Proposal for final CodePipeline Actions API shape

[skinny85]

This PR contains what will (hopefully) be the final iteration of the way we structure our CodePipeline Actions.

The API shape is the following:

1. All Actions integrating with AWS services live in the service's package (so, the CodeCommit Action lives in the aws-codecommit package, the CodeBuild ones - in aws-codebuild, etc.).
2. There is a separate aws-codepipeline-api package that contains the Actions API, on which the service packages depend on (in order to prevent dependency cycles).
3. The API of Actions changed - you now provide a Construct as the parent, while the Stage is a required property in the props.

---

By submitting this pull request, I confirm that my contribution is made under
the terms of the beta license.

[eladb]

Sadly, there is no support for “re-exporting” symbols in jsii, which means we can’t vend aws-actions to all languages. What I suggest is providing pointers in the codepipeline README to all action types. This will be where people will naturally look for them.

[skinny85]

What if we kept the aws-codepipeline-aws-actions module in other languages, but remove the re-exporting part? This way, it would leave it as only depending on the other Action modules, and in this way make it a little easier for customers to just import all of them in one go. Does that have enough value?

Also, any comments on the changed names of the Actions?

[eladb]

aws-actions feels convoluted and confusing... how about we start without, and see if it's needed?
No comments on the the action names - 👍

[skinny85]

Thanks for the review @eladb . I've submitted a new version, removing the aws-codebuild-aws-actions module completely, and updating the ReadMe of the aws-codepipeline module.

If this looks right to you, feel free to merge this in.

[skinny85]

Missed updating some outdated comments in the actions.ts file in the aws-codepipeline package in the previous revision, corrected now.

[eladb]

These links are not going to work outside of the repo (i.e. in our docs).
Perhaps you can just put links to the doc website: e.g. https://awslabs.github.io/aws-cdk/refs/_aws-cdk_aws-config.html

[skinny85]

Will do.

[eladb]

I wouldn't use the term "the most popular".
Also, the word "integration", which I know is used internally, is a bit confusing. I would just use something like "Pipeline actions for external services" and then, "Pipeline actions for AWS services"

[skinny85]

Will change.

[skinny85]

I had one more thought in favor of the aws-codepipeline-aws-actionsmodule (I'm not in love with the name either just to be clear, I'm open to suggestions on a better one) that I wanted your opinion on @eladb .

Currently, we face a question of where to put the external Actions (like GitHub source, Jenkins build, Jenkins test, etc.). Right now, they live in the codepipeline package, but that makes them "special", and different from the AWS Actions. Also, with 100% certainty I can say that not all of the external Actions available in the CodePipeline UI will be in that package (I don't imagine we will put the less popular ones, like Solano CI and Ghost Inspector UI Testing, for example, in there).

We could create a dedicated package for them, something like aws-codepipeline-external-actions (working name). In that case, it seems like having an aws-codepipeline-aws-actions module could be nice, for symmetry and discoverability.

We could even make aws-codepipeline-external-actions be just an empty package that depends on the particular integrations package (like aws-codepipeline-github, aws-codepipeline-jenkins, etc.), to make it more similar with AWS Actions.

I would love to know what's your opinion on this @eladb .

Thanks!

[skinny85]

After our meeting, I've completely re-structured the API according to what we agreed to. I've updated the PR description accordingly.

Sorry for the gigantic CR, but I'd rather rip the band-aid off. Also, it's 95% just moving stuff around (and the necessary changes resulting from that moving around, like different imports because of changing package memberships, etc.).

[eladb]

Worth documenting this module..:

[skinny85]

Yep, a miss on my part. Will fix.

[eladb]

Please add extensive jsdocs to all these APIs

[skinny85]

It's strictly an internal API (not customer facing), but I agree some comments are needed.

[eladb]

Instead of exposing the role, can we expose a function ‘addToRolePolcy’?

[skinny85]

We cannot. In the S3 Action, we pass pipelineRole as a parameter into Bucket#grantRead.

[eladb]

Why do actions need access to the stage name?

[skinny85]

It's used in 2 places right now:

1. The onStateChange method in Action class (the root of the Actions hierarchy).
2. The CloudFormationAction abstract class (uses it to name the output artifact).

[eladb]

I think this might be redundant. If you require this prop by the abstract base class it will force everyone to include it in their props. It also has the benefit of have “stage” appear in docs in every actio props. Otherwise, people will have to traverse to the hierarchy.

We can always add this abstraction in the future if we see there’s More to it than just “stage” but this feels like taking it one step too far

[skinny85]

The reason I did it this way is otherwise, we will copy & paste the same documentation for the stage property into 8+ different places. Granted, I didn't write any JsDocs for this property either, but that's a separate discussion ;p.

[eladb]

Not sure that's a good enough reason... It's not such a complicated description...

[skinny85]

I actually have a second candidate property for this interface in mind: runOrder.

Does having 2 properties here make this interface valuable enough, in your opinion?

[eladb]

Shouldn’t that be in S3?

[skinny85]

Yes. It will be moved as part of #492 once this is shipped (or I'll rebase #492 on top of this, depending on how much back-and-forth we'll have).

[eladb]

Same here: keep it flat: “grantBucketReadWrite”

[skinny85]

Considering it will be called on stage, how about: grantPipelineBucketReadWrite?

[eladb]

Can we save this code somewhere else (issue?) instead of commented out.. it’s a bit messy

[skinny85]

I have a backlog item in our internal issue tracker for each of these - trust me, I will not forget them :).

[eladb]

I was referring to the commented out code. Let's remove it from here. If you want to "save" it somewhere, just paste into your issue.

[eladb]

I was expecting the pipeline/stage relationship to also be modeled more idiomatically as a prop
Instead of abusing the construct tree. Let’s align the API completely

[skinny85]

Agreed 100%, but, like I said above, I'd rather do that in a separate PR than make this one even bigger than it already is.

[eladb]

This looks like what I proposed earlier instead of another interface. I would allude to the bucket in the name of the method (because stage.grantReadWrite) is weird

[skinny85]

Like I proposed above: does stage.grantPipelineBucketReadWrite sound good to you?

[eladb]

Yes, if you prefer (I hate long names). Since this method is part of the pipeline's stage, I think "pipeline" is not really needed by the context, but that's fine :-)

[skinny85]

Updated with the feedback from the comments.

[skinny85]

Missed a VS-Code auto-generated method signature with a union type.

[skinny85]

No idea why the build is failing... Stage definitely implements grantPipelineBucketReadWriteTo correctly in TypeScript... could it be because the type in the declaration of grantPipelineBucketReadWriteTo is optional (identity?: iam.IPrincipal)?

[eladb]

Looks like a merge issue. Probably needs to be merged into aws-cloudformation

[skinny85]

Sorry, I'm not following this comment 🤔This file has been removed (alongside the entire aws-cloudformation-codepipeline package). This text has been added into the aws-cloudformation README file (here).

[eladb]

Oops you are right

[eladb]

I still think this is redundant, but if you insist, I'd call this CommonActionProps.

[skinny85]

👍🏻

[eladb]

Rename the To suffix. This is not Objective-C here :-)

[skinny85]

When you say "rename the To suffix"... do you mean "drop it"? Cause I'm not sure what to rename it to (no pun intended)...

[eladb]

Yes. “Remove” (typo)

[eladb]

document...

[skinny85]

👍🏻

[eladb]

Regarding the build break. Seems like a jsii bug, but we need to dive deeper. You should be able to run jsii-pacmak --recurse from your package and it will generate and build the java version of your module:

lerna exec jsii-pacmak --scope="@aws-cdk/aws-codepipeline-api" -- --recurse --no-clean -v

--no-clean will preserve the sources (you should see a path somewhere in the output), which will allow you to investigate a bit further.

Let us know what you find out...

[skinny85]

This is the JSII-generated code for IStage:

package software.amazon.awscdk.services.codepipeline.api;
/**
 * The abstract interface of a Pipeline Stage that is used by Actions.
 */
public interface IStage extends software.amazon.jsii.JsiiSerializable {
    /**
     * The physical, human-readable name of this Pipeline Stage.
     */
    java.lang.String getName();
    /**
     * The ARN of the Pipeline.
     */
    software.amazon.awscdk.Arn getPipelineArn();
    /**
     * The service Role of the Pipeline.
     */
    software.amazon.awscdk.services.iam.Role getPipelineRole();
    /**
     * Grants read & write permissions to the Pipeline's S3 Bucket to the given Identity.
     * @param identity the IAM Identity to grant the permissions to
     */
    void grantPipelineBucketReadWriteTo(@javax.annotation.Nullable final software.amazon.awscdk.services.iam.IPrincipal identity);
    /**
     * Grants read & write permissions to the Pipeline's S3 Bucket to the given Identity.
     */
    void grantPipelineBucketReadWriteTo();

    /**
     * A proxy class which for javascript object literal which adhere to this interface.
     */
    class Jsii$Proxy extends software.amazon.jsii.JsiiObject implements software.amazon.awscdk.services.codepipeline.api.IStage {
        protected Jsii$Proxy(final software.amazon.jsii.JsiiObject.InitializationMode mode) {
            super(mode);
        }
        /**
         * The physical, human-readable name of this Pipeline Stage.
         */
        public java.lang.String getName() {
            return this.jsiiGet("name", java.lang.String.class);
        }
        /**
         * The ARN of the Pipeline.
         */
        public software.amazon.awscdk.Arn getPipelineArn() {
            return this.jsiiGet("pipelineArn", software.amazon.awscdk.Arn.class);
        }
        /**
         * The service Role of the Pipeline.
         */
        public software.amazon.awscdk.services.iam.Role getPipelineRole() {
            return this.jsiiGet("pipelineRole", software.amazon.awscdk.services.iam.Role.class);
        }
        /**
         * Grants read & write permissions to the Pipeline's S3 Bucket to the given Identity.
         * @param identity the IAM Identity to grant the permissions to
         */
        public void grantPipelineBucketReadWriteTo(@javax.annotation.Nullable final software.amazon.awscdk.services.iam.IPrincipal identity) {
            this.jsiiCall("grantPipelineBucketReadWriteTo", Void.class, java.util.stream.Stream.of(identity).toArray());
        }
    }
}

The interface has 2 variants of the grantPipelineBucketReadWriteTo method - one with an argument, one without, while the Jsii$Proxy only implements the one with the argument.

[skinny85]

Updated with the latest comments from @eladb . I won't merge until we figure out the above problem with JSII though.

[skinny85]

Missed that an interface rename violated TS lint's "imports must be alphabetized" rule.

[eladb]

@skinny85 you discovered a bug in jsii (aws/jsii#175). Workaround for now is to modify the signature of grantPipelineBucketReadWriteTo such that identity is required and not optional. Open an issue to track fixing this one the jsii bug is fixed please.

[skinny85]

Updated to make the argument to grantPipelineBucketReadWrite required instead of optional. Created an issue to make it optional again in #567 .

[eladb]

Hallelujah!

[skinny85]

You said it brother 🙇