diff --git a/packages/@aws-cdk/pipelines/lib/codepipeline/_codebuild-factory.ts b/packages/@aws-cdk/pipelines/lib/codepipeline/_codebuild-factory.ts index ac125aee29f0d..59abcbe8e287d 100644 --- a/packages/@aws-cdk/pipelines/lib/codepipeline/_codebuild-factory.ts +++ b/packages/@aws-cdk/pipelines/lib/codepipeline/_codebuild-factory.ts @@ -241,7 +241,15 @@ export class CodeBuildFactory implements ICodePipelineActionFactory { // Write to disk and replace with a reference const relativeSpecFile = `buildspec-${Node.of(scope).addr}-${this.constructId}.yaml`; const absSpecFile = path.join(cloudAssemblyBuildSpecDir(scope), relativeSpecFile); - fs.writeFileSync(absSpecFile, Stack.of(scope).resolve(actualBuildSpec.toBuildSpec()), { encoding: 'utf-8' }); + + // This should resolve to a pure JSON string. If it resolves to an object, it's a CFN + // expression, and we can't support that yet. Maybe someday if we think really hard about it. + const fileContents = Stack.of(scope).resolve(actualBuildSpec.toBuildSpec()); + + if (typeof fileContents !== 'string') { + throw new Error(`This BuildSpec contains CloudFormation references and is supported by publishInParallel=false: ${JSON.stringify(fileContents, undefined, 2)}`); + } + fs.writeFileSync(absSpecFile, fileContents, { encoding: 'utf-8' }); projectBuildSpec = codebuild.BuildSpec.fromSourceFilename(relativeSpecFile); } else { projectBuildSpec = actualBuildSpec; diff --git a/packages/@aws-cdk/pipelines/test/docker-credentials.test.ts b/packages/@aws-cdk/pipelines/test/docker-credentials.test.ts index de9d7efa54852..9e3559242e04c 100644 --- a/packages/@aws-cdk/pipelines/test/docker-credentials.test.ts +++ b/packages/@aws-cdk/pipelines/test/docker-credentials.test.ts @@ -6,12 +6,14 @@ import * as iam from '@aws-cdk/aws-iam'; import * as secretsmanager from '@aws-cdk/aws-secretsmanager'; import * as cdk from '@aws-cdk/core'; import * as cdkp from '../lib'; +import { ShellStep } from '../lib'; +import { DockerAssetApp, TestApp } from './testhelpers'; let app: cdk.App; let stack: cdk.Stack; beforeEach(() => { - app = new cdk.App(); + app = new TestApp(); stack = new cdk.Stack(app, 'Stack', { env: { account: '0123456789012', region: 'eu-west-1' }, }); @@ -299,9 +301,27 @@ describe('EcrDockerCredential', () => { expect(stack).not.toHaveResource('AWS::IAM::Policy'); }); - }); + // This test doesn't actually work yet. See https://github.com/aws/aws-cdk/issues/16164 + // eslint-disable-next-line jest/no-disabled-tests + test.skip('with non-parallel publishing', () => { + const pipelines = new cdkp.CodePipeline(stack, 'Pipeline', { + synth: new ShellStep('Build', { + input: cdkp.CodePipelineSource.gitHub('test/test', 'test'), + commands: ['cdk synth'], + }), + + publishAssetsInParallel: false, + dockerCredentials: [ + cdkp.DockerCredential.ecr([repo]), + ], + }); + pipelines.addStage(new DockerAssetApp(stack, 'AssetApp')); + + // Should not throw + app.synth(); + }); }); describe('dockerCredentialsInstallCommands', () => {