Is there a way to get the commit hash from inside an AWS CodeBuild build step? I tried using the CODEBUILD_RESOLVED_SOURCE_VERSION but it returns the IaC repo's Commit Id instead of the source repo's.

I know there is a way to get it if you have the execution id:

aws codepipeline get-pipeline-execution --pipeline-name my-pipeline --pipeline-execution-id e550c757-434a-4c94-8e2e-5122ca14d861

However I don't have the pipeline-execution-id either. I only have the CODEBUILD_BUILD_ID.

Found a solution that works for me:

PIPELINE_EXECUTION_ID=$(aws codepipeline get-pipeline-state --region ${AWS_REGION} --name my-pipeline --query 'stageStates[?actionStates[?latestExecution.externalExecutionId==`'${CODEBUILD_BUILD_ID}'`]].latestExecution.pipelineExecutionId' --output text)
SOURCE_REPO_COMMIT_HASH=$(aws codepipeline get-pipeline-execution --pipeline-name my-pipeline --pipeline-execution-id $PIPELINE_EXECUTION_ID --query "pipelineExecution.artifactRevisions[?name=='src'].revisionId" --output text)

You might need to change "src" in artifactRevisions[?name=='src'] to whatever value is valid for you project.

From @IfTrue's comment below:

Sidenote for other readers: the portion sashoalm mentions that might need changed ('src') is the name of the Output Artifact in the "action group" inside of the "stage" in your CodePipeline where it watches for the CodeCommit change. Also this part of the AWS docs explains the magic behind the query: docs.aws.amazon.com/cli/latest/reference/codepipeline/… – IfTrue

If you're using CodePipeline, an alternative to using the CLI to query would be to access namespaced variables from previous stages.

1. Edit the pipeline stage that you would like to expose variables from. Give a value to namespace. That will allow you to reference exposed variables from that stage. For this example, let's say I have a stage called Source and I name my namespace GitVariables. Variables seem pretty consistent if you're using GitHub, GitLab, CodeCommit, or sources.
2. Edit the pipeline stage that calls CodeBuild to add an environment variable that references the namespaced variable exposed in step #1. For example, if I want to expose an environment variable to CodeBuild called GIT_COMMIT_ID, I would use the following:

When the pipeline runs, an environment variable will be added to CodeBuild execution called GIT_COMMIT_ID.

To retrieve the Git Commit message in CodeBuild when CodeBuild is run as part of CodePipeline stage with Source GitHub/CodeCommit action invoked via webhook:

1. Make sure your CodeBuild project's service role has permission to do 'ListPipelineExecutions' on the Pipeline

2. Add the following in Buildspec 'Install' phase:

   apt-get install jq
   

3. Add the following in Buildspec where you need to get the commit message:

   COMMIT_MSG=$(aws codepipeline list-pipeline-executions  --pipeline-name <Pipeline_Name> --max-items 1 | jq -r '.pipelineExecutionSummaries[0].sourceRevisions[0].revisionSummary')
   
   echo $COMMIT_MSG
   

If you are not using AWS CodeBuild within AWS CodePipeline (e.g. you've set up a webbook to trigger your stand-alone CodeBuild project from GitHub):

The full commit hash id is passed to the CodeBuild execution and is accessible via the environmental variable CODEBUILD_RESOLVED_SOURCE_VERSION.

Other useful environmental variables that are available for this type of set up are:

• CODEBUILD_SOURCE_VERSION the GitHub PR number (e.g. 'pr/397')

• CODEBUILD_WEBHOOK_EVENT - the specific webbook event type e.g. PULL_REQUEST_CREATED or PULL_REQUEST_UPDATED ref: https://docs.aws.amazon.com/codebuild/latest/userguide/github-webhook.html

• CODEBUILD_WEBHOOK_HEAD_REF - the branch associated with the PR

• CODEBUILD_WEBHOOK_TRIGGER - the GitHub PR number (e.g. 'pr/397') seems duplicative of CODEBUILD_SOURCE_VERSION