fix(pipelines): CodeBuild images have (too) old Node version (#9446)

fixes #9070 This change moves CDK pipelines from standard build image 1.0 to 4.0 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws · Aug 10, 2020 · bd45f34 · bd45f34
1 parent f78c346
commit bd45f34
Show file tree

Hide file tree

Showing 15 changed files with 62 additions and 18 deletions.
diff --git a/.gitignore b/.gitignore
@@ -40,3 +40,5 @@ yarn-error.log
 # Parcel default cache directory
 .parcel-cache
 
+# Cloud9
+.c9
diff --git a/packages/@aws-cdk/pipelines/lib/actions/deploy-cdk-stack-action.ts b/packages/@aws-cdk/pipelines/lib/actions/deploy-cdk-stack-action.ts
@@ -1,11 +1,11 @@
+import * as path from 'path';
 import * as cfn from '@aws-cdk/aws-cloudformation';
 import * as codepipeline from '@aws-cdk/aws-codepipeline';
 import * as cpactions from '@aws-cdk/aws-codepipeline-actions';
 import * as events from '@aws-cdk/aws-events';
 import * as iam from '@aws-cdk/aws-iam';
 import { Arn, Construct, Fn, Stack } from '@aws-cdk/core';
 import * as cxapi from '@aws-cdk/cx-api';
-import * as path from 'path';
 import { appOf, assemblyBuilderOf } from '../private/construct-internals';
 
 /**

diff --git a/packages/@aws-cdk/pipelines/lib/actions/publish-assets-action.ts b/packages/@aws-cdk/pipelines/lib/actions/publish-assets-action.ts
@@ -81,6 +81,10 @@ export class PublishAssetsAction extends Construct implements codepipeline.IActi
 
     const project = new codebuild.PipelineProject(this, 'Default', {
       projectName: this.props.projectName,
+      environment: {
+        buildImage: codebuild.LinuxBuildImage.STANDARD_4_0,
+        privileged: (props.assetType === AssetType.DOCKER_IMAGE) ? true : undefined,
+      },
       buildSpec: codebuild.BuildSpec.fromObject({
         version: '0.2',
         phases: {
@@ -92,8 +96,6 @@ export class PublishAssetsAction extends Construct implements codepipeline.IActi
           },
         },
       }),
-      // Needed to perform Docker builds
-      environment: props.assetType === AssetType.DOCKER_IMAGE ? { privileged: true } : undefined,
       role: props.role,
     });
 

diff --git a/packages/@aws-cdk/pipelines/lib/actions/update-pipeline-action.ts b/packages/@aws-cdk/pipelines/lib/actions/update-pipeline-action.ts
@@ -54,6 +54,7 @@ export class UpdatePipelineAction extends Construct implements codepipeline.IAct
 
     const selfMutationProject = new codebuild.PipelineProject(this, 'SelfMutation', {
       projectName: props.projectName,
+      environment: { buildImage: codebuild.LinuxBuildImage.STANDARD_4_0 },
       buildSpec: codebuild.BuildSpec.fromObject({
         version: '0.2',
         phases: {

diff --git a/packages/@aws-cdk/pipelines/lib/private/asset-manifest.ts b/packages/@aws-cdk/pipelines/lib/private/asset-manifest.ts
@@ -1,7 +1,7 @@
 // FIXME: copied from `ckd-assets`, because this tool needs to read the asset manifest aswell.
-import { AssetManifest, DockerImageDestination, DockerImageSource, FileDestination, FileSource, Manifest } from '@aws-cdk/cloud-assembly-schema';
 import * as fs from 'fs';
 import * as path from 'path';
+import { AssetManifest, DockerImageDestination, DockerImageSource, FileDestination, FileSource, Manifest } from '@aws-cdk/cloud-assembly-schema';
 
 /**
  * A manifest of assets

diff --git a/packages/@aws-cdk/pipelines/lib/private/construct-internals.ts b/packages/@aws-cdk/pipelines/lib/private/construct-internals.ts
@@ -1,9 +1,9 @@
 /**
  * Get access to construct internals that we need but got removed from the Stages PR.
  */
+import * as path from 'path';
 import { App, IConstruct, Stage } from '@aws-cdk/core';
 import * as cxapi from '@aws-cdk/cx-api';
-import * as path from 'path';
 
 export function appOf(construct: IConstruct): App {
   const root = construct.node.root;

diff --git a/packages/@aws-cdk/pipelines/lib/synths/simple-synth-action.ts b/packages/@aws-cdk/pipelines/lib/synths/simple-synth-action.ts
@@ -1,9 +1,9 @@
+import * as path from 'path';
 import * as codebuild from '@aws-cdk/aws-codebuild';
 import * as codepipeline from '@aws-cdk/aws-codepipeline';
 import * as codepipeline_actions from '@aws-cdk/aws-codepipeline-actions';
 import * as events from '@aws-cdk/aws-events';
 import { Construct } from '@aws-cdk/core';
-import * as path from 'path';
 import { cloudAssemblyBuildSpecDir } from '../private/construct-internals';
 import { copyEnvironmentVariables, filterEmpty } from './_util';
 
@@ -54,7 +54,7 @@ export interface SimpleSynthOptions {
   /**
    * Build environment to use for CodeBuild job
    *
-   * @default BuildEnvironment.LinuxBuildImage.STANDARD_1_0
+   * @default BuildEnvironment.LinuxBuildImage.STANDARD_4_0
    */
   readonly environment?: codebuild.BuildEnvironment;
 
@@ -210,7 +210,7 @@ export class SimpleSynthAction implements codepipeline.IAction {
 
     const project = new codebuild.PipelineProject(scope, 'CdkBuildProject', {
       projectName: this.props.projectName ?? this.props.projectName,
-      environment: this.props.environment,
+      environment: { buildImage: codebuild.LinuxBuildImage.STANDARD_4_0, ...this.props.environment },
       buildSpec: codebuild.BuildSpec.fromObject({
         version: '0.2',
         phases: {

diff --git a/packages/@aws-cdk/pipelines/lib/validation/shell-script-action.ts b/packages/@aws-cdk/pipelines/lib/validation/shell-script-action.ts
@@ -134,6 +134,7 @@ export class ShellScriptAction implements codepipeline.IAction {
     }
 
     this._project = new codebuild.PipelineProject(scope, 'Project', {
+      environment: { buildImage: codebuild.LinuxBuildImage.STANDARD_4_0 },
       buildSpec: codebuild.BuildSpec.fromObject({
         version: '0.2',
         phases: {

diff --git a/packages/@aws-cdk/pipelines/test/builds.test.ts b/packages/@aws-cdk/pipelines/test/builds.test.ts
@@ -31,6 +31,9 @@ test.each([['npm'], ['yarn']])('%s build automatically determines artifact base-
 
   // THEN
   expect(pipelineStack).toHaveResourceLike('AWS::CodeBuild::Project', {
+    Environment: {
+      Image: 'aws/codebuild/standard:4.0',
+    },
     Source: {
       BuildSpec: encodedJson(deepObjectLike({
         artifacts: {
@@ -55,6 +58,9 @@ test.each([['npm'], ['yarn']])('%s build respects subdirectory', (npmYarn) => {
 
   // THEN
   expect(pipelineStack).toHaveResourceLike('AWS::CodeBuild::Project', {
+    Environment: {
+      Image: 'aws/codebuild/standard:4.0',
+    },
     Source: {
       BuildSpec: encodedJson(deepObjectLike({
         phases: {
@@ -80,6 +86,9 @@ test.each([['npm'], ['yarn']])('%s assumes no build step by default', (npmYarn)
 
   // THEN
   expect(pipelineStack).toHaveResourceLike('AWS::CodeBuild::Project', {
+    Environment: {
+      Image: 'aws/codebuild/standard:4.0',
+    },
     Source: {
       BuildSpec: encodedJson(deepObjectLike({
         phases: {
@@ -106,6 +115,9 @@ test.each([['npm'], ['yarn']])('%s can have its install command overridden', (np
 
   // THEN
   expect(pipelineStack).toHaveResourceLike('AWS::CodeBuild::Project', {
+    Environment: {
+      Image: 'aws/codebuild/standard:4.0',
+    },
     Source: {
       BuildSpec: encodedJson(deepObjectLike({
         phases: {
@@ -141,6 +153,9 @@ test('Standard (NPM) synth can output additional artifacts', () => {
 
   // THEN
   expect(pipelineStack).toHaveResourceLike('AWS::CodeBuild::Project', {
+    Environment: {
+      Image: 'aws/codebuild/standard:4.0',
+    },
     Source: {
       BuildSpec: encodedJson(deepObjectLike({
         artifacts: {

diff --git a/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets.expected.json b/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets.expected.json
@@ -183,7 +183,7 @@
         },
         "Environment": {
           "ComputeType": "BUILD_GENERAL1_SMALL",
-          "Image": "aws/codebuild/standard:1.0",
+          "Image": "aws/codebuild/standard:4.0",
           "PrivilegedMode": false,
           "Type": "LINUX_CONTAINER"
         },
@@ -1087,7 +1087,7 @@
         },
         "Environment": {
           "ComputeType": "BUILD_GENERAL1_SMALL",
-          "Image": "aws/codebuild/standard:1.0",
+          "Image": "aws/codebuild/standard:4.0",
           "PrivilegedMode": false,
           "Type": "LINUX_CONTAINER"
         },
@@ -1391,7 +1391,7 @@
         },
         "Environment": {
           "ComputeType": "BUILD_GENERAL1_SMALL",
-          "Image": "aws/codebuild/standard:1.0",
+          "Image": "aws/codebuild/standard:4.0",
           "PrivilegedMode": false,
           "Type": "LINUX_CONTAINER"
         },
@@ -1564,7 +1564,7 @@
         },
         "Environment": {
           "ComputeType": "BUILD_GENERAL1_SMALL",
-          "Image": "aws/codebuild/standard:1.0",
+          "Image": "aws/codebuild/standard:4.0",
           "PrivilegedMode": false,
           "Type": "LINUX_CONTAINER"
         },
@@ -1594,7 +1594,7 @@
         },
         "Environment": {
           "ComputeType": "BUILD_GENERAL1_SMALL",
-          "Image": "aws/codebuild/standard:1.0",
+          "Image": "aws/codebuild/standard:4.0",
           "PrivilegedMode": false,
           "Type": "LINUX_CONTAINER"
         },

diff --git a/packages/@aws-cdk/pipelines/test/integ.pipeline.expected.json b/packages/@aws-cdk/pipelines/test/integ.pipeline.expected.json
@@ -183,7 +183,7 @@
         },
         "Environment": {
           "ComputeType": "BUILD_GENERAL1_SMALL",
-          "Image": "aws/codebuild/standard:1.0",
+          "Image": "aws/codebuild/standard:4.0",
           "PrivilegedMode": false,
           "Type": "LINUX_CONTAINER"
         },
@@ -986,7 +986,7 @@
         },
         "Environment": {
           "ComputeType": "BUILD_GENERAL1_SMALL",
-          "Image": "aws/codebuild/standard:1.0",
+          "Image": "aws/codebuild/standard:4.0",
           "PrivilegedMode": false,
           "Type": "LINUX_CONTAINER"
         },
@@ -1290,7 +1290,7 @@
         },
         "Environment": {
           "ComputeType": "BUILD_GENERAL1_SMALL",
-          "Image": "aws/codebuild/standard:1.0",
+          "Image": "aws/codebuild/standard:4.0",
           "PrivilegedMode": false,
           "Type": "LINUX_CONTAINER"
         },

diff --git a/packages/@aws-cdk/pipelines/test/pipeline-assets.test.ts b/packages/@aws-cdk/pipelines/test/pipeline-assets.test.ts
@@ -41,6 +41,9 @@ test('command line properly locates assets in subassembly', () => {
 
   // THEN
   expect(pipelineStack).toHaveResourceLike('AWS::CodeBuild::Project', {
+    Environment: {
+      Image: 'aws/codebuild/standard:4.0',
+    },
     Source: {
       BuildSpec: encodedJson(deepObjectLike({
         phases: {
@@ -107,6 +110,7 @@ test('file image asset publishers do not use privilegedmode, have right AssumeRo
     },
     Environment: objectLike({
       PrivilegedMode: false,
+      Image: 'aws/codebuild/standard:4.0',
     }),
   });
 
@@ -137,6 +141,7 @@ test('docker image asset publishers use privilegedmode, have right AssumeRole',
       })),
     },
     Environment: objectLike({
+      Image: 'aws/codebuild/standard:4.0',
       PrivilegedMode: true,
     }),
   });
@@ -161,6 +166,9 @@ test('can control fix/CLI version used in pipeline selfupdate', () => {
 
   // THEN
   expect(stack2).toHaveResourceLike('AWS::CodeBuild::Project', {
+    Environment: {
+      Image: 'aws/codebuild/standard:4.0',
+    },
     Source: {
       BuildSpec: encodedJson(deepObjectLike({
         phases: {

diff --git a/packages/@aws-cdk/pipelines/test/pipeline.test.ts b/packages/@aws-cdk/pipelines/test/pipeline.test.ts
@@ -177,6 +177,9 @@ test('pipeline has self-mutation stage', () => {
   });
 
   expect(pipelineStack).toHaveResourceLike('AWS::CodeBuild::Project', {
+    Environment: {
+      Image: 'aws/codebuild/standard:4.0',
+    },
     Source: {
       BuildSpec: encodedJson(deepObjectLike({
         phases: {
@@ -200,6 +203,9 @@ test('selfmutation stage correctly identifies nested assembly of pipeline stack'
 
   // THEN
   expect(stackTemplate(nestedPipelineStack)).toHaveResourceLike('AWS::CodeBuild::Project', {
+    Environment: {
+      Image: 'aws/codebuild/standard:4.0',
+    },
     Source: {
       BuildSpec: encodedJson(deepObjectLike({
         phases: {

diff --git a/packages/@aws-cdk/pipelines/test/testutil.ts b/packages/@aws-cdk/pipelines/test/testutil.ts
@@ -1,9 +1,9 @@
+import * as fs from 'fs';
+import * as path from 'path';
 import * as codepipeline from '@aws-cdk/aws-codepipeline';
 import * as codepipeline_actions from '@aws-cdk/aws-codepipeline-actions';
 import * as s3 from '@aws-cdk/aws-s3';
 import { App, AppProps, Construct, Environment, SecretValue, Stack, StackProps, Stage } from '@aws-cdk/core';
-import * as fs from 'fs';
-import * as path from 'path';
 import * as cdkp from '../lib';
 import { assemblyBuilderOf } from '../lib/private/construct-internals';
 

diff --git a/packages/@aws-cdk/pipelines/test/validation.test.ts b/packages/@aws-cdk/pipelines/test/validation.test.ts
@@ -75,6 +75,9 @@ test('can use stack outputs as validation inputs', () => {
   });
 
   expect(pipelineStack).toHaveResourceLike('AWS::CodeBuild::Project', {
+    Environment: {
+      Image: 'aws/codebuild/standard:4.0',
+    },
     Source: {
       BuildSpec: encodedJson(deepObjectLike({
         phases: {
@@ -113,6 +116,9 @@ test('can use additional files from source', () => {
     }),
   });
   expect(pipelineStack).toHaveResourceLike('AWS::CodeBuild::Project', {
+    Environment: {
+      Image: 'aws/codebuild/standard:4.0',
+    },
     Source: {
       BuildSpec: encodedJson(deepObjectLike({
         phases: {
@@ -149,6 +155,9 @@ test('can use additional files from build', () => {
     }),
   });
   expect(pipelineStack).toHaveResourceLike('AWS::CodeBuild::Project', {
+    Environment: {
+      Image: 'aws/codebuild/standard:4.0',
+    },
     Source: {
       BuildSpec: encodedJson(deepObjectLike({
         phases: {