AWS CodeBuild error on DOWNLOAD_SOURCE: CLIENT_ERROR: repository not found for primary source and source version
Your problem is the specification of the source:
source {
type = "CODECOMMIT"
location = "mycompany-devops-us-east-1"
Here's the Amazon documentation for the source, what's relevant with some emphasis:
For source code in an AWS CodeCommit repository, the HTTPS clone URL to the repository that contains the source code and the build spec (for example, https://git-codecommit.region-ID.amazonaws.com/v1/repos/repo-name ).
In your case, that is probably something like this, using the 'clone url' found in the codecommit console:
https://git-codecommit.us-east-1.amazonaws.com/v1/repos/mycompany-devops-us-east-1
I ran into this while using a private github repository source. In my case I gave the URL, not the clone link to github, so the problem was very similar:
bad: https://github.com/privaterepo/reponame
good: https://github.com/privaterepo/reponame.git
Liam Maughan
Updated on July 20, 2022Comments
-
Liam Maughan almost 2 years
I'm trying to create a CodeBuild project using Terraform, but when I build I'm getting the following error on the DOWNLOAD_SOURCE step:
CLIENT_ERROR: repository not found for primary source and source version
This project uses a CodeCommit repository as the source. It's odd because all of the links to the repository from the CodeCommit console GUI work fine for this build - I can see the commits, click on the link and get to the CodeCommit repo, etc so the Source setup seems to be fine. The policy used for the build has "codecommit:GitPull" permissions on the repository.
Strangely, if I go to the build in the console and uncheck the "Allow AWS CodeBuild to modify this service role so it can be used with this build project" checkbox then Update Sources, the build will work! But I can't find any way to set this from Terraform, and it will default back on if you go back to the Update Sources screen.
Here is the Terraform code I'm using to create the build.
# IAM role for CodeBuild resource "aws_iam_role" "codebuild_myapp_build_role" { name = "mycompany-codebuild-myapp-build-service-role" description = "Managed by Terraform" path = "/service-role/" assume_role_policy = <<EOF { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "codebuild.amazonaws.com" }, "Action": "sts:AssumeRole" } ] } EOF } # IAM policy for the CodeBuild role resource "aws_iam_policy" "codebuild_myapp_build_policy" { name = "mycompany-codebuild-policy-myapp-build-us-east-1" description = "Managed by Terraform" policy = <<POLICY { "Version": "2012-10-17", "Statement": [ { "Action": [ "ecr:BatchCheckLayerAvailability", "ecr:CompleteLayerUpload", "ecr:GetAuthorizationToken", "ecr:InitiateLayerUpload", "ecr:PutImage", "ecr:UploadLayerPart" ], "Resource": "*", "Effect": "Allow" }, { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "s3:PutObject", "s3:GetObject", "logs:CreateLogStream", "codecommit:GitPull", "logs:PutLogEvents", "s3:GetObjectVersion" ], "Resource": [ "arn:aws:logs:us-east-1:000000000000:log-group:/aws/codebuild/myapp-build", "arn:aws:logs:us-east-1:000000000000:log-group:/aws/codebuild/myapp-build:*", "arn:aws:s3:::codepipeline-us-east-1-*", "arn:aws:codecommit:us-east-1:000000000000:mycompany-devops-us-east-1" ] }, { "Sid": "VisualEditor1", "Effect": "Allow", "Action": "logs:CreateLogGroup", "Resource": [ "arn:aws:logs:us-east-1:000000000000:log-group:/aws/codebuild/myapp-build", "arn:aws:logs:us-east-1:000000000000:log-group:/aws/codebuild/myapp-build:*" ] } ] } POLICY } # attach the policy resource "aws_iam_role_policy_attachment" "codebuild_myapp_build_policy_att" { role = "${aws_iam_role.codebuild_myapp_build_role.name}" policy_arn = "${aws_iam_policy.codebuild_myapp_build_policy.arn}" } # codebuild project resource "aws_codebuild_project" "codebuild_myapp_build" { name = "myapp-build" build_timeout = "60" service_role = "${aws_iam_role.codebuild_myapp_build_role.arn}" artifacts { type = "NO_ARTIFACTS" } environment { compute_type = "BUILD_GENERAL1_SMALL" image = "aws/codebuild/docker:17.09.0" type = "LINUX_CONTAINER" privileged_mode = "true" environment_variable { "name" = "AWS_DEFAULT_REGION" "value" = "us-east-1" } environment_variable { "name" = "AWS_ACCOUNT_ID" "value" = "000000000000" } environment_variable { "name" = "IMAGE_REPO_NAME" "value" = "myapp-build" } environment_variable { "name" = "IMAGE_TAG" "value" = "latest" } environment_variable { "name" = "DOCKERFILE_PATH" "value" = "docker/codebuild/myapp_build_agent" } } source { type = "CODECOMMIT" location = "mycompany-devops-us-east-1" git_clone_depth = "1" buildspec = "docker/myapp/myapp_build/buildspec.yml" } tags { Name = "myapp-build" Environment = "${var.env_name}" Region = "${var.aws_region}" ResourceType = "CodeBuild Project" ManagedBy = "Terraform" } }
-
Liam Maughan about 5 yearsThis worked, thank you. Side question but any idea why the "Allow AWS CodeBuild to modify this service role so it can be used with this build project" checkbox is checked by default in the AWS console? I'd prefer to just define everything via Terraform and avoid the role getting updated with new policies by accident.
-
James Green almost 3 yearsThis worked for me, however any idea how to get code build to look at a specific branch rather than main/master?