in cdk/cicd/Pipeline.py [0:0]
def __init__(self, app: core.App, id: str, props, **kwargs) -> None:
super().__init__(app, id, **kwargs)
# define the s3 artifact
source_output = aws_codepipeline.Artifact(artifact_name='source')
synth = aws_codepipeline.Artifact(artifact_name='synth')
scanned_source = aws_codepipeline.Artifact(artifact_name='scanned_source')
# define the pipeline
repo = aws_codecommit.Repository(self, "sourcerepo", repository_name='policy-as-code', description='Policy as Code Mirror')
change_set_name = 'policy-as-code'
pipeline = aws_codepipeline.Pipeline(
self, "Pipeline",
pipeline_name=f"{props['namespace']}",
artifact_bucket=props['bucket'],
stages=[
aws_codepipeline.StageProps(
stage_name='Source',
actions=[
# aws_codepipeline_actions.S3SourceAction(
# bucket=props['bucket'],
# bucket_key='source.zip',
# action_name='S3Source',
# run_order=1,
# output=source_output,
# trigger=aws_codepipeline_actions.S3Trigger.POLL
# ),
aws_codepipeline_actions.CodeCommitSourceAction(
repository=repo,
action_name='source',
branch='main',
output=source_output,
trigger=aws_codepipeline_actions.CodeCommitTrigger.EVENTS
)
]
),
aws_codepipeline.StageProps(
stage_name='Build',
actions=[
aws_codepipeline_actions.CodeBuildAction(
action_name='Synth',
input=source_output,
outputs=[synth],
project=props['cb_docker_build'],
run_order=1,
)
]
),
aws_codepipeline.StageProps(
stage_name='ScanDeploy',
actions=[
aws_codepipeline_actions.CodeBuildAction(
action_name='Scan',
input=synth,
project=props['cb_scan'],
run_order=1,
outputs=[scanned_source]
),
aws_codepipeline_actions.CloudFormationCreateReplaceChangeSetAction(
action_name='CreateChangeSet',
change_set_name=change_set_name,
stack_name=change_set_name,
# input=scanned_source,
template_path=aws_codepipeline.ArtifactPath(artifact=scanned_source,file_name='cdk.out/policy-as-code.template.json'),
run_order=2,
cfn_capabilities=[aws_cloudformation.CloudFormationCapabilities.NAMED_IAM],
admin_permissions=True
),
aws_codepipeline_actions.CloudFormationExecuteChangeSetAction(
run_order=3,
action_name='ExecuteChangeSet',
change_set_name=change_set_name,
stack_name=change_set_name,
)
]
)
]
)
# give pipelinerole read write to the bucket
props['bucket'].grant_read_write(pipeline.role)
# pipeline param to get the
pipeline_param = aws_ssm.StringParameter(
self, "PipelineParam",
parameter_name=f"/{props['namespace']}/pipeline",
string_value=pipeline.pipeline_name,
description='cdk pipeline bucket'
)
# cfn output
core.CfnOutput(
self, "PipelineOut",
description="Pipeline",
value=pipeline.pipeline_name
)