feat(aws-ecr): add an ECR Repository source CodePipeline Action. (#1255)

Author: skinny85

packages/@aws-cdk/aws-codepipeline/package.json

@@ -63,6 +63,7 @@
     "@aws-cdk/aws-codebuild": "^0.18.1",
     "@aws-cdk/aws-codecommit": "^0.18.1",
     "@aws-cdk/aws-codedeploy": "^0.18.1",
+    "@aws-cdk/aws-ecr": "^0.18.1",
     "@aws-cdk/aws-lambda": "^0.18.1",
     "@aws-cdk/aws-sns": "^0.18.1",
     "cdk-build-tools": "^0.18.1",
@@ -85,4 +86,4 @@
     "@aws-cdk/aws-s3": "^0.18.1",
     "@aws-cdk/cdk": "^0.18.1"
   }
-}
+}

packages/@aws-cdk/aws-codepipeline/test/integ.pipeline-ecr-source.expected.json

@@ -0,0 +1,269 @@
+{
+  "Resources": {
+    "MyBucketF68F3FF0": {
+      "Type": "AWS::S3::Bucket"
+    },
+    "MyPipelineRoleC0D47CA4": {
+      "Type": "AWS::IAM::Role",
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Statement": [
+            {
+              "Action": "sts:AssumeRole",
+              "Effect": "Allow",
+              "Principal": {
+                "Service": "codepipeline.amazonaws.com"
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        }
+      }
+    },
+    "MyPipelineRoleDefaultPolicy34F09EFA": {
+      "Type": "AWS::IAM::Policy",
+      "Properties": {
+        "PolicyDocument": {
+          "Statement": [
+            {
+              "Action": [
+                "s3:GetObject*",
+                "s3:GetBucket*",
+                "s3:List*",
+                "s3:DeleteObject*",
+                "s3:PutObject*",
+                "s3:Abort*"
+              ],
+              "Effect": "Allow",
+              "Resource": [
+                {
+                  "Fn::GetAtt": [
+                    "MyBucketF68F3FF0",
+                    "Arn"
+                  ]
+                },
+                {
+                  "Fn::Join": [
+                    "",
+                    [
+                      {
+                        "Fn::GetAtt": [
+                          "MyBucketF68F3FF0",
+                          "Arn"
+                        ]
+                      },
+                      "/*"
+                    ]
+                  ]
+                }
+              ]
+            },
+            {
+              "Action": "ecr:DescribeImages",
+              "Effect": "Allow",
+              "Resource": {
+                "Fn::GetAtt": [
+                  "MyEcrRepo767466D0",
+                  "Arn"
+                ]
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "PolicyName": "MyPipelineRoleDefaultPolicy34F09EFA",
+        "Roles": [
+          {
+            "Ref": "MyPipelineRoleC0D47CA4"
+          }
+        ]
+      }
+    },
+    "MyPipelineAED38ECF": {
+      "Type": "AWS::CodePipeline::Pipeline",
+      "Properties": {
+        "RoleArn": {
+          "Fn::GetAtt": [
+            "MyPipelineRoleC0D47CA4",
+            "Arn"
+          ]
+        },
+        "Stages": [
+          {
+            "Actions": [
+              {
+                "ActionTypeId": {
+                  "Category": "Source",
+                  "Owner": "AWS",
+                  "Provider": "ECR",
+                  "Version": "1"
+                },
+                "Configuration": {
+                  "RepositoryName": {
+                    "Ref": "MyEcrRepo767466D0"
+                  }
+                },
+                "InputArtifacts": [],
+                "Name": "ECR_Source",
+                "OutputArtifacts": [
+                  {
+                    "Name": "Artifact_awscdkcodepipelineecrsourceMyEcrRepoECRSource8525F033"
+                  }
+                ],
+                "RunOrder": 1
+              }
+            ],
+            "Name": "Source"
+          },
+          {
+            "Actions": [
+              {
+                "ActionTypeId": {
+                  "Category": "Approval",
+                  "Owner": "AWS",
+                  "Provider": "Manual",
+                  "Version": "1"
+                },
+                "InputArtifacts": [],
+                "Name": "ManualApproval",
+                "OutputArtifacts": [],
+                "RunOrder": 1
+              }
+            ],
+            "Name": "Approve"
+          }
+        ],
+        "ArtifactStore": {
+          "Location": {
+            "Ref": "MyBucketF68F3FF0"
+          },
+          "Type": "S3"
+        }
+      },
+      "DependsOn": [
+        "MyPipelineRoleC0D47CA4",
+        "MyPipelineRoleDefaultPolicy34F09EFA"
+      ]
+    },
+    "MyPipelineEventsRoleFAB99F32": {
+      "Type": "AWS::IAM::Role",
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Statement": [
+            {
+              "Action": "sts:AssumeRole",
+              "Effect": "Allow",
+              "Principal": {
+                "Service": "events.amazonaws.com"
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        }
+      }
+    },
+    "MyPipelineEventsRoleDefaultPolicyF045F033": {
+      "Type": "AWS::IAM::Policy",
+      "Properties": {
+        "PolicyDocument": {
+          "Statement": [
+            {
+              "Action": "codepipeline:StartPipelineExecution",
+              "Effect": "Allow",
+              "Resource": {
+                "Fn::Join": [
+                  "",
+                  [
+                    "arn:",
+                    {
+                      "Ref": "AWS::Partition"
+                    },
+                    ":codepipeline:",
+                    {
+                      "Ref": "AWS::Region"
+                    },
+                    ":",
+                    {
+                      "Ref": "AWS::AccountId"
+                    },
+                    ":",
+                    {
+                      "Ref": "MyPipelineAED38ECF"
+                    }
+                  ]
+                ]
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "PolicyName": "MyPipelineEventsRoleDefaultPolicyF045F033",
+        "Roles": [
+          {
+            "Ref": "MyPipelineEventsRoleFAB99F32"
+          }
+        ]
+      }
+    },
+    "MyEcrRepo767466D0": {
+      "Type": "AWS::ECR::Repository"
+    },
+    "MyEcrRepoawscdkcodepipelineecrsourceMyPipeline63CF3194SourceEventRule911FDB6D": {
+      "Type": "AWS::Events::Rule",
+      "Properties": {
+        "EventPattern": {
+          "source": [
+            "aws.ecr"
+          ],
+          "detail": {
+            "eventName": [
+              "PutImage"
+            ],
+            "requestParameters": {
+              "repositoryName": [
+                {
+                  "Ref": "MyEcrRepo767466D0"
+                }
+              ]
+            }
+          }
+        },
+        "State": "ENABLED",
+        "Targets": [
+          {
+            "Arn": {
+              "Fn::Join": [
+                "",
+                [
+                  "arn:",
+                  {
+                    "Ref": "AWS::Partition"
+                  },
+                  ":codepipeline:",
+                  {
+                    "Ref": "AWS::Region"
+                  },
+                  ":",
+                  {
+                    "Ref": "AWS::AccountId"
+                  },
+                  ":",
+                  {
+                    "Ref": "MyPipelineAED38ECF"
+                  }
+                ]
+              ]
+            },
+            "Id": "MyPipeline",
+            "RoleArn": {
+              "Fn::GetAtt": [
+                "MyPipelineEventsRoleFAB99F32",
+                "Arn"
+              ]
+            }
+          }
+        ]
+      }
+    }
+  }
+}

packages/@aws-cdk/aws-codepipeline/test/integ.pipeline-ecr-source.ts

@@ -0,0 +1,24 @@
+import ecr = require('@aws-cdk/aws-ecr');
+import s3 = require('@aws-cdk/aws-s3');
+import cdk = require('@aws-cdk/cdk');
+import codepipeline = require('../lib');
+
+const app = new cdk.App();
+
+const stack = new cdk.Stack(app, 'aws-cdk-codepipeline-ecr-source');
+
+const bucket = new s3.Bucket(stack, 'MyBucket');
+const pipeline = new codepipeline.Pipeline(stack, 'MyPipeline', {
+  artifactBucket: bucket,
+});
+
+const repository = new ecr.Repository(stack, 'MyEcrRepo');
+const sourceStage = pipeline.addStage('Source');
+repository.addToPipeline(sourceStage, 'ECR_Source');
+
+const approveStage = pipeline.addStage('Approve');
+new codepipeline.ManualApprovalAction(stack, 'ManualApproval', {
+  stage: approveStage,
+});
+
+app.run();

packages/@aws-cdk/aws-ecr/README.md

@@ -23,3 +23,28 @@ is important here):
 repository.addLifecycleRule({ tagPrefixList: ['prod'], maxImageCount: 9999 });
 repository.addLifecycleRule({ maxImageAgeDays: 30 });
 ```
+
+### Using with CodePipeline
+
+This package also contains a source Action that allows you to use an ECR Repository as a source for CodePipeline.
+Example:
+
+```ts
+import codepipeline = require('@aws-cdk/aws-codepipeline');
+
+const pipeline = new codepipeline.Pipeline(this, 'MyPipeline');
+const sourceStage = pipeline.addStage('Source');
+const sourceAction = new ecr.PipelineSourceAction(this, 'ECR', {
+  stage: sourceStage,
+  repository: ecrRepository,
+  imageTag: 'some-tag', // optional, default: 'latest'
+  outputArtifactName: 'SomeName', // optional
+});
+```
+
+You can also add the Repository to the Pipeline directly:
+
+```ts
+// equivalent to the code above:
+const sourceAction = ecrRepository.addToPipeline(sourceStage, 'ECR');
+```

packages/@aws-cdk/aws-ecr/lib/index.ts

@@ -1,6 +1,7 @@
 // AWS::ECR CloudFormation Resources:
 export * from './ecr.generated';
 
+export * from './pipeline-action';
 export * from './repository';
 export * from './repository-ref';
 export * from './lifecycle';