName': True|False,
'encryptionDisabled': True|False,
'artifactIdentifier': 'string',
'bucketOwnerAccess': 'NONE'|'READ_ONLY'|'FULL'
},
secondaryArtifactsOverride=[
{
'type': 'CODEPIPELINE'|'S3'|'NO_ARTIFACTS',
'location': 'string',
'path': 'string',
'namespaceType': 'NONE'|'BUILD_ID',
'name': 'string',
'packaging': 'NONE'|'ZIP',
'overrideArtifactName': True|False,
'encryptionDisabled': True|False,
'artifactIdentifier': 'string',
'bucketOwnerAccess': 'NONE'|'READ_ONLY'|'FULL'
},
],
environmentVariablesOverride=[
{
'name': 'string',
'value': 'string',
'type': 'PLAINTEXT'|'PARAMETER_STORE'|'SECRETS_MANAGER'
},
],
sourceTypeOverride='CODECOMMIT'|'CODEPIPELINE'|'GITHUB'|'S3'|'BITBUCKET'|'GITHUB_ENTERPRISE'|'NO_SOURCE',
sourceLocationOverride='string',
sourceAuthOverride={
'type': 'OAUTH',
'resource': 'string'
},
gitCloneDepthOverride=123,
gitSubmodulesConfigOverride={
'fetchSubmodules': True|False
},
buildspecOverride='string',
insecureSslOverride=True|False,
reportBuildStatusOverride=True|False,
buildStatusConfigOverride={
'context': 'string',
'targetUrl': 'string'
},
environmentTypeOverride='WINDOWS_CONTAINER'|'LINUX_CONTAINER'|'LINUX_GPU_CONTAINER'|'ARM_CONTAINER'|'WINDOWS_SERVER_2019_CONTAINER',
imageOverride='string',
computeTypeOverride='BUILD_GENERAL1_SMALL'|'BUILD_GENERAL1_MEDIUM'|'BUILD_GENERAL1_LARGE'|'BUILD_GENERAL1_2XLARGE',
certificateOverride='string',
cacheOverride={
'type': 'NO_CACHE'|'S3'|'LOCAL',
'location': 'string',
'modes': [
'LOCAL_DOCKER_LAYER_CACHE'|'LOCAL_SOURCE_CACHE'|'LOCAL_CUSTOM_CACHE',
]
},
serviceRoleOverride='string',
privilegedModeOverride=True|False,
timeoutInMinutesOverride=123,
queuedTimeoutInMinutesOverride=123,
encryptionKeyOverride='string',
idempotencyToken='string',
logsConfigOverride={
'cloudWatchLogs': {
'status': 'ENABLED'|'DISABLED',
'groupName': 'string',
'streamName': 'string'
},
's3Logs': {
'status': 'ENABLED'|'DISABLED',
'location': 'string',
'encryptionDisabled': True|False,
'bucketOwnerAccess': 'NONE'|'READ_ONLY'|'FULL'
}
},
registryCredentialOverride={
'credential': 'string',
'credentialProvider': 'SECRETS_MANAGER'
},
imagePullCredentialsTypeOverride='CODEBUILD'|'SERVICE_ROLE',
debugSessionEnabled=True|False
)
[REQUIRED]
The name of the CodeBuild build project to start running a build.
An array of ProjectSource objects.
Information about the build input source code for the build project.
The type of repository that contains the source code to be built. Valid values include:
Information about the location of the source code to be built. Valid values include:
If you specify CODEPIPELINE for the Type property, don't specify this property. For all of the other types, you must specify Location .
Information about the Git clone depth for the build project.
Information about the Git submodules configuration for the build project.
Set to true to fetch Git submodules for your CodeBuild build project.
The buildspec file declaration to use for the builds in this build project.
If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in CODEBUILD_SRC_DIR environment variable, or the path to an S3 bucket. The bucket must be in the same Amazon Web Services Region as the build project. Specify the buildspec file using its ARN (for example, arn:aws:s3:::my-codebuild-sample2/buildspec.yml ). If this value is not provided or is set to an empty string, the source code must contain a buildspec file in its root directory. For more information, see Buildspec File Name and Storage Location .
Information about the authorization settings for CodeBuild to access the source code to be built.
This information is for the CodeBuild console's use only. Your code should not get or set this information directly.
Note
This data type is deprecated and is no longer accurate or used.
The authorization type to use. The only valid value is OAUTH , which represents the OAuth authorization type.
The resource value that applies to the specified authorization type.
Set to true to report the status of a build's start and finish to your source provider. This option is valid only when your source provider is GitHub, GitHub Enterprise, or Bitbucket. If this is set and you use a different source provider, an invalidInputException is thrown.
To be able to report the build status to the source provider, the user associated with the source provider must have write access to the repo. If the user does not have write access, the build status cannot be updated. For more information, see Source provider access in the CodeBuild User Guide .
The status of a build triggered by a webhook is always reported to your source provider.
If your project's builds are triggered by a webhook, you must push a new commit to the repo for a change to this property to take effect.
Contains information that defines how the build project reports the build status to the source provider. This option is only used when the source provider is GITHUB , GITHUB_ENTERPRISE , or BITBUCKET .
Specifies the context of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the name parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the context parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
Specifies the target url of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the url parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the target_url parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
Enable this flag to ignore SSL warnings while connecting to the project source code.
An identifier for this project source. The identifier can only contain alphanumeric characters and underscores, and must be less than 128 characters in length.
An array of ProjectSourceVersion objects that specify one or more versions of the project's secondary sources to be used for this build only.
A source identifier and its corresponding version.
An identifier for a source in the build project. The identifier can only contain alphanumeric characters and underscores, and must be less than 128 characters in length.
The source version for the corresponding source identifier. If specified, must be one of:
For more information, see Source Version Sample with CodeBuild in the CodeBuild User Guide .
The version of the build input to be built, for this build only. If not specified, the latest version is used. If specified, the contents depends on the source provider:
CodeCommit
The commit ID, branch, or Git tag to use.
GitHub
The commit ID, pull request ID, branch name, or tag name that corresponds to the version of the source code you want to build. If a pull request ID is specified, it must use the format pr/pull-request-ID (for example pr/25 ). If a branch name is specified, the branch's HEAD commit ID is used. If not specified, the default branch's HEAD commit ID is used.
Bitbucket
The commit ID, branch name, or tag name that corresponds to the version of the source code you want to build. If a branch name is specified, the branch's HEAD commit ID is used. If not specified, the default branch's HEAD commit ID is used.
Amazon S3
The version ID of the object that represents the build input ZIP file to use.
If sourceVersion is specified at the project level, then this sourceVersion (at the build level) takes precedence.
For more information, see Source Version Sample with CodeBuild in the CodeBuild User Guide .
Build output artifact settings that override, for this build only, the latest ones already defined in the build project.
The type of build output artifact. Valid values include:
Note
The CODEPIPELINE type is not supported for secondaryArtifacts .
Information about the build output artifact location:
Along with namespaceType and name , the pattern that CodeBuild uses to name and store the output artifact:
For example, if path is set to MyArtifacts , namespaceType is set to NONE , and name is set to MyArtifact.zip , the output artifact is stored in the output bucket at MyArtifacts/MyArtifact.zip .
Along with path and name , the pattern that CodeBuild uses to determine the name and location to store the output artifact:
For example, if path is set to MyArtifacts , namespaceType is set to BUILD_ID , and name is set to MyArtifact.zip , the output artifact is stored in MyArtifacts/<build-ID>/MyArtifact.zip .
Along with path and namespaceType , the pattern that CodeBuild uses to name and store the output artifact:
For example:
The type of build output artifact to create:
If this flag is set, a name specified in the buildspec file overrides the artifact name. The name specified in a buildspec file is calculated at build time and uses the Shell Command Language. For example, you can append a date and time to your artifact name so that it is always unique.
Set to true if you do not want your output artifacts encrypted. This option is valid only if your artifacts type is Amazon S3. If this is set with another artifacts type, an invalidInputException is thrown.
An identifier for this artifact definition.
Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects.
Note
To use this property, your CodeBuild service role must have the s3:PutBucketAcl permission. This permission allows CodeBuild to modify the access control list for the bucket.
This property can be one of the following values:
NONE
The bucket owner does not have access to the objects. This is the default.
READ_ONLY
The bucket owner has read-only access to the objects. The uploading account retains ownership of the objects.
FULL
The bucket owner has full access to the objects. Object ownership is determined by the following criteria:
For more information about Amazon S3 object ownership, see Controlling ownership of uploaded objects using S3 Object Ownership in the Amazon Simple Storage Service User Guide .
An array of ProjectArtifacts objects.
Information about the build output artifacts for the build project.
The type of build output artifact. Valid values include:
Note
The CODEPIPELINE type is not supported for secondaryArtifacts .
Information about the build output artifact location:
Along with namespaceType and name , the pattern that CodeBuild uses to name and store the output artifact:
For example, if path is set to MyArtifacts , namespaceType is set to NONE , and name is set to MyArtifact.zip , the output artifact is stored in the output bucket at MyArtifacts/MyArtifact.zip .
Along with path and name , the pattern that CodeBuild uses to determine the name and location to store the output artifact:
For example, if path is set to MyArtifacts , namespaceType is set to BUILD_ID , and name is set to MyArtifact.zip , the output artifact is stored in MyArtifacts/<build-ID>/MyArtifact.zip .
Along with path and namespaceType , the pattern that CodeBuild uses to name and store the output artifact:
For example:
The type of build output artifact to create:
If this flag is set, a name specified in the buildspec file overrides the artifact name. The name specified in a buildspec file is calculated at build time and uses the Shell Command Language. For example, you can append a date and time to your artifact name so that it is always unique.
Set to true if you do not want your output artifacts encrypted. This option is valid only if your artifacts type is Amazon S3. If this is set with another artifacts type, an invalidInputException is thrown.
An identifier for this artifact definition.
Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects.
Note
To use this property, your CodeBuild service role must have the s3:PutBucketAcl permission. This permission allows CodeBuild to modify the access control list for the bucket.
This property can be one of the following values:
NONE
The bucket owner does not have access to the objects. This is the default.
READ_ONLY
The bucket owner has read-only access to the objects. The uploading account retains ownership of the objects.
FULL
The bucket owner has full access to the objects. Object ownership is determined by the following criteria:
For more information about Amazon S3 object ownership, see Controlling ownership of uploaded objects using S3 Object Ownership in the Amazon Simple Storage Service User Guide .
A set of environment variables that overrides, for this build only, the latest ones already defined in the build project.
Information about an environment variable for a build project or a build.
The name or key of the environment variable.
The value of the environment variable.
Warning
We strongly discourage the use of PLAINTEXT environment variables to store sensitive values, especially Amazon Web Services secret key IDs and secret access keys. PLAINTEXT environment variables can be displayed in plain text using the CodeBuild console and the CLI. For sensitive values, we recommend you use an environment variable of type PARAMETER_STORE or SECRETS_MANAGER .
The type of environment variable. Valid values include:
An authorization type for this build that overrides the one defined in the build project. This override applies only if the build project's source is BitBucket or GitHub.
Note
This data type is deprecated and is no longer accurate or used.
The authorization type to use. The only valid value is OAUTH , which represents the OAuth authorization type.
The resource value that applies to the specified authorization type.
Information about the Git submodules configuration for this build of an CodeBuild build project.
Set to true to fetch Git submodules for your CodeBuild build project.
A buildspec file declaration that overrides, for this build only, the latest one already defined in the build project.
If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in CODEBUILD_SRC_DIR environment variable, or the path to an S3 bucket. The bucket must be in the same Amazon Web Services Region as the build project. Specify the buildspec file using its ARN (for example, arn:aws:s3:::my-codebuild-sample2/buildspec.yml ). If this value is not provided or is set to an empty string, the source code must contain a buildspec file in its root directory. For more information, see Buildspec File Name and Storage Location .
Set to true to report to your source provider the status of a build's start and completion. If you use this option with a source provider other than GitHub, GitHub Enterprise, or Bitbucket, an invalidInputException is thrown.
To be able to report the build status to the source provider, the user associated with the source provider must have write access to the repo. If the user does not have write access, the build status cannot be updated. For more information, see Source provider access in the CodeBuild User Guide .
Note
The status of a build triggered by a webhook is always reported to your source provider.
Contains information that defines how the build project reports the build status to the source provider. This option is only used when the source provider is GITHUB , GITHUB_ENTERPRISE , or BITBUCKET .
Specifies the context of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the name parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the context parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
Specifies the target url of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the url parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the target_url parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
A ProjectCache object specified for this build that overrides the one defined in the build project.
The type of cache used by the build project. Valid values include:
Information about the cache location:
An array of strings that specify the local cache modes. You can use one or more local cache modes at the same time. This is only used for LOCAL cache types.
Possible values are:
LOCAL_SOURCE_CACHE
Caches Git metadata for primary and secondary sources. After the cache is created, subsequent builds pull only the change between commits. This mode is a good choice for projects with a clean working directory and a source that is a large Git repository. If you choose this option and your project does not use a Git repository (GitHub, GitHub Enterprise, or Bitbucket), the option is ignored.
LOCAL_DOCKER_LAYER_CACHE
Caches existing Docker layers. This mode is a good choice for projects that build or pull large Docker images. It can prevent the performance issues caused by pulling large Docker images down from the network.
Note
LOCAL_CUSTOM_CACHE
Caches directories you specify in the buildspec file. This mode is a good choice if your build scenario is not suited to one of the other three local cache modes. If you use a custom cache:
The Key Management Service customer master key (CMK) that overrides the one specified in the build project. The CMK key encrypts the build output artifacts.
Note
You can use a cross-account KMS key to encrypt the build output artifacts if your service role has permission to that key.
You can specify either the Amazon Resource Name (ARN) of the CMK or, if available, the CMK's alias (using the format alias/<alias-name> ).
Log settings for this build that override the log settings defined in the build project.
Information about CloudWatch Logs for a build project. CloudWatch Logs are enabled by default.
The current status of the logs in CloudWatch Logs for a build project. Valid values are:
The group name of the logs in CloudWatch Logs. For more information, see Working with Log Groups and Log Streams .
The prefix of the stream name of the CloudWatch Logs. For more information, see Working with Log Groups and Log Streams .
Information about logs built to an S3 bucket for a build project. S3 logs are not enabled by default.
The current status of the S3 build logs. Valid values are:
The ARN of an S3 bucket and the path prefix for S3 logs. If your Amazon S3 bucket name is my-bucket , and your path prefix is build-log , then acceptable formats are my-bucket/build-log or arn:aws:s3:::my-bucket/build-log .
Set to true if you do not want your S3 build log output encrypted. By default S3 build logs are encrypted.
Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects.
Note
To use this property, your CodeBuild service role must have the s3:PutBucketAcl permission. This permission allows CodeBuild to modify the access control list for the bucket.
This property can be one of the following values:
NONE
The bucket owner does not have access to the objects. This is the default.
READ_ONLY
The bucket owner has read-only access to the objects. The uploading account retains ownership of the objects.
FULL
The bucket owner has full access to the objects. Object ownership is determined by the following criteria:
For more information about Amazon S3 object ownership, see Controlling ownership of uploaded objects using S3 Object Ownership in the Amazon Simple Storage Service User Guide .
The credentials for access to a private registry.
The Amazon Resource Name (ARN) or name of credentials created using Secrets Manager.
Note
The credential can use the name of the credentials only if they exist in your current Amazon Web Services Region.
The service that created the credentials to access a private Docker registry. The valid value, SECRETS_MANAGER, is for Secrets Manager.
The type of credentials CodeBuild uses to pull images in your build. There are two valid values:
CODEBUILD
Specifies that CodeBuild uses its own credentials. This requires that you modify your ECR repository policy to trust CodeBuild's service principal.
SERVICE_ROLE
Specifies that CodeBuild uses your build project's service role.
When using a cross-account or private registry image, you must use SERVICE_ROLE credentials. When using an CodeBuild curated image, you must use CODEBUILD credentials.
dict
Response Syntax
{
'build': {
'id': 'string',
'arn': 'string',
'buildNumber': 123,
'startTime': datetime(2015, 1, 1),
'endTime': datetime(2015, 1, 1),
'currentPhase': 'string',
'buildStatus': 'SUCCEEDED'|'FAILED'|'FAULT'|'TIMED_OUT'|'IN_PROGRESS'|'STOPPED',
'sourceVersion': 'string',
'resolvedSourceVersion': 'string',
'projectName': 'string',
'phases': [
{
'phaseType': 'SUBMITTED'|'QUEUED'|'PROVISIONING'|'DOWNLOAD_SOURCE'|'INSTALL'|'PRE_BUILD'|'BUILD'|'POST_BUILD'|'UPLOAD_ARTIFACTS'|'FINALIZING'|'COMPLETED',
'phaseStatus': 'SUCCEEDED'|'FAILED'|'FAULT'|'TIMED_OUT'|'IN_PROGRESS'|'STOPPED',
'startTime': datetime(2015, 1, 1),
'endTime': datetime(2015, 1, 1),
'durationInSeconds': 123,
'contexts': [
{
'statusCode': 'string',
'message': 'string'
},
]
},
],
'source': {
'type': 'CODECOMMIT'|'CODEPIPELINE'|'GITHUB'|'S3'|'BITBUCKET'|'GITHUB_ENTERPRISE'|'NO_SOURCE',
'location': 'string',
'gitCloneDepth': 123,
'gitSubmodulesConfig': {
'fetchSubmodules': True|False
},
'buildspec': 'string',
'auth': {
'type': 'OAUTH',
'resource': 'string'
},
'reportBuildStatus': True|False,
'buildStatusConfig': {
'context': 'string',
'targetUrl': 'string'
},
'insecureSsl': True|False,
'sourceIdentifier': 'string'
},
'secondarySources': [
{
'type': 'CODECOMMIT'|'CODEPIPELINE'|'GITHUB'|'S3'|'BITBUCKET'|'GITHUB_ENTERPRISE'|'NO_SOURCE',
'location': 'string',
'gitCloneDepth': 123,
'gitSubmodulesConfig': {
'fetchSubmodules': True|False
},
'buildspec': 'string',
'auth': {
'type': 'OAUTH',
'resource': 'string'
},
'reportBuildStatus': True|False,
'buildStatusConfig': {
'context': 'string',
'targetUrl': 'string'
},
'insecureSsl': True|False,
'sourceIdentifier': 'string'
},
],
'secondarySourceVersions': [
{
'sourceIdentifier': 'string',
'sourceVersion': 'string'
},
],
'artifacts': {
'location': 'string',
'sha256sum': 'string',
'md5sum': 'string',
'overrideArtifactName': True|False,
'encryptionDisabled': True|False,
'artifactIdentifier': 'string',
'bucketOwnerAccess': 'NONE'|'READ_ONLY'|'FULL'
},
'secondaryArtifacts': [
{
'location': 'string',
'sha256sum': 'string',
'md5sum': 'string',
'overrideArtifactName': True|False,
'encryptionDisabled': True|False,
'artifactIdentifier': 'string',
'bucketOwnerAccess': 'NONE'|'READ_ONLY'|'FULL'
},
],
'cache': {
'type': 'NO_CACHE'|'S3'|'LOCAL',
'location': 'string',
'modes': [
'LOCAL_DOCKER_LAYER_CACHE'|'LOCAL_SOURCE_CACHE'|'LOCAL_CUSTOM_CACHE',
]
},
'environment': {
'type': 'WINDOWS_CONTAINER'|'LINUX_CONTAINER'|'LINUX_GPU_CONTAINER'|'ARM_CONTAINER'|'WINDOWS_SERVER_2019_CONTAINER',
'image': 'string',
'computeType': 'BUILD_GENERAL1_SMALL'|'BUILD_GENERAL1_MEDIUM'|'BUILD_GENERAL1_LARGE'|'BUILD_GENERAL1_2XLARGE',
'environmentVariables': [
{
'name': 'string',
'value': 'string',
'type': 'PLAINTEXT'|'PARAMETER_STORE'|'SECRETS_MANAGER'
},
],
'privilegedMode': True|False,
'certificate': 'string',
'registryCredential': {
'credential': 'string',
'credentialProvider': 'SECRETS_MANAGER'
},
'imagePullCredentialsType': 'CODEBUILD'|'SERVICE_ROLE'
},
'serviceRole': 'string',
'logs': {
'groupName': 'string',
'streamName': 'string',
'deepLink': 'string',
's3DeepLink': 'string',
'cloudWatchLogsArn': 'string',
's3LogsArn': 'string',
'cloudWatchLogs': {
'status': 'ENABLED'|'DISABLED',
'groupName': 'string',
'streamName': 'string'
},
's3Logs': {
'status': 'ENABLED'|'DISABLED',
'location': 'string',
'encryptionDisabled': True|False,
'bucketOwnerAccess': 'NONE'|'READ_ONLY'|'FULL'
}
},
'timeoutInMinutes': 123,
'queuedTimeoutInMinutes': 123,
'buildComplete': True|False,
'initiator': 'string',
'vpcConfig': {
'vpcId': 'string',
'subnets': [
'string',
],
'securityGroupIds': [
'string',
]
},
'networkInterface': {
'subnetId': 'string',
'networkInterfaceId': 'string'
},
'encryptionKey': 'string',
'exportedEnvironmentVariables': [
{
'name': 'string',
'value': 'string'
},
],
'reportArns': [
'string',
],
'fileSystemLocations': [
{
'type': 'EFS',
'location': 'string',
'mountPoint': 'string',
'identifier': 'string',
'mountOptions': 'string'
},
],
'debugSession': {
'sessionEnabled': True|False,
'sessionTarget': 'string'
},
'buildBatchArn': 'string'
}
}
Response Structure
(dict) --
build (dict) --
Information about the build to be run.
id (string) --
The unique ID for the build.
arn (string) --
The Amazon Resource Name (ARN) of the build.
buildNumber (integer) --
The number of the build. For each project, the buildNumber of its first build is 1 . The buildNumber of each subsequent build is incremented by 1 . If a build is deleted, the buildNumber of other builds does not change.
startTime (datetime) --
When the build process started, expressed in Unix time format.
endTime (datetime) --
When the build process ended, expressed in Unix time format.
currentPhase (string) --
The current build phase.
buildStatus (string) --
The current status of the build. Valid values include:
sourceVersion (string) --
Any version identifier for the version of the source code to be built. If sourceVersion is specified at the project level, then this sourceVersion (at the build level) takes precedence.
For more information, see Source Version Sample with CodeBuild in the CodeBuild User Guide .
resolvedSourceVersion (string) --
An identifier for the version of this build's source code.
projectName (string) --
The name of the CodeBuild project.
phases (list) --
Information about all previous build phases that are complete and information about any current build phase that is not yet complete.
(dict) --
Information about a stage for a build.
phaseType (string) --
The name of the build phase. Valid values include:
BUILD
Core build activities typically occur in this build phase.
COMPLETED
The build has been completed.
DOWNLOAD_SOURCE
Source code is being downloaded in this build phase.
FINALIZING
The build process is completing in this build phase.
INSTALL
Installation activities typically occur in this build phase.
POST_BUILD
Post-build activities typically occur in this build phase.
PRE_BUILD
Pre-build activities typically occur in this build phase.
PROVISIONING
The build environment is being set up.
QUEUED
The build has been submitted and is queued behind other submitted builds.
SUBMITTED
The build has been submitted.
UPLOAD_ARTIFACTS
Build output artifacts are being uploaded to the output location.
phaseStatus (string) --
The current status of the build phase. Valid values include:
FAILED
The build phase failed.
FAULT
The build phase faulted.
IN_PROGRESS
The build phase is still in progress.
STOPPED
The build phase stopped.
SUCCEEDED
The build phase succeeded.
TIMED_OUT
The build phase timed out.
startTime (datetime) --
When the build phase started, expressed in Unix time format.
endTime (datetime) --
When the build phase ended, expressed in Unix time format.
durationInSeconds (integer) --
How long, in seconds, between the starting and ending times of the build's phase.
contexts (list) --
Additional information about a build phase, especially to help troubleshoot a failed build.
(dict) --
Additional information about a build phase that has an error. You can use this information for troubleshooting.
statusCode (string) --
The status code for the context of the build phase.
message (string) --
An explanation of the build phase's context. This might include a command ID and an exit code.
source (dict) --
Information about the source code to be built.
type (string) --
The type of repository that contains the source code to be built. Valid values include:
location (string) --
Information about the location of the source code to be built. Valid values include:
If you specify CODEPIPELINE for the Type property, don't specify this property. For all of the other types, you must specify Location .
gitCloneDepth (integer) --
Information about the Git clone depth for the build project.
gitSubmodulesConfig (dict) --
Information about the Git submodules configuration for the build project.
fetchSubmodules (boolean) --
Set to true to fetch Git submodules for your CodeBuild build project.
buildspec (string) --
The buildspec file declaration to use for the builds in this build project.
If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in CODEBUILD_SRC_DIR environment variable, or the path to an S3 bucket. The bucket must be in the same Amazon Web Services Region as the build project. Specify the buildspec file using its ARN (for example, arn:aws:s3:::my-codebuild-sample2/buildspec.yml ). If this value is not provided or is set to an empty string, the source code must contain a buildspec file in its root directory. For more information, see Buildspec File Name and Storage Location .
auth (dict) --
Information about the authorization settings for CodeBuild to access the source code to be built.
This information is for the CodeBuild console's use only. Your code should not get or set this information directly.
type (string) --
Note
This data type is deprecated and is no longer accurate or used.
The authorization type to use. The only valid value is OAUTH , which represents the OAuth authorization type.
resource (string) --
The resource value that applies to the specified authorization type.
reportBuildStatus (boolean) --
Set to true to report the status of a build's start and finish to your source provider. This option is valid only when your source provider is GitHub, GitHub Enterprise, or Bitbucket. If this is set and you use a different source provider, an invalidInputException is thrown.
To be able to report the build status to the source provider, the user associated with the source provider must have write access to the repo. If the user does not have write access, the build status cannot be updated. For more information, see Source provider access in the CodeBuild User Guide .
The status of a build triggered by a webhook is always reported to your source provider.
If your project's builds are triggered by a webhook, you must push a new commit to the repo for a change to this property to take effect.
buildStatusConfig (dict) --
Contains information that defines how the build project reports the build status to the source provider. This option is only used when the source provider is GITHUB , GITHUB_ENTERPRISE , or BITBUCKET .
context (string) --
Specifies the context of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the name parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the context parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
targetUrl (string) --
Specifies the target url of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the url parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the target_url parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
insecureSsl (boolean) --
Enable this flag to ignore SSL warnings while connecting to the project source code.
sourceIdentifier (string) --
An identifier for this project source. The identifier can only contain alphanumeric characters and underscores, and must be less than 128 characters in length.
secondarySources (list) --
An array of ProjectSource objects.
(dict) --
Information about the build input source code for the build project.
type (string) --
The type of repository that contains the source code to be built. Valid values include:
location (string) --
Information about the location of the source code to be built. Valid values include:
If you specify CODEPIPELINE for the Type property, don't specify this property. For all of the other types, you must specify Location .
gitCloneDepth (integer) --
Information about the Git clone depth for the build project.
gitSubmodulesConfig (dict) --
Information about the Git submodules configuration for the build project.
fetchSubmodules (boolean) --
Set to true to fetch Git submodules for your CodeBuild build project.
buildspec (string) --
The buildspec file declaration to use for the builds in this build project.
If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in CODEBUILD_SRC_DIR environment variable, or the path to an S3 bucket. The bucket must be in the same Amazon Web Services Region as the build project. Specify the buildspec file using its ARN (for example, arn:aws:s3:::my-codebuild-sample2/buildspec.yml ). If this value is not provided or is set to an empty string, the source code must contain a buildspec file in its root directory. For more information, see Buildspec File Name and Storage Location .
auth (dict) --
Information about the authorization settings for CodeBuild to access the source code to be built.
This information is for the CodeBuild console's use only. Your code should not get or set this information directly.
type (string) --
Note
This data type is deprecated and is no longer accurate or used.
The authorization type to use. The only valid value is OAUTH , which represents the OAuth authorization type.
resource (string) --
The resource value that applies to the specified authorization type.
reportBuildStatus (boolean) --
Set to true to report the status of a build's start and finish to your source provider. This option is valid only when your source provider is GitHub, GitHub Enterprise, or Bitbucket. If this is set and you use a different source provider, an invalidInputException is thrown.
To be able to report the build status to the source provider, the user associated with the source provider must have write access to the repo. If the user does not have write access, the build status cannot be updated. For more information, see Source provider access in the CodeBuild User Guide .
The status of a build triggered by a webhook is always reported to your source provider.
If your project's builds are triggered by a webhook, you must push a new commit to the repo for a change to this property to take effect.
buildStatusConfig (dict) --
Contains information that defines how the build project reports the build status to the source provider. This option is only used when the source provider is GITHUB , GITHUB_ENTERPRISE , or BITBUCKET .
context (string) --
Specifies the context of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the name parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the context parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
targetUrl (string) --
Specifies the target url of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the url parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the target_url parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
insecureSsl (boolean) --
Enable this flag to ignore SSL warnings while connecting to the project source code.
sourceIdentifier (string) --
An identifier for this project source. The identifier can only contain alphanumeric characters and underscores, and must be less than 128 characters in length.
secondarySourceVersions (list) --
An array of ProjectSourceVersion objects. Each ProjectSourceVersion must be one of:
(dict) --
A source identifier and its corresponding version.
sourceIdentifier (string) --
An identifier for a source in the build project. The identifier can only contain alphanumeric characters and underscores, and must be less than 128 characters in length.
sourceVersion (string) --
The source version for the corresponding source identifier. If specified, must be one of:
For more information, see Source Version Sample with CodeBuild in the CodeBuild User Guide .
artifacts (dict) --
Information about the output artifacts for the build.
location (string) --
Information about the location of the build artifacts.
sha256sum (string) --
The SHA-256 hash of the build artifact.
You can use this hash along with a checksum tool to confirm file integrity and authenticity.
Note
This value is available only if the build project's packaging value is set to ZIP .
md5sum (string) --
The MD5 hash of the build artifact.
You can use this hash along with a checksum tool to confirm file integrity and authenticity.
Note
This value is available only if the build project's packaging value is set to ZIP .
overrideArtifactName (boolean) --
If this flag is set, a name specified in the buildspec file overrides the artifact name. The name specified in a buildspec file is calculated at build time and uses the Shell Command Language. For example, you can append a date and time to your artifact name so that it is always unique.
encryptionDisabled (boolean) --
Information that tells you if encryption for build artifacts is disabled.
artifactIdentifier (string) --
An identifier for this artifact definition.
bucketOwnerAccess (string) --
Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects.
Note
To use this property, your CodeBuild service role must have the s3:PutBucketAcl permission. This permission allows CodeBuild to modify the access control list for the bucket.
This property can be one of the following values:
NONE
The bucket owner does not have access to the objects. This is the default.
READ_ONLY
The bucket owner has read-only access to the objects. The uploading account retains ownership of the objects.
FULL
The bucket owner has full access to the objects. Object ownership is determined by the following criteria:
For more information about Amazon S3 object ownership, see Controlling ownership of uploaded objects using S3 Object Ownership in the Amazon Simple Storage Service User Guide .
secondaryArtifacts (list) --
An array of ProjectArtifacts objects.
(dict) --
Information about build output artifacts.
location (string) --
Information about the location of the build artifacts.
sha256sum (string) --
The SHA-256 hash of the build artifact.
You can use this hash along with a checksum tool to confirm file integrity and authenticity.
Note
This value is available only if the build project's packaging value is set to ZIP .
md5sum (string) --
The MD5 hash of the build artifact.
You can use this hash along with a checksum tool to confirm file integrity and authenticity.
Note
This value is available only if the build project's packaging value is set to ZIP .
overrideArtifactName (boolean) --
If this flag is set, a name specified in the buildspec file overrides the artifact name. The name specified in a buildspec file is calculated at build time and uses the Shell Command Language. For example, you can append a date and time to your artifact name so that it is always unique.
encryptionDisabled (boolean) --
Information that tells you if encryption for build artifacts is disabled.
artifactIdentifier (string) --
An identifier for this artifact definition.
bucketOwnerAccess (string) --
Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects.
Note
To use this property, your CodeBuild service role must have the s3:PutBucketAcl permission. This permission allows CodeBuild to modify the access control list for the bucket.
This property can be one of the following values:
NONE
The bucket owner does not have access to the objects. This is the default.
READ_ONLY
The bucket owner has read-only access to the objects. The uploading account retains ownership of the objects.
FULL
The bucket owner has full access to the objects. Object ownership is determined by the following criteria:
For more information about Amazon S3 object ownership, see Controlling ownership of uploaded objects using S3 Object Ownership in the Amazon Simple Storage Service User Guide .
cache (dict) --
Information about the cache for the build.
type (string) --
The type of cache used by the build project. Valid values include:
location (string) --
Information about the cache location:
modes (list) --
An array of strings that specify the local cache modes. You can use one or more local cache modes at the same time. This is only used for LOCAL cache types.
Possible values are:
LOCAL_SOURCE_CACHE
Caches Git metadata for primary and secondary sources. After the cache is created, subsequent builds pull only the change between commits. This mode is a good choice for projects with a clean working directory and a source that is a large Git repository. If you choose this option and your project does not use a Git repository (GitHub, GitHub Enterprise, or Bitbucket), the option is ignored.
LOCAL_DOCKER_LAYER_CACHE
Caches existing Docker layers. This mode is a good choice for projects that build or pull large Docker images. It can prevent the performance issues caused by pulling large Docker images down from the network.
Note
LOCAL_CUSTOM_CACHE
Caches directories you specify in the buildspec file. This mode is a good choice if your build scenario is not suited to one of the other three local cache modes. If you use a custom cache:
environment (dict) --
Information about the build environment for this build.
type (string) --
The type of build environment to use for related builds.
For more information, see Build environment compute types in the CodeBuild user guide .
image (string) --
The image tag or image digest that identifies the Docker image to use for this build project. Use the following formats:
For more information, see Docker images provided by CodeBuild in the CodeBuild user guide .
computeType (string) --
Information about the compute resources the build project uses. Available values include:
If you use BUILD_GENERAL1_LARGE :
For more information, see Build Environment Compute Types in the CodeBuild User Guide.
environmentVariables (list) --
A set of environment variables to make available to builds for this build project.
(dict) --
Information about an environment variable for a build project or a build.
name (string) --
The name or key of the environment variable.
value (string) --
The value of the environment variable.
Warning
We strongly discourage the use of PLAINTEXT environment variables to store sensitive values, especially Amazon Web Services secret key IDs and secret access keys. PLAINTEXT environment variables can be displayed in plain text using the CodeBuild console and the CLI. For sensitive values, we recommend you use an environment variable of type PARAMETER_STORE or SECRETS_MANAGER .
type (string) --
The type of environment variable. Valid values include:
privilegedMode (boolean) --
Enables running the Docker daemon inside a Docker container. Set to true only if the build project is used to build Docker images. Otherwise, a build that attempts to interact with the Docker daemon fails. The default setting is false .
You can initialize the Docker daemon during the install phase of your build by adding one of the following sets of commands to the install phase of your buildspec file:
If the operating system's base image is Ubuntu Linux:
- nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 --storage-driver=overlay&
- timeout 15 sh -c "until docker info; do echo .; sleep 1; done"
If the operating system's base image is Alpine Linux and the previous command does not work, add the -t argument to timeout :
- nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 --storage-driver=overlay&
- timeout -t 15 sh -c "until docker info; do echo .; sleep 1; done"
certificate (string) --
The ARN of the Amazon S3 bucket, path prefix, and object key that contains the PEM-encoded certificate for the build project. For more information, see certificate in the CodeBuild User Guide .
registryCredential (dict) --
The credentials for access to a private registry.
credential (string) --
The Amazon Resource Name (ARN) or name of credentials created using Secrets Manager.
Note
The credential can use the name of the credentials only if they exist in your current Amazon Web Services Region.
credentialProvider (string) --
The service that created the credentials to access a private Docker registry. The valid value, SECRETS_MANAGER, is for Secrets Manager.
imagePullCredentialsType (string) --
The type of credentials CodeBuild uses to pull images in your build. There are two valid values:
When you use a cross-account or private registry image, you must use SERVICE_ROLE credentials. When you use an CodeBuild curated image, you must use CODEBUILD credentials.
serviceRole (string) --
The name of a service role used for this build.
logs (dict) --
Information about the build's logs in CloudWatch Logs.
groupName (string) --
The name of the CloudWatch Logs group for the build logs.
streamName (string) --
The name of the CloudWatch Logs stream for the build logs.
deepLink (string) --
The URL to an individual build log in CloudWatch Logs.
s3DeepLink (string) --
The URL to a build log in an S3 bucket.
cloudWatchLogsArn (string) --
The ARN of CloudWatch Logs for a build project. Its format is arn:${Partition}:logs:${Region}:${Account}:log-group:${LogGroupName}:log-stream:${LogStreamName} . For more information, see Resources Defined by CloudWatch Logs .
s3LogsArn (string) --
The ARN of S3 logs for a build project. Its format is arn:${Partition}:s3:::${BucketName}/${ObjectName} . For more information, see Resources Defined by Amazon S3 .
cloudWatchLogs (dict) --
Information about CloudWatch Logs for a build project.
status (string) --
The current status of the logs in CloudWatch Logs for a build project. Valid values are:
groupName (string) --
The group name of the logs in CloudWatch Logs. For more information, see Working with Log Groups and Log Streams .
streamName (string) --
The prefix of the stream name of the CloudWatch Logs. For more information, see Working with Log Groups and Log Streams .
s3Logs (dict) --
Information about S3 logs for a build project.
status (string) --
The current status of the S3 build logs. Valid values are:
location (string) --
The ARN of an S3 bucket and the path prefix for S3 logs. If your Amazon S3 bucket name is my-bucket , and your path prefix is build-log , then acceptable formats are my-bucket/build-log or arn:aws:s3:::my-bucket/build-log .
encryptionDisabled (boolean) --
Set to true if you do not want your S3 build log output encrypted. By default S3 build logs are encrypted.
bucketOwnerAccess (string) --
Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects.
Note
To use this property, your CodeBuild service role must have the s3:PutBucketAcl permission. This permission allows CodeBuild to modify the access control list for the bucket.
This property can be one of the following values:
NONE
The bucket owner does not have access to the objects. This is the default.
READ_ONLY
The bucket owner has read-only access to the objects. The uploading account retains ownership of the objects.
FULL
The bucket owner has full access to the objects. Object ownership is determined by the following criteria:
For more information about Amazon S3 object ownership, see Controlling ownership of uploaded objects using S3 Object Ownership in the Amazon Simple Storage Service User Guide .
timeoutInMinutes (integer) --
How long, in minutes, for CodeBuild to wait before timing out this build if it does not get marked as completed.
queuedTimeoutInMinutes (integer) --
The number of minutes a build is allowed to be queued before it times out.
buildComplete (boolean) --
Whether the build is complete. True if complete; otherwise, false.
initiator (string) --
The entity that started the build. Valid values include:
vpcConfig (dict) --
If your CodeBuild project accesses resources in an Amazon VPC, you provide this parameter that identifies the VPC ID and the list of security group IDs and subnet IDs. The security groups and subnets must belong to the same VPC. You must provide at least one security group and one subnet ID.
vpcId (string) --
The ID of the Amazon VPC.
subnets (list) --
A list of one or more subnet IDs in your Amazon VPC.
securityGroupIds (list) --
A list of one or more security groups IDs in your Amazon VPC.
networkInterface (dict) --
Describes a network interface.
subnetId (string) --
The ID of the subnet.
networkInterfaceId (string) --
The ID of the network interface.
encryptionKey (string) --
The Key Management Service customer master key (CMK) to be used for encrypting the build output artifacts.
Note
You can use a cross-account KMS key to encrypt the build output artifacts if your service role has permission to that key.
You can specify either the Amazon Resource Name (ARN) of the CMK or, if available, the CMK's alias (using the format alias/<alias-name> ).
exportedEnvironmentVariables (list) --
A list of exported environment variables for this build.
Exported environment variables are used in conjunction with CodePipeline to export environment variables from the current build stage to subsequent stages in the pipeline. For more information, see Working with variables in the CodePipeline User Guide .
(dict) --
Contains information about an exported environment variable.
Exported environment variables are used in conjunction with CodePipeline to export environment variables from the current build stage to subsequent stages in the pipeline. For more information, see Working with variables in the CodePipeline User Guide .
Note
During a build, the value of a variable is available starting with the install phase. It can be updated between the start of the install phase and the end of the post_build phase. After the post_build phase ends, the value of exported variables cannot change.
name (string) --
The name of the exported environment variable.
value (string) --
The value assigned to the exported environment variable.
reportArns (list) --
An array of the ARNs associated with this build's reports.
fileSystemLocations (list) --
An array of ProjectFileSystemLocation objects for a CodeBuild build project. A ProjectFileSystemLocation object specifies the identifier , location , mountOptions , mountPoint , and type of a file system created using Amazon Elastic File System.
(dict) --
Information about a file system created by Amazon Elastic File System (EFS). For more information, see What Is Amazon Elastic File System?
type (string) --
The type of the file system. The one supported type is EFS .
location (string) --
A string that specifies the location of the file system created by Amazon EFS. Its format is efs-dns-name:/directory-path . You can find the DNS name of file system when you view it in the Amazon EFS console. The directory path is a path to a directory in the file system that CodeBuild mounts. For example, if the DNS name of a file system is fs-abcd1234.efs.us-west-2.amazonaws.com , and its mount directory is my-efs-mount-directory , then the location is fs-abcd1234.efs.us-west-2.amazonaws.com:/my-efs-mount-directory .
The directory path in the format efs-dns-name:/directory-path is optional. If you do not specify a directory path, the location is only the DNS name and CodeBuild mounts the entire file system.
mountPoint (string) --
The location in the container where you mount the file system.
identifier (string) --
The name used to access a file system created by Amazon EFS. CodeBuild creates an environment variable by appending the identifier in all capital letters to CODEBUILD_ . For example, if you specify my_efs for identifier , a new environment variable is create named CODEBUILD_MY_EFS .
The identifier is used to mount your file system.
mountOptions (string) --
The mount options for a file system created by Amazon EFS. The default mount options used by CodeBuild are nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 . For more information, see Recommended NFS Mount Options .
debugSession (dict) --
Contains information about the debug session for this build.
sessionEnabled (boolean) --
Specifies if session debugging is enabled for this build.
sessionTarget (string) --
Contains the identifier of the Session Manager session used for the build. To work with the paused build, you open this session to examine, control, and resume the build.
buildBatchArn (string) --
The ARN of the batch build that this build is a member of, if applicable.
Exceptions
Starts a batch build for a project.
See also: AWS API Documentation
Request Syntax
response = client.start_build_batch(
projectName='string',
secondarySourcesOverride=[
{
'type': 'CODECOMMIT'|'CODEPIPELINE'|'GITHUB'|'S3'|'BITBUCKET'|'GITHUB_ENTERPRISE'|'NO_SOURCE',
'location': 'string',
'gitCloneDepth': 123,
'gitSubmodulesConfig': {
'fetchSubmodules': True|False
},
'buildspec': 'string',
'auth': {
'type': 'OAUTH',
'resource': 'string'
},
'reportBuildStatus': True|False,
'buildStatusConfig': {
'context': 'string',
'targetUrl': 'string'
},
'insecureSsl': True|False,
'sourceIdentifier': 'string'
},
],
secondarySourcesVersionOverride=[
{
'sourceIdentifier': 'string',
'sourceVersion': 'string'
},
],
sourceVersion='string',
artifactsOverride={
'type': 'CODEPIPELINE'|'S3'|'NO_ARTIFACTS',
'location': 'string',
'path': 'string',
'namespaceType': 'NONE'|'BUILD_ID',
'name': 'string',
'packaging': 'NONE'|'ZIP',
'overrideArtifactName': True|False,
'encryptionDisabled': True|False,
'artifactIdentifier': 'string',
'bucketOwnerAccess': 'NONE'|'READ_ONLY'|'FULL'
},
secondaryArtifactsOverride=[
{
'type': 'CODEPIPELINE'|'S3'|'NO_ARTIFACTS',
'location': 'string',
'path': 'string',
'namespaceType': 'NONE'|'BUILD_ID',
'name': 'string',
'packaging': 'NONE'|'ZIP',
'overrideArtifactName': True|False,
'encryptionDisabled': True|False,
'artifactIdentifier': 'string',
'bucketOwnerAccess': 'NONE'|'READ_ONLY'|'FULL'
},
],
environmentVariablesOverride=[
{
'name': 'string',
'value': 'string',
'type': 'PLAINTEXT'|'PARAMETER_STORE'|'SECRETS_MANAGER'
},
],
sourceTypeOverride='CODECOMMIT'|'CODEPIPELINE'|'GITHUB'|'S3'|'BITBUCKET'|'GITHUB_ENTERPRISE'|'NO_SOURCE',
sourceLocationOverride='string',
sourceAuthOverride={
'type': 'OAUTH',
'resource': 'string'
},
gitCloneDepthOverride=123,
gitSubmodulesConfigOverride={
'fetchSubmodules': True|False
},
buildspecOverride='string',
insecureSslOverride=True|False,
reportBuildBatchStatusOverride=True|False,
environmentTypeOverride='WINDOWS_CONTAINER'|'LINUX_CONTAINER'|'LINUX_GPU_CONTAINER'|'ARM_CONTAINER'|'WINDOWS_SERVER_2019_CONTAINER',
imageOverride='string',
computeTypeOverride='BUILD_GENERAL1_SMALL'|'BUILD_GENERAL1_MEDIUM'|'BUILD_GENERAL1_LARGE'|'BUILD_GENERAL1_2XLARGE',
certificateOverride='string',
cacheOverride={
'type': 'NO_CACHE'|'S3'|'LOCAL',
'location': 'string',
'modes': [
'LOCAL_DOCKER_LAYER_CACHE'|'LOCAL_SOURCE_CACHE'|'LOCAL_CUSTOM_CACHE',
]
},
serviceRoleOverride='string',
privilegedModeOverride=True|False,
buildTimeoutInMinutesOverride=123,
queuedTimeoutInMinutesOverride=123,
encryptionKeyOverride='string',
idempotencyToken='string',
logsConfigOverride={
'cloudWatchLogs': {
'status': 'ENABLED'|'DISABLED',
'groupName': 'string',
'streamName': 'string'
},
's3Logs': {
'status': 'ENABLED'|'DISABLED',
'location': 'string',
'encryptionDisabled': True|False,
'bucketOwnerAccess': 'NONE'|'READ_ONLY'|'FULL'
}
},
registryCredentialOverride={
'credential': 'string',
'credentialProvider': 'SECRETS_MANAGER'
},
imagePullCredentialsTypeOverride='CODEBUILD'|'SERVICE_ROLE',
buildBatchConfigOverride={
'serviceRole': 'string',
'combineArtifacts': True|False,
'restrictions': {
'maximumBuildsAllowed': 123,
'computeTypesAllowed': [
'string',
]
},
'timeoutInMins': 123,
'batchReportMode': 'REPORT_INDIVIDUAL_BUILDS'|'REPORT_AGGREGATED_BATCH'
},
debugSessionEnabled=True|False
)
[REQUIRED]
The name of the project.
An array of ProjectSource objects that override the secondary sources defined in the batch build project.
Information about the build input source code for the build project.
The type of repository that contains the source code to be built. Valid values include:
Information about the location of the source code to be built. Valid values include:
If you specify CODEPIPELINE for the Type property, don't specify this property. For all of the other types, you must specify Location .
Information about the Git clone depth for the build project.
Information about the Git submodules configuration for the build project.
Set to true to fetch Git submodules for your CodeBuild build project.
The buildspec file declaration to use for the builds in this build project.
If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in CODEBUILD_SRC_DIR environment variable, or the path to an S3 bucket. The bucket must be in the same Amazon Web Services Region as the build project. Specify the buildspec file using its ARN (for example, arn:aws:s3:::my-codebuild-sample2/buildspec.yml ). If this value is not provided or is set to an empty string, the source code must contain a buildspec file in its root directory. For more information, see Buildspec File Name and Storage Location .
Information about the authorization settings for CodeBuild to access the source code to be built.
This information is for the CodeBuild console's use only. Your code should not get or set this information directly.
Note
This data type is deprecated and is no longer accurate or used.
The authorization type to use. The only valid value is OAUTH , which represents the OAuth authorization type.
The resource value that applies to the specified authorization type.
Set to true to report the status of a build's start and finish to your source provider. This option is valid only when your source provider is GitHub, GitHub Enterprise, or Bitbucket. If this is set and you use a different source provider, an invalidInputException is thrown.
To be able to report the build status to the source provider, the user associated with the source provider must have write access to the repo. If the user does not have write access, the build status cannot be updated. For more information, see Source provider access in the CodeBuild User Guide .
The status of a build triggered by a webhook is always reported to your source provider.
If your project's builds are triggered by a webhook, you must push a new commit to the repo for a change to this property to take effect.
Contains information that defines how the build project reports the build status to the source provider. This option is only used when the source provider is GITHUB , GITHUB_ENTERPRISE , or BITBUCKET .
Specifies the context of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the name parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the context parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
Specifies the target url of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the url parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the target_url parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
Enable this flag to ignore SSL warnings while connecting to the project source code.
An identifier for this project source. The identifier can only contain alphanumeric characters and underscores, and must be less than 128 characters in length.
An array of ProjectSourceVersion objects that override the secondary source versions in the batch build project.
A source identifier and its corresponding version.
An identifier for a source in the build project. The identifier can only contain alphanumeric characters and underscores, and must be less than 128 characters in length.
The source version for the corresponding source identifier. If specified, must be one of:
For more information, see Source Version Sample with CodeBuild in the CodeBuild User Guide .
The version of the batch build input to be built, for this build only. If not specified, the latest version is used. If specified, the contents depends on the source provider:
CodeCommit
The commit ID, branch, or Git tag to use.
GitHub
The commit ID, pull request ID, branch name, or tag name that corresponds to the version of the source code you want to build. If a pull request ID is specified, it must use the format pr/pull-request-ID (for example pr/25 ). If a branch name is specified, the branch's HEAD commit ID is used. If not specified, the default branch's HEAD commit ID is used.
Bitbucket
The commit ID, branch name, or tag name that corresponds to the version of the source code you want to build. If a branch name is specified, the branch's HEAD commit ID is used. If not specified, the default branch's HEAD commit ID is used.
Amazon S3
The version ID of the object that represents the build input ZIP file to use.
If sourceVersion is specified at the project level, then this sourceVersion (at the build level) takes precedence.
For more information, see Source Version Sample with CodeBuild in the CodeBuild User Guide .
An array of ProjectArtifacts objects that contains information about the build output artifact overrides for the build project.
The type of build output artifact. Valid values include:
Note
The CODEPIPELINE type is not supported for secondaryArtifacts .
Information about the build output artifact location:
Along with namespaceType and name , the pattern that CodeBuild uses to name and store the output artifact:
For example, if path is set to MyArtifacts , namespaceType is set to NONE , and name is set to MyArtifact.zip , the output artifact is stored in the output bucket at MyArtifacts/MyArtifact.zip .
Along with path and name , the pattern that CodeBuild uses to determine the name and location to store the output artifact:
For example, if path is set to MyArtifacts , namespaceType is set to BUILD_ID , and name is set to MyArtifact.zip , the output artifact is stored in MyArtifacts/<build-ID>/MyArtifact.zip .
Along with path and namespaceType , the pattern that CodeBuild uses to name and store the output artifact:
For example:
The type of build output artifact to create:
If this flag is set, a name specified in the buildspec file overrides the artifact name. The name specified in a buildspec file is calculated at build time and uses the Shell Command Language. For example, you can append a date and time to your artifact name so that it is always unique.
Set to true if you do not want your output artifacts encrypted. This option is valid only if your artifacts type is Amazon S3. If this is set with another artifacts type, an invalidInputException is thrown.
An identifier for this artifact definition.
Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects.
Note
To use this property, your CodeBuild service role must have the s3:PutBucketAcl permission. This permission allows CodeBuild to modify the access control list for the bucket.
This property can be one of the following values:
NONE
The bucket owner does not have access to the objects. This is the default.
READ_ONLY
The bucket owner has read-only access to the objects. The uploading account retains ownership of the objects.
FULL
The bucket owner has full access to the objects. Object ownership is determined by the following criteria:
For more information about Amazon S3 object ownership, see Controlling ownership of uploaded objects using S3 Object Ownership in the Amazon Simple Storage Service User Guide .
An array of ProjectArtifacts objects that override the secondary artifacts defined in the batch build project.
Information about the build output artifacts for the build project.
The type of build output artifact. Valid values include:
Note
The CODEPIPELINE type is not supported for secondaryArtifacts .
Information about the build output artifact location:
Along with namespaceType and name , the pattern that CodeBuild uses to name and store the output artifact:
For example, if path is set to MyArtifacts , namespaceType is set to NONE , and name is set to MyArtifact.zip , the output artifact is stored in the output bucket at MyArtifacts/MyArtifact.zip .
Along with path and name , the pattern that CodeBuild uses to determine the name and location to store the output artifact:
For example, if path is set to MyArtifacts , namespaceType is set to BUILD_ID , and name is set to MyArtifact.zip , the output artifact is stored in MyArtifacts/<build-ID>/MyArtifact.zip .
Along with path and namespaceType , the pattern that CodeBuild uses to name and store the output artifact:
For example:
The type of build output artifact to create:
If this flag is set, a name specified in the buildspec file overrides the artifact name. The name specified in a buildspec file is calculated at build time and uses the Shell Command Language. For example, you can append a date and time to your artifact name so that it is always unique.
Set to true if you do not want your output artifacts encrypted. This option is valid only if your artifacts type is Amazon S3. If this is set with another artifacts type, an invalidInputException is thrown.
An identifier for this artifact definition.
Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects.
Note
To use this property, your CodeBuild service role must have the s3:PutBucketAcl permission. This permission allows CodeBuild to modify the access control list for the bucket.
This property can be one of the following values:
NONE
The bucket owner does not have access to the objects. This is the default.
READ_ONLY
The bucket owner has read-only access to the objects. The uploading account retains ownership of the objects.
FULL
The bucket owner has full access to the objects. Object ownership is determined by the following criteria:
For more information about Amazon S3 object ownership, see Controlling ownership of uploaded objects using S3 Object Ownership in the Amazon Simple Storage Service User Guide .
An array of EnvironmentVariable objects that override, or add to, the environment variables defined in the batch build project.
Information about an environment variable for a build project or a build.
The name or key of the environment variable.
The value of the environment variable.
Warning
We strongly discourage the use of PLAINTEXT environment variables to store sensitive values, especially Amazon Web Services secret key IDs and secret access keys. PLAINTEXT environment variables can be displayed in plain text using the CodeBuild console and the CLI. For sensitive values, we recommend you use an environment variable of type PARAMETER_STORE or SECRETS_MANAGER .
The type of environment variable. Valid values include:
A SourceAuth object that overrides the one defined in the batch build project. This override applies only if the build project's source is BitBucket or GitHub.
Note
This data type is deprecated and is no longer accurate or used.
The authorization type to use. The only valid value is OAUTH , which represents the OAuth authorization type.
The resource value that applies to the specified authorization type.
A GitSubmodulesConfig object that overrides the Git submodules configuration for this batch build.
Set to true to fetch Git submodules for your CodeBuild build project.
A buildspec file declaration that overrides, for this build only, the latest one already defined in the build project.
If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in CODEBUILD_SRC_DIR environment variable, or the path to an S3 bucket. The bucket must be in the same Amazon Web Services Region as the build project. Specify the buildspec file using its ARN (for example, arn:aws:s3:::my-codebuild-sample2/buildspec.yml ). If this value is not provided or is set to an empty string, the source code must contain a buildspec file in its root directory. For more information, see Buildspec File Name and Storage Location .
Set to true to report to your source provider the status of a batch build's start and completion. If you use this option with a source provider other than GitHub, GitHub Enterprise, or Bitbucket, an invalidInputException is thrown.
Note
The status of a build triggered by a webhook is always reported to your source provider.
A ProjectCache object that specifies cache overrides.
The type of cache used by the build project. Valid values include:
Information about the cache location:
An array of strings that specify the local cache modes. You can use one or more local cache modes at the same time. This is only used for LOCAL cache types.
Possible values are:
LOCAL_SOURCE_CACHE
Caches Git metadata for primary and secondary sources. After the cache is created, subsequent builds pull only the change between commits. This mode is a good choice for projects with a clean working directory and a source that is a large Git repository. If you choose this option and your project does not use a Git repository (GitHub, GitHub Enterprise, or Bitbucket), the option is ignored.
LOCAL_DOCKER_LAYER_CACHE
Caches existing Docker layers. This mode is a good choice for projects that build or pull large Docker images. It can prevent the performance issues caused by pulling large Docker images down from the network.
Note
LOCAL_CUSTOM_CACHE
Caches directories you specify in the buildspec file. This mode is a good choice if your build scenario is not suited to one of the other three local cache modes. If you use a custom cache:
The Key Management Service customer master key (CMK) that overrides the one specified in the batch build project. The CMK key encrypts the build output artifacts.
Note
You can use a cross-account KMS key to encrypt the build output artifacts if your service role has permission to that key.
You can specify either the Amazon Resource Name (ARN) of the CMK or, if available, the CMK's alias (using the format alias/<alias-name> ).
A LogsConfig object that override the log settings defined in the batch build project.
Information about CloudWatch Logs for a build project. CloudWatch Logs are enabled by default.
The current status of the logs in CloudWatch Logs for a build project. Valid values are:
The group name of the logs in CloudWatch Logs. For more information, see Working with Log Groups and Log Streams .
The prefix of the stream name of the CloudWatch Logs. For more information, see Working with Log Groups and Log Streams .
Information about logs built to an S3 bucket for a build project. S3 logs are not enabled by default.
The current status of the S3 build logs. Valid values are:
The ARN of an S3 bucket and the path prefix for S3 logs. If your Amazon S3 bucket name is my-bucket , and your path prefix is build-log , then acceptable formats are my-bucket/build-log or arn:aws:s3:::my-bucket/build-log .
Set to true if you do not want your S3 build log output encrypted. By default S3 build logs are encrypted.
Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects.
Note
To use this property, your CodeBuild service role must have the s3:PutBucketAcl permission. This permission allows CodeBuild to modify the access control list for the bucket.
This property can be one of the following values:
NONE
The bucket owner does not have access to the objects. This is the default.
READ_ONLY
The bucket owner has read-only access to the objects. The uploading account retains ownership of the objects.
FULL
The bucket owner has full access to the objects. Object ownership is determined by the following criteria:
For more information about Amazon S3 object ownership, see Controlling ownership of uploaded objects using S3 Object Ownership in the Amazon Simple Storage Service User Guide .
A RegistryCredential object that overrides credentials for access to a private registry.
The Amazon Resource Name (ARN) or name of credentials created using Secrets Manager.
Note
The credential can use the name of the credentials only if they exist in your current Amazon Web Services Region.
The service that created the credentials to access a private Docker registry. The valid value, SECRETS_MANAGER, is for Secrets Manager.
The type of credentials CodeBuild uses to pull images in your batch build. There are two valid values:
CODEBUILD
Specifies that CodeBuild uses its own credentials. This requires that you modify your ECR repository policy to trust CodeBuild's service principal.
SERVICE_ROLE
Specifies that CodeBuild uses your build project's service role.
When using a cross-account or private registry image, you must use SERVICE_ROLE credentials. When using an CodeBuild curated image, you must use CODEBUILD credentials.
A BuildBatchConfigOverride object that contains batch build configuration overrides.
Specifies the service role ARN for the batch build project.
Specifies if the build artifacts for the batch build should be combined into a single artifact location.
A BatchRestrictions object that specifies the restrictions for the batch build.
Specifies the maximum number of builds allowed.
An array of strings that specify the compute types that are allowed for the batch build. See Build environment compute types in the CodeBuild User Guide for these values.
Specifies the maximum amount of time, in minutes, that the batch build must be completed in.
Specifies how build status reports are sent to the source provider for the batch build. This property is only used when the source provider for your project is Bitbucket, GitHub, or GitHub Enterprise, and your project is configured to report build statuses to the source provider.
REPORT_AGGREGATED_BATCH
(Default) Aggregate all of the build statuses into a single status report.
REPORT_INDIVIDUAL_BUILDS
Send a separate status report for each individual build.
dict
Response Syntax
{
'buildBatch': {
'id': 'string',
'arn': 'string',
'startTime': datetime(2015, 1, 1),
'endTime': datetime(2015, 1, 1),
'currentPhase': 'string',
'buildBatchStatus': 'SUCCEEDED'|'FAILED'|'FAULT'|'TIMED_OUT'|'IN_PROGRESS'|'STOPPED',
'sourceVersion': 'string',
'resolvedSourceVersion': 'string',
'projectName': 'string',
'phases': [
{
'phaseType': 'SUBMITTED'|'DOWNLOAD_BATCHSPEC'|'IN_PROGRESS'|'COMBINE_ARTIFACTS'|'SUCCEEDED'|'FAILED'|'STOPPED',
'phaseStatus': 'SUCCEEDED'|'FAILED'|'FAULT'|'TIMED_OUT'|'IN_PROGRESS'|'STOPPED',
'startTime': datetime(2015, 1, 1),
'endTime': datetime(2015, 1, 1),
'durationInSeconds': 123,
'contexts': [
{
'statusCode': 'string',
'message': 'string'
},
]
},
],
'source': {
'type': 'CODECOMMIT'|'CODEPIPELINE'|'GITHUB'|'S3'|'BITBUCKET'|'GITHUB_ENTERPRISE'|'NO_SOURCE',
'location': 'string',
'gitCloneDepth': 123,
'gitSubmodulesConfig': {
'fetchSubmodules': True|False
},
'buildspec': 'string',
'auth': {
'type': 'OAUTH',
'resource': 'string'
},
'reportBuildStatus': True|False,
'buildStatusConfig': {
'context': 'string',
'targetUrl': 'string'
},
'insecureSsl': True|False,
'sourceIdentifier': 'string'
},
'secondarySources': [
{
'type': 'CODECOMMIT'|'CODEPIPELINE'|'GITHUB'|'S3'|'BITBUCKET'|'GITHUB_ENTERPRISE'|'NO_SOURCE',
'location': 'string',
'gitCloneDepth': 123,
'gitSubmodulesConfig': {
'fetchSubmodules': True|False
},
'buildspec': 'string',
'auth': {
'type': 'OAUTH',
'resource': 'string'
},
'reportBuildStatus': True|False,
'buildStatusConfig': {
'context': 'string',
'targetUrl': 'string'
},
'insecureSsl': True|False,
'sourceIdentifier': 'string'
},
],
'secondarySourceVersions': [
{
'sourceIdentifier': 'string',
'sourceVersion': 'string'
},
],
'artifacts': {
'location': 'string',
'sha256sum': 'string',
'md5sum': 'string',
'overrideArtifactName': True|False,
'encryptionDisabled': True|False,
'artifactIdentifier': 'string',
'bucketOwnerAccess': 'NONE'|'READ_ONLY'|'FULL'
},
'secondaryArtifacts': [
{
'location': 'string',
'sha256sum': 'string',
'md5sum': 'string',
'overrideArtifactName': True|False,
'encryptionDisabled': True|False,
'artifactIdentifier': 'string',
'bucketOwnerAccess': 'NONE'|'READ_ONLY'|'FULL'
},
],
'cache': {
'type': 'NO_CACHE'|'S3'|'LOCAL',
'location': 'string',
'modes': [
'LOCAL_DOCKER_LAYER_CACHE'|'LOCAL_SOURCE_CACHE'|'LOCAL_CUSTOM_CACHE',
]
},
'environment': {
'type': 'WINDOWS_CONTAINER'|'LINUX_CONTAINER'|'LINUX_GPU_CONTAINER'|'ARM_CONTAINER'|'WINDOWS_SERVER_2019_CONTAINER',
'image': 'string',
'computeType': 'BUILD_GENERAL1_SMALL'|'BUILD_GENERAL1_MEDIUM'|'BUILD_GENERAL1_LARGE'|'BUILD_GENERAL1_2XLARGE',
'environmentVariables': [
{
'name': 'string',
'value': 'string',
'type': 'PLAINTEXT'|'PARAMETER_STORE'|'SECRETS_MANAGER'
},
],
'privilegedMode': True|False,
'certificate': 'string',
'registryCredential': {
'credential': 'string',
'credentialProvider': 'SECRETS_MANAGER'
},
'imagePullCredentialsType': 'CODEBUILD'|'SERVICE_ROLE'
},
'serviceRole': 'string',
'logConfig': {
'cloudWatchLogs': {
'status': 'ENABLED'|'DISABLED',
'groupName': 'string',
'streamName': 'string'
},
's3Logs': {
'status': 'ENABLED'|'DISABLED',
'location': 'string',
'encryptionDisabled': True|False,
'bucketOwnerAccess': 'NONE'|'READ_ONLY'|'FULL'
}
},
'buildTimeoutInMinutes': 123,
'queuedTimeoutInMinutes': 123,
'complete': True|False,
'initiator': 'string',
'vpcConfig': {
'vpcId': 'string',
'subnets': [
'string',
],
'securityGroupIds': [
'string',
]
},
'encryptionKey': 'string',
'buildBatchNumber': 123,
'fileSystemLocations': [
{
'type': 'EFS',
'location': 'string',
'mountPoint': 'string',
'identifier': 'string',
'mountOptions': 'string'
},
],
'buildBatchConfig': {
'serviceRole': 'string',
'combineArtifacts': True|False,
'restrictions': {
'maximumBuildsAllowed': 123,
'computeTypesAllowed': [
'string',
]
},
'timeoutInMins': 123,
'batchReportMode': 'REPORT_INDIVIDUAL_BUILDS'|'REPORT_AGGREGATED_BATCH'
},
'buildGroups': [
{
'identifier': 'string',
'dependsOn': [
'string',
],
'ignoreFailure': True|False,
'currentBuildSummary': {
'arn': 'string',
'requestedOn': datetime(2015, 1, 1),
'buildStatus': 'SUCCEEDED'|'FAILED'|'FAULT'|'TIMED_OUT'|'IN_PROGRESS'|'STOPPED',
'primaryArtifact': {
'type': 'CODEPIPELINE'|'S3'|'NO_ARTIFACTS',
'location': 'string',
'identifier': 'string'
},
'secondaryArtifacts': [
{
'type': 'CODEPIPELINE'|'S3'|'NO_ARTIFACTS',
'location': 'string',
'identifier': 'string'
},
]
},
'priorBuildSummaryList': [
{
'arn': 'string',
'requestedOn': datetime(2015, 1, 1),
'buildStatus': 'SUCCEEDED'|'FAILED'|'FAULT'|'TIMED_OUT'|'IN_PROGRESS'|'STOPPED',
'primaryArtifact': {
'type': 'CODEPIPELINE'|'S3'|'NO_ARTIFACTS',
'location': 'string',
'identifier': 'string'
},
'secondaryArtifacts': [
{
'type': 'CODEPIPELINE'|'S3'|'NO_ARTIFACTS',
'location': 'string',
'identifier': 'string'
},
]
},
]
},
],
'debugSessionEnabled': True|False
}
}
Response Structure
(dict) --
buildBatch (dict) --
A BuildBatch object that contains information about the batch build.
id (string) --
The identifier of the batch build.
arn (string) --
The ARN of the batch build.
startTime (datetime) --
The date and time that the batch build started.
endTime (datetime) --
The date and time that the batch build ended.
currentPhase (string) --
The current phase of the batch build.
buildBatchStatus (string) --
The status of the batch build.
sourceVersion (string) --
The identifier of the version of the source code to be built.
resolvedSourceVersion (string) --
The identifier of the resolved version of this batch build's source code.
projectName (string) --
The name of the batch build project.
phases (list) --
An array of BuildBatchPhase objects the specify the phases of the batch build.
(dict) --
Contains information about a stage for a batch build.
phaseType (string) --
The name of the batch build phase. Valid values include:
COMBINE_ARTIFACTS
Build output artifacts are being combined and uploaded to the output location.
DOWNLOAD_BATCHSPEC
The batch build specification is being downloaded.
FAILED
One or more of the builds failed.
IN_PROGRESS
The batch build is in progress.
STOPPED
The batch build was stopped.
SUBMITTED
The btach build has been submitted.
SUCCEEDED
The batch build succeeded.
phaseStatus (string) --
The current status of the batch build phase. Valid values include:
FAILED
The build phase failed.
FAULT
The build phase faulted.
IN_PROGRESS
The build phase is still in progress.
STOPPED
The build phase stopped.
SUCCEEDED
The build phase succeeded.
TIMED_OUT
The build phase timed out.
startTime (datetime) --
When the batch build phase started, expressed in Unix time format.
endTime (datetime) --
When the batch build phase ended, expressed in Unix time format.
durationInSeconds (integer) --
How long, in seconds, between the starting and ending times of the batch build's phase.
contexts (list) --
Additional information about the batch build phase. Especially to help troubleshoot a failed batch build.
(dict) --
Additional information about a build phase that has an error. You can use this information for troubleshooting.
statusCode (string) --
The status code for the context of the build phase.
message (string) --
An explanation of the build phase's context. This might include a command ID and an exit code.
source (dict) --
Information about the build input source code for the build project.
type (string) --
The type of repository that contains the source code to be built. Valid values include:
location (string) --
Information about the location of the source code to be built. Valid values include:
If you specify CODEPIPELINE for the Type property, don't specify this property. For all of the other types, you must specify Location .
gitCloneDepth (integer) --
Information about the Git clone depth for the build project.
gitSubmodulesConfig (dict) --
Information about the Git submodules configuration for the build project.
fetchSubmodules (boolean) --
Set to true to fetch Git submodules for your CodeBuild build project.
buildspec (string) --
The buildspec file declaration to use for the builds in this build project.
If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in CODEBUILD_SRC_DIR environment variable, or the path to an S3 bucket. The bucket must be in the same Amazon Web Services Region as the build project. Specify the buildspec file using its ARN (for example, arn:aws:s3:::my-codebuild-sample2/buildspec.yml ). If this value is not provided or is set to an empty string, the source code must contain a buildspec file in its root directory. For more information, see Buildspec File Name and Storage Location .
auth (dict) --
Information about the authorization settings for CodeBuild to access the source code to be built.
This information is for the CodeBuild console's use only. Your code should not get or set this information directly.
type (string) --
Note
This data type is deprecated and is no longer accurate or used.
The authorization type to use. The only valid value is OAUTH , which represents the OAuth authorization type.
resource (string) --
The resource value that applies to the specified authorization type.
reportBuildStatus (boolean) --
Set to true to report the status of a build's start and finish to your source provider. This option is valid only when your source provider is GitHub, GitHub Enterprise, or Bitbucket. If this is set and you use a different source provider, an invalidInputException is thrown.
To be able to report the build status to the source provider, the user associated with the source provider must have write access to the repo. If the user does not have write access, the build status cannot be updated. For more information, see Source provider access in the CodeBuild User Guide .
The status of a build triggered by a webhook is always reported to your source provider.
If your project's builds are triggered by a webhook, you must push a new commit to the repo for a change to this property to take effect.
buildStatusConfig (dict) --
Contains information that defines how the build project reports the build status to the source provider. This option is only used when the source provider is GITHUB , GITHUB_ENTERPRISE , or BITBUCKET .
context (string) --
Specifies the context of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the name parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the context parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
targetUrl (string) --
Specifies the target url of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the url parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the target_url parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
insecureSsl (boolean) --
Enable this flag to ignore SSL warnings while connecting to the project source code.
sourceIdentifier (string) --
An identifier for this project source. The identifier can only contain alphanumeric characters and underscores, and must be less than 128 characters in length.
secondarySources (list) --
An array of ProjectSource objects that define the sources for the batch build.
(dict) --
Information about the build input source code for the build project.
type (string) --
The type of repository that contains the source code to be built. Valid values include:
location (string) --
Information about the location of the source code to be built. Valid values include:
If you specify CODEPIPELINE for the Type property, don't specify this property. For all of the other types, you must specify Location .
gitCloneDepth (integer) --
Information about the Git clone depth for the build project.
gitSubmodulesConfig (dict) --
Information about the Git submodules configuration for the build project.
fetchSubmodules (boolean) --
Set to true to fetch Git submodules for your CodeBuild build project.
buildspec (string) --
The buildspec file declaration to use for the builds in this build project.
If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in CODEBUILD_SRC_DIR environment variable, or the path to an S3 bucket. The bucket must be in the same Amazon Web Services Region as the build project. Specify the buildspec file using its ARN (for example, arn:aws:s3:::my-codebuild-sample2/buildspec.yml ). If this value is not provided or is set to an empty string, the source code must contain a buildspec file in its root directory. For more information, see Buildspec File Name and Storage Location .
auth (dict) --
Information about the authorization settings for CodeBuild to access the source code to be built.
This information is for the CodeBuild console's use only. Your code should not get or set this information directly.
type (string) --
Note
This data type is deprecated and is no longer accurate or used.
The authorization type to use. The only valid value is OAUTH , which represents the OAuth authorization type.
resource (string) --
The resource value that applies to the specified authorization type.
reportBuildStatus (boolean) --
Set to true to report the status of a build's start and finish to your source provider. This option is valid only when your source provider is GitHub, GitHub Enterprise, or Bitbucket. If this is set and you use a different source provider, an invalidInputException is thrown.
To be able to report the build status to the source provider, the user associated with the source provider must have write access to the repo. If the user does not have write access, the build status cannot be updated. For more information, see Source provider access in the CodeBuild User Guide .
The status of a build triggered by a webhook is always reported to your source provider.
If your project's builds are triggered by a webhook, you must push a new commit to the repo for a change to this property to take effect.
buildStatusConfig (dict) --
Contains information that defines how the build project reports the build status to the source provider. This option is only used when the source provider is GITHUB , GITHUB_ENTERPRISE , or BITBUCKET .
context (string) --
Specifies the context of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the name parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the context parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
targetUrl (string) --
Specifies the target url of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the url parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the target_url parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
insecureSsl (boolean) --
Enable this flag to ignore SSL warnings while connecting to the project source code.
sourceIdentifier (string) --
An identifier for this project source. The identifier can only contain alphanumeric characters and underscores, and must be less than 128 characters in length.
secondarySourceVersions (list) --
An array of ProjectSourceVersion objects. Each ProjectSourceVersion must be one of:
(dict) --
A source identifier and its corresponding version.
sourceIdentifier (string) --
An identifier for a source in the build project. The identifier can only contain alphanumeric characters and underscores, and must be less than 128 characters in length.
sourceVersion (string) --
The source version for the corresponding source identifier. If specified, must be one of:
For more information, see Source Version Sample with CodeBuild in the CodeBuild User Guide .
artifacts (dict) --
A BuildArtifacts object the defines the build artifacts for this batch build.
location (string) --
Information about the location of the build artifacts.
sha256sum (string) --
The SHA-256 hash of the build artifact.
You can use this hash along with a checksum tool to confirm file integrity and authenticity.
Note
This value is available only if the build project's packaging value is set to ZIP .
md5sum (string) --
The MD5 hash of the build artifact.
You can use this hash along with a checksum tool to confirm file integrity and authenticity.
Note
This value is available only if the build project's packaging value is set to ZIP .
overrideArtifactName (boolean) --
If this flag is set, a name specified in the buildspec file overrides the artifact name. The name specified in a buildspec file is calculated at build time and uses the Shell Command Language. For example, you can append a date and time to your artifact name so that it is always unique.
encryptionDisabled (boolean) --
Information that tells you if encryption for build artifacts is disabled.
artifactIdentifier (string) --
An identifier for this artifact definition.
bucketOwnerAccess (string) --
Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects.
Note
To use this property, your CodeBuild service role must have the s3:PutBucketAcl permission. This permission allows CodeBuild to modify the access control list for the bucket.
This property can be one of the following values:
NONE
The bucket owner does not have access to the objects. This is the default.
READ_ONLY
The bucket owner has read-only access to the objects. The uploading account retains ownership of the objects.
FULL
The bucket owner has full access to the objects. Object ownership is determined by the following criteria:
For more information about Amazon S3 object ownership, see Controlling ownership of uploaded objects using S3 Object Ownership in the Amazon Simple Storage Service User Guide .
secondaryArtifacts (list) --
An array of BuildArtifacts objects the define the build artifacts for this batch build.
(dict) --
Information about build output artifacts.
location (string) --
Information about the location of the build artifacts.
sha256sum (string) --
The SHA-256 hash of the build artifact.
You can use this hash along with a checksum tool to confirm file integrity and authenticity.
Note
This value is available only if the build project's packaging value is set to ZIP .
md5sum (string) --
The MD5 hash of the build artifact.
You can use this hash along with a checksum tool to confirm file integrity and authenticity.
Note
This value is available only if the build project's packaging value is set to ZIP .
overrideArtifactName (boolean) --
If this flag is set, a name specified in the buildspec file overrides the artifact name. The name specified in a buildspec file is calculated at build time and uses the Shell Command Language. For example, you can append a date and time to your artifact name so that it is always unique.
encryptionDisabled (boolean) --
Information that tells you if encryption for build artifacts is disabled.
artifactIdentifier (string) --
An identifier for this artifact definition.
bucketOwnerAccess (string) --
Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects.
Note
To use this property, your CodeBuild service role must have the s3:PutBucketAcl permission. This permission allows CodeBuild to modify the access control list for the bucket.
This property can be one of the following values:
NONE
The bucket owner does not have access to the objects. This is the default.
READ_ONLY
The bucket owner has read-only access to the objects. The uploading account retains ownership of the objects.
FULL
The bucket owner has full access to the objects. Object ownership is determined by the following criteria:
For more information about Amazon S3 object ownership, see Controlling ownership of uploaded objects using S3 Object Ownership in the Amazon Simple Storage Service User Guide .
cache (dict) --
Information about the cache for the build project.
type (string) --
The type of cache used by the build project. Valid values include:
location (string) --
Information about the cache location:
modes (list) --
An array of strings that specify the local cache modes. You can use one or more local cache modes at the same time. This is only used for LOCAL cache types.
Possible values are:
LOCAL_SOURCE_CACHE
Caches Git metadata for primary and secondary sources. After the cache is created, subsequent builds pull only the change between commits. This mode is a good choice for projects with a clean working directory and a source that is a large Git repository. If you choose this option and your project does not use a Git repository (GitHub, GitHub Enterprise, or Bitbucket), the option is ignored.
LOCAL_DOCKER_LAYER_CACHE
Caches existing Docker layers. This mode is a good choice for projects that build or pull large Docker images. It can prevent the performance issues caused by pulling large Docker images down from the network.
Note
LOCAL_CUSTOM_CACHE
Caches directories you specify in the buildspec file. This mode is a good choice if your build scenario is not suited to one of the other three local cache modes. If you use a custom cache:
environment (dict) --
Information about the build environment of the build project.
type (string) --
The type of build environment to use for related builds.
For more information, see Build environment compute types in the CodeBuild user guide .
image (string) --
The image tag or image digest that identifies the Docker image to use for this build project. Use the following formats:
For more information, see Docker images provided by CodeBuild in the CodeBuild user guide .
computeType (string) --
Information about the compute resources the build project uses. Available values include:
If you use BUILD_GENERAL1_LARGE :
For more information, see Build Environment Compute Types in the CodeBuild User Guide.
environmentVariables (list) --
A set of environment variables to make available to builds for this build project.
(dict) --
Information about an environment variable for a build project or a build.
name (string) --
The name or key of the environment variable.
value (string) --
The value of the environment variable.
Warning
We strongly discourage the use of PLAINTEXT environment variables to store sensitive values, especially Amazon Web Services secret key IDs and secret access keys. PLAINTEXT environment variables can be displayed in plain text using the CodeBuild console and the CLI. For sensitive values, we recommend you use an environment variable of type PARAMETER_STORE or SECRETS_MANAGER .
type (string) --
The type of environment variable. Valid values include:
privilegedMode (boolean) --
Enables running the Docker daemon inside a Docker container. Set to true only if the build project is used to build Docker images. Otherwise, a build that attempts to interact with the Docker daemon fails. The default setting is false .
You can initialize the Docker daemon during the install phase of your build by adding one of the following sets of commands to the install phase of your buildspec file:
If the operating system's base image is Ubuntu Linux:
- nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 --storage-driver=overlay&
- timeout 15 sh -c "until docker info; do echo .; sleep 1; done"
If the operating system's base image is Alpine Linux and the previous command does not work, add the -t argument to timeout :
- nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 --storage-driver=overlay&
- timeout -t 15 sh -c "until docker info; do echo .; sleep 1; done"
certificate (string) --
The ARN of the Amazon S3 bucket, path prefix, and object key that contains the PEM-encoded certificate for the build project. For more information, see certificate in the CodeBuild User Guide .
registryCredential (dict) --
The credentials for access to a private registry.
credential (string) --
The Amazon Resource Name (ARN) or name of credentials created using Secrets Manager.
Note
The credential can use the name of the credentials only if they exist in your current Amazon Web Services Region.
credentialProvider (string) --
The service that created the credentials to access a private Docker registry. The valid value, SECRETS_MANAGER, is for Secrets Manager.
imagePullCredentialsType (string) --
The type of credentials CodeBuild uses to pull images in your build. There are two valid values:
When you use a cross-account or private registry image, you must use SERVICE_ROLE credentials. When you use an CodeBuild curated image, you must use CODEBUILD credentials.
serviceRole (string) --
The name of a service role used for builds in the batch.
logConfig (dict) --
Information about logs for a build project. These can be logs in CloudWatch Logs, built in a specified S3 bucket, or both.
cloudWatchLogs (dict) --
Information about CloudWatch Logs for a build project. CloudWatch Logs are enabled by default.
status (string) --
The current status of the logs in CloudWatch Logs for a build project. Valid values are:
groupName (string) --
The group name of the logs in CloudWatch Logs. For more information, see Working with Log Groups and Log Streams .
streamName (string) --
The prefix of the stream name of the CloudWatch Logs. For more information, see Working with Log Groups and Log Streams .
s3Logs (dict) --
Information about logs built to an S3 bucket for a build project. S3 logs are not enabled by default.
status (string) --
The current status of the S3 build logs. Valid values are:
location (string) --
The ARN of an S3 bucket and the path prefix for S3 logs. If your Amazon S3 bucket name is my-bucket , and your path prefix is build-log , then acceptable formats are my-bucket/build-log or arn:aws:s3:::my-bucket/build-log .
encryptionDisabled (boolean) --
Set to true if you do not want your S3 build log output encrypted. By default S3 build logs are encrypted.
bucketOwnerAccess (string) --
Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects.
Note
To use this property, your CodeBuild service role must have the s3:PutBucketAcl permission. This permission allows CodeBuild to modify the access control list for the bucket.
This property can be one of the following values:
NONE
The bucket owner does not have access to the objects. This is the default.
READ_ONLY
The bucket owner has read-only access to the objects. The uploading account retains ownership of the objects.
FULL
The bucket owner has full access to the objects. Object ownership is determined by the following criteria:
For more information about Amazon S3 object ownership, see Controlling ownership of uploaded objects using S3 Object Ownership in the Amazon Simple Storage Service User Guide .
buildTimeoutInMinutes (integer) --
Specifies the maximum amount of time, in minutes, that the build in a batch must be completed in.
queuedTimeoutInMinutes (integer) --
Specifies the amount of time, in minutes, that the batch build is allowed to be queued before it times out.
complete (boolean) --
Indicates if the batch build is complete.
initiator (string) --
The entity that started the batch build. Valid values include:
vpcConfig (dict) --
Information about the VPC configuration that CodeBuild accesses.
vpcId (string) --
The ID of the Amazon VPC.
subnets (list) --
A list of one or more subnet IDs in your Amazon VPC.
securityGroupIds (list) --
A list of one or more security groups IDs in your Amazon VPC.
encryptionKey (string) --
The Key Management Service customer master key (CMK) to be used for encrypting the batch build output artifacts.
Note
You can use a cross-account KMS key to encrypt the build output artifacts if your service role has permission to that key.
You can specify either the Amazon Resource Name (ARN) of the CMK or, if available, the CMK's alias (using the format alias/<alias-name> ).
buildBatchNumber (integer) --
The number of the batch build. For each project, the buildBatchNumber of its first batch build is 1 . The buildBatchNumber of each subsequent batch build is incremented by 1 . If a batch build is deleted, the buildBatchNumber of other batch builds does not change.
fileSystemLocations (list) --
An array of ProjectFileSystemLocation objects for the batch build project. A ProjectFileSystemLocation object specifies the identifier , location , mountOptions , mountPoint , and type of a file system created using Amazon Elastic File System.
(dict) --
Information about a file system created by Amazon Elastic File System (EFS). For more information, see What Is Amazon Elastic File System?
type (string) --
The type of the file system. The one supported type is EFS .
location (string) --
A string that specifies the location of the file system created by Amazon EFS. Its format is efs-dns-name:/directory-path . You can find the DNS name of file system when you view it in the Amazon EFS console. The directory path is a path to a directory in the file system that CodeBuild mounts. For example, if the DNS name of a file system is fs-abcd1234.efs.us-west-2.amazonaws.com , and its mount directory is my-efs-mount-directory , then the location is fs-abcd1234.efs.us-west-2.amazonaws.com:/my-efs-mount-directory .
The directory path in the format efs-dns-name:/directory-path is optional. If you do not specify a directory path, the location is only the DNS name and CodeBuild mounts the entire file system.
mountPoint (string) --
The location in the container where you mount the file system.
identifier (string) --
The name used to access a file system created by Amazon EFS. CodeBuild creates an environment variable by appending the identifier in all capital letters to CODEBUILD_ . For example, if you specify my_efs for identifier , a new environment variable is create named CODEBUILD_MY_EFS .
The identifier is used to mount your file system.
mountOptions (string) --
The mount options for a file system created by Amazon EFS. The default mount options used by CodeBuild are nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 . For more information, see Recommended NFS Mount Options .
buildBatchConfig (dict) --
Contains configuration information about a batch build project.
serviceRole (string) --
Specifies the service role ARN for the batch build project.
combineArtifacts (boolean) --
Specifies if the build artifacts for the batch build should be combined into a single artifact location.
restrictions (dict) --
A BatchRestrictions object that specifies the restrictions for the batch build.
maximumBuildsAllowed (integer) --
Specifies the maximum number of builds allowed.
computeTypesAllowed (list) --
An array of strings that specify the compute types that are allowed for the batch build. See Build environment compute types in the CodeBuild User Guide for these values.
timeoutInMins (integer) --
Specifies the maximum amount of time, in minutes, that the batch build must be completed in.
batchReportMode (string) --
Specifies how build status reports are sent to the source provider for the batch build. This property is only used when the source provider for your project is Bitbucket, GitHub, or GitHub Enterprise, and your project is configured to report build statuses to the source provider.
REPORT_AGGREGATED_BATCH
(Default) Aggregate all of the build statuses into a single status report.
REPORT_INDIVIDUAL_BUILDS
Send a separate status report for each individual build.
buildGroups (list) --
An array of BuildGroup objects that define the build groups for the batch build.
(dict) --
Contains information about a batch build build group. Build groups are used to combine builds that can run in parallel, while still being able to set dependencies on other build groups.
identifier (string) --
Contains the identifier of the build group.
dependsOn (list) --
An array of strings that contain the identifiers of the build groups that this build group depends on.
ignoreFailure (boolean) --
Specifies if failures in this build group can be ignored.
currentBuildSummary (dict) --
A BuildSummary object that contains a summary of the current build group.
arn (string) --
The batch build ARN.
requestedOn (datetime) --
When the build was started, expressed in Unix time format.
buildStatus (string) --
The status of the build group.
FAILED
The build group failed.
FAULT
The build group faulted.
IN_PROGRESS
The build group is still in progress.
STOPPED
The build group stopped.
SUCCEEDED
The build group succeeded.
TIMED_OUT
The build group timed out.
primaryArtifact (dict) --
A ResolvedArtifact object that represents the primary build artifacts for the build group.
type (string) --
Specifies the type of artifact.
location (string) --
The location of the artifact.
identifier (string) --
The identifier of the artifact.
secondaryArtifacts (list) --
An array of ResolvedArtifact objects that represents the secondary build artifacts for the build group.
(dict) --
Represents a resolved build artifact. A resolved artifact is an artifact that is built and deployed to the destination, such as Amazon S3.
type (string) --
Specifies the type of artifact.
location (string) --
The location of the artifact.
identifier (string) --
The identifier of the artifact.
priorBuildSummaryList (list) --
An array of BuildSummary objects that contain summaries of previous build groups.
(dict) --
Contains summary information about a batch build group.
arn (string) --
The batch build ARN.
requestedOn (datetime) --
When the build was started, expressed in Unix time format.
buildStatus (string) --
The status of the build group.
FAILED
The build group failed.
FAULT
The build group faulted.
IN_PROGRESS
The build group is still in progress.
STOPPED
The build group stopped.
SUCCEEDED
The build group succeeded.
TIMED_OUT
The build group timed out.
primaryArtifact (dict) --
A ResolvedArtifact object that represents the primary build artifacts for the build group.
type (string) --
Specifies the type of artifact.
location (string) --
The location of the artifact.
identifier (string) --
The identifier of the artifact.
secondaryArtifacts (list) --
An array of ResolvedArtifact objects that represents the secondary build artifacts for the build group.
(dict) --
Represents a resolved build artifact. A resolved artifact is an artifact that is built and deployed to the destination, such as Amazon S3.
type (string) --
Specifies the type of artifact.
location (string) --
The location of the artifact.
identifier (string) --
The identifier of the artifact.
debugSessionEnabled (boolean) --
Specifies if session debugging is enabled for this batch build. For more information, see Viewing a running build in Session Manager . Batch session debugging is not supported for matrix batch builds.
Exceptions
Attempts to stop running a build.
See also: AWS API Documentation
Request Syntax
response = client.stop_build(
id='string'
)
[REQUIRED]
The ID of the build.
{
'build': {
'id': 'string',
'arn': 'string',
'buildNumber': 123,
'startTime': datetime(2015, 1, 1),
'endTime': datetime(2015, 1, 1),
'currentPhase': 'string',
'buildStatus': 'SUCCEEDED'|'FAILED'|'FAULT'|'TIMED_OUT'|'IN_PROGRESS'|'STOPPED',
'sourceVersion': 'string',
'resolvedSourceVersion': 'string',
'projectName': 'string',
'phases': [
{
'phaseType': 'SUBMITTED'|'QUEUED'|'PROVISIONING'|'DOWNLOAD_SOURCE'|'INSTALL'|'PRE_BUILD'|'BUILD'|'POST_BUILD'|'UPLOAD_ARTIFACTS'|'FINALIZING'|'COMPLETED',
'phaseStatus': 'SUCCEEDED'|'FAILED'|'FAULT'|'TIMED_OUT'|'IN_PROGRESS'|'STOPPED',
'startTime': datetime(2015, 1, 1),
'endTime': datetime(2015, 1, 1),
'durationInSeconds': 123,
'contexts': [
{
'statusCode': 'string',
'message': 'string'
},
]
},
],
'source': {
'type': 'CODECOMMIT'|'CODEPIPELINE'|'GITHUB'|'S3'|'BITBUCKET'|'GITHUB_ENTERPRISE'|'NO_SOURCE',
'location': 'string',
'gitCloneDepth': 123,
'gitSubmodulesConfig': {
'fetchSubmodules': True|False
},
'buildspec': 'string',
'auth': {
'type': 'OAUTH',
'resource': 'string'
},
'reportBuildStatus': True|False,
'buildStatusConfig': {
'context': 'string',
'targetUrl': 'string'
},
'insecureSsl': True|False,
'sourceIdentifier': 'string'
},
'secondarySources': [
{
'type': 'CODECOMMIT'|'CODEPIPELINE'|'GITHUB'|'S3'|'BITBUCKET'|'GITHUB_ENTERPRISE'|'NO_SOURCE',
'location': 'string',
'gitCloneDepth': 123,
'gitSubmodulesConfig': {
'fetchSubmodules': True|False
},
'buildspec': 'string',
'auth': {
'type': 'OAUTH',
'resource': 'string'
},
'reportBuildStatus': True|False,
'buildStatusConfig': {
'context': 'string',
'targetUrl': 'string'
},
'insecureSsl': True|False,
'sourceIdentifier': 'string'
},
],
'secondarySourceVersions': [
{
'sourceIdentifier': 'string',
'sourceVersion': 'string'
},
],
'artifacts': {
'location': 'string',
'sha256sum': 'string',
'md5sum': 'string',
'overrideArtifactName': True|False,
'encryptionDisabled': True|False,
'artifactIdentifier': 'string',
'bucketOwnerAccess': 'NONE'|'READ_ONLY'|'FULL'
},
'secondaryArtifacts': [
{
'location': 'string',
'sha256sum': 'string',
'md5sum': 'string',
'overrideArtifactName': True|False,
'encryptionDisabled': True|False,
'artifactIdentifier': 'string',
'bucketOwnerAccess': 'NONE'|'READ_ONLY'|'FULL'
},
],
'cache': {
'type': 'NO_CACHE'|'S3'|'LOCAL',
'location': 'string',
'modes': [
'LOCAL_DOCKER_LAYER_CACHE'|'LOCAL_SOURCE_CACHE'|'LOCAL_CUSTOM_CACHE',
]
},
'environment': {
'type': 'WINDOWS_CONTAINER'|'LINUX_CONTAINER'|'LINUX_GPU_CONTAINER'|'ARM_CONTAINER'|'WINDOWS_SERVER_2019_CONTAINER',
'image': 'string',
'computeType': 'BUILD_GENERAL1_SMALL'|'BUILD_GENERAL1_MEDIUM'|'BUILD_GENERAL1_LARGE'|'BUILD_GENERAL1_2XLARGE',
'environmentVariables': [
{
'name': 'string',
'value': 'string',
'type': 'PLAINTEXT'|'PARAMETER_STORE'|'SECRETS_MANAGER'
},
],
'privilegedMode': True|False,
'certificate': 'string',
'registryCredential': {
'credential': 'string',
'credentialProvider': 'SECRETS_MANAGER'
},
'imagePullCredentialsType': 'CODEBUILD'|'SERVICE_ROLE'
},
'serviceRole': 'string',
'logs': {
'groupName': 'string',
'streamName': 'string',
'deepLink': 'string',
's3DeepLink': 'string',
'cloudWatchLogsArn': 'string',
's3LogsArn': 'string',
'cloudWatchLogs': {
'status': 'ENABLED'|'DISABLED',
'groupName': 'string',
'streamName': 'string'
},
's3Logs': {
'status': 'ENABLED'|'DISABLED',
'location': 'string',
'encryptionDisabled': True|False,
'bucketOwnerAccess': 'NONE'|'READ_ONLY'|'FULL'
}
},
'timeoutInMinutes': 123,
'queuedTimeoutInMinutes': 123,
'buildComplete': True|False,
'initiator': 'string',
'vpcConfig': {
'vpcId': 'string',
'subnets': [
'string',
],
'securityGroupIds': [
'string',
]
},
'networkInterface': {
'subnetId': 'string',
'networkInterfaceId': 'string'
},
'encryptionKey': 'string',
'exportedEnvironmentVariables': [
{
'name': 'string',
'value': 'string'
},
],
'reportArns': [
'string',
],
'fileSystemLocations': [
{
'type': 'EFS',
'location': 'string',
'mountPoint': 'string',
'identifier': 'string',
'mountOptions': 'string'
},
],
'debugSession': {
'sessionEnabled': True|False,
'sessionTarget': 'string'
},
'buildBatchArn': 'string'
}
}
Response Structure
Information about the build.
The unique ID for the build.
The Amazon Resource Name (ARN) of the build.
The number of the build. For each project, the buildNumber of its first build is 1 . The buildNumber of each subsequent build is incremented by 1 . If a build is deleted, the buildNumber of other builds does not change.
When the build process started, expressed in Unix time format.
When the build process ended, expressed in Unix time format.
The current build phase.
The current status of the build. Valid values include:
Any version identifier for the version of the source code to be built. If sourceVersion is specified at the project level, then this sourceVersion (at the build level) takes precedence.
For more information, see Source Version Sample with CodeBuild in the CodeBuild User Guide .
An identifier for the version of this build's source code.
The name of the CodeBuild project.
Information about all previous build phases that are complete and information about any current build phase that is not yet complete.
Information about a stage for a build.
The name of the build phase. Valid values include:
BUILD
Core build activities typically occur in this build phase.
COMPLETED
The build has been completed.
DOWNLOAD_SOURCE
Source code is being downloaded in this build phase.
FINALIZING
The build process is completing in this build phase.
INSTALL
Installation activities typically occur in this build phase.
POST_BUILD
Post-build activities typically occur in this build phase.
PRE_BUILD
Pre-build activities typically occur in this build phase.
PROVISIONING
The build environment is being set up.
QUEUED
The build has been submitted and is queued behind other submitted builds.
SUBMITTED
The build has been submitted.
UPLOAD_ARTIFACTS
Build output artifacts are being uploaded to the output location.
The current status of the build phase. Valid values include:
FAILED
The build phase failed.
FAULT
The build phase faulted.
IN_PROGRESS
The build phase is still in progress.
STOPPED
The build phase stopped.
SUCCEEDED
The build phase succeeded.
TIMED_OUT
The build phase timed out.
When the build phase started, expressed in Unix time format.
When the build phase ended, expressed in Unix time format.
How long, in seconds, between the starting and ending times of the build's phase.
Additional information about a build phase, especially to help troubleshoot a failed build.
Additional information about a build phase that has an error. You can use this information for troubleshooting.
The status code for the context of the build phase.
An explanation of the build phase's context. This might include a command ID and an exit code.
Information about the source code to be built.
The type of repository that contains the source code to be built. Valid values include:
Information about the location of the source code to be built. Valid values include:
If you specify CODEPIPELINE for the Type property, don't specify this property. For all of the other types, you must specify Location .
Information about the Git clone depth for the build project.
Information about the Git submodules configuration for the build project.
Set to true to fetch Git submodules for your CodeBuild build project.
The buildspec file declaration to use for the builds in this build project.
If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in CODEBUILD_SRC_DIR environment variable, or the path to an S3 bucket. The bucket must be in the same Amazon Web Services Region as the build project. Specify the buildspec file using its ARN (for example, arn:aws:s3:::my-codebuild-sample2/buildspec.yml ). If this value is not provided or is set to an empty string, the source code must contain a buildspec file in its root directory. For more information, see Buildspec File Name and Storage Location .
Information about the authorization settings for CodeBuild to access the source code to be built.
This information is for the CodeBuild console's use only. Your code should not get or set this information directly.
Note
This data type is deprecated and is no longer accurate or used.
The authorization type to use. The only valid value is OAUTH , which represents the OAuth authorization type.
The resource value that applies to the specified authorization type.
Set to true to report the status of a build's start and finish to your source provider. This option is valid only when your source provider is GitHub, GitHub Enterprise, or Bitbucket. If this is set and you use a different source provider, an invalidInputException is thrown.
To be able to report the build status to the source provider, the user associated with the source provider must have write access to the repo. If the user does not have write access, the build status cannot be updated. For more information, see Source provider access in the CodeBuild User Guide .
The status of a build triggered by a webhook is always reported to your source provider.
If your project's builds are triggered by a webhook, you must push a new commit to the repo for a change to this property to take effect.
Contains information that defines how the build project reports the build status to the source provider. This option is only used when the source provider is GITHUB , GITHUB_ENTERPRISE , or BITBUCKET .
Specifies the context of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the name parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the context parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
Specifies the target url of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the url parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the target_url parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
Enable this flag to ignore SSL warnings while connecting to the project source code.
An identifier for this project source. The identifier can only contain alphanumeric characters and underscores, and must be less than 128 characters in length.
An array of ProjectSource objects.
Information about the build input source code for the build project.
The type of repository that contains the source code to be built. Valid values include:
Information about the location of the source code to be built. Valid values include:
If you specify CODEPIPELINE for the Type property, don't specify this property. For all of the other types, you must specify Location .
Information about the Git clone depth for the build project.
Information about the Git submodules configuration for the build project.
Set to true to fetch Git submodules for your CodeBuild build project.
The buildspec file declaration to use for the builds in this build project.
If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in CODEBUILD_SRC_DIR environment variable, or the path to an S3 bucket. The bucket must be in the same Amazon Web Services Region as the build project. Specify the buildspec file using its ARN (for example, arn:aws:s3:::my-codebuild-sample2/buildspec.yml ). If this value is not provided or is set to an empty string, the source code must contain a buildspec file in its root directory. For more information, see Buildspec File Name and Storage Location .
Information about the authorization settings for CodeBuild to access the source code to be built.
This information is for the CodeBuild console's use only. Your code should not get or set this information directly.
Note
This data type is deprecated and is no longer accurate or used.
The authorization type to use. The only valid value is OAUTH , which represents the OAuth authorization type.
The resource value that applies to the specified authorization type.
Set to true to report the status of a build's start and finish to your source provider. This option is valid only when your source provider is GitHub, GitHub Enterprise, or Bitbucket. If this is set and you use a different source provider, an invalidInputException is thrown.
To be able to report the build status to the source provider, the user associated with the source provider must have write access to the repo. If the user does not have write access, the build status cannot be updated. For more information, see Source provider access in the CodeBuild User Guide .
The status of a build triggered by a webhook is always reported to your source provider.
If your project's builds are triggered by a webhook, you must push a new commit to the repo for a change to this property to take effect.
Contains information that defines how the build project reports the build status to the source provider. This option is only used when the source provider is GITHUB , GITHUB_ENTERPRISE , or BITBUCKET .
Specifies the context of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the name parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the context parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
Specifies the target url of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the url parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the target_url parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
Enable this flag to ignore SSL warnings while connecting to the project source code.
An identifier for this project source. The identifier can only contain alphanumeric characters and underscores, and must be less than 128 characters in length.
An array of ProjectSourceVersion objects. Each ProjectSourceVersion must be one of:
A source identifier and its corresponding version.
An identifier for a source in the build project. The identifier can only contain alphanumeric characters and underscores, and must be less than 128 characters in length.
The source version for the corresponding source identifier. If specified, must be one of:
For more information, see Source Version Sample with CodeBuild in the CodeBuild User Guide .
Information about the output artifacts for the build.
Information about the location of the build artifacts.
The SHA-256 hash of the build artifact.
You can use this hash along with a checksum tool to confirm file integrity and authenticity.
Note
This value is available only if the build project's packaging value is set to ZIP .
The MD5 hash of the build artifact.
You can use this hash along with a checksum tool to confirm file integrity and authenticity.
Note
This value is available only if the build project's packaging value is set to ZIP .
If this flag is set, a name specified in the buildspec file overrides the artifact name. The name specified in a buildspec file is calculated at build time and uses the Shell Command Language. For example, you can append a date and time to your artifact name so that it is always unique.
Information that tells you if encryption for build artifacts is disabled.
An identifier for this artifact definition.
Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects.
Note
To use this property, your CodeBuild service role must have the s3:PutBucketAcl permission. This permission allows CodeBuild to modify the access control list for the bucket.
This property can be one of the following values:
NONE
The bucket owner does not have access to the objects. This is the default.
READ_ONLY
The bucket owner has read-only access to the objects. The uploading account retains ownership of the objects.
FULL
The bucket owner has full access to the objects. Object ownership is determined by the following criteria:
For more information about Amazon S3 object ownership, see Controlling ownership of uploaded objects using S3 Object Ownership in the Amazon Simple Storage Service User Guide .
An array of ProjectArtifacts objects.
Information about build output artifacts.
Information about the location of the build artifacts.
The SHA-256 hash of the build artifact.
You can use this hash along with a checksum tool to confirm file integrity and authenticity.
Note
This value is available only if the build project's packaging value is set to ZIP .
The MD5 hash of the build artifact.
You can use this hash along with a checksum tool to confirm file integrity and authenticity.
Note
This value is available only if the build project's packaging value is set to ZIP .
If this flag is set, a name specified in the buildspec file overrides the artifact name. The name specified in a buildspec file is calculated at build time and uses the Shell Command Language. For example, you can append a date and time to your artifact name so that it is always unique.
Information that tells you if encryption for build artifacts is disabled.
An identifier for this artifact definition.
Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects.
Note
To use this property, your CodeBuild service role must have the s3:PutBucketAcl permission. This permission allows CodeBuild to modify the access control list for the bucket.
This property can be one of the following values:
NONE
The bucket owner does not have access to the objects. This is the default.
READ_ONLY
The bucket owner has read-only access to the objects. The uploading account retains ownership of the objects.
FULL
The bucket owner has full access to the objects. Object ownership is determined by the following criteria:
For more information about Amazon S3 object ownership, see Controlling ownership of uploaded objects using S3 Object Ownership in the Amazon Simple Storage Service User Guide .
Information about the cache for the build.
The type of cache used by the build project. Valid values include:
Information about the cache location:
An array of strings that specify the local cache modes. You can use one or more local cache modes at the same time. This is only used for LOCAL cache types.
Possible values are:
LOCAL_SOURCE_CACHE
Caches Git metadata for primary and secondary sources. After the cache is created, subsequent builds pull only the change between commits. This mode is a good choice for projects with a clean working directory and a source that is a large Git repository. If you choose this option and your project does not use a Git repository (GitHub, GitHub Enterprise, or Bitbucket), the option is ignored.
LOCAL_DOCKER_LAYER_CACHE
Caches existing Docker layers. This mode is a good choice for projects that build or pull large Docker images. It can prevent the performance issues caused by pulling large Docker images down from the network.
Note
LOCAL_CUSTOM_CACHE
Caches directories you specify in the buildspec file. This mode is a good choice if your build scenario is not suited to one of the other three local cache modes. If you use a custom cache:
Information about the build environment for this build.
The type of build environment to use for related builds.
For more information, see Build environment compute types in the CodeBuild user guide .
The image tag or image digest that identifies the Docker image to use for this build project. Use the following formats:
For more information, see Docker images provided by CodeBuild in the CodeBuild user guide .
Information about the compute resources the build project uses. Available values include:
If you use BUILD_GENERAL1_LARGE :
For more information, see Build Environment Compute Types in the CodeBuild User Guide.
A set of environment variables to make available to builds for this build project.
Information about an environment variable for a build project or a build.
The name or key of the environment variable.
The value of the environment variable.
Warning
We strongly discourage the use of PLAINTEXT environment variables to store sensitive values, especially Amazon Web Services secret key IDs and secret access keys. PLAINTEXT environment variables can be displayed in plain text using the CodeBuild console and the CLI. For sensitive values, we recommend you use an environment variable of type PARAMETER_STORE or SECRETS_MANAGER .
The type of environment variable. Valid values include:
Enables running the Docker daemon inside a Docker container. Set to true only if the build project is used to build Docker images. Otherwise, a build that attempts to interact with the Docker daemon fails. The default setting is false .
You can initialize the Docker daemon during the install phase of your build by adding one of the following sets of commands to the install phase of your buildspec file:
If the operating system's base image is Ubuntu Linux:
- nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 --storage-driver=overlay&- timeout 15 sh -c "until docker info; do echo .; sleep 1; done"
If the operating system's base image is Alpine Linux and the previous command does not work, add the -t argument to timeout :
- nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 --storage-driver=overlay&- timeout -t 15 sh -c "until docker info; do echo .; sleep 1; done"
The ARN of the Amazon S3 bucket, path prefix, and object key that contains the PEM-encoded certificate for the build project. For more information, see certificate in the CodeBuild User Guide .
The credentials for access to a private registry.
The Amazon Resource Name (ARN) or name of credentials created using Secrets Manager.
Note
The credential can use the name of the credentials only if they exist in your current Amazon Web Services Region.
The service that created the credentials to access a private Docker registry. The valid value, SECRETS_MANAGER, is for Secrets Manager.
The type of credentials CodeBuild uses to pull images in your build. There are two valid values:
When you use a cross-account or private registry image, you must use SERVICE_ROLE credentials. When you use an CodeBuild curated image, you must use CODEBUILD credentials.
The name of a service role used for this build.
Information about the build's logs in CloudWatch Logs.
The name of the CloudWatch Logs group for the build logs.
The name of the CloudWatch Logs stream for the build logs.
The URL to an individual build log in CloudWatch Logs.
The URL to a build log in an S3 bucket.
The ARN of CloudWatch Logs for a build project. Its format is arn:${Partition}:logs:${Region}:${Account}:log-group:${LogGroupName}:log-stream:${LogStreamName} . For more information, see Resources Defined by CloudWatch Logs .
The ARN of S3 logs for a build project. Its format is arn:${Partition}:s3:::${BucketName}/${ObjectName} . For more information, see Resources Defined by Amazon S3 .
Information about CloudWatch Logs for a build project.
The current status of the logs in CloudWatch Logs for a build project. Valid values are:
The group name of the logs in CloudWatch Logs. For more information, see Working with Log Groups and Log Streams .
The prefix of the stream name of the CloudWatch Logs. For more information, see Working with Log Groups and Log Streams .
Information about S3 logs for a build project.
The current status of the S3 build logs. Valid values are:
The ARN of an S3 bucket and the path prefix for S3 logs. If your Amazon S3 bucket name is my-bucket , and your path prefix is build-log , then acceptable formats are my-bucket/build-log or arn:aws:s3:::my-bucket/build-log .
Set to true if you do not want your S3 build log output encrypted. By default S3 build logs are encrypted.
Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects.
Note
To use this property, your CodeBuild service role must have the s3:PutBucketAcl permission. This permission allows CodeBuild to modify the access control list for the bucket.
This property can be one of the following values:
NONE
The bucket owner does not have access to the objects. This is the default.
READ_ONLY
The bucket owner has read-only access to the objects. The uploading account retains ownership of the objects.
FULL
The bucket owner has full access to the objects. Object ownership is determined by the following criteria:
For more information about Amazon S3 object ownership, see Controlling ownership of uploaded objects using S3 Object Ownership in the Amazon Simple Storage Service User Guide .
How long, in minutes, for CodeBuild to wait before timing out this build if it does not get marked as completed.
The number of minutes a build is allowed to be queued before it times out.
Whether the build is complete. True if complete; otherwise, false.
The entity that started the build. Valid values include:
If your CodeBuild project accesses resources in an Amazon VPC, you provide this parameter that identifies the VPC ID and the list of security group IDs and subnet IDs. The security groups and subnets must belong to the same VPC. You must provide at least one security group and one subnet ID.
The ID of the Amazon VPC.
A list of one or more subnet IDs in your Amazon VPC.
A list of one or more security groups IDs in your Amazon VPC.
Describes a network interface.
The ID of the subnet.
The ID of the network interface.
The Key Management Service customer master key (CMK) to be used for encrypting the build output artifacts.
Note
You can use a cross-account KMS key to encrypt the build output artifacts if your service role has permission to that key.
You can specify either the Amazon Resource Name (ARN) of the CMK or, if available, the CMK's alias (using the format alias/<alias-name> ).
A list of exported environment variables for this build.
Exported environment variables are used in conjunction with CodePipeline to export environment variables from the current build stage to subsequent stages in the pipeline. For more information, see Working with variables in the CodePipeline User Guide .
Contains information about an exported environment variable.
Exported environment variables are used in conjunction with CodePipeline to export environment variables from the current build stage to subsequent stages in the pipeline. For more information, see Working with variables in the CodePipeline User Guide .
Note
During a build, the value of a variable is available starting with the install phase. It can be updated between the start of the install phase and the end of the post_build phase. After the post_build phase ends, the value of exported variables cannot change.
The name of the exported environment variable.
The value assigned to the exported environment variable.
An array of the ARNs associated with this build's reports.
An array of ProjectFileSystemLocation objects for a CodeBuild build project. A ProjectFileSystemLocation object specifies the identifier , location , mountOptions , mountPoint , and type of a file system created using Amazon Elastic File System.
Information about a file system created by Amazon Elastic File System (EFS). For more information, see What Is Amazon Elastic File System?
The type of the file system. The one supported type is EFS .
A string that specifies the location of the file system created by Amazon EFS. Its format is efs-dns-name:/directory-path . You can find the DNS name of file system when you view it in the Amazon EFS console. The directory path is a path to a directory in the file system that CodeBuild mounts. For example, if the DNS name of a file system is fs-abcd1234.efs.us-west-2.amazonaws.com , and its mount directory is my-efs-mount-directory , then the location is fs-abcd1234.efs.us-west-2.amazonaws.com:/my-efs-mount-directory .
The directory path in the format efs-dns-name:/directory-path is optional. If you do not specify a directory path, the location is only the DNS name and CodeBuild mounts the entire file system.
The location in the container where you mount the file system.
The name used to access a file system created by Amazon EFS. CodeBuild creates an environment variable by appending the identifier in all capital letters to CODEBUILD_ . For example, if you specify my_efs for identifier , a new environment variable is create named CODEBUILD_MY_EFS .
The identifier is used to mount your file system.
The mount options for a file system created by Amazon EFS. The default mount options used by CodeBuild are nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 . For more information, see Recommended NFS Mount Options .
Contains information about the debug session for this build.
Specifies if session debugging is enabled for this build.
Contains the identifier of the Session Manager session used for the build. To work with the paused build, you open this session to examine, control, and resume the build.
The ARN of the batch build that this build is a member of, if applicable.
Exceptions
Stops a running batch build.
See also: AWS API Documentation
Request Syntax
response = client.stop_build_batch(
id='string'
)
[REQUIRED]
The identifier of the batch build to stop.
{
'buildBatch': {
'id': 'string',
'arn': 'string',
'startTime': datetime(2015, 1, 1),
'endTime': datetime(2015, 1, 1),
'currentPhase': 'string',
'buildBatchStatus': 'SUCCEEDED'|'FAILED'|'FAULT'|'TIMED_OUT'|'IN_PROGRESS'|'STOPPED',
'sourceVersion': 'string',
'resolvedSourceVersion': 'string',
'projectName': 'string',
'phases': [
{
'phaseType': 'SUBMITTED'|'DOWNLOAD_BATCHSPEC'|'IN_PROGRESS'|'COMBINE_ARTIFACTS'|'SUCCEEDED'|'FAILED'|'STOPPED',
'phaseStatus': 'SUCCEEDED'|'FAILED'|'FAULT'|'TIMED_OUT'|'IN_PROGRESS'|'STOPPED',
'startTime': datetime(2015, 1, 1),
'endTime': datetime(2015, 1, 1),
'durationInSeconds': 123,
'contexts': [
{
'statusCode': 'string',
'message': 'string'
},
]
},
],
'source': {
'type': 'CODECOMMIT'|'CODEPIPELINE'|'GITHUB'|'S3'|'BITBUCKET'|'GITHUB_ENTERPRISE'|'NO_SOURCE',
'location': 'string',
'gitCloneDepth': 123,
'gitSubmodulesConfig': {
'fetchSubmodules': True|False
},
'buildspec': 'string',
'auth': {
'type': 'OAUTH',
'resource': 'string'
},
'reportBuildStatus': True|False,
'buildStatusConfig': {
'context': 'string',
'targetUrl': 'string'
},
'insecureSsl': True|False,
'sourceIdentifier': 'string'
},
'secondarySources': [
{
'type': 'CODECOMMIT'|'CODEPIPELINE'|'GITHUB'|'S3'|'BITBUCKET'|'GITHUB_ENTERPRISE'|'NO_SOURCE',
'location': 'string',
'gitCloneDepth': 123,
'gitSubmodulesConfig': {
'fetchSubmodules': True|False
},
'buildspec': 'string',
'auth': {
'type': 'OAUTH',
'resource': 'string'
},
'reportBuildStatus': True|False,
'buildStatusConfig': {
'context': 'string',
'targetUrl': 'string'
},
'insecureSsl': True|False,
'sourceIdentifier': 'string'
},
],
'secondarySourceVersions': [
{
'sourceIdentifier': 'string',
'sourceVersion': 'string'
},
],
'artifacts': {
'location': 'string',
'sha256sum': 'string',
'md5sum': 'string',
'overrideArtifactName': True|False,
'encryptionDisabled': True|False,
'artifactIdentifier': 'string',
'bucketOwnerAccess': 'NONE'|'READ_ONLY'|'FULL'
},
'secondaryArtifacts': [
{
'location': 'string',
'sha256sum': 'string',
'md5sum': 'string',
'overrideArtifactName': True|False,
'encryptionDisabled': True|False,
'artifactIdentifier': 'string',
'bucketOwnerAccess': 'NONE'|'READ_ONLY'|'FULL'
},
],
'cache': {
'type': 'NO_CACHE'|'S3'|'LOCAL',
'location': 'string',
'modes': [
'LOCAL_DOCKER_LAYER_CACHE'|'LOCAL_SOURCE_CACHE'|'LOCAL_CUSTOM_CACHE',
]
},
'environment': {
'type': 'WINDOWS_CONTAINER'|'LINUX_CONTAINER'|'LINUX_GPU_CONTAINER'|'ARM_CONTAINER'|'WINDOWS_SERVER_2019_CONTAINER',
'image': 'string',
'computeType': 'BUILD_GENERAL1_SMALL'|'BUILD_GENERAL1_MEDIUM'|'BUILD_GENERAL1_LARGE'|'BUILD_GENERAL1_2XLARGE',
'environmentVariables': [
{
'name': 'string',
'value': 'string',
'type': 'PLAINTEXT'|'PARAMETER_STORE'|'SECRETS_MANAGER'
},
],
'privilegedMode': True|False,
'certificate': 'string',
'registryCredential': {
'credential': 'string',
'credentialProvider': 'SECRETS_MANAGER'
},
'imagePullCredentialsType': 'CODEBUILD'|'SERVICE_ROLE'
},
'serviceRole': 'string',
'logConfig': {
'cloudWatchLogs': {
'status': 'ENABLED'|'DISABLED',
'groupName': 'string',
'streamName': 'string'
},
's3Logs': {
'status': 'ENABLED'|'DISABLED',
'location': 'string',
'encryptionDisabled': True|False,
'bucketOwnerAccess': 'NONE'|'READ_ONLY'|'FULL'
}
},
'buildTimeoutInMinutes': 123,
'queuedTimeoutInMinutes': 123,
'complete': True|False,
'initiator': 'string',
'vpcConfig': {
'vpcId': 'string',
'subnets': [
'string',
],
'securityGroupIds': [
'string',
]
},
'encryptionKey': 'string',
'buildBatchNumber': 123,
'fileSystemLocations': [
{
'type': 'EFS',
'location': 'string',
'mountPoint': 'string',
'identifier': 'string',
'mountOptions': 'string'
},
],
'buildBatchConfig': {
'serviceRole': 'string',
'combineArtifacts': True|False,
'restrictions': {
'maximumBuildsAllowed': 123,
'computeTypesAllowed': [
'string',
]
},
'timeoutInMins': 123,
'batchReportMode': 'REPORT_INDIVIDUAL_BUILDS'|'REPORT_AGGREGATED_BATCH'
},
'buildGroups': [
{
'identifier': 'string',
'dependsOn': [
'string',
],
'ignoreFailure': True|False,
'currentBuildSummary': {
'arn': 'string',
'requestedOn': datetime(2015, 1, 1),
'buildStatus': 'SUCCEEDED'|'FAILED'|'FAULT'|'TIMED_OUT'|'IN_PROGRESS'|'STOPPED',
'primaryArtifact': {
'type': 'CODEPIPELINE'|'S3'|'NO_ARTIFACTS',
'location': 'string',
'identifier': 'string'
},
'secondaryArtifacts': [
{
'type': 'CODEPIPELINE'|'S3'|'NO_ARTIFACTS',
'location': 'string',
'identifier': 'string'
},
]
},
'priorBuildSummaryList': [
{
'arn': 'string',
'requestedOn': datetime(2015, 1, 1),
'buildStatus': 'SUCCEEDED'|'FAILED'|'FAULT'|'TIMED_OUT'|'IN_PROGRESS'|'STOPPED',
'primaryArtifact': {
'type': 'CODEPIPELINE'|'S3'|'NO_ARTIFACTS',
'location': 'string',
'identifier': 'string'
},
'secondaryArtifacts': [
{
'type': 'CODEPIPELINE'|'S3'|'NO_ARTIFACTS',
'location': 'string',
'identifier': 'string'
},
]
},
]
},
],
'debugSessionEnabled': True|False
}
}
Response Structure
Contains information about a batch build.
The identifier of the batch build.
The ARN of the batch build.
The date and time that the batch build started.
The date and time that the batch build ended.
The current phase of the batch build.
The status of the batch build.
The identifier of the version of the source code to be built.
The identifier of the resolved version of this batch build's source code.
The name of the batch build project.
An array of BuildBatchPhase objects the specify the phases of the batch build.
Contains information about a stage for a batch build.
The name of the batch build phase. Valid values include:
COMBINE_ARTIFACTS
Build output artifacts are being combined and uploaded to the output location.
DOWNLOAD_BATCHSPEC
The batch build specification is being downloaded.
FAILED
One or more of the builds failed.
IN_PROGRESS
The batch build is in progress.
STOPPED
The batch build was stopped.
SUBMITTED
The btach build has been submitted.
SUCCEEDED
The batch build succeeded.
The current status of the batch build phase. Valid values include:
FAILED
The build phase failed.
FAULT
The build phase faulted.
IN_PROGRESS
The build phase is still in progress.
STOPPED
The build phase stopped.
SUCCEEDED
The build phase succeeded.
TIMED_OUT
The build phase timed out.
When the batch build phase started, expressed in Unix time format.
When the batch build phase ended, expressed in Unix time format.
How long, in seconds, between the starting and ending times of the batch build's phase.
Additional information about the batch build phase. Especially to help troubleshoot a failed batch build.
Additional information about a build phase that has an error. You can use this information for troubleshooting.
The status code for the context of the build phase.
An explanation of the build phase's context. This might include a command ID and an exit code.
Information about the build input source code for the build project.
The type of repository that contains the source code to be built. Valid values include:
Information about the location of the source code to be built. Valid values include:
If you specify CODEPIPELINE for the Type property, don't specify this property. For all of the other types, you must specify Location .
Information about the Git clone depth for the build project.
Information about the Git submodules configuration for the build project.
Set to true to fetch Git submodules for your CodeBuild build project.
The buildspec file declaration to use for the builds in this build project.
If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in CODEBUILD_SRC_DIR environment variable, or the path to an S3 bucket. The bucket must be in the same Amazon Web Services Region as the build project. Specify the buildspec file using its ARN (for example, arn:aws:s3:::my-codebuild-sample2/buildspec.yml ). If this value is not provided or is set to an empty string, the source code must contain a buildspec file in its root directory. For more information, see Buildspec File Name and Storage Location .
Information about the authorization settings for CodeBuild to access the source code to be built.
This information is for the CodeBuild console's use only. Your code should not get or set this information directly.
Note
This data type is deprecated and is no longer accurate or used.
The authorization type to use. The only valid value is OAUTH , which represents the OAuth authorization type.
The resource value that applies to the specified authorization type.
Set to true to report the status of a build's start and finish to your source provider. This option is valid only when your source provider is GitHub, GitHub Enterprise, or Bitbucket. If this is set and you use a different source provider, an invalidInputException is thrown.
To be able to report the build status to the source provider, the user associated with the source provider must have write access to the repo. If the user does not have write access, the build status cannot be updated. For more information, see Source provider access in the CodeBuild User Guide .
The status of a build triggered by a webhook is always reported to your source provider.
If your project's builds are triggered by a webhook, you must push a new commit to the repo for a change to this property to take effect.
Contains information that defines how the build project reports the build status to the source provider. This option is only used when the source provider is GITHUB , GITHUB_ENTERPRISE , or BITBUCKET .
Specifies the context of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the name parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the context parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
Specifies the target url of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the url parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the target_url parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
Enable this flag to ignore SSL warnings while connecting to the project source code.
An identifier for this project source. The identifier can only contain alphanumeric characters and underscores, and must be less than 128 characters in length.
An array of ProjectSource objects that define the sources for the batch build.
Information about the build input source code for the build project.
The type of repository that contains the source code to be built. Valid values include:
Information about the location of the source code to be built. Valid values include:
If you specify CODEPIPELINE for the Type property, don't specify this property. For all of the other types, you must specify Location .
Information about the Git clone depth for the build project.
Information about the Git submodules configuration for the build project.
Set to true to fetch Git submodules for your CodeBuild build project.
The buildspec file declaration to use for the builds in this build project.
If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in CODEBUILD_SRC_DIR environment variable, or the path to an S3 bucket. The bucket must be in the same Amazon Web Services Region as the build project. Specify the buildspec file using its ARN (for example, arn:aws:s3:::my-codebuild-sample2/buildspec.yml ). If this value is not provided or is set to an empty string, the source code must contain a buildspec file in its root directory. For more information, see Buildspec File Name and Storage Location .
Information about the authorization settings for CodeBuild to access the source code to be built.
This information is for the CodeBuild console's use only. Your code should not get or set this information directly.
Note
This data type is deprecated and is no longer accurate or used.
The authorization type to use. The only valid value is OAUTH , which represents the OAuth authorization type.
The resource value that applies to the specified authorization type.
Set to true to report the status of a build's start and finish to your source provider. This option is valid only when your source provider is GitHub, GitHub Enterprise, or Bitbucket. If this is set and you use a different source provider, an invalidInputException is thrown.
To be able to report the build status to the source provider, the user associated with the source provider must have write access to the repo. If the user does not have write access, the build status cannot be updated. For more information, see Source provider access in the CodeBuild User Guide .
The status of a build triggered by a webhook is always reported to your source provider.
If your project's builds are triggered by a webhook, you must push a new commit to the repo for a change to this property to take effect.
Contains information that defines how the build project reports the build status to the source provider. This option is only used when the source provider is GITHUB , GITHUB_ENTERPRISE , or BITBUCKET .
Specifies the context of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the name parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the context parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
Specifies the target url of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the url parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the target_url parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
Enable this flag to ignore SSL warnings while connecting to the project source code.
An identifier for this project source. The identifier can only contain alphanumeric characters and underscores, and must be less than 128 characters in length.
An array of ProjectSourceVersion objects. Each ProjectSourceVersion must be one of:
A source identifier and its corresponding version.
An identifier for a source in the build project. The identifier can only contain alphanumeric characters and underscores, and must be less than 128 characters in length.
The source version for the corresponding source identifier. If specified, must be one of:
For more information, see Source Version Sample with CodeBuild in the CodeBuild User Guide .
A BuildArtifacts object the defines the build artifacts for this batch build.
Information about the location of the build artifacts.
The SHA-256 hash of the build artifact.
You can use this hash along with a checksum tool to confirm file integrity and authenticity.
Note
This value is available only if the build project's packaging value is set to ZIP .
The MD5 hash of the build artifact.
You can use this hash along with a checksum tool to confirm file integrity and authenticity.
Note
This value is available only if the build project's packaging value is set to ZIP .
If this flag is set, a name specified in the buildspec file overrides the artifact name. The name specified in a buildspec file is calculated at build time and uses the Shell Command Language. For example, you can append a date and time to your artifact name so that it is always unique.
Information that tells you if encryption for build artifacts is disabled.
An identifier for this artifact definition.
Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects.
Note
To use this property, your CodeBuild service role must have the s3:PutBucketAcl permission. This permission allows CodeBuild to modify the access control list for the bucket.
This property can be one of the following values:
NONE
The bucket owner does not have access to the objects. This is the default.
READ_ONLY
The bucket owner has read-only access to the objects. The uploading account retains ownership of the objects.
FULL
The bucket owner has full access to the objects. Object ownership is determined by the following criteria:
For more information about Amazon S3 object ownership, see Controlling ownership of uploaded objects using S3 Object Ownership in the Amazon Simple Storage Service User Guide .
An array of BuildArtifacts objects the define the build artifacts for this batch build.
Information about build output artifacts.
Information about the location of the build artifacts.
The SHA-256 hash of the build artifact.
You can use this hash along with a checksum tool to confirm file integrity and authenticity.
Note
This value is available only if the build project's packaging value is set to ZIP .
The MD5 hash of the build artifact.
You can use this hash along with a checksum tool to confirm file integrity and authenticity.
Note
This value is available only if the build project's packaging value is set to ZIP .
If this flag is set, a name specified in the buildspec file overrides the artifact name. The name specified in a buildspec file is calculated at build time and uses the Shell Command Language. For example, you can append a date and time to your artifact name so that it is always unique.
Information that tells you if encryption for build artifacts is disabled.
An identifier for this artifact definition.
Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects.
Note
To use this property, your CodeBuild service role must have the s3:PutBucketAcl permission. This permission allows CodeBuild to modify the access control list for the bucket.
This property can be one of the following values:
NONE
The bucket owner does not have access to the objects. This is the default.
READ_ONLY
The bucket owner has read-only access to the objects. The uploading account retains ownership of the objects.
FULL
The bucket owner has full access to the objects. Object ownership is determined by the following criteria:
For more information about Amazon S3 object ownership, see Controlling ownership of uploaded objects using S3 Object Ownership in the Amazon Simple Storage Service User Guide .
Information about the cache for the build project.
The type of cache used by the build project. Valid values include:
Information about the cache location:
An array of strings that specify the local cache modes. You can use one or more local cache modes at the same time. This is only used for LOCAL cache types.
Possible values are:
LOCAL_SOURCE_CACHE
Caches Git metadata for primary and secondary sources. After the cache is created, subsequent builds pull only the change between commits. This mode is a good choice for projects with a clean working directory and a source that is a large Git repository. If you choose this option and your project does not use a Git repository (GitHub, GitHub Enterprise, or Bitbucket), the option is ignored.
LOCAL_DOCKER_LAYER_CACHE
Caches existing Docker layers. This mode is a good choice for projects that build or pull large Docker images. It can prevent the performance issues caused by pulling large Docker images down from the network.
Note
LOCAL_CUSTOM_CACHE
Caches directories you specify in the buildspec file. This mode is a good choice if your build scenario is not suited to one of the other three local cache modes. If you use a custom cache:
Information about the build environment of the build project.
The type of build environment to use for related builds.
For more information, see Build environment compute types in the CodeBuild user guide .
The image tag or image digest that identifies the Docker image to use for this build project. Use the following formats:
For more information, see Docker images provided by CodeBuild in the CodeBuild user guide .
Information about the compute resources the build project uses. Available values include:
If you use BUILD_GENERAL1_LARGE :
For more information, see Build Environment Compute Types in the CodeBuild User Guide.
A set of environment variables to make available to builds for this build project.
Information about an environment variable for a build project or a build.
The name or key of the environment variable.
The value of the environment variable.
Warning
We strongly discourage the use of PLAINTEXT environment variables to store sensitive values, especially Amazon Web Services secret key IDs and secret access keys. PLAINTEXT environment variables can be displayed in plain text using the CodeBuild console and the CLI. For sensitive values, we recommend you use an environment variable of type PARAMETER_STORE or SECRETS_MANAGER .
The type of environment variable. Valid values include:
Enables running the Docker daemon inside a Docker container. Set to true only if the build project is used to build Docker images. Otherwise, a build that attempts to interact with the Docker daemon fails. The default setting is false .
You can initialize the Docker daemon during the install phase of your build by adding one of the following sets of commands to the install phase of your buildspec file:
If the operating system's base image is Ubuntu Linux:
- nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 --storage-driver=overlay&- timeout 15 sh -c "until docker info; do echo .; sleep 1; done"
If the operating system's base image is Alpine Linux and the previous command does not work, add the -t argument to timeout :
- nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 --storage-driver=overlay&- timeout -t 15 sh -c "until docker info; do echo .; sleep 1; done"
The ARN of the Amazon S3 bucket, path prefix, and object key that contains the PEM-encoded certificate for the build project. For more information, see certificate in the CodeBuild User Guide .
The credentials for access to a private registry.
The Amazon Resource Name (ARN) or name of credentials created using Secrets Manager.
Note
The credential can use the name of the credentials only if they exist in your current Amazon Web Services Region.
The service that created the credentials to access a private Docker registry. The valid value, SECRETS_MANAGER, is for Secrets Manager.
The type of credentials CodeBuild uses to pull images in your build. There are two valid values:
When you use a cross-account or private registry image, you must use SERVICE_ROLE credentials. When you use an CodeBuild curated image, you must use CODEBUILD credentials.
The name of a service role used for builds in the batch.
Information about logs for a build project. These can be logs in CloudWatch Logs, built in a specified S3 bucket, or both.
Information about CloudWatch Logs for a build project. CloudWatch Logs are enabled by default.
The current status of the logs in CloudWatch Logs for a build project. Valid values are:
The group name of the logs in CloudWatch Logs. For more information, see Working with Log Groups and Log Streams .
The prefix of the stream name of the CloudWatch Logs. For more information, see Working with Log Groups and Log Streams .
Information about logs built to an S3 bucket for a build project. S3 logs are not enabled by default.
The current status of the S3 build logs. Valid values are:
The ARN of an S3 bucket and the path prefix for S3 logs. If your Amazon S3 bucket name is my-bucket , and your path prefix is build-log , then acceptable formats are my-bucket/build-log or arn:aws:s3:::my-bucket/build-log .
Set to true if you do not want your S3 build log output encrypted. By default S3 build logs are encrypted.
Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects.
Note
To use this property, your CodeBuild service role must have the s3:PutBucketAcl permission. This permission allows CodeBuild to modify the access control list for the bucket.
This property can be one of the following values:
NONE
The bucket owner does not have access to the objects. This is the default.
READ_ONLY
The bucket owner has read-only access to the objects. The uploading account retains ownership of the objects.
FULL
The bucket owner has full access to the objects. Object ownership is determined by the following criteria:
For more information about Amazon S3 object ownership, see Controlling ownership of uploaded objects using S3 Object Ownership in the Amazon Simple Storage Service User Guide .
Specifies the maximum amount of time, in minutes, that the build in a batch must be completed in.
Specifies the amount of time, in minutes, that the batch build is allowed to be queued before it times out.
Indicates if the batch build is complete.
The entity that started the batch build. Valid values include:
Information about the VPC configuration that CodeBuild accesses.
The ID of the Amazon VPC.
A list of one or more subnet IDs in your Amazon VPC.
A list of one or more security groups IDs in your Amazon VPC.
The Key Management Service customer master key (CMK) to be used for encrypting the batch build output artifacts.
Note
You can use a cross-account KMS key to encrypt the build output artifacts if your service role has permission to that key.
You can specify either the Amazon Resource Name (ARN) of the CMK or, if available, the CMK's alias (using the format alias/<alias-name> ).
The number of the batch build. For each project, the buildBatchNumber of its first batch build is 1 . The buildBatchNumber of each subsequent batch build is incremented by 1 . If a batch build is deleted, the buildBatchNumber of other batch builds does not change.
An array of ProjectFileSystemLocation objects for the batch build project. A ProjectFileSystemLocation object specifies the identifier , location , mountOptions , mountPoint , and type of a file system created using Amazon Elastic File System.
Information about a file system created by Amazon Elastic File System (EFS). For more information, see What Is Amazon Elastic File System?
The type of the file system. The one supported type is EFS .
A string that specifies the location of the file system created by Amazon EFS. Its format is efs-dns-name:/directory-path . You can find the DNS name of file system when you view it in the Amazon EFS console. The directory path is a path to a directory in the file system that CodeBuild mounts. For example, if the DNS name of a file system is fs-abcd1234.efs.us-west-2.amazonaws.com , and its mount directory is my-efs-mount-directory , then the location is fs-abcd1234.efs.us-west-2.amazonaws.com:/my-efs-mount-directory .
The directory path in the format efs-dns-name:/directory-path is optional. If you do not specify a directory path, the location is only the DNS name and CodeBuild mounts the entire file system.
The location in the container where you mount the file system.
The name used to access a file system created by Amazon EFS. CodeBuild creates an environment variable by appending the identifier in all capital letters to CODEBUILD_ . For example, if you specify my_efs for identifier , a new environment variable is create named CODEBUILD_MY_EFS .
The identifier is used to mount your file system.
The mount options for a file system created by Amazon EFS. The default mount options used by CodeBuild are nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 . For more information, see Recommended NFS Mount Options .
Contains configuration information about a batch build project.
Specifies the service role ARN for the batch build project.
Specifies if the build artifacts for the batch build should be combined into a single artifact location.
A BatchRestrictions object that specifies the restrictions for the batch build.
Specifies the maximum number of builds allowed.
An array of strings that specify the compute types that are allowed for the batch build. See Build environment compute types in the CodeBuild User Guide for these values.
Specifies the maximum amount of time, in minutes, that the batch build must be completed in.
Specifies how build status reports are sent to the source provider for the batch build. This property is only used when the source provider for your project is Bitbucket, GitHub, or GitHub Enterprise, and your project is configured to report build statuses to the source provider.
REPORT_AGGREGATED_BATCH
(Default) Aggregate all of the build statuses into a single status report.
REPORT_INDIVIDUAL_BUILDS
Send a separate status report for each individual build.
An array of BuildGroup objects that define the build groups for the batch build.
Contains information about a batch build build group. Build groups are used to combine builds that can run in parallel, while still being able to set dependencies on other build groups.
Contains the identifier of the build group.
An array of strings that contain the identifiers of the build groups that this build group depends on.
Specifies if failures in this build group can be ignored.
A BuildSummary object that contains a summary of the current build group.
The batch build ARN.
When the build was started, expressed in Unix time format.
The status of the build group.
FAILED
The build group failed.
FAULT
The build group faulted.
IN_PROGRESS
The build group is still in progress.
STOPPED
The build group stopped.
SUCCEEDED
The build group succeeded.
TIMED_OUT
The build group timed out.
A ResolvedArtifact object that represents the primary build artifacts for the build group.
Specifies the type of artifact.
The location of the artifact.
The identifier of the artifact.
An array of ResolvedArtifact objects that represents the secondary build artifacts for the build group.
Represents a resolved build artifact. A resolved artifact is an artifact that is built and deployed to the destination, such as Amazon S3.
Specifies the type of artifact.
The location of the artifact.
The identifier of the artifact.
An array of BuildSummary objects that contain summaries of previous build groups.
Contains summary information about a batch build group.
The batch build ARN.
When the build was started, expressed in Unix time format.
The status of the build group.
FAILED
The build group failed.
FAULT
The build group faulted.
IN_PROGRESS
The build group is still in progress.
STOPPED
The build group stopped.
SUCCEEDED
The build group succeeded.
TIMED_OUT
The build group timed out.
A ResolvedArtifact object that represents the primary build artifacts for the build group.
Specifies the type of artifact.
The location of the artifact.
The identifier of the artifact.
An array of ResolvedArtifact objects that represents the secondary build artifacts for the build group.
Represents a resolved build artifact. A resolved artifact is an artifact that is built and deployed to the destination, such as Amazon S3.
Specifies the type of artifact.
The location of the artifact.
The identifier of the artifact.
Specifies if session debugging is enabled for this batch build. For more information, see Viewing a running build in Session Manager . Batch session debugging is not supported for matrix batch builds.
Exceptions
Changes the settings of a build project.
See also: AWS API Documentation
Request Syntax
response = client.update_project(
name='string',
description='string',
source={
'type': 'CODECOMMIT'|'CODEPIPELINE'|'GITHUB'|'S3'|'BITBUCKET'|'GITHUB_ENTERPRISE'|'NO_SOURCE',
'location': 'string',
'gitCloneDepth': 123,
'gitSubmodulesConfig': {
'fetchSubmodules': True|False
},
'buildspec': 'string',
'auth': {
'type': 'OAUTH',
'resource': 'string'
},
'reportBuildStatus': True|False,
'buildStatusConfig': {
'context': 'string',
'targetUrl': 'string'
},
'insecureSsl': True|False,
'sourceIdentifier': 'string'
},
secondarySources=[
{
'type': 'CODECOMMIT'|'CODEPIPELINE'|'GITHUB'|'S3'|'BITBUCKET'|'GITHUB_ENTERPRISE'|'NO_SOURCE',
'location': 'string',
'gitCloneDepth': 123,
'gitSubmodulesConfig': {
'fetchSubmodules': True|False
},
'buildspec': 'string',
'auth': {
'type': 'OAUTH',
'resource': 'string'
},
'reportBuildStatus': True|False,
'buildStatusConfig': {
'context': 'string',
'targetUrl': 'string'
},
'insecureSsl': True|False,
'sourceIdentifier': 'string'
},
],
sourceVersion='string',
secondarySourceVersions=[
{
'sourceIdentifier': 'string',
'sourceVersion': 'string'
},
],
artifacts={
'type': 'CODEPIPELINE'|'S3'|'NO_ARTIFACTS',
'location': 'string',
'path': 'string',
'namespaceType': 'NONE'|'BUILD_ID',
'name': 'string',
'packaging': 'NONE'|'ZIP',
'overrideArtifactName': True|False,
'encryptionDisabled': True|False,
'artifactIdentifier': 'string',
'bucketOwnerAccess': 'NONE'|'READ_ONLY'|'FULL'
},
secondaryArtifacts=[
{
'type': 'CODEPIPELINE'|'S3'|'NO_ARTIFACTS',
'location': 'string',
'path': 'string',
'namespaceType': 'NONE'|'BUILD_ID',
'name': 'string',
'packaging': 'NONE'|'ZIP',
'overrideArtifactName': True|False,
'encryptionDisabled': True|False,
'artifactIdentifier': 'string',
'bucketOwnerAccess': 'NONE'|'READ_ONLY'|'FULL'
},
],
cache={
'type': 'NO_CACHE'|'S3'|'LOCAL',
'location': 'string',
'modes': [
'LOCAL_DOCKER_LAYER_CACHE'|'LOCAL_SOURCE_CACHE'|'LOCAL_CUSTOM_CACHE',
]
},
environment={
'type': 'WINDOWS_CONTAINER'|'LINUX_CONTAINER'|'LINUX_GPU_CONTAINER'|'ARM_CONTAINER'|'WINDOWS_SERVER_2019_CONTAINER',
'image': 'string',
'computeType': 'BUILD_GENERAL1_SMALL'|'BUILD_GENERAL1_MEDIUM'|'BUILD_GENERAL1_LARGE'|'BUILD_GENERAL1_2XLARGE',
'environmentVariables': [
{
'name': 'string',
'value': 'string',
'type': 'PLAINTEXT'|'PARAMETER_STORE'|'SECRETS_MANAGER'
},
],
'privilegedMode': True|False,
'certificate': 'string',
'registryCredential': {
'credential': 'string',
'credentialProvider': 'SECRETS_MANAGER'
},
'imagePullCredentialsType': 'CODEBUILD'|'SERVICE_ROLE'
},
serviceRole='string',
timeoutInMinutes=123,
queuedTimeoutInMinutes=123,
encryptionKey='string',
tags=[
{
'key': 'string',
'value': 'string'
},
],
vpcConfig={
'vpcId': 'string',
'subnets': [
'string',
],
'securityGroupIds': [
'string',
]
},
badgeEnabled=True|False,
logsConfig={
'cloudWatchLogs': {
'status': 'ENABLED'|'DISABLED',
'groupName': 'string',
'streamName': 'string'
},
's3Logs': {
'status': 'ENABLED'|'DISABLED',
'location': 'string',
'encryptionDisabled': True|False,
'bucketOwnerAccess': 'NONE'|'READ_ONLY'|'FULL'
}
},
fileSystemLocations=[
{
'type': 'EFS',
'location': 'string',
'mountPoint': 'string',
'identifier': 'string',
'mountOptions': 'string'
},
],
buildBatchConfig={
'serviceRole': 'string',
'combineArtifacts': True|False,
'restrictions': {
'maximumBuildsAllowed': 123,
'computeTypesAllowed': [
'string',
]
},
'timeoutInMins': 123,
'batchReportMode': 'REPORT_INDIVIDUAL_BUILDS'|'REPORT_AGGREGATED_BATCH'
},
concurrentBuildLimit=123
)
[REQUIRED]
The name of the build project.
Note
You cannot change a build project's name.
Information to be changed about the build input source code for the build project.
The type of repository that contains the source code to be built. Valid values include:
Information about the location of the source code to be built. Valid values include:
If you specify CODEPIPELINE for the Type property, don't specify this property. For all of the other types, you must specify Location .
Information about the Git clone depth for the build project.
Information about the Git submodules configuration for the build project.
Set to true to fetch Git submodules for your CodeBuild build project.
The buildspec file declaration to use for the builds in this build project.
If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in CODEBUILD_SRC_DIR environment variable, or the path to an S3 bucket. The bucket must be in the same Amazon Web Services Region as the build project. Specify the buildspec file using its ARN (for example, arn:aws:s3:::my-codebuild-sample2/buildspec.yml ). If this value is not provided or is set to an empty string, the source code must contain a buildspec file in its root directory. For more information, see Buildspec File Name and Storage Location .
Information about the authorization settings for CodeBuild to access the source code to be built.
This information is for the CodeBuild console's use only. Your code should not get or set this information directly.
Note
This data type is deprecated and is no longer accurate or used.
The authorization type to use. The only valid value is OAUTH , which represents the OAuth authorization type.
The resource value that applies to the specified authorization type.
Set to true to report the status of a build's start and finish to your source provider. This option is valid only when your source provider is GitHub, GitHub Enterprise, or Bitbucket. If this is set and you use a different source provider, an invalidInputException is thrown.
To be able to report the build status to the source provider, the user associated with the source provider must have write access to the repo. If the user does not have write access, the build status cannot be updated. For more information, see Source provider access in the CodeBuild User Guide .
The status of a build triggered by a webhook is always reported to your source provider.
If your project's builds are triggered by a webhook, you must push a new commit to the repo for a change to this property to take effect.
Contains information that defines how the build project reports the build status to the source provider. This option is only used when the source provider is GITHUB , GITHUB_ENTERPRISE , or BITBUCKET .
Specifies the context of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the name parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the context parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
Specifies the target url of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the url parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the target_url parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
Enable this flag to ignore SSL warnings while connecting to the project source code.
An identifier for this project source. The identifier can only contain alphanumeric characters and underscores, and must be less than 128 characters in length.
An array of ProjectSource objects.
Information about the build input source code for the build project.
The type of repository that contains the source code to be built. Valid values include:
Information about the location of the source code to be built. Valid values include:
If you specify CODEPIPELINE for the Type property, don't specify this property. For all of the other types, you must specify Location .
Information about the Git clone depth for the build project.
Information about the Git submodules configuration for the build project.
Set to true to fetch Git submodules for your CodeBuild build project.
The buildspec file declaration to use for the builds in this build project.
If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in CODEBUILD_SRC_DIR environment variable, or the path to an S3 bucket. The bucket must be in the same Amazon Web Services Region as the build project. Specify the buildspec file using its ARN (for example, arn:aws:s3:::my-codebuild-sample2/buildspec.yml ). If this value is not provided or is set to an empty string, the source code must contain a buildspec file in its root directory. For more information, see Buildspec File Name and Storage Location .
Information about the authorization settings for CodeBuild to access the source code to be built.
This information is for the CodeBuild console's use only. Your code should not get or set this information directly.
Note
This data type is deprecated and is no longer accurate or used.
The authorization type to use. The only valid value is OAUTH , which represents the OAuth authorization type.
The resource value that applies to the specified authorization type.
Set to true to report the status of a build's start and finish to your source provider. This option is valid only when your source provider is GitHub, GitHub Enterprise, or Bitbucket. If this is set and you use a different source provider, an invalidInputException is thrown.
To be able to report the build status to the source provider, the user associated with the source provider must have write access to the repo. If the user does not have write access, the build status cannot be updated. For more information, see Source provider access in the CodeBuild User Guide .
The status of a build triggered by a webhook is always reported to your source provider.
If your project's builds are triggered by a webhook, you must push a new commit to the repo for a change to this property to take effect.
Contains information that defines how the build project reports the build status to the source provider. This option is only used when the source provider is GITHUB , GITHUB_ENTERPRISE , or BITBUCKET .
Specifies the context of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the name parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the context parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
Specifies the target url of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the url parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the target_url parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
Enable this flag to ignore SSL warnings while connecting to the project source code.
An identifier for this project source. The identifier can only contain alphanumeric characters and underscores, and must be less than 128 characters in length.
A version of the build input to be built for this project. If not specified, the latest version is used. If specified, it must be one of:
If sourceVersion is specified at the build level, then that version takes precedence over this sourceVersion (at the project level).
For more information, see Source Version Sample with CodeBuild in the CodeBuild User Guide .
An array of ProjectSourceVersion objects. If secondarySourceVersions is specified at the build level, then they take over these secondarySourceVersions (at the project level).
A source identifier and its corresponding version.
An identifier for a source in the build project. The identifier can only contain alphanumeric characters and underscores, and must be less than 128 characters in length.
The source version for the corresponding source identifier. If specified, must be one of:
For more information, see Source Version Sample with CodeBuild in the CodeBuild User Guide .
Information to be changed about the build output artifacts for the build project.
The type of build output artifact. Valid values include:
Note
The CODEPIPELINE type is not supported for secondaryArtifacts .
Information about the build output artifact location:
Along with namespaceType and name , the pattern that CodeBuild uses to name and store the output artifact:
For example, if path is set to MyArtifacts , namespaceType is set to NONE , and name is set to MyArtifact.zip , the output artifact is stored in the output bucket at MyArtifacts/MyArtifact.zip .
Along with path and name , the pattern that CodeBuild uses to determine the name and location to store the output artifact:
For example, if path is set to MyArtifacts , namespaceType is set to BUILD_ID , and name is set to MyArtifact.zip , the output artifact is stored in MyArtifacts/<build-ID>/MyArtifact.zip .
Along with path and namespaceType , the pattern that CodeBuild uses to name and store the output artifact:
For example:
The type of build output artifact to create:
If this flag is set, a name specified in the buildspec file overrides the artifact name. The name specified in a buildspec file is calculated at build time and uses the Shell Command Language. For example, you can append a date and time to your artifact name so that it is always unique.
Set to true if you do not want your output artifacts encrypted. This option is valid only if your artifacts type is Amazon S3. If this is set with another artifacts type, an invalidInputException is thrown.
An identifier for this artifact definition.
Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects.
Note
To use this property, your CodeBuild service role must have the s3:PutBucketAcl permission. This permission allows CodeBuild to modify the access control list for the bucket.
This property can be one of the following values:
NONE
The bucket owner does not have access to the objects. This is the default.
READ_ONLY
The bucket owner has read-only access to the objects. The uploading account retains ownership of the objects.
FULL
The bucket owner has full access to the objects. Object ownership is determined by the following criteria:
For more information about Amazon S3 object ownership, see Controlling ownership of uploaded objects using S3 Object Ownership in the Amazon Simple Storage Service User Guide .
An array of ProjectArtifact objects.
Information about the build output artifacts for the build project.
The type of build output artifact. Valid values include:
Note
The CODEPIPELINE type is not supported for secondaryArtifacts .
Information about the build output artifact location:
Along with namespaceType and name , the pattern that CodeBuild uses to name and store the output artifact:
For example, if path is set to MyArtifacts , namespaceType is set to NONE , and name is set to MyArtifact.zip , the output artifact is stored in the output bucket at MyArtifacts/MyArtifact.zip .
Along with path and name , the pattern that CodeBuild uses to determine the name and location to store the output artifact:
For example, if path is set to MyArtifacts , namespaceType is set to BUILD_ID , and name is set to MyArtifact.zip , the output artifact is stored in MyArtifacts/<build-ID>/MyArtifact.zip .
Along with path and namespaceType , the pattern that CodeBuild uses to name and store the output artifact:
For example:
The type of build output artifact to create:
If this flag is set, a name specified in the buildspec file overrides the artifact name. The name specified in a buildspec file is calculated at build time and uses the Shell Command Language. For example, you can append a date and time to your artifact name so that it is always unique.
Set to true if you do not want your output artifacts encrypted. This option is valid only if your artifacts type is Amazon S3. If this is set with another artifacts type, an invalidInputException is thrown.
An identifier for this artifact definition.
Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects.
Note
To use this property, your CodeBuild service role must have the s3:PutBucketAcl permission. This permission allows CodeBuild to modify the access control list for the bucket.
This property can be one of the following values:
NONE
The bucket owner does not have access to the objects. This is the default.
READ_ONLY
The bucket owner has read-only access to the objects. The uploading account retains ownership of the objects.
FULL
The bucket owner has full access to the objects. Object ownership is determined by the following criteria:
For more information about Amazon S3 object ownership, see Controlling ownership of uploaded objects using S3 Object Ownership in the Amazon Simple Storage Service User Guide .
Stores recently used information so that it can be quickly accessed at a later time.
The type of cache used by the build project. Valid values include:
Information about the cache location:
An array of strings that specify the local cache modes. You can use one or more local cache modes at the same time. This is only used for LOCAL cache types.
Possible values are:
LOCAL_SOURCE_CACHE
Caches Git metadata for primary and secondary sources. After the cache is created, subsequent builds pull only the change between commits. This mode is a good choice for projects with a clean working directory and a source that is a large Git repository. If you choose this option and your project does not use a Git repository (GitHub, GitHub Enterprise, or Bitbucket), the option is ignored.
LOCAL_DOCKER_LAYER_CACHE
Caches existing Docker layers. This mode is a good choice for projects that build or pull large Docker images. It can prevent the performance issues caused by pulling large Docker images down from the network.
Note
LOCAL_CUSTOM_CACHE
Caches directories you specify in the buildspec file. This mode is a good choice if your build scenario is not suited to one of the other three local cache modes. If you use a custom cache:
Information to be changed about the build environment for the build project.
The type of build environment to use for related builds.
For more information, see Build environment compute types in the CodeBuild user guide .
The image tag or image digest that identifies the Docker image to use for this build project. Use the following formats:
For more information, see Docker images provided by CodeBuild in the CodeBuild user guide .
Information about the compute resources the build project uses. Available values include:
If you use BUILD_GENERAL1_LARGE :
For more information, see Build Environment Compute Types in the CodeBuild User Guide.
A set of environment variables to make available to builds for this build project.
Information about an environment variable for a build project or a build.
The name or key of the environment variable.
The value of the environment variable.
Warning
We strongly discourage the use of PLAINTEXT environment variables to store sensitive values, especially Amazon Web Services secret key IDs and secret access keys. PLAINTEXT environment variables can be displayed in plain text using the CodeBuild console and the CLI. For sensitive values, we recommend you use an environment variable of type PARAMETER_STORE or SECRETS_MANAGER .
The type of environment variable. Valid values include:
Enables running the Docker daemon inside a Docker container. Set to true only if the build project is used to build Docker images. Otherwise, a build that attempts to interact with the Docker daemon fails. The default setting is false .
You can initialize the Docker daemon during the install phase of your build by adding one of the following sets of commands to the install phase of your buildspec file:
If the operating system's base image is Ubuntu Linux:
- nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 --storage-driver=overlay&- timeout 15 sh -c "until docker info; do echo .; sleep 1; done"
If the operating system's base image is Alpine Linux and the previous command does not work, add the -t argument to timeout :
- nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 --storage-driver=overlay&- timeout -t 15 sh -c "until docker info; do echo .; sleep 1; done"
The ARN of the Amazon S3 bucket, path prefix, and object key that contains the PEM-encoded certificate for the build project. For more information, see certificate in the CodeBuild User Guide .
The credentials for access to a private registry.
The Amazon Resource Name (ARN) or name of credentials created using Secrets Manager.
Note
The credential can use the name of the credentials only if they exist in your current Amazon Web Services Region.
The service that created the credentials to access a private Docker registry. The valid value, SECRETS_MANAGER, is for Secrets Manager.
The type of credentials CodeBuild uses to pull images in your build. There are two valid values:
When you use a cross-account or private registry image, you must use SERVICE_ROLE credentials. When you use an CodeBuild curated image, you must use CODEBUILD credentials.
The Key Management Service customer master key (CMK) to be used for encrypting the build output artifacts.
Note
You can use a cross-account KMS key to encrypt the build output artifacts if your service role has permission to that key.
You can specify either the Amazon Resource Name (ARN) of the CMK or, if available, the CMK's alias (using the format alias/<alias-name> ).
An updated list of tag key and value pairs associated with this build project.
These tags are available for use by Amazon Web Services services that support CodeBuild build project tags.
A tag, consisting of a key and a value.
This tag is available for use by Amazon Web Services services that support tags in CodeBuild.
The tag's key.
The tag's value.
VpcConfig enables CodeBuild to access resources in an Amazon VPC.
The ID of the Amazon VPC.
A list of one or more subnet IDs in your Amazon VPC.
A list of one or more security groups IDs in your Amazon VPC.
Information about logs for the build project. A project can create logs in CloudWatch Logs, logs in an S3 bucket, or both.
Information about CloudWatch Logs for a build project. CloudWatch Logs are enabled by default.
The current status of the logs in CloudWatch Logs for a build project. Valid values are:
The group name of the logs in CloudWatch Logs. For more information, see Working with Log Groups and Log Streams .
The prefix of the stream name of the CloudWatch Logs. For more information, see Working with Log Groups and Log Streams .
Information about logs built to an S3 bucket for a build project. S3 logs are not enabled by default.
The current status of the S3 build logs. Valid values are:
The ARN of an S3 bucket and the path prefix for S3 logs. If your Amazon S3 bucket name is my-bucket , and your path prefix is build-log , then acceptable formats are my-bucket/build-log or arn:aws:s3:::my-bucket/build-log .
Set to true if you do not want your S3 build log output encrypted. By default S3 build logs are encrypted.
Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects.
Note
To use this property, your CodeBuild service role must have the s3:PutBucketAcl permission. This permission allows CodeBuild to modify the access control list for the bucket.
This property can be one of the following values:
NONE
The bucket owner does not have access to the objects. This is the default.
READ_ONLY
The bucket owner has read-only access to the objects. The uploading account retains ownership of the objects.
FULL
The bucket owner has full access to the objects. Object ownership is determined by the following criteria:
For more information about Amazon S3 object ownership, see Controlling ownership of uploaded objects using S3 Object Ownership in the Amazon Simple Storage Service User Guide .
An array of ProjectFileSystemLocation objects for a CodeBuild build project. A ProjectFileSystemLocation object specifies the identifier , location , mountOptions , mountPoint , and type of a file system created using Amazon Elastic File System.
Information about a file system created by Amazon Elastic File System (EFS). For more information, see What Is Amazon Elastic File System?
The type of the file system. The one supported type is EFS .
A string that specifies the location of the file system created by Amazon EFS. Its format is efs-dns-name:/directory-path . You can find the DNS name of file system when you view it in the Amazon EFS console. The directory path is a path to a directory in the file system that CodeBuild mounts. For example, if the DNS name of a file system is fs-abcd1234.efs.us-west-2.amazonaws.com , and its mount directory is my-efs-mount-directory , then the location is fs-abcd1234.efs.us-west-2.amazonaws.com:/my-efs-mount-directory .
The directory path in the format efs-dns-name:/directory-path is optional. If you do not specify a directory path, the location is only the DNS name and CodeBuild mounts the entire file system.
The location in the container where you mount the file system.
The name used to access a file system created by Amazon EFS. CodeBuild creates an environment variable by appending the identifier in all capital letters to CODEBUILD_ . For example, if you specify my_efs for identifier , a new environment variable is create named CODEBUILD_MY_EFS .
The identifier is used to mount your file system.
The mount options for a file system created by Amazon EFS. The default mount options used by CodeBuild are nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 . For more information, see Recommended NFS Mount Options .
Contains configuration information about a batch build project.
Specifies the service role ARN for the batch build project.
Specifies if the build artifacts for the batch build should be combined into a single artifact location.
A BatchRestrictions object that specifies the restrictions for the batch build.
Specifies the maximum number of builds allowed.
An array of strings that specify the compute types that are allowed for the batch build. See Build environment compute types in the CodeBuild User Guide for these values.
Specifies the maximum amount of time, in minutes, that the batch build must be completed in.
Specifies how build status reports are sent to the source provider for the batch build. This property is only used when the source provider for your project is Bitbucket, GitHub, or GitHub Enterprise, and your project is configured to report build statuses to the source provider.
REPORT_AGGREGATED_BATCH
(Default) Aggregate all of the build statuses into a single status report.
REPORT_INDIVIDUAL_BUILDS
Send a separate status report for each individual build.
The maximum number of concurrent builds that are allowed for this project.
New builds are only started if the current number of builds is less than or equal to this limit. If the current build count meets this limit, new builds are throttled and are not run.
To remove this limit, set this value to -1.
dict
Response Syntax
{
'project': {
'name': 'string',
'arn': 'string',
'description': 'string',
'source': {
'type': 'CODECOMMIT'|'CODEPIPELINE'|'GITHUB'|'S3'|'BITBUCKET'|'GITHUB_ENTERPRISE'|'NO_SOURCE',
'location': 'string',
'gitCloneDepth': 123,
'gitSubmodulesConfig': {
'fetchSubmodules': True|False
},
'buildspec': 'string',
'auth': {
'type': 'OAUTH',
'resource': 'string'
},
'reportBuildStatus': True|False,
'buildStatusConfig': {
'context': 'string',
'targetUrl': 'string'
},
'insecureSsl': True|False,
'sourceIdentifier': 'string'
},
'secondarySources': [
{
'type': 'CODECOMMIT'|'CODEPIPELINE'|'GITHUB'|'S3'|'BITBUCKET'|'GITHUB_ENTERPRISE'|'NO_SOURCE',
'location': 'string',
'gitCloneDepth': 123,
'gitSubmodulesConfig': {
'fetchSubmodules': True|False
},
'buildspec': 'string',
'auth': {
'type': 'OAUTH',
'resource': 'string'
},
'reportBuildStatus': True|False,
'buildStatusConfig': {
'context': 'string',
'targetUrl': 'string'
},
'insecureSsl': True|False,
'sourceIdentifier': 'string'
},
],
'sourceVersion': 'string',
'secondarySourceVersions': [
{
'sourceIdentifier': 'string',
'sourceVersion': 'string'
},
],
'artifacts': {
'type': 'CODEPIPELINE'|'S3'|'NO_ARTIFACTS',
'location': 'string',
'path': 'string',
'namespaceType': 'NONE'|'BUILD_ID',
'name': 'string',
'packaging': 'NONE'|'ZIP',
'overrideArtifactName': True|False,
'encryptionDisabled': True|False,
'artifactIdentifier': 'string',
'bucketOwnerAccess': 'NONE'|'READ_ONLY'|'FULL'
},
'secondaryArtifacts': [
{
'type': 'CODEPIPELINE'|'S3'|'NO_ARTIFACTS',
'location': 'string',
'path': 'string',
'namespaceType': 'NONE'|'BUILD_ID',
'name': 'string',
'packaging': 'NONE'|'ZIP',
'overrideArtifactName': True|False,
'encryptionDisabled': True|False,
'artifactIdentifier': 'string',
'bucketOwnerAccess': 'NONE'|'READ_ONLY'|'FULL'
},
],
'cache': {
'type': 'NO_CACHE'|'S3'|'LOCAL',
'location': 'string',
'modes': [
'LOCAL_DOCKER_LAYER_CACHE'|'LOCAL_SOURCE_CACHE'|'LOCAL_CUSTOM_CACHE',
]
},
'environment': {
'type': 'WINDOWS_CONTAINER'|'LINUX_CONTAINER'|'LINUX_GPU_CONTAINER'|'ARM_CONTAINER'|'WINDOWS_SERVER_2019_CONTAINER',
'image': 'string',
'computeType': 'BUILD_GENERAL1_SMALL'|'BUILD_GENERAL1_MEDIUM'|'BUILD_GENERAL1_LARGE'|'BUILD_GENERAL1_2XLARGE',
'environmentVariables': [
{
'name': 'string',
'value': 'string',
'type': 'PLAINTEXT'|'PARAMETER_STORE'|'SECRETS_MANAGER'
},
],
'privilegedMode': True|False,
'certificate': 'string',
'registryCredential': {
'credential': 'string',
'credentialProvider': 'SECRETS_MANAGER'
},
'imagePullCredentialsType': 'CODEBUILD'|'SERVICE_ROLE'
},
'serviceRole': 'string',
'timeoutInMinutes': 123,
'queuedTimeoutInMinutes': 123,
'encryptionKey': 'string',
'tags': [
{
'key': 'string',
'value': 'string'
},
],
'created': datetime(2015, 1, 1),
'lastModified': datetime(2015, 1, 1),
'webhook': {
'url': 'string',
'payloadUrl': 'string',
'secret': 'string',
'branchFilter': 'string',
'filterGroups': [
[
{
'type': 'EVENT'|'BASE_REF'|'HEAD_REF'|'ACTOR_ACCOUNT_ID'|'FILE_PATH'|'COMMIT_MESSAGE',
'pattern': 'string',
'excludeMatchedPattern': True|False
},
],
],
'buildType': 'BUILD'|'BUILD_BATCH',
'lastModifiedSecret': datetime(2015, 1, 1)
},
'vpcConfig': {
'vpcId': 'string',
'subnets': [
'string',
],
'securityGroupIds': [
'string',
]
},
'badge': {
'badgeEnabled': True|False,
'badgeRequestUrl': 'string'
},
'logsConfig': {
'cloudWatchLogs': {
'status': 'ENABLED'|'DISABLED',
'groupName': 'string',
'streamName': 'string'
},
's3Logs': {
'status': 'ENABLED'|'DISABLED',
'location': 'string',
'encryptionDisabled': True|False,
'bucketOwnerAccess': 'NONE'|'READ_ONLY'|'FULL'
}
},
'fileSystemLocations': [
{
'type': 'EFS',
'location': 'string',
'mountPoint': 'string',
'identifier': 'string',
'mountOptions': 'string'
},
],
'buildBatchConfig': {
'serviceRole': 'string',
'combineArtifacts': True|False,
'restrictions': {
'maximumBuildsAllowed': 123,
'computeTypesAllowed': [
'string',
]
},
'timeoutInMins': 123,
'batchReportMode': 'REPORT_INDIVIDUAL_BUILDS'|'REPORT_AGGREGATED_BATCH'
},
'concurrentBuildLimit': 123,
'projectVisibility': 'PUBLIC_READ'|'PRIVATE',
'publicProjectAlias': 'string',
'resourceAccessRole': 'string'
}
}
Response Structure
(dict) --
project (dict) --
Information about the build project that was changed.
name (string) --
The name of the build project.
arn (string) --
The Amazon Resource Name (ARN) of the build project.
description (string) --
A description that makes the build project easy to identify.
source (dict) --
Information about the build input source code for this build project.
type (string) --
The type of repository that contains the source code to be built. Valid values include:
location (string) --
Information about the location of the source code to be built. Valid values include:
If you specify CODEPIPELINE for the Type property, don't specify this property. For all of the other types, you must specify Location .
gitCloneDepth (integer) --
Information about the Git clone depth for the build project.
gitSubmodulesConfig (dict) --
Information about the Git submodules configuration for the build project.
fetchSubmodules (boolean) --
Set to true to fetch Git submodules for your CodeBuild build project.
buildspec (string) --
The buildspec file declaration to use for the builds in this build project.
If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in CODEBUILD_SRC_DIR environment variable, or the path to an S3 bucket. The bucket must be in the same Amazon Web Services Region as the build project. Specify the buildspec file using its ARN (for example, arn:aws:s3:::my-codebuild-sample2/buildspec.yml ). If this value is not provided or is set to an empty string, the source code must contain a buildspec file in its root directory. For more information, see Buildspec File Name and Storage Location .
auth (dict) --
Information about the authorization settings for CodeBuild to access the source code to be built.
This information is for the CodeBuild console's use only. Your code should not get or set this information directly.
type (string) --
Note
This data type is deprecated and is no longer accurate or used.
The authorization type to use. The only valid value is OAUTH , which represents the OAuth authorization type.
resource (string) --
The resource value that applies to the specified authorization type.
reportBuildStatus (boolean) --
Set to true to report the status of a build's start and finish to your source provider. This option is valid only when your source provider is GitHub, GitHub Enterprise, or Bitbucket. If this is set and you use a different source provider, an invalidInputException is thrown.
To be able to report the build status to the source provider, the user associated with the source provider must have write access to the repo. If the user does not have write access, the build status cannot be updated. For more information, see Source provider access in the CodeBuild User Guide .
The status of a build triggered by a webhook is always reported to your source provider.
If your project's builds are triggered by a webhook, you must push a new commit to the repo for a change to this property to take effect.
buildStatusConfig (dict) --
Contains information that defines how the build project reports the build status to the source provider. This option is only used when the source provider is GITHUB , GITHUB_ENTERPRISE , or BITBUCKET .
context (string) --
Specifies the context of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the name parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the context parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
targetUrl (string) --
Specifies the target url of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the url parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the target_url parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
insecureSsl (boolean) --
Enable this flag to ignore SSL warnings while connecting to the project source code.
sourceIdentifier (string) --
An identifier for this project source. The identifier can only contain alphanumeric characters and underscores, and must be less than 128 characters in length.
secondarySources (list) --
An array of ProjectSource objects.
(dict) --
Information about the build input source code for the build project.
type (string) --
The type of repository that contains the source code to be built. Valid values include:
location (string) --
Information about the location of the source code to be built. Valid values include:
If you specify CODEPIPELINE for the Type property, don't specify this property. For all of the other types, you must specify Location .
gitCloneDepth (integer) --
Information about the Git clone depth for the build project.
gitSubmodulesConfig (dict) --
Information about the Git submodules configuration for the build project.
fetchSubmodules (boolean) --
Set to true to fetch Git submodules for your CodeBuild build project.
buildspec (string) --
The buildspec file declaration to use for the builds in this build project.
If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in CODEBUILD_SRC_DIR environment variable, or the path to an S3 bucket. The bucket must be in the same Amazon Web Services Region as the build project. Specify the buildspec file using its ARN (for example, arn:aws:s3:::my-codebuild-sample2/buildspec.yml ). If this value is not provided or is set to an empty string, the source code must contain a buildspec file in its root directory. For more information, see Buildspec File Name and Storage Location .
auth (dict) --
Information about the authorization settings for CodeBuild to access the source code to be built.
This information is for the CodeBuild console's use only. Your code should not get or set this information directly.
type (string) --
Note
This data type is deprecated and is no longer accurate or used.
The authorization type to use. The only valid value is OAUTH , which represents the OAuth authorization type.
resource (string) --
The resource value that applies to the specified authorization type.
reportBuildStatus (boolean) --
Set to true to report the status of a build's start and finish to your source provider. This option is valid only when your source provider is GitHub, GitHub Enterprise, or Bitbucket. If this is set and you use a different source provider, an invalidInputException is thrown.
To be able to report the build status to the source provider, the user associated with the source provider must have write access to the repo. If the user does not have write access, the build status cannot be updated. For more information, see Source provider access in the CodeBuild User Guide .
The status of a build triggered by a webhook is always reported to your source provider.
If your project's builds are triggered by a webhook, you must push a new commit to the repo for a change to this property to take effect.
buildStatusConfig (dict) --
Contains information that defines how the build project reports the build status to the source provider. This option is only used when the source provider is GITHUB , GITHUB_ENTERPRISE , or BITBUCKET .
context (string) --
Specifies the context of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the name parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the context parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
targetUrl (string) --
Specifies the target url of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.
Bitbucket
This parameter is used for the url parameter in the Bitbucket commit status. For more information, see build in the Bitbucket API documentation.
GitHub/GitHub Enterprise Server
This parameter is used for the target_url parameter in the GitHub commit status. For more information, see Create a commit status in the GitHub developer guide.
insecureSsl (boolean) --
Enable this flag to ignore SSL warnings while connecting to the project source code.
sourceIdentifier (string) --
An identifier for this project source. The identifier can only contain alphanumeric characters and underscores, and must be less than 128 characters in length.
sourceVersion (string) --
A version of the build input to be built for this project. If not specified, the latest version is used. If specified, it must be one of:
If sourceVersion is specified at the build level, then that version takes precedence over this sourceVersion (at the project level).
For more information, see Source Version Sample with CodeBuild in the CodeBuild User Guide .
secondarySourceVersions (list) --
An array of ProjectSourceVersion objects. If secondarySourceVersions is specified at the build level, then they take over these secondarySourceVersions (at the project level).
(dict) --
A source identifier and its corresponding version.
sourceIdentifier (string) --
An identifier for a source in the build project. The identifier can only contain alphanumeric characters and underscores, and must be less than 128 characters in length.
sourceVersion (string) --
The source version for the corresponding source identifier. If specified, must be one of:
For more information, see Source Version Sample with CodeBuild in the CodeBuild User Guide .
artifacts (dict) --
Information about the build output artifacts for the build project.
type (string) --
The type of build output artifact. Valid values include:
Note
The CODEPIPELINE type is not supported for secondaryArtifacts .
location (string) --
Information about the build output artifact location:
path (string) --
Along with namespaceType and name , the pattern that CodeBuild uses to name and store the output artifact:
For example, if path is set to MyArtifacts , namespaceType is set to NONE , and name is set to MyArtifact.zip , the output artifact is stored in the output bucket at MyArtifacts/MyArtifact.zip .
namespaceType (string) --
Along with path and name , the pattern that CodeBuild uses to determine the name and location to store the output artifact:
For example, if path is set to MyArtifacts , namespaceType is set to BUILD_ID , and name is set to MyArtifact.zip , the output artifact is stored in MyArtifacts/<build-ID>/MyArtifact.zip .
name (string) --
Along with path and namespaceType , the pattern that CodeBuild uses to name and store the output artifact:
For example:
packaging (string) --
The type of build output artifact to create:
overrideArtifactName (boolean) --
If this flag is set, a name specified in the buildspec file overrides the artifact name. The name specified in a buildspec file is calculated at build time and uses the Shell Command Language. For example, you can append a date and time to your artifact name so that it is always unique.
encryptionDisabled (boolean) --
Set to true if you do not want your output artifacts encrypted. This option is valid only if your artifacts type is Amazon S3. If this is set with another artifacts type, an invalidInputException is thrown.
artifactIdentifier (string) --
An identifier for this artifact definition.
bucketOwnerAccess (string) --
Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects.
Note
To use this property, your CodeBuild service role must have the s3:PutBucketAcl permission. This permission allows CodeBuild to modify the access control list for the bucket.
This property can be one of the following values:
NONE
The bucket owner does not have access to the objects. This is the default.
READ_ONLY
The bucket owner has read-only access to the objects. The uploading account retains ownership of the objects.
FULL
The bucket owner has full access to the objects. Object ownership is determined by the following criteria:
For more information about Amazon S3 object ownership, see Controlling ownership of uploaded objects using S3 Object Ownership in the Amazon Simple Storage Service User Guide .
secondaryArtifacts (list) --
An array of ProjectArtifacts objects.
(dict) --
Information about the build output artifacts for the build project.
type (string) --
The type of build output artifact. Valid values include:
Note
The CODEPIPELINE type is not supported for secondaryArtifacts .
location (string) --
Information about the build output artifact location:
path (string) --
Along with namespaceType and name , the pattern that CodeBuild uses to name and store the output artifact:
For example, if path is set to MyArtifacts , namespaceType is set to NONE , and name is set to MyArtifact.zip , the output artifact is stored in the output bucket at MyArtifacts/MyArtifact.zip .
namespaceType (string) --
Along with path and name , the pattern that CodeBuild uses to determine the name and location to store the output artifact:
For example, if path is set to MyArtifacts , namespaceType is set to BUILD_ID , and name is set to MyArtifact.zip , the output artifact is stored in MyArtifacts/<build-ID>/MyArtifact.zip .
name (string) --
Along with path and namespaceType , the pattern that CodeBuild uses to name and store the output artifact:
For example:
packaging (string) --
The type of build output artifact to create:
overrideArtifactName (boolean) --
If this flag is set, a name specified in the buildspec file overrides the artifact name. The name specified in a buildspec file is calculated at build time and uses the Shell Command Language. For example, you can append a date and time to your artifact name so that it is always unique.
encryptionDisabled (boolean) --
Set to true if you do not want your output artifacts encrypted. This option is valid only if your artifacts type is Amazon S3. If this is set with another artifacts type, an invalidInputException is thrown.
artifactIdentifier (string) --
An identifier for this artifact definition.
bucketOwnerAccess (string) --
Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects.
Note
To use this property, your CodeBuild service role must have the s3:PutBucketAcl permission. This permission allows CodeBuild to modify the access control list for the bucket.
This property can be one of the following values:
NONE
The bucket owner does not have access to the objects. This is the default.
READ_ONLY
The bucket owner has read-only access to the objects. The uploading account retains ownership of the objects.
FULL
The bucket owner has full access to the objects. Object ownership is determined by the following criteria:
For more information about Amazon S3 object ownership, see Controlling ownership of uploaded objects using S3 Object Ownership in the Amazon Simple Storage Service User Guide .
cache (dict) --
Information about the cache for the build project.
type (string) --
The type of cache used by the build project. Valid values include:
location (string) --
Information about the cache location:
modes (list) --
An array of strings that specify the local cache modes. You can use one or more local cache modes at the same time. This is only used for LOCAL cache types.
Possible values are:
LOCAL_SOURCE_CACHE
Caches Git metadata for primary and secondary sources. After the cache is created, subsequent builds pull only the change between commits. This mode is a good choice for projects with a clean working directory and a source that is a large Git repository. If you choose this option and your project does not use a Git repository (GitHub, GitHub Enterprise, or Bitbucket), the option is ignored.
LOCAL_DOCKER_LAYER_CACHE
Caches existing Docker layers. This mode is a good choice for projects that build or pull large Docker images. It can prevent the performance issues caused by pulling large Docker images down from the network.
Note
LOCAL_CUSTOM_CACHE
Caches directories you specify in the buildspec file. This mode is a good choice if your build scenario is not suited to one of the other three local cache modes. If you use a custom cache:
environment (dict) --
Information about the build environment for this build project.
type (string) --
The type of build environment to use for related builds.
For more information, see Build environment compute types in the CodeBuild user guide .
image (string) --
The image tag or image digest that identifies the Docker image to use for this build project. Use the following formats:
For more information, see Docker images provided by CodeBuild in the CodeBuild user guide .
computeType (string) --
Information about the compute resources the build project uses. Available values include:
If you use BUILD_GENERAL1_LARGE :
For more information, see Build Environment Compute Types in the CodeBuild User Guide.
environmentVariables (list) --
A set of environment variables to make available to builds for this build project.
(dict) --
Information about an environment variable for a build project or a build.
name (string) --
The name or key of the environment variable.
value (string) --
The value of the environment variable.
Warning
We strongly discourage the use of PLAINTEXT environment variables to store sensitive values, especially Amazon Web Services secret key IDs and secret access keys. PLAINTEXT environment variables can be displayed in plain text using the CodeBuild console and the CLI. For sensitive values, we recommend you use an environment variable of type PARAMETER_STORE or SECRETS_MANAGER .
type (string) --
The type of environment variable. Valid values include:
privilegedMode (boolean) --
Enables running the Docker daemon inside a Docker container. Set to true only if the build project is used to build Docker images. Otherwise, a build that attempts to interact with the Docker daemon fails. The default setting is false .
You can initialize the Docker daemon during the install phase of your build by adding one of the following sets of commands to the install phase of your buildspec file:
If the operating system's base image is Ubuntu Linux:
- nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 --storage-driver=overlay&
- timeout 15 sh -c "until docker info; do echo .; sleep 1; done"
If the operating system's base image is Alpine Linux and the previous command does not work, add the -t argument to timeout :
- nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 --storage-driver=overlay&
- timeout -t 15 sh -c "until docker info; do echo .; sleep 1; done"
certificate (string) --
The ARN of the Amazon S3 bucket, path prefix, and object key that contains the PEM-encoded certificate for the build project. For more information, see certificate in the CodeBuild User Guide .
registryCredential (dict) --
The credentials for access to a private registry.
credential (string) --
The Amazon Resource Name (ARN) or name of credentials created using Secrets Manager.
Note
The credential can use the name of the credentials only if they exist in your current Amazon Web Services Region.
credentialProvider (string) --
The service that created the credentials to access a private Docker registry. The valid value, SECRETS_MANAGER, is for Secrets Manager.
imagePullCredentialsType (string) --
The type of credentials CodeBuild uses to pull images in your build. There are two valid values:
When you use a cross-account or private registry image, you must use SERVICE_ROLE credentials. When you use an CodeBuild curated image, you must use CODEBUILD credentials.
serviceRole (string) --
The ARN of the IAM role that enables CodeBuild to interact with dependent Amazon Web Services services on behalf of the Amazon Web Services account.
timeoutInMinutes (integer) --
How long, in minutes, from 5 to 480 (8 hours), for CodeBuild to wait before timing out any related build that did not get marked as completed. The default is 60 minutes.
queuedTimeoutInMinutes (integer) --
The number of minutes a build is allowed to be queued before it times out.
encryptionKey (string) --
The Key Management Service customer master key (CMK) to be used for encrypting the build output artifacts.
Note
You can use a cross-account KMS key to encrypt the build output artifacts if your service role has permission to that key.
You can specify either the Amazon Resource Name (ARN) of the CMK or, if available, the CMK's alias (using the format alias/<alias-name> ). If you don't specify a value, CodeBuild uses the managed CMK for Amazon Simple Storage Service (Amazon S3).
tags (list) --
A list of tag key and value pairs associated with this build project.
These tags are available for use by Amazon Web Services services that support CodeBuild build project tags.
(dict) --
A tag, consisting of a key and a value.
This tag is available for use by Amazon Web Services services that support tags in CodeBuild.
key (string) --
The tag's key.
value (string) --
The tag's value.
created (datetime) --
When the build project was created, expressed in Unix time format.
lastModified (datetime) --
When the build project's settings were last modified, expressed in Unix time format.
webhook (dict) --
Information about a webhook that connects repository events to a build project in CodeBuild.
url (string) --
The URL to the webhook.
payloadUrl (string) --
The CodeBuild endpoint where webhook events are sent.
secret (string) --
The secret token of the associated repository.
Note
A Bitbucket webhook does not support secret .
branchFilter (string) --
A regular expression used to determine which repository branches are built when a webhook is triggered. If the name of a branch matches the regular expression, then it is built. If branchFilter is empty, then all branches are built.
Note
It is recommended that you use filterGroups instead of branchFilter .
filterGroups (list) --
An array of arrays of WebhookFilter objects used to determine which webhooks are triggered. At least one WebhookFilter in the array must specify EVENT as its type .
For a build to be triggered, at least one filter group in the filterGroups array must pass. For a filter group to pass, each of its filters must pass.
(list) --
(dict) --
A filter used to determine which webhooks trigger a build.
type (string) --
The type of webhook filter. There are six webhook filter types: EVENT , ACTOR_ACCOUNT_ID , HEAD_REF , BASE_REF , FILE_PATH , and COMMIT_MESSAGE .
EVENT
A webhook event triggers a build when the provided pattern matches one of five event types: PUSH , PULL_REQUEST_CREATED , PULL_REQUEST_UPDATED , PULL_REQUEST_REOPENED , and PULL_REQUEST_MERGED . The EVENT patterns are specified as a comma-separated string. For example, PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED filters all push, pull request created, and pull request updated events.
Note
The PULL_REQUEST_REOPENED works with GitHub and GitHub Enterprise only.
ACTOR_ACCOUNT_ID
A webhook event triggers a build when a GitHub, GitHub Enterprise, or Bitbucket account ID matches the regular expression pattern .
HEAD_REF
A webhook event triggers a build when the head reference matches the regular expression pattern . For example, refs/heads/branch-name and refs/tags/tag-name .
Works with GitHub and GitHub Enterprise push, GitHub and GitHub Enterprise pull request, Bitbucket push, and Bitbucket pull request events.
BASE_REF
A webhook event triggers a build when the base reference matches the regular expression pattern . For example, refs/heads/branch-name .
Note
Works with pull request events only.
FILE_PATH
A webhook triggers a build when the path of a changed file matches the regular expression pattern .
Note
Works with GitHub and Bitbucket events push and pull requests events. Also works with GitHub Enterprise push events, but does not work with GitHub Enterprise pull request events.
COMMIT_MESSAGE
A webhook triggers a build when the head commit message matches the regular expression pattern .
Note
Works with GitHub and Bitbucket events push and pull requests events. Also works with GitHub Enterprise push events, but does not work with GitHub Enterprise pull request events.
pattern (string) --
For a WebHookFilter that uses EVENT type, a comma-separated string that specifies one or more events. For example, the webhook filter PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED allows all push, pull request created, and pull request updated events to trigger a build.
For a WebHookFilter that uses any of the other filter types, a regular expression pattern. For example, a WebHookFilter that uses HEAD_REF for its type and the pattern ^refs/heads/ triggers a build when the head reference is a branch with a reference name refs/heads/branch-name .
excludeMatchedPattern (boolean) --
Used to indicate that the pattern determines which webhook events do not trigger a build. If true, then a webhook event that does not match the pattern triggers a build. If false, then a webhook event that matches the pattern triggers a build.
buildType (string) --
Specifies the type of build this webhook will trigger.
lastModifiedSecret (datetime) --
A timestamp that indicates the last time a repository's secret token was modified.
vpcConfig (dict) --
Information about the VPC configuration that CodeBuild accesses.
vpcId (string) --
The ID of the Amazon VPC.
subnets (list) --
A list of one or more subnet IDs in your Amazon VPC.
securityGroupIds (list) --
A list of one or more security groups IDs in your Amazon VPC.
badge (dict) --
Information about the build badge for the build project.
badgeEnabled (boolean) --
Set this to true to generate a publicly accessible URL for your project's build badge.
badgeRequestUrl (string) --
The publicly-accessible URL through which you can access the build badge for your project.
logsConfig (dict) --
Information about logs for the build project. A project can create logs in CloudWatch Logs, an S3 bucket, or both.
cloudWatchLogs (dict) --
Information about CloudWatch Logs for a build project. CloudWatch Logs are enabled by default.
status (string) --
The current status of the logs in CloudWatch Logs for a build project. Valid values are:
groupName (string) --
The group name of the logs in CloudWatch Logs. For more information, see Working with Log Groups and Log Streams .
streamName (string) --
The prefix of the stream name of the CloudWatch Logs. For more information, see Working with Log Groups and Log Streams .
s3Logs (dict) --
Information about logs built to an S3 bucket for a build project. S3 logs are not enabled by default.
status (string) --
The current status of the S3 build logs. Valid values are:
location (string) --
The ARN of an S3 bucket and the path prefix for S3 logs. If your Amazon S3 bucket name is my-bucket , and your path prefix is build-log , then acceptable formats are my-bucket/build-log or arn:aws:s3:::my-bucket/build-log .
encryptionDisabled (boolean) --
Set to true if you do not want your S3 build log output encrypted. By default S3 build logs are encrypted.
bucketOwnerAccess (string) --
Specifies the bucket owner's access for objects that another account uploads to their Amazon S3 bucket. By default, only the account that uploads the objects to the bucket has access to these objects. This property allows you to give the bucket owner access to these objects.
Note
To use this property, your CodeBuild service role must have the s3:PutBucketAcl permission. This permission allows CodeBuild to modify the access control list for the bucket.
This property can be one of the following values:
NONE
The bucket owner does not have access to the objects. This is the default.
READ_ONLY
The bucket owner has read-only access to the objects. The uploading account retains ownership of the objects.
FULL
The bucket owner has full access to the objects. Object ownership is determined by the following criteria:
For more information about Amazon S3 object ownership, see Controlling ownership of uploaded objects using S3 Object Ownership in the Amazon Simple Storage Service User Guide .
fileSystemLocations (list) --
An array of ProjectFileSystemLocation objects for a CodeBuild build project. A ProjectFileSystemLocation object specifies the identifier , location , mountOptions , mountPoint , and type of a file system created using Amazon Elastic File System.
(dict) --
Information about a file system created by Amazon Elastic File System (EFS). For more information, see What Is Amazon Elastic File System?
type (string) --
The type of the file system. The one supported type is EFS .
location (string) --
A string that specifies the location of the file system created by Amazon EFS. Its format is efs-dns-name:/directory-path . You can find the DNS name of file system when you view it in the Amazon EFS console. The directory path is a path to a directory in the file system that CodeBuild mounts. For example, if the DNS name of a file system is fs-abcd1234.efs.us-west-2.amazonaws.com , and its mount directory is my-efs-mount-directory , then the location is fs-abcd1234.efs.us-west-2.amazonaws.com:/my-efs-mount-directory .
The directory path in the format efs-dns-name:/directory-path is optional. If you do not specify a directory path, the location is only the DNS name and CodeBuild mounts the entire file system.
mountPoint (string) --
The location in the container where you mount the file system.
identifier (string) --
The name used to access a file system created by Amazon EFS. CodeBuild creates an environment variable by appending the identifier in all capital letters to CODEBUILD_ . For example, if you specify my_efs for identifier , a new environment variable is create named CODEBUILD_MY_EFS .
The identifier is used to mount your file system.
mountOptions (string) --
The mount options for a file system created by Amazon EFS. The default mount options used by CodeBuild are nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 . For more information, see Recommended NFS Mount Options .
buildBatchConfig (dict) --
A ProjectBuildBatchConfig object that defines the batch build options for the project.
serviceRole (string) --
Specifies the service role ARN for the batch build project.
combineArtifacts (boolean) --
Specifies if the build artifacts for the batch build should be combined into a single artifact location.
restrictions (dict) --
A BatchRestrictions object that specifies the restrictions for the batch build.
maximumBuildsAllowed (integer) --
Specifies the maximum number of builds allowed.
computeTypesAllowed (list) --
An array of strings that specify the compute types that are allowed for the batch build. See Build environment compute types in the CodeBuild User Guide for these values.
timeoutInMins (integer) --
Specifies the maximum amount of time, in minutes, that the batch build must be completed in.
batchReportMode (string) --
Specifies how build status reports are sent to the source provider for the batch build. This property is only used when the source provider for your project is Bitbucket, GitHub, or GitHub Enterprise, and your project is configured to report build statuses to the source provider.
REPORT_AGGREGATED_BATCH
(Default) Aggregate all of the build statuses into a single status report.
REPORT_INDIVIDUAL_BUILDS
Send a separate status report for each individual build.
concurrentBuildLimit (integer) --
The maximum number of concurrent builds that are allowed for this project.
New builds are only started if the current number of builds is less than or equal to this limit. If the current build count meets this limit, new builds are throttled and are not run.
projectVisibility (string) --
Specifies the visibility of the project's builds. Possible values are:
PUBLIC_READ
The project builds are visible to the public.
PRIVATE
The project builds are not visible to the public.
publicProjectAlias (string) --
Contains the project identifier used with the public build APIs.
resourceAccessRole (string) --
The ARN of the IAM role that enables CodeBuild to access the CloudWatch Logs and Amazon S3 artifacts for the project's builds.
Exceptions
Changes the public visibility for a project. The project's build results, logs, and artifacts are available to the general public. For more information, see Public build projects in the CodeBuild User Guide .
Warning
The following should be kept in mind when making your projects public:
See also: AWS API Documentation
Request Syntax
response = client.update_project_visibility(
projectArn='string',
projectVisibility='PUBLIC_READ'|'PRIVATE',
resourceAccessRole='string'
)
[REQUIRED]
The Amazon Resource Name (ARN) of the build project.
[REQUIRED]
Specifies the visibility of the project's builds. Possible values are:
PUBLIC_READ
The project builds are visible to the public.
PRIVATE
The project builds are not visible to the public.
dict
Response Syntax
{
'projectArn': 'string',
'publicProjectAlias': 'string',
'projectVisibility': 'PUBLIC_READ'|'PRIVATE'
}
Response Structure
(dict) --
projectArn (string) --
The Amazon Resource Name (ARN) of the build project.
publicProjectAlias (string) --
Contains the project identifier used with the public build APIs.
projectVisibility (string) --
Specifies the visibility of the project's builds. Possible values are:
PUBLIC_READ
The project builds are visible to the public.
PRIVATE
The project builds are not visible to the public.
Exceptions
Updates a report group.
See also: AWS API Documentation
Request Syntax
response = client.update_report_group(
arn='string',
exportConfig={
'exportConfigType': 'S3'|'NO_EXPORT',
's3Destination': {
'bucket': 'string',
'bucketOwner': 'string',
'path': 'string',
'packaging': 'ZIP'|'NONE',
'encryptionKey': 'string',
'encryptionDisabled': True|False
}
},
tags=[
{
'key': 'string',
'value': 'string'
},
]
)
[REQUIRED]
The ARN of the report group to update.
Used to specify an updated export type. Valid values are:
The export configuration type. Valid values are:
A S3ReportExportConfig object that contains information about the S3 bucket where the run of a report is exported.
The name of the S3 bucket where the raw data of a report are exported.
The Amazon Web Services account identifier of the owner of the Amazon S3 bucket. This allows report data to be exported to an Amazon S3 bucket that is owned by an account other than the account running the build.
The path to the exported report's raw data results.
The type of build output artifact to create. Valid values include:
The encryption key for the report's encrypted raw data.
A boolean value that specifies if the results of a report are encrypted.
An updated list of tag key and value pairs associated with this report group.
These tags are available for use by Amazon Web Services services that support CodeBuild report group tags.
A tag, consisting of a key and a value.
This tag is available for use by Amazon Web Services services that support tags in CodeBuild.
The tag's key.
The tag's value.
dict
Response Syntax
{
'reportGroup': {
'arn': 'string',
'name': 'string',
'type': 'TEST'|'CODE_COVERAGE',
'exportConfig': {
'exportConfigType': 'S3'|'NO_EXPORT',
's3Destination': {
'bucket': 'string',
'bucketOwner': 'string',
'path': 'string',
'packaging': 'ZIP'|'NONE',
'encryptionKey': 'string',
'encryptionDisabled': True|False
}
},
'created': datetime(2015, 1, 1),
'lastModified': datetime(2015, 1, 1),
'tags': [
{
'key': 'string',
'value': 'string'
},
],
'status': 'ACTIVE'|'DELETING'
}
}
Response Structure
(dict) --
reportGroup (dict) --
Information about the updated report group.
arn (string) --
The ARN of the ReportGroup .
name (string) --
The name of the ReportGroup .
type (string) --
The type of the ReportGroup . This can be one of the following values:
CODE_COVERAGE
The report group contains code coverage reports.
TEST
The report group contains test reports.
exportConfig (dict) --
Information about the destination where the raw data of this ReportGroup is exported.
exportConfigType (string) --
The export configuration type. Valid values are:
s3Destination (dict) --
A S3ReportExportConfig object that contains information about the S3 bucket where the run of a report is exported.
bucket (string) --
The name of the S3 bucket where the raw data of a report are exported.
bucketOwner (string) --
The Amazon Web Services account identifier of the owner of the Amazon S3 bucket. This allows report data to be exported to an Amazon S3 bucket that is owned by an account other than the account running the build.
path (string) --
The path to the exported report's raw data results.
packaging (string) --
The type of build output artifact to create. Valid values include:
encryptionKey (string) --
The encryption key for the report's encrypted raw data.
encryptionDisabled (boolean) --
A boolean value that specifies if the results of a report are encrypted.
created (datetime) --
The date and time this ReportGroup was created.
lastModified (datetime) --
The date and time this ReportGroup was last modified.
tags (list) --
A list of tag key and value pairs associated with this report group.
These tags are available for use by Amazon Web Services services that support CodeBuild report group tags.
(dict) --
A tag, consisting of a key and a value.
This tag is available for use by Amazon Web Services services that support tags in CodeBuild.
key (string) --
The tag's key.
value (string) --
The tag's value.
status (string) --
The status of the report group. This property is read-only.
This can be one of the following values:
ACTIVE
The report group is active.
DELETING
The report group is in the process of being deleted.
Exceptions
Updates the webhook associated with an CodeBuild build project.
Note
If you use Bitbucket for your repository, rotateSecret is ignored.
See also: AWS API Documentation
Request Syntax
response = client.update_webhook(
projectName='string',
branchFilter='string',
rotateSecret=True|False,
filterGroups=[
[
{
'type': 'EVENT'|'BASE_REF'|'HEAD_REF'|'ACTOR_ACCOUNT_ID'|'FILE_PATH'|'COMMIT_MESSAGE',
'pattern': 'string',
'excludeMatchedPattern': True|False
},
],
],
buildType='BUILD'|'BUILD_BATCH'
)
[REQUIRED]
The name of the CodeBuild project.
A regular expression used to determine which repository branches are built when a webhook is triggered. If the name of a branch matches the regular expression, then it is built. If branchFilter is empty, then all branches are built.
Note
It is recommended that you use filterGroups instead of branchFilter .
An array of arrays of WebhookFilter objects used to determine if a webhook event can trigger a build. A filter group must contain at least one EVENT WebhookFilter .
A filter used to determine which webhooks trigger a build.
The type of webhook filter. There are six webhook filter types: EVENT , ACTOR_ACCOUNT_ID , HEAD_REF , BASE_REF , FILE_PATH , and COMMIT_MESSAGE .
EVENT
A webhook event triggers a build when the provided pattern matches one of five event types: PUSH , PULL_REQUEST_CREATED , PULL_REQUEST_UPDATED , PULL_REQUEST_REOPENED , and PULL_REQUEST_MERGED . The EVENT patterns are specified as a comma-separated string. For example, PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED filters all push, pull request created, and pull request updated events.
Note
The PULL_REQUEST_REOPENED works with GitHub and GitHub Enterprise only.
ACTOR_ACCOUNT_ID
A webhook event triggers a build when a GitHub, GitHub Enterprise, or Bitbucket account ID matches the regular expression pattern .
HEAD_REF
A webhook event triggers a build when the head reference matches the regular expression pattern . For example, refs/heads/branch-name and refs/tags/tag-name .
Works with GitHub and GitHub Enterprise push, GitHub and GitHub Enterprise pull request, Bitbucket push, and Bitbucket pull request events.
BASE_REF
A webhook event triggers a build when the base reference matches the regular expression pattern . For example, refs/heads/branch-name .
Note
Works with pull request events only.
FILE_PATH
A webhook triggers a build when the path of a changed file matches the regular expression pattern .
Note
Works with GitHub and Bitbucket events push and pull requests events. Also works with GitHub Enterprise push events, but does not work with GitHub Enterprise pull request events.
COMMIT_MESSAGE
A webhook triggers a build when the head commit message matches the regular expression pattern .
Note
Works with GitHub and Bitbucket events push and pull requests events. Also works with GitHub Enterprise push events, but does not work with GitHub Enterprise pull request events.
For a WebHookFilter that uses EVENT type, a comma-separated string that specifies one or more events. For example, the webhook filter PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED allows all push, pull request created, and pull request updated events to trigger a build.
For a WebHookFilter that uses any of the other filter types, a regular expression pattern. For example, a WebHookFilter that uses HEAD_REF for its type and the pattern ^refs/heads/ triggers a build when the head reference is a branch with a reference name refs/heads/branch-name .
Used to indicate that the pattern determines which webhook events do not trigger a build. If true, then a webhook event that does not match the pattern triggers a build. If false, then a webhook event that matches the pattern triggers a build.
dict
Response Syntax
{
'webhook': {
'url': 'string',
'payloadUrl': 'string',
'secret': 'string',
'branchFilter': 'string',
'filterGroups': [
[
{
'type': 'EVENT'|'BASE_REF'|'HEAD_REF'|'ACTOR_ACCOUNT_ID'|'FILE_PATH'|'COMMIT_MESSAGE',
'pattern': 'string',
'excludeMatchedPattern': True|False
},
],
],
'buildType': 'BUILD'|'BUILD_BATCH',
'lastModifiedSecret': datetime(2015, 1, 1)
}
}
Response Structure
(dict) --
webhook (dict) --
Information about a repository's webhook that is associated with a project in CodeBuild.
url (string) --
The URL to the webhook.
payloadUrl (string) --
The CodeBuild endpoint where webhook events are sent.
secret (string) --
The secret token of the associated repository.
Note
A Bitbucket webhook does not support secret .
branchFilter (string) --
A regular expression used to determine which repository branches are built when a webhook is triggered. If the name of a branch matches the regular expression, then it is built. If branchFilter is empty, then all branches are built.
Note
It is recommended that you use filterGroups instead of branchFilter .
filterGroups (list) --
An array of arrays of WebhookFilter objects used to determine which webhooks are triggered. At least one WebhookFilter in the array must specify EVENT as its type .
For a build to be triggered, at least one filter group in the filterGroups array must pass. For a filter group to pass, each of its filters must pass.
(list) --
(dict) --
A filter used to determine which webhooks trigger a build.
type (string) --
The type of webhook filter. There are six webhook filter types: EVENT , ACTOR_ACCOUNT_ID , HEAD_REF , BASE_REF , FILE_PATH , and COMMIT_MESSAGE .
EVENT
A webhook event triggers a build when the provided pattern matches one of five event types: PUSH , PULL_REQUEST_CREATED , PULL_REQUEST_UPDATED , PULL_REQUEST_REOPENED , and PULL_REQUEST_MERGED . The EVENT patterns are specified as a comma-separated string. For example, PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED filters all push, pull request created, and pull request updated events.
Note
The PULL_REQUEST_REOPENED works with GitHub and GitHub Enterprise only.
ACTOR_ACCOUNT_ID
A webhook event triggers a build when a GitHub, GitHub Enterprise, or Bitbucket account ID matches the regular expression pattern .
HEAD_REF
A webhook event triggers a build when the head reference matches the regular expression pattern . For example, refs/heads/branch-name and refs/tags/tag-name .
Works with GitHub and GitHub Enterprise push, GitHub and GitHub Enterprise pull request, Bitbucket push, and Bitbucket pull request events.
BASE_REF
A webhook event triggers a build when the base reference matches the regular expression pattern . For example, refs/heads/branch-name .
Note
Works with pull request events only.
FILE_PATH
A webhook triggers a build when the path of a changed file matches the regular expression pattern .
Note
Works with GitHub and Bitbucket events push and pull requests events. Also works with GitHub Enterprise push events, but does not work with GitHub Enterprise pull request events.
COMMIT_MESSAGE
A webhook triggers a build when the head commit message matches the regular expression pattern .
Note
Works with GitHub and Bitbucket events push and pull requests events. Also works with GitHub Enterprise push events, but does not work with GitHub Enterprise pull request events.
pattern (string) --
For a WebHookFilter that uses EVENT type, a comma-separated string that specifies one or more events. For example, the webhook filter PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED allows all push, pull request created, and pull request updated events to trigger a build.
For a WebHookFilter that uses any of the other filter types, a regular expression pattern. For example, a WebHookFilter that uses HEAD_REF for its type and the pattern ^refs/heads/ triggers a build when the head reference is a branch with a reference name refs/heads/branch-name .
excludeMatchedPattern (boolean) --
Used to indicate that the pattern determines which webhook events do not trigger a build. If true, then a webhook event that does not match the pattern triggers a build. If false, then a webhook event that matches the pattern triggers a build.
buildType (string) --
Specifies the type of build this webhook will trigger.
lastModifiedSecret (datetime) --
A timestamp that indicates the last time a repository's secret token was modified.
Exceptions
The available paginators are:
paginator = client.get_paginator('describe_code_coverages')
Creates an iterator that will paginate through responses from CodeBuild.Client.describe_code_coverages().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
reportArn='string',
sortOrder='ASCENDING'|'DESCENDING',
sortBy='LINE_COVERAGE_PERCENTAGE'|'FILE_PATH',
minLineCoveragePercentage=123.0,
maxLineCoveragePercentage=123.0,
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The ARN of the report for which test cases are returned.
Specifies how the results are sorted. Possible values are:
FILE_PATH
The results are sorted by file path.
LINE_COVERAGE_PERCENTAGE
The results are sorted by the percentage of lines that are covered.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'codeCoverages': [
{
'id': 'string',
'reportARN': 'string',
'filePath': 'string',
'lineCoveragePercentage': 123.0,
'linesCovered': 123,
'linesMissed': 123,
'branchCoveragePercentage': 123.0,
'branchesCovered': 123,
'branchesMissed': 123,
'expired': datetime(2015, 1, 1)
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
codeCoverages (list) --
An array of CodeCoverage objects that contain the results.
(dict) --
Contains code coverage report information.
Line coverage measures how many statements your tests cover. A statement is a single instruction, not including comments, conditionals, etc.
Branch coverage determines if your tests cover every possible branch of a control structure, such as an if or case statement.
id (string) --
The identifier of the code coverage report.
reportARN (string) --
The ARN of the report.
filePath (string) --
The path of the test report file.
lineCoveragePercentage (float) --
The percentage of lines that are covered by your tests.
linesCovered (integer) --
The number of lines that are covered by your tests.
linesMissed (integer) --
The number of lines that are not covered by your tests.
branchCoveragePercentage (float) --
The percentage of branches that are covered by your tests.
branchesCovered (integer) --
The number of conditional branches that are covered by your tests.
branchesMissed (integer) --
The number of conditional branches that are not covered by your tests.
expired (datetime) --
The date and time that the tests were run.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('describe_test_cases')
Creates an iterator that will paginate through responses from CodeBuild.Client.describe_test_cases().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
reportArn='string',
filter={
'status': 'string',
'keyword': 'string'
},
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The ARN of the report for which test cases are returned.
A TestCaseFilter object used to filter the returned reports.
The status used to filter test cases. A TestCaseFilter can have one status. Valid values are:
A keyword that is used to filter on the name or the prefix of the test cases. Only test cases where the keyword is a substring of the name or the prefix will be returned.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'testCases': [
{
'reportArn': 'string',
'testRawDataPath': 'string',
'prefix': 'string',
'name': 'string',
'status': 'string',
'durationInNanoSeconds': 123,
'message': 'string',
'expired': datetime(2015, 1, 1)
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
testCases (list) --
The returned list of test cases.
(dict) --
Information about a test case created using a framework such as NUnit or Cucumber. A test case might be a unit test or a configuration test.
reportArn (string) --
The ARN of the report to which the test case belongs.
testRawDataPath (string) --
The path to the raw data file that contains the test result.
prefix (string) --
A string that is applied to a series of related test cases. CodeBuild generates the prefix. The prefix depends on the framework used to generate the tests.
name (string) --
The name of the test case.
status (string) --
The status returned by the test case after it was run. Valid statuses are SUCCEEDED , FAILED , ERROR , SKIPPED , and UNKNOWN .
durationInNanoSeconds (integer) --
The number of nanoseconds it took to run this test case.
message (string) --
A message associated with a test case. For example, an error message or stack trace.
expired (datetime) --
The date and time a test case expires. A test case expires 30 days after it is created. An expired test case is not available to view in CodeBuild.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_build_batches')
Creates an iterator that will paginate through responses from CodeBuild.Client.list_build_batches().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
filter={
'status': 'SUCCEEDED'|'FAILED'|'FAULT'|'TIMED_OUT'|'IN_PROGRESS'|'STOPPED'
},
sortOrder='ASCENDING'|'DESCENDING',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
A BuildBatchFilter object that specifies the filters for the search.
The status of the batch builds to retrieve. Only batch builds that have this status will be retrieved.
Specifies the sort order of the returned items. Valid values include:
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'ids': [
'string',
],
'NextToken': 'string'
}
Response Structure
(dict) --
ids (list) --
An array of strings that contains the batch build identifiers.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_build_batches_for_project')
Creates an iterator that will paginate through responses from CodeBuild.Client.list_build_batches_for_project().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
projectName='string',
filter={
'status': 'SUCCEEDED'|'FAILED'|'FAULT'|'TIMED_OUT'|'IN_PROGRESS'|'STOPPED'
},
sortOrder='ASCENDING'|'DESCENDING',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
A BuildBatchFilter object that specifies the filters for the search.
The status of the batch builds to retrieve. Only batch builds that have this status will be retrieved.
Specifies the sort order of the returned items. Valid values include:
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'ids': [
'string',
],
'NextToken': 'string'
}
Response Structure
(dict) --
ids (list) --
An array of strings that contains the batch build identifiers.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_builds')
Creates an iterator that will paginate through responses from CodeBuild.Client.list_builds().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
sortOrder='ASCENDING'|'DESCENDING',
PaginationConfig={
'MaxItems': 123,
'StartingToken': 'string'
}
)
The order to list build IDs. Valid values include:
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'ids': [
'string',
],
'NextToken': 'string'
}
Response Structure
(dict) --
ids (list) --
A list of build IDs, with each build ID representing a single build.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_builds_for_project')
Creates an iterator that will paginate through responses from CodeBuild.Client.list_builds_for_project().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
projectName='string',
sortOrder='ASCENDING'|'DESCENDING',
PaginationConfig={
'MaxItems': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The name of the CodeBuild project.
The order to sort the results in. The results are sorted by build number, not the build identifier. If this is not specified, the results are sorted in descending order.
Valid values include:
If the project has more than 100 builds, setting the sort order will result in an error.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'ids': [
'string',
],
'NextToken': 'string'
}
Response Structure
(dict) --
ids (list) --
A list of build identifiers for the specified build project, with each build ID representing a single build.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_projects')
Creates an iterator that will paginate through responses from CodeBuild.Client.list_projects().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
sortBy='NAME'|'CREATED_TIME'|'LAST_MODIFIED_TIME',
sortOrder='ASCENDING'|'DESCENDING',
PaginationConfig={
'MaxItems': 123,
'StartingToken': 'string'
}
)
The criterion to be used to list build project names. Valid values include:
Use sortOrder to specify in what order to list the build project names based on the preceding criteria.
The order in which to list build projects. Valid values include:
Use sortBy to specify the criterion to be used to list build project names.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'projects': [
'string',
],
'NextToken': 'string'
}
Response Structure
(dict) --
projects (list) --
The list of build project names, with each build project name representing a single build project.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_report_groups')
Creates an iterator that will paginate through responses from CodeBuild.Client.list_report_groups().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
sortOrder='ASCENDING'|'DESCENDING',
sortBy='NAME'|'CREATED_TIME'|'LAST_MODIFIED_TIME',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
The criterion to be used to list build report groups. Valid values include:
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'reportGroups': [
'string',
],
'NextToken': 'string'
}
Response Structure
(dict) --
reportGroups (list) --
The list of ARNs for the report groups in the current Amazon Web Services account.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_reports')
Creates an iterator that will paginate through responses from CodeBuild.Client.list_reports().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
sortOrder='ASCENDING'|'DESCENDING',
filter={
'status': 'GENERATING'|'SUCCEEDED'|'FAILED'|'INCOMPLETE'|'DELETING'
},
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
Specifies the sort order for the list of returned reports. Valid values are:
A ReportFilter object used to filter the returned reports.
The status used to filter reports. You can filter using one status only.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'reports': [
'string',
],
'NextToken': 'string'
}
Response Structure
(dict) --
reports (list) --
The list of returned ARNs for the reports in the current Amazon Web Services account.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_reports_for_report_group')
Creates an iterator that will paginate through responses from CodeBuild.Client.list_reports_for_report_group().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
reportGroupArn='string',
sortOrder='ASCENDING'|'DESCENDING',
filter={
'status': 'GENERATING'|'SUCCEEDED'|'FAILED'|'INCOMPLETE'|'DELETING'
},
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The ARN of the report group for which you want to return report ARNs.
A ReportFilter object used to filter the returned reports.
The status used to filter reports. You can filter using one status only.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'reports': [
'string',
],
'NextToken': 'string'
}
Response Structure
(dict) --
reports (list) --
The list of report ARNs.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_shared_projects')
Creates an iterator that will paginate through responses from CodeBuild.Client.list_shared_projects().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
sortBy='ARN'|'MODIFIED_TIME',
sortOrder='ASCENDING'|'DESCENDING',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
The criterion to be used to list build projects shared with the current Amazon Web Services account or user. Valid values include:
The order in which to list shared build projects. Valid values include:
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'projects': [
'string',
],
'NextToken': 'string'
}
Response Structure
(dict) --
projects (list) --
The list of ARNs for the build projects shared with the current Amazon Web Services account or user.
NextToken (string) --
A token to resume pagination.
paginator = client.get_paginator('list_shared_report_groups')
Creates an iterator that will paginate through responses from CodeBuild.Client.list_shared_report_groups().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
sortOrder='ASCENDING'|'DESCENDING',
sortBy='ARN'|'MODIFIED_TIME',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
The order in which to list shared report groups. Valid values include:
The criterion to be used to list report groups shared with the current Amazon Web Services account or user. Valid values include:
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'reportGroups': [
'string',
],
'NextToken': 'string'
}
Response Structure
(dict) --
reportGroups (list) --
The list of ARNs for the report groups shared with the current Amazon Web Services account or user.
NextToken (string) --
A token to resume pagination.