feat(aws-codebuild): add enableBatchBuilds() to Project

[tjenkinson]

In order for a CodeBuild to run in batch mode, a batch service role is needed, as described here in the docs.

Batch builds introduce a new security role in the batch configuration. This new role is required as CodeBuild must be able to call the StartBuild, StopBuild, and RetryBuild actions on your behalf to run builds as part of a batch. Customers should use a new role, and not the same role they use in their build...

At first I thought lets add this by default, but then I realised when BatchConfiguration is set to something, in the aws console the default 'start build' button behaviour changes to start a batch build by default instead :/

So now this adds a new supportBatchBuildType option, which when true adds minimum amount of BatchConfiguration needed for batch builds to run.

I also updated the doc blocks for the webhook option and CodePipeline action option, because users of those also need to set this option. It would be nice to auto-enable this if a webhook or CodeBuild action is configured, but that sounds pretty complicated.

I'm not sure why anyone would need to customise this role, given it appears to only be used internally to do those 3 things, so this PR does not make it configurable. My thinking is that this could be added later if needed, but this PR just gets batch builds working.

In the future if people want control of the other BatchConfiguration options I was thinking these could be added and would require supportBatchBuildType to be true.

related: aws-cloudformation/cloudformation-coverage-roadmap#621

[gitpod-io]

[skinny85]

Thanks a lot for the contribution @tjenkinson !

May I suggest something? 🙂.

Your change currently says, "if you use webhookTriggersBatchBuild, you have to use supportBatchBuildType too". I would posit that that's actually backwards, and what you want is actually: "if you use webhookTriggersBatchBuild, CDK will make sure that that supportBatchBuildType is set!" 🙂.

Given that, I'd suggest the following changes:

1. Make the buildBatchConfig in the CfnProject be set with a Lazy (like encryptionKey is, for example).
2. Remove the supportBatchBuildType property from ProjectProps.
3. Add a method enableBatchBuilds(): BatchBuildConfig | undefined to IProject. It will return undefined for imported Projects, where this cannot be changed. For new Projects, it will create a new Role like you do today, and set the buildBatchConfig private property of the L1 so that the above Lazy can set it. BatchBuildConfig is a very simple new interface that only contains a role property. You should return the newly created Role there, so that customers can update it if necessary. The new method also gives us flexibility in adding an optional role argument to it in the future.
4. In the ThirdPartyGitSource, if webhookTriggersBatchBuild was set to true, call the enableBatchBuilds() method on the IProject instance it gets in bind().
5. Similarly in CodeBuildAction: if executeBatchBuild was set to true, call the enableBatchBuilds() method on the IProject it gets in the properties.

Let me know if this description is clear, or if you need any help implementing it!

[tjenkinson]

Makes sense to me. Will update.

Pull request has been modified.

[tjenkinson]

@skinny85 updated.

I left the supportBatchBuildType option in for now because I think it's something you also might want to enable for triggering a build manually? Otherwise you'd need to construct the project and then immediately call enableBatchBuilds().

Also I made the batchRole a public readonly property because this is then inline with the existing role property, and because of that thought enableBatchBuilds() didn't really need to return anything.

Thoughts?

Finally I updated the action integration test and added a new integration test for a batch webhook trigger.

[skinny85]

Looks great @tjenkinson ! Some minor comments below. I see where you're coming from, but I have reasons to stay with the design I've initially proposed - I've explained them in the review comments. Hope you agree!

Pull request has been modified.

[tjenkinson]

@skinny85 I named this this instead of BatchBuildConfig because I didn't want it to get confused with the actual buildBatchConfig in L1

[skinny85]

Meh. The type on the L1 level is called ProjectBuildBatchConfigProperty, so I'm not too worried about this one being called BatchBuildConfig.

The name is not a coincidence - it's actually a convention we use for return types (see examples [1], [2]).

A name ending in Return seems a little weird given that, so if you could change it, I would appreciate it 🙂.

[tjenkinson]

No problem will update then. Thanks for the examples

[skinny85]

Looks great @tjenkinson ! One more rename to go, and some clarifying questions. But this will be shipped very soon!

[skinny85]

Meh. The type on the L1 level is called ProjectBuildBatchConfigProperty, so I'm not too worried about this one being called BatchBuildConfig.

The name is not a coincidence - it's actually a convention we use for return types (see examples [1], [2]).

A name ending in Return seems a little weird given that, so if you could change it, I would appreciate it 🙂.

[skinny85]

Don't we need some batch permissions here? Like this? https://github.com/aws/aws-cdk/pull/12181/files?file-filters%5B%5D=.ts#diff-7902b8e1bfd8571028c1c97116a58c4f6e090f92d7df3490e16e12defbfa2fab

[tjenkinson]

I don't think so. The docs don't mention it and it worked when I tested this in a different account.

Think this is so that internally non batch builds can be triggered as part of a batch. Don't think a batch can trigger another batch?

Pull request has been modified.

[skinny85]

Thanks so much for the contribution and working on the PR iterations @tjenkinson!

[tjenkinson]

No problem thanks for the help! Hopefully this is the last PR we need to get batch builds working 🤞

[mergify]

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
• Commit ID: 339e0ea
• Result: SUCCEEDED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[mergify]

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).