Docs

.github/workflows/doc.yml

@@ -0,0 +1,25 @@
+name: Typedoc build and deploy doc to GH pages
+on:
+    push:
+        branches: ["main"]
+
+    workflow_dispatch:
+
+permissions:
+    contents: write
+jobs:
+    build-and-deploy:
+        runs-on: ubuntu-latest
+        steps:
+        - name: Checkout
+          uses: actions/checkout@v3
+
+        - name: Install and Build
+          run: |
+            npm ci
+            npm run doc
+
+        - name: Deploy
+          uses: JamesIves/github-pages-deploy-action@v4
+          with:
+            folder: dist/docs

README.md

@@ -1,30 +1,51 @@
-## aws4embeddedlinux-ci
+# aws4embeddedlinux-ci
 
 This [cdk](https://github.com/aws/aws-cdk) IaC library help you to deploy AWS cloud infrastructure to allow embedded Linux builds for your project.
 
-### Architecture
-![architecture overview](architecture.drawio.svg "Architecture")
+## Architecture
+![architecture overview](images/architecture.svg "Architecture")
 
-### Quickstart
+## API documentation
+[API documentation](https://aws4embeddedlinux.github.io/aws4embeddedlinux-ci/) generated by `npm run doc`
+
+# Setting Up
+
+## Quickstart
 Use the [examples](https://github.com/aws4embeddedlinux/aws4embeddedlinux-ci-examples) in our examples repo.
 
-### Development Setup
+
+## Setting Up A New Project
+
+1. Create a CDK project. More details can be found in the [CDK Getting Started Documentation](https://docs.aws.amazon.com/cdk/v2/guide/getting_started.html).
+```
+mkdir my-project
+cd my-project
+cdk init app --language typescript
+```
+2. Add the cdk library with `npm install aws4embeddedlinux/aws4embeddedlinux-ci`
+3. Create your application using the library. Refer to the [API Documentation](https://aws4embeddedlinux.github.io/aws4embeddedlinux-ci) and the [Examples](github.com/aws4embeddedlinux/aws4embeddedlinux-ci-examples) for more details.
+4. Deploy your application using `cdk deploy`.
+5. After the application is deployed, the 'Build Image' Pipeline needs to be run. This will create an Ubuntu based container for building Yocto. This container is used by the other pipelines. If the other pipelines are run before this container is created and pushed to [ECR](https://aws.amazon.com/ecr/), they will fail. This Build Image Pipeline will run weekly by default to keep this container patched.
+6. Now the application pipeline is able to be run. This will push contents of the Yocto deploy directory into S3.
+
+## Development Setup
 You can use [`npm link`](https://docs.npmjs.com/cli/v10/commands/npm-link) to develop with a local copy of this repo.
 
-#### In this library repo:
+### In this library repo:
 ```bash
 $ npm link
 $ cd your-project
 ```
 
-#### In your-project folder:
+### In your-project folder:
 ```bash
 $ npm link aws4embeddedlinux-ci
 ```
 
 This will link through the system `node_modules` install. When using a system node install on Linux, this can require sudo access. To avoid this, use a [node version manager](https://docs.npmjs.com/downloading-and-installing-node-js-and-npm#using-a-node-version-manager-to-install-nodejs-and-npm) or [set a node prefix](https://docs.npmjs.com/resolving-eacces-permissions-errors-when-installing-packages-globally).
 
 
+
 ## Security
 
 See [SECURITY](SECURITY.md) for more information about reporting issues with this project.
@@ -33,9 +54,9 @@ See [SECURITY](SECURITY.md) for more information about reporting issues with thi
 [AWS Secrets Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html) is the preferred method of adding secrets to your pipeline. This service provides a structured means of access and avoids pitfalls with putting secrets in environment variables, source repos, etc.
 
 1. Create a _Secret_ in Secrets Manager and add your secret value.
-1. Grant permissions to the CodeBuild pipeline project.
-   1. Find the IAM role for the CodeBuild Project in the CodeBuild console page under the "Build Details". This is also called the "Service Role".
-   1. In the IAM console page, add a new policy, replacing \<Secret ARN> with the ARN of the secret created.
+1. Grant access permissions to the CodeBuild pipeline project.
+-  1. Find the IAM role for the CodeBuild Project in the CodeBuild console page under the "Build Details". This is also called the "Service Role".
+-  1. In the IAM console page, add a new policy, replacing \<Secret ARN> with the ARN of the secret created.
 ```json
 {
     "Version": "2012-10-17",

lib/build-image-pipeline.ts

@@ -48,7 +48,7 @@ export class BuildImagePipelineStack extends cdk.Stack {
     const sourceAction = new codepipeline_actions.S3SourceAction({
       actionName: 'Build-Image-Source',
       bucket: props.dataBucket,
-      bucketKey: 'data.zip', // TODO(glimsdal): Parameterize.
+      bucketKey: 'data.zip',
       output: sourceOutput,
     });
 

lib/demo-pipeline.ts

@@ -340,7 +340,6 @@ def handler(event, context):
   ): string {
     const fs = new efs.FileSystem(this, `DemoPipeline${name}Filesystem`, {
       vpc,
-      // TODO(nateglims): Reconsider this when development is slowing down.
       removalPolicy: cdk.RemovalPolicy.DESTROY,
     });
     fs.connections.allowFrom(securityGroup, Port.tcp(2049));

test/build-image-repo.test.ts

@@ -7,17 +7,6 @@ describe('Build Image Repository', () => {
     env: { account: '111111111111', region: 'eu-central-1' },
   };
 
-  test('ECR Repo has EmptyOnDelete', () => {
-    const app = new cdk.App();
-    const stack = new BuildImageRepoStack(app, 'MyTestStack', props);
-    const template = Template.fromStack(stack);
-    template.resourceCountIs('AWS::ECR::Repository', 1);
-    // TODO: Investigate why we cannot set EmptyOnDelete in CDK.
-    // template.hasResourceProperties("AWS::ECR::Repository", {
-    //   EmptyOnDelete: true,
-    // });
-  });
-
   test('Snapshot', () => {
     const app = new cdk.App();
     const stack = new BuildImageRepoStack(app, 'MyTestStack', props);

test/demo-pipeline-nag.test.ts

@@ -35,7 +35,7 @@ describe('Demo pipeline cdk-nag AwsSolutions Pack', () => {
       },
       {
         id: 'AwsSolutions-CB3',
-        reason: 'TODO: Verify CodeBuild Privilege mode is required here.',
+        reason: 'CodeBuild Privilege mode is required for this pipeline.',
       },
 
       {