in serverless-rest-api/python-http-cdk/lib/pipeline_stack.py [0:0]
def __init__(self, scope: Construct, id: str, **kwargs) -> None:
super().__init__(scope, id, **kwargs)
CODECOMMIT_REPO_NAME = cdk.CfnParameter(self, "CodeCommitRepoName",
type="String",
default="serverless-api-pipeline-cdk",
description="CodeCommit repository with the project code").value_as_string
PIPELINE_NAME = "serverless-api-pipeline-cdk"
source_artifact = codepipeline.Artifact()
cloud_assembly_artifact = codepipeline.Artifact()
pipeline = CdkPipeline(self, "Pipeline",
pipeline_name=PIPELINE_NAME,
cloud_assembly_artifact=cloud_assembly_artifact,
source_action=codepipeline_actions.CodeCommitSourceAction(
action_name="CodeCommit",
output=source_artifact,
branch='main',
trigger=codepipeline_actions.CodeCommitTrigger.POLL,
repository=codecommit.Repository(self, 'ServerlessApiRepository',
repository_name=CODECOMMIT_REPO_NAME)
),
synth_action=SimpleSynthAction.standard_npm_synth(
source_artifact=source_artifact,
cloud_assembly_artifact=cloud_assembly_artifact,
environment={'privileged': True},
install_command='cd ./serverless-rest-api/python-http-cdk; npm install -g aws-cdk; pip install -r requirements.txt; pip install -r ./src/api/requirements.txt ',
synth_command='cdk synth --output $CODEBUILD_SRC_DIR/cdk.out'
)
)
# Add testing stage to the pipeline and testing activity with permissions necessary to run integration tests
testing_stage = AppStage(self, 'serverless-api-pipeline-cdk-Testing', cognito_stack_name='Cognito')
pipeline_testing_stage = pipeline.add_application_stage(testing_stage)
testing_action = ShellScriptAction(
action_name='IntegrationTest',
additional_artifacts=[source_artifact],
commands=[
'cd ./serverless-rest-api/python-http-cdk',
'pip install -r ./tests/requirements.txt',
'pip install -r ./src/api/requirements.txt',
'python -m pytest tests/integration -v'
],
use_outputs={
'TEST_APPLICATION_STACK_NAME': pipeline.stack_output(testing_stage.api_stack_name)
},
)
pipeline_testing_stage.add_actions(testing_action)
testing_action.project.add_to_role_policy(iam.PolicyStatement(
effect=iam.Effect.ALLOW,
actions=[
'cognito-idp:AdminDeleteUser',
'cognito-idp:AdminConfirmSignUp',
'cognito-idp:AdminAddUserToGroup'
],
resources=[f'arn:aws:cognito-idp:{cdk.Aws.REGION}:{cdk.Aws.ACCOUNT_ID}:userpool/*'],
)
)
testing_action.project.add_to_role_policy(iam.PolicyStatement(
effect=iam.Effect.ALLOW,
actions=['secretsmanager:GetRandomPassword'],
resources=['*'],
)
)
testing_action.project.add_to_role_policy(iam.PolicyStatement(
effect=iam.Effect.ALLOW,
actions=['dynamodb:*'],
resources=[f'arn:aws:dynamodb:{cdk.Aws.REGION}:{cdk.Aws.ACCOUNT_ID}:table/{testing_stage.stage_name}*'],
)
)
testing_action.project.add_to_role_policy(iam.PolicyStatement(
effect=iam.Effect.ALLOW,
actions=['cloudformation:DescribeStacks'],
resources=[
f'arn:aws:cloudformation:{cdk.Aws.REGION}:{cdk.Aws.ACCOUNT_ID}:stack/{testing_stage.stage_name}*/*',
f'arn:aws:cloudformation:{cdk.Aws.REGION}:{cdk.Aws.ACCOUNT_ID}:stack/{testing_stage.cognito_stack_name}/*'
],
)
)
# Create production deployment stage to the pipeline with manual approval action
deployment_stage = AppStage(self, 'serverless-api-pipeline-cdk-Deployment', cognito_stack_name='Cognito')
pipeline_deployment_stage = pipeline.add_application_stage(deployment_stage)
pipeline_deployment_stage.add_actions(
codepipeline_actions.ManualApprovalAction(action_name='ApproveProductionDeployment', run_order=1)
)