/
source-action.ts
107 lines (91 loc) · 3.13 KB
/
source-action.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
import * as codepipeline from '@aws-cdk/aws-codepipeline';
import * as ecr from '@aws-cdk/aws-ecr';
import * as targets from '@aws-cdk/aws-events-targets';
import * as iam from '@aws-cdk/aws-iam';
import { Construct } from '@aws-cdk/core';
import { Action } from '../action';
import { sourceArtifactBounds } from '../common';
/**
* The CodePipeline variables emitted by the ECR source Action.
*/
export interface EcrSourceVariables {
/** The identifier of the registry. In ECR, this is usually the ID of the AWS account owning it. */
readonly registryId: string;
/** The physical name of the repository that this action tracks. */
readonly repositoryName: string;
/** The digest of the current image, in the form '<digest type>:<digest value>'. */
readonly imageDigest: string;
/** The Docker tag of the current image. */
readonly imageTag: string;
/** The full ECR Docker URI of the current image. */
readonly imageUri: string;
}
/**
* Construction properties of {@link EcrSourceAction}.
*/
export interface EcrSourceActionProps extends codepipeline.CommonAwsActionProps {
/**
* The image tag that will be checked for changes.
*
* @default 'latest'
*/
readonly imageTag?: string;
/**
*
*/
readonly output: codepipeline.Artifact;
/**
* The repository that will be watched for changes.
*/
readonly repository: ecr.IRepository;
}
/**
* The ECR Repository source CodePipeline Action.
*
* Will trigger the pipeline as soon as the target tag in the repository
* changes, but only if there is a CloudTrail Trail in the account that
* captures the ECR event.
*/
export class EcrSourceAction extends Action {
private readonly props: EcrSourceActionProps;
constructor(props: EcrSourceActionProps) {
super({
...props,
resource: props.repository,
category: codepipeline.ActionCategory.SOURCE,
provider: 'ECR',
artifactBounds: sourceArtifactBounds(),
outputs: [props.output],
});
this.props = props;
}
/** The variables emitted by this action. */
public get variables(): EcrSourceVariables {
return {
registryId: this.variableExpression('RegistryId'),
repositoryName: this.variableExpression('RepositoryName'),
imageDigest: this.variableExpression('ImageDigest'),
imageTag: this.variableExpression('ImageTag'),
imageUri: this.variableExpression('ImageURI'),
};
}
protected bound(_scope: Construct, stage: codepipeline.IStage, options: codepipeline.ActionBindOptions):
codepipeline.ActionConfig {
options.role.addToPolicy(new iam.PolicyStatement({
actions: ['ecr:DescribeImages'],
resources: [this.props.repository.repositoryArn],
}));
this.props.repository.onCloudTrailImagePushed(stage.pipeline.node.uniqueId + 'SourceEventRule', {
target: new targets.CodePipeline(stage.pipeline),
imageTag: this.props.imageTag,
});
// the Action Role also needs to write to the Pipeline's bucket
options.bucket.grantWrite(options.role);
return {
configuration: {
RepositoryName: this.props.repository.repositoryName,
ImageTag: this.props.imageTag,
},
};
}
}