Add CodePipeline GitHub version 2 source action support

[datfinesoul]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Could you add support for AWS CodePipeline GitHub version 2 source action support?
https://docs.aws.amazon.com/codepipeline/latest/userguide/update-github-action-connections.html

Per AWS, this is now the recommended way to connect to GitHub over version 1.

The GitHub version 2 action uses Github app-based auth backed by a CodeStarSourceConnection resource. It installs an AWS CodeStar Connections application into your GitHub organization so that you can manage access in GitHub.

New or Affected Resource(s)

• aws_codepipeline

Potential Terraform Configuration

resource "aws_codepipeline" "codepipeline" {
  name     = "tf-test-pipeline"
  role_arn = aws_iam_role.codepipeline_role.arn

  artifact_store {
    location = aws_s3_bucket.codepipeline_bucket.bucket
    type     = "S3"

    encryption_key {
      id   = data.aws_kms_alias.s3kmskey.arn
      type = "KMS"
    }
  }

  stage {
    name = "Source"

    action {
      name             = "Source"
      category         = "Source"
      owner            = "AWS"
      provider         = "CodeStarSourceConnection"
      version          = "1"
      output_artifacts = ["source_output"]
      runOrder         = "1"

      configuration = {
        BranchName = "main"
        FullRepositoryId = "orgname/reponame"
        ConnectionArn = "arn:aws:codestar-connections:us-east-1:000000000000:connection/fa8ca959-2214-4660-bd1a-bc96eb26708c"
        OutputArtifactFormat = "CODE_ZIP"
      }
    }
  }
}

References

• https://docs.aws.amazon.com/codepipeline/latest/userguide/update-github-action-connections.html
• https://docs.github.com/en/free-pro-team@latest/developers/apps/differences-between-github-apps-and-oauth-apps

[nc-wittj]

Does this require anything on the provider side? I've been using it successfully for a couple weeks now. FWIW, I'm using the default KMS encryption key.

Here's my configuration:

  stage {
    name = "Source"

    action {
      name             = "Source"
      category         = "Source"
      owner            = "AWS"
      provider         = "CodeStarSourceConnection"
      version          = "1"
      output_artifacts = []

      configuration = {
        ConnectionArn        = var.codestar_connection_arn
        FullRepositoryId     = "${var.github_organization}/${var.github_repository}"
        BranchName           = var.github_branch
        OutputArtifactFormat = "CODE_ZIP"
      }
    }
  }

[dansd]

For this I think you would need to create the CodeStar Resource and then link it to CodePipeline. It's in the works:
PR: #15990
Also see the related issues in the PR.

[fatbasstard]

Can confirm the code provided by @nc-wittj works. With the new codestar connection also added to the latest version this setup works like a charm.

(Too bad you still have to manually "approve" the connection)

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!