98 types
This package contains Actions that can be used in a CodePipeline.
require 'aws-cdk-lib'
To use a CodeCommit Repository in a CodePipeline:
repo = AWSCDK::Codecommit::Repository.new(self, "Repo", {
repository_name: "MyRepo",
})
pipeline = AWSCDK::Codepipeline::Pipeline.new(self, "MyPipeline", {
pipeline_name: "MyPipeline",
})
source_output = AWSCDK::Codepipeline::Artifact.new
source_action = AWSCDK::CodePipelineActions::CodeCommitSourceAction.new({
action_name: "CodeCommit",
repository: repo,
output: source_output,
})
pipeline.add_stage({
stage_name: "Source",
actions: [source_action],
})
If you want to use existing role which can be used by on commit event rule. You can specify the role object in eventRole property.
repo = nil # AWSCDK::Codecommit::Repository
event_role = AWSCDK::IAM::Role.from_role_arn(self, "Event-role", "roleArn")
source_action = AWSCDK::CodePipelineActions::CodeCommitSourceAction.new({
action_name: "CodeCommit",
repository: repo,
output: AWSCDK::Codepipeline::Artifact.new,
event_role: event_role,
})
If you want to clone the entire CodeCommit repository (only available for CodeBuild actions),
you can set the code_build_clone_output property to true:
project = nil # AWSCDK::CodeBuild::PipelineProject
repo = nil # AWSCDK::Codecommit::Repository
source_output = AWSCDK::Codepipeline::Artifact.new
source_action = AWSCDK::CodePipelineActions::CodeCommitSourceAction.new({
action_name: "CodeCommit",
repository: repo,
output: source_output,
code_build_clone_output: true,
})
build_action = AWSCDK::CodePipelineActions::CodeBuildAction.new({
action_name: "CodeBuild",
project: project,
input: source_output,
# The build action must use the CodeCommitSourceAction output as input.
outputs: [AWSCDK::Codepipeline::Artifact.new],
})
The CodeCommit source action emits variables:
project = nil # AWSCDK::CodeBuild::PipelineProject
repo = nil # AWSCDK::Codecommit::Repository
source_output = AWSCDK::Codepipeline::Artifact.new
source_action = AWSCDK::CodePipelineActions::CodeCommitSourceAction.new({
action_name: "CodeCommit",
repository: repo,
output: source_output,
variables_namespace: "MyNamespace",
})
# later:
AWSCDK::CodePipelineActions::CodeBuildAction.new({
action_name: "CodeBuild",
project: project,
input: source_output,
environment_variables: {
COMMIT_ID: {
value: source_action.variables[:commit_id],
},
},
})
If you want to use a custom event for your CodeCommitSourceAction, you can pass in
a custom_event_rule which needs an event pattern (see here) and an IRuleTarget (see here)
repo = nil # AWSCDK::Codecommit::Repository
lambda_function = nil # AWSCDK::Lambda::Function
event_pattern = {
"detail-type" => ["CodeCommit Repository State Change"],
"resources" => ["foo"],
"source" => ["aws.codecommit"],
"detail" => {
reference_type: ["branch"],
event: ["referenceCreated", "referenceUpdated"],
reference_name: ["master"],
},
}
source_output = AWSCDK::Codepipeline::Artifact.new
source_action = AWSCDK::CodePipelineActions::CodeCommitSourceAction.new({
action_name: "CodeCommit",
repository: repo,
output: source_output,
custom_event_rule: {
event_pattern: event_pattern,
target: AWSCDK::EventsTargets::LambdaFunction.new(lambda_function),
},
})
If you want to use a GitHub repository as the source, you must create:
my-github-token).
This token can be stored either as Plaintext or as a Secret key/value.
If you stored the token as Plaintext,
set SecretValue.secretsManager('my-github-token') as the value of oauth_token.
If you stored it as a Secret key/value,
you must set SecretValue.secretsManager('my-github-token', { jsonField : 'my-github-token' }) as the value of oauth_token.To use GitHub as the source of a CodePipeline:
# Read the secret from Secrets Manager
pipeline = AWSCDK::Codepipeline::Pipeline.new(self, "MyPipeline")
source_output = AWSCDK::Codepipeline::Artifact.new
source_action = AWSCDK::CodePipelineActions::GitHubSourceAction.new({
action_name: "GitHub_Source",
owner: "awslabs",
repo: "aws-cdk",
oauth_token: AWSCDK::SecretValue.secrets_manager("my-github-token"),
output: source_output,
branch: "develop",
})
pipeline.add_stage({
stage_name: "Source",
actions: [source_action],
})
The GitHub source action emits variables:
source_output = nil # AWSCDK::Codepipeline::Artifact
project = nil # AWSCDK::CodeBuild::PipelineProject
source_action = AWSCDK::CodePipelineActions::GitHubSourceAction.new({
action_name: "Github_Source",
output: source_output,
owner: "my-owner",
repo: "my-repo",
oauth_token: AWSCDK::SecretValue.secrets_manager("my-github-token"),
variables_namespace: "MyNamespace",
})
# later:
AWSCDK::CodePipelineActions::CodeBuildAction.new({
action_name: "CodeBuild",
project: project,
input: source_output,
environment_variables: {
COMMIT_URL: {
value: source_action.variables[:commit_url],
},
},
})
CodePipeline can use a BitBucket Git repository as a source:
Note: you have to manually connect CodePipeline through the AWS Console with your BitBucket account.
This is a one-time operation for a given AWS account in a given region.
The simplest way to do that is to either start creating a new CodePipeline,
or edit an existing one, while being logged in to BitBucket.
Choose BitBucket as the source,
and grant CodePipeline permissions to your BitBucket account.
Copy & paste the Connection ARN that you get in the console,
or use the codestar-connections list-connections AWS CLI operation
to find it.
After that, you can safely abort creating or editing the pipeline -
the connection has already been created.
source_output = AWSCDK::Codepipeline::Artifact.new
source_action = AWSCDK::CodePipelineActions::CodeStarConnectionsSourceAction.new({
action_name: "BitBucket_Source",
owner: "aws",
repo: "aws-cdk",
output: source_output,
connection_arn: "arn:aws:codestar-connections:us-east-1:123456789012:connection/12345678-abcd-12ab-34cdef5678gh",
})
You can also use the CodeStarConnectionsSourceAction to connect to GitHub, in the same way
(you just have to select GitHub as the source when creating the connection in the console).
Similarly to GitHubSourceAction, CodeStarConnectionsSourceAction also emits the variables:
project = nil # AWSCDK::CodeBuild::Project
source_output = AWSCDK::Codepipeline::Artifact.new
source_action = AWSCDK::CodePipelineActions::CodeStarConnectionsSourceAction.new({
action_name: "BitBucket_Source",
owner: "aws",
repo: "aws-cdk",
output: source_output,
connection_arn: "arn:aws:codestar-connections:us-east-1:123456789012:connection/12345678-abcd-12ab-34cdef5678gh",
variables_namespace: "SomeSpace",
})
# later:
AWSCDK::CodePipelineActions::CodeBuildAction.new({
action_name: "CodeBuild",
project: project,
input: source_output,
environment_variables: {
COMMIT_ID: {
value: source_action.variables[:commit_id],
},
},
})
To use an S3 Bucket as a source in CodePipeline:
source_bucket = AWSCDK::S3::Bucket.new(self, "MyBucket", {
versioned: true,
})
pipeline = AWSCDK::Codepipeline::Pipeline.new(self, "MyPipeline")
source_output = AWSCDK::Codepipeline::Artifact.new
source_action = AWSCDK::CodePipelineActions::S3SourceAction.new({
action_name: "S3Source",
bucket: source_bucket,
bucket_key: "path/to/file.zip",
output: source_output,
})
pipeline.add_stage({
stage_name: "Source",
actions: [source_action],
})
The region of the action will be determined by the region the bucket itself is in. When using a newly created bucket, that region will be taken from the stack the bucket belongs to; for an imported bucket, you can specify the region explicitly:
source_bucket = AWSCDK::S3::Bucket.from_bucket_attributes(self, "SourceBucket", {
bucket_name: "amzn-s3-demo-bucket",
region: "ap-southeast-1",
})
By default, the Pipeline will poll the Bucket to detect changes.
You can change that behavior to use CloudWatch Events by setting the trigger
property to S3Trigger.EVENTS (it's S3Trigger.POLL by default).
If you do that, make sure the source Bucket is part of an AWS CloudTrail Trail -
otherwise, the CloudWatch Events will not be emitted,
and your Pipeline will not react to changes in the Bucket.
You can do it through the CDK:
require 'aws-cdk-lib'
source_bucket = nil # AWSCDK::S3::Bucket
source_output = AWSCDK::Codepipeline::Artifact.new
key = "some/key.zip"
trail = AWSCDK::CloudTrail::Trail.new(self, "CloudTrail")
trail.add_s3_event_selector([
{
bucket: source_bucket,
object_prefix: key,
},
], {
read_write_type: AWSCDK::CloudTrail::ReadWriteType::WRITE_ONLY,
})
source_action = AWSCDK::CodePipelineActions::S3SourceAction.new({
action_name: "S3Source",
bucket_key: key,
bucket: source_bucket,
output: source_output,
trigger: AWSCDK::CodePipelineActions::S3Trigger::EVENTS,
})
The S3 source action emits variables:
source_bucket = nil # AWSCDK::S3::Bucket
# later:
project = nil # AWSCDK::CodeBuild::PipelineProject
key = "some/key.zip"
source_output = AWSCDK::Codepipeline::Artifact.new
source_action = AWSCDK::CodePipelineActions::S3SourceAction.new({
action_name: "S3Source",
bucket_key: key,
bucket: source_bucket,
output: source_output,
variables_namespace: "MyNamespace",
})
AWSCDK::CodePipelineActions::CodeBuildAction.new({
action_name: "CodeBuild",
project: project,
input: source_output,
environment_variables: {
VERSION_ID: {
value: source_action.variables[:version_id],
},
},
})
To use an ECR Repository as a source in a Pipeline:
require 'aws-cdk-lib'
ecr_repository = nil # AWSCDK::ECR::Repository
pipeline = AWSCDK::Codepipeline::Pipeline.new(self, "MyPipeline")
source_output = AWSCDK::Codepipeline::Artifact.new
source_action = AWSCDK::CodePipelineActions::ECRSourceAction.new({
action_name: "ECR",
repository: ecr_repository,
image_tag: "some-tag",
# optional, default: 'latest'
output: source_output,
})
pipeline.add_stage({
stage_name: "Source",
actions: [source_action],
})
The ECR source action emits variables:
require 'aws-cdk-lib'
ecr_repository = nil # AWSCDK::ECR::Repository
# later:
project = nil # AWSCDK::CodeBuild::PipelineProject
source_output = AWSCDK::Codepipeline::Artifact.new
source_action = AWSCDK::CodePipelineActions::ECRSourceAction.new({
action_name: "Source",
output: source_output,
repository: ecr_repository,
variables_namespace: "MyNamespace",
})
AWSCDK::CodePipelineActions::CodeBuildAction.new({
action_name: "CodeBuild",
project: project,
input: source_output,
environment_variables: {
IMAGE_URI: {
value: source_action.variables[:image_uri],
},
},
})
Example of a CodeBuild Project used in a Pipeline, alongside CodeCommit:
project = nil # AWSCDK::CodeBuild::PipelineProject
repository = AWSCDK::Codecommit::Repository.new(self, "MyRepository", {
repository_name: "MyRepository",
})
project = AWSCDK::CodeBuild::PipelineProject.new(self, "MyProject")
source_output = AWSCDK::Codepipeline::Artifact.new
source_action = AWSCDK::CodePipelineActions::CodeCommitSourceAction.new({
action_name: "CodeCommit",
repository: repository,
output: source_output,
})
build_action = AWSCDK::CodePipelineActions::CodeBuildAction.new({
action_name: "CodeBuild",
project: project,
input: source_output,
outputs: [AWSCDK::Codepipeline::Artifact.new],
# optional
execute_batch_build: true,
# optional, defaults to false
combine_batch_build_artifacts: true,
})
AWSCDK::Codepipeline::Pipeline.new(self, "MyPipeline", {
stages: [
{
stage_name: "Source",
actions: [source_action],
},
{
stage_name: "Build",
actions: [build_action],
},
],
})
The default category of the CodeBuild Action is Build;
if you want a Test Action instead,
override the type property:
project = nil # AWSCDK::CodeBuild::PipelineProject
source_output = AWSCDK::Codepipeline::Artifact.new
test_action = AWSCDK::CodePipelineActions::CodeBuildAction.new({
action_name: "IntegrationTest",
project: project,
input: source_output,
type: AWSCDK::CodePipelineActions::CodeBuildActionType::TEST,
})
When you want to have multiple inputs and/or outputs for a Project used in a
Pipeline, instead of using the secondary_sources and secondary_artifacts
properties of the Project class, you need to use the extra_inputs and
outputs properties of the CodeBuild CodePipeline
Actions. Example:
repository1 = nil # AWSCDK::Codecommit::Repository
repository2 = nil # AWSCDK::Codecommit::Repository
project = nil # AWSCDK::CodeBuild::PipelineProject
source_output1 = AWSCDK::Codepipeline::Artifact.new
source_action1 = AWSCDK::CodePipelineActions::CodeCommitSourceAction.new({
action_name: "Source1",
repository: repository1,
output: source_output1,
})
source_output2 = AWSCDK::Codepipeline::Artifact.new("source2")
source_action2 = AWSCDK::CodePipelineActions::CodeCommitSourceAction.new({
action_name: "Source2",
repository: repository2,
output: source_output2,
})
build_action = AWSCDK::CodePipelineActions::CodeBuildAction.new({
action_name: "Build",
project: project,
input: source_output1,
extra_inputs: [
source_output2,
],
outputs: [
AWSCDK::Codepipeline::Artifact.new("artifact1"),
# for better buildspec readability - see below
AWSCDK::Codepipeline::Artifact.new("artifact2"),
],
})
Note: when a CodeBuild Action in a Pipeline has more than one output, it
only uses the secondary-artifacts field of the buildspec, never the
primary output specification directly under artifacts. Because of that, it
pays to explicitly name all output artifacts of that Action, like we did
above, so that you know what name to use in the buildspec.
Example buildspec for the above project:
project = AWSCDK::CodeBuild::PipelineProject.new(self, "MyProject", {
build_spec: AWSCDK::CodeBuild::BuildSpec.from_object({
version: "0.2",
phases: {
build: {
commands: [],
},
},
artifacts: {
"secondary-artifacts" => {
"artifact1" => {},
"artifact2" => {},
},
},
}),
})
The CodeBuild action emits variables. Unlike many other actions, the variables are not static, but dynamic, defined in the buildspec, in the 'exported-variables' subsection of the 'env' section. Example:
# later:
project = nil # AWSCDK::CodeBuild::PipelineProject
source_output = AWSCDK::Codepipeline::Artifact.new
build_action = AWSCDK::CodePipelineActions::CodeBuildAction.new({
action_name: "Build1",
input: source_output,
project: AWSCDK::CodeBuild::PipelineProject.new(self, "Project", {
build_spec: AWSCDK::CodeBuild::BuildSpec.from_object({
version: "0.2",
env: {
"exported-variables" => [
"MY_VAR",
],
},
phases: {
build: {
commands: "export MY_VAR=\"some value\"",
},
},
}),
}),
variables_namespace: "MyNamespace",
})
AWSCDK::CodePipelineActions::CodeBuildAction.new({
action_name: "CodeBuild",
project: project,
input: source_output,
environment_variables: {
MyVar: {
value: build_action.variable("MY_VAR"),
},
},
})
In order to use Jenkins Actions in the Pipeline,
you first need to create a JenkinsProvider:
jenkins_provider = AWSCDK::CodePipelineActions::JenkinsProvider.new(self, "JenkinsProvider", {
provider_name: "MyJenkinsProvider",
server_url: "http://my-jenkins.com:8080",
version: "2",
})
If you've registered a Jenkins provider in a different CDK app, or outside the CDK (in the CodePipeline AWS Console, for example), you can import it:
jenkins_provider = AWSCDK::CodePipelineActions::JenkinsProvider.from_jenkins_provider_attributes(self, "JenkinsProvider", {
provider_name: "MyJenkinsProvider",
server_url: "http://my-jenkins.com:8080",
version: "2",
})
Note that a Jenkins provider (identified by the provider name-category(build/test)-version tuple) must always be registered in the given account, in the given AWS region, before it can be used in CodePipeline.
With a JenkinsProvider,
we can create a Jenkins Action:
jenkins_provider = nil # AWSCDK::CodePipelineActions::JenkinsProvider
build_action = AWSCDK::CodePipelineActions::JenkinsAction.new({
action_name: "JenkinsBuild",
jenkins_provider: jenkins_provider,
project_name: "MyProject",
type: AWSCDK::CodePipelineActions::JenkinsActionType::BUILD,
})
This build action ECRBuildAndPublish allows you to automate building and pushing a new image when a change occurs in your source.
This action builds based on a specified Docker file location and pushes the image. This build action is not the same as the Amazon ECR source action in CodePipeline, which triggers pipeline when a change occurs in your Amazon ECR source repository.
For information about the ECRBuildAndPublish build action,
see ECRBuildAndPublish build action reference.
require 'aws-cdk-lib'
pipeline = nil # AWSCDK::Codepipeline::Pipeline
repository = nil # AWSCDK::ECR::IRepository
source_output = AWSCDK::Codepipeline::Artifact.new
# your source repository
source_action = AWSCDK::CodePipelineActions::CodeStarConnectionsSourceAction.new({
action_name: "CodeStarConnectionsSourceAction",
output: source_output,
connection_arn: "your-connection-arn",
owner: "your-owner",
repo: "your-repo",
})
build_action = AWSCDK::CodePipelineActions::ECRBuildAndPublishAction.new({
action_name: "EcrBuildAndPublishAction",
repository_name: repository.repository_name,
registry_type: AWSCDK::CodePipelineActions::RegistryType::PRIVATE,
dockerfile_directory_path: "./my-dir",
# The path indicates ./my-dir/Dockerfile in the source repository
image_tags: ["my-tag-1", "my-tag-2"],
input: source_output,
})
pipeline.add_stage({
stage_name: "Source",
actions: [source_action],
})
pipeline.add_stage({
stage_name: "Build",
actions: [build_action],
})
This module contains Actions that allows you to deploy to CloudFormation from AWS CodePipeline.
For example, the following code fragment defines a pipeline that automatically deploys a CloudFormation template directly from a CodeCommit repository, with a manual approval step in between to confirm the changes:
# Source stage: read from repository
repo = AWSCDK::Codecommit::Repository.new(stack, "TemplateRepo", {
repository_name: "template-repo",
})
source_output = AWSCDK::Codepipeline::Artifact.new("SourceArtifact")
source = AWSCDK::CodePipelineActions::CodeCommitSourceAction.new({
action_name: "Source",
repository: repo,
output: source_output,
trigger: AWSCDK::CodePipelineActions::CodeCommitTrigger::POLL,
})
source_stage = {
stage_name: "Source",
actions: [source],
}
# Deployment stage: create and deploy changeset with manual approval
stack_name = "OurStack"
change_set_name = "StagedChangeSet"
prod_stage = {
stage_name: "Deploy",
actions: [
AWSCDK::CodePipelineActions::CloudFormationCreateReplaceChangeSetAction.new({
action_name: "PrepareChanges",
stack_name: stack_name,
change_set_name: change_set_name,
admin_permissions: true,
template_path: source_output.at_path("template.yaml"),
run_order: 1,
}),
AWSCDK::CodePipelineActions::ManualApprovalAction.new({
action_name: "ApproveChanges",
run_order: 2,
}),
AWSCDK::CodePipelineActions::CloudFormationExecuteChangeSetAction.new({
action_name: "ExecuteChanges",
stack_name: stack_name,
change_set_name: change_set_name,
run_order: 3,
}),
],
}
AWSCDK::Codepipeline::Pipeline.new(stack, "Pipeline", {
cross_account_keys: true,
stages: [
source_stage,
prod_stage,
],
})
See the AWS documentation for more details about using CloudFormation in CodePipeline.
This package contains the following CloudFormation actions:
replace_on_failure
is set to true, in which case it will be destroyed and recreated).You can use CloudFormation StackSets to deploy the same CloudFormation template to multiple accounts in a managed way. If you use AWS Organizations, StackSets can be deployed to all accounts in a particular Organizational Unit (OU), and even automatically to new accounts as soon as they are added to a particular OU. For more information, see the Working with StackSets section of the CloudFormation developer guide.
The actions available for updating StackSets are:
Here's an example of using both of these actions:
pipeline = nil # AWSCDK::Codepipeline::Pipeline
source_output = nil # AWSCDK::Codepipeline::Artifact
pipeline.add_stage({
stage_name: "DeployStackSets",
actions: [
# First, update the StackSet itself with the newest template
AWSCDK::CodePipelineActions::CloudFormationDeployStackSetAction.new({
action_name: "UpdateStackSet",
run_order: 1,
stack_set_name: "MyStackSet",
template: AWSCDK::CodePipelineActions::StackSetTemplate.from_artifact_path(source_output.at_path("template.yaml")),
# Change this to 'StackSetDeploymentModel.organizations()' if you want to deploy to OUs
deployment_model: AWSCDK::CodePipelineActions::StackSetDeploymentModel.self_managed,
# This deploys to a set of accounts
stack_instances: AWSCDK::CodePipelineActions::StackInstances.in_accounts(["111111111111"], ["us-east-1", "eu-west-1"]),
}),
# Afterwards, update/create additional instances in other accounts
AWSCDK::CodePipelineActions::CloudFormationDeployStackInstancesAction.new({
action_name: "AddMoreInstances",
run_order: 2,
stack_set_name: "MyStackSet",
stack_instances: AWSCDK::CodePipelineActions::StackInstances.in_accounts(["222222222222", "333333333333"], ["us-east-1", "eu-west-1"]),
}),
],
})
If you want to deploy your Lambda through CodePipeline,
and you don't use assets (for example, because your CDK code and Lambda code are separate),
you can use a special Lambda Code class, CfnParametersCode.
Note that your Lambda must be in a different Stack than your Pipeline.
The Lambda itself will be deployed, alongside the entire Stack it belongs to,
using a CloudFormation CodePipeline Action. Example:
lambda_stack = AWSCDK::Stack.new(app, "LambdaStack")
lambda_code = AWSCDK::Lambda::Code.from_cfn_parameters
AWSCDK::Lambda::Function.new(lambda_stack, "Lambda", {
code: lambda_code,
handler: "index.handler",
runtime: AWSCDK::Lambda::Runtime.NODEJS_LATEST,
})
# other resources that your Lambda needs, added to the lambdaStack...
pipeline_stack = AWSCDK::Stack.new(app, "PipelineStack")
pipeline = AWSCDK::Codepipeline::Pipeline.new(pipeline_stack, "Pipeline", {
cross_account_keys: true,
})
# add the source code repository containing this code to your Pipeline,
# and the source code of the Lambda Function, if they're separate
cdk_source_output = AWSCDK::Codepipeline::Artifact.new
cdk_source_action = AWSCDK::CodePipelineActions::CodeCommitSourceAction.new({
repository: AWSCDK::Codecommit::Repository.new(pipeline_stack, "CdkCodeRepo", {
repository_name: "CdkCodeRepo",
}),
action_name: "CdkCode_Source",
output: cdk_source_output,
})
lambda_source_output = AWSCDK::Codepipeline::Artifact.new
lambda_source_action = AWSCDK::CodePipelineActions::CodeCommitSourceAction.new({
repository: AWSCDK::Codecommit::Repository.new(pipeline_stack, "LambdaCodeRepo", {
repository_name: "LambdaCodeRepo",
}),
action_name: "LambdaCode_Source",
output: lambda_source_output,
})
pipeline.add_stage({
stage_name: "Source",
actions: [cdk_source_action, lambda_source_action],
})
# synthesize the Lambda CDK template, using CodeBuild
# the below values are just examples, assuming your CDK code is in TypeScript/JavaScript -
# adjust the build environment and/or commands accordingly
cdk_build_project = AWSCDK::CodeBuild::Project.new(pipeline_stack, "CdkBuildProject", {
environment: {
build_image: AWSCDK::CodeBuild::LinuxBuildImage.STANDARD_7_0,
},
build_spec: AWSCDK::CodeBuild::BuildSpec.from_object({
version: "0.2",
phases: {
install: {
commands: "npm install",
},
build: {
commands: [
"npm run build",
"npm run cdk synth LambdaStack -- -o .",
],
},
},
artifacts: {
files: "LambdaStack.template.yaml",
},
}),
})
cdk_build_output = AWSCDK::Codepipeline::Artifact.new
cdk_build_action = AWSCDK::CodePipelineActions::CodeBuildAction.new({
action_name: "CDK_Build",
project: cdk_build_project,
input: cdk_source_output,
outputs: [cdk_build_output],
})
# build your Lambda code, using CodeBuild
# again, this example assumes your Lambda is written in TypeScript/JavaScript -
# make sure to adjust the build environment and/or commands if they don't match your specific situation
lambda_build_project = AWSCDK::CodeBuild::Project.new(pipeline_stack, "LambdaBuildProject", {
environment: {
build_image: AWSCDK::CodeBuild::LinuxBuildImage.STANDARD_7_0,
},
build_spec: AWSCDK::CodeBuild::BuildSpec.from_object({
version: "0.2",
phases: {
install: {
commands: "npm install",
},
build: {
commands: "npm run build",
},
},
artifacts: {
files: [
"index.js",
"node_modules/**/*",
],
},
}),
})
lambda_build_output = AWSCDK::Codepipeline::Artifact.new
lambda_build_action = AWSCDK::CodePipelineActions::CodeBuildAction.new({
action_name: "Lambda_Build",
project: lambda_build_project,
input: lambda_source_output,
outputs: [lambda_build_output],
})
pipeline.add_stage({
stage_name: "Build",
actions: [cdk_build_action, lambda_build_action],
})
# finally, deploy your Lambda Stack
pipeline.add_stage({
stage_name: "Deploy",
actions: [
AWSCDK::CodePipelineActions::CloudFormationCreateUpdateStackAction.new({
action_name: "Lambda_CFN_Deploy",
template_path: cdk_build_output.at_path("LambdaStack.template.yaml"),
stack_name: "LambdaStackDeployedName",
admin_permissions: true,
parameter_overrides: lambda_code.assign(lambda_build_output.s3_location),
extra_inputs: [
lambda_build_output,
],
}),
],
})
If you want to update stacks in a different account,
pass the account property when creating the action:
source_output = AWSCDK::Codepipeline::Artifact.new
AWSCDK::CodePipelineActions::CloudFormationCreateUpdateStackAction.new({
action_name: "CloudFormationCreateUpdate",
stack_name: "MyStackName",
admin_permissions: true,
template_path: source_output.at_path("template.yaml"),
account: "123456789012",
})
This will create a new stack, called <PipelineStackName>-support-123456789012, in your App,
that will contain the role that the pipeline will assume in account 123456789012 before executing this action.
This support stack will automatically be deployed before the stack containing the pipeline.
You can also pass a role explicitly when creating the action -
in that case, the account property is ignored,
and the action will operate in the same account the role belongs to:
require 'aws-cdk-lib'
# in stack for account 123456789012...
other_account_stack = nil # AWSCDK::Stack
action_role = AWSCDK::IAM::Role.new(other_account_stack, "ActionRole", {
assumed_by: AWSCDK::IAM::AccountPrincipal.new("123456789012"),
# the role has to have a physical name set
role_name: AWSCDK::PhysicalName.GENERATE_IF_NEEDED,
})
# in the pipeline stack...
source_output = AWSCDK::Codepipeline::Artifact.new
AWSCDK::CodePipelineActions::CloudFormationCreateUpdateStackAction.new({
action_name: "CloudFormationCreateUpdate",
stack_name: "MyStackName",
admin_permissions: true,
template_path: source_output.at_path("template.yaml"),
role: action_role,
})
To use CodeDeploy for EC2/on-premise deployments in a Pipeline:
deployment_group = nil # AWSCDK::CodeDeploy::ServerDeploymentGroup
pipeline = AWSCDK::Codepipeline::Pipeline.new(self, "MyPipeline", {
pipeline_name: "MyPipeline",
})
# add the source and build Stages to the Pipeline...
build_output = AWSCDK::Codepipeline::Artifact.new
deploy_action = AWSCDK::CodePipelineActions::CodeDeployServerDeployAction.new({
action_name: "CodeDeploy",
input: build_output,
deployment_group: deployment_group,
})
pipeline.add_stage({
stage_name: "Deploy",
actions: [deploy_action],
})
To use CodeDeploy for blue-green Lambda deployments in a Pipeline:
lambda_code = AWSCDK::Lambda::Code.from_cfn_parameters
func = AWSCDK::Lambda::Function.new(self, "Lambda", {
code: lambda_code,
handler: "index.handler",
runtime: AWSCDK::Lambda::Runtime.NODEJS_LATEST,
})
# used to make sure each CDK synthesis produces a different Version
version = func.current_version
_alias = AWSCDK::Lambda::Alias.new(self, "LambdaAlias", {
alias_name: "Prod",
version: version,
})
AWSCDK::CodeDeploy::LambdaDeploymentGroup.new(self, "DeploymentGroup", {
_alias: _alias,
deployment_config: AWSCDK::CodeDeploy::LambdaDeploymentConfig.LINEAR_10PERCENT_EVERY_1MINUTE,
})
Then, you need to create your Pipeline Stack,
where you will define your Pipeline,
and deploy the lambda_stack using a CloudFormation CodePipeline Action
(see above for a complete example).
CodePipeline can deploy an ECS service. The deploy Action receives one input Artifact which contains the image definition file:
require 'aws-cdk-lib'
service = nil # AWSCDK::ECS::FargateService
pipeline = AWSCDK::Codepipeline::Pipeline.new(self, "MyPipeline")
build_output = AWSCDK::Codepipeline::Artifact.new
deploy_stage = pipeline.add_stage({
stage_name: "Deploy",
actions: [
AWSCDK::CodePipelineActions::ECSDeployAction.new({
action_name: "DeployAction",
service: service,
# if your file is called imagedefinitions.json,
# use the `input` property,
# and leave out the `imageFile` property
input: build_output,
# if your file name is _not_ imagedefinitions.json,
# use the `imageFile` property,
# and leave out the `input` property
image_file: build_output.at_path("imageDef.json"),
deployment_timeout: AWSCDK::Duration.minutes(60),
}),
],
})
CodePipeline can deploy to an existing ECS service which uses the ECS service ARN format that contains the Cluster name. This also works if the service is in a different account and/or region than the pipeline:
require 'aws-cdk-lib'
service = AWSCDK::ECS::BaseService.from_service_arn_with_cluster(self, "EcsService", "arn:aws:ecs:us-east-1:123456789012:service/myClusterName/myServiceName")
pipeline = AWSCDK::Codepipeline::Pipeline.new(self, "MyPipeline")
build_output = AWSCDK::Codepipeline::Artifact.new
# add source and build stages to the pipeline as usual...
deploy_stage = pipeline.add_stage({
stage_name: "Deploy",
actions: [
AWSCDK::CodePipelineActions::ECSDeployAction.new({
action_name: "DeployAction",
service: service,
input: build_output,
}),
],
})
When deploying across accounts, especially in a CDK Pipelines self-mutating pipeline,
it is recommended to provide the role property to the EcsDeployAction.
The Role will need to have permissions assigned to it for ECS deployment.
See the CodePipeline documentation
for the permissions needed.
The idiomatic CDK way of deploying an ECS application is to have your Dockerfiles and your CDK code in the same source code repository, leveraging Docker Assets, and use the CDK Pipelines module.
However, if you want to deploy a Docker application whose source code is kept in a separate version control repository than the CDK code,
you can use the TagParameterContainerImage class from the ECS module.
Here's an example:
#
# This is the Stack containing a simple ECS Service that uses the provided ContainerImage.
#
class EcsAppStack < AWSCDK::Stack
def initialize(scope, id, props)
super(scope, id, props)
task_definition = AWSCDK::ECS::TaskDefinition.new(self, "TaskDefinition", {
compatibility: AWSCDK::ECS::Compatibility::FARGATE,
cpu: "1024",
memory_mi_b: "2048",
})
task_definition.add_container("AppContainer", {
image: props[:image],
})
AWSCDK::ECS::FargateService.new(self, "EcsService", {
task_definition: task_definition,
cluster: AWSCDK::ECS::Cluster.new(self, "Cluster", {
vpc: AWSCDK::EC2::VPC.new(self, "Vpc", {
max_azs: 1,
}),
}),
})
end
end
#
# This is the Stack containing the CodePipeline definition that deploys an ECS Service.
#
class PipelineStack < AWSCDK::Stack
attr_reader :tag_parameter_container_image
def initialize(scope, id, props = nil)
super(scope, id, props)
# ********* ECS part ****************
# this is the ECR repository where the built Docker image will be pushed
app_ecr_repo = AWSCDK::ECR::Repository.new(self, "EcsDeployRepository")
# the build that creates the Docker image, and pushes it to the ECR repo
app_code_docker_build = AWSCDK::CodeBuild::PipelineProject.new(self, "AppCodeDockerImageBuildAndPushProject", {
environment: {
# we need to run Docker
privileged: true,
},
build_spec: AWSCDK::CodeBuild::BuildSpec.from_object({
version: "0.2",
phases: {
build: {
commands: [
"$(aws ecr get-login --region $AWS_DEFAULT_REGION --no-include-email)",
"docker build -t $REPOSITORY_URI:$CODEBUILD_RESOLVED_SOURCE_VERSION .",
],
},
post_build: {
commands: [
"docker push $REPOSITORY_URI:$CODEBUILD_RESOLVED_SOURCE_VERSION",
"export imageTag=$CODEBUILD_RESOLVED_SOURCE_VERSION",
],
},
},
env: {
# save the imageTag environment variable as a CodePipeline Variable
"exported-variables" => [
"imageTag",
],
},
}),
environment_variables: {
REPOSITORY_URI: {
value: app_ecr_repo.repository_uri,
},
},
})
# needed for `docker push`
app_ecr_repo.grant_pull_push(app_code_docker_build)
# create the ContainerImage used for the ECS application Stack
@tag_parameter_container_image = AWSCDK::ECS::TagParameterContainerImage.new(app_ecr_repo)
cdk_code_build = AWSCDK::CodeBuild::PipelineProject.new(self, "CdkCodeBuildProject", {
build_spec: AWSCDK::CodeBuild::BuildSpec.from_object({
version: "0.2",
phases: {
install: {
commands: [
"npm install",
],
},
build: {
commands: [
"npx cdk synth --verbose",
],
},
},
artifacts: {
# store the entire Cloud Assembly as the output artifact
"base-directory" => "cdk.out",
"files" => "**/*",
},
}),
})
# ********* Pipeline part ****************
app_code_source_output = AWSCDK::Codepipeline::Artifact.new
cdk_code_source_output = AWSCDK::Codepipeline::Artifact.new
cdk_code_build_output = AWSCDK::Codepipeline::Artifact.new
app_code_build_action = AWSCDK::CodePipelineActions::CodeBuildAction.new({
action_name: "AppCodeDockerImageBuildAndPush",
project: app_code_docker_build,
input: app_code_source_output,
})
AWSCDK::Codepipeline::Pipeline.new(self, "CodePipelineDeployingEcsApplication", {
artifact_bucket: AWSCDK::S3::Bucket.new(self, "ArtifactBucket", {
removal_policy: AWSCDK::RemovalPolicy::DESTROY,
}),
stages: [
{
stage_name: "Source",
actions: [
# this is the Action that takes the source of your application code
AWSCDK::CodePipelineActions::CodeCommitSourceAction.new({
action_name: "AppCodeSource",
repository: AWSCDK::Codecommit::Repository.new(self, "AppCodeSourceRepository", {repository_name: "AppCodeSourceRepository"}),
output: app_code_source_output,
}),
# this is the Action that takes the source of your CDK code
# (which would probably include this Pipeline code as well)
AWSCDK::CodePipelineActions::CodeCommitSourceAction.new({
action_name: "CdkCodeSource",
repository: AWSCDK::Codecommit::Repository.new(self, "CdkCodeSourceRepository", {repository_name: "CdkCodeSourceRepository"}),
output: cdk_code_source_output,
}),
],
},
{
stage_name: "Build",
actions: [
app_code_build_action,
AWSCDK::CodePipelineActions::CodeBuildAction.new({
action_name: "CdkCodeBuildAndSynth",
project: cdk_code_build,
input: cdk_code_source_output,
outputs: [cdk_code_build_output],
}),
],
},
{
stage_name: "Deploy",
actions: [
AWSCDK::CodePipelineActions::CloudFormationCreateUpdateStackAction.new({
action_name: "CFN_Deploy",
stack_name: "SampleEcsStackDeployedFromCodePipeline",
# this name has to be the same name as used below in the CDK code for the application Stack
template_path: cdk_code_build_output.at_path("EcsStackDeployedInPipeline.template.json"),
admin_permissions: true,
parameter_overrides: {
# read the tag pushed to the ECR repository from the CodePipeline Variable saved by the application build step,
# and pass it as the CloudFormation Parameter for the tag
@tag_parameter_container_image.tag_parameter_name => app_code_build_action.variable("imageTag"),
},
}),
],
},
],
})
end
end
app = AWSCDK::App.new
# the CodePipeline Stack needs to be created first
pipeline_stack = PipelineStack.new(app, "aws-cdk-pipeline-ecs-separate-sources")
# we supply the image to the ECS application Stack from the CodePipeline Stack
EcsAppStack.new(app, "EcsStackDeployedInPipeline", {
image: pipeline_stack.tag_parameter_container_image,
})
To deploy application code to Amazon EC2 Linux instances or Linux SSM-managed nodes:
Note This action is only supported for V2 type pipelines.
source_output = AWSCDK::Codepipeline::Artifact.new
pipeline = AWSCDK::Codepipeline::Pipeline.new(self, "MyPipeline", {
pipeline_type: AWSCDK::Codepipeline::PipelineType::V2,
})
deploy_action = AWSCDK::CodePipelineActions::EC2DeployAction.new({
action_name: "Ec2Deploy",
input: source_output,
instance_type: AWSCDK::CodePipelineActions::EC2InstanceType::EC2,
instance_tag_key: "Name",
instance_tag_value: "MyInstance",
deploy_specifications: AWSCDK::CodePipelineActions::EC2DeploySpecifications.inline({
target_directory: "/home/ec2-user/deploy",
pre_script: "scripts/pre-deploy.sh",
post_script: "scripts/post-deploy.sh",
}),
})
deploy_stage = pipeline.add_stage({
stage_name: "Deploy",
actions: [deploy_action],
})
To learn more about using the EC2 deploy action in your pipeline, visit tutorial and documentation.
To use an S3 Bucket as a deployment target in CodePipeline:
require 'aws-cdk-lib'
source_output = AWSCDK::Codepipeline::Artifact.new
target_bucket = AWSCDK::S3::Bucket.new(self, "MyBucket")
key = AWSCDK::KMS::Key.new(self, "EnvVarEncryptKey", {
description: "sample key",
})
pipeline = AWSCDK::Codepipeline::Pipeline.new(self, "MyPipeline")
deploy_action = AWSCDK::CodePipelineActions::S3DeployAction.new({
action_name: "S3Deploy",
bucket: target_bucket,
input: source_output,
encryption_key: key,
})
deploy_stage = pipeline.add_stage({
stage_name: "Deploy",
actions: [deploy_action],
})
There is currently no native support in CodePipeline for invalidating a CloudFront cache after deployment. One workaround is to add another build step after the deploy step, and use the AWS CLI to invalidate the cache:
# Create a Cloudfront Web Distribution
require 'aws-cdk-lib'
distribution = nil # AWSCDK::CloudFront::Distribution
# Create the build project that will invalidate the cache
invalidate_build_project = AWSCDK::CodeBuild::PipelineProject.new(self, "InvalidateProject", {
build_spec: AWSCDK::CodeBuild::BuildSpec.from_object({
version: "0.2",
phases: {
build: {
commands: [
"aws cloudfront create-invalidation --distribution-id ${CLOUDFRONT_ID} --paths \"/*\"",
],
},
},
}),
environment_variables: {
CLOUDFRONT_ID: {value: distribution.distribution_id},
},
})
# Add Cloudfront invalidation permissions to the project
distribution_arn = "arn:aws:cloudfront::#{@account}:distribution/#{distribution.distribution_id}"
invalidate_build_project.add_to_role_policy(AWSCDK::IAM::PolicyStatement.new({
resources: [distribution_arn],
actions: [
"cloudfront:CreateInvalidation",
],
}))
# Create the pipeline (here only the S3 deploy and Invalidate cache build)
deploy_bucket = AWSCDK::S3::Bucket.new(self, "DeployBucket")
deploy_input = AWSCDK::Codepipeline::Artifact.new
AWSCDK::Codepipeline::Pipeline.new(self, "Pipeline", {
stages: [
{
stage_name: "Deploy",
actions: [
AWSCDK::CodePipelineActions::S3DeployAction.new({
action_name: "S3Deploy",
bucket: deploy_bucket,
input: deploy_input,
run_order: 1,
}),
AWSCDK::CodePipelineActions::CodeBuildAction.new({
action_name: "InvalidateCache",
project: invalidate_build_project,
input: deploy_input,
run_order: 2,
}),
],
},
],
})
To deploy an Elastic Beanstalk Application in CodePipeline:
source_output = AWSCDK::Codepipeline::Artifact.new
target_bucket = AWSCDK::S3::Bucket.new(self, "MyBucket")
pipeline = AWSCDK::Codepipeline::Pipeline.new(self, "MyPipeline")
deploy_action = AWSCDK::CodePipelineActions::ElasticBeanstalkDeployAction.new({
action_name: "ElasticBeanstalkDeploy",
input: source_output,
environment_name: "envName",
application_name: "appName",
})
deploy_stage = pipeline.add_stage({
stage_name: "Deploy",
actions: [deploy_action],
})
You can deploy to Alexa using CodePipeline with the following Action:
# Read the secrets from ParameterStore
client_id = AWSCDK::SecretValue.secrets_manager("AlexaClientId")
client_secret = AWSCDK::SecretValue.secrets_manager("AlexaClientSecret")
refresh_token = AWSCDK::SecretValue.secrets_manager("AlexaRefreshToken")
# Add deploy action
source_output = AWSCDK::Codepipeline::Artifact.new
AWSCDK::CodePipelineActions::AlexaSkillDeployAction.new({
action_name: "DeploySkill",
run_order: 1,
input: source_output,
client_id: client_id.to_string,
client_secret: client_secret,
refresh_token: refresh_token,
skill_id: "amzn1.ask.skill.12345678-1234-1234-1234-123456789012",
})
If you need manifest overrides you can specify them as parameter_overrides_artifact in the action:
# Deploy some CFN change set and store output
execute_output = AWSCDK::Codepipeline::Artifact.new("CloudFormation")
execute_change_set_action = AWSCDK::CodePipelineActions::CloudFormationExecuteChangeSetAction.new({
action_name: "ExecuteChangesTest",
run_order: 2,
stack_name: "MyStack",
change_set_name: "MyChangeSet",
output_file_name: "overrides.json",
output: execute_output,
})
# Provide CFN output as manifest overrides
client_id = AWSCDK::SecretValue.secrets_manager("AlexaClientId")
client_secret = AWSCDK::SecretValue.secrets_manager("AlexaClientSecret")
refresh_token = AWSCDK::SecretValue.secrets_manager("AlexaRefreshToken")
source_output = AWSCDK::Codepipeline::Artifact.new
AWSCDK::CodePipelineActions::AlexaSkillDeployAction.new({
action_name: "DeploySkill",
run_order: 1,
input: source_output,
parameter_overrides_artifact: execute_output,
client_id: client_id.to_string,
client_secret: client_secret,
refresh_token: refresh_token,
skill_id: "amzn1.ask.skill.12345678-1234-1234-1234-123456789012",
})
You can deploy a CloudFormation template to an existing Service Catalog product with the following Action:
cdk_build_output = AWSCDK::Codepipeline::Artifact.new
service_catalog_deploy_action = AWSCDK::CodePipelineActions::ServiceCatalogDeployActionBeta1.new({
action_name: "ServiceCatalogDeploy",
template_path: cdk_build_output.at_path("Sample.template.json"),
product_version_name: "Version - " + Date[:now].to_string,
product_version_description: "This is a version from the pipeline with a new description.",
product_id: "prod-XXXXXXXX",
})
This package contains an Action that stops the Pipeline until someone manually clicks the approve button:
require 'aws-cdk-lib'
pipeline = AWSCDK::Codepipeline::Pipeline.new(self, "MyPipeline")
approve_stage = pipeline.add_stage({stage_name: "Approve"})
manual_approval_action = AWSCDK::CodePipelineActions::ManualApprovalAction.new({
action_name: "Approve",
notification_topic: AWSCDK::SNS::Topic.new(self, "Topic"),
# optional
notify_emails: [
"some_email@example.com",
],
# optional
additional_information: "additional info",
# optional
timeout: AWSCDK::Duration.minutes(10),
})
approve_stage.add_action(manual_approval_action)
If the notification_topic has not been provided,
but notify_emails were,
a new SNS Topic will be created
(and accessible through the notification_topic property of the Action).
If you want to grant a principal permissions to approve the changes,
you can invoke the method grant_manual_approval passing it a IGrantable:
pipeline = AWSCDK::Codepipeline::Pipeline.new(self, "MyPipeline")
approve_stage = pipeline.add_stage({stage_name: "Approve"})
manual_approval_action = AWSCDK::CodePipelineActions::ManualApprovalAction.new({
action_name: "Approve",
})
approve_stage.add_action(manual_approval_action)
role = AWSCDK::IAM::Role.from_role_arn(self, "Admin", AWSCDK::ARN.format({service: "iam", resource: "role", resource_name: "Admin"}, self))
manual_approval_action.grant_manual_approval(role)
This module contains an Action that allows you to invoke a Lambda function in a Pipeline:
fn = nil # AWSCDK::Lambda::Function
pipeline = AWSCDK::Codepipeline::Pipeline.new(self, "MyPipeline")
lambda_action = AWSCDK::CodePipelineActions::LambdaInvokeAction.new({
action_name: "Lambda",
lambda: fn,
})
pipeline.add_stage({
stage_name: "Lambda",
actions: [lambda_action],
})
The Lambda Action can have up to 5 inputs, and up to 5 outputs:
fn = nil # AWSCDK::Lambda::Function
source_output = AWSCDK::Codepipeline::Artifact.new
build_output = AWSCDK::Codepipeline::Artifact.new
lambda_action = AWSCDK::CodePipelineActions::LambdaInvokeAction.new({
action_name: "Lambda",
inputs: [
source_output,
build_output,
],
outputs: [
AWSCDK::Codepipeline::Artifact.new("Out1"),
AWSCDK::Codepipeline::Artifact.new("Out2"),
],
lambda: fn,
})
The Lambda Action supports custom user parameters that pipeline will pass to the Lambda function:
fn = nil # AWSCDK::Lambda::Function
pipeline = AWSCDK::Codepipeline::Pipeline.new(self, "MyPipeline")
lambda_action = AWSCDK::CodePipelineActions::LambdaInvokeAction.new({
action_name: "Lambda",
lambda: fn,
user_parameters: {
foo: "bar",
baz: "qux",
},
# OR
user_parameters_string: "my-parameter-string",
})
The Lambda invoke action emits variables.
Unlike many other actions, the variables are not static,
but dynamic, defined by the function calling the PutJobSuccessResult
API with the output_variables property filled with the map of variables
Example:
# later:
project = nil # AWSCDK::CodeBuild::PipelineProject
lambda_invoke_action = AWSCDK::CodePipelineActions::LambdaInvokeAction.new({
action_name: "Lambda",
lambda: AWSCDK::Lambda::Function.new(self, "Func", {
runtime: AWSCDK::Lambda::Runtime.NODEJS_LATEST,
handler: "index.handler",
code: AWSCDK::Lambda::Code.from_inline(<<-'HERE'
const { CodePipeline } = require('@aws-sdk/client-codepipeline');
exports.handler = async function(event, context) {
const codepipeline = new AWS.CodePipeline();
await codepipeline.putJobSuccessResult({
jobId: event['CodePipeline.job'].id,
outputVariables: {
MY_VAR: "some value",
},
});
}
HERE),
}),
variables_namespace: "MyNamespace",
})
source_output = AWSCDK::Codepipeline::Artifact.new
AWSCDK::CodePipelineActions::CodeBuildAction.new({
action_name: "CodeBuild",
project: project,
input: source_output,
environment_variables: {
MyVar: {
value: lambda_invoke_action.variable("MY_VAR"),
},
},
})
See the AWS documentation on how to write a Lambda function invoked from CodePipeline.
This module contains an Action that allows you to invoke a Step Function in a Pipeline:
require 'aws-cdk-lib'
pipeline = AWSCDK::Codepipeline::Pipeline.new(self, "MyPipeline")
start_state = AWSCDK::StepFunctions::Pass.new(self, "StartState")
simple_state_machine = AWSCDK::StepFunctions::StateMachine.new(self, "SimpleStateMachine", {
definition: start_state,
})
step_function_action = AWSCDK::CodePipelineActions::StepFunctionInvokeAction.new({
action_name: "Invoke",
state_machine: simple_state_machine,
state_machine_input: AWSCDK::CodePipelineActions::StateMachineInput.literal({IsHelloWorldExample: true}),
})
pipeline.add_stage({
stage_name: "StepFunctions",
actions: [step_function_action],
})
The StateMachineInput can be created with one of 2 static factory methods:
literal, which takes an arbitrary map as its only argument, or file_path:
require 'aws-cdk-lib'
pipeline = AWSCDK::Codepipeline::Pipeline.new(self, "MyPipeline")
input_artifact = AWSCDK::Codepipeline::Artifact.new
start_state = AWSCDK::StepFunctions::Pass.new(self, "StartState")
simple_state_machine = AWSCDK::StepFunctions::StateMachine.new(self, "SimpleStateMachine", {
definition: start_state,
})
step_function_action = AWSCDK::CodePipelineActions::StepFunctionInvokeAction.new({
action_name: "Invoke",
state_machine: simple_state_machine,
state_machine_input: AWSCDK::CodePipelineActions::StateMachineInput.file_path(input_artifact.at_path("assets/input.json")),
})
pipeline.add_stage({
stage_name: "StepFunctions",
actions: [step_function_action],
})
See the AWS documentation for information on Action structure reference.
This module contains an Action that allows you to invoke another pipeline execution in a pipeline:
require 'aws-cdk-lib'
pipeline = AWSCDK::Codepipeline::Pipeline.new(self, "MyPipeline")
target_pipeline = AWSCDK::Codepipeline::Pipeline.from_pipeline_arn(self, "Pipeline", "arn:aws:codepipeline:us-east-1:123456789012:InvokePipelineAction") # If targetPipeline is not created by cdk, import from arn.
pipeline.add_stage({
stage_name: "stageName",
actions: [
AWSCDK::CodePipelineActions::PipelineInvokeAction.new({
action_name: "Invoke",
target_pipeline: target_pipeline,
variables: [
{
name: "name1",
value: "value1",
},
],
source_revisions: [
{
action_name: "Source",
revision_type: AWSCDK::CodePipelineActions::RevisionType::S3_OBJECT_VERSION_ID,
revision_value: "testRevisionValue",
},
],
}),
],
})
See the AWS documentation for information on Action structure reference.
Amazon Inspector is a vulnerability management service that automatically discovers workloads and continually scans them for software vulnerabilities and unintended network exposure.
The actions InspectorSourceCodeScanAction and InspectorEcrImageScanAction automate detecting and fixing security
vulnerabilities in your open source code. The actions are managed compute actions with security scanning capabilities.
You can use the actions with application source code in your third-party repository, such as GitHub or Bitbucket Cloud,
or with images for container applications.
Your actions will scan and report on vulnerability levels and alerts that you configure.
The InspectorSourceCodeScanAction allows you to scan the application source code for vulnerabilities in your repository.
pipeline = nil # AWSCDK::Codepipeline::Pipeline
source_output = AWSCDK::Codepipeline::Artifact.new
source_action = AWSCDK::CodePipelineActions::CodeStarConnectionsSourceAction.new({
action_name: "CodeStarConnectionsSourceAction",
output: source_output,
connection_arn: "your-connection-arn",
owner: "your-owner",
repo: "your-repo",
})
scan_output = AWSCDK::Codepipeline::Artifact.new
scan_action = AWSCDK::CodePipelineActions::InspectorSourceCodeScanAction.new({
action_name: "InspectorSourceCodeScanAction",
input: source_output,
output: scan_output,
})
pipeline.add_stage({
stage_name: "Source",
actions: [source_action],
})
pipeline.add_stage({
stage_name: "Scan",
actions: [scan_action],
})
The InspectorEcrImageScanAction allows you to scan the image for vulnerabilities in your container applications.
require 'aws-cdk-lib'
pipeline = nil # AWSCDK::Codepipeline::Pipeline
repository = nil # AWSCDK::ECR::IRepository
scan_output = AWSCDK::Codepipeline::Artifact.new
scan_action = AWSCDK::CodePipelineActions::InspectorECRImageScanAction.new({
action_name: "InspectorEcrImageScanAction",
output: scan_output,
repository: repository,
})
pipeline.add_stage({
stage_name: "Scan",
actions: [scan_action],
})
The Commands action allows you to run shell commands in a virtual compute instance. When you run the action, commands specified in the action configuration are run in a separate container. All artifacts that are specified as input artifacts to a CodeBuild action are available inside of the container running the commands. This action allows you to specify commands without first creating a CodeBuild project.
# Source action
bucket = AWSCDK::S3::Bucket.new(self, "SourceBucket", {
versioned: true,
})
source_artifact = AWSCDK::Codepipeline::Artifact.new("SourceArtifact")
source_action = AWSCDK::CodePipelineActions::S3SourceAction.new({
action_name: "Source",
output: source_artifact,
bucket: bucket,
bucket_key: "my.zip",
})
# Commands action
output_artifact = AWSCDK::Codepipeline::Artifact.new("OutputArtifact")
commands_action = AWSCDK::CodePipelineActions::CommandsAction.new({
action_name: "Commands",
commands: [
"echo \"some commands\"",
],
input: source_artifact,
output: output_artifact,
})
pipeline = AWSCDK::Codepipeline::Pipeline.new(self, "Pipeline", {
stages: [
{
stage_name: "Source",
actions: [source_action],
},
{
stage_name: "Commands",
actions: [commands_action],
},
],
})
If you want to filter the files to be included in the output artifact, you can specify their paths as the second
argument to Artifact.
source_artifact = nil # AWSCDK::Codepipeline::Artifact
# filter files to be included in the output artifact
output_artifact = AWSCDK::Codepipeline::Artifact.new("OutputArtifact", ["my-dir/**/*"])
commands_action = AWSCDK::CodePipelineActions::CommandsAction.new({
action_name: "Commands",
commands: [
"mkdir -p my-dir",
"echo \"HelloWorld\" > my-dir/file.txt",
],
input: source_artifact,
output: output_artifact,
})
You can also specify the output_variables property in the CommandsAction to emit environment variables that can be used
in subsequent actions. The variables are those defined in your shell commands or exported as defaults by the CodeBuild service.
For a reference of CodeBuild environment variables, see
Environment variables in build environments
in the CodeBuild User Guide.
To use the output variables in a subsequent action, you can use the variable method on the action:
source_artifact = nil # AWSCDK::Codepipeline::Artifact
output_artifact = nil # AWSCDK::Codepipeline::Artifact
commands_action = AWSCDK::CodePipelineActions::CommandsAction.new({
action_name: "Commands",
commands: [
"export MY_OUTPUT=my-key",
],
input: source_artifact,
output: output_artifact,
output_variables: ["MY_OUTPUT", "CODEBUILD_BUILD_ID"],
})
# Deploy action
deploy_action = AWSCDK::CodePipelineActions::S3DeployAction.new({
action_name: "DeployAction",
extract: true,
input: output_artifact,
bucket: AWSCDK::S3::Bucket.new(self, "DeployBucket"),
object_key: commands_action.variable("MY_OUTPUT"),
})
See the AWS documentation for more details about using Commands action in CodePipeline.