From 0544d6bb5ddf99835b3713283fd3ffef71c1528a Mon Sep 17 00:00:00 2001 From: Tom Jenkinson Date: Mon, 21 Dec 2020 16:03:06 +0000 Subject: [PATCH 01/11] use codebuild batch iam permissions when `executeBatchBuild: true` --- .../aws-codepipeline-actions/lib/codebuild/build-action.ts | 4 ++-- ....pipeline-code-build-multiple-inputs-outputs.expected.json | 4 +++- .../test/integ.pipeline-code-build-multiple-inputs-outputs.ts | 1 + 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/packages/@aws-cdk/aws-codepipeline-actions/lib/codebuild/build-action.ts b/packages/@aws-cdk/aws-codepipeline-actions/lib/codebuild/build-action.ts index e81095b746eee..ba1d1df38c453 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/lib/codebuild/build-action.ts +++ b/packages/@aws-cdk/aws-codepipeline-actions/lib/codebuild/build-action.ts @@ -139,8 +139,8 @@ export class CodeBuildAction extends Action { resources: [this.props.project.projectArn], actions: [ 'codebuild:BatchGetBuilds', - 'codebuild:StartBuild', - 'codebuild:StopBuild', + `codebuild:${this.props.executeBatchBuild ? 'StartBuildBatch' : 'StartBuild'}`, + `codebuild:${this.props.executeBatchBuild ? 'StopBuildBatch' : 'StopBuild'}`, ], })); diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.expected.json index ce11844d4a671..d0b09538fb84a 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.expected.json @@ -226,7 +226,9 @@ "Action": [ "codebuild:BatchGetBuilds", "codebuild:StartBuild", - "codebuild:StopBuild" + "codebuild:StopBuild", + "codebuild:StartBuildBatch", + "codebuild:StopBuildBatch" ], "Effect": "Allow", "Resource": { diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.ts b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.ts index c09c1a3328545..b73eaa0e58e6f 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.ts +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.ts @@ -65,6 +65,7 @@ const testAction = new cpactions.CodeBuildAction({ type: cpactions.CodeBuildActionType.TEST, actionName: 'Build2', project, + executeBatchBuild: true, input: source2Output, extraInputs: [ source1Output, From dbfaa2751635d3d75f3c017da56a84307b70d7a2 Mon Sep 17 00:00:00 2001 From: Tom Jenkinson Date: Mon, 21 Dec 2020 21:41:39 +0000 Subject: [PATCH 02/11] update expectation --- ...-build-multiple-inputs-outputs.expected.json | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.expected.json index d0b09538fb84a..b6453c3fd079b 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.expected.json @@ -226,7 +226,19 @@ "Action": [ "codebuild:BatchGetBuilds", "codebuild:StartBuild", - "codebuild:StopBuild", + "codebuild:StopBuild" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "MyBuildProject30DB9D6E", + "Arn" + ] + } + }, + { + "Action": [ + "codebuild:BatchGetBuilds", "codebuild:StartBuildBatch", "codebuild:StopBuildBatch" ], @@ -373,7 +385,8 @@ "ProjectName": { "Ref": "MyBuildProject30DB9D6E" }, - "PrimarySource": "Artifact_Source_Source2" + "PrimarySource": "Artifact_Source_Source2", + "BatchEnabled": true }, "InputArtifacts": [ { From 60ccaab899e074f9bf850404c701338981ba1b00 Mon Sep 17 00:00:00 2001 From: Tom Jenkinson Date: Mon, 21 Dec 2020 21:45:17 +0000 Subject: [PATCH 03/11] separate statements to deduplicate --- .../lib/codebuild/build-action.ts | 7 +++++++ ...ode-build-multiple-inputs-outputs.expected.json | 14 ++++++++++++-- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/packages/@aws-cdk/aws-codepipeline-actions/lib/codebuild/build-action.ts b/packages/@aws-cdk/aws-codepipeline-actions/lib/codebuild/build-action.ts index ba1d1df38c453..a9a945adfa11c 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/lib/codebuild/build-action.ts +++ b/packages/@aws-cdk/aws-codepipeline-actions/lib/codebuild/build-action.ts @@ -139,6 +139,13 @@ export class CodeBuildAction extends Action { resources: [this.props.project.projectArn], actions: [ 'codebuild:BatchGetBuilds', + ], + })); + // separate to the one above so that deduplication works nicely and the above statement + // is only added once + options.role.addToPolicy(new iam.PolicyStatement({ + resources: [this.props.project.projectArn], + actions: [ `codebuild:${this.props.executeBatchBuild ? 'StartBuildBatch' : 'StartBuild'}`, `codebuild:${this.props.executeBatchBuild ? 'StopBuildBatch' : 'StopBuild'}`, ], diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.expected.json index b6453c3fd079b..9ba612da25518 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.expected.json @@ -224,7 +224,18 @@ }, { "Action": [ - "codebuild:BatchGetBuilds", + "codebuild:BatchGetBuilds" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "MyBuildProject30DB9D6E", + "Arn" + ] + } + }, + { + "Action": [ "codebuild:StartBuild", "codebuild:StopBuild" ], @@ -238,7 +249,6 @@ }, { "Action": [ - "codebuild:BatchGetBuilds", "codebuild:StartBuildBatch", "codebuild:StopBuildBatch" ], From 373fd8dc6739eec6a8d4a6c3ecffa2f924268b47 Mon Sep 17 00:00:00 2001 From: Tom Jenkinson Date: Mon, 21 Dec 2020 22:22:11 +0000 Subject: [PATCH 04/11] update expectation --- ....pipeline-code-build-multiple-inputs-outputs.expected.json | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.expected.json index 9ba612da25518..15d8375409321 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.expected.json @@ -223,9 +223,7 @@ ] }, { - "Action": [ - "codebuild:BatchGetBuilds" - ], + "Action": "codebuild:BatchGetBuilds", "Effect": "Allow", "Resource": { "Fn::GetAtt": [ From 9575e8f15340ea51076c896ad736878330bbadaf Mon Sep 17 00:00:00 2001 From: Tom Jenkinson Date: Wed, 23 Dec 2020 21:38:13 +0000 Subject: [PATCH 05/11] Revert "update expectation" This reverts commit 373fd8dc6739eec6a8d4a6c3ecffa2f924268b47. --- ....pipeline-code-build-multiple-inputs-outputs.expected.json | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.expected.json index 15d8375409321..9ba612da25518 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.expected.json @@ -223,7 +223,9 @@ ] }, { - "Action": "codebuild:BatchGetBuilds", + "Action": [ + "codebuild:BatchGetBuilds" + ], "Effect": "Allow", "Resource": { "Fn::GetAtt": [ From ea7e0b2bb26cc8f6701423a026333f9c788c7302 Mon Sep 17 00:00:00 2001 From: Tom Jenkinson Date: Wed, 23 Dec 2020 21:38:16 +0000 Subject: [PATCH 06/11] Revert "separate statements to deduplicate" This reverts commit 60ccaab899e074f9bf850404c701338981ba1b00. --- .../lib/codebuild/build-action.ts | 7 ------- ...ode-build-multiple-inputs-outputs.expected.json | 14 ++------------ 2 files changed, 2 insertions(+), 19 deletions(-) diff --git a/packages/@aws-cdk/aws-codepipeline-actions/lib/codebuild/build-action.ts b/packages/@aws-cdk/aws-codepipeline-actions/lib/codebuild/build-action.ts index a9a945adfa11c..ba1d1df38c453 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/lib/codebuild/build-action.ts +++ b/packages/@aws-cdk/aws-codepipeline-actions/lib/codebuild/build-action.ts @@ -139,13 +139,6 @@ export class CodeBuildAction extends Action { resources: [this.props.project.projectArn], actions: [ 'codebuild:BatchGetBuilds', - ], - })); - // separate to the one above so that deduplication works nicely and the above statement - // is only added once - options.role.addToPolicy(new iam.PolicyStatement({ - resources: [this.props.project.projectArn], - actions: [ `codebuild:${this.props.executeBatchBuild ? 'StartBuildBatch' : 'StartBuild'}`, `codebuild:${this.props.executeBatchBuild ? 'StopBuildBatch' : 'StopBuild'}`, ], diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.expected.json index 9ba612da25518..b6453c3fd079b 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.expected.json @@ -224,18 +224,7 @@ }, { "Action": [ - "codebuild:BatchGetBuilds" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "MyBuildProject30DB9D6E", - "Arn" - ] - } - }, - { - "Action": [ + "codebuild:BatchGetBuilds", "codebuild:StartBuild", "codebuild:StopBuild" ], @@ -249,6 +238,7 @@ }, { "Action": [ + "codebuild:BatchGetBuilds", "codebuild:StartBuildBatch", "codebuild:StopBuildBatch" ], From 4f40f29662899f9af60660f57704a0b1e83801d6 Mon Sep 17 00:00:00 2001 From: Tom Jenkinson Date: Wed, 23 Dec 2020 21:38:22 +0000 Subject: [PATCH 07/11] Revert "update expectation" This reverts commit dbfaa2751635d3d75f3c017da56a84307b70d7a2. --- ...-build-multiple-inputs-outputs.expected.json | 17 ++--------------- 1 file changed, 2 insertions(+), 15 deletions(-) diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.expected.json index b6453c3fd079b..d0b09538fb84a 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.expected.json @@ -226,19 +226,7 @@ "Action": [ "codebuild:BatchGetBuilds", "codebuild:StartBuild", - "codebuild:StopBuild" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "MyBuildProject30DB9D6E", - "Arn" - ] - } - }, - { - "Action": [ - "codebuild:BatchGetBuilds", + "codebuild:StopBuild", "codebuild:StartBuildBatch", "codebuild:StopBuildBatch" ], @@ -385,8 +373,7 @@ "ProjectName": { "Ref": "MyBuildProject30DB9D6E" }, - "PrimarySource": "Artifact_Source_Source2", - "BatchEnabled": true + "PrimarySource": "Artifact_Source_Source2" }, "InputArtifacts": [ { From 8dcb2544c6b4aeacd1f7c125e82d2cfd05bb49ff Mon Sep 17 00:00:00 2001 From: Tom Jenkinson Date: Wed, 23 Dec 2020 21:47:01 +0000 Subject: [PATCH 08/11] revert changes to integ.pipeline-code-build-multiple-inputs-outputs --- ....pipeline-code-build-multiple-inputs-outputs.expected.json | 4 +--- .../test/integ.pipeline-code-build-multiple-inputs-outputs.ts | 1 - 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.expected.json index d0b09538fb84a..ce11844d4a671 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.expected.json @@ -226,9 +226,7 @@ "Action": [ "codebuild:BatchGetBuilds", "codebuild:StartBuild", - "codebuild:StopBuild", - "codebuild:StartBuildBatch", - "codebuild:StopBuildBatch" + "codebuild:StopBuild" ], "Effect": "Allow", "Resource": { diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.ts b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.ts index b73eaa0e58e6f..c09c1a3328545 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.ts +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.ts @@ -65,7 +65,6 @@ const testAction = new cpactions.CodeBuildAction({ type: cpactions.CodeBuildActionType.TEST, actionName: 'Build2', project, - executeBatchBuild: true, input: source2Output, extraInputs: [ source1Output, From 64ebc73f36232f50040bd6063e91cdc581c698bf Mon Sep 17 00:00:00 2001 From: Tom Jenkinson Date: Wed, 23 Dec 2020 21:47:18 +0000 Subject: [PATCH 09/11] add integ.pipeline-code-build-batch --- .../test/integ.pipeline-code-build-batch.json | 550 ++++++++++++++++++ .../test/integ.pipeline-code-build-batch.ts | 56 ++ 2 files changed, 606 insertions(+) create mode 100644 packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-batch.json create mode 100644 packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-batch.ts diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-batch.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-batch.json new file mode 100644 index 0000000000000..775960c97e46a --- /dev/null +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-batch.json @@ -0,0 +1,550 @@ +{ + "Resources": { + "MyRepoF4F48043": { + "Type": "AWS::CodeCommit::Repository", + "Properties": { + "RepositoryName": "MyIntegTestTempRepo" + } + }, + "MyRepoawscdkcodepipelinecodebuildmultipleinputsoutputsPipeline314D3A85EventRule9F75D675": { + "Type": "AWS::Events::Rule", + "Properties": { + "EventPattern": { + "source": [ + "aws.codecommit" + ], + "resources": [ + { + "Fn::GetAtt": [ + "MyRepoF4F48043", + "Arn" + ] + } + ], + "detail-type": [ + "CodeCommit Repository State Change" + ], + "detail": { + "event": [ + "referenceCreated", + "referenceUpdated" + ], + "referenceName": [ + "master" + ] + } + }, + "State": "ENABLED", + "Targets": [ + { + "Arn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":codepipeline:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":", + { + "Ref": "PipelineC660917D" + } + ] + ] + }, + "Id": "Target0", + "RoleArn": { + "Fn::GetAtt": [ + "PipelineEventsRole46BEEA7C", + "Arn" + ] + } + } + ] + } + }, + "MyBucketF68F3FF0": { + "Type": "AWS::S3::Bucket", + "Properties": { + "VersioningConfiguration": { + "Status": "Enabled" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "PipelineRoleD68726F7": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "codepipeline.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "PipelineRoleDefaultPolicyC7A05455": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:GetObject*", + "s3:GetBucket*", + "s3:List*", + "s3:DeleteObject*", + "s3:PutObject*", + "s3:Abort*" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "MyBucketF68F3FF0", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "MyBucketF68F3FF0", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + }, + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "PipelineRoleD68726F7", + "Arn" + ] + } + }, + { + "Action": [ + "codecommit:GetBranch", + "codecommit:GetCommit", + "codecommit:UploadArchive", + "codecommit:GetUploadArchiveStatus", + "codecommit:CancelUploadArchive" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "MyRepoF4F48043", + "Arn" + ] + } + }, + { + "Action": [ + "s3:GetObject*", + "s3:GetBucket*", + "s3:List*" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "MyBucketF68F3FF0", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "MyBucketF68F3FF0", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + }, + { + "Action": [ + "s3:DeleteObject*", + "s3:PutObject*", + "s3:Abort*" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "MyBucketF68F3FF0", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "MyBucketF68F3FF0", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + }, + { + "Action": [ + "codebuild:BatchGetBuilds", + "codebuild:StartBuildBatch", + "codebuild:StopBuildBatch" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "MyBuildProject30DB9D6E", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "PipelineRoleDefaultPolicyC7A05455", + "Roles": [ + { + "Ref": "PipelineRoleD68726F7" + } + ] + } + }, + "PipelineC660917D": { + "Type": "AWS::CodePipeline::Pipeline", + "Properties": { + "RoleArn": { + "Fn::GetAtt": [ + "PipelineRoleD68726F7", + "Arn" + ] + }, + "Stages": [ + { + "Actions": [ + { + "ActionTypeId": { + "Category": "Source", + "Owner": "AWS", + "Provider": "CodeCommit", + "Version": "1" + }, + "Configuration": { + "RepositoryName": { + "Fn::GetAtt": [ + "MyRepoF4F48043", + "Name" + ] + }, + "BranchName": "master", + "PollForSourceChanges": false + }, + "Name": "Source", + "OutputArtifacts": [ + { + "Name": "Artifact_Source_Source" + } + ], + "RoleArn": { + "Fn::GetAtt": [ + "PipelineRoleD68726F7", + "Arn" + ] + }, + "RunOrder": 1 + } + ], + "Name": "Source" + }, + { + "Actions": [ + { + "ActionTypeId": { + "Category": "Build", + "Owner": "AWS", + "Provider": "CodeBuild", + "Version": "1" + }, + "Configuration": { + "ProjectName": { + "Ref": "MyBuildProject30DB9D6E" + }, + "PrimarySource": "Artifact_Source_Source" + }, + "InputArtifacts": [ + { + "Name": "Artifact_Source_Source" + } + ], + "Name": "Build", + "RoleArn": { + "Fn::GetAtt": [ + "PipelineRoleD68726F7", + "Arn" + ] + }, + "RunOrder": 1 + } + ], + "Name": "Build" + } + ], + "ArtifactStore": { + "Location": { + "Ref": "MyBucketF68F3FF0" + }, + "Type": "S3" + } + }, + "DependsOn": [ + "PipelineRoleDefaultPolicyC7A05455", + "PipelineRoleD68726F7" + ] + }, + "PipelineEventsRole46BEEA7C": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "events.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "PipelineEventsRoleDefaultPolicyFF4FCCE0": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "codepipeline:StartPipelineExecution", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":codepipeline:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":", + { + "Ref": "PipelineC660917D" + } + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "PipelineEventsRoleDefaultPolicyFF4FCCE0", + "Roles": [ + { + "Ref": "PipelineEventsRole46BEEA7C" + } + ] + } + }, + "MyBuildProjectRole6B7E2258": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "codebuild.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "MyBuildProjectRoleDefaultPolicy5604AA87": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", + { + "Ref": "MyBuildProject30DB9D6E" + } + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:/aws/codebuild/", + { + "Ref": "MyBuildProject30DB9D6E" + }, + ":*" + ] + ] + } + ] + }, + { + "Action": [ + "s3:GetObject*", + "s3:GetBucket*", + "s3:List*", + "s3:DeleteObject*", + "s3:PutObject*", + "s3:Abort*" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "MyBucketF68F3FF0", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "MyBucketF68F3FF0", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "MyBuildProjectRoleDefaultPolicy5604AA87", + "Roles": [ + { + "Ref": "MyBuildProjectRole6B7E2258" + } + ] + } + }, + "MyBuildProject30DB9D6E": { + "Type": "AWS::CodeBuild::Project", + "Properties": { + "Artifacts": { + "Type": "CODEPIPELINE" + }, + "Environment": { + "ComputeType": "BUILD_GENERAL1_SMALL", + "Image": "aws/codebuild/standard:1.0", + "ImagePullCredentialsType": "CODEBUILD", + "PrivilegedMode": false, + "Type": "LINUX_CONTAINER" + }, + "ServiceRole": { + "Fn::GetAtt": [ + "MyBuildProjectRole6B7E2258", + "Arn" + ] + }, + "Source": { + "Type": "CODEPIPELINE" + }, + "EncryptionKey": "alias/aws/s3" + } + } + } +} diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-batch.ts b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-batch.ts new file mode 100644 index 0000000000000..d5fe1b2fb9b2f --- /dev/null +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-batch.ts @@ -0,0 +1,56 @@ +import * as codebuild from '@aws-cdk/aws-codebuild'; +import * as codecommit from '@aws-cdk/aws-codecommit'; +import * as codepipeline from '@aws-cdk/aws-codepipeline'; +import * as s3 from '@aws-cdk/aws-s3'; +import * as cdk from '@aws-cdk/core'; +import * as cpactions from '../lib'; + +const app = new cdk.App(); + +const stack = new cdk.Stack(app, 'aws-cdk-codepipeline-codebuild-batch'); + +const repository = new codecommit.Repository(stack, 'MyRepo', { + repositoryName: 'MyIntegTestTempRepo', +}); +const bucket = new s3.Bucket(stack, 'MyBucket', { + versioned: true, + removalPolicy: cdk.RemovalPolicy.DESTROY, +}); + +const pipeline = new codepipeline.Pipeline(stack, 'Pipeline', { + artifactBucket: bucket, +}); +const pipelineRole = pipeline.role; + +const sourceOutput = new codepipeline.Artifact(); +const sourceAction = new cpactions.CodeCommitSourceAction({ + actionName: 'Source', + repository, + output: sourceOutput, + role: pipelineRole, +}); +pipeline.addStage({ + stageName: 'Source', + actions: [ + sourceAction, + ], +}); + +const project = new codebuild.PipelineProject(stack, 'MyBuildProject', { + grantReportGroupPermissions: false, +}); +const buildAction = new cpactions.CodeBuildAction({ + actionName: 'Build', + project, + executeBatchBuild: true, + input: sourceOutput, + role: pipelineRole, +}); +pipeline.addStage({ + stageName: 'Build', + actions: [ + buildAction, + ], +}); + +app.synth(); From df321ab8fa8c3fdf45dc0601d4895d91325c7ea3 Mon Sep 17 00:00:00 2001 From: Tom Jenkinson Date: Wed, 23 Dec 2020 22:33:11 +0000 Subject: [PATCH 10/11] fix file name --- ...d-batch.json => integ.pipeline-code-build-batch.expected.json} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename packages/@aws-cdk/aws-codepipeline-actions/test/{integ.pipeline-code-build-batch.json => integ.pipeline-code-build-batch.expected.json} (100%) diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-batch.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-batch.expected.json similarity index 100% rename from packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-batch.json rename to packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-batch.expected.json From 8a8cd7d87abb4968539c9f3bc3e6ba7a78394999 Mon Sep 17 00:00:00 2001 From: Tom Jenkinson Date: Wed, 23 Dec 2020 22:53:52 +0000 Subject: [PATCH 11/11] update expectation --- ...eg.pipeline-code-build-batch.expected.json | 69 +------------------ 1 file changed, 3 insertions(+), 66 deletions(-) diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-batch.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-batch.expected.json index 775960c97e46a..d489a5712eeba 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-batch.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-batch.expected.json @@ -6,7 +6,7 @@ "RepositoryName": "MyIntegTestTempRepo" } }, - "MyRepoawscdkcodepipelinecodebuildmultipleinputsoutputsPipeline314D3A85EventRule9F75D675": { + "MyRepoawscdkcodepipelinecodebuildbatchPipeline674F06D4EventRuleD3DE52E7": { "Type": "AWS::Events::Rule", "Properties": { "EventPattern": { @@ -162,66 +162,6 @@ ] } }, - { - "Action": [ - "s3:GetObject*", - "s3:GetBucket*", - "s3:List*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "MyBucketF68F3FF0", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "MyBucketF68F3FF0", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "s3:DeleteObject*", - "s3:PutObject*", - "s3:Abort*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "MyBucketF68F3FF0", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "MyBucketF68F3FF0", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, { "Action": [ "codebuild:BatchGetBuilds", @@ -306,7 +246,7 @@ "ProjectName": { "Ref": "MyBuildProject30DB9D6E" }, - "PrimarySource": "Artifact_Source_Source" + "BatchEnabled": "true" }, "InputArtifacts": [ { @@ -481,10 +421,7 @@ "Action": [ "s3:GetObject*", "s3:GetBucket*", - "s3:List*", - "s3:DeleteObject*", - "s3:PutObject*", - "s3:Abort*" + "s3:List*" ], "Effect": "Allow", "Resource": [