constructor()

in lib/shellable.ts [247:321]

• 61 lines of code
• 10 McCabe index (conditional complexity)

  constructor(parent: Construct, id: string, props: ShellableProps) {
    super(parent, id);

    this.platform = props.platform || ShellPlatform.LinuxUbuntu;

    const entrypoint = path.join(props.scriptDirectory, props.entrypoint);
    if (!fs.existsSync(entrypoint)) {
      throw new Error(`Cannot find test entrypoint: ${entrypoint}`);
    }

    const asset = new assets.Asset(this, 'ScriptDirectory', {
      path: props.scriptDirectory,
    });

    this.outputArtifactName = `Artifact_${this.node.uniqueId}`;
    if (this.outputArtifactName.length > 100) {
      throw new Error(`Whoops, too long: ${this.outputArtifactName}`);
    }

    this.buildSpec = BuildSpec.simple({
      preBuild: this.platform.prebuildCommands(props.assumeRole, props.useRegionalStsEndpoints),
      build: this.platform.buildCommands(props.entrypoint),
    }).merge(props.buildSpec || BuildSpec.empty());

    const environmentSecretsAsSecretNames = this.convertEnvironmentSecretArnsToSecretNames(props.environmentSecrets);

    this.project = new cbuild.Project(this, 'Resource', {
      projectName: props.buildProjectName,
      source: props.source,
      environment: {
        buildImage: this.platform.buildImage,
        computeType: props.computeType || cbuild.ComputeType.MEDIUM,
        privileged: props.privileged,
      },
      environmentVariables: {
        [S3_BUCKET_ENV]: { value: asset.s3BucketName },
        [S3_KEY_ENV]: { value: asset.s3ObjectKey },
        ...renderEnvironmentVariables(props.environment),
        ...renderEnvironmentVariables(environmentSecretsAsSecretNames, cbuild.BuildEnvironmentVariableType.SECRETS_MANAGER),
        ...renderEnvironmentVariables(props.environmentParameters, cbuild.BuildEnvironmentVariableType.PARAMETER_STORE),
      },
      timeout: props.timeout,
      buildSpec: cbuild.BuildSpec.fromObject(this.buildSpec.render({ primaryArtifactName: this.outputArtifactName })),
    });

    this.role = this.project.role!; // not undefined, as it's a new Project
    asset.grantRead(this.role);

    // Grant read access to secrets
    Object.entries(props.environmentSecrets ?? {}).forEach(([name, secretArn]) => {
      const secret = aws_secretsmanager.Secret.fromSecretCompleteArn(this, `${name}Secret`, secretArn);
      secret.grantRead(this.role);
    });

    // Grant read access to parameters
    Object.entries(props.environmentParameters ?? {}).forEach(([name, parameterName]) => {
      const parameter = aws_ssm.StringParameter.fromStringParameterName(this, `${name}Parameter`, parameterName);
      parameter.grantRead(this.role);
    });

    if (props.assumeRole) {
      this.role.addToPolicy(new iam.PolicyStatement({
        actions: ['sts:AssumeRole'],
        resources: [props.assumeRole.roleArn],
      }));
    }

    this.alarm = new cloudwatch.Alarm(this, 'Alarm', {
      metric: this.project.metricFailedBuilds({ period: props.alarmPeriod || Duration.seconds(300) }),
      threshold: props.alarmThreshold || 1,
      comparisonOperator: cloudwatch.ComparisonOperator.GREATER_THAN_OR_EQUAL_TO_THRESHOLD,
      evaluationPeriods: props.alarmEvaluationPeriods || 1,
      treatMissingData: cloudwatch.TreatMissingData.IGNORE,
    });
  }