Skip to content

Resource: awsCodebuildWebhook

Manages a CodeBuild webhook, which is an endpoint accepted by the CodeBuild service to trigger builds from source code repositories. Depending on the source type of the CodeBuild project, the CodeBuild service may also automatically create and delete the actual repository webhook as well.

Example Usage

Bitbucket and GitHub

When working with Bitbucket and GitHub source CodeBuild webhooks, the CodeBuild service will automatically create (on awsCodebuildWebhook resource creation) and delete (on awsCodebuildWebhook resource deletion) the Bitbucket/GitHub repository webhook using its granted OAuth permissions. This behavior cannot be controlled by Terraform.

\~> Note: The AWS account that Terraform uses to create this resource must have authorized CodeBuild to access Bitbucket/GitHub's OAuth API in each applicable region. This is a manual step that must be done before creating webhooks with this resource. If OAuth is not configured, AWS will return an error similar to resourceNotFoundException:CouldNotFindAccessTokenForServerTypeGithub. More information can be found in the CodeBuild User Guide for Bitbucket and GitHub.

\~> Note: Further managing the automatically created Bitbucket/GitHub webhook with the bitbucketHook/githubRepositoryWebhook resource is only possible with importing that resource after creation of the awsCodebuildWebhook resource. The CodeBuild API does not ever provide the secret attribute for the awsCodebuildWebhook resource in this scenario.

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.codebuildWebhook.CodebuildWebhook(this, "example", {
  buildType: "BUILD",
  filterGroup: [
    {
      filter: [
        {
          pattern: "PUSH",
          type: "EVENT",
        },
        {
          pattern: "master",
          type: "BASE_REF",
        },
      ],
    },
  ],
  projectName: "${aws_codebuild_project.example.name}",
});

GitHub Enterprise

When working with GitHub Enterprise source CodeBuild webhooks, the GHE repository webhook must be separately managed (e.g., manually or with the githubRepositoryWebhook resource).

More information creating webhooks with GitHub Enterprise can be found in the CodeBuild User Guide.

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
import * as github from "./.gen/providers/github";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: github.
For a more precise conversion please use the --provider flag in convert.*/
const awsCodebuildWebhookExample = new aws.codebuildWebhook.CodebuildWebhook(
  this,
  "example",
  {
    projectName: "${aws_codebuild_project.example.name}",
  }
);
const githubRepositoryWebhookExample =
  new github.repositoryWebhook.RepositoryWebhook(this, "example_1", {
    active: true,
    configuration: [
      {
        content_type: "json",
        insecure_ssl: false,
        secret: awsCodebuildWebhookExample.secret,
        url: awsCodebuildWebhookExample.payloadUrl,
      },
    ],
    events: ["push"],
    name: "example",
    repository: "${github_repository.example.name}",
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
githubRepositoryWebhookExample.overrideLogicalId("example");

Argument Reference

The following arguments are supported:

  • projectName - (Required) The name of the build project.
  • buildType - (Optional) The type of build this webhook will trigger. Valid values for this parameter are: build, BUILD_BATCH.
  • branchFilter - (Optional) A regular expression used to determine which branches get built. Default is all branches are built. We recommend using filterGroup over branchFilter.
  • filterGroup - (Optional) Information about the webhook's trigger. Filter group blocks are documented below.

filterGroup supports the following:

  • filter - (Required) A webhook filter for the group. Filter blocks are documented below.

filter supports the following:

  • type - (Required) The webhook filter group's type. Valid values for this parameter are: event, BASE_REF, HEAD_REF, ACTOR_ACCOUNT_ID, FILE_PATH, COMMIT_MESSAGE. At least one filter group must specify event as its type.
  • pattern - (Required) For a filter that uses event type, a comma-separated string that specifies one event: push, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED, PULL_REQUEST_REOPENED. PULL_REQUEST_MERGED works with GitHub & GitHub Enterprise only. For a filter that uses any of the other filter types, a regular expression.
  • excludeMatchedPattern - (Optional) If set to true, the specified filter does not trigger a build. Defaults to false.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • id - The name of the build project.
  • payloadUrl - The CodeBuild endpoint where webhook events are sent.
  • secret - The secret token of the associated repository. Not returned by the CodeBuild API for all source types.
  • url - The URL to the webhook.

\~> Note: The secret attribute is only set on resource creation, so if the secret is manually rotated, terraform will not pick up the change on subsequent runs. In that case, the webhook resource should be tainted and re-created to get the secret back in sync.

Import

CodeBuild Webhooks can be imported using the CodeBuild Project name, e.g.,

$ terraform import aws_codebuild_webhook.example MyProjectName