chore(cdkDeployer): Add custom build spec option (#527)

Co-authored-by: Florian Chazal <[email protected]>

Author: flochaz

core/API.md

@@ -1,10 +1,161 @@
 // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 // SPDX-License-Identifier: MIT-0
 
+import { BuildSpec } from "aws-cdk-lib/aws-codebuild";
+
+const defaultDestroyBuildSpec = `
+version: 0.2
+env:
+  variables:
+    CFN_RESPONSE_URL: CFN_RESPONSE_URL_NOT_SET
+    CFN_STACK_ID: CFN_STACK_ID_NOT_SET
+    CFN_REQUEST_ID: CFN_REQUEST_ID_NOT_SET
+    CFN_LOGICAL_RESOURCE_ID: CFN_LOGICAL_RESOURCE_ID_NOT_SET
+phases:
+  pre_build:
+    on-failure: ABORT
+    commands:
+      - echo "Default destroy buildspec"
+      - cd $CODEBUILD_SRC_DIR/$CDK_APP_LOCATION
+      - npm install -g aws-cdk && sudo apt-get install python3 && python -m
+        ensurepip --upgrade && python -m pip install --upgrade pip && python -m
+        pip install -r requirements.txt
+      - \"export AWS_ACCOUNT_ID=$(echo $CODEBUILD_BUILD_ARN | cut -d: -f5)\"
+      - 'echo \"AWS_ACCOUNT_ID: $AWS_ACCOUNT_ID\"'
+      - cdk bootstrap aws://$AWS_ACCOUNT_ID/$AWS_REGION
+  build:
+    on-failure: ABORT
+    commands:
+      - \"export AWS_ACCOUNT_ID=$(echo $CODEBUILD_BUILD_ARN | cut -d: -f5)\"
+      - 'echo \"AWS_ACCOUNT_ID: $AWS_ACCOUNT_ID\"'
+      - cdk destroy --force --all --require-approval never
+`
+
+const defaultDeployBuildSpec = `
+version: 0.2
+env:
+  variables:
+    CFN_RESPONSE_URL: CFN_RESPONSE_URL_NOT_SET
+    CFN_STACK_ID: CFN_STACK_ID_NOT_SET
+    CFN_REQUEST_ID: CFN_REQUEST_ID_NOT_SET
+    CFN_LOGICAL_RESOURCE_ID: CFN_LOGICAL_RESOURCE_ID_NOT_SET
+    PARAMETERS: PARAMETERS_NOT_SET
+    STACKNAME: STACKNAME_NOT_SET
+phases:
+  pre_build:
+    on-failure: ABORT
+    commands:
+      - echo "Default deploy buildspec"
+      - cd $CODEBUILD_SRC_DIR/$CDK_APP_LOCATION
+      - npm install -g aws-cdk && sudo apt-get install python3 && python -m
+        ensurepip --upgrade && python -m pip install --upgrade pip && python -m
+        pip install -r requirements.txt
+      - \"export AWS_ACCOUNT_ID=$(echo $CODEBUILD_BUILD_ARN | cut -d: -f5)\"
+      - 'echo \"AWS_ACCOUNT_ID: $AWS_ACCOUNT_ID\"'
+      - cdk bootstrap aws://$AWS_ACCOUNT_ID/$AWS_REGION
+  build:
+    on-failure: ABORT
+    commands:
+      - \"export AWS_ACCOUNT_ID=$(echo $CODEBUILD_BUILD_ARN | cut -d: -f5)\"
+      - 'echo \"AWS_ACCOUNT_ID: $AWS_ACCOUNT_ID\"'
+      - cdk deploy $STACKNAME $PARAMETERS --require-approval=never
+`
+
 // workaround to get a Lambda function with inline code and packaged into the ARA library
 // We need inline code to ensure it's deployable via a CloudFormation template
 // TODO modify the PreBundledFunction to allow for inline Lambda in addtion to asset based Lambda
-export const startBuild = "const respond = async function(event, context, responseStatus, responseData, physicalResourceId, noEcho) {\n  return new Promise((resolve, reject) => {\n    var responseBody = JSON.stringify({\n      Status: responseStatus,\n      Reason: \"See the details in CloudWatch Log Stream: \" + context.logGroupName + \" \" + context.logStreamName,\n      PhysicalResourceId: physicalResourceId || context.logStreamName,\n      StackId: event.StackId,\n      RequestId: event.RequestId,\n      LogicalResourceId: event.LogicalResourceId,\n      NoEcho: noEcho || false,\n      Data: responseData\n    });\n    \n    console.log(\"Response body:\", responseBody);\n    \n    var https = require(\"https\");\n    var url = require(\"url\");\n    \n    var parsedUrl = url.parse(event.ResponseURL);\n    var options = {\n      hostname: parsedUrl.hostname,\n      port: 443,\n      path: parsedUrl.path,\n      method: \"PUT\",\n      headers: {\n        \"content-type\": \"\",\n        \"content-length\": responseBody.length\n      }\n    };\n    \n    var request = https.request(options, function(response) {\n      console.log(\"Status code: \" + response.statusCode);\n      console.log(\"Status message: \" + response.statusMessage);\n      resolve();\n    });\n    \n    request.on(\"error\", function(error) {\n      console.log(\"respond(..) failed executing https.request(..): \" + error);\n      resolve();\n    });\n    \n    request.write(responseBody);\n    request.end();\n  });\n};\n\nconst AWS = require('aws-sdk');\n\nexports.handler = async function (event, context) {\n  console.log(JSON.stringify(event, null, 4));\n  try {\n    const projectName = event.ResourceProperties.ProjectName;\n    const codebuild = new AWS.CodeBuild();\n    \n    console.log(`Starting new build of project ${projectName}`);\n    \n    const { build } = await codebuild.startBuild({\n      projectName,\n      // Pass CFN related parameters through the build for extraction by the\n      // completion handler.\n      buildspecOverride: event.RequestType === 'Delete' ? \n      `\nversion: 0.2\nenv:\n  variables:\n    CFN_RESPONSE_URL: CFN_RESPONSE_URL_NOT_SET\n    CFN_STACK_ID: CFN_STACK_ID_NOT_SET\n    CFN_REQUEST_ID: CFN_REQUEST_ID_NOT_SET\n    CFN_LOGICAL_RESOURCE_ID: CFN_LOGICAL_RESOURCE_ID_NOT_SET\nphases:\n  pre_build:\n    on-failure: ABORT\n    commands:\n      - cd $CODEBUILD_SRC_DIR/$CDK_APP_LOCATION\n      - npm install -g aws-cdk && sudo apt-get install python3 && python -m\n        ensurepip --upgrade && python -m pip install --upgrade pip && python -m\n        pip install -r requirements.txt\n      - \"export AWS_ACCOUNT_ID=$(echo $CODEBUILD_BUILD_ARN | cut -d: -f5)\"\n      - 'echo \"AWS_ACCOUNT_ID: $AWS_ACCOUNT_ID\"'\n      - cdk bootstrap aws://$AWS_ACCOUNT_ID/$AWS_REGION\n  build:\n    on-failure: ABORT\n    commands:\n      - \"export AWS_ACCOUNT_ID=$(echo $CODEBUILD_BUILD_ARN | cut -d: -f5)\"\n      - 'echo \"AWS_ACCOUNT_ID: $AWS_ACCOUNT_ID\"'\n      - cdk destroy --force --all --require-approval never\n      `\n      :\n      `\nversion: 0.2\nenv:\n  variables:\n    CFN_RESPONSE_URL: CFN_RESPONSE_URL_NOT_SET\n    CFN_STACK_ID: CFN_STACK_ID_NOT_SET\n    CFN_REQUEST_ID: CFN_REQUEST_ID_NOT_SET\n    CFN_LOGICAL_RESOURCE_ID: CFN_LOGICAL_RESOURCE_ID_NOT_SET\n    PARAMETERS: PARAMETERS_NOT_SET\n    STACKNAME: STACKNAME_NOT_SET\nphases:\n  pre_build:\n    on-failure: ABORT\n    commands:\n      - cd $CODEBUILD_SRC_DIR/$CDK_APP_LOCATION\n      - npm install -g aws-cdk && sudo apt-get install python3 && python -m\n        ensurepip --upgrade && python -m pip install --upgrade pip && python -m\n        pip install -r requirements.txt\n      - \"export AWS_ACCOUNT_ID=$(echo $CODEBUILD_BUILD_ARN | cut -d: -f5)\"\n      - 'echo \"AWS_ACCOUNT_ID: $AWS_ACCOUNT_ID\"'\n      - cdk bootstrap aws://$AWS_ACCOUNT_ID/$AWS_REGION\n  build:\n    on-failure: ABORT\n    commands:\n      - \"export AWS_ACCOUNT_ID=$(echo $CODEBUILD_BUILD_ARN | cut -d: -f5)\"\n      - 'echo \"AWS_ACCOUNT_ID: $AWS_ACCOUNT_ID\"'\n      - cdk deploy $STACKNAME $PARAMETERS --require-approval=never\n      `,\n      environmentVariablesOverride: [\n        {\n          name: 'CFN_RESPONSE_URL',\n          value: event.ResponseURL\n        },\n        {\n          name: 'CFN_STACK_ID',\n          value: event.StackId\n        },\n        {\n          name: 'CFN_REQUEST_ID',\n          value: event.RequestId\n        },\n        {\n          name: 'CFN_LOGICAL_RESOURCE_ID',\n          value: event.LogicalResourceId\n        },\n        {\n          name: 'BUILD_ROLE_ARN',\n          value: event.ResourceProperties.BuildRoleArn\n        }\n      ]\n    }).promise();\n    console.log(`Build id ${build.id} started - resource completion handled by EventBridge`);\n  } catch(error) {\n    console.error(error);\n    await respond(event, context, 'FAILED', { Error: error });\n  }\n};"
+export const startBuild = (deployBuildSpec?: BuildSpec, destroyBuildSpec?: BuildSpec) => { return `
+const respond = async function(event, context, responseStatus, responseData, physicalResourceId, noEcho) {
+  return new Promise((resolve, reject) => {
+    var responseBody = JSON.stringify({
+      Status: responseStatus,
+      Reason: \"See the details in CloudWatch Log Stream: \" + context.logGroupName + \" \" + context.logStreamName,
+      PhysicalResourceId: physicalResourceId || context.logStreamName,
+      StackId: event.StackId,
+      RequestId: event.RequestId,
+      LogicalResourceId: event.LogicalResourceId,
+      NoEcho: noEcho || false,
+      Data: responseData
+    });
+    
+    console.log(\"Response body:\", responseBody);
+    
+    var https = require(\"https\");
+    var url = require(\"url\");
+    
+    var parsedUrl = url.parse(event.ResponseURL);
+    var options = {
+      hostname: parsedUrl.hostname,
+      port: 443,
+      path: parsedUrl.path,
+      method: \"PUT\",
+      headers: {
+        \"content-type\": \"\",
+        \"content-length\": responseBody.length
+      }
+    };
+    
+    var request = https.request(options, function(response) {
+      console.log(\"Status code: \" + response.statusCode);
+      console.log(\"Status message: \" + response.statusMessage);
+      resolve();
+    });
+    
+    request.on(\"error\", function(error) {
+      console.log(\"respond(..) failed executing https.request(..): \" + error);
+      resolve();
+    });
+    
+    request.write(responseBody);
+    request.end();
+  });
+};
+
+const AWS = require('aws-sdk');
+
+exports.handler = async function (event, context) {
+  console.log(JSON.stringify(event, null, 4));
+  try {
+    const projectName = event.ResourceProperties.ProjectName;
+    const codebuild = new AWS.CodeBuild();
+    
+    console.log(\`Starting new build of project \${projectName}\`);
+    
+    const { build } = await codebuild.startBuild({
+      projectName,
+      // Pass CFN related parameters through the build for extraction by the
+      // completion handler.
+      buildspecOverride: event.RequestType === 'Delete' ? \`${destroyBuildSpec ? `${destroyBuildSpec.toBuildSpec()}` : defaultDestroyBuildSpec}\` : \`${deployBuildSpec ? `${deployBuildSpec.toBuildSpec()}` : defaultDeployBuildSpec}\`,
+      environmentVariablesOverride: [
+        {
+          name: 'CFN_RESPONSE_URL',
+          value: event.ResponseURL
+        },
+        {
+          name: 'CFN_STACK_ID',
+          value: event.StackId
+        },
+        {
+          name: 'CFN_REQUEST_ID',
+          value: event.RequestId
+        },
+        {
+          name: 'CFN_LOGICAL_RESOURCE_ID',
+          value: event.LogicalResourceId
+        },
+        {
+          name: 'BUILD_ROLE_ARN',
+          value: event.ResourceProperties.BuildRoleArn
+        }
+      ]
+    }).promise();
+    console.log(\`Build id \${build.id} started - resource completion handled by EventBridge\`);
+  } catch(error) {
+    console.error(error);
+    await respond(event, context, 'FAILED', { Error: error });
+  }
+};
+`};
 
 export const reportBuild = `
 // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.

core/src/common/cdk-deployer-build.ts

@@ -5,7 +5,7 @@ import * as cdk from 'aws-cdk-lib';
 import { Construct } from 'constructs';
 import { ManagedPolicy, PolicyDocument, PolicyStatement, Role, ServicePrincipal } from 'aws-cdk-lib/aws-iam';
 import { Aws, CfnParameter, CustomResource, DefaultStackSynthesizer, Duration } from 'aws-cdk-lib';
-import { ComputeType, LinuxBuildImage, Project, Source, CfnProject } from 'aws-cdk-lib/aws-codebuild';
+import { ComputeType, LinuxBuildImage, Project, Source, CfnProject, BuildSpec } from 'aws-cdk-lib/aws-codebuild';
 import { SingletonKey } from '../singleton-kms-key';
 import { Code, Function, Runtime } from 'aws-cdk-lib/aws-lambda';
 import { Rule } from 'aws-cdk-lib/aws-events';
@@ -59,6 +59,16 @@ export interface CdkDeployerProps extends cdk.StackProps {
    * CLICK_TO_DEPLOY: the CDK application is deployed through a click on a github README button
    */
   readonly deploymentType: DeploymentType;
+
+  /**
+   * Deploy CodeBuild buildspec file name at the root of the cdk app folder
+   */
+  readonly deployBuildSpec?: BuildSpec;
+
+  /**
+   * Destroy Codebuild buildspec file name at the root of the cdk app folder
+   */
+  readonly destroyBuildSpec?: BuildSpec;
 }
 
 /**
@@ -319,7 +329,7 @@ export class CdkDeployer extends cdk.Stack {
 
     const startBuildFunction = new Function(this, 'StartBuildFunction', {
       runtime: Runtime.NODEJS_16_X,
-      code: Code.fromInline(startBuild),
+      code: Code.fromInline(startBuild(props.deployBuildSpec, props.destroyBuildSpec)),
       handler: 'index.handler',
       timeout: Duration.seconds(60),
       role: startBuildRole,

core/src/common/cdk-deployer.ts

@@ -11,9 +11,10 @@
  import { CdkDeployer, DeploymentType } from '../../src/common/cdk-deployer';
 
  import { Match, Template } from 'aws-cdk-lib/assertions';
+import { BuildSpec } from 'aws-cdk-lib/aws-codebuild';
 
 
- describe ('CdkDeployer test', () => {
+ describe ('CdkDeployer test default', () => {
 
   const app = new App();
   const CdkDeployerStack = new CdkDeployer(app, {
@@ -491,11 +492,11 @@
     );
   });
 
-  test('CdkDeployer creates the proper StartBuild function', () => {
+  test('CdkDeployer creates the proper StartBuild function using default build spec', () => {
     template.hasResourceProperties('AWS::Lambda::Function',
       Match.objectLike({
         "Code": {
-          "ZipFile": Match.anyValue(),
+          "ZipFile": Match.stringLikeRegexp('Default'),
         },
         "Role": Match.anyValue(),
         "Handler": "index.handler",
@@ -528,4 +529,99 @@
       }),
     );
   });
+});
+
+
+describe ('CdkDeployer test custom buildspec from object', () => {
+ 
+  const app = new App();
+  const CdkDeployerStack = new CdkDeployer(app, {
+    deploymentType: DeploymentType.CLICK_TO_DEPLOY,
+    githubRepository: 'aws-samples/aws-analytics-reference-architecture',
+    cdkAppLocation: 'refarch/aws-native',
+    deployBuildSpec: BuildSpec.fromObject({
+      version: '0.2',
+      phases: {
+        install: {
+          'runtime-versions': {
+            nodejs: 16,
+          },
+          commands: [
+            'echo "Custom BuildSpec"',
+            'npm install -g aws-cdk',
+          ],
+        },
+        build: {
+          commands: [
+            'npm install',
+            'npm run build',
+            'npm run cdk synth',
+          ],
+        },
+      },
+    }),
+    cdkParameters: {
+      Foo: {
+        default: 'no-value',
+        type: 'String',
+      },
+      Bar: {
+        default: 'some-value',
+        type: 'String',
+      },
+    },
+  });
+ 
+  const template = Template.fromStack(CdkDeployerStack);
+
+  test('CdkDeployer creates the proper StartBuild function using custom build spec', () => {
+    template.hasResourceProperties('AWS::Lambda::Function',
+      Match.objectLike({
+        "Code": {
+          "ZipFile": Match.stringLikeRegexp('Custom BuildSpec'),
+        },
+        "Role": Match.anyValue(),
+        "Handler": "index.handler",
+        "Runtime": "nodejs16.x",
+        "Timeout": 60
+      }),
+    );
+  });
+});
+
+describe ('CdkDeployer test custom buildspec from file', () => {
+ 
+  const app = new App();
+  const CdkDeployerStack = new CdkDeployer(app, {
+    deploymentType: DeploymentType.CLICK_TO_DEPLOY,
+    githubRepository: 'aws-samples/aws-analytics-reference-architecture',
+    cdkAppLocation: 'refarch/aws-native',
+    deployBuildSpec: BuildSpec.fromSourceFilename('custom-buildspec.yaml'),
+    cdkParameters: {
+      Foo: {
+        default: 'no-value',
+        type: 'String',
+      },
+      Bar: {
+        default: 'some-value',
+        type: 'String',
+      },
+    },
+  });
+ 
+  const template = Template.fromStack(CdkDeployerStack);
+
+  test('CdkDeployer creates the proper StartBuild function using custom build spec', () => {
+    template.hasResourceProperties('AWS::Lambda::Function',
+      Match.objectLike({
+        "Code": {
+          "ZipFile": Match.stringLikeRegexp('custom-buildspec.yaml'),
+        },
+        "Role": Match.anyValue(),
+        "Handler": "index.handler",
+        "Runtime": "nodejs16.x",
+        "Timeout": 60
+      }),
+    );
+  });
 });