in source/1-SDLC-organization/lib/cicd-stack.ts [54:123]
constructor(scope: Construct, id: string, props: AWSBootstrapKitLandingZonePipelineStackProps) {
super(scope, id, props);
const source = pipelines.CodePipelineSource.gitHub(
`${this.node.tryGetContext('github_alias')}/${this.node.tryGetContext('github_repo_name')}`,
this.node.tryGetContext('github_repo_branch'),
{
authentication: SecretValue.secretsManager('GITHUB_TOKEN')
}
);
const pipelineName = 'AWSBootstrapKit-LandingZone';
const pipeline = new pipelines.CodePipeline(this, 'Pipeline', {
pipelineName: pipelineName,
crossAccountKeys: true,
synth: new pipelines.ShellStep('Synth', {
input: source,
commands: [
`cd source/1-SDLC-organization`,
'npm install',
'npx cdk synth'
],
primaryOutputDirectory: "source/1-SDLC-organization/cdk.out",
env: {
NPM_CONFIG_UNSAFE_PERM: 'true'
}
}),
});
new CfnOutput(this, "PipelineConsoleUrl", {
value: `https://${Stack.of(this).region}.console.aws.amazon.com/codesuite/codepipeline/pipelines/${pipelineName}/view?region=${Stack.of(this).region}`,
});
const prodStage = pipeline.addStage(new AWSBootstrapKitLandingZoneStage(this, 'Prod', props));
const deployableRegions = props.pipelineDeployableRegions ?? [Stack.of(this).region];
const regionsInShellScriptArrayFormat = deployableRegions.join(' ');
prodStage.addPre(
new pipelines.ManualApprovalStep('Approval')
);
prodStage.addPost(
new pipelines.CodeBuildStep('CDKBootstrapAccounts', {
commands: [
'set -eu',
'cd source/1-SDLC-organization/',
'npm install',
`REGIONS_TO_BOOTSTRAP="${regionsInShellScriptArrayFormat}"`,
'./lib/auto-bootstrap.sh "$REGIONS_TO_BOOTSTRAP"'
],
input: source,
rolePolicyStatements:[
new iam.PolicyStatement({
actions: [
'sts:AssumeRole'
],
resources: ['arn:aws:iam::*:role/OrganizationAccountAccessRole'],
}),
new iam.PolicyStatement({
actions: [
'organizations:ListAccounts',
'organizations:ListTagsForResource'
],
resources: ['*'],
}),
],
}))
}