Skip to content

Commit

Permalink
add parameters to embedded-linux-pipeline: accessLoggingBucket, artif…
Browse files Browse the repository at this point in the history
…actBucket, outputBucket
  • Loading branch information
thomas-roos committed Jan 23, 2024
1 parent 3f9d517 commit 386549e
Show file tree
Hide file tree
Showing 10 changed files with 96 additions and 49 deletions.
53 changes: 35 additions & 18 deletions lib/build-image-pipeline.ts
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,10 @@ export interface BuildImagePipelineProps extends cdk.StackProps {
readonly dataBucket: s3.IBucket;
/** The ECR Repository to push to. */
readonly repository: IRepository;
/** Access logging bucket to use */
accessLoggingBucket?: s3.Bucket;
/** Artifact bucket to use */
artifactBucket?: s3.Bucket;
}

/**
Expand Down Expand Up @@ -98,24 +102,37 @@ export class BuildImagePipelineStack extends cdk.Stack {
input: sourceOutput,
});

const accessLoggingBucket = new s3.Bucket(this, 'ArtifactAccessLogging', {
versioned: true,
enforceSSL: true,
});
const encryptionKey = new kms.Key(this, 'PipelineArtifactKey', {
removalPolicy: RemovalPolicy.DESTROY,
enableKeyRotation: true,
});
const artifactBucket = new s3.Bucket(this, 'PipelineArtifacts', {
versioned: true,
enforceSSL: true,
serverAccessLogsBucket: accessLoggingBucket,
encryptionKey,
encryption: s3.BucketEncryption.KMS,
blockPublicAccess: new s3.BlockPublicAccess(
s3.BlockPublicAccess.BLOCK_ALL
),
});
let accessLoggingBucket: s3.IBucket;

if (props.accessLoggingBucket){
accessLoggingBucket = props.accessLoggingBucket;
} else {
accessLoggingBucket = new s3.Bucket(this, 'ArtifactAccessLogging', {
versioned: true,
enforceSSL: true,
});
}

let artifactBucket: s3.IBucket;

if (props.artifactBucket){
artifactBucket = props.artifactBucket;
} else {
const encryptionKey = new kms.Key(this, 'PipelineArtifactKey', {
removalPolicy: RemovalPolicy.DESTROY,
enableKeyRotation: true,
});
artifactBucket = new s3.Bucket(this, 'PipelineArtifacts', {
versioned: true,
enforceSSL: true,
serverAccessLogsBucket: accessLoggingBucket,
encryptionKey,
encryption: s3.BucketEncryption.KMS,
blockPublicAccess: new s3.BlockPublicAccess(
s3.BlockPublicAccess.BLOCK_ALL
),
});
}

const pipeline = new codepipeline.Pipeline(this, 'BuildImagePipeline', {
artifactBucket,
Expand Down
82 changes: 53 additions & 29 deletions lib/embedded-linux-pipeline.ts
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,13 @@ export interface EmbeddedLinuxPipelineProps extends cdk.StackProps {
readonly layerRepoName?: string;
/** Additional policy statements to add to the build project. */
readonly buildPolicyAdditions?: iam.PolicyStatement[];
}
/** Access logging bucket to use */
readonly accessLoggingBucket?: s3.Bucket;
/** Artifact bucket to use */
readonly artifactBucket?: s3.Bucket;
/** Output bucket to use */
readonly outputBucket?: s3.Bucket | VMImportBucket;
}

/**
* The stack for creating a build pipeline.
Expand Down Expand Up @@ -80,11 +86,16 @@ export class EmbeddedLinuxPipelineStack extends cdk.Stack {
let outputBucket: s3.IBucket | VMImportBucket;
let environmentVariables = {};
let scriptAsset!: Asset;
let accessLoggingBucket: s3.IBucket;

const accessLoggingBucket = new s3.Bucket(this, 'ArtifactAccessLogging', {
versioned: true,
enforceSSL: true,
});
if (props.accessLoggingBucket){
accessLoggingBucket = props.accessLoggingBucket;
} else {
accessLoggingBucket = new s3.Bucket(this, 'ArtifactAccessLogging', {
versioned: true,
enforceSSL: true,
});
}

if (props.projectKind && props.projectKind == ProjectKind.PokyAmi) {
scriptAsset = new Asset(this, 'CreateAMIScript', {
Expand All @@ -99,14 +110,17 @@ export class EmbeddedLinuxPipelineStack extends cdk.Stack {
enableKeyRotation: true,
}
);

outputBucket = new VMImportBucket(this, 'PipelineOutput', {
versioned: true,
enforceSSL: true,
encryptionKey: outputBucketEncryptionKey,
encryptionKeyArn: outputBucketEncryptionKey.keyArn,
serverAccessLogsBucket: accessLoggingBucket,
});
if (props.outputBucket){
outputBucket = props.outputBucket;
} else {
outputBucket = new VMImportBucket(this, 'PipelineOutput', {
versioned: true,
enforceSSL: true,
encryptionKey: outputBucketEncryptionKey,
encryptionKeyArn: outputBucketEncryptionKey.keyArn,
serverAccessLogsBucket: accessLoggingBucket,
});
}
environmentVariables = {
IMPORT_BUCKET: {
type: BuildEnvironmentVariableType.PLAINTEXT,
Expand All @@ -122,28 +136,38 @@ export class EmbeddedLinuxPipelineStack extends cdk.Stack {
},
};
} else {
outputBucket = new s3.Bucket(this, 'PipelineOutput', {
if (props.outputBucket){
outputBucket = props.outputBucket;
} else {
outputBucket = new s3.Bucket(this, 'PipelineOutput', {
versioned: true,
enforceSSL: true,
serverAccessLogsBucket: accessLoggingBucket,
});
}
}

let artifactBucket: s3.IBucket;

if (props.artifactBucket){
artifactBucket = props.artifactBucket;
} else {
const encryptionKey = new kms.Key(this, 'PipelineArtifactKey', {
removalPolicy: RemovalPolicy.DESTROY,
enableKeyRotation: true,
});
artifactBucket = new s3.Bucket(this, 'PipelineArtifacts', {
versioned: true,
enforceSSL: true,
serverAccessLogsBucket: accessLoggingBucket,
encryptionKey,
encryption: s3.BucketEncryption.KMS,
blockPublicAccess: new s3.BlockPublicAccess(
s3.BlockPublicAccess.BLOCK_ALL
),
});
}

const encryptionKey = new kms.Key(this, 'PipelineArtifactKey', {
removalPolicy: RemovalPolicy.DESTROY,
enableKeyRotation: true,
});
const artifactBucket = new s3.Bucket(this, 'PipelineArtifacts', {
versioned: true,
enforceSSL: true,
serverAccessLogsBucket: accessLoggingBucket,
encryptionKey,
encryption: s3.BucketEncryption.KMS,
blockPublicAccess: new s3.BlockPublicAccess(
s3.BlockPublicAccess.BLOCK_ALL
),
});

/** Create our CodePipeline Actions. */
const sourceRepo = new SourceRepo(this, 'SourceRepo', {
...props,
Expand Down
1 change: 1 addition & 0 deletions source-repo/kas/build.buildspec.yml
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ phases:

artifacts:
discard-paths: true
base-directory: kas/
files:
- $TMP_DIR/build/tmp/deploy/images/qemux86-64/aws-biga-image-qemux86-64*
- $TMP_DIR/build/tmp/log/cve/cve-summary*
1 change: 1 addition & 0 deletions source-repo/meta-aws-demo/build.buildspec.yml
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ phases:

artifacts:
discard-paths: true
base-directory: meta-aws-demo/
files:
- $TMP_DIR/tmp/deploy/images/qemux86-64/core-image-minimal-qemux86-64*
- $TMP_DIR/tmp/log/cve/cve-summary*
1 change: 1 addition & 0 deletions source-repo/nxp-imx/build.buildspec.yml
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,7 @@ phases:

artifacts:
discard-paths: true
base-directory: nxp-imx/
files:
# $TMP_DIR is not supported by imx bsp / distro
- build/tmp/deploy/images/imx93evk/*
Expand Down
1 change: 1 addition & 0 deletions source-repo/poky-ami/build.buildspec.yml
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,7 @@ phases:
- find /downloads -atime +30 -type d -empty -delete
artifacts:
discard-paths: true
base-directory: poky-ami/
files:
- $TMP_DIR/tmp/deploy/images/aws-ec2-arm64/core-image-minimal*
- $TMP_DIR/tmp/log/cve/cve-summary*
1 change: 1 addition & 0 deletions source-repo/poky/build.buildspec.yml
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ phases:

artifacts:
discard-paths: true
base-directory: poky/
files:
- $TMP_DIR/tmp/deploy/images/qemux86-64/core-image-minimal-qemux86-64*
- $TMP_DIR/tmp/log/cve/cve-summary*
1 change: 1 addition & 0 deletions source-repo/renesas/build.buildspec.yml
Original file line number Diff line number Diff line change
Expand Up @@ -41,5 +41,6 @@ phases:

artifacts:
discard-paths: true
base-directory: renesas/
files:
- h3ulcb/build/tmp/deploy/images/h3ulcb/*
2 changes: 1 addition & 1 deletion test/__snapshots__/embedded-linux-pipeline.test.ts.snap
Original file line number Diff line number Diff line change
Expand Up @@ -6959,7 +6959,7 @@ def handler(event, context):
"BranchName": "main",
"S3": {
"Bucket": "cdk-hnb659fds-assets-12341234-eu-central-1",
"Key": "03d16bf861cb657df931bd33404567ac7f02ff927d18a45f5cc7f7cc981bb7ce.zip",
"Key": "316e4fb930478b572a8e5613ed06ba36db1d12f7b8489823b64e770d8121596d.zip",
},
},
"RepositoryName": "layer-repo-MyTestStack",
Expand Down
2 changes: 1 addition & 1 deletion test/__snapshots__/source-repo.test.ts.snap
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ exports[`Pipeline Source Repository Snapshot 1`] = `
"BranchName": "main",
"S3": {
"Bucket": "cdk-hnb659fds-assets-12341234-eu-central-1",
"Key": "03d16bf861cb657df931bd33404567ac7f02ff927d18a45f5cc7f7cc981bb7ce.zip",
"Key": "316e4fb930478b572a8e5613ed06ba36db1d12f7b8489823b64e770d8121596d.zip",
},
},
"RepositoryName": "charlie",
Expand Down

0 comments on commit 386549e

Please sign in to comment.