constructor()

in lib/pipeline-stack.ts [12:77]

• 54 lines of code
• 1 McCabe index (conditional complexity)

  constructor(scope: Construct, id: string, props?: StackProps) {
    super(scope, id, props);

    const sourceArtifacts = new codepipeline.Artifact();
    const cloudAssemblyArtifacts = new codepipeline.Artifact();

    const pipeline = new CdkPipeline(this, 'AuditServicePipeline', {
      crossAccountKeys: false, // https://docs.aws.amazon.com/cdk/api/latest/docs/pipelines-readme.html#a-note-on-cost
      pipelineName: 'AuditService',
      cloudAssemblyArtifact: cloudAssemblyArtifacts,

      // source
      sourceAction: new codepipeline_actions.GitHubSourceAction({
        actionName: 'Source',
        output: sourceArtifacts,
        owner: ssm.StringParameter.fromStringParameterName(this, 'GithubUsername', 'github_username').stringValue,
        repo: 'amazon-eventbridge-cdk-audit-service-sample',
        oauthToken: SecretValue.secretsManager('github_token', { jsonField: 'github_token' }),
        branch: 'main'
      }),

      // build
      synthAction: SimpleSynthAction.standardNpmSynth({
        sourceArtifact: sourceArtifacts,
        cloudAssemblyArtifact: cloudAssemblyArtifacts,
        buildCommand: 'npm run build',
        synthCommand: 'npm run synth'
      })
    });

    // deploy to staging
    const stagingDeploy = new AuditServiceDeployStage(this, 'Staging', {
      logicalEnv: 'staging'
    });
    const stagingStage = pipeline.addApplicationStage(stagingDeploy);

    const e2eTestAction = new ShellScriptAction({
      actionName: 'Test',
      useOutputs: {
        AUDIT_EVENT_BUS_NAME: pipeline.stackOutput(stagingDeploy.busName),
        AUDIT_BUCKET_NAME: pipeline.stackOutput(stagingDeploy.bucketName),
        AUDIT_TABLE_NAME: pipeline.stackOutput(stagingDeploy.tableName),
        AUDIT_LOG_GROUP_NAME: pipeline.stackOutput(stagingDeploy.logGroupName),
        AUDIT_TOPIC_NAME: pipeline.stackOutput(stagingDeploy.topicName)
      },
      additionalArtifacts: [sourceArtifacts],
      commands: [
        'cd test',
        'npm ci',
        'npm test'
      ]
    });

    stagingStage.addActions(e2eTestAction);
    e2eTestAction.project.role?.addManagedPolicy({managedPolicyArn: 'arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess'});
    e2eTestAction.project.role?.addManagedPolicy({managedPolicyArn: 'arn:aws:iam::aws:policy/AmazonEventBridgeFullAccess'});
    e2eTestAction.project.role?.addManagedPolicy({managedPolicyArn: 'arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess'});
    e2eTestAction.project.role?.addManagedPolicy({managedPolicyArn: 'arn:aws:iam::aws:policy/CloudWatchLogsReadOnlyAccess'});

    // deploy to production
    pipeline.addApplicationStage(new AuditServiceDeployStage(this, 'Production', {
      logicalEnv: 'production'
    }), {
      manualApprovals: true
    });
  }